Matt McClellan

Risk management is the process of identifying and assessing risk, then prioritizing resources to minimize the impact of losses. But what is the true cost of risk management?

Jonathan Theders, president of Clark-Theders Insurance Agency, previously addressed the assessment process with the 1-5 rating scale for risk severity and frequency in the April 2012 issue of Smart Business.

“Focusing on a risk management approach can earn better pricing, reduce out-of-pocket costs and provide a more stable environment for your employees and customers,” Theders says. “But most important is that it helps you prepare for things that might happen before they happen.”

Smart Business spoke with Theders about how to minimize losses and monitor your exposures.

What are the components of risk management, and how can a business determine which components to use?

There are four components to risk management: risk avoidance, risk mitigation, risk retention and risk transfer.

Risk avoidance is when something is too risky, so you decide not to do it. You don’t have the right capabilities to handle it, so you avoid that practice entirely. For instance, if you are concerned about hurricanes, locate your business in an area in which hurricanes do not occur — at least not typically. There is no reason to insure against that risk because you’ve avoided it.

Next is risk mitigation, or prevention. Once you know what could potentially happen, determine if there are tools, steps, procedures or policies you can use for prevention, or at least reduce its damages.

Then there is risk retention. Every day you assume some risk that is uninsured but decide you’re OK with bearing it yourself.  Sometimes when you implement a mitigation or prevention program, you realize those programs have limited the occurrence of that particular risk to such a minute amount that even if it did happen, you feel comfortable retaining it.

Finally, there is risk transfer, which is sending the risk to somebody else. Insurance is a common tool of risk transfer. If your $5 million building burned down, you do not necessarily want to put that on your company’s balance sheet.  So you contract with an insurance company to transfer the $5 million of risk to it and you pay a premium for it to assume that. You paid the premium, it bears the risk.

How can mitigating risk benefit a business?

Different insurance companies look at the transfer of risk differently, and the price can fluctuate. That’s why it’s so important to communicate to the insurance company what you’ve done to minimize risk. If you have implemented a fire suppression system, disaster recovery plan or something else to mitigate risk, explaining those mitigation techniques will give the insurance company underwriter greater comfort.

Many companies and their agents poorly communicate to their insurance company what they do to prevent risk. They offer information about the construction type, geographic location and the value of the building and it may stop there. Those factors result in the computer tabulating a cost.  What the computer doesn’t know are the risk management techniques that you have in place.  It does not know that you have a policy that prevents employees from smoking on premises, or that all combustibles are stored in UL-approved storage containers.

If you are doing things to prevent a major catastrophe, the underwriter can provide a lower price.

What else can be done to transfer risk?

You can also transfer risk through releases or waivers. We’ve all done something that is risky, whether it’s parachuting, bungee jumping or riding a horse, where you sign a form that releases the company from liability. You are saying, ‘I know I am going to ride a horse. It is risky, and I am assuming all liability if I get hurt.’

What is the true cost of risk, and how is it affected by the components of risk management?

Your true cost of risk is not only the premium you pay but all of the out-of-pocket costs. It’s the downtime of your business if something were to happen, the loss of an employee or the fact that you’re out of business for two months. Maybe you bought insurance to replace your income while your business is out of commission, but your key employees have gone to a competitor because they have to work.

If your $500,000 building burns down, you don’t just lose $500,000. You lose significantly more. In fact, the building may only be 15 to 20 percent of the total loss.

If your business goes down, can your product or service be easily replaced? Your cost of risk is higher if you are easily replaced. However, if you are the only source of a particular product or your competitors are at full capacity and can’t take more work, your cost of risk is lower.

Take, for example, a business that makes its own glass. But glass is only a small component of its overall product. It takes raw materials and heats them, but competitors can make the glass cheaper and more efficiently than it does.

With that operation comes extreme heat and propensity for damage to the building. At the time, it made the glass because it couldn’t get anyone to make the quality it wanted for its product.

Now, the product is readily available, so it decided to transfer the risk by buying that product from someone else. It decided the risk and the reward of having its own glass-making line no longer made sense.

From an insurance standpoint, the benefit is that one of its riskiest propensities for fire is being eliminated. At that point, the policy is re-evaluated and because the overall fire risk is lower, there would be additional savings or credits.

Jonathan Theders is president of Clark-Theders Insurance Agency Inc. Reach him at (513) 779-2800 or jtheders@ctia.com

Insights Business Insurance is brought to you by Clark-Theders Insurance Agency

Traveling and working abroad often comes with risks, and savvy employers recognize that having employees overseas heightens their corporate liability. By protecting employees against the risks of global travel, employers can manage risks to their business, finances and reputation.

“In today’s litigious society, corporate governance and duty of care are paramount to a company’s crisis management strategy,” says Justin Priestley, executive director for Aon Crisis Management. “Businesses need to react to incidents in a timely and consistent manner, protecting their people, assets, balance sheet and brand reputation.”

Smart Business spoke with Priestley and Kevin J. Pastoor, CPCU, managing director of Aon Risk Solutions, about how to keep your employees safe abroad.

 

How can businesses ensure that they are meeting their duty of care requirements?

