Archive for category risk
People frequently overlook one of the best values of a liability policy which is the insurance company pays to investigate and defend a claim. But the insurance company has to receive timely notification of a claim or incident to trigger or initiate these defense expenses. Too often the insured (you) contact your legal counsel and forget to call your insurance agent to report the claim.
An association received a letter from an attorney representing a terminated employee seeking restitution for alleged discrimination. The association sent the letter to its attorney who did a little research and wrote a letter to the employee’s attorney saying “go away.” Several months later the association received a letter announcing a court award of a judgment to the former employee. The organization did not respond to the complaint nor appear in court because it failed to notify its registered agent of its new address.
At this point the association finally contacted its insurance agent to file an Employment Practices Liability claim. The insurance agent presented the claim which the insurance company denied due to late reporting. The association was very lucky and had a good agent who after much pleading and negotiation the insurance company agreed to pay the defense costs from that point forward. The carrier was within its rights to deny the claim.
What went wrong?
The association did not call its insurance agent as soon as it received the original demand letter but rather had its legal counsel “handle it.” This common practice jeopardizes your insurance coverage. Frequently attorneys tell association executives to contact them as soon the person becomes aware of a claim or potential legal action. A few attorneys even tell clients they will advise the association if it should submit the claim to its insurance company.
WRONG! The insurance company is the only party that decides whether or not a claim is covered. So your first phone call must be to your insurance agent so he or she can guide you in filing a claim or notice with the appropriate insurance companies. Neither your attorney nor insurance agent should decide whether or not to report a claim.
Every insurance policy requires claims to be reported in a timely manner. The insurance company wants to investigate the claim immediately while memories are fresh, people are available and the evidence can be preserved. Many states have laws that stipulate late reporting can relieve an insurer of its responsibility to defend and pay a claim. A few states mandate that the reporting delay has to have a “material effect” on the company’s ability to defend the claim to negate coverage. Regardless of the applicable law, you are better served when the insurance company begins its investigation promptly.
Second, the insurance company’s responsibility to defend the insured is the most valuable coverage under a liability policy. Defense costs can exceed the actual claim payment. For example you may win in court or convince the claimant to go away but will still have defense costs.
Each policy’s defense provisions stipulate if the insurer has the right and duty to defend the insured. If the insurer does not have a duty to defend, there may be an option for the insured to tender its defense to the insurance company. However even if you do not tender the defense to the company the carrier still has to approve in advance any defense expenditures paid by you. Under most reimbursement provisions, the insurer will advance defense expenses (pay before the claim is settled).
It is important to know how defense costs are covered under each policy. In most general liability and auto policies defense costs are paid in addition to the policy liability limit(s). The full limit is available to pay any settlement or judgment. Most Directors & Officers and professional liability policies have defense expenses within the policy limit thereby reducing the amount of money available for claim payments. Some insurance companies offer an endorsement (for an additional charge) making defense expenses “outside” the policy limit. Check with your insurance agent to determine the defense provisions for your key liability policies.
You are probably paying a lot for your insurance policies and should receive its full benefits. Therefore all claim and incident notices should be filed promptly to the insurance company. Make sure every supervisor, manager, executive, general counsel and key volunteer (board and committee members) knows how to report any incident or event that could lead to an insurance claim to the proper person. Remind them often of the importance of timely notice and how to report an incident or claim.
The association’s first call or email should be to the insurance agent or broker who can guide them through the reporting process. The second call can be to General Counsel or your outside legal counsel but it is more important to notify the insurance company via your insurance agent. Don’t rely on your attorney to decide if you have insurance coverage; only the insurance company can make that determination.
Late claim reporting can cost you thousands (or more) of dollars in defense costs that the insurance company would have paid (within the terms of the policy) if you told them sooner.
My earlier post, What Does Your Exhibitor Contract Say? Protect Yourself, discussed how a hotel and convention center contract could hold an association responsible for anything that goes wrong, including the bad acts of exhibitors. Regardless of the terms of the facility contract, an exhibitor should have to protect the association from any harm caused by an exhibitor. The exhibitor contract should contain an indemnification and hold harmless agreement in favor of the association.
