Home Month and Year May 2018 Risky Business

Risky Business


The Biggest Risk – Failure to Plan

Nearly 50 per cent of new businesses fail by their fifth year. The cause, says Tom Castonguay, CFP, Shelter Bay Finanical, is a lack of planning.

“Businesses exist to make money, but the drivers behind the profit are multifaceted,” says Castonguay. “One has to consider all the factors that could affect your business. Risks include: the owner becoming disabled; a falling out with or the sudden death of a shareholder; the death of a person that is key to the business, such as a top salesperson or someone with a specialized skill; etc. Demand for your product may be high, but risks management largely determines your success or failure.”

He’s provided plenty of small business owners with disability, critical illness, key person, and other insurance policies that are vital to the self-employed, and for business owners.

Castonguay affirms, “The only way to beat the odds is to anticipate risks and plan for them.”


Risk Management and Risk Managers

Teresa R. Costouros, MBA, FCIP, CRM, associate professor, Insurance and Risk Management at MacEwan University, teaches students how to manage risks.

“A risk manager makes and implements decisions to minimize the detrimental impact of losses on an organization,” says Costouros. “Risk assessment is a fundamental step within the risk management process. Loss exposures must be first identified and then assessed. Identified loss exposures are assessed to determine the likely frequency and/or severity to determine how often each particular exposure might occur and how small or large it may be. Then, decisions can be made on how to protect the organization against such occurrences.

“To decide on the best strategy, a proper risk assessment must be made. Following that, decisions can be made on whether to prevent or reduce the occurrence, and what steps one should have in place to pay for occurrences that do happen. This could include paying for losses from the company’s own resources or an agreement to transfer the risk to someone else, often an insurance company.

“Once the decisions are made on what techniques should be in place, it is the role of a risk manager to implement, monitor and modify the stratagems. A risk manager should be part of the senior management team so that the objectives of the risk management department are informed and aligned with the organizational objectives.”

Costouros points out common risks that businesses often overlook.

“Companies with employees using their own personal vehicles for work activities can be held liable for losses caused by the employee while on the job. Companies may assume that, since it is the employee’s vehicle, the employee’s car insurance would pay the loss. While it is true that the employee’s insurance would come into play, what if they didn’t have auto insurance? Or if the limit of liability was not high enough to cover the loss? A person injured in an automobile accident has three sources to sue: the owner of the vehicle, the driver of the vehicle, and the driver’s employer if the driver was operating the vehicle in the course of their employment.

“Cyber crime is on everyone’s minds now, but another important coverage that might be overlooked is an extension under a crime insurance policy called social engineering fraud coverage. Without this extension, an insurer might deny a loss where the insured company’s employee is tricked by a convincing fraudster to wire or transfer funds to them by impersonating a legitimate company. An insurer could argue that it wasn’t direct fraud since the employee willingly sent the money.”

When should a risk manager be hired? Costouros explains, “Smaller organizations often consult with their insurance broker or agent for risk management advice, and this brings value to the organizational risk management in a cost-effective way. However, this focus may be more on insurance than on all other aspects of risk management, primarily the loss prevention and control functions.

“It is not uncommon for a financial executive, such as a comptroller or VP of finance, to handle the risk management functions. Since they are responsible for purchasing insurance protection, they are often assigned this responsibility as well. Whatever the case may be, it is ideal if someone well versed in the field of risk management is responsible for this role. If not, it may concentrate only on the purchase of insurance and not be inclusive of all the other components of risk management.

“As a company grows to mid-size and beyond, having a risk manager as part of the executive team is crucial for the success of the company.”

Risk management doesn’t stop when the threats are identified. The process extends through an incident and claims process.

“When making an insurance claim for something very challenging, company owners must be prepared to fully cooperate with their insurance provider,” advises Costouros. “Be prepared to provide many details about the loss and be fully transparent. A good relationship with the insurance carrier is beneficial and should be fostered throughout the time the relationship exists. Remember that the claim will be settled on the basis of the contract wording. Do not view the insurer in an adversarial perspective, but rather as the party who will indemnify you for a legitimate claim, as contractually promised.”

Like Castonguay, Costouros knows that planning ahead is vital.

“Due diligence for the risk manager does not happen once the loss occurs, but should take place pre-loss. Before purchasing insurance coverage, be sure you understand fully what your loss exposures are, what protection you need, and what you expect your insurance policy to cover. When communicating and negotiating with your insurance broker or agent and/or the insurance company, get all your questions answered about what is and what is not covered.

“Keep complete and accurate documentation about these conversations so your file will provide appropriate background supporting your expectations and understanding. Also, make sure you comply with all requirements following a loss, usually clearly stated in the policy. Whether the claim is complex or simple, be prepared by understanding what coverage you have purchased and how the claims process works.”


Risk Management in Action

Providing an excellent example of risk management in action, Trinus is a busy computer repair and service provider celebrating 20 years in business. The company’s mission is to provide reliable, client-focused, stress-free IT solutions and services.

Dave White, president and co-founding partner, notes, “As Trinus grows, it becomes added responsibility as more families are depending on our business acumen to keep staff healthy and happily employed. Each day brings new challenges, but I view them as opportunities, especially in light of our vision, mission, and values. For example, we are undertaking a $500,000 expansion this year to improve our facilities and data center.”

In his experience, he sees that business owners don’t often have a clear and concise vision, mission, and set of values (VMV) as part of their planning process.

“While our VMV are intrinsic to the founding members of the company, as the business grows, new staff do not always know them – and it takes time for them to learn them by understanding the culture of the company. Having VMVs keeps the business on track; new initiatives and business ventures can be measured against the original vision and mission.”

In addition to managing risks with the VMVs, Trinus has identified and mitigated threats to its operations.

“Trinus identified [the loss of a key person risk] three years ago,” confirms White. “We now have plans in place where we have redundancy in key positions.  We accomplished this by cross-training key staff members, and many of the key management decisions are made in ‘committee’ so more than one person is aware of the corporate background that leads to a management decision.

“Trinus purposely built and implemented a succession plan that protects the core operations of the business. It also allows for a smooth transition as part of the ownership group retires or moves out of active operational roles.

“Disaster recovery is part of our operational plans, especially with our client data center and cloud hosting operations.

“We also have shareholder’s agreement in place.  However, the key to integrating new ownership is to thoroughly understand the motivations and integrity of any potential partner.  Over the past six years, we have successfully integrated two new business partners, but more importantly, we’ve rejected one possible applicant as being unsuited to Trinus’ culture and long-term goals.”


Take Charge

Business owners cannot escape risks, but they can plan for and mitigate them. Should disaster strike, having an established plan of action that takes into account the financial and stability impacts to your company will see you through. Risks are damaging, but with careful planning, they don’t have to be devastating.