Business Risk Management and the Role of Insurance
Business risk management helps companies manage their risks by helping to identify the types of threats the company faces and their likelihood.
Every day, your company faces risk — especially when it's growing. Thankfully, the practice of business risk management can help prevent an operational, financial or compliance-related risk from becoming a catastrophic loss. At the heart of an effective business risk management program sits insurance, which allows your company to transfer some of its risk to an insurance company, in exchange for a monthly premium.
Buying the right insurance provides more than just a safety net, it can actually help your company minimize its operating costs. Here's why: uncontrolled risk often goes hand-in-hand with problems in how the company is operating. But before you buy insurance, your company must have a firm grasp of the varying degrees of risks it carries. Here's a step-by-step process you can use to assess risk.
1. Define Risk as It Relates to Your Company
The first step in the process involves the creation of a common definition of risk. Start with a simple definition, such as the "possibility of harm, damage or financial loss" and ask stakeholders for their input.
2. Identify the Types of Risk You Face
Next, conduct a brainstorming session to develop a list of the specific risks that your company faces. Some companies find it helpful to group risk according to type, such as employee-related or customer-related risks. Don't forget to capture risks that are outside of your control such as those related to natural disasters or man-made events such as terrorist attacks.
3. Assign Ownership for Each Risk
With the risk inventory in-hand, identify who within your company "owns" each risk (you'll need their help later in assessing the potential impact on the company's operations). Depending on the size and complexity of your company's operations, it may make sense to assign a risk to multiple owners. For example, a data breach would affect numerous areas of the company, and therefore justifies involving multiple stakeholders.
4. Assess Your Existing Risk Controls
Identify existing controls your company has in place to manage each risk it identified in the brainstorming session. While it's tempting to skip this step, companies often uncover control gaps during this process. Alternatively, some companies find that they have too many controls in place.
5. Determine Likelihood That a Risk Generates a Loss
With a detailed understanding of your company's control environment, ask the owners of each risk to assess its likelihood and potential impact. Once you've completed this step, you'll have an analysis that paints a picture of the risk that your company faces, the likelihood it will trigger a loss, the steps you've taken to mitigate that risk and the amount of risk that remains.
6. Determine the Risks You Need to Insure
You have four options at your disposal to manage your risk. You can take steps to avoid the activity that created the risk, or reduce the risk by adopting additional internal controls. You can also decide to accept the risk as part of doing business. The final option, the transferring of risk to another party, is where insurance comes in.
Managing Risk With Insurance
Here's a list of the type of insurance products that businesses use to transfer risk and limit their financial and nonfinancial losses.
- General liability insurance: Protects your company against a broad range of losses including claims involving bodily injury, property damage and lawsuits
- Property insurance: Covers property used by your business against loss or damage
- Errors and omission insurance: When a client sues alleging some form of negligence, E&O insurance pays the legal expenses and judgments, up to the policy limit (often used by companies that offer advice such as accountants, lawyers and engineers)
- Directors and officers insurance: Protects directors and officers if sued for their role in managing or governing a company
- Worker's compensation: Replaces a portion of lost wages for an employee who is injured on the job
- Cyberinsurance: Protects against internet-related risks such as data theft, or loss, as well extortion and hacking
- Business interruption insurance: Covers the losses that result when a business stops operating due to a fire, a man-made or natural disaster
- Umbrella insurance: Provides additional liability coverage above the stated policy limits in other insurance policies
Some insurance companies streamline the buying process by packaging insurance policies in a bundle. In general, bundled insurance policies cost less than buying individual policies; however, you should make sure that the package includes all of the insurance coverage you need to minimize your risk.
Knowing when it makes sense to avoid, reduce, accept or transfer a risk depends on your company's ability to identify and assess the degree of risk it faces. It also depends on your company's tolerance for risk. Some companies embrace risk, while others make every effort to minimize it. When purchased following an in-depth risk assessment, insurance allows your company to make intelligent decisions about how to manage business risk in all its forms.