The protection provided by an indemnification provision is only as good as the offending party’s ability to pay for any harm they cause. If the exhibitor does not have the right insurance they won’t be able to meet their obligations nor protect the association. This is why having the right insurance is so important.
Very few contracts are written correctly from an insurance and risk management perspective. The hold harmless and indemnification provisions and insurance requirements are problematic. The contracts often contain incorrect insurance terms and do not require the exhibitor to submit proof of insurance.
If the contract has the exhibitor agreeing to indemnify and hold the association harmless, require the other party to have certain insurance coverages. You should also demand proof of insurance by requiring a Certificate of Insurance and/or Evidence of Property Insurance. Certificate handling is time and staff intensive especially for a large event. You have to train someone to receive, review and approve the certificates, follow-up if there is a problem, and file and retain the documents. This may seem like a lot of trouble but is invaluable if you avoid a large loss caused by an exhibitor.
The following is a general explanation of common insurance terms and coverages. Your policies may vary so do not rely upon this discussion. The terms and conditions of the actual policy determines coverage. Have your insurance agent or broker review all contracts before signing to make sure you have the required and appropriate coverages. Many contracts mandate terms contrary to insurance industry practices making compliance difficult or impossible. When drafting a contract or agreement have your insurance professional review it from an insurance and risk management perspective.
The most common errors arise from incorrect insurance terms. Almost universally contracts mandate “comprehensive general liability insurance” which no longer exists. Insurance companies stopped writing “comprehensive general liability insurance” in 1986 and some of the coverages under the comprehensive policy are no longer available. The correct term is “commercial general liability” although some use the terms of business or general liability. All insurance people understand the term “commercial general liability” and carriers’ policies are usually based on the Insurance Services Office’s Commercial General Liability policy.
Other terms not to use are:
- Personal Injury – Frequently, the exhibitor agrees to hold the association harmless for “personal injury” and damage to property. For attorneys, “personal injury” means or includes bodily injury. However in a commercial general liability policy, “personal injury” covers intentional torts such as libel, slander, defamation, false arrest, detention or imprisonment, malicious prosecution and wrongful eviction or entry into committed by or on behalf of the premises’ owner, landlord or lessor. Personal injury coverage excludes bodily injury, so the indemnification provision should use the term bodily injury. You can also require Personal and Advertising Injury which is Coverage B in the commercial general liability policy.
- Public liability – This was never an insurance coverage – no insurance person knows what it means.
- Broad form coverage – This was an endorsement added to a “comprehensive general liability” policy. The endorsement no longer exists and some of the coverages are no longer available.
- Blanket contractual liability – Another pre-1986 endorsement that is no longer available. Some insurance companies have a “blanket” endorsement for contractual liability but each form is different and may not give the intended coverage.
The contract may also require the exhibitors to include coverage for their independent contractors. No insurance company will provide coverage for the insured’s independent contractors – the exposure is too large and unknown. However you can require the exhibitor to pass your insurance requirements to their subcontractors.
The general liability policy grants contractual liability coverage as an exception to an exclusion. The insured has coverage for bodily injury or property damage liability assumed under a contract or agreement that is an “insured contract.” Not all contracts meet the policy’s definition of “insured contract.” The policy also has other restrictions on contractual liability coverage. Talk with your insurance professional to get a better understanding of this coverage.
The general liability policy is usually the only policy that provides some form of contractual liability coverage. Most other liability policies exclude liability assumed under a contract. Work with your insurance agent to decide which, if any, of your policies give this coverage when signing a contract requesting contractual liability
In most cases request the exhibitor to have the association added as an Additional Insured to its general liability policy. However there are many variations of the Additional Insured endorsement so specify the endorsement or wording you want. Request a copy of the additional insured endorsement to verify it is providing the right protection.
The exhibitor’s policy may have a “blanket” additional insured endorsement that adds any party requiring such status. However the blanket endorsement can have limitations or other problems so ask for a copy of the endorsement to verify coverage. Ask your insurance professional to check the form for compliance.
A contract may specify “all risk” or “fire and extended coverage” forms but these coverages no longer exist. Property coverage is now written on Cause of Loss – Basic, Broad or Special Form. The broadest coverage is the “Cause of Loss – Special Form” which usually does not include flood or earthquake.
