The objectives of this session are to introduce the concept of business risk, categorize the risks, and present options for controlling the risks, with an emphasis on insurance. The session includes a discussion of business risks in different regions of the world and a “Business Risk Worksheet” (PDF) to help business owners keep track of their most critical risks.
- What is Risk?
- What are the most common types of risk?
- Different ways of managing risks
- What is Insurance?
- Advantages to business insurance
- Types of insurance coverage for small business
- Risks in Different Countries
- Evaluating Your Business Risk
- Business Risk Worksheet
- Top Ten Do's and Don'ts
- Business Resources
Risk is the chance of bad things happening in the future. In business, the most important risks threaten business performance and survival. For example, a decline in the demand for a product or service is a risk that every business faces. Another risk is the possibility that prices of supplies and labor will go up. These risks impact the profitability of your business and its survival in the long run. Other risks have an immediate impact on the survival of your business. The risk of fire that destroys your building or machinery falls into this category. The possibility that legal action, such as a lawsuit or code violation, adds massive costs to your business is another risk that threatens the survival of your business.
What are the most common types of risk?
Common business risks fall into five categories: financial risks, compliance and legal risks, cybersecurity risks, operational risks, and reputational risks. It is important to note that the significance of different business risks change over time and depend on the size of your business. For example, cybersecurity risks were virtually unknown 25 years ago. Below is a brief description of these categories.
- Financial risks. Financial risks are related to the ability of the business to maintain a sufficient flow of cash. (In this sense “cash” means available or “liquid” money that can be used for expenses. You might have assets that represent value to your business, but you cannot use them to pay bills.) Inadequate cash flow is the most common reason that small businesses fail. Financial risk includes credit risk, the risk that customers who buy from you on credit cannot repay you or that you cannot repay a creditor, and liquidity risk, the risk that your business cannot convert its assets into cash to meet short term needs.
- Compliance and legal risk. Compliance and legal risk is related to violating laws and regulations. Depending on the country, your business may face a variety of regulations in order to operate. These regulations include rules about how you hire and manage employees, rules about how your business impacts the environment, rules about meeting your contractual obligations, rules about financial record keeping and reporting, and rules about the quality and safety of your products. “Compliance” means complying with or abiding by a rule or law.
- Cybersecurity risk. Cybersecurity risk is the risk associated with the unauthorized access to and distribution of private information through computer networks and the internet. These risks include the exposure of business, employee, and customer information, identity theft, and payment fraud. Ransomware (software designed to access confidential information in a threat-based scheme in order to collect a ransom or payment) is the latest cybersecurity risk facing businesses.
- Operational risk. Operational risk is the risk of loss that is a result of failed processes, people, systems, or external events. Employee errors, technological failures, and natural (and unnatural) disasters fall into this category. Sometimes cybersecurity risk is included in this category.
- Reputational risk. Reputational risk is the risk associated with damaging the good standing (reputation) of you and your business in the community. Some of these risks have external sources, like negative social media posts or negative articles in the press. Some of these risks have internal origins like the unethical conduct of employees. In the age of social media, this risk is growing in significance.
Cybersecurity Risk: Colonial Pipeline
Colonial Pipeline is a company that operates an oil pipeline system that transports gasoline and jet fuel from Texas to many states in the Southeastern US. In 2021, the company experienced a ransomware cyberattack that affected the equipment that managed the pipeline. Colonial was forced to stop pipeline operations and pay the attackers $4.4 million in ransom. Upon receipt of the ransom, Colonial’s computerized system was restored but it took many days before the flow of fuel returned to normal.
Reputational Risk: Kendall Jenner and PepsiCo, Inc.
In 2017, PepsiCo, Inc., an American multinational food and beverage company, released a television advertisement that featured an American celebrity, Kendall Jenner and its popular Pepsi carbonated drink. The advertisement shows Jenner confronting police at a protest about racial injustice. In an offer of peace, Jenner hands a can of Pepsi to one of the police officers. The advertisement sparked outrage because many people thought that it trivialized the protests against police brutality that were happening all over the US that year. PepsiCo’s reputation suffered a significant blow that continues today in many parts of society.
Compliance and Legal Risk: Volkswagen
Volkswagen, one of the world’s largest automobile manufacturers, admitted to tampering with emissions systems to meet standards required by the US and Europe. In 2015 the US Environmental Protection Agency (EPA) issued a notice of violation of the Clean Air Act to Volkswagen Group, having found that Volkswagen had intentionally programmed (through software) turbocharged direct injection diesel engines to activate their emissions controls only during laboratory emissions testing, to meet US standards during regulatory testing. In real-world driving, the vehicles emitted up to 40 times the nitrogen oxides recorded in the rigged tests. The software was deployed in about 11 million cars worldwide, including 500,000 in the US. As of June 1, 2020 the scandal had cost Volkswagen $33.3 billion in fines, penalties, financial settlements, and buyback costs.
These examples are for large, well-known companies, which attract a lot of media attention when things go wrong. However similar risks exist for smaller companies.
