risk management

Why you need a risk management program - and how to get started

November 29, 2020
risk management

With mounting competition and globalization, you may be facing skill shortages, rising costs, and a more complex business environment than ever before. Add to that an increasing reliance on digital technology and a growing number of natural disasters, and you can see why middle market businesses need a risk management program to minimize the risks they face.

If you don’t have a risk management program in place already, here are some areas where your business may be vulnerable to risks, and recommendations for certain steps you can begin to take to prevent or minimize them.

1. Your operations and property:

  • Install a sufficient number of smoke detectors for your facility and have a qualified contractor inspect and test them every 12 months.
  • Use, store, and dispense of flammable or combustible liquids properly.
  • Ensure electrical systems are working properly, including scanning the main junction box every three years, and replace any extension cords with permanent wiring.
  • Maintain clear, unobstructed walking and work spaces.
  • Make sure employees and guests utilize appropriate personal protective equipment as necessary.
  • Ensure machinery has appropriate guards and documented lockout/tagout procedures.
  • Provide a safe and controlled reception space for guests and customers.

2. Your employees:

  • Include background checks and employment history verification when hiring.
  • Train new employees and all employees annually on corporate policies, safety programs, information management, and emergency response. Document when training is complete.
  • Make sure you have an ergonomic program in place.
  • Develop, review, and test your emergency evacuation plan every 12 months.
  • Establish policies and safeguards to protect against fraud and embezzlement.
  • Use a security system that easily removes access for former employees and contractors.
  • Train employees to properly use and maintain personal protective equipment.

3. Severe weather:

  • Develop a Business Continuity Plan and Emergency Response Plan and review them annually.
  • In a hurricane zone: Plan how you’ll secure loose outdoor fixtures, equipment, and storage; install hurricane shutters; and give employees time to safely evacuate and protect their own homes.
  • In an earthquake zone: Inspect building for structural weaknesses. Secure racks, shelving units, and furniture to the floor or walls, and install protective film on windows.
  • In an area prone to wildfires: Establish a 100-foot defensible space around your building. Irrigate plants around buildings and minimize combustible exterior storage.
  • In a flood zone: Have appropriate materials on hand (sandbags, flood walls, etc.), move critical assets to at least one foot above Base Flood Elevation, and install controls to prevent chemical and pollutant release.
  • Have a qualified roofing contractor inspect your roof each year.

4. Health emergencies:

  • Include a health emergency plan in your general business continuity preparation.
  • Outline both your response and the steps you’ll take for business recovery in the event of a severe health emergency, such as a viral outbreak or other major disease event.
  • Partner with your Human Resources team to determine alternative working models for employees, such as remote working
  • Educate employees on hygiene protocols and methods for protecting themselves from infection. 

5. Your IT systems and technology:

  • Create a Cyber Security Plan with assistance from a qualified IT security professional using accepted cyber security standards for your type of operation. Include communications and cyber connections with customers and vendors.
  • Design and test a Breach Response Plan and a plan to manage ransomware attacks.
  • Regularly back up critical data and system information off site and test its recovery.
  • Train your staff annually on strong passwords, social engineering/phishing, and protecting sensitive information.
  • Control access to sensitive data including personal, health, and business information.
  • Make sure manufacturing systems that rely on operational technology have dedicated cyber security control mechanisms to prevent intentional sabotage as well as accidental mistakes by workers and trusted third parties.

Insights and expertise

We keep you informed — and your business protected — with these helpful articles.
security camera
All business sizes
Tips for managing your business’s IoT risk
The expanding internet of things (IoT) means reliance on new technology for efficiencies and profits. But along with the technology comes new cyber security and other business risks. Here’s what you need to know about IoT and your business.
business woman
All business sizes
5 steps for creating a business continuity plan
Risk managers advise that one of the best ways to make sure your business can reopen quickly – and stay successful – after a disaster is to develop a business continuity plan.
colorful ship containers
All business sizes
How to protect your business from supply chain disruption
Managing supply chain risk from external vendors and suppliers.
school lockers
Risk Management
School’s in session: Understanding education related risks
Learn how to identify and mitigate the greatest risks facing educational institutions.
chimney on a roof
Risk Management
How to keep that roof over your head
Keep your roof in top shape by preventing water leaks with regular inspections.
frozen red pole
Risk Management
Cold weather preparedness for your business
Follow these best practices to prepare for winter weather and help minimize its impact on your facilities.
doctor reviews medication
Risk Management
Guide to safety surveillance in Life Sciences
Responding to unforeseen issues with a product's safety profile efficiently and effectively is key to protecting patient safety and a company's bottom line.
lab researchers in cleanroom
Risk Management
Navigating risks in cleanroom environments
While critical in helping materials remain contamination-free, cleanrooms can also pose significant business continuity considerations. Recognizing these and providing suitable protections may reduce the potential and magnitude of a loss event at a life science organization.

Seeking a business insurance quote?

We can help with that.