Certificates of Insurance
A certificate of insurance documents the insurance policies in force as of the date of preparation; the coverage can change the next day. Regardless what the certificate displays, it does not amend the terms of any policy. The contract’s requirements such as adding the association as an additional insured may drive the need for an endorsement.
By requiring the exhibitors to have certain insurance coverages you are protecting your association from harm caused by others. Make sure your contracts are well-written and the exhibitors have to have the appropriate insurance policies.
Insurance is quite complex; so get help in drafting (and reviewing) your contracts and agreements. While attorneys address the legal aspects of a contract you also need the counsel of an insurance professional. Insurance with its own terminology and intricacies need the help of an insurance professional. Your survival may depend on it.
An association executive asked me about requiring certificates of insurance from conference exhibitors. My primal response was “Of course you require certificates of insurance from exhibitors that is Risk Management 101.” But then I decided to investigate the world of meeting and event planning to see what associations are doing. Thanks to ASAE’s Knowledge Center’s Models and Samples I reviewed seven (7) exhibitor contractors. The findings surprised me; from a risk management perspective the indemnification provisions were rather weak and the insurance requirements were problematic. Bottom line, only one association had a good indemnification provision and all had problems with their insurance requirements.
Why Do We Care?
Every hotel, convention center or facility contract has an expansive indemnification provision. In most cases, the association agrees to indemnify, hold harmless and defend the facility for anything that goes wrong. What do these terms mean?
Indemnification or to indemnify means the association assumes the financial responsibility for the liability of another party such as the hotel or convention center. A hold harmless agreement requires the association to respond to certain legal liabilities of the other party. Most event contracts have an “intermediate” hold harmless form where the association is responsible for its sole negligence and the negligence of both parties. However, the agreement can be “broad” where the association holds the other party harmless for suits against the other party based on the association’s sole negligence, joint negligence of both parties or the sole negligence of the other party. The facility can try to impose liability for its sole negligence but that portion is unenforceable in a number of states. (Definitions provided by International Risk Management Institute’s Insurance Glossary.)
Consequently, hotel and convention center contracts or license agreements impose substantial liabilities onto an association. Limited attention is often given to the indemnification provisions since the association is usually in a weak bargaining position. While the association may not be able to modify the terms it can work with an insurance professional to make sure it has the appropriate insurance coverages and limits. Just as importantly, the association can transfer contractually some of these exposures to the exhibitors and other service providers (exposition companies, caterers, AV, entertainment).
Most facility contracts also hold the association responsible (liable) for the acts of any persons admitted to the facility by the association. One agreement states “For the purposes of this Agreement, the act of any person admitted to the Center by Customer shall be the act of Customer.” Therefore, the association is financially responsible to the facility for any legal liabilities caused by its employees and volunteers as well as the attendees, exhibitors, speakers, contractors, subcontractors and anyone else invited to the event. For example, if an exhibitor’s “swag” hurts a person or they serve food that causes food poisoning, the association is liable to the facility if the facility is involved in the loss or claim. A knowledgeable claimant or plaintiff will name every party even remotely related to the incident including the facility. For your protection, transfer this financial responsibility to the exhibitors and other service providers through your contracts.
Indemnification and Hold Harmless Problems
Several of the exhibitor contracts focused on limiting the association’s liability from the exhibitor filing a claim against the association for damage to the exhibitor’s property or people. The contract should address this issue but it is more important to have a good indemnification and hold harmless provision especially if the facility contract has an “intermediate” or “broad” hold harmless provision.
The indemnification provision should protect the association to the fullest extent possible. Review the facility contract to determine your obligations and transfer the same responsibilities to the exhibitors.
Below are solutions to some common errors in indemnification provisions.
- Clearly identify the provision with a heading such as Indemnification, Liability or Waiver
- State that the exhibitor has to defend the association in addition to indemnify and hold it (and any other parties) harmless. Most insurance policies will not pay defense costs unless the contract specifically requires the insured (exhibitor) to defend the other party (you).
