Risk Management Bulletin

For most businesses, reputation is their most valuable and irreplaceable asset. Building a strong reputation can take years, and done right, it can help a business grow to new and more profitable heights. But reputation can be a fleeting thing, and just one wrong move can send your company’s reputation tumbling from those heights, often never to recover.

A carefully constructed risk management plan can help you avoid these disasters, especially when these three key areas are addressed:

* Have a plan. Don’t make the mistake of thinking “It won’t happen to me.” Take time to carefully plan out how you’d handle a reputation disaster the same way you’d plan out how to handle physical disasters against your business or its operations.
* Think before you post. When a customer complains, it’s easy to ire off a sarcastic comment. But how you react in the face of criticism — especially on broad social platforms — says a lot about your company and can make or break your reputation. Have a plan — possibly even including scripts — for how to respond on social sites, over the phone, via email or though other types of customer contact and make sure your employees know about your policy.
* Plan social media campaigns carefully. When you post on Facebook, tweet, share or post a pic on Instagram, you’re potentially posting to the world. Think through your social media campaigns carefully and be sure to play devil’s advocate to uncover possible ways your campaign could be misinterpreted to otherwise go horribly wrong.

Remember: Complaints can be — and usually are — reposted on multiple social sites, not just the one where the faux pas occurred. In fact, few things cause people to be more vocal than a complaint, and having the world as their collective complaint department makes sharing bad experiences easier and more tempting than ever before. Managing your company’s reputation can be complex and time-consuming, but considering the repercussions, it’s a crucial part of doing business.

In the U.S., every year tens of millions of dollars are spent mitigating the effects of cyber attacks on American businesses, and that doesn’t begin to take into account the devastating effects an attack can have on your business’ reputation. While big businesses like target have deep pockets to weather such storms, most small and medium-sized businesses do not. If you fall into that category, here are the steps you need to take to help prevent a cyber-attack on your business:

* Make sure you keep your antivirus software updated at all times and that your data is stored in a secured environment that adheres to the latest ISO security standards.
* Educate your staff about phishing scams and the hazards of clicking on an unknown site or downloading an attachment from an unknown source. Make sure they understand the increasing security risks posed by social media sites.
* If you hire a security consultant, make sure the firm is reputable and experienced so you feel confident you have the best controls in place for your business.
* Make sure you have a strong BYOD policy in place that limits the way personal computing and mobile devices are used with regard to work and work-related data.
* If you use off-site workers, look into a secure cloud computing environment that avoids storage of data on remote workers’ personal computers.
* Make sure your employees have a strong password that does not contain personal information and which features a combination of uppercase and lowercase letters, numbers and special characters for added strength. Change passwords every three to six months, and don’t recycle old passwords. It’s a hassle, but it’s well worth it.
* Make sure your security measures are as user-friendly as possible. Complex protocols like restrictive file-sharing policies are more likely to be ignored, which means more risks for your business.

Implementing these small steps takes time, but in the end, your business will be better protected against the rising tide of cyber attacks.

Risk management isn’t always inexpensive, but generally speaking, the costs expended in proactively managing risks can far outweigh the potential costs of liability exposures. Still, there are some steps you can take to help control the costs of developing a risk management policy, and they can also help you gain better insight into your business and its operations and exposures too.
The key to cutting costs is to identify your risks early on so you can begin developing the best policy from square one without prolonged delays that come from long periods of risk analysis and weeks or months of trial and error. Understanding your exposures early means you can devote more time to prioritizing your risks so the policy you ultimately put in place will be more customized to your needs.

So how do you develop an early understanding of your company’s risk exposures? Here are a few ideas:

* Talk to your insurance agent or broker. Insurance professionals are experts at identifying risks and assessing exposure levels, and they can be instrumental in the early phases of developing your risk management policy.
* Network within your industry association. People with experience in your field have unique “real world” perspectives that can shed considerable light on potential areas for review.
* Review customer and employee feedback. Both can yield a surprising wealth of information about your business from perspective you may not have considered. Solicit feedback through regular surveys.
* Read trade magazines and websites geared for your industry to learn about the risks others in your field have faced as well as the steps they took to address them and policy changes they made based on their experiences.

Taking these steps does more than cut costs; it also helps you develop a better understanding of the risks your company is facing, and that can help you run your business more efficiently — and more profitably.

Research shows public liability claims — and settlement amounts — are on the rise. Here are four things you should be doing to protect your business:

Making sure you have a safety plan in place for identifying and fixing problems

It’s easy to get caught up in the day-to-day management issues of running a business, and often, immediate issues can seem to take precedence over long-term planning. But overlooking safety measures can cost you big in the long run. Be sure to consider your business and its potential risks from all angles and develop a robust safety plan to limit exposures to liability claims.

Seeking advice from peers and professionals

Especially if you’re just starting out in your business field or offering a product to a new audience, it can be difficult to understand your risk exposures. Being proactive in networking with peers and insurance brokers provides you with a rich source of information and insight from others who have “been there, done that.”

