All businesses and non-profit organizations face the risk of unexpected incidents, such as a natural disaster, loss of funds through theft, or injury to staff, customers, or visitors on their premises. Any of these events can cost your business money and potentially cause a permanent closure. An enterprise risk management plan can help you prepare for the unexpected and protect your business from long-term damage.
At BrokerLink, we are passionate about helping business owners understand insurance and we offer a number of risk management programs and services to help owners identify potential impacts on their businesses.
What is a risk management plan?
Risk management is the process of identifying possible risks, problems or disasters and then implementing mitigation measures before they happen. A risk management plan is a written document that details the organization's risk management process. The stakeholders of a business or organization can proactively identify and evaluate the impact of all potential financial risks and other general threats to their business, and plan accordingly for each of them. Once procedures are created, the staff is trained regularly to help avoid or minimize the impact of each risk, and at the very least, help cope with its impact.
What are the types of risks to consider?
There are three main types of business risks to consider when creating a risk management plan: hazard, business, and strategic.
Hazard risk is the most common that comes to mind and includes anything that is a physical loss. Examples of hazard risks include slips and falls, job site injuries, natural disasters, mechanical breakdowns, terrorism, and pandemics.
Business risks affect the finance and operations of a company, including compliance issues, processes and procedures, aging population, absenteeism, sexual misconduct and abuse, and retention.
Strategic risks can impact the value or worth of your company. Usually, the issues arising from strategic risks are longer term, for example it can take years to improve a company’s culture in order to better manage the risk of high employee turnover. Other examples of strategic risks include corporate reputation, employee wellness, cyber and technology risks, low productivity, employee engagement, and succession.
Note: many risk examples can fall under more than one type of business risk.
To effectively draft a risk management plan, it’s important to have a firm grasp of the word risk. A risk is an uncertain event that, if materialized, would have either a positive or negative effect. Risks are events that might happen, rather than things that have already happened. Though many of us are comfortable with a certain amount of risk in our everyday lives, businesses must prepare for all outcomes. That is part of the reason risk management solutions are so important for businesses. Identifying the risks your business faces is only half the battle. From there, you must prioritize each risk based on a scale of probability (i.e. how long it is that the risk will occur). A typical probability scale looks like this:
- The risk is very likely to occur
- The risk has some chance of occurring
- The risk has a small chance of occurring
- The risk has very little chance of occurring
The three elements of every risk
When developing a risk management plan, your business must consider the risk itself along with the possible consequence(s) of the risk and the probability of it occurring. The risk, the consequence, and the probabilities are the three elements of every risk.
First, the risk itself is the event that might occur and it should always be clearly defined. Meanwhile, the consequences of the risk are also important so your team can understand the magnitude and urgency of what they might need to respond to. Finally, the probability of the risk, which should be calculated as accurately as possible, helps your team determine an appropriate response to the risk and its possible outcomes.
Keep in mind that not all risks have negative consequences. A risk is simply an uncertain event or condition that has the potential to impact your budget, project timeline, or the quality of your work. This impact could be positive or negative. For example, while you might be preparing for a series of risks that increase your project budget, there’s always a chance that the market will drop, driving prices down, and allowing you to spend less money than you thought.
Three types of risks
Now that you understand the three elements of every risk, let’s dive into the three categories of risks. While all risks are uncertain, not all are unforeseeable. The three types of risk are as follows:
- A known risk: A known risk is one that is acknowledged by team members and obvious early on (e.g. budget constraints, material shortages, opposing viewpoints, etc.).
- An unknown risk: An unknown risk may not be clear in the planning stages or only known by a small number of people. Therefore, identifying unknown risks is a vital part of any risk management plan.
- An unknowable risk: Lastly, an unknowable is one that any reasonable person would not anticipate. It typically comes as a surprise to most team members involved (e.g. a sudden illness, natural disaster, accident, or system failure).
Overall, the purpose of a risk management plan is to get ahead of any and all potential risks. This includes both negative and positive risks, as well as risks in each category above (known, unknown, and unknowable). The more you research and plan for a range of risks and their potential outcomes, the more prepared you will be when the unexpected happens.
Breaking down risk types further
After identifying which ‘type’ of risk you are facing, it can be broken down further into another category, including physical, location, human and technology:
Physical risks are risks that relate to the physical space your business operates. Physical risks are often known as building risks. One of the most common examples is fire. To manage physical risks (as well as the risks they pose to your employees), all businesses must take the necessary safety precautions. This includes installing fire alarms and smoke detectors throughout the office, making sure all exits are marked, ensuring all team members know the exit locations and address of the building to give a 911 operator, and installing a sprinkler system for additional protection. It’s also important to have a clear emergency plan that employees are informed of, detailing how and when to leave the building in case of an evacuation.
