Refreshing Insights | McClone Blog

4 Strategies for Addressing Identified Risk in Your Organization

Written by Jeff Miles, Strategic Risk Advisor | 04/03/2019

Understanding your organization’s risk profile helps you to see where you may be exposed to potential risks and threats. While this may sound ominous, awareness of your vulnerable areas helps you to decrease liability and keep your organization going strong. Developing an effective risk management program supports operational continuity and helps boost your organization’s performance. 

There are a variety of events, activities or outside forces that expose your organization to risk. Common types of risk can include just about every aspect of your organization and may be strategic, legal, financial, operational and reputational along with other risks such as environmental and political. A cybersecurity breach can result in exposure of your customers’ sensitive data; a natural disaster forces you to close for days, weeks or months; a product defect damages your carefully-built reputation, a regulatory violation results in a significant fine. These are just some examples of the ways your business can be affected.    

Once you have identified and understand your company’s unique risks, you will be able to determine which of the four strategies below would work best for your organization based on a variety of factors, including how each risk aligns with your company's risk appetite.  

Risk Avoidance

Avoiding risk should not be confused with doing nothing. Risk avoidance requires purposeful action and the elimination or modification of process, procedure or activities associated with the identified risk. You can avoid a specific risk or exposure by choosing an alternate option or taking steps to remove it.  A good example is the discovery of any exposure that endangers employees or knowingly violate a law or regulation. These are risks you can avoid by changing your operations. 

Risk Mitigation

Reducing your organization’s exposure to risk is accomplished through planning and implementing activities, programs, procedures or other control methods. The goal of these actions is to reduce the likelihood or impact of a loss to your company. Taking the time to train and educate your employees on these strategies will further reduce your risk. Creating a disaster recovery plan is one example. Your disaster recovery plan outlines all of the necessary steps to perform in the event of a natural disaster such as a tornado or earthquake. This plan, along with your employees’ awareness of it, may result in much less loss and down time for your organization should a disaster happen.

Risk Transfer  

Choosing to transfer your organization’s identified risks to a third-party is another option for responding to risk. Below are a few ways in which you can shift risk:

Business Insurance - By paying a premium, the risk is transferred to an insurance company. The policy agreement outlines, in detail, which claims the insurer is required to pay on your behalf. If you own fleet vehicles for your employees to use during their work hours, you should have the appropriate comprehensive and liability coverage. A reputable insurance provider will be able to help you assess your risk before offering coverage solutions.

Indemnification Agreement - These documents are entered into by two parties that agree upon payment for losses or damages caused by the other party. Indemnification provisions are common in construction job contracts. It’s important to understand your responsibility and risk before entering into these agreements.

Releases and Waivers - You can protect yourself by asking an individual or organization to sign a document that removes or limits your responsibility ahead of time. Asking a visitor to sign a waiver to enter your lab as there may be risk of exposure to chemicals protects you and outlines your responsibility should something happen.

Risk Retention

Retaining risk within your organization means that you’ve accepted responsibility for the risk as is and, therefore, have budgeted for potential claims or losses. This strategy is most often used for risks with low probability and low impact of happening or emerging risks that may pose a threat in the distant future.

A lot of time, unless you are avoiding the risk completely, you will end up using a combination of the risk response strategies above. Also, it is important to review and monitor your risk response strategies for your organization and make adjustments as needed.

If you have questions or would like to review or discuss your organization’s areas of risk and options available to you, reach out to our team or request a complimentary risk assessment by clicking the link below.