Being proactive in reviewing risks

Chances are that over time, your business will go through certain changes. Review your safety measures and policies several times a year to make sure they cover everything that needs to be addressed and review them again whenever something new occurs.

Making sure you have enough insurance

Few people care to spend hours poring over their insurance policies, but unless you take the time to really understand your coverage levels as well as the limitations and exclusions of your policy, you could be leaving your business open to major losses. Another typical mistake: Thinking the coverage a similar business has in place is “good enough” for your needs. Make sure your agent understands your business as well as its potential — and unique — risk exposures.

Keeping your business safe from costly public liability claims should be a priority. Make time in your schedule to take the steps necessary to ensure you’ve identified your business’ potential risks and have the safety plans and insurance coverage in place to avoid major losses.

From BP and its Gulf oil spill to Paula Deen and her restaurant scandal to GM and its recent recalls, no company is immune from a potential brand-related disaster. Obviously, the scope and nature of these three examples vary, but the overall results with regard to the brand are the same: Loss of trust in the brand and a consequent loss of revenue.

Knowing how to respond to these situations is the key to reducing the chaos that can follow. That means you need a communication plan to calm nerves and let the public know the steps you’re taking to address the issues. If your emergency response plan doesn’t include a plan for communication, it should. Here are a few ideas to help you develop a communication strategy for your business:

Point of contact

First, you need a “point person,” someone who understands your business and can respond to media inquiries and public concerns. A PIO is a good choice for larger companies, but smaller companies without separate media relations staff can appoint someone from their staff to serve the same role. Just be sure the person has a calm personality so they aren’t drawn into defensive arguments.

Method of contact

Develop a list of local and media personnel to contact in case of a disaster, then decide: Would your company issue a press release? Hold a press conference? How would you respond to phone calls, emails or comments on social media sites? What would the general tone be? Also be sure to communicate to employees how they should respond to inquiries about the company in the wake of an event.

Performance measures

Throughout the process, you need to be able to gauge your effectiveness in handling the situation, as well as the ability to change your methods and approach as need to ensure your company is responding appropriately.

The scope of an emergency response plan can vary greatly based on the size of the business and the risks it faces. But no matter what size business you own or operate, a communication plan can play an important role in mitigating loss following a disastrous event.

ERM, or enterprise risk management, has become increasingly popular in recent years as businesses of all sizes have embraced the comprehensive approach that involves continual input aimed at managing all risks faced by a company. But before you can develop strategies to address emerging risks, you need to build a framework that can provide your company with an overall assessment of its risks and its risk level.

When building an ERM framework for your company, think of it as a powerful viewing platform that lets your business gain an overall appreciation for the risks that must be addressed throughout the entire company. Not sure how to begin? Here are a few guidelines to get your started:

* Appoint a steering committee.
Establishing a committee to oversee the entire process will help your company stay focused on the end goal and it will also help avoid duplication of effort that can wind up costing time and money.

* Assign responsibilities.
Assign the roles and responsibilities of all the key players who will contribute to your ERM plan. To avoid confusion, roles and responsibilities should be clearly defined and written down for review and reference.

* Identify risks and prioritize them.
Ask for input from all your ERM participants to determine which risks are most pressing, and decide the order in which every risk should be addressed before developing mitigation plans.

* Design plans to monitor and report actions and results.

Unless you track your results and outcomes, you won’t know what’s working and what’s not. Have a system in place for regular reporting so all team members can be held accountable.

ERM is a dynamic and ongoing process designed to evolve with your business. To ensure the best outcomes for your business, reviewing your ERM program should be a continuous event that involves stakeholders from all levels. Yes, it’s work — but it can provide tremendous benefits.

During the last five years, companies around the world have become much more interested in investing in their risk management capabilities, according to a report published by management consulting company Accenture. Moreover, these capabilities are being developed in line with business’ growth strategies to help businesses compete more effectively and more efficiently.

Why the increased interest in risk management? The ever-changing shape of the world marketplace is a primary driver. Businesses know that to remain profitable, they need to increase their activity globally, and that means far greater exposure to a far wider range of risks than ever before. What’s more, as businesses grow and operations expand their own borders, the need for a coordinated risk management approach becomes essential. And of course, being active in the electronic space — whether through a company’s own corporate website or through interaction on social sites — means exposure to an entirely different set of risks like fraud and espionage which are only now beginning to be truly appreciated.

But there’s something more: Today’s businesses are embracing greater risks than they were a few years ago when the economy was topsy-turvy. Instead of being reactive when it comes to risk, companies are becoming proactive, the report notes. Now, risk is viewed more as a potential opportunity for growth — a “competitive advantage,” according to the report — and businesses are balancing those opportunities by establishing strong risk management programs both to evaluate risks and to prevent reckless behaviors that could put the company in jeopardy. Managed properly, risk can enable companies to move into new markets more quickly and more successfully, and they can also provide the impetus for undertaking new, profitable ventures.