- State what liabilities and exposures the exhibitor is assuming.
- List all parties that the exhibitor has to indemnify. This should include the parties the association has to indemnify under its event contracts.
NOTE: Since this is a part of a contract or agreement, have your attorney review and approve the document before you use it.
Co-ordination with Lease
The Produce Marketing Association (PMA) has a great provision in its PMA Official Exposition Rules and Regulations that makes the exhibitors liable to the same extent that PMA is obligated to indemnify the owner of the building. Here’s the wording:
Exhibitor hereby agrees to indemnify, defend and hold harmless Exposition Management to the same extent that Exposition Management may be obliged to indemnify the owner of the building and other related entities as lessee or licensee of the exhibit hall or space. If there are any inconsistencies between Exposition Management’s lease or license for the exhibit hall or space and this agreement, the terms of the lease or license shall govern. If there are additional rules, regulations or terms or conditions that Exposition Management must comply with under its lease or license, to the extent they may be applicable to the Exhibitor’s booth, those additional rules, etc. are hereby incorporated herein by reference and the Exhibitor agrees to comply with them.
If you include a similar provision you should inform the exhibitors of the extent of your liability to the building owner so they can review their insurance program for the appropriate coverages.
Insurance is the best way to fund an indemnification agreement. However the Insurance section is either overlooked or done poorly. Another blog post will more fully explain Insurance requirements.
First, make sure the indemnification provision is written to trigger insurance coverage. Second, describe the required insurance coverages properly. Your insurance agent or broker can help you develop the correct wording. Finally require the exhibitor to provide your association with a Certificate of Insurance and Evidence of Property Insurance prior to the event. Review the certificates to verify the exhibitor has the right insurance coverages.
You have too much at risk to have a weak indemnification provision in your exhibitor contract. The larger exhibiting companies will have no trouble meeting tougher indemnification and insurance provisions – they expect it. Some smaller companies may not have the required insurance but you can help them. Short-term special event general liability policies are available if an exhibitor needs help to meet the contract’s requirements. Your insurance agent can help identify or supply these markets if the exhibitor needs help. You can provide a valuable service to the exhibitor while protecting your association.
What to Do
So what does your exhibitor contract say about indemnification and insurance? Review your contract with your insurance agent and attorney. They can draft a stronger contract to protect your association from harm caused by others. Get to it!
My friend, an insurance broker, was lamenting the disconnection between her association and nonprofit clients and the insurance industry. Her clients expect their property and casualty insurance premiums to decrease while insurance companies are seeking increases. This disparity forces insurance brokers to market their accounts in search of reduced pricing. The marketing efforts can produce lower costs but usually because the incumbent carriers cut their prices to keep the account.
The insurance industry has programmed insureds to expect premium decreases. The insurance marketplace is cyclical and it has been in a “soft” market since 2005 with declining rates. However according to MarketScout’s research, the market started to turn last fall when rates stayed flat and then slight increases. Since November 2011, average premiums have increased with April recording a 3% increase compared to last year. Conning Research’s Property-Casualty Forecast & Analysis predicts net premium growth of 4% in 2012, +5% in 2013 and +5.5 in 2014. Premium increases will be higher in catastrophe-exposed regions especially for property coverages.
What does this mean? Associations and nonprofits should expect their annual premiums to increase for the next few years. But nonprofit organizations are still recovering from the Great Recession and money is tight. Many have already reduced their insurance costs by lowering policy limits, increasing deductibles, and/or eliminating coverages. How much lower can they go?
Although you may still need to cut costs, reducing your insurance coverages can be a false savings. Having adequate insurance is important to your financial well-being but what is “adequate” for you? How did you decide where to cut your insurance costs?
Risk Financing Strategy
In a perfect world every nonprofit has a risk management policy but few have one. It is valuable to discuss how to manage your risks and then adopt a formal policy. A plan for financing your risks – how you will pay for losses – is a part of your risk management program. A risk financing strategy helps you make these difficult risk financing decisions. Most associations have policies or strategies for their investments and reserves but not for financing its risks.
