As a business owner, understanding your strengths, weaknesses, opportunities, and threats is essential in growing and maintaining your business. Naturally, you want to avoid risks, but when those risks are inevitable, the best thing to do is to plan for them and take steps to mitigate them.
You can implement strategies and structures in your business to protect your operation against external threats. Establishing risk protection will give you the confidence to find opportunities to expand.
When it comes to risk, most of us think about insurance. After all, it is a method of transferring risk to someone else. When bad things happen, it falls on the shoulders of the insurance company.
Despite its importance, insurance is not the only way to manage risk in your business. In fact, there are many strategies you can employ to complement your insurance coverage that will ultimately save you money and provide extra layers of protection.
Here’s a simple way to think about the risks to your business:
A risk is an event reducing the capacity of your organization to achieve its business goals.
You cannot control disasters such as flood, wildfire, hurricane, theft, or market conditions. However, you do have the ability to plan for and even recover when events do impact your business.
A Business Model for Analyzing Risk
Here is a model for thinking about what needs protecting in your business, and several tools you can implement to mitigate risks.
The following questions can help you survey your business to discover areas vulnerable to risk.
What Do You Have That Needs Protecting?
If damaged, destroyed, or disabled, what would impact your bottom line? Depending on your business, vital assets may include physical structures and equipment, people within your organization, suppliers, or even your reputation.
What Might Disrupt Your Business and How?
Disruptors could be traditional hazards like weather and theft, or they could be less common, like a pandemic. What if another business steals your employees? What if key people in the business die or leave? Could economic conditions create disruption and damage your ability to generate profit?
What happens to your business if your business gets disrupted?
Think through the answers you’ve given to the first two questions and begin to formulate ways in which you can protect yourself against these threats. Even if you have insurance for many of the basic hazards, how will you operate during that period of restoration?
Methods of Attacking Risk
Now that you’ve made a list of potential threats to your business, how do you respond? There are 5 ways in which traditional risk managers will respond to risk.
1. Accept the Risk
Acceptance may not mitigate any risk or even reduce its impact on your business, but it is still a strategy. We all accept a certain amount of risk in our everyday lives. Every time we leave our house in a motor vehicle, we are taking a chance. The same is true for our business.
You use this strategy when the cost of other options, such as avoiding or controlling, outweigh the cost of the risk itself.
This strategy is all about probability. It doesn’t make sense to spend time and money on risk protection for those events that have a low probability of impacting your business.
2. Avoid the Risk
Avoidance is the opposite of accepting risk – you see the possibility and run the other direction. Or you do everything in your power to stomp out the risk from threatening your business. This strategy can be costly, depending on the level of risk and extent in which you want to eliminate it.
For example, you implement safety protocols in your business to prevent the destruction of property or harm to employees. The costs here are directly related to the degree you want to eliminate or avoid the risk.
3. Control the Risk
Controlling risk is the most common strategy used by businesses. For example, you may know that computer hardware will fail at some point. You accept this risk, but you control its impact it by creating a backup strategy or even redundant systems in the business.
If your business is dependent upon transportation, you might have backup vehicles or an agreement in place if your fleet goes down.
You are implementing actions inside your business to minimize the impact a risk might have on your business objectives.
4. Transfer the Risk
Transferring risk is where insurance typically comes into play, however insurance is not the only method you can use to transfer risk. For example, you might outsource customer service or payroll to another party.
In this case, you send your risk elsewhere to be handled by others who are experts in specific areas. Again, you’ll need to consider if the trade-off for cost is worth it compared to dealing with the risk inside your business? If so, find a way to transfer as much risk as possible.
5. Monitor the Risk
Unfortunately, risk management is not a one-time activity. The environment around your business continually changes. To ensure effectiveness in risk management, you must continuously assess new and old threats and then manage so they won’t negatively impact your business’ goals.
Practical Tools To Mitigate Risks
Let’s look at several examples where you can implement these strategies.
Water leaks pose a big, hidden risk that could cause a large amount of damage to your business. Even with insurance in place, the restoration time could eat into your business profits. Simple risk mitigation strategies can minimize or eliminate this risk.
The Wall Street Journal recently highlighted the growing trend of ever-increasing water claims:
“Insurance claims tied to water damage from indoor leaks are steadily on the rise, even as many other common claim types — including fire — have declined.”
As buildings age, the risk of water damages increases. Anything older than 20 years is at a higher risk.
Simple risk mitigation strategies can be put in place, such as:
- Monitoring and repairing small leaks promptly
- Training employees to notify maintenance whenever potential water damage occurs
- Adherence to regular maintenance schedules
- Regular inspection of liquid storage tanks
- Knowledge of shut-off valves for all systems
- Testing of shut-off valves
- Critical equipment and materials are protected against potential water damage events
- Semi-annual roof inspections
- Having a designated program administrator
- Creating restoration procedures
- Installing leak detection systems
Protection against wind is not only important in coastal states, but any part of the country where high winds are frequent, whether it be from hurricanes, tornadoes, or straight-line winds.
Besides having a more secure business, many insurance providers will offer mitigation credits to your premiums if you meet certain standards.
Many states will have a list of recommendations to protect your property against severe wind damage.
For example, to qualify for mitigation credits in Florida, an inspector will look at the following characteristics of your building:
- Roof Shape
- Roof Bracing of Gable End
- Roof Deck Attachment
- Roof Covering
- Roof-to-Wall Connections
- Secondary Water Resistance
- Protection of Openings (windows and other openings)
Simple measures such as securing roofs with hurricane clips and wraps are effective against major wind damage. Also, protecting windows, doors, and openings will minimize wind risk. Water barriers are important too because the wind is usually accompanied by large amounts of rain.
A large percentage of small to midsize businesses never reopen their doors after suffering through a disaster. Part of the reason for the low recovery rate is because most businesses do not have a written plan with details on how to continue operations in the face of serious risk.
Creating a business plan that addresses these risks is a key step to help you begin managing risks. Here are suggestions for making your business continuity plan.
- Write it down – Whatever you develop should be written and kept where it can be accessed by critical employees of the business. Don’t rely on collective wisdom and knowledge during times of stress. The best time to plan is when things are calm and controlled.
- Create a Disaster Team – Identify people within your organization and task them with implementing the plan with specifics actions and outcomes.
- Identify Critical Business Objectives – What parts of your business is critical to survival? These need to be prioritized in the event of a disaster.
- Review Technology – Technology can allow you to continue operations even when your physical structures are damaged. Know how they work and how they can be used if something occurs.
- Create Redundancies – Find ways to create backups. Have some duplicate systems to hedge against one failing.
- List Emergency Contacts – This one is simple but often overlooked in most plans.
- Run mock tests of your plan – This will help you find gaps, iron out inefficiencies, and give you confidence that you can withstand potential disasters.
OSHA mandates safety programs in many businesses, but sometimes they are implemented with little diligence or ignored altogether. Having organized safety protocols can reduce the number of risks you might experience in your business.
Safety mandates and protocols will vary from business to business. It may seem like an office or clerical type businesses is free of hazards, but even these businesses should be aware of their unique threats.
Identify potential hazards in your business, minimize any hazards you find, and, communicate safety expectations with employees.
Using an outside risk manager can be very helpful in designing safety programs. Most risk managers are familiar with businesses like yours. They can develop procedures specifically designed for your type of business and give you insights about threats that you may have missed on your own.
The Bottom Line
Risk is something we experience every day. It can be disastrous without proper planning, and insurance alone sometimes isn’t enough. The good news is that we all have more control over risk than many of us realize. Simple steps and a thoughtful strategy can help mitigate risk that could potentially devastate your business.