Got Docs?

Just like changing the clocks makes us think about smoke alarm batteries, tax time reminds us of all the stuff we have around!

Saving, protecting, sorting, archiving, and eventually destroying business or personal documents can be a full-time job!

All the paper and electronic documents we deal with today has really become information overload. It clogs computers, spills off desks and out of file cabinets and even piles on the floor!

A document retention plan can be the answer. A simple plan easily guides you to 1) what gets saved – and what doesn’t, 2) where, and 3) for how long. And in our litigious society, saving the right things and destroying outdated, useless stuff is really a survival tool.

Why is this so important?

  • A “lost” document – contract or insurance policy – can be a nightmare … or at least a time-wasting headache.
    • Just what did that agreement say about the timing of payments?
    • If you don’t have an “old” insurance policy you may not be able to get coverage.
  • If your entire email archive – rather than just the recent files – gets subpoenaed in a lawsuit, imagine the cost of lawyers checking everything for what’s relevant. Imagine an inappropriate five-year-old email damaging your reputation.
  • Legally, if you don’t have a plan for destruction, how can you explain documents that you can’t produce for a discovery?

What to do – your next steps

  1. First, ensure you have a reliable electronic back-up system that includes all records and documents. There are daily and instantaneous solutions online.
    • Your information must be accessible if your PC hard drives get stolen or subpoenaed.
    • These files must be encrypted, regardless of where they are.
  2. Then create a list of the types of documents that come in – correspondence, email, publications, paper files, etc. This list will guide you to what goes where, and for how long.
  3. Draft your guidelines for where different things need to go: client files, vendor files, tax, legal, employee files, and other. This must be simple and comprehensive – you don’t want a huge pile of “miscellaneous” with no instructions!
  4. Decide how long things need to be kept. Some guidelines might be:
    • Insurance policies, some contracts, and property asset documents, including business or home remodel costs should all be kept indefinitely.
    • Keep tax returns and documents for 7 years, HR records for 3+ years after termination. Lots of areas have specific rules – get help.
    • Ancient email and instant messages are a black hole that need clear destruction guidelines for purging the unnecessary.
    • Remember there can be legal restrictions on destruction in special areas – tax and related documents, employee files, construction plans and designs in certain cases, etc. Always get advice from your attorney and accountant to be sure.
  5. Schedule regular clean up periods and make sure everyone is following the plan. It’s important that there are no rogue emailers keeping stuff on their own C-drives.
  6. And, of course, stop all destruction if there’s a lawsuit or regulatory investigation.

You can Google “How to develop a document retention policy” for guidance. There are many record management firms with templates, guides, and sample policies to get you started.

And you can email or call Charles (charles@risksmartsolutionis.com | 510-685-3883) with any questions or to discuss your unique situation. He can help – and there’s never a charge for brainstorming.

Cyber Security Training for Employees

A real-life story

An employee finds a USB drive in the parking lot on his way into work; it’s marked “Bonuses.” The attacker who left this knows he’ll be inside your system within two hours. If the USB had been marked “Porn” he’d be in within 20 minutes.

Employee training in cyber security is essential in today’s ruthless world. Small and mid-sized businesses are increasingly easy targets because they struggle with the resources to protect themselves.

Why is this so serious?

Most small and mid-sized companies are not nearly as secure as they like to think they are, and their managers are scared about the wrong nightmares. For example:

  • Most breaches are caused by internal employees, or vendors with your data, – not by an outside hacker.
  • Almost 60% of those come from accidents or goofs, including phishing – not from malicious assailants.
  • 75% of breaches come from employees working outside the office on laptops, phones, or tablets.
  • Senior managers are much more likely to be the biggest offenders – they have the most access to data, and they don’t think the rules apply to them!

What does good training look like?

  • Be simple and clear: security guidelines must come with the reasoning behind them – explain why they are necessary, because rules or policies alone do not work!
  • Management first, then employees must clearly understand what cyber security means, what you are protecting, and how hacks or goofs can happen.
  • Effective training must include regular updates, reminders, discussions, and examples.

Recently, a Snapchat employee responded to a very real looking email purportedly from the CEO asking for payroll information. Oops! Snapchat appropriately said, “When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong.” 

  • Give recognition to those who discover a possible problem, and don’t punish inadvertent goofs or whistle blowers even if the alarm is false – that’s better than no alarm at all.
  • Get feedback, listen to staff comments and frustrations, and use it to make improvements.

This doesn’t have to be complicated or expensive – but it needs senior management leadership and support. A security-conscious culture can pay off big-time when everyone is engaged as defenders of company assets.

Here are some resources:

Business Disruption Checkup

Disruption” can have several meanings, but it all feels very uncomfortable!

  • There can be positive impacts if you are the creator of disruptive innovation, like Uber or Airbnb.
  • Then there are disasters – both accidental (like fires, crashes, riots, etc.) and natural (earthquakes, floods, etc.).

Pain – These disasters can cause severe disruptions to business operations: loss of staff, production facilities, suppliers, customers, revenue, and profit. In addition to physical loss, you can expect hassles, distractions, wasted time, and unexpected expenses to add to the misery.

Relief – Insurance policies can offer relief with business interruption insurance (BII) – AKA, loss of profits or business income insurance – and several options. Unfortunately the relief can be short-lived because these are complex and often contentious, drawn-out claims.

Problems – Claims for BII are all about the future – hypothetical sales and revenue, normal and extra expenses, and lost profit. Further hurdles can arise from regulatory requirements, foreign suppliers, delays, and possible surge pricing if other businesses are involved in the same disaster. Claims worksheets, which are necessary to “prove” your loss, are complicated and require thorough documentation. Many times these are missing, incomplete, misunderstood, or open to interpretation.

Solution – The solution, like most things in life, involves advance planning. Knowing the pitfalls at claim time can provide hints about how to best prepare.

  • Your annual budgets and forecasts must have documentation. How did you come up with the revenue plan? What are your assumptions about your market, customers, suppliers, and expenses? Are they gut-feel or do you have some references you can document?
  • In today’s world of virtual (not vertical) integration, most businesses rely on a supply chain for goods or services. Ask about their assumption, and ask how they plan to manage their risks of a disaster or slow-down that could impact you.
  • As with any recovery plan you need a list of resources, contacts, and some employee training so that various tasks can be undertaken smoothly.
  • Finally, ask your CPA to assist with a hypothetical BII claim worksheet – get a sample from your broker and work through the definitions and numbers with a loss scenario so you better understand how the process works.

Have you dealt with a business interruption loss? What tips can you offer? Add your comments.

Plan – don’t panic! Email or call Charles (charles@risksmartsolutionis.com | 510-685-3883) with any questions or concerns about your unique situation. I can help – and there’s never a charge for brainstorming.

 

Annual Risk and Protection Checklist

calendar and clockHere is your annual reminder! As you organize your priorities for the New Year, remember to include the following.

Seven key risk and protection reminders for your checklist:

Many of these we know are important, yet they’re often not immediately urgent, so they fall to the bottom of the pile. That’s why an annual schedule for these updates on your calendar is great for avoiding last-minute panic.

  1. Update Asset Lists: Inventories can get quickly out of date. Think about equipment, vehicles, shop and office supplies, computers and software licenses, contact information, etc. Quarterly reviews can keep these top of mind. Keep updates offsite and secure.
  2. Update Asset Values: Buildings, equipment, inventory, etc. replacement costs can vary from normal inflation for lots of reasons. Don’t get caught short in the event of a loss. Review quarterly with your asset lists above and advise your broker if you need increases. If you can’t get these done, schedule “project steps” and perhaps use a summer or holiday intern to help out.
  3. Schedule Key Dates: Keep track of renewal dates for licenses, leases, client retainers, service contracts, insurance, certifications, website URLs, etc. on several people’s calendars. Add notes about who else needs a heads up to be involved.
  4. Insurance Protections: Meet with your insurance professional at least once outside of the renewal period. Ask about new trends in legal, coverage and insurance rates. Talk about changes to your business and ask about emerging risks that need your attention. Then block out time for renewal applications and benefit program updates, employee communication, and enrollments.
  5. Safety: This can be vital to employee morale, customer loyalty and your business survival. Make sure your IIPP (injury and illness prevention plan) is up to date as required by many state laws. Schedule regular safety committee meetings, and get the right equipment (PPEs). Ask your insurance broker about free insurance company services and inspections.  Also get locations of emergency medical clinics nearest you and your work sites: each employee should have an appropriate list immediately accessible.
  6. HR Issues and Training: Plan for employee handbook updates, new policies and updated Department of Labor (DOL) and OSHA postings. Schedule employee group discussions and reminders about expectations and rules. Plan for safety training and defensive driving, equipment certifications, harassment and discrimination courses, etc. The right training, when scheduled in advance, can save businesses huge hassle and headaches.
  7. Update Emergency Plans: These “be ready” plans need review and updates on a regular basis. Ensure you have the basic supplies appropriate to your location and potential circumstances (flood, windstorm, earthquake, etc.). Encourage employees to have their own supplies and plans for family as well. Contact info must be accessible to all.

Finally, think about the big picture: who are the key people you depend on to be responsible for coordinating your overall risk and protection program? Do they clearly understand your priorities and expectations? Make sure you are delegating with knowledge and oversight, and not abdicating without paying attention.

Need help with resources or have questions? I’m always standing by:
510-685-3883 | charles@risksmartsolutionis.com

Data Loss

Yes, this is another reminder! Aren’t we all tired of hearing about hacks and breaches and identity theft? There are almost daily articles, warnings and some huge, disastrous examples – it can be easy to become blasé.

All experts agree – whether your company is big or small – it’s not if, but when you’ll get hit.

Prevention is still important:

  • Stick to training and pay careful attention to phishing – a very common cause of breaches.
  • Use software, tools and updates to prevent easy access.
  • Take great care with mobile devices, public WiFi, and working from home where protections may not at the same level. Also implement employee training.

Prevention on its own is no longer sufficient – you must have a mitigation or response plan (not just hope for the best)! Start with three questions:

  1. Who needs to be involved?
    • You’ll need a team of both internal and external experts.
    • A plan needs to be implemented; it’s the people, flexibility and resources that are key to success.
    • Outside expertise starts with an experienced attorney who can help manage the process, assist with regulatory notification, and keep confidentiality foremost.
    • IT specialists, engaged by your attorney, are critical in determining what happened, how to fix problems, and carefully preserving evidence.
    • A PR firm to assist with managing and restoring your firm’s reputation.
  1. What steps must be in your plan? You will need to figure out and know:
    • What exactly happened: an intrusion, theft of exactly what data, destruction or lock-down of your website, etc.?
    • What are the possible implications: lost revenue from inoperative website, ransom demands, identity theft of personal or health records?
    • What notifications are required by law and/or to protect your reputation: police & FBI, SEC, individual victims?

Remember plans must be tested and practiced to succeed in times of chaos.

  1. How can back up be helpful? You don’t have to do this on your own!
    • There are many websites to help with information and experts. Search for “data loss help,” for example.
    • Consider cyber liability insurance, it’s a great option and provides many resources. On the insurer’s website you can find: breach coaches (attorneys), forensic IT specialists, PR firms to help with messaging, notification services (call centers) to deal with victims, breach planning templates, employee, and IT staff training.
    • Insurance offers not only expert resources, but also can pay for most or all of these costs.

Plan – don’t panic! Call or email Charles (510-685-3883 | charles@risksmartsolutionis.com) with any questions or concerns about your unique situation. There’s never a charge for brainstorming.

Seasons Greetings from RiskSmart Tips

Screen Shot 2015-12-03 at 2.03.45 PM

Ready for El Niño?

Further to last month’s weather alerts tip, several readers asked about El Niño. This weather disturbance where Pacific Ocean temperatures alter dramatically, can bring heavy rains to the western U.S. and Canada, and dry and unsettled weather elsewhere – southeastern U.S. and southeastern Asia.

Ten Checklist Preparations

Here are 10 preps for you to protect families, homes, and businesses. Asterisks (*) below mean there is little or no coverage in your basic insurance policies!

  1. Don’t ignore the warnings – we humans are great at dismissing risks and having incomplete understanding of possible impacts.
    • In 1998 nothing happened until mid-January despite dramatic warnings – then rains hit with a vengeance.
    • In the San Francisco area it rained for two straight months!
    • Stay alert, follow the news, and make some preparations!
  2. Flooding creeks and rivers can cause huge damages. Even slopes and hillsides can become torrents when parched, and then turn into foul mudflows (resulting from flooding).*
    • Sandbags and other types of protection – like plywood sheets – need to be ready beforehand.*
  3. Flood insurance may be useful, but take action early – it takes 30+ days until you’re covered!*
    • Your normal property policies do not cover floods. And there are very broad definitions in the exclusions.
    • Landslides and mudslides and usually deemed “earth movement” are also excluded from basic policies even if rain and floods are present.*
  4. Clean gutters, rooftops, downspouts, etc. Animals and debris can quickly cause big problems.
  5. Clean or alert public works to clogged storm drains; check backup prevention valves on your property to be sure they are operational.*
  6. Beware of trees weakened by drought – they can lose root strength and fall unexpectedly.
  7. Dangerous driving conditions from severe rain can cause hydroplaning and serious accidents.
  8. Blackouts can happen unexpectedly – from vehicles or trees taking out power lines or poles. Make sure you have enough flashlights and extra batteries – candles are a no-no due to fire hazard!
  9. Emergency supplies can mean survival in dire circumstances – now is the time to update and refresh.
    • Consider supplies of food, water, extra clothing, flashlights and other necessities in vehicles and at workstations.
  • Evacuation plans must include mapping out your routes to higher ground.
    • You must be able to contact family members and coordinate locations – often someone out of the immediate area is easier to reach.
    • A “go bag” can contain essential clothing, glasses, medications, car keys, and cash for a fast exit.
    • The mantra for your gas tank should be: “half-full is empty.”

Resources

  • FEMA has many tips about flood protection and safety: ready.gov/floods.
  • So does the California Coastal Commission: coastal.ca.gov/ – search for El Niño for property preparedness checklists.
  • The National Weather Service can be a useful source for forecasts: http://www.noaa.gov/.
  • Local newspapers and special magazines may have articles of interest – search for El Niño.

Your municipal Public Works department may have suggestions and sandbags for residents.

Weather Alerts

Some risks are seasonal. The fall equinox means it’s time to get ready for weather!

Here are pertinent reminders to help you and your family, your employees and your business to be prepared. A special thanks goes to Consumer Reports and Scott Hauge, president of Small Business California for their expertise and advice.