Different ways of managing risk
Insurance is the most common form of managing significant risks, but it is not the only way. There are other things that you can do to protect yourself and your business from common business risks. Some of these options are listed below:
- Maintain a lean budget with low overhead and minimal debts. This action will protect your cash flow and reduce your financial risk.
- Employ legal and human resource (HR) professionals who are familiar with the laws and regulations. This action will ensure you meet your legal obligations and protect your business from compliance and legal risks.
- Invest in cybersecurity solutions (e.g. virus detection software) and train employees about keeping data safe. This action will protect your data and your customer’s data from cybersecurity threats.
- Provide training and create processes to avoid internal mistakes. Training and carefully designed processes will ensure that your quality is maintained, customers are protected, and operational risks are minimized.
- Develop contingency plans (or damage control plans) for operations. Contingency plans, including a backup safety fund, will protect your operations and your business from unexpected events.
- Monitor online reputation and commit to resolving customer complaints quickly. Reputation requires careful monitoring and quick action when it is jeopardized. Think about how you want your business to be perceived and take action to reinforce that reputation.
- Maintain a clean and organized work environment to keep your employees and customers safe.
- As a business owner, choose your relationships with contractors, vendors, and partners who are insured themselves.
Risk management is not something that you do just once. It is an ongoing effort that a business owner must think about frequently. Make a practice of reassessing your business’s risks every year. In a politically, socially, or economically unstable region, you may wish to reassess your business risk more frequently. It is also important to reassess your risks and insurance as your business grows.
Insurance is a contract between an insurer (also called an insurance company, insurance carrier, or underwriter) and a person or company called the insured (or the client). The contract is usually called an insurance policy. Under the contract, the client pays the insurance company a set fee called a premium (often once or twice a year). Then, in the event of a problem that falls within the scope of the contract, the insurance company pays the client an amount identified in the contract to protect the client from financial losses associated with specific risks. When this happens, the client makes a “claim” to the insurance company.
Insurance policies are classified by the type of risk that they cover. Fire insurance pays the client for financial losses associated with fire, and auto insurance pays the client for losses associated with auto accidents and theft. Life insurance pays the client, or the client’s beneficiaries, if the client dies.
Insurance companies make money by selling insurance policies to many people or companies. Most of the insured people and companies will not experience a loss and will not make a claim against the policy. As long as the premiums paid by clients exceed the payouts for claims, the insurance company will make a profit.
In most countries, insurance companies are regulated by the government to make sure that the companies have sufficient funds to cover potential losses by insured clients. If you buy insurance, make sure you buy from a regulated company, and don’t choose an insurance provider with substandard ratings.
Advantages to business insurance
There are many advantages to purchasing business insurance from a regulated insurance company.
Compliance and access to new markets. To access some markets, you will need specialized insurance. One of the most common areas where this is true is in transportation. If you are moving goods from one place to another, you will need liability insurance to cover the value of the goods you are carrying.
Protection from the most common kinds of business risk. The most common business risks are described above. Many companies will carry insurance to cover operational risks, compliance and legal risks, and cybersecurity risks.
Assistance from expert risk managers. Insurance companies often have expert risk managers working for them. These risk managers work with clients to control risks and reduce premiums.
- An advantage when recruiting employees. Insurance policies that protect the health and safety of employees can be useful to recruiting and keeping good employees. In the US and many other countries, businesses are required to purchase health insurance for their employees.
Some individual clients may prefer to work with businesses that have insurance, and some businesses, larger companies, or government organizations may require that their providers have insurance.
If you choose to lease office space, the landlord will typically require that you provide a certificate of insurance or be listed as an additional insured on your policy.
Another important advantage of insurance is referred to as “peace of mind” in English. Peace of mind refers to the tranquility associated with knowing that you and your company are not financially responsible for certain kinds of losses.
Types of Insurance Coverage for Small Business
- Business property insurance. Business property insurance, also called commercial property insurance, covers your business’s equipment, your building, and other personal property from fire, theft, and similar risks. For example, a commercial property insurance policy will usually repair or replace tools and equipment, inventory, furniture, computers, your building, and even your accounts receivable.
- Commercial general liability insurance. Commercial liability, also called business liability, insurance covers personal injury, property damage caused by the business’s operations or products, and bodily injury that occurs at the business. For example, if you hire a painter to paint your business building and the painter is injured while performing the work, this insurance will usually cover the costs associated with this accident.
- Business income insurance. Business income insurance helps to replace income that is lost if you need to temporarily close your business. Covered reasons for closing your business often include fire damage, wind or storm damage, and theft.
- Workers’ compensation insurance. This insurance covers the costs associated with work-related injury or illness to your employees. For example, if one of your employees is injured on the job, workers’ compensation insurance will cover your employee’s medical expenses and lost wages, among other things.
- Data breach insurance. Data breach insurance covers the costs associated with unauthorized access to your customer’s personal information. This type of insurance can help pay to notify impacted customers, hire a public relations firm, and offer credit monitoring for the victims.
