Manage Your Risks

Risk management can be an intimidating and complex undertaking, but as a company leader you can’t just ignore your company’s vulnerabilities. Save yourself some sleepless nights by avoiding these common mistakes:

Failing to understand the consequences and long-term business impact of risk. Half of all businesses that suffer a catastrophe close within a year. If this was more widely understood, companies would be better prepared. Unfortunately, too many businesses believe they will be able to weather a storm.

Believing that risk management means only buying insurance. I nsurance policies certainly are a component of what you need to protect your company, but it doesn’t stop there. You need an employee to oversee risk and a host of tools and services to manage risk, including disaster recovery plans, antivirus software, intrusion detection and firewall technologies.

Not understanding the overall costs of risk, or how to reduce them. You may be spending 35% more than necessary on risk management. If you lack a clear overview of all the products and services you are employing across your enterprise, you are most likely duplicating efforts. Even if you have centralized control, you may be paying unnecessarily exorbitant costs for a customized risk management information system (RMIS).

Allowing risk to be assessed and managed by the resources that create the risk. Was your IT security policy created by your own IT staff? Lack of external oversight leaves open the possibility for internal attacks on your network and intellectual property.

Not managing risk as a focused and centralized discipline. Your system administrator undoubtedly performs a series of actions to ensure the integrity of your network, protecting you from viruses, hackers and crashes. While these measures in themselves may be effective, each can function properly only in a secure environment. This requires application of solutions and policies that are outside your system administrator’s core competencies or control.

Failing to maintain continuous and measurable risk management initiatives. Be sure your disaster recovery plan is up to date. Risks are always evolving and new vulnerabilities emerge every day. You need updated, ongoing, real-time overviews of your risk mitigation activities in a format that doesn’t bog you down.

Inefficiently allocating resources to deal with risk. Once you have completed your risk assessment, you are faced with the often paralyzing task of figuring out what to do next. There are hierarchies of risk, and a good risk manager can help you systematically tackle the most pressing needs first.

Not properly preparing and educating your employees for emergencies. If your employees are not properly trained to implement your contingency plans and security policies, your risk management efforts will be wasted. Although it might seem impossible to allocate time to educate your staff on what to do when the server crashes or the phones go down or the office floods, when disaster strikes, you will be relieved you did.

Source: Adapted from “The Top Ten Mistakes in Risk Management” by Peter Teuten, chief development officer for Business Risk Management Solutions (BRMS), Baltimore.