  • Storms are inevitable. Whether it’s hurricanes or just a big rain or wind storm, your property needs protection. Water is a disaster in the wrong places! Gutters, rooftops, downspouts and drains need to be cleaned and cleared. Report clogged city drains that are nearby too. Prepare for possible flooding.
  • Heating systems will be firing up soon. Flues and chimneys can be blocked with soot, debris or animals; filters need to be changed; many systems need an annual maintenance tune-up. Getting it done now – before there’s a problem –can cost a lot less than an emergency visit from your heating specialist.
  • Smoke and CO2 alarms are lifesavers. Now is the time to check they are functioning and replace batteries. Do you have alarms in all appropriate locations? Many experts recommend photoelectric or dual-sensor detectors – not just ionizing ones. Check this RiskSmart Tip for more details and resource links.
  • Frozen pipes can ruin your whole day. Exterior sprinkler valves, water pipes, faucets and hoses need extra protection. Shut off water to exterior lines, insulate crawl-space pipes, drain water from spigots, filters, hoses, etc.
  • Auto travel can be a survival test. Make sure you have appropriate tires for your area. Consumer Reports () says all-season tires are inadequate on snowy pavement and AWD vehicles do not help in braking. Look up “auto survival kit” on the Internet for suggestions and checklists. And anywhere where severe weather can hit, the mantra for your gas tank should be “half full is empty” – filler up!
  • Power outages are not enlightening. Check flashlights and have extra batteries on hand. An emergency radio can be an excellent helpmate. Keep your devices charged – you never know when a loss of power might happen. Check/maintain emergency generators – and keep them outside! Consider an alternative way to cook meals like a propane stove and extra tanks – also outside of course!

What Weather Alert reminders do you put on your calendar at this time of year?

Disasters — 10 Ways to Be Prepared

“Disasters” for small and midsize enterprises (SMEs) can arise from many sources and come in all shapes and sizes. Many studies report that 60% to 80% of SMEs that are hit with a major disaster don’t survive … unless they have a contingency plan.

The big news items that catch our attention are usually about natural catastrophes like hurricanes, tornados, floods, and wildfires. But SMEs can also be severely impacted by death or disability of owners or key employees, strategic blunders, or by lawsuits from clients, partners, or competitors.

The costs of any disaster can be significant, and very often there is inadequate or no insurance coverage. In contrast, the out-of-pocket costs of preparation planning are tiny. And still, a contingency plan is one of those “important,” but rarely “urgent” things on many to do lists.

Simplify Your Planning

1. Make a list of internal staff and external experts who can help you get a handle on this Contingency Plan project. Jot down ideal roles and responsibilities for each. Your team can help with timetables, motivation, and input.

If feel you could use help early on, please contact me. Brainstorming is at no charge. Consulting is reasonable. Do not let yourself be overwhelmed by the seeming enormity of it all. And above all, don’t do this alone!

2. Identify your business vulnerabilities: what could be a “disaster” or crisis for your business? This is the key starting point and a good time to create a cause and impact worksheet. Team members can provide creative ideas.

3. Each vulnerability – something that could cause a disaster – can have different causes and impacts. List these on your worksheet.

4. For each “cause,” consider how to prevent a loss or disaster from happening.

5. Each “impact” will need a contingency or mitigation plan. What plans can you create in advance to help a faster and less-costly recovery?

6. Each plan step can be expanded with specific action items, team member assignments, responsibilities, and authorities (i.e., budget). This is where checklists can be an essential aid to team members.

Note: you will find many over-lapping action steps, so you’ll be able to re-use lots of steps to mitigate the impacts of different disasters.

7. Some research with outside resources may be useful to complete your action plan checklists. Expertise may include: insurance, legal, accident investigation, training courses, regulatory requirements, contingency plans of major suppliers, and clients.

8. Set timelines to get initial plan drafts, then updates with input from others. Celebrate the team’s accomplishments of even the small milestones!

9. Practice is important but often neglected. Go through each step with a tabletop exercise of possible disaster scenarios. Verify the team’s contact lists and the URLs of resources.

10. Recognize the additional benefits of prevention and mitigation planning. What operational inefficiencies have you found? What process or admin bottlenecks can you eliminate? What new aha! ideas for preventing losses have surfaced? Which team resources have you discovered as most important in a crisis?

Call or email (510-685-3883 | charles@risksmartsolutions.com) if you would like to discuss your unique situation – there’s never a cost for brainstorming!

Internet Gurus and DIKW

I was recently asked if an email about personal security was for real. It said, in big bold letters:

“Tell everyone, even the checkout-out girl … put your car keys beside your bed at night  … If you hear a noise or have a heart attack set off the alarm!”

While perhaps interesting for some people; most of the “advice” – for various reasons – was nonsense.

A colleague forwarded an e-zine about how to “Select the Right Insurance Using a Needs Analysis.” Though some of the points were valid, the two page article was over-simplified, vague, confusing, and in several places, blatantly wrong. Trying to follow their roadmap would have been time consuming and difficult, if not impossible.

How Does This Happen?

There is so much information available today, and it’s tempting to check some of it out. Sure, some sites are valuable and bulletins or advice is good – but how can you weed out the misleading, inaccurate drivel to pay attention to what makes sense?

  • Lots of business owners get tons of stuff from the Internet – they believe it and depend on it. They think they are saving money by not having to hire experts.  I see contracts, leases, safety policies, employee handbooks all downloaded, often in different pieces, cobbled together with different fonts and vocabulary.
  • I see many e-zines purporting to offer valuable advice – some information may be absolutely correct – but may not be applicable to your situation or particular circumstance. Some authors try to simplify; others seem to want to appear important and knowledgeable – a thought leader.  Few have the actual feet-on-the-ground business owner experience and understand the issues, subtleties, problems, or sinkholes.

Coping Skills

  • You often need quick facts or comparisons to make a decision. To paraphrase Ronald Reagan, as soon as your need goes beyond Information in the DIKW pyramid, you must trust, be skeptical, and verify.
  • Remember to consider the difference between an investment and an expense. Money out the door always looks like an expense. Always ask the question – am I considering if this might be a critical investment?
  • Engage and cultivate advisors with real expertise that you can trust and rely on. You want the ones who have been there, who have struggled with and resolved issues and problems, who will tell you the truth, and who are without ego and conflicts of interest.

What’s your experience and what are your skills to avoid being blindsided? What mistakes have you made? Please share your comments on the blog.

Image courtesy: ConceptDraw.com

Who Should Read Your Insurance Policy

This article, from Aldridge & Cox, Risk Management Consultants (www.aldrichandcox.com), addresses a pet peeve of many clients, and of course, me! It’s well-written and right on target. 

Do policyholders read (and understand) their own insurance policies?  Perhaps a better question is, do agents and brokers read (and understand) your insurance policies before they are delivered to you? The fact is that many insurance agents and brokers are trying to avoid Errors & Omissions claims by dutifully telling their insureds to read their own insurance policies, thereby hoping to avoid responsibility for any mistakes or gaps in coverage.

It certainly is always a good idea for policyholders to read their insurance policies and to have at least a general understanding of the coverage they provide. Let’s face it, however, most policyholders don’t. Nevertheless, at a time when insurance agents and brokers are striving to be perceived as professionals (not just sales people), shouldn’t a policyholder reasonably expect their insurance agent/broker to read their insurance policies before delivering them? Shouldn’t a policyholder expect their insurance agent/broker to advise them on their insurance needs and the extent to which the policies they are purchasing meet those needs?

Unfortunately, it has become a standard practice for many insurance producers, when sending insurance policies to their clients, to include language in their cover letters that is clearly intended to shift their own duties and responsibilities to their clients. For example, one producer says, “Please examine [your insurance policies] carefully to make sure the limits of coverage meet your needs and that no items have been omitted.”  Another says, “It is important that you review the policy and advise us at your earliest opportunity of anything which you believe is not in accordance with the negotiated coverage and terms.”  Still others say, “Please read your policy.  If there are any errors or if you have any questions or need to make any changes, please contact our office immediately.”

The truth is that most policyholders not only do not read their policies, they probably don’t even read the transmittal letter from their producer, so they are not aware of the subtle (or not so subtle) attempt to shift responsibility.  The next time you receive your insurance policies, look to see if your insurance agent or broker is telling you to carefully review your policies or to advise them if you find any problems in the policy.  If that happens to you, consider sending a letter or e-mail to your agent or broker along the following lines:

“Thank you for sending me my insurance policy.  As you suggested, I have read

through my policy but, to be honest with you, I don’t really understand much of

what I read. It is a little confusing. Nevertheless, I know when I selected you as

my agent/broker I did so knowing you were a professional. Consequently, I am

confident that you have thoroughly reviewed my insurance policy as well as my

insurance needs, that you have taken any corrective actions necessary and/or

communicated to me any steps I may need to take to ensure that my insurance

protection will reasonably meet my needs.”

 We’d love to see the agent/broker’s reaction!

— Charles H. Cox  (cox@aldrichandcox.com)

Call or email (510-685-3883 | charles@risksmartsolutions.com) if you need to discuss your unique situation or need help drafting a letter! There’s no cost or obligation for brainstorming.

Workers’ Comp Nightmare

One of the biggest shocks clients experience is when, after years with no injuries, a moderate accident occurs and a worker is injured. What often comes next is difficulties finding the insurer’s medical clinic, miscommunication between the worker and the insurer, delays, prolonged recovery, frustration, and high healthcare costs.

Workers’ Comp rates are calculated by comparing “expected” losses, which are surprisingly small in dollar amounts, with actual medical costs that will be incurred. That calculation creates a premium modification (“ex-mod”) that can be excessively high even when there’s a moderate loss.

The pain is shocking

  • The ex-mod causes your premiums to skyrocket two or three times the previous level, and they continue that way for three years.
  • OSHA often gets involved due to your “high hazard worksite” (just one non-catastrophic injury!) and mandates an “enforcement inspection.”
  • The distraction and costs of getting ready, updating safety policies, collecting training documentation and coordinating with employee files can be huge.
  • Fines and penalties – including worksite shut-downs – can be ruinous.
  • Many contractors with high ex-mods are prohibited from project worksites.
  • And then your worker can get fed up with all the delays and engage an attorney to start a lawsuit.

Lots of employers, rightly or wrongly, feel angry, bullied by an illogical system, and forced into expensive, superfluous, bureaucratic measures. Many do not prioritize – up front – the time, effort, and investment needed to support a successful safety program: effective policies, a collaborative culture, and regular conversations. After an accident it’s often too late.

Relieve the pain with some simple steps

  • Stay on top of all the different aspects of your safety program.
  • Invest in the right policies, tools, training, and outside resources.
  • Keep safety top of mind in all employee conversations – at the same time as discussing work timetables, project schedules and business productivity.
  • Make sure any injury is closely monitored –
    • Weekly contact with the worker by you or someone on your staff.
    • Monthly updates from the claim adjuster to your broker.
  • Push, push, push – with pleasant persistence – for action to resolve any delays or stumbling blocks.

Every safety professional I know and every study I’ve read say that it costs $6 to $10 to fix a safety problem that $1 would have prevented. Think about it: we all need to recognize that these are investments not expenses.

 

Cyber Drill Down #3

This Tip is the third and final installment of the Cyber Breach Response series. So far, we’ve discussed the costs of a data loss, the benefits to your reputation of having a plan, and the likelihood that any business can and will be attacked.

We’ve also outlined how to prevent a data loss, ways to quickly discover a breach, and notification requirements. Now your final plans need to focus on 1) options to protect the victims and 2) pro-active communication to your different audiences.  These can go a long way to ensure understanding and prevent lawsuits.

Protecting Victims  

The options are evolving. The standard use to be credit monitoring (CM) and that can be important if SS numbers have been compromised. CM protects only from new accounts being opened, not activity on existing accounts.

A more popular protection choice is identity theft recovery – where expert analysts go in and fix existing credit, financial, or healthcare accounts and watch for future problems. All impacted persons (victims of the data breach) are given free access to these services and they can call for help whenever they discover trouble.

Combinations of options are also available, and you need to decide how long the protection will last (often 12 months). Many data loss prevention vendors offer multiple response solutions.

Communication  

As always, in today’s competitive world, you must be ready to pro-actively communicate with many audiences. This is true not just for the notification stage, but also along the way as you discover more details and implement improvements, as well as after the work is done.

Transparent, honest communication can reassure existing and potential customers, vendors, regulators and the media that you have the situation under control. It starts to re-build your level of trust.

Very few people today expect their personal data to be risk-free. They do expect solutions, improvements, and reassurance.

  • Be ready – draft messages that you would like to get if you were in their shoes.
  • Watch all areas of communication: email, websites, social media and Yelp-type comments.
  • Line up your resources in case any of this becomes overwhelming.

Financing

Finally, there are relatively affordable data/network security insurance policies available to help pay the costs of most areas of your breach response. Request proposals from your insurance broker and evaluate the cost-benefit.

Call or email me (510-685-3883 |  charles@risksmartsolutions.com) with questions, concerns, or for ideas on how to get started. There’s never a cost or obligation for brainstorming.

Cyber Drill Down #2: (Even More) Steps for Keeping your Company Safe

Responding to a data breach can test your organization’s survival readiness. Many have no plan, no resources, no insurance protection. Could you be risking all you’ve built?

The previous RiskSmart Tip talked about prevention steps you may need to implement. But that’s not all you need to help make your business safe. Next, you must: 1) recognize when there’s a problem and 2) notify everyone involved in a timely and professional manner.

Recognition

It’s now common knowledge that hackers are well ahead of any security you may have. Experts say it can take weeks, even months before firms even find out there’s a problem. But that doesn’t mean you have to give up!

Your focus must be not only on preventing access to hackers, but equally on discovering their presence as quickly as possible. There are software mapping and logging tools that can monitor your Internet traffic and uncover anomalies. There are experts prepared to assist you in setting up and monitoring your systems, training IT, and helping other employees to recognize when something’s not “right.”

For example, phishing is becoming very devious and effective, and social media is now an easy way to break into corporate systems. After a second or third re-boot in a day, it’s time to check with IT for expert help and make sure all is okay.

Costs are coming down to more affordable levels. The shorter your time to discovery, the better you can limit your losses. Resources include:

  • AllClear ID (allclearid.com) has an affordable system of protecting all your customers and employees from identity theft – the primary concern of impacted persons.
  • Fidelis Cybersecurity Solutions (fidelissecurity.com) offers pre and post breach services with advanced technology to figure out exactly what happened and better estimate the possible consequences.
  • Other vendors, like Trend Micro (trendmicro.com), known for antivirus software, are getting into more pro-active network security solutions.

Notification

Even when there’s just a suspected breach, most states require written notification to any and all potentially affected persons within strict time limits.

This can include customers, patients, employees, vendors, or suppliers. Also it often includes regulators, the police and FBI, and possibly other state and federal officials.

  • What’s your contact plan? Do you have all necessary address information readily available?
  • Who’s going to do the work? There are many outsourced solutions like call centers.
  • What will you say? And what protections will you offer? Setting up communication templates in advance can make you look much more professional and prepared.

