Diagnosing Enterprise Risk from the Operating Perspective

by | Sep 14, 2009 | Business Articles

When businesses think in terms of risk it is generally from the traditional perspective of investments, hedging, and investments.  There is another perspective that precedes that traditional perspective – diagnosing the business to identify operating factors and elements that can lead to financial exposure and loss that can lead to the “enterprise risk” as measured and reported in financial markets.

Daily operations have inherent in them risks associated with transactions and the people involved in the transaction. These “events” are comprised of potential exposure in the following areas:

  • Human Resources
    • Employment Practices
    • Compensation
    • Performance Measurement
    • Succession Planning
  • Accounting/Finance
    • Regulatory – Sarbanes-Oxley, SEC, GAAP, Taxes, etc.
    • Managerial – Performance Reporting and Performance “Management”
    • Financial – Cash, Credit, Assets, etc.
    • Funding Covenants – Grants, Debt, and Equity
  • IT/Infrastructure
    • Privacy
    • Data Security/Firewalls
    • Product/Service Delivery
    • Recovery Plans and backup systems
  • Intellectual Property
    • Infringement
    • Ownership
    • Creation

Risk is inherent in business.  How the business chooses to operate and manage processes impacts how much “additional” risk is added to the process.  The proper controls and proactive processes enable the business to minimize or eliminate areas of exposure that can lead to financial outlays related to “transactional” aspects of the business.

For example, a business can, through working with human resource experts, create policies, procedures, and other tools that facilitate recruiting of qualified candidates and a selection process that utilizes objective, position specific criteria to fill any openings.  The ability to document and objectively select qualified people for the business can minimize the risk of legal action for discriminatory recruiting and hiring practices.

An example related to accounting and financial practices is the process of complying with government grant requirements.  Grants have very specific requirements for tracking costs, calculating burden rates, and excluding certain expenses or costs from projects.  Having an accounting process and system that supports the requirements enables a business to pursue and utilize grant sources to fund the development of new technologies on its way to commercialization.  Failure to comply with those terms or to establish a process that doesn’t place a burden on the business to meet compliance can lead to substantial financial outlays – even being required to repay the grant!

Financial risk results from operational decisions and activities.  It is a critical activity of all businesses to find the balance between acceptable and unacceptable risk – risk that stems from inadequate operational controls and/or lack of attention to areas that have specialized requirements such as HR, Tax, IT, Accounting, etc…  The degree of impact and financial risk varies from business to business.  To begin the process of determining where the business is today on the scale of risk, review the following questions:

  1. What are the qualifications, experience, and expertise of the people filling the following roles in the organization?
    a.    Human Resources Manager, Director, VP
    b.    CFO, Controller, VP Finance
    c.    General Counsel, Internal Legal or Compliance Manager
  2. What intellectual property has been developed or is being developed – who is working on those projects, what is the relationship of those individuals to the company?
    a.    Employee
    b.    Independent contractor
    c.    Consultant
  3. What specific compliance requirements exist for debt, grants, or other funding?
  4. What product or service is being delivered and what are the liabilities associated with it?
  5. How many employees does the business have?
  6. In how many states, countries, or other geographic areas that may have some type of regulatory requirement does the business operate?
  7. If the business has a board of directors and/or advisors, what is the breadth and depth of experience they bring to the business in areas such as finance or operations?
  8. How many “business units” such as R&D or manufacturing does the business have?
  9. Is the company privately-held, closely-held, or publicly-traded?
  10. Does the business sell to other businesses or direct consumers?
  11. What is the potential for environmental or other adverse events such as product tampering, terrorism, nationalization of foreign operations?
  12. How integrated are the business’ processes?
  13. How dependent is the business on technology – whether internet, software, hardware, website, or e-commerce?
  14. What is the nature of the company’s core business?
  15. What is the nature of the business’ intellectual property?
  16. How much and what in the business is outsourced and/or off-shored?
  17. How visible is the company’s “competitive advantage” or “core technology” to vendors, customers, and employees?
  18. If there are strategic partnerships, joint ventures, or other “relationships”, how many of them are domestic?  foreign? How are the agreements governed and the intellectual property protected – within the US and outside the US?
  19. What stage is the industry in?
  20. What is the availability of “skilled” or “professional” workers needed by the business?
  21. Is the business seasonal or cyclical?

The topic of risk isn’t complete without touching on insurance.  Insurance is certainly a tool for addressing the degree of risk that comes from being in business and from the litigiousness of society today.  Regardless of how careful a business is lawsuits and other events can occur.  Once an assessment of the areas of risk and level of risk has been reviewed, it is time to look at the options for “covering” exposure through various types of insurance.

The insurance industry provides a wide selection of insurance types and coverage.  Some of the insurance categories that may be necessary to the business include the following:

  • General, Product, and Umbrella Liability
  • General Property including special coverage Floods, etc.
  • Life – including Key Person
  • Directors and Officers
  • Errors and Omissions
  • Commercial and Non-owned, and other vehicle
  • Business Interruption
  • Business Expense
  • Workers Compensation
  • Internet/e-commerce
  • Employment Practices

Understanding the types, nature, and limitations of each insurance coverage is critical to assuring the business has coverage for “inherent” risks of operations.  The nature of the business, the industry, geographic regions, and products/services offered all have significant impact on what coverage is needed and available.  Also, the stage of the business can limit the amount of coverage under some types and policies.  Many times an early stage company will be limited in the amount of Directors and Officers insurance coverage allowed – say $5,000,000 cap due to the nature and “experience” of the business.

Every business should be able to find some level of coverage. It may not be complete – due to affordability, restrictions on what can be offered, etc. – but some insurance is better than none.  Here are a few things to consider related to insurance:

  • Shop through brokers and utilize on-line resources to gain an understanding of the available options.
  • Take time to understand the aspects of insurance coverage critical to the business.
  • Read and review all aspects of insurance policies.
  • Have an attorney who deals with insurance review and explain the policies.

Copyright © 2004 Lea A. Strickland, F.O.C.U.S. Resource, Inc.

Verified by ExactMetrics