Risk Assessment - Are You a Better Risk Than You Think?

December 18, 2017

Download Risk Assessment white paperAssessing risk can be difficult. Sometimes it can appear in unexpected places, maybe at the end of a chain of events, so it’s hidden from your view.

It’s possible that you’re a far better risk than you realize. Or maybe you actually don’t measure up to your vision of how well you’ve mitigated risk in your company. Or maybe you’re exactly the kind of risk you believe you are.

The point is, sometimes we don’t know what we don’t know.

Think about it: how well are you keeping up with the onslaught of regulatory change? Will Artificial Intelligence or driver-less cars affect your risk profile? What about the advent of blockchain or the threat of cyber-attacks? Do they have an impact on your risk?

You also need to consider overall safety issues; ADA compliance; code compliance; compliance with both state and federal laws; and facility and employee problems. And much more.

For example, many in the construction industry have been under the impression that their General Liability policy also covers professional and cyber liability. But each of those areas requires dedicated risk management and specific insurance policies. So, the risk is amplified because these companies aren’t covering it, even if they’re attempting to manage it.

How do insurance companies assess your risk level and set rates?
With the help of “Big Data” analytics and complex algorithms, insurance underwriters determine premiums depending on the likelihood that you will make a claim.

They predict the cost of insuring a particular business based on the risks and likelihood of loss, along with the potential cost of a claim. The more risky and costly the business is to insure, the higher the premiums will be. Makes sense, right?

Insurance companies also look at two forms of risk: internal and external.

External risks include economic trends, government regulation, competition in the market and shifts in how customers’ buy. External risk assessment is almost always data-heavy.

The external assessment begins by categorizing potential risks. Quantitative techniques, such as benchmarking or probabilistic modeling, adapt to new data, and companies can then track relevant indicators and create thresholds of acceptable risk for a given project.

Internal risks include both physical and human risk, such as employee performance, procedural failure, and faulty or insufficient infrastructure. Internal risks are far more specific and controllable processes. Companies use operational risk assessment for risk of loss from inadequate business decisions.

Many companies assess internal risks by matching likelihood and impact to specific objectives. Interestingly, it wasn't that long ago that companies simply operated on industry-standard practices.

Can you conduct your own risk assessment?
Of course, you can. The question is, do you want to? Do you have the time and the know-how to do the job correctly? And how should you proceed? Here are the basics:

  1. Identify your company’s risks
    How do you define risk in your business? A common definition is any event that negatively influences your ability to achieve business goals. Risk affects a company’s ability to survive, successfully compete, and maintain financial strength and a positive public image as well as the overall quality of its products, services and people. You need to consider everything from insurance risk, such as natural catastrophes, to operational risks, such as third-party vendor risk.

  2. Keep track of your company’s risk
    This kind of record helps you have productive discussions and promotes consistency and awareness within your employee population.

  3. Identify who owns the risks
    The risk “owner(s)” should be responsible for assessing risks and identifying how to mitigate it. They should also be responsible for implementing and maintaining controls and reporting breaches of controls or risk appetite.

  4. Identify the controls to mitigate and reduce risks
    Each control should also be assigned an owner or responsible party. This can be a functional responsibility, instead of an individual or specific person.

  5. Assess risk potential and impact
    Working with the risk owners, evaluate each risk, based on the impact (financial, reputational, etc.) and the likelihood that the risk will affect your company. This helps you prioritize.

  6. Revisit the assessment every year
    Risk assessment is a process and should be conducted on at least an annual basis, simply because your risk profile can change.

What you can do to mitigate your risk?
What could happen? Natural disasters. Fire. Theft. Embezzlement. Product failure. Cyber-attack. Employee issues.

Coming up with a plan that covers all eventualities is time-consuming, but planning for catastrophes is essential. In the long run, it can save you from future major losses.

First, get senior staff together along with key personnel to brainstorm potential disaster scenarios and identify any weaknesses. These observations are what you can use to create your final plan.

Then, develop a plan to control or eliminate specific risks and how you will respond should something go wrong.

Once you have a plan in place, make sure it becomes part of your culture. Train everyone, not once but continuously, so it is ingrained in their day-to-day routine. Post clear instructions for emergencies and make sure everyone is clear as to what role they play.

What a good broker can do to help you mitigate risk and keep costs under control.
Working with a smart, qualified broker can make the process of risk assessment and mitigation a lot easier and most times much more productive.

Let’s start with a basic truth: doing a risk assessment is a pain. It takes time away from your core business and, even though you know your business inside and out, assessing risk and creating ways of mitigating or eliminating it aren’t necessarily in every manger’s wheelhouse.

Think not seeing the forest for the trees.

Risk can be complicated. And if you miss something in your assessment, it could have profound, lasting effects.

So, what can – and should – a broker do to help you identify and plan for risk?

At Marsh & McLennan Agency, we take a fundamental, efficient and ultimately very effective approach:

  • Dig deep to identify your risk
    • Do an in-depth study of your business
    • Review your goals, objectives, and expectations
    • Uncover potential risks and vulnerabilities as well as ways we can help
  • Design and execute the right solutions
    • Put together a team and recommend specific solutions to create a plan
    • Put the plan into action
  • Produce the right results
    • Track progress and adjust the plan over time

Talk with Marsh & McLennan Agency
We go further than most insurance agents and brokers to make sure we understand your organization. That approach delivers results. Our clients reduce risk, insurance and employee benefits costs while also improving their operations and profitability.

At Marsh & McLennan Agency, we believe that insurance is only part of the equation. You need a broker that can give you all of the support you need – from developing a risk mitigation plan to managing a claim to resolution.

If you’d like to talk with us about becoming part of your team, please contact your local MMA representative or call 763-746-8000.