Notification will be most effective if you get specialized legal and IT forensic advice, and usually hands-on assistance. You must quickly determine exactly what happened, what was lost, and you must preserve all the evidence. And it all must be done while repairing your IT systems and getting your business back to full speed.

Call or email if you’d like to discuss a concern – or share any solutions you have discovered. I’d be pleased to hear from you (510-685-3883 | charles@risksmartsolutions.com).

Cyber Drill Down: Steps for Keeping your Company Safe

We’ve discussed the costly impacts of a data loss in Where’s Your Data? and began talking about a Cyber Breach Response plan last month. Additionally, future Tips will provide more detail on how to protect your business from problems, hassles, and lawsuits. Once you have identified a risk, the first risk management step is always prevention.

  1. Prevention:

There are two major areas to focus your attention on if you want to prevent the costs and hassle of a data breach: employees and passwords. Most business owners don’t realize the importance of these very fixable flaws.

A recent IT Managers survey surprisingly reported 78% of data loss came from negligent and careless employees who were not following company policies. Personal devices and cloud storage all had significant and negative impacts.

Action

  • Employee policies, training, reminders, and enforcement are where you should start.
  • Brainstorm about how mistakes happen, such as, email auto-fills and other recent hacking attempts employees have seen.
  • Beware of “free” offers and strange emails from “friends.”
  • Discuss personal email received on company computers – this and social media messages are how phishers get into corporate databases.
  • Make sure everyone understands how mistakes can be disastrous.

Weak and shared passwords were the second biggest culprit.

Action

  • Again, employee policies, reminders, and enforcement are needed.
  • Automate that passwords must change every 90 days.
  • Mandate “strong” passwords – use available websites to test strengths.
  • No sharing! Ever!

Additional protection tactics:

Action

  • Regular, automatic software updates.
  • Segregated databases with passwords and encryptions for sensitive data.
  • Regular virus and malware updates, and complete scans.
  • Robust firewalls – both hardware devices and software.
  • Highly protected office Wi-Fi, and policies about use in public areas.
  • Automatic offsite back-ups – real-time/daily/weekly.

Resources =

Call Charles for a no obligation discussion about your concerns and questions.

Cyber Breach Response

We humans have an ingrained “It won’t happen to me” attitude, as well as a head-in-the-sand reaction to things we don’t – or don’t want to – fully understand. It’s part of our nature.

However, there are millions of cyber-incidents every day in the U.S. – yes, millions per day! And any one of them could happen to you. Hackers stole personal information from 110 million accounts in 2014. And it’s not just focused on large government agencies or mega-corporations. Human/employee error was responsible for 96% of successful data breaches – either responding to phishing emails or the free iPad offers, or just sending out sensitive data to the wrong email addresses. And 25% of data breaches are from paper files.

As you can see, no one is exempt.

The costs can be significant – they include:

  • Business downtime, distraction and the cost of ruined hardware and software
  • Reputational damage impacting customer trust and continued shopping
  • Fines and penalties by the FTC and the Department of Health and Human Services (HHS).

An Idaho hospice was fined $50,000 for the loss of less than 500 patient records by HHS’s Office for Civil Rights. They had no policies or procedures for mobile device security (laptops) that contained HIPPA records.

So businesses must consider a data breach as almost inevitable: it will happen to you!

You need a Response Plan

There are five basic steps to create a simple, practical plan

  1. Prevention is always the risk manager’s first step – let’s do everything reasonable to prevent a data breach from happening. This means cyber and data security and employee training.
  2. Recognition of when a breach has been attempted or already occurred is missed by many small and mid-sized organizations.
  3. Notification must be handled quickly to avoid fines, and accurately to minimize costs. You need immediate access to a specialist privacy attorney and competent forensic computer analysis people.
  4. Protection for customers, clients and employees is key to avoiding lawsuits and making victims feel cared for.
  5. Communication must be ongoing after any major incident to close the loop and restore confidence with customers, regulators and employees.

Future RiskSmart Tips will dig deeper into these five steps with more detailed help.

Cost – Benefit

Your Plan doesn’t have to be elaborate, but having these steps mapped out is a proven best practice. There are myriad examples of companies – large and small – who dropped the ball and got themselves in significant financial difficulty.

  • You must respond quickly – to all your audiences: employees, clients, regulators.
  • In a potentially chaotic situation a planned response is one that works.
  • A response plan makes you look organized and professional – not up the proverbial creek without a paddle.

Call or email with questions or for no obligation help getting started.

Annual Risk and Protection Checklist

yes no maybe stoplight photoThis month’s Tip is your reminder to get going with your prevention plans! As you organize your priorities for the New Year, remember to include the following.

Below are seven key risk and protection reminders for your checklist. Many of these we know are important, yet they’re often not immediately urgent, so they fall to the bottom of the pile. That’s why an annual schedule for these updates on your calendar is great for avoiding last-minute panic.

  1. Update asset lists. Inventories can get quickly out of date.  Think about equipment, vehicles, shop and office supplies, computers and software licenses, contact information, etc. Quarterly reviews can keep these top of mind.  Keep updates offsite and secure.
  2. Update values. Asset values – for buildings, equipment, inventory, etc. – can vary from normal inflation for lots of reasons. Don’t get caught short in the event of a loss. Review quarterly with your asset lists above and advise your broker if you need increases. If you can’t get these done, schedule “project steps” and perhaps a summer or holiday intern to help out.
  3. Schedule key dates. Keep track of renewal dates for licenses, leases, client retainers, service contracts, insurance, certifications, website URLs, etc. on several people’s calendars. Add notes about who else needs a “heads up” to be involved.
  4. Insurance protections. Meet with your insurance professional at least once outside of the “renewal” period. Ask about new trends in legal, coverage, and insurance rates. Talk about changes to your business and find out the “hot” risks that need your attention. Then block out time for renewal applications and benefit program updates, employee communication and enrollments.
  5. Safety. This can be vital to employee morale, customer loyalty and your business survival. Make sure your IIPP (injury and illness prevention plan) is up to date as required by many state laws. Schedule regular safety committee meetings, and get the right equipment (PPEs). Ask your insurance broker about free insurance company services and inspections.  Also get locations of emergency medical clinics nearest you and your work sites: each employee should have an appropriate list immediately accessible.
  6. HR issues and Training. Plan for employee handbook updates, new policies and updated legal postings. Schedule employee group discussions and reminders about expectations and rules. Plan for safety training and defensive driving, equipment certifications, harassment and discrimination courses, etc. The right training, in advance, can save businesses huge hassle and headaches.
  7. Update Emergency plans. These “be ready” plans need review and updates. Ensure you have the basic supplies appropriate to your location and potential circumstances (flood, windstorm, earthquake, etc.).  Encourage employees to have their own supplies and some plans for family as well. Contact info must be accessible to all.

Finally, think about the big picture: who are the key people you depend on to be responsible for coordinating your overall risk and protection program? Do they clearly understand your priorities and expectations? Make sure you are delegating with knowledge and oversight, and not abdicating without paying attention.

Need help with resources or have questions? I’m always standing by: 510-685-3883 or email charles@risksmartsolutions.com.

Where’s Your Data?

In Florida, a healthcare provider was recently charged with a lawsuit in light of a data breach. The results of their case mandated these specific precautions:

  1. Security awareness and training programs for all employees
  2. Training on laptop use and security
  3. Additional security, including GPS tracking, on all laptops
  4. New password rules, and full disk encryption on all equipment
  5. Physical security upgrades at all offices
  6. Updated written security policies and procedures

But wait! Aren’t these the security measures all organizations with sensitive personal data need to take in the first place? It’s 2014 and security breaches are everywhere. But do you know where your data is?

Where are the big gaps?

With hackers moving at the speed of light, “gaps” can be anywhere.

  • Employee data – personal, financial and health
  • Customer credit card data that is kept for “convenience”
  • Passwords may be weak and vulnerable
  • Shared data – perhaps with a consultant, or an outside marketing or IT service firm
  • Confidentiality promises in contracts with clients
  • Road warriors using public Wi-Fi – with personal devices
  • Archived data, often forgotten, in the bowels of your computers

More than 50% of small and mid-sized U.S. businesses have had at least one data breach. Hackers want confidential data they can sell and they know how to get it.

What to do?

Well, let’s start with the six steps listed above:

  • Training employees is no. 1: what is personal information, how to recognize phishing emails – even from friends – and how to keep personal and business email separate.
  • Security software – and hardware, like firewall devices – must be continually updated.
  • Passwords are a classic weak link – insist on new ones every 90 days. (If you have too many, use a password manager program.)
  • Lock up all servers, encrypt all data, prevent USB downloads when no one is looking, and explain to employees why these steps are needed.
  • Update Data retention/destruction policies and get rid of obsolete, potentially dangerous, data and files.

Call me (510-685-3883) or email (charles@risksmartsolutions.com) if you need clarifying, no-obligation discussion about how to get this done. RiskSmart Solutions can help if you need assistance.

Planning on a Disaster?

Humans are wonderful procrastinators. Our knee-jerk defense is, “Well, it won’t happen to me…!” And yet hardly a week goes by without news of businesses and homes destroyed by wildfires, floods, tornados, hurricanes and earthquakes.

Prepare for survival

We can’t prevent natural disasters, but it’s not hard to prepare for survival. Large-scale losses like these mean you will be on your own for days or weeks. How long is too long for your business? Government assistance is known to be slow and quite limited; and insurance settlements, if any, will certainly be delayed.

So contingency or response planning – to mitigate your down-time – is all you’ve got. One basic or generic plan can work well for different contingencies. Are you going to have something ready? Or will you wing it?

Questions needing your attention

  • Do you have readily accessible (from anywhere) contact information for employees, customers, suppliers and recovery experts (legal, tax, insurance)?
  • Are your business-critical processes written down step-by-step so anyone can follow? Have at least two employees been cross-trained in each of these critical tasks?
  • Can employees work securely from off-site? Have you tested it recently?
  • Where’s your data – on a disc or USB drive or in the cloud? Is it really accessible?  Have you tested it recently?
  • If you need to shelter in place, do you have adequate supplies for all employees?  What else needs to be prepared? Have employees taken personal precautions?

Resources

Call me (510-685-3883) or email  (charles@risksmartsolutions.com) if you need clarifying, no-obligation discussion about how to get this done. RiskSmart Solutions can help if you need assistance.

And, of course, if you have other resources to share please let me know and I’ll pass them along.

 

Stop! You’re Driving Dangerously!

Driving is dangerous enough by itself – and with rush hour traffic all day long, tight schedules and all kinds of cars, trucks and motorcycles trying to change lanes in front of you, it’s even worse.

  • The National Safety Council reports that “Highway incidents remain the leading cause of occupational death” – estimated at 35% to 40% of all work fatalities.
  • When you add cell phones to driving as an added distraction, you have a killer formula. The NSC again: “… driving while talking on a cell phone puts drivers at a four-times greater crash risk.”
  • Texting or emailing while driving causes these statistics to skyrocket – up to 23-times greater collision risk.

Employers can be Liable

Many businesses encourage workers to be connected and available at all times.  Customers insist on fast answers, and after-hours questions and calls have become the norm. These expectations dictate employee behavior and can make employers liable for auto accidents, injuries and deaths – even during off hours.

Recent examples have employers settling lawsuits for:

  • $4 million: an off-duty police officer was texting before a fatal crash that killed a college student
  • $5.2 million: an employee was speeding and talking on a company-issued cell phone when he rear-ended a woman who lost her arm in the accident
  • $21.6 million: an employee in a company vehicle ran a red light while talking to her husband on a cell phone at the time of the fatal crash.

[Sources: Bureau of National Affairs,www.bna.com; www.nolo.com]

“Most employers don’t realize they’re exposing more of their corporate assets than in any other way” when employees drive on business, says a representative of Liberty Mutual Insurance. The annual cost to businesses of auto accidents and cell phone use is estimated at more than $60 billion.

Make an Impact

While it may be unrealistic to eliminate all cell phone use while driving, here are several measures that will promote safety and protect you as an employer:

  • Update driving policies: A well-written policy – that is enforced – can significantly improve safety and minimize your liability.
    • Define and limit work-related cell phone use while driving.
    • Regularly explain your policy – tell everyone about the safety concerns.
    • Employees who are “on call” can check in before leaving or after arriving at the next appointment.
    • Provide defensive driving courses for all employees.
  • Set the example –
    • Minimize/eliminate your conversations while driving. Don’t answer in heavy traffic; ask others to keep it short and send you an email so you don’t have to take notes.
    • Notice when the person you are calling is driving and schedule a call for later or send an email.
  • Insist your employees and co-workers do the same – for their safety and your own. Not only can you lose a key employee, but you can be liable for all bodily injury and property damages caused.

Have a safety question or insurance concern?  Email or give me a call – but not from your car! There’s never an obligation and I’d be pleased to hear from you.

 (510-685-3883 | charles@risksmartsolutions.com)

Insurance Account Reviews

Most clients don’t initially understand all the services their insurance broker can provide. An annual account review is an excellent example and a great learning experience.

What’s an Account Review?

It’s an opportunity to update your knowledge of insurance exposures and fine-tune your coverages.

  • Pick a date mid-year to your policy expirations – when there’s little insurance stuff going on. This should mean the broker’s not “selling.”
  • Think about what you’d like to learn or know about risk or insurance – for free! Also determine if there is someone else in your business who could learn from being present.
  • Be proactive to make it worth your time … read on.

Plan your Meeting

  • Invite your broker to lunch – with a tour around your business beforehand.
  • Point out anything new – equipment, processes, products or services, major vendors or customers.
  • Get his or her experienced, “new set of eyes” view of your operations to uncover new or unexpected risks.

In a risk assessment factory tour the client showed me a “de-burring” operation with a very fast turning drill press-type machine. When I noticed the woman working there had long hair with no net or tie-back, I asked him quietly to have her stop the machine. I then explained and showed her what could happen if her hair got caught in the spinning equipment. The “new set of eyes” was a lucky break for all involved.

  • Introduce your broker to several of your specialist workers and have them express their opinions about risks and concerns.

What are your To-Dos?

  • Over lunch, take time to make notes about anything you’ve both learned: any recommendations, resources the broker may have, or things to consider.
    –   Can a safety or loss control expert make an inspection?
    –   Can someone speak to your safety committee or at an employee meeting?
  • Ask about insurance market or legal trends.
    –   What new coverages, exclusions, or price increases are around the corner and how you can prepare?
    –   What new lawsuits have been happening?
  • Talk about the timing of the next renewal process so you know what to expect.
    –   Update your calendar and alert colleagues about information needs.
    –  Make clear to your broker that you want proposals at least two weeks in advance of the renewal date.
  • Finally, work on your business relationship with your broker – family, hobbies, vacations, recent professional courses, and most importantly who should you think about referring to him or her as a possible new customer.
  • Re-schedule the account review process for next year!