This new view of risk management as a driver of strategic planning means businesses need to implement strategies that are responsive and flexible to enable them to evolve as the marketplaces shifts. The bottom line: If you want to remain competitive in the markets of tomorrow, you need to invest in a risk management plan that’s firmly aligned with your business’ goals and needs to ensure a strong and profitable future.

Retail establishments often operate with some very slim margins, so having a comprehensive and flexible risk management system in place is critical. Here are five steps to help you implement a strong system:

1. Establish a social media policy.
Tapping into social media — and using it correctly — can yield great results for your business by allowing you to communicate directly with your customer base. Protect your brand by establishing a social media policy that helps your employees understand how to consistently communicate with customers, especially when responding to complaints.

2. Consider cloud-based risk management software.
Once relegated to major corporations with deep pockets, today’s cloud-based software options offer flexible user-based pricing that keeps start-up costs lower. And because it’s cloud-based, there’s no need for an in-house IT department.

3. Encourage communication.
Make every effort to break down barriers that can lead to miscommunication, errors and costly duplication of effort. Using a team approach to tackling problems not only helps achieve greater efficiency, but it also helps build strong bonds among employees and management.

4. Document, document, document!
Unfortunately, more and more often, claims wind up being dragged into court. If that happens, you want to be sure you present the strongest case possible. That begins by having good documentation to prove you’ve done your due diligence. Be sure all your policies and procedures are written down, and take copious notes during interactions between your business and the “other” parties.

5. Have a risk triage system in place.
Prioritizing risk management issues is the best way to make sure every concern gets the attention it deserves. When a potential or existing risk is identified, put in on your list in order of importance and review your list frequently to prevent minor incidents from becoming major claims.

Revisit and review your system periodically to make sure it evolves with your business, and to ensure your retail business manages its risks as effectively as possible.

According to risk management experts, workplace violence is a growing problem in the U.S, accounting for more than 5,400 victims a day and up to 2% of all non-fatal lost-time injuries on the job. The multibillion dollar annual cost to employers includes not only the financial impact of injury and death to workers or customers, but reduced profits from lost productivity – not to mention the unwanted publicity that violent acts create.

What’s more, a business might be held liable for damage from workplace violence if an assault occurs in the scope of employment and the employer might have been reasonably expected to have foreseen the threat.

“Although there were pre-incident indicators in nearly every case of workplace violence,” says Rick Shaw, CEO of Awareity Inc. (Lincoln, NE), “a failure to recognize and deal with these indicators made it impossible to prevent them.” Your business needs to develop an “early warning system” for employees to report potential signs of violence (anonymously) to managers so they can investigate them, share assessments, and forestall possible threats.

For example, according to Jeffrey Natterman, risk manager and associate senior counsel at the Johns Hopkins Hospital, a 2010 shooting incident at the facility involved the distraught son of a woman whose surgery resulted in complications. Although there had been signs pointing to the risks of violence, staff who saw these indicators failed to share their concerns. After the shooting, the hospital instituted a number of policies and security measures to make patients, visitors, and staff aware of behavior that might lead to violence and how to respond these acts. Natterman’s advice to employers: “Training your staff on how to piece this together is something that’s critically important.”

In the words of the Roman proverb, Praemonitus, praemunitus (“Forewarned is forearmed.”)

Recent record-breaking droughts, windstorms, blizzards, and floods reinforce the reality that climate change is transforming the environment. As an environmentally conscious corporate citizen, your company has a responsibility to curb the adverse effects of global warming by conserving your use of natural resources and energy, while minimizing pollution. What’s more, “going green” will reduce your risk of lawsuits for alleged damage to the environment – and can boost your bottom line by saving time and money.

Risk management experts recommend these eco-friendly business processes:

• Minimize paperwork and digitize files. To reduce the expense and inefficiency of handling paper, have employees scan and route incoming mail; recycle, discard, or retain original documents; send as much correspondence as possible by e-mail; and require double-sided printing.
• Boost recycling. Despite automation, every company is paper intensive. To reduce costs, facilitate and encourage recycling paper wherever possible. You can also put a dishwasher in the company lunchroom to encourage the use of reusable, washable coffee mugs, rather than styrofoam cups.
• Promote telecommuting. Fewer workers idling in traffic to and from the job reduces fossil fuel pollutants going into the atmosphere. To help the environment – and eliminate the loss of time and money in commuting – encourage employees to work from home, wherever practical.
• Reduce power consumption. Shut down computer towers, printers, CRTs, copiers, and other electronic devices at night.
• Manage used or scrapped IT equipment. Because these devices contain a number of hazardous materials, make sure to recycle or discard them in an environmentally friendly and cost-effective way.

Set up a “go green” committee for management to track the cost savings from these policies and encourage employees to provide examples of how they or coworkers are helping save the environment.

For more information, just give us a call.