Location risks share some similarities to physical risks, except they do not take place in your office space but rather near it. Examples of location risks include nearby fires, floods, earthquakes, tornadoes, hurricanes, storms, or other natural disasters. Prioritizing the safety of your employees is crucial. Therefore, your business’s risk management plan should involve employees familiarizing themselves with the local streets around the office. Certain individuals should also be tasked with keeping a sufficient supply of fuel in their vehicles. In addition, liability or commercial property insurance could be helpful to mitigate the financial impact of location risks.
Another common type of risk is human risk. There are many types of human risk. For example, employees suffering from alcohol or drug abuse may pose a risk to your organization. (Pro tip: contact BrokerLink to learn more about insurance options as some business policies may provide partial coverage for the cost of treatment or rehabilitation.)
Beyond drug and alcohol abuse, human risks that businesses might want to prepare for include common workplace crimes like theft, fraud, and embezzlement. Thorough background checks and double-signature requirements for all monetary transactions can help mitigate these risks, however, insurance is also important.
Finally, illnesses or injuries in the workforce are two more examples of human risks. Businesses should have backup personnel ready to take on the workload of another employee if they are unable to carry on due to a health-related issue.
Lastly, technology risks are only mounting. With nearly all businesses dependent on some element of technology to function, a single power outage could wreak havoc on your operation. An example of a way to manage this risk is by purchasing auxiliary gas-driven backup generators to use in the event that a power outage causes your main system to fail. A backup generator can keep your organization going until power is restored. A few other ways to mitigate technology risk include purchasing backup computer batteries or surge-protection devices to avoid losing any important computer documents in the event of a power surge. Emergency-use business cell phones could also be a great asset to your company if telephone communications failed.
Benefits of a risk management plan
The process of developing a project risk management can be beneficial to your business:
A risk management plan helps your company identify risk
Working through the risk management plan process with your team will help you to brainstorm and identify key risks that impact your business now, and emerging risks that may have an impact at a future time. Risk awareness is a helpful practice and is the first step to helping your business be prepared.
A risk management plan can help your bottom line
Managing your risk can be a smart financial choice for business owners. When risks are minimized, the money spent on losses can be saved. For example, if the risk of theft is high in your area, training your staff and purchasing the necessary security equipment, can reduce that risk. If the instance of theft declines, so too will the cost of your continual repairs or replacement of stolen items – that money will be saved.
A risk management plan makes for consistent and efficient operations
Implementing detailed risk plans throughout your organization and then training your staff on those procedures, can ensure safe and efficient operations. A culture of risk is created within your organization where all staff have a heightened awareness of the risks your business faces, and they work together to reduce those risks.
A risk management plan leads to more satisfied customers
Risk management is often synonymous with safety. Just by making risk management a priority, your premises will automatically feel like a safe environment. Your customers will know that their safety is top of mind and may be more willing to engage with your business.
Having a risk management plan is fiscally prudent
A risk management plan can help you make careful financial decisions to avoid the impact of unnecessary risks on your business.
A risk management plan improves a company’s brand
Brand reputation carries a lot of weight. A company that has considered its risks, usually promotes a safer work environment, leading to staff and customers who are more willing to promote the brand.
How to create an effective risk management plan for your business
Building a robust risk management plan can help position your business to not only survive but succeed when unforeseen circumstances arise. The steps below illustrate how to create a risk management plan that works for your business:
1. Set objectives
Establishing objectives helps the organization align the risk management process with their goals.
For example, you’re the owner of Five Star Restaurant & Bar with a goal to improve your bottom line by 10%. How will a risk management plan help you achieve that goal? We break it down in the steps that follow.
2. Risk awareness: identify risks
The second step is meeting with stakeholders (including your insurance advisor), who are committed to improving the risk mindset of your organization. Ask yourselves: what can go wrong? Make a list and identify the many risks that could impact your business.
To continue with the example above: you and your management team at Five Star Restaurant & Bar settle on a list of risks that includes the following: labour shortages, fire safety, workplace injuries, brand reputation, supply chain issues, high employee turnover, foodborne illness, and vandalism.
3. Risk assessment: prioritize risks
Once you have a list you’re satisfied with, start to prioritize the risks in order of the ones most likely to occur with the highest impact. Create a rating scale to help you measure this. It might be overwhelming to tackle the entire list, so set a goal and tackle those with the highest likelihood and greatest impact. Also, consider which risks align with your company objectives. Don’t scrap the rest of the list because sometimes the priority of risk may shift.