What could make your risk and insurance management easier and more cost-effective?

Call or email to discuss questions or concerns: (510-685-3883charles@risksmartsolutions.com)

How To Train Your Attorney

Do I hear a snort?  Or possibly an “Oh, sure?” Does the title sound like How To Train Your Dragon? And when you question an invoice you’ll get your eyebrows singed off?

For many reasons, lawyering has evolved. Remember when your family doctor, the local GP, knew and did everything? Today they are all medical specialists and are questioned and second-guessed by many patients. Attorneys are the same, and most realize they don’t have all the answers. Working in concert with clients is not frowned upon.

Where do you Start?

Like it or not, for health and survival you need your doctor, and your business needs an attorney. The first step is choosing the right attorney for your industry, business, and legal needs.

Find the best person for the job by:

  • Interviewing several. Tell them what you’re doing, request a no-cost meeting, and pay attention to their “fit” with you and your business style.
  • Asking about their areas of specialization and how they can get you other expertise when you need it. Make sure you understand what “privilege” means.
  • Inquiring about the office staff – is there a back-up team for an urgent matter?
  • Discussing fees and flat-fee options for certain work like contract reviews. Are they open, flexible, and even pro-active in helping you manage costs? Insist on regular billing – not a huge whack six months down the road.

Getting Down to Work

  • Once you’re comfortable and think the relationship can work, explain your business in depth and your risk concerns.
  • To address your legal needs, I recommend you ask them for ideas from their experience before telling them what you think you need.
  • Ask how they have handled these issues for others – get “real” stories and examples.
  • Ask how they handle disagreements with clients. Do they use a written service agreement? You want an advisor who works with you, doesn’t tell you just what you want to hear, or gives ultimatums.

Address Future Issues

  • What could come up to derail all your plans? Raise issues now while everyone’s friendly. Be open and brutally honest about you and any potential problems.
  • Will they take an active role in learning about you and your business? How do they charge for that learning curve?
  • Can you create a plan to prevent a legal emergency? Will they accept a heads-up email that something’s coming up and work with your schedule?
  • How will they make sure you have complete understanding of their guidance or recommendation? Can they provide a legal dictionary and a lower paid clerk to clarify or explain a complex or obscure remark?

You should also quiz them on whether they’re willing to have a general discussion meeting at no charge once or twice a year. Ask them to lunch, then learn about legal trends that could impact you, contract revisions to better protect all parties, etc.

Anything you can do to proactively manage the relationship will be good for you and your attorney. You need someone you trust, respect, and enjoy doing business with.  With some focus and discipline it’s easy to train your attorney – and yourself – to get the best for your business and peace of mind

Call or email Charles (510-685-3883 | charles@risksmartsolutions.com) if you need more details or have a unique situation – there’s no obligation.

Safety Training and Recordkeeping

This is the last of RiskSmart’s Safety Series discussions (see Tips #85-#88 to see the previous posts). These will be consolidated into an e-book shortly and made available to subscribers.

Two final elements of any safety plan are training and recordkeeping. These are not afterthoughts, but essential foundations and where the plan must start.

Successful Training?

“Training” is talked about all the time, but often results in useless, time-wasting activity. “Didn’t he/she take that electrical safety course? How could they be so dumb?”

Anyone experienced with adult learning knows the key elements of success:  management involvement (not just support), interactive sessions with active discussion and worker stories, and take-always that serve as memory-joggers during a workday.

  • Management must be actively involved in actual training sessions – show up for tailgate or toolbox meetings; show you are really interested and concerned, use your own words, listen, and walk the talk.
  • Interactive training is when there are exercises, input from different workers and stories volunteered about when “OMG, that almost happened to me.” An experienced worker sharing his/her near -miss can have huge impact.

Recordkeeping can be a Stay-Out-Of-Jail Card!

Good documentation is critical – in a myriad of ways.

  • You need to have training records for each course and worker to confirm what was discussed and who was there. Noting a worker’s input and stories can also show it was not a “remote” session.
  • Create notes to file for each worker – noting positive and need-improvement comments and follow-ups show pro-active, constructive management.
  • Keeping training records and certifications up to date can avoid hassle and lost -time on the site and with any incident analyses or accident investigations.

Good, positive records can boost morale – especially when you remember someone’s input, story or safety alert to protect others. They can also mitigate liability in the event of a serious lawsuit. This should never be “just” an admin task.

Get Moving and Get Help

If you’ve followed this series of tips you know this is not a time to procrastinate. So many clients tell me, “I worry about safety every day, but ….”  They still haven’t started their plans, or training sessions, or discussions with workers – nothing except worry. That inaction could be worth fines, penalties, and even shut-downs.

Ask who is interested and might be willing to help; delegate some small project pieces. There are lots of available resources for all participants:

  • OSHA (www.osha.gov) is chock full of information: Training, regulations, alerts, newsletters, and FAQs.
  • OSHA Consultation Services are free and offer confidential advice to small and medium-sized businesses – completely separate from enforcement.
  • Some insurance brokers and insurers offer inspection and prevention services.
  • Independent consultants often have expertise to lead and implement projects.

Do you need a sample IIPP or help navigating the OSHA website or consultation services? Call or email Charles (510-685-3883 | charles@risksmartsolutions.com) to talk about your unique concerns or questions.

Correcting Safety Hazards

We’ve talked about a Safety Plan as a critical foundation to ensuring business survival.  Many businesses round out the culture of Safety by including product and service reliability and quality – or as one client’s work shirts say, “No Excuses.”

The previous Tip (#87, Communicating Safety) discussed the best techniques for identifying safety hazards.  Here we’ll address what to do once you’ve identified or discovered a dangerous work site, piece of equipment or job requirement.

Of course where immediate dangers to people or property exist, you need to take preventative action quickly by removing people and protecting property from injury or loss. When the danger is not immediate, evaluating the potential severity, likelihood, frequency and cost is often a wise first step.  A risk register type of analysis can be useful in prioritizing the best place to start.

Risk register

This can be a simple chart where:

The likelihood that an injury or loss will occur is identified – from “Certain” to “Rare” – and compared to the severity and frequency of a hypothetical accident that does occur.  Both the costs of the damages and the cost to correct the problem can then be added to the chart or matrix.

Here’s a simple example showing how this can help decision-making.

Description of Risk Likelihood Consequence / Frequency Responsible Person Cost of Loss Cost to Mitigate
Safety of staff and people engaged in the project Moderate Very High / Low General Manager, Superintendent $10 m $10,000

Safety hazards can be corrected, in order of preference, by engineering controls (machine guarding, improved equipment), administrative measures (ensuring training and expertise, limiting exposure time), and personal protective equipment.

What’s next?

The risk register is used for all business risks, not just safety, and it can be an effective learning tool in Accident Investigations – the next step in your Safety Plan.

  • First replace Accident Investigations with Incident Analysis – you’re not looking for blame, but for things to correct.
  • Then find ways to have every worker report any near-misses, workplace hazards or concerns – permitting anonymous reports is fine.  Any hazard should be reported.
  • Analyze the issue and report back to all employees.  It’s okay to do nothing if the there’s no real priority on the risk register – the analysis should be open to all for future updates.

What’s your experience with finding and correcting hazards?  How about getting lots of reports and analyzing what can be improved?  Add a comment below.

Do you need a Hazards checklist or a sample IIPP?  Call or email Charles to talk about your unique concerns or questions. (510-685-3883 | charles@risksmartsolutions.com).

Communicating Safety

(Part 3 of the Safety Series.  See Tip 85 and Tip 86 for the entire series.)

A Safety program is a living, growing, changing system.  If not – if it’s on the shelf – it won’t survive day-to-day problems and priorities.  And everyone will be surprised when the accident does occur.  Everyone except OSHA, that is.  And they’ll wonder why that Safety policy wasn’t read, trained, understood or taken seriously.

This Tip touches on two more areas of a robust Safety Plan: communication and identifying hazards.

Communication

Regular communication is the lifeblood of an effective Safety program.  It must be an “all-the-time” priority at every level and responsibility: engage in open, non-judgmental, everyday, back-and-forth, up-and-down conversations; distribute articles; hold safety meetings, get input, ensure understanding.

One effective technique is for all those at the “top” giving permission to everyone else – “Please remind me / tell me if I ever forget to be safe.”  This is best done person-to-person, not by email or bulletin board, and over and over so it sinks in.  Encouraging others to make the same requests will help ingrain Safety into your company and team culture.

Identifying Hazards

Hazard identification is the most important active element of any Safety program: the goal is to identify and evaluate unsafe work conditions so that accidents, injuries, and job related illnesses are minimized, if not completely eliminated.

And this is a great way to further communication and teamwork.  Each unit can identify safety hazards in its own workspace, and often add great perspective to other areas.  Be comprehensive and accept all input:  a hazard does not have to be life threatening to be noted and perhaps eliminated.  The longer the list and the broader the participation, the more understanding you’ll get and the safer you will become.  Don’t forget to insist employees do a safety analysis at every jobsite or when new equipment is added.  This is called a Job Safety analysis or JSA.

A client recently told me he was surprised and angry to have found sloppy, overcrowded work areas in his shop.  We talked about how best to get the “needs improvement” message back to employees in a meaningful way.

He concluded that to have a small shop team meeting, ask them for input and request they make a “before and after” presentation to all staff would be much better than public embarrassment or a discipline process.

He made a great decision and made this one team a positive part of the solution – not of the problem.

What’s your experience with teamwork or Safety communication?  Add a comment below.

Do you need a Hazards Checklist or a sample IIPP? Call Charles (510-685-3883) to talk about your unique concerns or questions.

The First Steps Toward Productivity, Quality and Safety

Many business people don’t quickly and easily connect the three areas mentioned in the Tip title.  How often do you see that?

In simple terms, Productivity is “on time, on budget” and enhancing the bottom line profits of the firm.  Quality is producing products and services that meet or exceed customer expectations.  And Safety is preventing injuries to both workers and the public who may be impacted by any operation or vehicle of the company.

As Rodney Grieve says in Defend Your Profits: Safety Tools for Bottom Line Improvements, senior management must communicate the Productivity and Safety messages at the same time and as one, unified concept.  If not, these two easily become polar opposites:  the first becomes just “profits” and the second slides down the list of what is important.  When a line supervisor says, “We gotta get this done pronto,” Safety (or Quality) – for the average employee – goes out the window.

Responsibility

The first step in effective Safety is showing who is responsible for the plan and can make updates and listen to suggestions (see Safety Program, the first Tip of this series).  This person is often supplemented by managers and supervisors who are also responsible.  These people are identified in the plan and must walk the talk – and do more walking than talking!  Employees can also be identified as responsible for reporting safety lapses or their concerns.

At a commercial yard where some noisy, dusty work was being done I noticed the employees nearby were not wearing their protective gear.  Then I saw some top management folks walking out through the yard without protective gear either.  I asked for a special management meeting to give my strong opinion.  Fortunately, they got it immediately and one of them volunteered to be “the champion” and help everyone comply with safety policies.

Compliance

This is the second section of the plan and reinforces that everyone follows the rules and watches out for each other, training is encouraged and safe actions are recognized.  Supervisors often need training to understand the goals, apply the rules fairly, and use progressive discipline.

The key is the critical connection between Productivity and Safety mentioned above.  First, employees need understand the business: where do revenues come from, and what expenses are paid – including the costs of losses due to injuries and lawsuits.  The bottom line is their jobs depend on great safety results.  If they don’t get this concept, it won’t work. 

I once noticed the safety manager in the shop without the required safety glasses and hard hat.  No employee said a thing – of course, this was top management.  I related to the manager later that one of the most effective ways to engender teamwork at all levels is to be the first to ask others, “Please tell me if/when I’m doing something wrong so I can correct it and go home with all my parts.”  Once that happened, others started asking for the same “watchdog” approach from teammates. Incidents and accidents decreased and teamwork soared.

Safety and the Bottom Line

In the past three to five years I’ve become painfully aware how fundamental safety is to risk management and to business owners’ bottom line.

I’ve seen workers’ compensation “experience mod” rates soar with: a couple of nasty – but preventable – worker injuries; a shoulder “strain” that morphed into surgery and 9 months of rehab; a lost finger in a saw with a new OSHA-mandated guard; a worker crushed in a baling machine when “just” removing some snagged cardboard.

Costs can skyrocket ~

Not only can Workers’ Comp insurance premiums increase – sometimes dramatically, but some liability insurers will also increase premiums when they become aware of “sloppy” or unexplained WC losses. Business executives can become bogged down in OSHA inspections, recommendations, fines and penalties and sometimes shutdowns.  Some of your customers – especially in construction – can impose restrictions on your work rules or even ban you from the job site.  And all that is before lawsuits, time-consuming discovery and costly, and perhaps uncovered, legal expenses.

How can you protect yourself?  

A Safety Program (Injury and Illness Protection Plan or IIPP in California) provides significant benefits.  It can be simple, but it’s not fool-proof.  It must engage all workers and have unquestioned management commitment.

Here are the eight key sections of any safety plan (from a model IIPP):

  1. Who’s Responsible for safety and this plan, improvements, etc.
  2. What Compliance is expected
  3. How to Communicate
  4. What Hazards exist in the workplace
  5. What Corrective Action has been implemented for these known hazards
  6. What is the process for Accident and Incident Investigation
  7. What Training is required
  8. What Documentation and Recordkeeping must be done

Moving forward ~

Over the next several months RiskSmart Tips will review these eight sections with both details and stories or examples.  Please join the conversation and share your comments [ezine: on the blog site] [blog: below] about your experiences and ideas.

Call (510-685-3883) or email (charles@risksmartsolutions.com) to discuss any time-sensitive concerns.  There’s never any cost or obligation for a discussion! 

Can You Make Cents of it All? Minimum Wages 2014 and Beyond

Federal, State and County laws throughout the US have varying minimum wages and they are changing at a more frequent rate than ever. Some studies indicate an increase will stimulate local economies and put less stress on social services; and yet other groups predict an exodus of businesses from the highest wage areas. While we can’t make clear sense of the future impact, one thing is for certain, small employers are more susceptible to increased costs. So know the current minimum wage applicable to you and your business and plan for future changes.

Federal Minimum Wage:  The Federal minimum wage is currently $7.25 per hour. The value of the minimum wage has fallen sharply over the past forty years. In 1968, for example, the federal minimum wage was $1.60 per hour, which translates to approximately $10.70 in 2013 dollars. To help lower income citizens, President Barack Obama is backing a proposal to raise the minimum wage from $7.25 to $10.10 over three years. According to the Economic Policy Institute, the increase could raise pay for up to 28 million workers.