There is a lot of complicated case law on this subject, but the issues are simple. There are three things businesses should consider, and by doing so, they will meet their duty of care.

The first step is actively trying to understand what the risks are for your people, and that means doing a formal assessment of risk. If you say you didn’t know about it, that’s not good enough. You could have tried to find out.

The second thing you need to do is come up with appropriate risk management measures that are matched to the risks you think exist. You need to demonstrate that the plan you are coming up with is appropriate for the risks your employees are facing.

Third, organizations should have a plan and discuss it. Talk about appropriate levels of insurance and how employees are going to get to the airport if there is a problem. Broadly speaking, those steps together provide organizations with a much better opportunity to demonstrate that they are meeting duty of care.

How can businesses ensure they are prepared for travel emergencies?

An adviser can match what it delivers to what it thinks are the main pillars of activity. So up front, it would provide information to travelers so they are aware of the risks in a particular area. An adviser can also provide some basic-level training for travelers.

Another thing a consultant can do, if people are traveling to an elevated risk location — somewhere like Mexico or India — is conduct an independent risk assessment of that proposed journey. It can be done quite quickly; it’s not some long, laborious process. It provides the concerned organization with a third-party independent review for a journey before it is booked, which backs them up in their assessment.

What type of training and education should employers provide for traveling employees?

There are two types of training. E-learning allows organizations to show that people have done the training. We also do an elevated risk course, which is instructor-led.

That course tends to be more specific to a particular client. Another option is an elevated risk course, in which the threats and risks are determined for where someone is going, and then travelers are trained to understand them. For instance, if you are in Central America, kidnapping is one of the major risks, and this is how it happens.

Then a consultant can offer advice on situational awareness. Many people understand what to look for and how to notice if something suspicious is happening. There is some really basic advice on risk mitigation strategies, like not wearing your Rolex watch if you’re traveling in more interesting parts of the world.

It’s important to focus on sensible, pragmatic advice that businesspeople need to understand.

 

What innovative services can help business travelers?

Mobile technology enables a traveler to see a country’s risk information on the go. Putting that information in people’s pockets is actually quite useful.

It doesn’t produce 20 pages of data on each country. It’s short, concise and condensed. Most people don’t want to read for 30 minutes to understand an issue. They want to read it in two minutes.

Second, there is a nice travel management system for risk managers or corporate security that enables them to know at the push of a button where their people are on a day-to-day basis and what the risk exposure is for those people.

Aon WorldAware, our online country information service, grades risks by looking at what is going on in that country, the capability of the terrorist organizations and their modus operandi. It gives ratings of 1 through 5, on a daily, weekly, or monthly basis, and they can print a report showing how many people they have in low-risk countries, or Level 4 or 5 countries, how many incidents they have had and where those incidents occurred.

It is an independent assessment. A partner has people constantly reviewing every country. There are 10 factors, including terrorism, civil disobedience, kidnap and ransom, street crime. All 10 factors for every country are assessed and scored 1 through 5.

Countries rated 1 through 3 are appropriate for routine business travel. For countries 4 and 5, you have to consider the risks a bit more. To put that into context, Level 5 countries like Iraq, Somalia, or Afghanistan have extreme risks.

The system monitors what happens in the world on a daily basis, and the countries are updated as the risk profile changes.

 

Justin Priestley is executive director for Aon Crisis Management. Reach him at 44 (0)20 7882 0478 or justin.priestley@aon.co.uk. Kevin J. Pastoor, CPCU, is managing director of Aon Risk Solutions. Reach him at (248) 936-5346 or kevin.pastoor@aon.com.

Insights Risk Management is brought to you by Aon Risk Solutions

Traveling and working abroad often comes with risks, and savvy employers recognize that having employees overseas heightens their corporate liability. By protecting employees against the risks of global travel, employers can manage risks to their business, finances and reputation.

“In today’s litigious society, corporate governance and duty of care are paramount to a company’s crisis management strategy,” says Justin Priestley, executive director for Aon Crisis Management. “Businesses need to react to incidents in a timely and consistent manner, protecting their people, assets, balance sheet and brand reputation.”

Smart Business spoke with Priestley and David Drier, an international producer at Aon Risk Solutions, about how to keep your employees safe abroad.

How can businesses ensure that they are meeting their duty of care requirements?

There is a lot of complicated case law on this subject, but the issues are simple. There are three things businesses should consider, and by doing so, they will meet their duty of care.

The first step is actively trying to understand what the risks are for your people, and that means doing a formal assessment of risk. If you say you didn’t know about it, that’s not good enough. You could have tried to find out.

The second thing you need to do is come up with appropriate risk management measures that are matched to the risks you think exist. You need to demonstrate that the plan you are coming up with is appropriate for the risks your employees are facing.

Third, organizations should have a plan and discuss it. Talk about appropriate levels of insurance and how employees are going to get to the airport if there is a problem. Broadly speaking, those steps together provide organizations with a much better opportunity to demonstrate that they are meeting duty of care.

How can businesses ensure they are prepared for travel emergencies?

An adviser can match what it delivers to what it thinks are the main pillars of activity. So up front, it would provide information to travelers so they are aware of the risks in a particular area. An adviser can also provide some basic-level training for travelers.

