Manage Your Risks

BY PETER TUETEN

Risk management can be an intimidating and complex undertaking, but as a company leader you can’t just ignore your company’s vulnerabilities. Save yourself some sleepless nights by avoiding these common mistakes:

Failing to understand the consequences and long-term business impact of risk. Half of all businesses that suffer a catastrophe close within a year. If this was more widely understood, companies would be better prepared. Unfortunately, too many businesses believe they will be able to weather a storm.

Believing that risk management means only buying insurance. I nsurance policies certainly are a component of what you need to protect your company, but it doesn’t stop there. You need an employee to oversee risk and a host of tools and services to manage risk, including disaster recovery plans, antivirus software, intrusion detection and firewall technologies.

Not understanding the overall costs of risk, or how to reduce them. You may be spending 35% more than necessary on risk management. If you lack a clear overview of all the products and services you are employing across your enterprise, you are most likely duplicating efforts. Even if you have centralized control, you may be paying unnecessarily exorbitant costs for a customized risk management information system (RMIS).

Allowing risk to be assessed and managed by the resources that create the risk. Was your IT security policy created by your own IT staff? Lack of external oversight leaves open the possibility for internal attacks on your network and intellectual property.

Not managing risk as a focused and centralized discipline. Your system administrator undoubtedly performs a series of actions to ensure the integrity of your network, protecting you from viruses, hackers and crashes. While these measures in themselves may be effective, each can function properly only in a secure environment. This requires application of solutions and policies that are outside your system administrator’s core competencies or control.

Failing to maintain continuous and measurable risk management initiatives. Be sure your disaster recovery plan is up to date. Risks are always evolving and new vulnerabilities emerge every day. You need updated, ongoing, real-time overviews of your risk mitigation activities in a format that doesn’t bog you down.

Inefficiently allocating resources to deal with risk. Once you have completed your risk assessment, you are faced with the often paralyzing task of figuring out what to do next. There are hierarchies of risk, and a good risk manager can help you systematically tackle the most pressing needs first.

Not properly preparing and educating your employees for emergencies. If your employees are not properly trained to implement your contingency plans and security policies, your risk management efforts will be wasted. Although it might seem impossible to allocate time to educate your staff on what to do when the server crashes or the phones go down or the office floods, when disaster strikes, you will be relieved you did.

Source: Adapted from “The Top Ten Mistakes in Risk Management” by Peter Teuten, chief development officer for Business Risk Management Solutions (BRMS), Baltimore.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

COLUMN

Deflecting clients’ requests for defense and indemnity

Client requests for defense and indemnity by the CPA firm are on the rise. Requests for such clauses are unnecessary and unfair, and, in some cases, are unenforceable.