State Minimum Wage:  Thirteen states raised their minimum wage at the start of 2014. In California, highly publicized legislation supported a minimum wage to increase from $8 to $9 a hour on July 1st, 2014. But wait, that’s not all, the legislation went on to set another increase to raise the California minimum wage to $10 an hour on January 1st, 2016. And oh, there’s more…a groundswell of support originating in Silicon Valley is growing in favor of increasing minimum wage up to $12 an hour via a November 2014 state ballot initiative process.

County Minimum Wage:  In San Francisco County, effective January 1st 2014, San Francisco minimum wage increased to $10.74 an hour – the highest in the country. However, even smaller regions are attempting to adjust pay upward; SeaTac, a small Washington town, which includes a large international airport, voted to raise the minimum wage to $15 an hour – legal battles are still in play.

Risk of Increased Penalties for Wage Violations: Employers should be aware of the increased penalties for minimum wage violations; In California, AB 442 requires employer-violators pay civil penalties and restitution of wages to the employee, AND now, liquidated damages equal to the amounts improperly withheld.

So stay tuned, remain compliant and plan ahead. It’s all about change. (pun intended)

For obtaining required posters or information, go to: 

Penny Schultz, Schultz HR Consulting – Human Resource Solutions
http://www.schultzhr.com  |  penny@schultzhr.com

2014 Risk and Protection Checklist

As you organize your priorities for the New Year, here are 7 key Risk and Protection reminders for your checklist.  Many of these we know are important, yet they’re often not immediately urgent so they fall to the bottom of the pile.  An annual schedule for these updates on your calendar can be effective in avoiding last minute panic.

  1. Update asset lists.  Inventories of equipment, vehicles, shop & office supplies, computers and software licenses, contact information, etc. can get quickly out of date.   Quarterly reviews can keep these top of mind.  Keep updates off site and secure.
  2. Update values.  Asset values – for buildings, equipment, inventory, etc. – can vary from normal inflation for lots of reasons.  Don’t get caught short in the event of a loss.  Review quarterly with your lists above and advise your broker if you need increases.  If you can’t get these done, schedule “project steps” and perhaps a summer or holiday intern to help out.
  3. Schedule key dates.  Keep track of renewal dates for licenses, leases, client retainers, service contracts, insurance, certifications, website URLs, etc. on several people’s calendars.  Add notes about who else needs a “heads up” to be involved.
  4. Insurance protections.  Meet with your insurance professional at least once outside of the “renewal” period.  Ask about new trends in legal, coverage, and insurance rates.  Talk about changes to your business and find out the “hot” topics that need your attention.  Then block out time for renewal applications and benefit program updates, employee communication and enrollments.
  5. Safety.  This can be key to employee morale, customer loyalty and your business survival.  Make sure your IIPP (Injury and Illness Prevention Plan) is up to date as required by many state laws.  Schedule regular Safety Committee meetings, and get the right equipment (PPEs).  Ask your insurance broker about free insurance company services and inspections.  Also get locations of emergency medical clinics nearest you and your work sites: each employee should have an appropriate list immediately accessible.
  6. HR issues and Training.   Plan for employee Handbook updates, new policies and updated legal postings.  Schedule employee group discussions and reminders about expectations and rules. Plan for safety training and defensive driving, equipment certifications, harassment and discrimination courses, etc.  The right training, in advance, can save businesses huge hassle and headaches.
  7. Update Emergency plans.  These “be ready” plans need review and updates.  Ensure that you have the basic supplies appropriate to your location and potential circumstances (flood, windstorm, earthquake, etc.).  Encourage employees to have their own supplies and some plans for family as well.  Contact info must be accessible to all.

Finally, think about the big picture: who are the key people you depend on to be responsible for coordinating your overall Risk and Protection program?  Do they clearly understand your priorities and expectations?  Make sure you are delegating with knowledge and oversight, and not abdicating without paying attention.

Can Your Business Run Without You?

While Charles continues his recovery, RiskSmart Tips would like to thank several colleagues for volunteering to contribute their professional views, particularly in the areas of avoiding, planning for, and managing business risk.  This month’s tip has been authored by Mike Van Horn of The Business Group.

Can Your Business Run Without You?

If all decisions and customer interactions run through you, the answer is “no.”  This is one of the greatest barriers to growth and viability.

“I love working in my business!” you say.  “Why would I want it to run without me?”

Three primary reasons:

  • One, if you are incapacitated, as has been the case with Charles Wilson recently;
  • Two, if you’d like to take a vacation without shutting down;
  • And three, if you are enmeshed in day-to-day operations, you have little bandwidth for the strategic focus needed for growth, innovation, and greater profitability.  This is true whether you are a one-person operation or have a bunch of employees.

The keys to this are Help, Systems, and Management Style.  Consider these questions:

  • What help (employees, contractors, outside professionals) do you need to cover your absence—for any of the above reasons—and to allow you to focus on strategic growth and profitability?  Write the job description of the person(s) who could best free you up and back you up.  (May not be the same person.)
  • What systems do you need to get key info and knowledge out of your head, so that your help can back you up and be the most productive?  Not just packaged systems, but ways of doing things consistently that you can hand off to others.  (Or perhaps they create the systems for you.)
  • How do you need to upgrade your own management style in order to best utilize your help and your systems?

This last one is by far the greatest challenge, especially for an owner who is accustomed to doing it all.  “Nobody can do this as well as I can.”  “I can’t trust others with these key decisions.”  “How could I justify paying somebody else when I can do it myself?”  These often-unspoken attitudes increase the risks mentioned above and guarantee that you stay small—and without back up.

To make this shift, answer these questions: 

  • What must you get off your plate to free you up?  Make a list of the small tasks that can easily be delegated to a clerical (or outsourced) person.
  • As you grow, can you consider an office manager type of assistant to allow you to focus on the most important things for you to do to grow?
  • How can you provide the training, systems, equipment, and oversight to make this person the most productive?
  • How can you keep yourself out of the way, so they can do the job you hired them for?  This takes practice!

To sum up:

The more you can let go, the bigger you can grow.  And the more time away you get.

On the other hand, the more you hold tight, the more you work nights.

And the changes you make to free yourself up for growth also give you the backup and support you need if you are out due to illness or other reasons.

One final note:  If your business cannot run without you, you can never sell it.


 

Mike Van Horn, The Business Group, advises business owners how to grow to the size and profitability they want, without the business swallowing their lives.

http://businessownerstoolbox.com  |  1-415-491-1896

Managing Your IT Risk

Symantec’s Internet Security Threat Report 2013 lists small businesses as the target of 31% of all cyber attacks in 2012, up from 18% in 2011.

“While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by the fact that many small companies are typically less careful in their cyber defenses.”

These days, all businesses rely and benefit from information technology (IT) like computers, the internet, and even mobile telephones.  IT provides huge advantages in efficiency but can also create exposure to some very serious risks.  Large businesses have teams of IT people making sure they don’t run into trouble.  Small businesses, however, don’t have the same resources and therefore have to choose what they can reasonably address.

Here are four IT risks that small businesses can address easily and without great expense.  Start with these and you’ll be in much better shape.

  1. A hardware firewall appliance can add important protection.
    Risk: When you are connected to the internet there is always the possibility that an intruder can gain access to your systems and compromise vital information.  Routers and modems offer only moderate protection, at best.
    Mitigation: While not foolproof, a separate hardware firewall device provides an additional layer of protection for all your equipment and applications.  SonicWall, for example, provides options for added security at a reasonable cost.
  2. Maintain anti-virus / security software on all your computers.
    Risk: Most computers now come with temporary anti-virus software installed, such as Norton or McAfee (Microsoft’s Windows Defender, provided as part of the operating system, has not been adequate).  Regular updates to new virus definitions are a must to reducing your vulnerability.
    Mitigation: Software and virus definition files must be kept up-to-date.  Usually, this means anti-virus software on each of your machines.  Some vendors offer “management” capabilities so changes, updates, and upgrades get done without having to visit each computer.  There are also services that you can purchase to detect and avoid viruses, phishing, and spam for your whole office.  SonicWall and Barracuda, for example, offer these services as optional additions.  These only work inside the firewall – taking a laptop on the road still requires anti-virus software installed on that machine.
  3. Keep your operating system (OS) and other software up to date.
    Risk: Despite everyone’s best intentions, software (such as Windows and other applications) is released with bugs.  These bugs can allow the bad guys to install software to collect and steal sensitive data such as password or financial information.
    Mitigation: Updates and security fixes are regularly released by OS vendors – but they don’t do any good if you don’t install them.  Many are not automatic!  Get in the habit of regularly checking for and installing security updates.
  4. Back up your data regularly, and check that it works properly.
    Risk: Computers do break down (often at the worst possible time), and you can lose access to your data when that happens.  Losing a day of financial transactions is an inconvenience, but losing a week/month/more could bring your business to its knees.
    Mitigation: (1) take backups regularly and often; (2) verify the backup as soon as it’s complete (a bad backup does you no good); and (3) keep a copy in a different location from the computer (don’t lose your backup and your system at the same time).  It’s often difficult to do this regularly and for all important systems.  Consider a comprehensive, automated solution such as Carbonite or Mozy (online backup services) or Barracuda (in-house or online), among others.

There are other things you should be doing (such as protecting your Wi-Fi network from intruders or ensuring that passwords are secured) but the four items described above will address some of the high-priority risk factors.  There are many vendors and solutions out there and the possibilities change constantly.  The specific software, hardware, or services that you implement depend on your particular situation – review with your IT service provider.

Jon Seidel, CMC®
EDP Consulting
Effective Decisions…  Priceless!

The Checklist

While Charles continues his recovery, RiskSmart Tips would like to thank several colleagues for volunteering to contribute their professional views, particularly in the areas of avoiding, planning for, and managing a crisis.  This month’s tip has been authored by Bart Gragg, founder of Blue Collar University®.

Several years ago Charles introduced me to the bestselling book “The Checklist Manifesto” by Dr. Atul Gawande.  Gawande tells the story of Boeing aircraft’s department whose sole purpose is to develop checklists.  What they most often write at the top of emergency checklists is “Fly the Plane.”

That is business continuity in its simplest form.  It is making sure that the company delivers on its promises.  It is making sure someone flies the plane while others perform the critical tasks required to recover from a disaster.  Take the famous case of “Sully” Sullenberger, the airline captain that made a water landing in the Hudson River.  All of the 155 people on board survived.  Why?  Sully’s experience helped him fly the plane while his co-pilot cycled through the engine restart checklist twice and the rest of the crew prepared for the unorthodox landing.

If something happens in your business or department, who’s going to fly the plane?  Will the others know what to do?  Who is going to be the successor to the business owner, to a department manager or executive?  Do they have a business continuity plan or checklist to help them through the crisis?

Businesses that tend to survive a crisis have three things in common: the pre-selection of a successor, the grooming of that person, and a culture of open communication.  The others may at best meet only one of the criteria – the selection of the successor.  They will ultimately struggle.

I recently had the opportunity to choose between two separate companies to work for.  Both companies had chosen their successors.  The difference was that the first company was non-communicative.  They would ask for meetings and fail to show up.  They would set times for phone calls and not be on those calls, never let anyone know they wouldn’t make the call, and didn’t apologize for their actions.  When interviewing the president and his selected successor separately, it was obvious they had not even spoken with each other about routine operational decisions, and they each had greatly differing ideas about the future of the company.

The company I did choose to work for has chosen a successor.  Both parties talk frequently about not just daily operations, but how they both see the future.  They hold similar values.  They have the same ideas about how people are to be treated, and they are both very much open to discussing different ways to expand the business while remaining true to their core philosophy and core strengths.  Externally, you can see how well communication is embedded in their company.  Even when they don’t know the answer to a tough question they communicate anyway.  They say, “We don’t know the answer.  We will find the answer and get back with you as soon as we do.”  And they keep their word.

Can you see how those habits and philosophies make a difference in daily and long-term business continuity?  For one thing, both employees and clients will see the second company as consistent and trustworthy.  And who wouldn’t want that?

  • Does your business have a continuity plan for a major or minor crisis?
  • Do you know who your successor might be?  Are they being groomed?
  • How is your culture of communication?  Does everyone feel safe enough to come to you with bad news?

What are you risking by not having all three of those pieces in place?

If a critical event happens in your business, who is going to fly the plane?

Bart Gragg

Blue Collar University®

www.bluecollaru.com

The Extreme Case, and The Consequences

My name is Patrick Wilson; I am Charles’ son and am contributing this month’s blog.

On July 25, my parents returned from a trip to visit family in New York State and Canada.  The next day was Friday, and my father found himself suffering from flu-like symptoms, including a headache, fatigue, and high fever.  By the time I visited him on Sunday, his symptoms had worsened.  His hands were trembling, he was leaning slightly to one side, and he was not completely lucid.  My mother and I decided to take him to the hospital for emergency treatment.

The initial battery of tests revealed a high white blood cell count in his spinal fluid, a sign of some form of attack on his central nervous system.  He was prescribed a broad spectrum of antibiotics to treat his symptoms, while cultures of his various fluids were grown so the cause could be determined.  A few days later, the diagnosis came back as most likely being West Nile Virus, and this has since then been confirmed.

Currently, there are no definitive cures for West Nile Virus; symptoms are aggressively treated while the infection runs its two- to three-week course.  Unfortunately, the disease continues to damage the nervous system during this time.  In my father’s case, this was most notable in his upper torso, including shoulders, arms, and breathing muscles.  Eventually he became too weak to eat and then to breathe.  He was rushed to intensive care, given a feeding tube through the nose and a breathing tube down his throat.  Machines were keeping him alive.

I am happy to say that, despite the severity of his illness, my father was strong enough to pull through and consistently improve since then.  He eventually was taken off the respirator, moved out of ICU, and is currently in a Kaiser rehabilitation facility regaining his motor skills and physical strength.  The next step will be acute rehabilitation followed by, as much as possible, a return to his normal life.

While the risk of a life-changing event such as West Nile Virus may be small, the repercussions can be extreme, and it is prudent to make some basic preparations.  This month’s tip is to reserve a Sunday afternoon to create a folder containing information that might be relevant to someone assisting you in such a case.  Specify all of your passwords (websites, accounts, and digital devices), recurring bills, and financial and medical information.  You may want to include a list of your key business contacts and a brief description of your relationship with each of them.  Fortunately, my father had much of this information easily on hand, which allowed us to focus on his care and well being rather than administrative needs.

My father has not tiptoed through life, and he may not safely arrive at death, but he manages his risks and lives his life well.  This is our story; please share your experiences or ideas here so that we can all learn from each other.

Patrick Wilson

Fast Growth Can Be Risky Business

Many business people envy the companies that are on the “100 Fastest Growing” lists.  The risk manager says, “Be careful what you wish for.”  Sometimes what looks good from the outside can be a painful problem on the inside.

What happens when you grow too fast?