Another thing a consultant can do, if people are traveling to an elevated risk location — somewhere like Mexico or India — is conduct an independent risk assessment of that proposed journey. It can be done quite quickly; it’s not some long, laborious process. It provides the concerned organization with a third-party independent review for a journey before it is booked, which backs them up in their assessment.

What type of training and education should employers provide for traveling employees?

There are two types of training. E-learning allows organizations to show that people have done the training. We also do an elevated risk course, which is instructor-led.

That course tends to be more specific to a particular client. Another option is an elevated risk course, in which the threats and risks are determined for where someone is going, and then travelers are trained to understand them. For instance, if you are in Central America, kidnapping is one of the major risks, and this is how it happens.

Then a consultant can offer advice on situational awareness. Many people understand what to look for and how to notice if something suspicious is happening. There is some really basic advice on risk mitigation strategies, like not wearing your Rolex watch if you’re traveling in more interesting parts of the world.

It’s important to focus on sensible, pragmatic advice that businesspeople need to understand.

What innovative services can help business travelers?

Mobile technology enables a traveler to see a country’s risk information on the go. Putting that information in people’s pockets is actually quite useful.

It doesn’t produce 20 pages of data on each country. It’s short, concise and condensed. Most people don’t want to read for 30 minutes to understand an issue. They want to read it in two minutes.

Second, there is a nice travel management system for risk managers or corporate security that enables them to know at the push of a button where their people are on a day-to-day basis and what the risk exposure is for those people.

Aon WorldAware, our online country information service, grades risks by looking at what is going on in that country, the capability of the terrorist organizations and their modus operandi. It gives ratings of 1 through 5, on a daily, weekly, or monthly basis, and they can print a report showing how many people they have in low-risk countries, or Level 4 or 5 countries, how many incidents they have had and where those incidents occurred.

It is an independent assessment. A partner has people constantly reviewing every country. There are 10 factors, including terrorism, civil disobedience, kidnap and ransom, street crime. All 10 factors for every country are assessed and scored 1 through 5.

Countries rated 1 through 3 are appropriate for routine business travel. For countries 4 and 5, you have to consider the risks a bit more. To put that into context, Level 5 countries like Iraq, Somalia, or Afghanistan have extreme risks.

The system monitors what happens in the world on a daily basis, and the countries are updated as the risk profile changes.

Justin Priestley is executive director for Aon Crisis Management. Reach him at 44 (0)20 7882 0478 or justin.priestley@aon.co.uk. David T. drier is an international producer at Aon Risk Solutions. Reach him at (314) 719-3892  or david.drier@aon.com.

Insights Risk Management is brought to you by Aon Risk Solutions

As your business grows, so will your technology needs. As you’re considering upgrades, it’s important to be aware of all the options available and choose the solutions that can grow with your business and help keep things running productively and seamlessly.

On the telecommunications front, that solution might be Primary Rate Interface, or PRI. PRI is a voice service that is a great solution for a small business with 10 or more employees. Instead of needing a separate line to handle each call, PRI allows up to 23 channels to communicate simultaneously across one single line, says Anthony “Clay” Catinella, director of sales for Comcast Business Class, Atlanta region.

“PRI makes a lot of sense for a growing business that needs a scalable solution managed to their busy schedule,” Catinella says. “The Comcast Business Class PRI solution allows businesses to add channels simply by placing a quick phone call.  Many times, no technician or appointment is needed.”

Smart Business spoke with Catinella about how PRI technology works and how to determine if it can help your business.

What are the advantages to PRI technology?

The biggest advantage is flexibility when it comes to how businesses organize their voice service. Businesses with a PBX could start with as little as six channels and could easily add more as the business grows with very little impact, and no additional telephone lines to install.

Another benefit to PRI, especially as you move into a larger business environment, is direct inward dialing (DID). This technology enables businesses to give clients telephone numbers that can be routed directly to employees’ phone extensions instead of through a receptionist or by calling the main number and entering an extension.

What types of businesses could use PRI service?

Any business with at least 10 employees should really take a look at this voice technology. When you have that many employees and you’re looking to meet your voice needs with individual lines, it can start to get very expensive. PRI can help ensure you are giving your employees enough access to outgoing lines when they are needed. It allows clients to reach an employee extension directly, and it offers a simple solution to upgrade voice service as the business grows.

What is involved in the upgrade process?

Once the circuit has been installed, all it takes is a quick call to your service provider to activate a few more channels on the circuit. That activation will give you additional call paths that you can distribute or set up however you like within your business. It shouldn’t require any technician to come onsite, and it requires very little waiting time between when an order is placed and when it can be delivered.

In what situations does PRI provide a competitive alternative to traditional telephone service?

PRI certainly is a great option if a business expects to grow quickly or if it has already invested in voice hardware, such as a PBX phone switch, to best take advantage of existing resources.

PRI also can provide an advantage over traditional telephone service if a business requires the flexibility of changing how its voice service is configured, or if it wants the ability to bypass having a receptionist who routes calls to employees.

What kind of benefits can companies expect from this technology?

If you expect your small business to grow, PRI service helps to meet the needs of your business as you grow.

