All businesses face risks every day. Careful planning can either reduce these risks to an acceptable level, or eliminate them completely.
While insuring some of these risks is essential, it should be seen as no more than a back-up to an ongoing risk management process.
1. Legal requirements for risk management
Risk management is not just good business practice. In many cases, it is a legal requirement.
Health and safety legislation requires you to carry out a risk assessment of your business
- You must ensure the health and safety of all employees and visitors to your premises.
It is a legal requirement to take precautions to prevent injury to employees
- All businesses must have employers' liability insurance (except those only employing close family or where the owner is the only employee) to compensate employees who are injured or suffer illnesses through their work.
- If you don't ensure employees are adequately insured, you could face criminal proceedings.
Fire regulations require you to carry out a risk assessment
- In some instances you may need to have an inspection and certificate from a fire prevention officer.
Employment law requires you to follow set procedures
- For example, when recruiting, promoting or dismissing employees.
The Companies Act puts responsibilities on directors of a limited company
- These include acting to promote the success of the company and exercising reasonable care, skill and diligence.
2. Premises risks
Some of the most obvious risks are related to business premises.
Risks include fire, water damage, vandalism and weather-related damage
- Electrical faults are a common cause of fires. Ensure that all electrical items and wiring are checked regularly, in line with the Electricity at Work regulations.
- Arson is another cause. Remove combustible waste, and control access to vulnerable areas (eg warehouses).
- Water damage is mainly caused by burst pipes and leaks from water tanks. Carry out regular inspections, maintenance and repairs.
- Glass is a favourite target for vandals. Glass windows and doors can be made of toughened glass, or protected with grilles or bars.
- Flooding and structural damage to your premises can be caused by severe weather. Make sure gutters and drains are cleared and that roofs are kept in good repair. Find out if your premises are located in a flood risk area and sign up for local flood watch warnings.
Improve security systems and procedures
- Burglar alarms are a good visible deterrent. For reliability, they should comply with British Standard 50131.
- The company installing and maintaining your alarms should be approved by the National Security Inspectorate. Insurers will also consider alarms approved by the Security Systems and Alarms Inspection Board.
- Ensure burglar alarm codes and keys are only accessible to authorised persons.
- Make sure all visitors identify themselves and state who they are visiting.
- Appoint someone to check the premises are secure at the end of each working day.
A professional approach to managing your premises will prevent problems
- Draw up a list of items which need regular inspection and maintenance. For example, roofs, pipes, tanks and stopcocks.
- If your premises are vulnerable to flooding, keep stock and key IT equipment such as servers stored above ground level.
- Ask your local fire prevention officer and crime prevention officer for advice. Smoke detectors, fire alarms, extinguishers and sprinklers are vital to alert people to danger and to prevent fires from spreading.
- If you are a tenant, ensure that your landlord is taking sensible precautions.
Improve fire safety practices
- Lock away hazardous and flammable substances in secure storage.
- Smoking is banned in almost all enclosed workplaces and public buildings in the UK. Ensure your smoking policy is rigorously enforced.
- Undertake regular fire drills, so that all employees are aware of the procedures. Keep a log of the timings and results.
3. Equipment risks
Computers represent a major risk for most businesses
- Back up all computer data regularly (daily if possible). Use a reliable cloud storage provider, or back-up disks which are kept off-site.
- Ensure your computers are networked, and that data or software isn't kept on a single machine. If one computer fails, you can switch to another and continue to work.
- Install an uninterruptible power supply or surge protectors. Otherwise, fluctuations or cuts in the power supply can cause loss of data.
- Ban employees from downloading attachments or connecting their own devices to the network without a virus scan.
- Install a firewall. Keep your anti-virus software and spyware up to date.
Regularly check any equipment you use to provide or manufacture your product or service
- Make sure it is in full working order. For example, manufacturing businesses should ensure all parts of their production lines are functioning correctly and at maximum efficiency.
- Equipment failure can mean late delivery, lost orders and cash flow problems.
4. Employee risks
The severe impact of the death or illness of a key employee can be insured against
- Reduce the risk with regular medical checks for key employees.
Train replacement staff to take over key jobs in the event of illness
5. Theft and fraud
Many kinds of theft can be prevented by securing your premises. Other threats come from within your organisation and can easily be overlooked.
Concentrate on the favourite targets for thieves
- These include cash, alcohol, clothing, electrical products, cigarettes and computer equipment.