The insurance policies described above are examples of the many types of insurance that is available to small businesses. The description of the coverage is an example only, and you should refer to your own insurance contracts to understand exactly what is covered for you. Depending on the type of business, some insurance will be more appropriate than others. For example, if you are operating a home-based business with no employees, you probably don’t need workers’ compensation insurance. The US Small Business Administration has good descriptions of the different types of business insurance.
Some businesses use “self-insurance” to control risk. Self-insurance involves setting aside large amounts of money to cover the costs of unexpected losses. In general, setting aside money for self-insurance is a poor investment for small businesses.
Don’t avoid insurance because of the cost premiums. Instead shop around to get quotes from different insurance companies, where prices may vary depending on the coverage, which types of insurance are included, etc. You can have profitability as well as safety for your business! And be sure you always read your insurance policy to understand the terms.
The World Economic Forum publishes a Global Risk Report every year. Many of the risks that they identify are associated with changes in economic conditions and others are associated with social and political upheaval. The top ten risks identified by the World Economic Forum are:
Fiscal crises: A fiscal crisis is one where the government spends more than it collects in taxes or can borrow. Your business may face a large increase in taxes or a significant decline in government service as a result of a fiscal crisis.
Cyber attacks: A cyber attack is an attack on an organization’s computer information system. In a cyber attack an attacker may steal, alter, or destroy information about your business.
Unemployment: An unemployment crisis is one in which a large proportion of the population cannot find work. Your business may face a decline in demand because your customers cannot pay for goods and services.
Energy price shocks: Energy prices are highly volatile in some parts of the world and can have a significant impact on your business’s profitability.
Failure of national governance: A failure of national governance may result in civil unrest and a decline in economic activity that will impact your business.
Profound social instability: Social instability can result in demonstrations, strikes, and other threats. Social instability is closely related to unemployment, failure of national government, and fiscal crises.
Data fraud or theft: The risk of data fraud or theft is the risk that your data is stolen or used in a way to steal money from you or your customers.
Inter-state conflict: Wars between states is a tragic and devastating risk for people in many parts of the world. Non-violent inter-state conflict, like a trade war, can also impact you and your business.
Asset bubble: An asset bubble is a situation in which the price of an asset is artificially high and does not reflect economic conditions. Asset bubbles can have an important impact on your business’s profitability.
Failure of critical infrastructure: Most businesses utilize some portion of a nation’s infrastructure. Infrastructure includes roads, ports, power, water supply and internet access.
The probability of these events is different depending on where you are in the world. You will need to think about the chance of these unfortunate events and take steps to protect you, your family, and your business. If the chance of these events are high, it may be appropriate to postpone starting your business until the business environment changes.
Every risky event that your business faces has two characteristics: the probability that the risky event occurs and the cost associated with the risky event. The worst risks are those with a high probability of occurring and a very high cost. The “best” risks are those with a low probability of occurring and a low cost. The probability and the cost of risk events depends on the type of business you are in and where your business operates.
You can use a table like the following to assess which risks are most important to you and your business:
Where would you put the risk of a fire for instance? If your business operates in a location where wildfires are common, or your business works with flammable materials, then the probability of a fire could be higher than for other kinds of businesses. Be realistic about your abilities to predict risky events, there are likely to be unexpected events for any business. And just because something happened or didn’t happen in the past doesn’t mean it will be the same in the future.
An experienced insurance agent can be helpful in assessing your business’s risks and providing guidance on how to reduce the probability of risk events. It’s important to be honest with not only your insurance provider, but also your employees, partners, and other stakeholders about the risks your business may face.
Business Risk Worksheet
As mentioned above, it is important to periodically review the risks that your business faces and your strategies for reducing the impact of those risks. The following worksheet can be helpful in keeping track of your business’s risks.
Click here to download a PDF version of the Business Risk Worksheet.
THE TOP TEN DO'S
- Reassess your business risk annually or more frequently.
- Develop a strategy for reducing your greatest risks.
- Consult an experienced business insurance agent on ways to control risk.
- Utilize insurance policies for your high cost risks.
- Consider a health insurance policy to recruit and keep good employees.
- If you use computers or the internet, evaluate your cybersecurity risk.
- Maintain a clean and organized work environment to keep your employees and customers safe.
- Increase all your insurance coverage appropriately as your business grows.
- Discuss risk with your employees and partners so everyone is aware.
- Develop a contingency plan for operations.
THE TOP TEN DON'TS
- Overlook employee training to maintain a safe work environment.
- Avoid insurance because of the cost of premiums. Instead, consider different insurance companies.
- Work with contractors, vendors, and partners who are not insured.
- Work with insurance providers with substandard ratings.
- Withhold risk information from employees, partners, and insurance providers.
- Assume that safety and profitability are incompatible.
- Overestimate your ability to predict risky events.
- Forget to read your insurance policy.
- Assume that the past predicts the future.
If you are writing your business plan while reviewing this material, take a moment now to include any information about your business related to this session. MOBI’s free Business Plan Template and other worksheets, checklists, and templates are available for you to download. Just visit the list of MOBI Resource Documents on the Resources & Tools page of our website.