For companies that are already looking at PRI service and determining the best option, it’s important to consider the whole package. Companies are rarely purchasing voice service without data service. When you pull data into the conversation of whether PRI is right for the company, customers with PRI service typically also have data service over a T1 connection. Today, for a cost similar to a PRI and a T1 circuit for data, you could get a PRI and a 100 megabit cable modem with download speeds up to 64 times faster than a T1 line.

That’s where you could see increased productivity for your employees. You really start to see advantages in terms of the amount of resources necessary to manage the day-to-day business.

Anthony Catinella is director of sales for Comcast Business Class, Atlanta region. Reach him at (770) 559-2132 or Anthony_Catinella@cable.comcast.com.

Insights Telecommunications is brought to you by Comcast Business Services

Digital risk management strategy used to be a luxury reserved for huge corporations, but in today’s business climate, even small businesses need to understand digital risks and set up a plan to protect themselves.

“Today’s society is completely based on digital recordkeeping and digital media,” says Pervez P. Delawalla, CEO of net2EZ Managed Data Centers, Inc. “If companies don’t have strategies in place to insure their digital lives, they are just playing with fire.”

Smart Business spoke with Delawalla about how to develop a sound digital risk management strategy and how to ensure it will work when you need it.

What are some examples of major digital risks, and how can these risks affect businesses?

One of the principal types of risk comes from those once-in-a-lifetime events, like the terrorist attacks of 9/11. Many companies were impacted by those attacks, and not just from a personal standpoint. Getting their businesses back up and running was very difficult, and companies that didn’t have digital strategies in place for data backup were at a complete loss.

Then, you have the standard risks faced by businesses on a daily basis. Data is lost through  negligence, or even through unforeseeable events beyond one’s control, like flooding or fire. In California, the major player in this category is earthquakes. To mitigate that risk, a West Coast company can have servers located on the East Coast, so in the event of a catastrophic earthquake, their data and it’s high availability would be safeguarded.

Digital risk management or risk mitigation solutions used to be cost prohibitive for small businesses — but not anymore.

How can businesses protect themselves from digital risks?

There are a couple of ways that businesses can insulate themselves from these risks. The first step is looking at where their digital life exists, so to speak, for both their company and their personal data. That will determine what type of risk exposure they have. For example, if a company decides to keep its servers on the premises, it would have its physical and digital location present in the same place. If something happens to that building, everything goes with it.

Usually, the company’s head of information technology would be responsible for recommending a disaster recovery location just for the data, which would be located away from the office space.

The best course of action is to employ the services of a disaster recovery company with the ability to provide highly redundant locations so data can be protected in the event that the physical location goes offline.

What should be covered in a digital risk management strategy? How does it interface with overall risk management strategy?

One of the issues that needs to be covered is the geographic separation between your primary location and your disaster recovery location. You don’t want your digital disaster recovery location just a couple blocks down the street from your physical location, because if there is a large-scale event, like a natural disaster of some sort, you are likely to lose both.

Another is the ‘cut over test.’ This is where both systems are run in parallel to make sure that if you needed to cut over to the disaster recovery location that it would function in precisely the same way the primary location does. It’s like doing a fire safety drill. The frequency of the drill is determined by the company’s industry.

From that point, you start looking at the exact goal for the business in question. If the company is in an industry where going offline for a few days does not pose any real risk to business, that company would require a different strategy than a financial trading firm for whom a few minutes offline would be detrimental.

The strategy should be based upon and built around the business type. For example, a trading firm would want a disaster recovery location that is a few hundred miles from its physical location, and would ideally conduct a monthly or weekly full cut over test.

What should businesses look for in a digital risk management and insurance company or policy?

The stability of the company is important, as is its knowledge base, but the facility itself is the most important part. Look at where the servers are housed; confirm that the facility is SAS 70 certified. That designation means that independent auditors have certified the company’s policies and procedures.

Also, check how redundant the facility’s backup system is. Does it have at least one standby generator to back up the primary generators that provide power? Look into the integration and configuration of the cooling systems, as well.

Those are all integral parts to ensuring the entire facility works in unison. You may be spending a lot of money on disaster recovery, but if one of those systems is offline,  your solution could still fail when you need it the most. It’s like installing smoke detectors throughout your house, but not testing them; you are taking an unnecessary and dangerous risk.

How can businesses ensure their digital risk management strategy is working?

The key is running those drills. Systems change all the time, and a company’s digital systems will never remain the same, particularly given the pace of the society we have now. Updates are constant, whether from the software tech side or the hardware tech side, so it is very important to run those drills on a frequent basis in accordance with your type of industry.

Also, look at your checklist and conduct audits. Make sure you have selected a provider that is SAS 70 certified and has good systems, and remember that just because everything checks out doesn’t mean that you shouldn’t go over that checklist and run those drills again next year.

Pervez P. Delawalla is CEO of net2EZ Managed Data Centers, Inc. Reach him at (310) 426-6701 or pervez@net2ez.com.

Insights Risk Management & Insurance Services is brought to you by Millennium Corporate Solutions

Digital risk management strategy used to be a luxury reserved for huge corporations, but in today’s business climate, even small businesses need to understand digital risks and set up a plan to protect themselves.

