Unsure about risk assessment and management for your business? Help is out there.

Listen to this article

The Corporate Finance Institute defines risk management as the “identification, analysis, and response to risk factors that form part of the life of a business.” From internal fraud to external hazards, the risks companies face during their lifetimes are abundant, but manageable with the right strategy and team in place.

We asked professionals from three different fields that help companies with risk management to identify what the biggest risk management issues are today from their vantage point and how to plan for them.

LippesMathias LLP

“The risk management issues facing businesses vary and depend in large measure on the industry they’re operating in,” says Kevin T. Merriman, a partner and team leader of the insurance recovery, counseling and litigation team at LippesMathias LLP. “If I were to choose one significant risk common to all industries, it would be cyber risk; no company is immune from attack.”

These cyber risks can include e-crime (funds transfer fraud, telephone fraud, fraudulent instruction); extortion (ransomware attacks); payment card liability; privacy; or other security breaches and, Merriman notes, the losses can be substantial.

“They include damage to hardware/software, loss of critical data, business income losses, third party liabilities, and the cost of counsel needed to navigate the complex web of state and federal regulations governing privacy,” Merriman said. “Every business with an internet connection needs robust systems security and an insurance program in place to cover losses.”

Merriman says that businesses of all sizes should focus on risk management because all operations carry some degree of risk and every company has a balance sheet to protect. However, company size, industry risk, location of operations, number of employees and many other factors will determine what that risk looks like.

For example, smaller companies might outsource risk management to qualified insurance brokers and outside counsel, he says, while larger companies may develop internal expertise capable of handling all aspects of risk management from insurance procurement through claims management, usually with assistance and support from their brokers and outside counsel.

“There are, of course, many risks facing companies,” Merriman said. “Perhaps the biggest risk common to companies in every industry is the failure to anticipate and properly manage risk. Whether this function is outsourced or developed internally, a competent team of managers, insurance brokers and experienced counsel is needed to ensure the company is reasonably protected and that the company’s insurance assets are available to cover losses.”

Freed Maxick CPAs

David Hansen, CPA, CISSP, QSA, CISA is the director of risk advisory services at Freed Maxick CPAs. He also notes that risks can vary from business to business and industry to industry, but three widespread risks he sees today are cybersecurity issues, increasing regulations (including climate regulations) and third-party/vendor risk.

“I think every business should do some level of a risk assessment to really understand what risks are facing their organizations,” said Hansen, who explains that once a business’s individualized risks are identified, they can be addressed via different risk response actions.

These actions include risk acceptance, risk avoidance, risk reduction and risk transfer, which is typically accomplished via insurance.

If a business does not have an individual employee or department that can perform a risk assessment, there are a plethora of external organizations that can, Hansen said, including management consulting firms, CPA firms and firms that specialize in risk advisory or compliance. Some are dedicated to specific industries and others are more industry-agnostic.

In choosing one, Hansen recommends meeting with a few different providers to ask them what their methodology and processes are, as well as how they will go about understanding your business’s enterprise-level risk, categorize it, and work with management to create a roadmap and action plan to address it.

Walsh Duffield Insurance Companies

The emergence of technology is one of the biggest risks facing businesses today, from the vantage point of Brian Allen, the Rochester market leader and commercial insurance consultant for Walsh Duffield Insurance Companies

“Companies continue utilizing technology to improve operational efficiency, enhance the customer experience, and to stay competitive in the market,” Allen said. “By introducing new technology, however, it does add new risks for the business to consider.”

These risks include cybersecurity threats, the potential mishandling of sensitive information, staff not properly trained in the technology and other technological disruptions that may occur that could negatively impact the organization.

He suggests that business continuity plans be developed if not in place and reviewed at least annually to make certain that during an unexpected crisis, the organization can be up and running as quickly as possible.

Another risk he sees in various industries is talent in the workforce due to labor shortages and employees aging out. It’s critical for businesses to have successful onboarding that ensures new employees receive essential training on company policy, procedures, and compliance requirements. If onboarding is not in place or training is not done properly, the likelihood of a workplace accident is elevated.

“By preventing accidents and promoting safety, businesses can minimize costs and protect their bottom line,” Allen said. “Organizations are striving to create that work culture and brand recognition and I’d like to see them highlight and build a safety culture as well as that is just as important!”

For smaller organizations that don’t have a dedicated risk management department, Allen recommends creating a safety committee that includes employees from different departments.

“It’s also important to share with your insurance broker the preventative measures that have been put in place throughout the year,” said Allen, who notes that information can be communicated with the insurance carrier to help with more favorable renewal terms. “By understanding the risks within the organization, and their true impact it could have on the organization, we can then customize insurance coverages that ensure adequate protection is in place for the risks identified.”

Caurie Putnam is a Rochester-area freelance writer.