- Indelibly mark all equipment with your company name.
- Some equipment, including computers, can be secured in place with cables or bolts. Your insurance policy may insist on this precaution.
Theft by employees can be costly
- Vet all new employees, especially those who handle money or have access to computer systems. Check whether new employees have the qualifications they claim to have.
- Petty theft is a common problem. Allow only trusted individuals to order equipment or stationery.
Collaboration with other organisations can help prevent theft
- Trade associations and retailer groups often share information on recent thefts. For example, a shop can alert others in its area to known shoplifters.
- Police crime prevention officers can alert you to particular risks facing your business.
The symptoms of fraud can go undetected until it is too late
- Set up systems to double-check all invoices and expenses. Employees may submit false expenses claims, inflate invoices from suppliers, or set up fictitious supplier accounts.
Theft of intellectual property can be even more damaging than fraud
- At times, it is impossible to detect. A competitor may get hold of sensitive information without you even knowing.
- Patenting ideas may be too costly for smaller firms, so taking preventative measures is often the best option.
- Restrict access to sensitive information by password-protecting or encrypting computer files. Keep passwords secret and change them regularly.
- Consider taking out legal expenses insurance to help fund any legal battles to defend your rights.
- Include confidentiality obligations in contracts of employment.
6. Transport risks
Ensure that vehicles are regularly maintained and drivers are aware of driving-time limits
- An accident could mean legal action against your business. For example, if it is due to faulty brakes, or caused by fatigue because your driver has exceeded the driving hours allowed by law.
Use secure methods to transport valuables and other items that might be stolen
- Your business should recoup the higher costs in lower losses.
Use a methodical step-by-step process to identify risks and decide what action to take.
Identify your key business processes
- For example, a printing firm receives information by email, lays out text and images using a computer, does the print run, then delivers the publication.
Identify the key elements that make the business processes possible
- For example, a printing firm needs premises, computers, printing presses, a delivery van, and a team of employees.
Identify any strategic threats that may be worth insuring against
- For example, litigation is a serious risk for most printing firms, as late delivery of a publication can be disastrous for the customer concerned.
Run through a list of common risks
- Check you have not overlooked anything.
Isolate the most likely causes of all these risks
- Then take action to eliminate or reduce the risk in each case.
- For example, a printing firm should have fail-safe computer back-up procedures and should take legal advice on how to avoid being sued.
Decide which risks are worth insuring against
- For example, a printing firm may decide to insure the premises, the computers and the key computer operators.
7. Insuring against common business risks
Many business risks can be insured against. But in order to be accepted by an insurer, you may have to take steps to reduce the likelihood of needing to make a claim.
Your insurance policy's conditions will normally specify security and safety measures
- Failing to comply with these conditions could invalidate your insurance. For example, failing to keep your alarm maintained or to keep the code secure.
- Employers' liability and other types of liability insurance will cover liabilities to others caused by your negligence, and may cover failure to meet legal obligations.
- In extreme circumstances, an insurance company could sue a firm's directors for claims paid by the insurer.
Increased safety and security measures may reduce your insurance premiums
- The fewer claims you make, the less your premiums will increase in the future.
Consider if some risks should remain uninsured
- For example, the cost of fidelity (staff honesty) insurance may be high for a small business. It may be better to carry the risk and take sensible precautions.
Some risks are simply uninsurable
- loss of profits due to the loss or failure of a contract, or due to fluctuations in demand for your goods or services
- losses due to shoplifting
Risk management services can often pay for themselves
- These are offered by many insurance companies, insurance brokers and industry specialists (eg IT consultants). By reducing your risks, they can cut your premiums and your excess.
- Risk management will analyse the risks and provide cost-effective steps to prevent disaster striking.
A contingency plan (or business continuity plan) will help you recover from any disaster
- Imagining disaster scenarios helps you identify sensible steps to take now, such as organising data back-ups, so that your business wouldn't be left high and dry if that were to happen.
- Find health and safety risk management guidance from the Health & Safety Executive (HSE).
- Find guidance on electrical safety at work from the HSE.
- Download guidance on preparing your business for flooding from the Environment Agency.
- Find an alarm company approved by the National Security Inspectorate or a fire alarm or security system installed by a provider registered with the Security Systems and Alarm Inspection Board.
- Use the British Insurance Brokers’ Association (BIBA) Find a Broker Service.
- Read business insurance advice from the Association of British Insurers (ABI).