Risk Financing Techniques
There are two ways to finance risk; retention or financial transfer. An organization retains a risk when it pays for all or part of a loss. A deductible is one form of retention; not purchasing insurance for an exposure is another. Hopefully your types and amounts of retention are conscious decisions but you can passively retain a risk when unaware of its existence and have no plans for paying for a loss. A good risk identification process may prevent an unexpected risk retention.
With financial transfer another party is financially responsible for a loss but you need to make sure they have the financial resources to meet their obligations. Purchase of insurance is a financial transfer. Indemnification or hold harmless provisions in contracts are another transfer technique since another party has to pay for certain types of losses. For all financial transfers make sure the other party can meet their financial obligations.
Insurance is the primary risk financing technique for nonprofit organizations. Every nonprofit has an informal risk financing strategy based on the scope of its insurance program but it would be better to formalize your strategy.
Insurance purchasing guidelines, a part of a risk financing strategy, are similar all organizations. An organization should:
- 1. Assume risks whenever the amount of the potential loss would not significantly affect the organization’s financial position; and
- 2. Insure risks whenever the amount of potential loss is significant or insurance is required by law or contractual agreement.
The first step is to decide what is a “significant loss.” Often a “significant loss” is one that threatens the organization’s survival. You may have established your loss threshold when setting your reserves level.
Another consideration is your association’s risk appetite – how much risk the association is willing to accept in pursuit of its strategic objectives. In some pursuits you are willing to accept more risk than others. These factors affect your insurance purchasing decisions.
Your association may be subject to certain laws or regulations requiring specific insurance coverages and limits. For example most states mandate Workers Compensation insurance and the Employee Retirement Income Security Act (ERISA) requires Employee Dishonesty insurance for your fiduciaries.
Contracts are often an overlooked exposure due to an indemnification or hold harmless agreement as well as specific insurance requirements. The person responsible for the insurance program isn’t always informed of the contractual requirements so the insurance program is non-compliant. You could inadvertently breach a contract or have an uninsured exposure.
Before you make cuts in your insurance program adopt a risk financing strategy. Decide what you want to do via retention and financial transfer. Make retention a conscious decision matching your risk appetite. Insurance is another option but don’t forget you can transfer a risk or operation to another party (outsourcing). Just make sure the other party has the right types and amount of insurance to protect both you and them. When necessary buy insurance but base your decisions on your risk financing strategy and organizational goals. You’re less likely to be surprised.
I love all of this talk about innovation because it always leads to discussing risk. I just watched Rita Gunter McGrath a professor at Columbia Business School talk about strategy and innovation in highly uncertain environments at DigitalNow: Association Leadership in a Digital Age. DigitalNow offered a free live stream option for its general sessions.
Dr. McGrath summarizes her view of complexity in her DigitalNow bio:
Complex organizations are far more difficult to manage than merely complicated ones. It’s harder to predict what will happen, because complex systems interact in unexpected ways. It’s harder to make sense of things, because the degree of complexity may lie beyond our cognitive limits.
My ears perked up when she talked about managing risk (or trying to manage uncertainty). She challenged our use of prediction when the world is unpredictable. Every decision has unintended consequences that may lead to failure or unexpected outcomes. But McGrath encourages us to from these “intelligent failures” to improve our decisions.
My favorite subject was Dr. McGrath discussion of resource trade-offs suggesting that redundancy and stockpiled resources are our friend. As the business continuity professionals and Dr. McGrath says: “Time is your friend before a disaster and your enemy afterward.” She followed with “we also over-invest in prevention and under-invest in resilience.” From a risk management perspective I couldn’t agree more. So many associations only focus on preventing a loss from occurring but don’t consider how to respond to the actual event. For example, most associations lack risk management plans for succession, business continuity/disaster recovery, and crisis management and communication. This DigitalNow tweet sums it up (Follow the discussion on Twitter #diginow12)
We all agree that innovation is risky but we don’t do much to manage the risks other than trying to avoid it. If we do nothing we can avoid the risks of innovation. But social media shows us that the greater risk is to do nothing. If associations continue to maintain things as they are we lose our relevance and meaning to the point where we may ultimately die.