Mike Van Horn, President of The Business Group (businessownerstoolbox.com), warns “The greatest threat is the inability of management to change quickly enough to respond to new situations.”  In addition to the well-documented cash flow related risks that can toss you quickly into shark-infested waters, here are some other pitfalls:

  • Losing focus on the details that are critical to your quality, customer service and employee morale;
  • Out-running or getting too far ahead of your vendors and service providers, your materials and equipment, your staff and their time, skills and experience;
  • Damaging the quality of your existing business relationships while focusing on getting new revenues.

How can it get worse?

  • The loss of experience and customer knowledge when your “boomers” retire can lead to expensive mistakes.
  • Outsourcing to stay lean can make sense, but watch your customer’s experience carefully.  For example, if a computer service firm uses an outside cabling service for a new network and something goes wrong – whose reputation will be on the line?
  • HR-type liabilities can be killers if you’re going too fast to pay attention, and you allow poor employment practices, like antiquated job descriptions, to creep in.
  • Having the wrong advisors – who may understand where you’ve been, but are not experienced in where you’re going – can be a huge liability.
  • Finally, anything “new” can be very expensive in the insurance marketplace.  If the underwriter doesn’t really understand and thinks you might be cutting corners, you could be up-rated or refused.

What do you absolutely need now?

  • Protect yourself with reliable, up-to-date systems and with documented process and procedure guides.  They will go a long way to ensure:

– Accuracy and quality in your products and services;

– Consistency in meeting customer service expectations; and

– Ease in training new people.

  • Make sure you have the right trusted advisors for tomorrow’s challenges.  This strategy will help you stay lean, focus on the big picture and be ready to handle:

– Forward-looking financial planning;

– Hiring, screening and skill testing – when you need to add staff;

– Technology troubleshooting – for expansion, upgrades and maintenance;

– Contract legal review – for those new business opportunities; and

– Risk management and insurance options – to avoid nasty surprises.

  • Stay on top of all your insurance exposures; inform your broker frequently:

– Update values, new locations, equipment, products and services;

– Make sure liability limits remain adequate; add new coverages if needed; and

– Keep your Safety and Workers’ Comp programs energized.

Do you have suggestions about easing rapid growing pains, or questions your own business’ rapid growth?  Join the conversation below!

The Fastest Way to Improved Productivity

What’s the fastest way to improve business productivity?  Lots of organizations struggle to just set basic priorities, get things done on time/on budget, and keep everyone focused and safe on the job.    There’s so much “noise” in today’s business world it’s hard to know who’s on first – with internet orders, marketing key words, employee accidents, customer or anonymous complaints, lawsuits and new regulations for compliance. One day of spring cleaning is good risk management.

What are the benefits?  Why spend a day doing this?

  • The simple benefits include employee safety and customer satisfaction that come from removing tripping and fire hazards, for example, and getting rid of piles of old documents and obsolete forms to focus on the real priorities.
  • Then there are the more elusive benefits of streamlining core processes, removing red tape, and deleting ancient documents and tax records that can only cause headaches and extra legal costs if someone comes looking.
  • A clean-up provides immediate productivity improvements in the speed and quality of customer service, project management, and order processing.

How can you take effective action?  What can be cleaned?

  • Start with the “piles” around the office, workshop, closets, etc.  Clean up all work spaces and create specific places for stuff that accumulates – shredding, rags, pallets, old marketing material, etc.  Look at stored documents, tax records, etc.  How much are you paying for storage?  What better use could that space have in your workplace?  Do all stored boxes have destruction dates?
    • A Document Retention Policy (it’s really about destruction) will be your legal answer to outside questioning about what was destroyed, when, and by whom.  Consult your legal and tax advisors in setting destruction dates.
  • Look into computers – documents and email.  Look at all drives, devices and archived files, disks, tapes, and hard drives.  Employees always set up their own “personal” storage spots.  Turn over all rocks!  E-discovery work by attorneys can be extremely expensive if you have mounds of old, archaic data and files.
    • Again, a Document Retention Policy is your first step.
    • Ensure that destruction is secure and complete – especially with old hard drives where simple “deletion” often does not remove all data.
  • And check all vehicles for obsolete tools and equipment, trash and “lost” clothing, personal protective gear and expired documentation.  Driver safety can be at stake with these distractions.  Communicate a clean vehicle policy for all.
  • Finally, look at your emergency supplies and first aid cabinets.  Get rid of the obsolete items; update the rest and set a schedule for future reviews.

Take a Spring Cleaning Day to get rid of spider webs and dust bunnies.  Then you and staff are not “haunted” by what’s lurking in piles and old dicey emails.  And you may even find that contact file you’ve wanted to follow up with or a $20 bill!

What are your suggestions?  Comments are welcome!

Exit Checklist

“If you don’t know where you’re going you might wind up someplace else.” ~Yogi Berra

Isn’t planning great?  Some folks seem to spend their time writing stuff down and never really doing anything.  While others write what they just did on a To Do list so they can cross it off.  Yogi’s quote above is often paraphrased as “if you don’t know where you’re going, you certainly aren’t going to get there.”

Eventually (meaning NOW!) we have to take action.  This is the third RiskSmart Tip in the Exit Planning series (see Transitions and Exit Stage Right ).  Here are 10 specific Action Steps that are a continuation of last month’s Checklist.

Action Steps .  Work on these key pieces of your business while planning.

  1. Review your finances – personal and business to clarify your future needs. Consider fee-only financial planners (see Certified Financial Planners ) and don’t forget tax planning.
    • This exercise needs to be kept up to date, and will impact your decisions about goals – for example, can you afford to give the business away?
  2. Decide on your goals.  Will you just close the doors (because no one else can do what you do), gift the firm to friends or family, or sell – either to employees or to a third party?
    • Clarifying this step about target recipients or buyers impacts how you grow, diversify and develop your employees for the future.
  3. Grow your business!  Use every trick in your success book to move forward, trim fat, and get the best people on board to improve both your top and bottom lines.
    • This seems obvious, but it’s easy to get lost in planning or stuck in “unmotivated.”  Keep close to an advisor or two who will relentlessly urge action here
  4. Diversify customers and suppliers – create a broad, solid foundation for your business future.
    • This not only increases your present success and profit, regardless of your goals in #2, it also impacts the salability of your business in the future.
  5. Develop leadership and cross-training – remember your “Long Vacation” plan from the previous tip?
    • Maintain your “Operations Manual” with guidelines for all key processes.  And you must develop trust in your employees and not micro-manage or do everything yourself.
  6. Create a succession plan – again this allows that vacation!
    • Focus on roles and responsibilities for teams and individuals, and backup people for each key process.  Test them with small responsibilities now to watch them grow and gain confidence.
  7. Interview and choose Advisors.
    • This is an on-going action step to always having the right, objective professionals helping you succeed in all areas.
  8. Learn about business valuation if you want to sell.
    • Understanding the hidden complexities of this technique will guide you to increasing your strategic value for any target buyer.
  9. Manage your risks.
    • Identify your biggest risks and new issues coming down the regulatory or legal road; be pro-active and invest in safety, quality and prevention.
  10. Repeat!  Go back to number 2 above.
    • Update annually and tweak your Action Steps!  Set aside ½ day every month to review progress and revise your To Do list.

Exit Stage Right

The last RiskSmart Tip was about Transitions   – the ones you or your business could experience whether you plan for them or not!

This Tip will provide an initial Checklist to help you get started on a graceful exit.  It can’t cover everything: it’s intended as a starting point.  Your primary goal is to get as much input and as many suggestions as you can.  So let’s get started.

  1. Start Early. You’ve heard about the ham and egg breakfast, right – where the hen is involved, but the pig is committed?  Well, your commitment to getting started and carrying through will be the glue that holds this important process together.Even if you have no intention to “retire” or move on, get started now.  It takes time to make changes and to become confident in improvements.  And you never know what could happen to change your plans and quickly. You know the stories – the person who becomes deathly ill overnight or has a serious accident and has never thought about protecting family, employees or the business. Or the family emergency that takes you out without warning.
  2. Seek Advisors. These can be formal or informal. A consultant who recently sold her business credits her success to a group of colleagues, and even competitors, she has been closely associated with for years.
    • Colleagues can be a wonderful source of information and honest feedback.  They may know you and your situation better than anyone.  Ask for their ideas and introductions to people they trust; don’t scare them by asking for advice.
    • Experts can be harder to identify – start some informal interview-type discussions to see if they merit being on your short list.
      • List the areas where you’ll need advice: Legal; Accounting and Tax; perhaps consultants in Exit, Strategic, and Financial Planning; Business Valuation; Risk Management and Insurance protection.
      • Some areas, like law and taxes, are highly specialized, and your current advisors may not explain that completely.  Seek professionals with “exit experience” and get some references.
      • Some of the consulting areas can be ill-defined and finding the right people is hard.  Be patient and don’t give up!  With a little research or Google searches (try “exit planning”), you can find multiple resources.
  3. Make Lists. There can be myriad details; keep track of what you learn.
    • The risk manager always says, “Write it down!”  This allows you to share with others.
    • Accumulate and organize experts, advice on timing, other tips and traps.
    • Keep track of the pearls from your discussions and interviews.

This Checklist will be continued next month with 4. Action Steps – stay tuned!

Even if you only devote 30 minutes for thinking and planning per week, you can make significant headway.  And when it’s top of mind, you’ll think to ask others about their thoughts or experiences.

Please add your thoughts below for others to benefit from your experience.

Transitions: Good News – Bad News

Good news might be when your MD says you’re as strong as a horse and you’ll live at least another 20 years!  The bad news is now you can’t avoid completing the Transition Plan for your business, rather than just slipping out the back door!

Planning of any kind is a struggle for many.  Some say, “It’s hopeless – everything’s always changing.”  Others say, with crossed fingers, “It’s all mapped out in my head – what could go wrong?”

While we all know some change is good, at times some of it doesn’t feel so great.  The inevitable truth is – it is never ending.  A business transition will happen someday, and in one of two ways:  a smooth and well-planned ‘non-event’ or a messy and expensive surprise.

Da Plan, Da Plan (with apologies to Fantasy Island) ~

Exit Planning must, of course, deal with many matters.  Here are the Risk Manager’s four initial steps.  The next RiskSmart Tip will outline a more detailed Checklist, but let’s ease into it and start with these.

  1. Prepare.   Lighten up to get ready for a positive planning exercise.  Make it easy by thinking about taking a nice, long vacation (rather than getting hit by the bus).  Think one month at first, then extend to three.  Schedule a morning a week to get started.
  2. Document.  Create or update an Operations Manual containing all your processes and procedures.  Include actual tasks that are performed regularly, and guidelines for sales processes or customer complaint resolution.
  3. Consolidate.  Get everything in one place and assign where each piece will reside in the future.
    • Line up your key advisors – legal, accounting, estate, etc., plus some employees – and make sure they are specialists in what they do.
    • Create lists of assets, locations and values.
    • List liabilities and accumulate the relevant documents, contracts, leases, etc.
    • Gather insurance information and other financial protections or backstops (LOCs, etc.).
  4. Manage Risks.   With your advisors identify and understand the key risks that could impact your business during your “extended vacation.”  Get input about practical protections and create some simple plans that others can follow to both prevent and to recover quickly when something goes wrong.

These efforts and time investments can be the difference between getting wiped out and surviving to see your exit strategy actually succeed.

Please feel free to share your experiences and tips in the comments area below!

Howdy Partner – Friend or Foe

I remember what is probably an apocryphal story about the Lone Ranger and his sidekick, Tonto riding over the ridge to face a large band of hostile Indians.  The Lone Ranger says, “I think we’re in some big trouble here, Tonto.”  And Tonto replies, “What you mean ‘we’ Kemosabe?”   Oops – friend or foe?

Partnerships of all kinds have been around a long time and served many business interests well.  Think about Hewlett and Packard, Larry Page and Sergey Brin, Rogers and Hammerstein, among many.

But the word “partner” is often misunderstood and misused.  Your attorney will tell you the pain and suffering can be brutal.

“Real” partnerships are business entities registered as such, and the players purportedly know the rules.  I find other people often use the term loosely, and their meaning or intent can be very different from what the listener understands.

John and/or Sally and I are “marketing partners” or “venture partners,” or “we’re partnering on this project.”  You’ve certainly heard this many times.

What are the “rules”?

Legally, partners are deemed to have joined forces – “for better or worse, richer or poorer,” etc. – and to have “joint and several” liability.  This means each partner is fully responsible to perform or pay for whatever business agreements or obligations other partners promise or agree to.  (See this entry in Wikipedia –http://en.wikipedia.org/wiki/Joint_and_several_liability.)

The danger is this legal meaning can apply to implied or “advertised” partners (John, Sally and you!) when there is a client problem or a financial loss.  The client or another “injured party” can sue any one of the “partners” for the full amount of the obligation.  Not knowing the rules can have nasty consequences.

Say John leases a nice office space for the “marketing team” just before your best laid plans implode.  He’s got no assets – guess who gets to foot the bill?

Staying out of trouble!

  • Ban the word partner from your vocabulary unless you really are one!
  • Find other appropriate terms to describe people you may work with – like associate, colleague, etc. – and be diligent in your use of terms.
  • Protect all parties working together by using attorney-provided Teaming, Associate or Subcontractor agreements between you and your colleague(s). And be sure to deal with the “joint and several” problem up front.
  • Be clear to clients and others that you are separate and independent business entities.  You can be working together to help solve a client’s problem, but you are not partners!

What are your experiences? Do you have stories about legal misunderstandings?   Share your story in the comments area!

Free Consultation

Annual Risk and Protection Checklist

What gets us into trouble is not what we don’t know.  It’s what we know for sure that just ain’t so.  ~ Mark Twain

As you organize your priorities for the New Year, here are 7 key Risk and Protection reminders for your checklist.  Many of these we know are important , yet they’re often not immediately urgent so they fall to the bottom of the pile.  An annual schedule for these updates on your calendar can be effective in avoiding last minute panic.