“Today’s society is completely based on digital recordkeeping and digital media,” says Pervez P. Delawalla, CEO of net2EZ Managed Data Centers, Inc. “If companies don’t have strategies in place to insure their digital lives, they are just playing with fire.”

Smart Business spoke with Delawalla about how to develop a sound digital risk management strategy and how to ensure it will work when you need it.

What are some examples of major digital risks, and how can these risks affect businesses?

One of the principal types of risk comes from those once-in-a-lifetime events, like the terrorist attacks of 9/11. Many companies were impacted by those attacks, and not just from a personal standpoint. Getting their businesses back up and running was very difficult, and companies that didn’t have digital strategies in place for data backup were at a complete loss.

Then, you have the standard risks faced by businesses on a daily basis. Data is lost through  negligence, or even through unforeseeable events beyond one’s control, like flooding or fire. In California, the major player in this category is earthquakes. To mitigate that risk, a West Coast company can have servers located on the East Coast, so in the event of a catastrophic earthquake, their data and it’s high availability would be safeguarded.

Digital risk management or risk mitigation solutions used to be cost prohibitive for small businesses — but not anymore.

How can businesses protect themselves from digital risks?

There are a couple of ways that businesses can insulate themselves from these risks. The first step is looking at where their digital life exists, so to speak, for both their company and their personal data. That will determine what type of risk exposure they have. For example, if a company decides to keep its servers on the premises, it would have its physical and digital location present in the same place. If something happens to that building, everything goes with it.

Usually, the company’s head of information technology would be responsible for recommending a disaster recovery location just for the data, which would be located away from the office space.

The best course of action is to employ the services of a disaster recovery company with the ability to provide highly redundant locations so data can be protected in the event that the physical location goes offline.

What should be covered in a digital risk management strategy? How does it interface with overall risk management strategy?

One of the issues that needs to be covered is the geographic separation between your primary location and your disaster recovery location. You don’t want your digital disaster recovery location just a couple blocks down the street from your physical location, because if there is a large-scale event, like a natural disaster of some sort, you are likely to lose both.

Another is the ‘cut over test.’ This is where both systems are run in parallel to make sure that if you needed to cut over to the disaster recovery location that it would function in precisely the same way the primary location does. It’s like doing a fire safety drill. The frequency of the drill is determined by the company’s industry.

From that point, you start looking at the exact goal for the business in question. If the company is in an industry where going offline for a few days does not pose any real risk to business, that company would require a different strategy than a financial trading firm for whom a few minutes offline would be detrimental.

The strategy should be based upon and built around the business type. For example, a trading firm would want a disaster recovery location that is a few hundred miles from its physical location, and would ideally conduct a monthly or weekly full cut over test.

What should businesses look for in a digital risk management and insurance company or policy?

The stability of the company is important, as is its knowledge base, but the facility itself is the most important part. Look at where the servers are housed; confirm that the facility is SAS 70 certified. That designation means that independent auditors have certified the company’s policies and procedures.

Also, check how redundant the facility’s backup system is. Does it have at least one standby generator to back up the primary generators that provide power? Look into the integration and configuration of the cooling systems, as well.

Those are all integral parts to ensuring the entire facility works in unison. You may be spending a lot of money on disaster recovery, but if one of those systems is offline,  your solution could still fail when you need it the most. It’s like installing smoke detectors throughout your house, but not testing them; you are taking an unnecessary and dangerous risk.

How can businesses ensure their digital risk management strategy is working?

The key is running those drills. Systems change all the time, and a company’s digital systems will never remain the same, particularly given the pace of the society we have now. Updates are constant, whether from the software tech side or the hardware tech side, so it is very important to run those drills on a frequent basis in accordance with your type of industry.

Also, look at your checklist and conduct audits. Make sure you have selected a provider that is SAS 70 certified and has good systems, and remember that just because everything checks out doesn’t mean that you shouldn’t go over that checklist and run those drills again next year.

Pervez P. Delawalla is CEO of net2EZ Managed Data Centers, Inc. Reach him at (310) 426-6701 or pervez@net2ez.com.

Insights Risk Management & Insurance Services is brought to you by Millennium Corporate Solutions

Be prepared. The Boy Scout motto is something every smart executive should apply to his or her business. When an emergency happens, you need to have a plan in place to deal with it, says Jonathan Theders, president of Clark-Theders Insurance Agency.

“You may feel prepared — to a degree —for an emergency because you purchase business insurance, but if one occurs, is your team ‘really’ ready?” says Theders. “There must be a plan of action that goes beyond the insurance product to ensure the safety, security and continuation of your business and its employees.”

Smart Business spoke with Theders about several emergency situations that are often overlooked and how to make sure that your business is prepared for anything.

What are some commonly overlooked emergencies, and why is it important to consider them?

One area that is often underinsured is business income loss. If something happens that makes you unable to go to work, your clients and customers still need your product or service that day.

Not only do you lose revenue for that day, but if it takes you two or three months to get operational again, those people are not necessarily going to wait for you. They are going to find that service elsewhere. They will form new relationships. They will find an alternative, and when you resume operations, they may or may not return.