The appropriate use of various risk management techniques increases our chances for success. As we evaluate our options we both control or reduce the risks and maximize the opportunities. Our decision may be wrong but with proper planning and analysis we experience an “intelligent failure” instead of a catastrophe.
Risk control techniques let us avoid, prevent or reduce the loss. Building redundancy into our systems and processes (especially information technology) reduces the size of the loss. Back-up of electronic data and software provide redundancy while the use of hosted sites and the cloud segregate your loss exposures (a loss at your office doesn’t affect the hosted sites) and enable a rapid recovery.
So I’ll continue to beat the drum for associations to incorporate risk management into its daily operations and innovative efforts. The identification, analysis and mitigation of risks are crucial to your success and growth as an organization. Risk management is not a separate activity done by a committee but integral to all of your operations, strategic and tactical. Risk management has evolved into an enterprise-wide activity. As Dr. McGrath said associations are complex organizations requiring new management systems and methods. Incorporating enterprise risk management (ERM) in your association helps you with this new complexity.
It has been weeks since the Great Virginia Earthquake of 2011 but we Easterners are still talking about it. While our West Coast friends laughed at us for our naiveté as we stood around wondering what to do in an earthquake. Afterwards, many associations and businesses scrambled to get their employee handbooks and disaster recovery plans updated. Of course it will probably be another 100 years before we have another earthquake but I’m all for being ready.
However there is still a lot of misinformation about what to do in an earthquake. Do you or don’t you get under heavy furniture? Do you sit against an inside or outside wall? When do you leave the building? And so on. So being a risk manager I did some research and decided to rely upon the Federal Emergency Management Agency (FEMA) and the American Red Cross (Earthquake Safety Checklist) for the best information. Both of these sources focus on protecting your home but the same tactics apply for businesses.
Before the Earthquake
You can take some preventive measures to reduce the damage from an earthquake by securing large objects and latching cabinets. Most were lucky with pictures knocked over but the National Cathedral suffered millions of dollars worth of damage.
According to FEMA, What to Do Before an Earthquake, first check for hazards in your home (or office) and find safe places. You should have emergency supplies, a communications plan and work with your community for earthquake preparations. Historically, the earthquake causes some damage but the greater risk is fires from broken electrical and gas lines. In the 1906 San Francisco Earthquake fires from broken gas pipes and electric lines caused most of the damage. Therefore you need to know how to shut off the utilities in your home and office building.
- DROP to the ground;
- Take COVER under a sturdy table or other furniture;
- HOLD ON until the shaking stops;
- Stay AWAY from glass, windows, outside doors and walls, and anything that could fall, such as lighting fixtures or furniture (bookcases, file cabinets, large pictures, etc)
- Stay inside until the shaking stops and it is safe to leave the building.
After the Earthquake
FEMA’s suggestions are to get to a safe place, expect aftershocks and listen to radio, television or social media channels (I added that one) for the latest emergency information. Cell phones and landlines become inoperative quickly so rely upon text messages to communicate. Also the American Red Cross has its Safe and Well website where you can register that you are safe and well. You can also search for other registrants. Many people use their Facebook pages as a check-in site so decide within your family how you will communicate after an earthquake.
If you can and it is safe, help injured or trapped people and administer basic first aid. Also check for hazardous materials such as chemicals, bleach, gas and gasoline. If you can safely clean up the spilled materials do, otherwise keep others away from the dangers.
A little preparation goes a long way whether it’s an earthquake, hurricane or fire. Make your plans for your home and family as well as your business and office. When people know what to do it improves their chances of surviving a disaster. Take the time now to make your plans.
By Leslie White on August 2, 2011
During the CommPartners’ Learning Socially: Associations at the Crossroads Seminar, Susan Robertson, CAE executive vice president of ASAE and president of ASAE Foundation, mentioned a speech by Barry C. Melancon, CPA, chief executive officer, American Institutes of CPAs about risk. Association TRENDS selected Mr. Melancon, as its 2011 Association Executive of the Year. According to Association TRENDS Melancon said that “association executives ‘have an obligation to drive our individual associations forward,’ noting that this cannot happen without taking risks, finding an appropriate balance, and communicating effectively.” You can view his speech here (risk discussion begins around 16:00).
