Risk Management Bulletin

• Quora: This popular question and answer site enables users to pick the brains of business and industry leaders from across the globe. You can ask questions, get answers and follow lots of different topics that are important for our business.

• Todoist: This simple app lets you create to-do lists and share them with project team members, showing real-time progress toward goals so you and your team can stay on track and be as productive as possible.

• HootSuite: Being active on social sites is an important part of every business’ marketing strategy, but maintaining multiple accounts can be time-consuming. HootSuite lets you manage and update all your social sites from one place so you can ensure your messages are consistent and published on a regular basis.

• DropBox: Store, edit and share documents, videos and photos from any Internet-connected device for easy collaboration no matter where your team members are located. While perhaps not as comprehensive as Google Docs with its plethora of apps and add-ons, DropBox provides a simpler interface that many businesses find easier to use.

• Zoho CRM: Managing client relationships is critical, but it’s also time-consuming. ZohoCRM offers a robust client management platform that’s free for up to 10 users. The platform makes it easy to access client data so you can fine-tune future sales efforts and incentive programs.

• Free Conference Call: Hold conference calls and online meetings with clients and business partners at no cost. You can record and share calls too, and the meeting app is free for up to 25 participants.

* What costs are associated with the system? Both one-time setup costs and ongoing costs need to be accounted for. After all, if a system is too expensive, you might as well cross it off your list right from the start.

* Does the system support standards used by your business? If an LMS doesn’t offer learning modules and content for the subjects you need to cover, it’s another easy elimination.

* Is it mobile or must it be used on site? Not critical if you intend to have your employees learn during working hours, but what if they want to learn on their own time or access modules at home?

* How often is the library updated? Standards change fairly often, so rolling updates guarantee you’ll have access to the most recent guidelines and training materials for your industry.

* What types of reporting capabilities does it offer? Be sure to ask about formats as well.

* Can the platform be hosted by the SMB or will it be hosted by the LMS provider?

* What skills will your personnel need to have to successfully implement the system and help employees learn to use it? Most systems are relatively simple to use, but you do need to have at least a couple tech-savvy employees who won’t be daunted by the thought of managing an LMS.

* Ask your agent if they perform risk assessments as part of their duties. Many insurance companies provide no-cost risk assessments, and these tend to be a better option that doing it on your own. Why? Because experienced insurance brokers and agents work with lots of businesses just like yours, and they know the specific types of risks your business faces and the types of coverage you need to be protected. Keep a copy of the assessment in your records for future reference.

* Know the basic types of insurance. Important types of insurance to ask your agent about about include general liability, business auto, equipment breakdown, commercial liability, employment practices liability and worker’s compensation. Be sure to ask how much of each type is required by law, but don’t be bound by the minimum amounts; most businesses need far more than the recommended minimums.

* Understand the “extra” types of insurance that are available. While not necessarily required, additional insurance can provide you with greater peace of mind. Some types to consider include business interruption insurance, key person insurance, rental insurance, boiler and machinery insurance and cybercrime insurance.

* Don’t forget your employees. You can build employee loyalty by offering health insurance and retirement options. Group pricing combined with partial premium contributions from employees can help keep your costs low.

Risk management can be a complicated and complex process: From identifying risks to posing and testing potential solutions to finally implementing them and tracking their effectiveness, a lot of leadership skills come into play. If you play any role in managing risk, here are five critical skills you should be working on to ensure a smooth risk management process:
* Vision: Vision enables you to see the big picture and the small details, understanding the implications of risk and the benefits of rewards. Vision is essential in understanding how specific risk management processes will help the entire business thrive, and it also enables you to home in on novel approaches that may not have been tried before.

* Communication: Good communication skills means you’re able to take an idea and present it clearly to multiple audiences, not only so they understand an idea but so they become inspired by it. Clear communication can also ensure a risk management initiative stays on track and eliminate errors that occur when directives are unclear. And don’t forget: Being a good communicator also means you’re a good listener.

* Conflict resolution: Every team will have some conflict at some point in time, especially when risk is involved. Being able to see both sides of an argument and provide balanced insight that values all input is essential in implementing risk management strategies that work.

* Collaboration: Leaders can take input and advice from other team members without feeling threatened, even when that means letting go of some of their own ideas, and incorporate the best ideas into a cohesive and comprehensive approach to managing risk. They also know when it’s time to look outside the team for additional help.

* Delegation: Likewise, a leader can identify team members and those outside of the team who have specific strengths that can help identify solutions and implement them. Learning to delegate effectively is one of the most difficult leadership skills to acquire, partly because it’s difficult to give up responsibility for a project you’re spearheading. This is one skill where practice will help you to become more adept over time.
Spend some time evaluating your own leadership skills to identify ways you can help manage risk more effectively at your company.

Among today’s SMBs, one of the biggest trends in risk management and safety training and education is the deployment of a learning management system to handle not only the training activities themselves, but also to aid in assessment and recordkeeping. What’s a learning management system, you ask? It’s simply a software application or web-based program that can help businesses implement learning objectives and assess individual employees’ progress, and it’s becoming an essential tool for anyone involved in risk management and compliance activities.