Of the eight risks listed for Five Star Restaurant & Bar, the following ratings were assigned: the higher the rating, the more likely this risk could occur and the greater the impact on the company.
|Supply chain issues
|High employee turnover
Fire safety, supply chain issues and high employee turnover are the three risks that have a higher likelihood of greatly impacting Five Star Restaurant & Bar’s bottom line if left unaddressed.
4. Risk analysis: evaluate the risk
Once a risk is prioritized, put an estimated dollar value beside each risk to quantify how much it may cost your business should this risk occur. While some aspects of risk could be covered by insurance, there may be components that are not covered yet still costing your business money. What is the cost of staff hours and salary dedicated to managing the consequences of a claim? What is the cost of disengaged employees and lost productivity due to poor company culture, employee unwellness or harassment? What is the cost of a poor brand reputation?
How to evaluate risk:
Company: Five Star Restaurant & Bar
Risk: High employee turnover
- Cost to recruit an employee: $1,000 (incl. job ad creation, job postings, time and salary for manager to review resumes and conduct interviews).
- Cost to fully train an employee (3 months and 25% of their wage): $10,000.
- Total cost for Five Star Restaurant & Bar to hire an employee: $11,000.
Consider how costly the risk of high employee turnover can be to a business if you need to hire new employees every six to eight months. How can a plan be created to mitigate this risk and save the company money? Improving employee engagement and creating a better company culture could help Five Star retain its employees.
5. Risk Tolerance
Once your team calculates the estimated cost for each risk, you can assign a strategy for managing that risk.
Five strategies for managing risk:
- Prevent or avoid: these are usually more serious risks that you want to prevent from happening as much as possible.
- Mitigate: some risks are difficult to prevent, however, their impact can be reduced or mitigated with a good risk management plan and trained staff.
- Transfer: move the risk from one place to another or avoid responsibility for it.
- Finance: this is where insurance placement falls. Some risks are better insured.
- Assume: some risks are so minor, or seen as a regular occurrence of business, that paying out of pocket is a risk that you can take should an incident happen.
Each of these strategies has its advantages and disadvantages. That’s why evaluating each risk and understanding the best strategy to manage it can help when creating your risk management plan.
Five Star Restaurant & Bar decides to mitigate the risk of high employee turnover to reduce the unnecessary costs of continuously hiring and training new staff.
6. Risk management plan
The final step is to create a plan for each risk that you have evaluated. The document contains the details of the risk assessment, risk analysis and the tolerance or strategies for the risk. It also highlights policies and procedures for how you plan to mitigate the risk and can help when training your staff.
Five Star Restaurant & Bar they’ve decided to do the work to improve company culture, including better shift scheduling, an employee wellness program and other incentives to make it more attractive for prospective hires and to help retain their senior staff. They also increased their minimum wage to be more competitive with other restaurants in the area.
Best practices to ensure the success of your risk management plan
Risk management plans are crucial to the success of any business. This means that not only is it good practice to create a risk management plan but you must also do what you can to maintain it. After all, the risks to your business are constantly evolving, which means your risk management plan should evolve along with it.
Generally speaking, risk management plans fail for one of three reasons: an insufficient budget, modelling errors, or ignoring the risks. But there are key ways you can avoid falling into some of these traps. Namely, by regularly monitoring your plan. If you continue to evaluate and examine your risks, you can amend your plan to address said risks. As you discover new risks, use the guide above to help you identify, prioritize, evaluate, and maintain the risk.
The importance of risk management
Risk management plans have so many benefits, from helping your business understand its bottom line to ensuring fiscal prudence. With time, a solid risk management plan can minimize overhead costs and get your teams working smarter, more efficiently, and more productively. Plus, it will allow your team to put out small fires before they grow. The reality is that avoiding risk is impossible, so in order to thrive, businesses must learn to adapt and prepare for various outcomes.
Resiliency is a key component of any successful business, and that’s exactly what risk management builds. Though we can’t predict the future, a risk management plan can help businesses prepare for and respond to uncertain events in the moment. Through the research, wisdom, and experience you’ve accumulated, a risk management plan will give your business the highest chance of success no matter what you’re faced with.
Create a risk management culture in your business
Risk is everyone’s responsibility! However, it starts from the top. When management is engaged and committed to creating a culture that understands and identifies risks, it also promotes safety.
If your staff is trained from day one to work safely, the culture of your business will change. Risk management is not just about safe work, it’s a mindset: if you work safe, you think safe. Employees won’t just walk by the sign that is about to fall, they’ll take the necessary action to reduce or remove the hazard until it can fix it. If you have a workplace where visitors and staff feel safe, they’ll return.
The role of insurance in risk management
Insurance coupled with a risk management plan can help to ensure your business has the added protection it needs when the unexpected occurs with a risk reduction plan.
