I attended a very good talk on Risk Management by Colin Taylor at the last Law Society Conference in Cork. Colin Taylor is the head of the Risk Management Services of Prime Risk Solutions and while very entertaining in his talk, he was also very astute in the advice that he gave.
He began his talk by observing that the reason one has brakes on a car is so that we can go faster, and that probably applies to risk management in a very accurate fashion. The true cost of any claim against a business is far more than the monetary loss. There is a personal trauma which attaches to being sued. There is the management time and the time spent dealing with the claim, which obviously could be better spent servicing existing clients. There is also the increased premiums, and perhaps increased excess, and the loss of existing clients, possibly the loss of new clients and damage to reputation.
Accordingly, every business, not just those concerned about their insurance premiums should engage in a risk management process. They should identify the risks and analyse them and manage them, ideally reducing the risk to zero. Obviously there will be an inherent risk in everything one does, and even after the best systems have been applied, there will be a residual risk, but the amount of that risk depends on one’s risk appetite.
An interesting exercise is to sit down and think of the 5 biggest threats to your business. Write those down and try and work out the likelihood of them occurring. Then have a far more sobering conversation with yourself and try and work out the likely damage they would do to your business (the risk impact) and examine have you actually done anything about any of these risks already.
Risks are traditionally broken into four areas:
1. Strategic risk. These are business decisions made by you in the best interests of your business.
2. Disaster risks. These are natural disasters such as fire, floods, earthquakes, or even staff getting ill with a wave of flu bugs.
3. Operational risks. These are work related, professional negligence, employees stealing from you, and the like.
4. Financial cash flow, debtors not paying, fraud and so forth.
A big problem arising particularly in professional negligence claims these days is the workflow within the office. Obviously you as business owner can’t do all the work yourself and therefore you will have to delegate to suitably qualified people to do it. However, delegation is not abdication. You must set criteria for the delegation, and ensure that those you delegate to have the right skills. Make sure the delegated work is not sub-delegated or if it is, the same criterion apply, and keep a record of that work, so that you can check back in with the person, both to reward and thank them for a job well done, or alternatively to educate them if there are any deficiencies.
Delegation is one instance in which your door should always be open! Regular meetings are a key to risk prevention but you should always ensure that you don’t overload the person doing the work. They will also need adequate support to do the work and you should monitor their case loads or workload on a regular basis.
Your organisation can only benefit from a culture of compliance in risk management. The more you plan the more the business will run according to that plan and the more unforeseen episodes will simply stop.
While I am not a huge fan of all aspects of American culture of doing business, I do agree with their no blame culture. Your infrastructure within the office should be supportive but accountable, and backed by education and training to bring the best out of your staff.
Finally, particular attention should be given to the modern modes of doing business. Email and internet and mobile phones, all aid expeditious dealings with client, but sometimes speedy dealings are not the safest. The risk of error goes up with speed of use. The sooner you are asked to reply to a client, the more chance you will do it while in the car, in conversation with somebody else, or without thinking the matter through properly.
Similarly, watch out for flame mail. Just because somebody sends you what appears to be an angry email, doesn’t mean that you have to tear into them. Control your responses and always issue measured responses.
Finally, watch out for carbon copies, and blind carbon copies, it’s too easy to send the information to entirely the wrong person!