That can be extremely detrimental because there is no income coming in, so you can’t sustain employee payroll and you start losing key people. Losing key employees can have a significant impact on your business, especially salespeople or customer service representatives.

These people have deep relationships with your customers. If you lose them, whether through death, retirement or a new job, it creates a disruption to the work environment that you need to plan for. If you don’t, it can very quickly lead to the death of the business.

To prevent that from happening, focus on business income and the extra expenses that go into bringing you back up or sustaining funds so that you can continue to make payroll while you’re rebuilding your company. Build a contingency plan for what you would do if a key employee leaves.

Also, ensure that you are protecting your trade secrets and client list by having non-compete and non-piracy agreements in place, in case the employee leaves your business to work for a competitor. Those legal mechanisms are a great way to protect your business.

How can a business develop an emergency preparedness plan?

First, establish your planning team. It should be have representatives from every facet of the business. You need a good cross section of people, because what keeps the CEO up at night is going to be different than the top concern of the head of the sales department. You’re selling yourself short if you have a one-sided or management-only planning process.

The second step to the planning process is to establish authority. You want to make sure that there is senior management buy in, upper level commitment and open communication lines. You don’t want to be so rigid that there is no flexibility for the free flow of ideas.

The third step is issuing a mission statement. It’s important for leadership to issue a mission statement saying, ‘This is the purpose of the plan,’ and indicate how it will involve the whole organization.

The fourth is establishing a schedule for how you will go through the process. Sometimes you discover a project is bigger than expected and it can drag on. This is also the step where you set the budget, the size of which will vary by company.

How do you discover the issues and then determine their priority?

Analyze the hazards. It’s easy to consider natural disasters such as tornadoes or hurricanes, but you really want to focus on anything that could potentially disrupt your business. Use a whiteboard and just start writing down ideas.

Then, take that list and put it into two categories. Using a scale of one to five, five being the most detrimental, rank the financial detriment to the company if the event were to occur. Next, rank the probability of it actually occurring, with one being very unlikely and five being something that could happen at any time.

By mapping out all of these ideas and ranking them by severity and probability of occurrence, you will be able to determine your priorities. For instance, if you find a scenario that’s ranked five in both categories, it would have a catastrophic effect on the company and has a high probability of occurring. That’s the one you start with; that should be at the top of your list.

Conversely, if an event has a low financial impact and a low probability of occurring, you may not need to do anything about it. If you do, it should be at the bottom of your list.

How should businesses use their prioritized list of potential emergencies?

At that point, once you have your list of what can occur, you start thinking about what you can do about it. Insurance is a tool for risk management. It is a financing mechanism for the risk you do not want to self-insure.

The goal of emergency preparedness is to create an understanding of what can occur and a plan so everyone knows what will happen in the event of an emergency.

Jonathan Theders is president of Clark-Theders Insurance Agency Inc. Reach him at (513) 779-2800 or jtheders@ctia.com.

Political risks are generally unpredictable and often unexpected, which makes them a concern for business owners. Losses that occur as a result of political unrest are often excluded from typical property coverage, so companies must be diligent.

“These losses, when they happen, have the potential to be financially severe,” says Roger S. Schwartz, senior vice president, Political Risk Practice with Aon Risk Solutions. “They have the potential to have a very definite negative impact on the company’s well being. Executives should be aware that operating in emerging markets has its risks, but the risks can be mitigated.”

Smart Business spoke with Schwartz and Terrence Parks, senior account executive, Aon Global Client Network, about why businesses should be concerned about political risks and how to protect against them.

What are some examples of political risk?

The events that transpired in the Middle East provide examples, especially for companies with exposures in countries that were targeted by the Arab Spring. An oil and gas operation in Libya, for example, would have potential for damage as a result of the revolution, as well as potential for disruption of operations. The company might not have been able to conduct drilling, so it would face a business interruption loss.

These events have the potential for ripple effects. If you are contracted to do work that depends on materials, commodities or services provided in a particular country, an interruption in your ability to provide that work can cause a break in the contract downstream for the end user. There are a variety of things that can occur, not the least of which is the potential for physical damage losses, which generally are not covered under the standard property policies.

Even terrorism coverage will take you only so far. Some property policies have brought terrorism coverage back; some organizations have to buy it separately. In the context of Tunisia, Libya, Egypt, Syria and Bahrain, all of those events were acts of political violence. They are not classified as terrorism, so losses caused by those events would not have been covered under a standard terrorism policy.

How can businesses expand their coverage to include political risks?

There is a policy sold routinely designed to insure political violence. It adds a number of components to the terrorism coverage: war, civil war, rebellion, revolution, insurrection, strikes, riots, civil commotion and malicious damage. These are extra coverages that are specifically excluded by the property policy and terrorism policy. Companies operating in emerging markets that are politically unstable should consider adding that suite of coverages.

 

How can companies determine whether they need to add these coverages to their risk management portfolio?

It is a function of cost versus benefit. If you or one of your key suppliers or customers are operating in an emerging market and you think there is a potential for this type of risk to occur, it is something you may want to hedge. Some companies may choose to self-insure because, as a class, political risk fits under the low-frequency/high-severity class of catastrophic losses. It’s not the sort of risk where you can point to a consistent, ongoing loss stream as you might with a property or casualty policy.