My heart warms when an association executive talks about risk especially one that practices good risk management. Melancon shared his view that an association’s board and key volunteers need to be willing to take risks. The association leaders have to recognize that not every effort will be successful or get the results expected. When an association tries something new and gets unexpected results it is not “failure” but rather an opportunity to learn and move forward.
Innovation and Risk
I’ve written about Innovation and Risk before that an association has to take risks to be creative but be smart about the risks it takes. Risk involves uncertainty; we don’t know the outcomes of our efforts. A lot of us are uncomfortable with uncertainty we still hold the illusion of control. We don’t know if that new service, program, membership model will have the results we want (or expect)? As Jamie Notter tweeted during the seminar
Jamie was talking about social media but the statement holds true for other activities. Some associations are still offering the same arguments against social media – what if someone says something bad about? An employee or member misbehaves? In my first guest post for SocialFish, The Hidden Risks of Social Media: It’s Not What You Think, I declared the greatest social media risk is not being an active participant. If you use social media you are aware negative comments and can respond accordingly. Therefore,
The greatest threat to an association’s survival is to not take any risks; not trying something new or moving forward.
Or another way to say it is failure to take risks leads to failure. Albert Einstein defined insanity as doing the same thing over and over again expecting different results. If you don’t change what you are doing the results won’t change either. The downward spiral will continue until your association becomes completely obsolete and out of business.
Risk Management as Change Agent
So how do we get out of this insanity loop? How do we start taking some risks? A risk averse association isn’t going to change simply by a board or CEO edict; this requires a cultural change. Change doesn’t come quickly to many people or associations but the practice of risk management provides techniques to facilitate change and address people’s fears.
Risk management is about learning to deal with uncertainty; not knowing how people will receive a new initiative or when something bad may happen such as an auto accident, office fire, employee injury, or anything else that goes wrong. You first need to know how your management team and board feel about risk – their appetite for risk, tolerance for uncertainty. If risk averse, you have a bigger challenge to get them comfortable with risk and uncertainty.
Another way risk management is a change agent is by putting risks into perspective. Our first reaction to an idea is its too risky but after evaluating the potential outcomes we realize it is not so bad. The risk may be acceptable or can be mitigated effectively. A part of implementation is to set up the metrics to measure the impact of the change. Through the metrics you find if the results are what you expected or if you need to change some aspect of the project.
Remember everything has its risks but each decision also has the possibility of reward. The new membership model, chapter re-organization, or volunteer management tools may be successful, even exceed expectations. But you won’t know until you do something. Push through the fear and inertia by managing risks. You’ll be amazed at the results.
Many consider risk management the language of “NO.” “No we cannot do X because it is too dangerous or risky.” But this decision is usually made too early in the risk management process before the organization has analyzed its risks to decide if they truly threaten your association. To be effective in managing risks you have to follow all the steps in the risk management process starting with (1) risk identification and (2) risk analysis and prioritization.
Identifying risks seems pretty easy where you just sit around and brainstorm everything that can go wrong with an idea. However the brainstorming approach is limiting and less effective. People’s personal knowledge and worldviews restrict their ability to discern when a good idea is stopped or a more dangerous project goes forward.
Instead of just brainstorming possible negative outcomes you should be identifying all potential events (positive or negative) that affect the organization. To increase your chance for success use a more systematic identification method. The process starts with identifying the values exposed to loss (people, property, income, business operations). Then look at the possible events that can cause a loss. The cause or peril can be natural, human or economic coming from an internal or external source. There are risk checklists and other means of identifying risk available based upon your association’s needs and operations.
The second step of the risk management cycle is to analyze and prioritize the identified risks. Many overlook this step and make decisions based solely on their personal perception of the risk. Without analysis, risk becomes an emotional issue; we are considering the loss of something of value. Each person perceives risk differently (Read Risk and Fear: How Do You Perceive Risk?) and reacts based upon their beliefs. Human beings are not rational; we don’t always act in our own best “rational” interest but our emotions. Many exposures especially liability generate fear that equates to risk for many folks. Fear affects your decisions that may or may not be in the best interests of your organization.
