Risk management these days has to go beyond preparing for hurricanes or fires. Even understanding cyberthreats isn’t enough: Businesses also need to be ready for rapidly evolving business regulations, a sometimes unpredictable political climate, sudden departures of key personnel and pitfalls in their own business contracts. While it’s impossible to be ready for absolutely everything, preparation is key, experts say.
Too often, however, business owners don’t think about a threat until they’re right in the middle of one. “You can’t get complacent,” says Arnold Mascali, president and founder of Procor Solutions + Consulting, a risk management consulting firm in Princeton, New Jersey. “When things are going well, that’s the time to investigate what you can do to prepare for when things don’t go well.”
Here are some tips for managing risk in today’s business environment.
Preparation Is Key
First, it’s important to understand the kinds of risks your business faces. Things like natural disasters and fires are often a first assumption, but risk can also include key employees leaving suddenly, a large client going out of business, shared liability with a client or vendor, or an unexpected product recall. These kinds of events put your brand reputation, proprietary information, business strategy and personnel at risk.
Planning that involves imagining different scenarios and that brings in different levels of the business can help prepare, Mascali says. Desktop reviews, simulations and other activities can help company leaders visualize the kinds of risks that might arise, he says. “It’s not just the risk manager’s responsibility anymore,” he says. C-level leaders in IT and operations can help identify vulnerabilities that should be addressed.
Examine Your Contracts
Businesses run on relationships, but these too can be a source of risk. Manufacturing, construction and health care organizations in particular can be exposed to high levels of risk through subcontractor or vendor agreements, and it can be difficult to know who’s protecting or is liable for confidential information, employee actions or other issues.
Businesses should take a “trust but verify” approach to protect themselves and interests. “I’ve seen in contract relationships between and among vendors, clients and consultants, verification is standard operating procedure,” Mascali says. Whether it’s asking for proof of security, insurance coverage, information protection or other factors, verification is a necessity.
Improve Your Odds Through Smart Use of Tech
Business process outsourcing can help manage some of the tasks involved in risk management, such as verifying certificates of insurance. Technology can also help keep business moving efficiently, while also protecting everyone’s interests.
No matter what tools you use, be sure they get the information you need. For example, some jurisdictions have statutes declaring that state certificates of insurance aren’t enough, and businesses should push for more evidence in transactions, says Charles Yuen, a partner at the law firm Scarinci Hollenbeck, headquartered in Lyndhurst, New Jersey. Risk management relies on careful research and a strong strategy, and finding the tools that fit your business can go a long way toward protecting it.