Organization leaders often say, ‘The odds are with me; perhaps I may not need to expend the premium.’ This is the same sort of calculation you make or don’t make when you think about buying an earthquake policy or a terrorism policy.

How can businesses account for political risk in their risk management planning?

It requires a corporate exercise in introspection. Companies need to take into account the line of business in which they are operating. These issues are going to be self-evident to people who give the matter consideration.

If you are a company working in an emerging market that is politically unstable, the probability is that you know the issue of political risk exists and that you have an exposure to it. The next question you should ask yourself as a business owner is, ‘Does it make sense economically or otherwise for us to mitigate that risk?’

It depends on who you are and what you are doing, but that is a decision that has to be made internally after a balanced review with risk management and the company’s insurance broker. When you are doing an enterprise risk management analysis, you’re basically looking at the shock loss to a company from a variety of different angles. Political risk is just another one of those angles.

Risk management is a function of the economics of the situation. People in manufacturing have a different viewpoint than people in service industries. Publicly traded companies have to be cognizant of the fact that there is a certain amount of shareholder scrutiny. If you look at any public company’s 10-K form, there is a section devoted to that company’s risk factors. As a matter of routine, CFOs use this section to warn investors and potential investors that the business could be impacted by political risks.

 

For more information on political risk and its potential impact for businesses, visit http://www.aon.com/2012politicalriskmap.

Roger S. Schwartz is a senior vice president, Political Risk Practice, with Aon Risk Solutions. Reach him at (212) 441-1125 or roger.schwartz@aon.com. Terrence Parks is a senior account executive, Aon Global Client Network, with Aon Risk Solutions. Reach him at (248) 936-5268 or terrence.parks@aon.com.

Political risks are generally unpredictable and often unexpected, which makes them a concern for business owners. Losses that occur as a result of political unrest are often excluded from typical property coverage, so companies must be diligent.

“These losses, when they happen, have the potential to be financially severe,” says Roger S. Schwartz, senior vice president, Political Risk Practice with Aon Risk Solutions. “They have the potential to have a very definite negative impact on the company’s well being. Executives should be aware that operating in emerging markets has its risks, but the risks can be mitigated.”

Smart Business spoke with Schwartz and David Schaake, resident sales director, Aon Risk Solutions, about why businesses should be concerned about political risks and how to protect against them.

What are some examples of political risk?

The events that transpired in the Middle East provide examples, especially for companies with exposures in countries that were targeted by the Arab Spring. An oil and gas operation in Libya, for example, would have potential for damage as a result of the revolution, as well as potential for disruption of operations. The company might not have been able to conduct drilling, so it would face a business interruption loss.

These events have the potential for ripple effects. If you are contracted to do work that depends on materials, commodities or services provided in a particular country, an interruption in your ability to provide that work can cause a break in the contract downstream for the end user. There are a variety of things that can occur, not the least of which is the potential for physical damage losses, which generally are not covered under the standard property policies.

Even terrorism coverage will take you only so far. Some property policies have brought terrorism coverage back; some organizations have to buy it separately. In the context of Tunisia, Libya, Egypt, Syria and Bahrain, all of those events were acts of political violence. They are not classified as terrorism, so losses caused by those events would not have been covered under a standard terrorism policy.

How can businesses expand their coverage to include political risks?

There is a policy sold routinely designed to insure political violence. It adds a number of components to the terrorism coverage: war, civil war, rebellion, revolution, insurrection, strikes, riots, civil commotion and malicious damage. These are extra coverages that are specifically excluded by the property policy and terrorism policy. Companies operating in emerging markets that are politically unstable should consider adding that suite of coverages.

How can companies determine whether they need to add these coverages to their risk management portfolio?

It is a function of cost versus benefit. If you or one of your key suppliers or customers are operating in an emerging market and you think there is a potential for this type of risk to occur, it is something you may want to hedge. Some companies may choose to self-insure because, as a class, political risk fits under the low-frequency/high-severity class of catastrophic losses. It’s not the sort of risk where you can point to a consistent, ongoing loss stream as you might with a property or casualty policy.

Organization leaders often say, ‘The odds are with me; perhaps I may not need to expend the premium.’ This is the same sort of calculation you make or don’t make when you think about buying an earthquake policy or a terrorism policy.

How can businesses account for political risk in their risk management planning?

It requires a corporate exercise in introspection. Companies need to take into account the line of business in which they are operating. These issues are going to be self-evident to people who give the matter consideration.

If you are a company working in an emerging market that is politically unstable, the probability is that you know the issue of political risk exists and that you have an exposure to it. The next question you should ask yourself as a business owner is, ‘Does it make sense economically or otherwise for us to mitigate that risk?’

It depends on who you are and what you are doing, but that is a decision that has to be made internally after a balanced review with risk management and the company’s insurance broker. When you are doing an enterprise risk management analysis, you’re basically looking at the shock loss to a company from a variety of different angles. Political risk is just another one of those angles.