Here are five of the top benefits offered by an LMS:
* Improved productivity: Since learning is accomplished primarily (or entirely) using an online system, businesses don’t have to devote their own staff to teaching; plus, because learning can be done at different times, workers don’t have to leave their duties during especially busy times.
* Improved reporting: Most LMS systems offer not only online reporting capabilities, but printable reports as well, making recordkeeping and audits a snap. Plus, supervisors can see an employee’s progress with just the click of a button.
* Improved learning: Being able to learn at their own pace and on their on timeline makes it easier for employees to absorb information and get the help they need confidentially so they’re more engaged in the learning process. Studies have shown that when students have the opportunity to learn at their own pace using a variety of materials, they learn faster and retain more information than they do when relegated to a traditional classroom setting.
* Lower costs: Rather than hiring outside teaching staff or sending workers to costly off-site seminars and workshops, learning can be done on site. Plus, having materials online means businesses don’t have to shell out for books and other learning materials.
* Consistent results: Because everyone has access to the same learning materials and testing, businesses can feel confident every employee is on the same page when it comes to training and compliance activities.
If you’ve been considering an LMS, there are a lot to choose from. To learn how to find the best LMS for your needs, read our second article in this issue about questions to ask when choosing an LMS.

•Start by forming a team to build your plan. The team should include key decision-makers who can solicit input from every department in your company to make sure the plan is comprehensive and responsive.

•Then, brainstorm to identify the potential events and risks. Events include things like power outages, major storms, accidents, cyber-attacks, service sector failure – basically anything that could interrupt your workflow.

•Next, identify critical resources that need to be maintained. These are resources that are necessary for the continued functioning of your business. Prioritize resources in order of importance so you can determine where your post-disaster efforts should be focused.

•Develop mitigation plans. This is the “meat and potatoes” of your BCP, and includes things like communications, resource management, emergency response and public relations.

•Finally, to be sure your plan remains responsive, revisit it frequently with your team members to fine-tune it, especially as equipment and other resources are added to your company, or removed from it.

The recent security breach at Sony underscored not only the need for better security in protecting sensitive internal documents and information, but also the appalling lack of care being taken on an individual level to protect passwords and take other steps to protect (or remove) sensitive conversations and data. Despite a litany of other widespread and serious data breaches in recent years, many businesses still don’t seem to be taking cybersecurity as a serious issue that not only could affect them, but very well may.

As a business owner or manager, you’ve heard time and again how important it is to delegate in order to streamline processes and be more productive – and more profitable. But delegating does not mean turning a blind eye; and when it comes to cybersecurity issues, unless you have a dedicated chief information security officer, you need to take an active role in ensuring your data is adequately protected.

The key to effective management begins with understanding the types of threats that exist and how they’re evolving, as well as identifying new threats as soon as they begin to emerge. At the same time, management needs to develop actionable steps to counteract potential breaches, looking for weaknesses at every level, from individual employee passwords and use of personal devices like smartphones, to the way data is encrypted and stored, both in the cloud and on any on-site or remote servers.

Strong, company-wide policies backed up by employee education programs and Q&A sessions are the cornerstones of an effective cybersecurity policy; managers must clearly communicate to employees – at every level – the vital roles they play in protecting the company from cyber threats so they see BYOD and other policies as being protective rather than punitive.

Involving employees in cybersecurity discussions also helps ensure their cooperation and compliance.
One more lesson from the Sony breach: Unlike other cybersecurity attacks that have targeted customer identification and banking information, the Sony attackers also focused on employee emails, revealing information that proved both embarrassing and potentially costly. Many businesses fail to consider emails and personal files when considering cybersecurity measures, leaving themselves wide open to similar breaches.

In a nutshell, companies that assess and manage cybersecurity issues as vigilantly as they do financial, operational and reputation-related risks have the greatest chance of thwarting attacks and breaches. Start today to plan how to avoid breaches as well as how to respond if a breach does occur.

In last month’s newsletter, we looked at some of the risks associated with obesity in the workplace. This month, we’ll focus on how to conduct a workplace assessment to identify and mitigate a wide range of health issues so you can reduce your overall health-related risk exposure.

The Value of Workplace Assessments

The Centers for Disease Prevention and Control (CDC) promotes workplace assessments to help businesses understand the issues their company is facing with regard to lost productivity and workers’ comp issues, as well as potential discrimination claims that can arise when workers feel they’re being targeted or their health needs are not being met.

According to the CDC, “Employee health is determined by a complex set of interactions between the individual and their social, cultural, and physical environments and can be influenced in many ways.” That means that to be effective, your workplace assessment must involve much more than a cursory review of your company’s past healthcare expenditures.

Conducting Your Assessment

Most evaluations begin with a site visit and evaluation with a focus on identifying health risks like low lighting or habits that can promote problems like low back pain. The evaluation should also include interviews with managers and employees and a review of any health promotion programs or incentives that may be in place.

Employee questionnaires are another important component, providing a first-person perspective on health and safety issues, employee satisfaction and any other health-related concerns.

Reviews of both health claims and pharmaceutical costs from the past few years can provide important information about the prevalence of medical issues and whether your company is moving in the right direction with its health policies. You can also identify which employees have the greatest number of claims and highest costs to pinpoint occupations that may be most prone to injury. Similar data can be extracted from records of employee sick days and absences.
Once data are gathered and evaluated, a decision can be made regarding the value of your current health plan and whether or not it needs to be altered, as well as any steps you can take on site to reduce injury and illness.

One word of caution: When developing employee health questionnaires ore reviewing medical claims data and sick days, be sure your actions don’t run contrary to any privacy or HIPAA regulations to avoid potential claims of discrimination or other violations. The CDC offers a comprehensive guide to workplace health assessments for businesses with single or multiple locations to help guide you. You can find an overview of the guide here, as well as a list of supporting documents and guides to help you carry out your evaluation.