 

  1. Update asset lists.  Equipment, vehicles, shop & office supplies, computers and software licenses, contact information, etc. can get quickly out of date.   Quarterly reviews can keep these top of mind.  Keep updates off site and secure.
  2. Update values.   Asset values – for buildings, equipment, inventory, etc. – can vary from normal inflation for lots of reasons.  Don’t get caught short in the event of a loss.  Review quarterly with your lists above and advise your broker if you need increases.  If you can’t get these done, schedule “project steps” and perhaps a summer or holiday intern to help out.
  3. Schedule key dates.  Keep track of renewal dates for licenses, leases, service contracts, insurance, certifications, website URLs, etc. on several people’s calendars.  Add notes about who else needs a “heads up” to be involved.
  4. Insurance protections.  Meet with your insurance professional at least once outside of the “renewal” period.  Ask about new trends in legal, coverage, and insurance rates.  Talk about changes to your business and find out the “hot” topics that need your attention.  Then block out time for renewal applications and benefit program updates, communication and enrollments.
  5. Safety.  This can be key to employee morale, customer loyalty and your business survival.  Make sure your IIPP (Injury and Illness Prevention Plan) is up to date as required by many state laws.  Schedule regular Safety Committee meetings, and get the right equipment (PPEs).  Ask your insurance broker about free insurance company services and inspections.  Also get locations of emergency medical clinics nearest you and your work sites: each employee should have an appropriate list immediately accessible.
  6. HR issues and Training.   Plan for employee Handbook updates, new policies and updated legal postings.  Schedule employee group discussions and reminders about expectations and rules. Plan for safety training and defensive driving, equipment certifications, harassment and discrimination courses, etc.  The right training, in advance, can save businesses huge hassle and headaches.
  7. Update Emergency plans.  These “be ready” plans need review and updates.  Ensure that you have the basic supplies appropriate to your location and potential circumstances.  Encourage employees to have their own supplies and some family plans as well.  Contact info must be accessible to all.

 

Finally, think about the big picture: who are the key people you depend on to be responsible for coordinating your overall Risk and Protection program?  Do they clearly understand your priorities and expectations?  Make sure you are delegating with knowledge and oversight and not abdicating without paying attention.

Disasters – 10 Ways to Be Prepared

Quote:  Better to remain silent and be thought a fool than to speak out and remove all doubt.  ~ Abraham Lincoln

 

Title: Disasters – 10 Ways to Be Prepared

 

“Disasters” for small and midsize enterprises (SMEs) can arise from many sources and come in all shapes and sizes.  Many studies report that 60% to 80% of SMEs hit with a major disaster don’t survive – unless they have a contingency plan.

 

The “big” news items that catch our attention are usually about natural catastrophes like hurricanes, tornados, floods and wildfires.  But SMEs can also be severely impacted by death or disability of owners or key employees, strategic blunders, or lawsuits from clients, partners or competitors.

 

The costs of any disaster can be significant and very often there is inadequate or no insurance coverage.  In contrast, the out-of-pocket costs of preparation planning are tiny.  And yet, a contingency plan is one of those “important” but rarely “urgent” things on lots of To Do lists.

 

How can you move forward?

 

  1. Make a list of internal staff and external experts who can help you get a handle on this project.  Jot down ideal roles and responsibilities for each.  Your team can help with timetables, motivation, and input.  Don’t do this alone!
  2. Identify your business vulnerabilities: what could be a “disaster” or crisis for your business?  This is the key starting point and a good time to create a worksheet.   Team members can provide creative ideas.
  3. Each vulnerability – something that could cause a disaster – can have different causes and effects.  List these on your worksheet.
  4. For each “cause” consider how to prevent a loss or disaster from happening.
  5. Each “effect” will need a contingency or mitigation plan.  What plans can you create in advance to help a faster and less-costly recovery?
  6. Each plan step can be expanded with specific Action Steps, team member assignments, responsibilities and authorities (e.g., budget).  This is where checklists can be an essential aid to team members.

Note:  you will find many “over-lapping” action steps, so you’ll be able to re-use lots of steps to mitigate the effects of different disasters.

  1. Some research with outside resources may be useful to complete the Action Plan checklists.  Examples include:  insurance, legal, accident investigation, regulatory requirements, training courses, contingency plans of major suppliers and clients.
  2. Set timelines to get initial Plan drafts, then updates with input from others.  Celebrate the team’s accomplishments of even the small milestones!
  3. Practice is critical and often neglected.  Go through each plan step with a “table-top” exercise of possible disaster scenarios.  Verify the team’s contact lists and the urls of resources.

10. Recognize the additional benefits of prevention and mitigation planning.  What operational inefficiencies have you found?  What process or admin bottlenecks can you eliminate?  What new “aha” ideas for preventing losses have surfaced?  Which team resources have you discovered as most important in a crisis?

 

For many SMEs this kind of planning results in more efficient and cost effective operations and higher quality products and services.  They can actually market their Contingency Plans to customers and suppliers as a competitive advantage and a great reason for doing more business together.

Annual Insurance Budget Alert

Many businesses and not-for-profit organizations want to plan for next year’s revenues and expenses.  For many, insurance premiums can have a major impact and may require adjusted pricing on products and services in 2013.

RiskSmart Solutions has polled a number of California brokers for their best estimates and I’m pleased to provide these for your year-end planning.

Remember that different types of coverage have had different profit or loss experience and insurers try to adjust their pricing accordingly.

Also, some of your policies might renew early in the year while others are much later.  Rates can increase several times, so thinking about a range can be helpful – budget higher later in the year.

Lastly, be conservative (meaning use high numbers) in your budgets.  A lower actual result can always be a pleasant surprise.

Type of Policy Possible Range Consensus
Property 0% to +10% +5%
Liability 0% to +10% +5%
Workers Compensation 0% to +20% +10%
D&O, E&O, EPL, etc. +5% to +25% +10%

 

Call (510-685-3883) or email ( charles@risksmartsolutions.com ) if you want some clarification about your unique situation.

Annual Cold Weather Alert

Winter’s fast approaching – or already here – in many parts of the US.  Even the San Francisco Bay Area may experience some record lows over the next few weeks.  Is your business or home at risk?

Consider extra protection for your exterior sprinkler valves, water pipes, faucets and hoses.

Sprinkler valves need special jackets – don’t turn off the water!

The best protection for other pipes is:

  • Close the interior water shut-off to exterior lines
  • Open the exterior spigots
  • Disconnect hoses so they’re open for expansion if any remaining water freezes in the lines

Second best is to disconnect hoses and put insulating “boots” on the faucets where they come out of the walls.

Consider foam pipe protection on all interior hot and cold piping in unheated areas and crawl spaces.

Check carefully when temperatures rise during the day to see if there are any leaks so you can spot a burst or cracked pipe early and prevent flooding.

Make temporary repairs with “leak tape” available at hardware stores – it’s a good idea to have a roll onhand, or turn off the water supply until a plumber can fix the problem.

 

Time Change and Smoke Alarms

While many people have hard-wired smoke detectors as part of their home alarm systems, they often supplement that system with battery-powered extra units.

Residential smoke alarms need to be on every level and are recommended in every bedroom – especially if doors get closed.

Experts say to change your 9-volt batteries at least once a year and if you think about doing it when the time changes from standard to daylight-saving, it can become a good habit.

Did you already do that?  It’s not too late!  Do it now!

You’re also supposed to test your alarms once a month – let’s all do that now too!

The biggest mistake we can make is to disable an alarm because it’s going off when we cook or even take a steamy shower.  Instead move it a bit to a place where false alarms will be minimized.

There are two basic kinds of smoke alarms.  One is the “ionization” type which detects high-flaming fires most effectively.  The other is “photoelectric” and is best at detecting smoky fires.  So which one to choose?

Fortunately there are dual-sensor detectors and these are judged best overall by FEMA and ConsumerSearch.com.

Here are some good resources:

FEMA – Learn About Smoke Alarms

http://www.usfa.fema.gov/campaigns/smokealarms/alarms/index.shtm

Consumer Search – Smoke Detectors: Reviews

http://www.consumersearch.com/smoke-detectors

Consumer Search – Buying Guide

http://www.consumersearch.com/smoke-detectors/important-features

Consumer Search – Full Report

http://www.consumersearch.com/smoke-detectors/review

Saftey and First Aid Equal a Winning Strategy

Workers sometimes joke – particularly within earshot of a Safety person – that, “Safety comes third – first there’s lunch, then break!” At least they’re thinking about it!

Safety = good investment ~
From a business perspective, safety is a good investment. Every safety professional will tell you it costs $6-10 to fix the accident or injury that $1 could have prevented. A great safety record keeps your “ex-mod” down, which means lower Workers’ Comp premiums, and often, the ability to get on to job sites. Increasingly, large firms exclude contractors with poor records – your record could put you out of the game. So you need appropriate, up-to-date policies, the right equipment and pro-active, documented training.

First Aid can be a key element ~
Investing in First Aid is the next step and can help keep your safety record in good shape. While first aid for minor injuries should go on your reporting form, they do not go on your WC loss record. The investment here involves setting up a relationship, including a billing agreement, with a near-by clinic where workers can get immediate attention. A mobile unit that comes on site might be a good alternative. The doctors and staff can quickly remove a splinter or appropriately bandage a cut and avoid time off work. If you wish, they can also become partners with you for pre-employment physicals, drug testing, or back to work and modified duty advice. You pay them directly so they don’t need to wait for reimbursement from the WC insurer. (See full WC and OSHA definition of First Aid HERE)

Contingency plans = important safeguards ~
Of course, you’ll need some contingency plans – if the injury gets worse and needs more treatment, you’ll have to modify the accident report. You’ll also want to get your broker and insurer involved – they can help with claim management and back to work strategies to minimize the time off and the costs. If you have a major accident you’ll want to be ready to conduct your own serious investigation and keep it all under legal confidentiality with a specialized attorney.

Strategic investments ~
These investments – both time and money – are business strategy. They can keep you “in charge” of your safety record and thereby your ability to stay open, avoid OSHA hassle or shut-down, and the distractions of investigations and possible lawsuits. Make sure you’re getting the advice and advance planning you need – from your insurance professional (broker or consultant), your insurer, and from appropriate legal counsel.

A great safety record is a competitive advantage and shows commitment to your own employees (and their families), to other on-site workers as well as to your customers. Being pro-active with the right training and equipment is a winning and cost-effective strategy!

Have questions or a safety experience to share? Please comment below!

Rish Management Free Report Get Risk Management through Contracts and Insurance , and handy reference guide to the business agreements we often make and the insurance consequences these agreements can have.

Insurance Premium Audits

Many business insurance policies are subject to audit by the insurance company.  Initial premiums are calculated from revenue, payroll or other estimates. These estimates can change and, no surprise, the insurer wants more premium!

What can go wrong?

  1. Revenue and payroll estimates can go up or down. While they’ll want additional premium for “up,” you’ll almost never get a return for “down.”  So, Rule #1 is always be conservative in your initial estimates.
  2. Certain types of work are excluded from your policy coverage – for example construction work when an owner or General Contractor (GC) provides coverage under an Owner-Controlled Insurance Program (OCIP).  Because your insurer doesn’t cover you here, you should not report revenue or payroll from these jobs.  Rule #2 is be sure to segregate your revenue and payroll for non-covered jobs.  Get detailed advice – in advance – from your insurance professional.
  3. Workers’ Compensation (WC) insurers often mail an audit form with no instructions.  If business owners have “opted out” of the WC coverage, then do NOT include these salary dollars in your audit submission.  If you have overtime to report, note that you only report “straight time” salaries for these hours.  The insurers’ audit department won’t read your policy; they’ll just send you an invoice for all these additional salaries.  Rule #3 is carefully differentiate your payroll system so you can easily pull out these salaries and not over-report.  Again get some professional advice!
  4. Another type of WC audit can be a killer if you’re not prepared.  State rating organizations (like the WCIRB in CA) are beginning to aggressively visit workplaces and interview employers and employees.  They want to know exactly what work is being performed and who’s doing what.  They can and will assign the most “dangerous” (and expensive) classification if they think something is amiss.  This can mean thousands in additional – and retro-active premiums.  Rule #4 is know your classifications, have up-to-date job descriptions and make sure employees understand them.  Don’t assign the receptionist to pick up FedEx packages in the warehouse, for example:  she or he will no longer be “clerical.”
  5. Finally, note that insurers often use sub contractors to do premium audit work and they get paid based on the number of audits they perform.  That can mean they move quickly, don’t give a lot of explanations, often take the first (or largest) numbers they see, make their calculations, and move on.  Rule #5 is do not leave the auditors alone with your books or files!  Ask questions, provide only the specific answers they need and get copies of their worksheets before they leave.  This isn’t hard, but if you’re inexperienced, get your broker or risk manager to sit in on the meeting and provide guidance.

Have you had experiences like these – or others?  What were the outcomes?  Do you think you got a fair shake?

Get answers to questions or a no-obligation consultation. Risk Management FREE Consultation

Certificates Not Always Certain

Certificates of Insurance and Additional Insured (AI) endorsements are usually a “best practice” whenever you hire subcontractors and certain suppliers and vendors.  Many businesses don’t understand the pitfalls of getting this right.

Remember that insurance is the other side’s financial back-stop to indemnify you for losses due to their negligence or contractual responsibilities. Certificates and AI endorsements usually have no charge, but there may be an administrative fee.

Certificates are “proof” of insurance, but only on the date issued.  Nothing prevents the policy from being cancelled or the stated limits exhausted by other claims.  And you probably won’t be notified of either.

Additional Insured status means you can directly access their insurance coverage for a covered loss (restrictions and limitations will certainly apply), and your own coverage may not be involved at all.  Any losses they are responsible for will go on their record, not yours.

 

Certificates of Insurance 

  • Request these from all sub-contractors, and many suppliers/vendors at all times.
    • If possible, provide a Sample Certificate of your complete requirements so they can give it to their insurance provider and get it right the first time.
    • Instructions should include limits, types of policy and special endorsements or coverages needed.  Some of these can be complex – get help to get it right.
    • Usually you will want:
      • Commercial General Liability (CGL) – $1 mm limits; occurrence based; perhaps Broad Contractual coverage
      • Auto Liability – $1 mm limits; non-owned & hired coverage
      • Excess Liability (depending on the severity of the loss the third party could cause) – $3 mm to $5 mm limits
      • Workers’ Compensation (if any employees) – state mandated statutory Workers’ Comp limits and $1 mm Employers Liability
      • Errors & Omissions (possibly, depending on their work for you) – $1 mm (minimum) or more.
  • If they refuse your request, they may have no or limited insurance protection!
    • You can accept that, but it could mean that you are taking all the financial risk – even if they are negligent or otherwise responsible for a loss.
    • Double check with your insurance professional (risk manager, broker) about your coverage – including independent contractors.

Additional Insured (AI)

  • You should also request Additional Insured status under their CGL, Auto and Excess or Umbrella Liability.  You must insist on an endorsement from their insurance company – not merely a notation on the Certificate.
  • You can request this as well for their Errors & Omissions policy.
  • You will need a “Waiver of Subrogation” for their Workers’ Compensation policy where usually there is no AI provided.  This means their insurer can’t try to hold you liable for a worker’s injury.  Again, get an endorsement.

Advisors You Can Rely On

Last month’s Tip discussed the need for risk management in addition to an organization’s insurance broker.  What other “experts” do you depend on?  In today’s economy, with increased outsourcing, the list, and the risks, can be huge.

Many businesses need – attorneys with various specialties, CPA/tax advisors and perhaps a bookkeeper, bankers, financial/investment planners, Human Resources specialists, IT systems/security gurus, and the list goes on.  You need them both for practical pre-problem planning, and for quickly and effectively sorting out the stuff that hits the fan.