Risk management is a function of the economics of the situation. People in manufacturing have a different viewpoint than people in service industries. Publicly traded companies have to be cognizant of the fact that there is a certain amount of shareholder scrutiny. If you look at any public company’s 10-K form, there is a section devoted to that company’s risk factors. As a matter of routine, CFOs use this section to warn investors and potential investors that the business could be impacted by political risks. <<

For more information on political risk and its potential impact for businesses, visit http://www.aon.com/2012politicalriskmap.

Roger S. Schwartz is a senior vice president, Political Risk Practice with Aon Risk Solutions. Reach him at (212) 441-1125 or roger.schwartz@aon.com. David Schaake is resident sales director with Aon Risk Solutions. Reach him at (314) 854-0821 or david.schaake@aon.com.

Due to the historic amount of catastrophe losses that have occurred over the past few years, the property insurance market has changed significantly. This is particularly true for businesses that have exposure to catastrophe perils such as wind, flood and earthquake.

“If you have property that has these exposures, you are going to see significant changes on your property renewal,” says Gloria D. Forbes, an executive vice president with ECBM Insurance Brokers and Consultants.

Smart Business spoke with Forbes about how to manage your property insurance through the storm.

How has the market changed?

Both insurance companies and reinsurance companies are using new catastrophe predictive models to determine their rates, as well as deductibles and capacity. Capacity is how much of their capital they can allocate for these ‘CAT’ exposures, or, more simply put, the amount of coverage that they will be able to offer in insurance limits. The latest version of the model was adopted by most insurance companies last spring and summer, so the market is still in the process of changing, with rates and deductibles increasing.

How do catastrophic losses affect the market?

Insurance companies purchase reinsurance to protect them from very large losses. We have seen some of the largest catastrophe losses in history each year since 2009. Because property reinsurance is a global market, what happens in Chile, Australia, Thailand and Europe has an impact on the American market.

So any client with property that is considered to be exposed to windstorm, flood or earthquake is going to see changes in both the rate being charged to insure those exposures and is also likely to see change in terms and conditions.

What other changes can businesses expect?

When we refer to windstorm, we are usually referencing named storms such as tropical storms and hurricanes. Traditionally, named windstorm issues were limited to coastal property, but with the new model, the area considered at risk has expanded.

Although they may not be used to seeing them, businesses may begin to see percentage deductibles for exposure to windstorms or named windstorms. Those percentage deductibles are not a percentage of the loss; they are percentages of the total value of the property. If you have a $10 million building with a 1 or 2 percent deductible, you would have a $100,000 or $200,000 deductible, respectively. In the past, you would see this in Florida and properties surrounding the Gulf of Mexico. These percentages are being used more frequently to put the insurance company further away from the loss.

We are starting to see separate named windstorm deductibles being applied for locations within a 25-mile radius of the coast, from Virginia through New England.

Also, with the rise in tornado activity, we are seeing insurance companies increase windstorm deductibles, so you might not see a percentage deductible for windstorm, but you might experience the insurance company putting a higher flat dollar deductible, say $50,000 for windstorm.

Insurance companies are also decreasing limits for wind, flood and earthquake, which is an adjustment.  In the past insurance companies would ‘throw in’ a certain amount of coverage for flood or earthquakes. Last year’s east coast earthquake impacted that. There were numerous losses as a result of that quake.

Now insurance companies are more cautious about giving away earthquake coverage.

How has the way insurance companies determine rates, premiums and deductibles changed?

There have been great advances in modeling over the last few years. The insurance companies use analytics to predict storm frequency, severity and the probable maximum loss they are exposed to, given recent events. As these models become more sophisticated, they are tracking their exposures differently than they used to.

Here’s an example: A hurricane hit the gulf and did minor damage, but it continued to bring a huge rainstorm through the central part of the U.S. Most of the damage done was inland flooding from the rainstorm activity that took place for 48 hours after the hurricane hit the coast. Now when an insurance company underwrites that hurricane exposure, it is not just looking at how it hits the coast but also at the resulting rainstorm damage that takes place afterward. In the past, that tracking capability did not exist.

Also, many insurance companies are changing their coverage to include flooding related to a named storm or hurricane as part of the damage done by the storm. Consequently, the flooding is thus subject to the higher storm/wind deductibles that apply, as opposed to being considered a separate event.

What can businesses do to reduce the possibility of suffering catastrophic losses?

Obviously, you purchase insurance on property you own to protect your financial interest, but one of the best things you can do to reduce the possibility of loss is to properly plan for disasters ahead of time. It is important to have someone who can guide you through the changing policy terms and assist you in identifying your exposure to loss.

Additionally, it is typical to have resources become overloaded in a catastrophe. So one of the keys to disaster planning is to have in place the arrangements that you need. As a result, in the event of a large disaster, you will receive quick response from restoration companies and contractors to assure that cleanup happens as quickly as possible and your property is preserved. Moisture can create a mold exposure, which is often not covered by insurance companies. Working with an experienced broker that has these relationships and can assist you at the time of loss is critical.

Gloria D. Forbes is an executive vice president with ECBM Insurance Brokers and Consultants. Reach her at (610) 668-7100 or gforbes@ecbm.com.