As a business owner, your work hard to avoid a multitude of risks daily. Some of these risks, like a natural disaster, can devastate a business, even forcing it to permanently close. Insurance can provide financial security to help keep your business afloat, even after the unthinkable happens. In addition to having insurance, having a robust risk management plan can help to further minimize your financial losses when you submit a claim.
Insuring against risk
If you understand the importance of a risk management plan, then you can likely understand the role of insurance. Similar to risk management, insurance is a way to manage and mitigate risk. And many risks can be insured against. For example, commercial property insurance that offers coverage in the event of peril like fire, theft, vandalism, or water damage is a necessity for businesses that operate in physical spaces. Meanwhile, product liability insurance is often worthwhile for businesses that manufacture, distribute, or sell products to customers. Many businesses also choose to protect themselves from claims of third-party property damage or bodily injury with commercial general liability insurance. Of course, you might also want to protect your business from the risk of fraud or embezzlement, especially when employees or a board of directors are responsible for large sums of money.
When you are preparing for risk, whether you’re debating what business insurance coverage to buy or are developing a risk management plan for your business, use a worst-case scenario approach. For example, even if you’ve had the same team of employees for years without issue, there is no guarantee their track record will stay this way forever. Instead, you should assume that people make mistakes, and to protect your business from these mistakes, insurance against employee error is wise.
Ultimately, the exact coverage you choose and the extent of each coverage option will depend on the nature and industry of your business. For example, if you operate a manufacturing plan, product liability insurance is a must, but if you operate a tech company, cyber liability insurance might be more worthwhile.
At the end of the day, insuring against risk is a key part of any risk management plan. After you’ve identified the key risks to your business, contact BrokerLink or do some independent research into the types of business insurance that might help you mitigate the possible outcomes of these risks.
Align your risk management plan with the right insurance coverage
Now that you have a better understanding of the importance of a risk management plan to your business, it’s time to support it with the right insurance coverage. At BrokerLink, our business is your business. Our insurance advisors also understand business risk and are here to answer your questions.
While there are a whole host of strategies businesses can employ for risk management, there is almost nothing as effective as transferring your risks to a third party. By this, we mean purchasing a business insurance policy that protects your company from the financial ramifications of all kinds of risks.
Contact BrokerLink to learn more about commercial business insurance. We can walk you through your policy options, explain the various coverages that are most relevant to your business, and help you find comprehensive coverage at an affordable rate. We will also take the time to listen to the unique risks that your business faces and can even explain the benefits of business insurance from a risk management perspective. Ultimately, protecting what you’ve built from the ground up is your top priority. We understand that and want to give you peace of mind by offering you a business insurance solution based on your unique needs.
Risk Management Plan FAQs:
Is a risk management plan necessary?
Developing a risk management plan for your business can help you understand the risks that may impact it and help you and your team better prepare. By creating a business culture that is risk-aware, there is a better chance you and your team can be familiar with risk identification training and mitigate them before they turn into claims and cost you money.
What are the difficulties in developing a risk management plan?
It may seem impossible to know all the risks that could impact your business. However, a risk management program can start off with the risks you are aware of and can evolve over time.
What are some examples of emerging risks?
Emerging risks are defined as “new risks or familiar risks that become apparent in new or unfamiliar conditions” (The International Risk Governance Council). Examples could include new and evolving technology like artificial intelligence or genetic engineering, cyber risks, or climate change in areas that have not experienced the impact yet. Having discussions about emerging risks with your team can help your business better prepare to risk management situations.
How to monitor the effectiveness of your risk management plan?
Risk management isn’t just about identifying risks. It’s about evaluating and monitoring risks. Simply developing a risk management plan and never looking at it again won't cut it. Risks are constantly changing, which makes risk management an ongoing process. As businesses grow and change, new risks come about. There are also external factors that can influence the risks of your business, like climate change or the stock market. That is why monitoring risk is so important.
Therefore, once you’ve developed your initial risk management plan, the next step is to review it regularly and assess its effectiveness. Every time you review it, which should be quarterly if not monthly, you should consider whether the current plan is working and whether any new risks have popped up that are unaccounted for. More specifically, we recommend considering the following every time you go back to your risk management plan:
- How your business’s risks have evolved over time (i.e. whether you’ve identified any new risks to your business).
- How effective your current strategies have been for dealing with the risks your business faces.
By constantly evaluating and reevaluating your risks, as well as your strategies for mitigating them, you can adapt your risk management plan to cover even more risks. Plus, reviewing your plan regularly is an excuse to scrutinize its effectiveness and consider whether it’s really working for you, whether it needs to be tweaked, or whether it should be scrapped and rewritten entirely.
For more FAQs, visit the BrokerLink FAQs page.