Many of these advisors are critical to your success and survival, and that’s how it gets risky.  Engaging an expert for help that’s necessary but unavailable, or delayed, or out-of-sync, or too difficult to implement, or flat-out wrong can be disastrous.

Define “Reliability” ~

How do you vet advisors to be sure you’re getting quality and timely advice?  Moving from “necessary” to “reliable” is often difficult. Your definition comes first and impacts your choices, options, project scope and cost.  What are your essentials?

  • Time – Availability when you need them
      • Ask about back-up, commitment, examples and references
  • Quality – relevant skills and experience
      • Ask about experience with similar organizations & problems, references
  • Cost – payment terms and satisfaction guarantees
      • Ask about hourly or project fees, not-to-exceed options, extra costs
  • Practical – usable, not esoteric advice
      • Ask about examples of outcomes (positive & negative), references
  • Protection – errors and problems, conflicts of interest, safety & security
      • Ask about Agreement wordings, E&O insurance protection

Due diligence – an important final step ~

  • Conduct interviews using the Essentials above
  • Check references carefully and thoroughly; get examples of successes and failures
  • Define your expectations and how you and your team will measure success
  • Don’t “abdicate” – delegate with enough knowledge to follow progress
  • Set “update” conversations to re-align if necessary – 30, 60, 90 days

Cost of Risk ~

Finally, be conscious of the difference between an expense and an investment.  You can read more about this difference HERE.  Some projects might include both; others may be one or the other.

Compare project or advisor cost with your “Total Cost of Risk.”  How much will it cost to complete an important project vs. how much could it cost if you don’t do it and have to deal with losses, fines & penalties, lawsuits, hassle and distraction?

Please be sure to leave your comments or questions in the comments below as I look forward to them!

Risk Consultation

Why You Need a Risk Manager

Many mid-size organizations depend on just an insurance broker for their entire Risk Protection Program.  Today’s world is marked by increasing business complexity and insurance coverage restrictions.  Should we be surprised that execs still get blindsided by claims and lawsuits that aren’t covered by their insurance?

Typically, larger firms have in-house risk managers for broad, strategic risk management – like preventing losses, improving safety, and testing contingency plans for survival.  Smaller firms get the same benefits by hiring an independent risk manager.

Your broker unquestionably brings essential insurance-related services to the table.  The reality today is this is not enough: businesses cannot get complete protection from just one source.

Some “black holes” you can avoid –

  1. A contractor needed a liability coverage extension to get a new project.  The broker said this would be “hard,” require loads of additional documentation, and incur a substantial additional premium.  The risk manager was able to assist the broker to get the exact extension needed with two easy questions and the cost was only $150.
  2. A high-tech startup needed a Health insurance plan to recruit new employees. The broker said the client was too small, it would be expensive, and options would be limited. The risk manager was able to move the conversation to another level, get “translations” of jargon and simplify the options.  The outcome was a great and affordable plan and good service options.

Differences to consider between a risk manager and most brokers ~

  • Would you be more confident in a specialist who helps you identify your key business risks and how to prevent losses and lawsuits, or a broker who basically just sells insurance?
  • Would you be happier with a specialist who helps with strategic enhancements to your coverage to help you get more business and revenue, or a broker who helps buy insurance to handle your obvious risks?
  • Would you get more value from a specialist who helps you enhance your Risk Profile and implement prevention plans for better coverage at lower rates, or a broker whose risk management suggestions will usually be linked to additional insurance purchases?
  • Would you prefer a specialist who works only for you with fees agreed in advance and no conflicts of interest, or a broker who gets paid by commission on how much insurance you buy?

Don’t get trapped:  Having just one advisor in a key protection area like risk management makes you vulnerable to just one set of ideas or point of view.  In today’s litigious and claim-happy world, you need dedicated, objective professionals on your team.

Difference Between Business Expense and Investment

It’s easy in a rough economy to misunderstand the difference between a business expense and an investment.  They both look like the same cash out the door!  Unfortunately, when expense cuts are across the board, the law of unintended consequences can rear its ugly head.

Short-sighted ~

I remember my employer, a major insurance organization, responding to a similar economic period in the late 1970’s.  They decided not to hire the usual crop of trainees for one year.  Not recognizing this was an investment, rather than an expense cost them dearly in huge staff and skill gaps for about five years.

Risk management, including safety, loss prevention and mitigation are often put on the chopping block in times like these.  For some firms it feels easy to cut this “soft” stuff:  “We’re in good shape.  What could go wrong?”

Large company risk mangers know the consequences:  it costs $7 to $10 to fix a safety or risk management issue than to invest $1 in preventing it up front.

Business Insurance recently reported what can happen:

  • Tighter budgets, less attention to safety and stretched labor can lead to MORE ACCIDENTS;
  • Less managerial oversight often encourages ETHICAL PROBLEMS;
  • Layoffs can bring LIABILITY AND DISCRIMINATION CLAIMS, SUDDEN “INJURIES,” and LONGER CLAIM PERIODS for workers’ compensation.

What you can do ~

Doing more with less is often a necessity, at least for a while. What’s important is not losing sight of your long-term strategies.

  • Discuss problems openly with staff to get understanding, ideas and buy-in.
  • Get input for effective change implementation – how can you maintain key priorities and the needed oversight to make this work.
  • Everyone’s got to know you’re not downplaying quality products and services or worker and public safety:  talk it up and walk the talk.
  • Discuss gaps with your insurance professional or broker and other suppliers.  Ask them about ways to get – often free – value-added training, risk assessments, loss control inspections, testing and other help.
  • Remember some investments have intangible benefits, like professional advice that allows management to be more focused and productive, avoids problems, or reduces stress, hassle and distractions.

What’s your Return on Investment?

Insurance rates are already climbing and expected to go higher this year.  Insurers are clamping down and restricting coverage.  This is definitely not the time for you to have additional claims or look like you’re doing a sloppy job with your risk management and loss prevention basics.  High priority attention and some investment here will pay off over many years to come.

What’s your experience in this area?  How hard is it to distinguish between an investment for the future and just an expense?

Take Care of Important Business First

Here’s a not-so-successful story about Risk Management.  It’s sad, and I wish I could have done more to prevent it.

I was working with a start-up client to get a new Employee Benefits Program up and running.  We were in the “final” stages for several months:  there were just a couple basic decisions to make, a couple applications to sign, and some initial checks to write.

They were all “on the back burner” because she was travelling, creating some terrific new partner opportunities around the world, beginning to sell new products, getting promoted, etc.

My reminders did not alter her “urgent” priorities.  As often happens, the “tyranny of the urgent” overshadows the “important” business issues that need to get taken care of first.

With everything “almost” complete, she hurried off on an international business trip.  Two days later, she was hospitalized and diagnosed with a life-threatening disease.  In a whirlwind, she underwent initial emergency treatment, got transferred to Intensive Care with a severe complication, and then immediately started phase one of a major, long-term treatment plan.

Adding to the tragedy … the insurance applications were still in her briefcase.

Now she is recovering, and that’s great news.  However, she and her family have not had the benefit of extra protections which could have been in place.  Not only would these have saved them a lot of money, they would have provided a sense of comfort.  Worse yet, she’s lost, probably forever because of her new “pre-existing condition,” a couple significant pieces of her long-term healthcare safety net – Life and Disability insurances.

In our busy, overloaded lives it is so easy to focus on what appears to be urgent and neglect what is truly important.

The Risk Manager recommends you STOP now, and think about what those really important issues are – or could be – for you.  Then make sure they get taken care of first, NOW.

Have you had or seen a situation like this?  What other ways can the urgent get in the way of the important?

Risk Profiles Save Money

Do duct tape and plastic sheeting form the cornerstone of your business security and protection plan?  Were things ever that simple?  Here’s the real question:  How do you handle the high costs of insurance premiums?

If you take a common-sense approach to risk management, you can significantly reduce your risks, minimize your potential losses and save on insurance.

Manage Your Risk Profile

Insurers rely on a “Risk Profile”—a snapshot of your company’s vulnerability—when they review and price your policy.  Improving this picture is fundamental to getting a better deal.  Here’s how to put your best foot forward.

Start by listing your most important risks.  Ask your employees, customers and suppliers about the risks in your business that make them nervous.  You’ll gain valuable input and foster a deeper sense of partnership with your key associates.  Then, focus on these three critical areas:

Your internal risks need constant attention ~

  • Clean up your premises. Remove fire hazards, enforce no-smoking rules.
  • Invigorate your Safety Program. Get help from your broker and insurer.
  • Assign dollar values to your assets carefully and consistently. Videotape your premises and keep copies of everything in an offsite location. Pay special attention to your Business Interruption worksheet and work with your accountant.
  • Retain records for at least five years. Archive payrolls, sales records, expired insurance policies (keep these forever!) and loss reports in confidential storage.

Data and employee risks can become a nightmare ~

  • Test your data-security measures (and keep them updated). Protect company, employee and customer data from internal and external breaches.
  • Safeguard tested backups of data offsite. Save copies of financial and personnel records, as well as customer and vendor information.
  • Keep employee policies and handbooks up-to-date. Include interview question guides, job descriptions, personnel forms and employee training data.

External risks are often overlooked ~

  • Get insurance certificates from all vendors; get safe-work statements from vendors who perform potentially hazardous work, such as welding.
  • Create emergency management plans for major disasters; assemble and prepare a team to step in immediately with an action plan.  Conduct a drill.
  • Draft crisis communication messages for your customers, suppliers, employees and the media.  Be prepared to talk frankly about what happened, what you’re doing about it, and how to contact you for business.

Show your broker your proactive security and asset protection measures, and make sure the story gets to your insurer.  By looking better than others in your industry, your reward could be smaller rate increases.  And, your diligence can prevent many losses from occurring.  Get expert help for any areas you can’t handle yourself.

Implement these simple steps to better risk management, and you’ll reduce your vulnerability, minimize potential losses, and save money.

Warning – Hard Insurance Market Ahead

The insurance market has been “soft” for a long time.  Renewals with lower costs now seem normal, and you may have gotten better coverage too, if your broker was paying attention.  Clients and RiskSmart Tips subscribers know this is not a forever thing.  Inside information and preparation can save you a lot of hassle – and money.

What is Hard vs. Soft? ~

The insurance market, like most businesses, is driven by supply and demand.  Insurers raise premiums when their losses get “too high” and reduce prices when their loss experience is better than expected. This means competition for your account can be fierce – until all of a sudden it’s not.  Often market pricing changes suddenly, and many coverages may no longer be available.  This can be painful if you don’t see it coming.

Insurance rates for most coverages have been falling for years.  But recent catastrophe losses have soared, and the frequency of normal losses – like Worker’s Comp injuries – is increasing.  It only takes one significant “event” – like another Katrina, earthquake, tsunami or terrorist attack – to trigger a “correction” and premiums could increase dramatically.

We are still experiencing a similar phenomenon with the mortgage market.  The sun was shining and few people saw the dark clouds on the horizon.  Suddenly the “weather” changed and the impact on individuals, companies and whole industries has been deep and widespread.  If you didn’t see it coming, the change was shocking.

Seven secrets for how you can prepare ~

Most insiders agree there are some very effective tactics you can implement now to help prepare for WHATEVER happens ahead.  First, make sure you have a pro-active, responsive broker and are getting practical, on-going advice.  None of this will work without this key building block.

  1. Negotiate the lowest deductibles available, and be ready to increase them in the future to minimize rate increases.
  2. Get the broadest coverage now while it is willingly offered – increase policy enhancements or sub-limits, try to modify or eliminate exclusions, and consider adding new coverages.  These often don’t “go away” when rates increase.
  3. Increase your liability limits while they are inexpensive and make sure you have accurate insurance-to-value for buildings, contents and equipment. Underinsurance is short sighted and can kill your business.
  4. Consider multi-year renewals to lock in lower rates.
  5. Make sure you have high quality, stable insurance companies able to weather a storm – you don’t need the hassle of a bankrupt insurer when you have a loss.
  6. Invest in safety, quality and loss prevention – this can make you a much more desirable account (see next month’s Tip, Manage Your Risk Profile).
  7. Use hold harmless or indemnity clauses to transfer risks to others whenever possible.  This reduces your risk, and puts you in a better position if you need to pare down limits or coverage in the future because they’re too expensive.

Join the conversation below or call me to discuss your special circumstances and how these “secrets” might work for you.

2012 Risk Protection Checklist

As you organize your priorities for the New Year here are 7 key Risk and Protection reminders for your checklist. Many of these we know are important, yet they’re often not immediately urgent and so they fall to the bottom of the pile. An annual schedule and planning can be effective in avoiding that last minute panic.

  1. Update asset lists.  Equipment, vehicles, shop & office supplies, computers and software licenses, contact information, and etc. get quickly out of date.   Quarterly reviews can keep these top of mind.  Keep updates off site and secure.
  2. Update values.  Asset values – buildings, equipment, inventory, etc. – can vary by season or new project and from normal inflation.  Don’t get caught short in the event of a loss.  Review quarterly with your lists above and advise your broker if you need increases.  If you can’t get these done, schedule “project steps” and perhaps a summer or holiday intern to help out.
  3. Schedule key dates.  Keep track of renewal dates for licenses, leases, service contracts, insurance, certifications, website URLs, etc. on several people’s calendars.  Add notes about who else needs a “heads up” to be involved.
  4. Insurance protections.  Meet with your insurance professional at least once outside of the “renewal” period.  Ask about new trends in legal, coverage, and insurance rates.  Talk about changes to your business and find out the “hot” topics that need your attention.  Then block out time for renewal applications and benefit program updates, communication and enrollments.
  5. Safety.  This can be key to employee morale, customer loyalty and your business survival.  Make sure your IIPP (Injury and Illness Prevention Plan) is up to date as required by California law.  Schedule regular Safety Committee meetings, and get the right equipment (PPEs).  Ask your insurance broker about free insurance company services and inspections.  Also get locations of emergency medical clinics nearest you and your work sites: each employee should have an appropriate list immediately accessible.
  6. HR issues and Training.   Plan for employee manual updates, new policies and updated legal postings.  Schedule employee group discussions and reminders about expectations and rules.  Plan for safety training and defensive driving, equipment certifications, harassment and discrimination courses, and etc.  The right training, in advance, can save businesses huge hassle and headaches.
  7. Update Emergency plans.  These “be ready” plans need review and updates.  Ensure that you have the basic supplies appropriate to your location and potential circumstances.  Encourage employees to have their own supplies and some family plans as well.  Contact info must be accessible to all.

 

Finally, think about the big picture: who are the key people you depend on to be responsible for coordinating your overall Risk and Protection program?  Do they clearly understand your priorities and expectations?  Make sure you are delegating with knowledge and oversight and not abdicating without paying attention.

 

Call with any questions or comments – there’s never an obligation for brainstorming!