Risk analysis offers a practical and rational approach to counter the emotional responses to risk. In this phase we decide how likely and often an identified event will occur, its potential “frequency.” If you live on the Atlantic or Gulf Coasts there is a higher probability of a hurricane than in the Midwest.
After assigning the level of frequency of an event, you have to rank the potential severity when it happens. Severity is usually evaluated in financial terms – how much it will cost – but can also consider non-financial factors such as reputational damage.
The process of assigning frequency and severity rankings helps people to recognize their fears and perceptions of risk. For example you may be a risk-taker in a group of risk-averse people so you need to acknowledge and address their concerns.
After analyzing the risks we can set our priorities for managing these risks. Not all risks are equal some are more important than others. Through frequency and severity analysis you decide which risks need to be addressed first. Generally any risk with a high severity ranking has to be managed or avoided. An exposure with both high frequency and high severity should be first on your priority list. A low-frequency – low severity risk can perhaps be ignored. By setting priorities attention is focused on managing the most important risks improving your chances for success.
Don’t just identify your risks. Without analysis and setting priorities you can’t be confident you will manage the right exposures and make the best decisions. Analysis enables a full understanding of the risk and selecting the most proper management techniques. Anything less leads to bad decisions and possible harm to your association.
With apologies to my more liberal-minded friends . . .
Risk management is one of those nebulous terms that we all interpret personally. Some think it is a complex, time-consuming process that is only helpful to larger organizations. Others believe it is impractical and/or not worth the effort. You may think it’s valuable but have no idea how to apply its practices and principles to your daily operations. Finally a few have incorporated risk management into their organizational culture and use its concepts daily.
Risk management is simply what you do to prepare for the unexpected. No matter where you are on this continuum, risk management is a part of your daily life if you wear your seatbelt, lock your doors, use passwords or do other everyday tasks. You don’t know if you any of these events are going to occur but you are prepared. The same principle applies to your association.
But how do you prepare for the unexpected – it’s unexpected? Donald Rumsfeld’s “Unknown unknowns” speech offers an explanation.
Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.
Rumsfeld went on to say, “The absence of evidence is not evidence of absence, or vice versa.” He expanded on this in a speech at NATO Headquarters in June 2002:
There’s another way to phrase that and that is that the absence of evidence is not evidence of absence. It is basically saying the same thing in a different way. Simply because you do not have evidence that something exists does not mean that you have evidence that it doesn’t exist. And yet almost always, when we make our threat assessments, when we look at the world, we end up basing it on the first two pieces of that puzzle, rather than all three.
People minimize the need for risk management by the absence of evidence (nothing bad has happened yet). However that doesn’t mean it won’t happen (not evidence of absence). Your association may not yet have had a fire, an auto accident, a social media nightmare, a disruption to your annual meeting or the sudden loss of a key person but that doesn’t mean it can’t happen.
For associations, the “unknown unknowns” are a serious threat because you don’t plan for the unknown event. There will always be “unknown unknowns,” new risks arise, but other people are familiar with these unknowns. A formal or structured risk assessment can help you uncover some of the “unknown unknowns” and plan accordingly.
The foundation of a risk management program is a risk assessment (where you identify and analyze the risks). Through the process you decide if the risks are manageable or significant enough to change your plans. You may decide that your association is not ready to develop that new service until you gather the knowledge and resources needed to do it correctly.
Risk management is not only concerned about “unknown unknowns” but also the other two types of “knowns.” Among the “known knowns” which ones have you addressed? Is your business continuity plan current? Have you assessed and managed the risks associated with volunteers, people driving their cars on your behalf, or employee theft? Employment-related incidents still plaque associations, so what’s the condition of your employee handbook and supervisory training?
“Known unknowns” often cloud our decision-making. Social media terrified many associations because it was a big unknown. Some associations decided to identify, analyze and manage the risks while others just stayed away or prohibited its employees from participating. My assessment of social media risks determined it was manageable and the greatest business risk was to not participate in social media.
You can only be ready to respond to outcomes (good or bad) of a potential event if you have identified what could go wrong (or right) and what you are going to do to try to prevent or respond to the event. Jump in and explore both the “knowns” and “unknowns” to advance your association.