20 Risk Management Terms Explained

20 Risk Management Terms Explained

 

LUTZ BUSINESS INSIGHTS

 

20 RISK MANAGEMENT TERMS EXPLAINED

20 Risk Management Terms Explained

Robert keenan, chief information & risk officer

 

All organizations face risks that could harm to their reputation, potentially cost them money, or worse, their future. Therefore, risk management needs to be a central part of every business. Essentially, risk management keeps the current and potential risks forefront in owners/CEOs/Executives’ mind. A risk management plan enables you to strategize tactics to help avoid potential threats, diminish their impact, and advance your company’s resilience. This blog will take a deep dive into the most common terms used during the risk management process to help you better understand the subject. 

 

1. Enterprise Risk Management (ERM)/ Business Continuity plan (BCP)/ Contingency Planning (CP)

ERM is the process of detecting and procedurally addressing potential business risks. ERM’s objective is to develop an all-inclusive portfolio view of all the risks (both negative and positive) in a top-down list depending on the significance of the impact.

Contingency planning acts as a fallback plan for high exposure risk capable of grounding all the business operations. For example, what happens when the backup hard disk gets corrupted in a ransomware or malware attack on the corporate data? This process establishes policies, strategies, methods, and actions to be taken in the event of a risk. The objective is to lessen as much as possible impacts by outlining how to cope during interruption of service. A BCP plan highlights the specific procedure to be taken in the event of a contingency.

2. Disaster recovery planning

Designing how the business should continue operations or services in the event of a calamity (ex. Flood, tornado or power outage) that disorders the normal flow of the activities or services.

3. Compliance risk profile

A compilation of risks emanating from non-adherence to a set of compliance practices such as regulations, rules, laws, policies, or ethical standards in the industry.

4. Control Assessment

Identifying, reviewing, and analyzing the current and missing controls to ascertain whether they are enough or are working efficiently. This is essential because as the business environment and nature of operations change, its risk profile also changes.

5. Emergent/emerging risk

These are previously poorly estimated or understood risks, but they are projected to grow significantly due to internal or external changes. The differentiating factor is that emergent threats lack a track record essential in estimating the likelihoods and likely losses.

6. Incident

One or several occurrences, or even a non-occurrence. Also known as an event, it can also denote a change in settings or circumstances. You expect all incidents to have causes and repercussions. 

7. Inherent risk or impact

The risk springing from inherent probability. i.e., an inherent risk is that which can strike when no controls are in place or the current extenuating measures fail.

Note: A quantified measure in the monetary value of the risk if it crystalized and there were no mitigation measures in place to control the impact.

8. Key Risk Indicators (KRIs)

Part of critical indicators responsible for monitoring the potential issues in an organization. Specifically, KRIs refer to vital indicators that predict unfriendly incidents that poorly impact the company, achieved by tracking changes in risk exposure levels.

9. Mitigation

Necessary steps, controls, measures, procedures, or tools deployed to reduce the risk probability and/or reduce the impact of such possible threats.

10. Operation Risk

The risk stemming from the company’s business processes or failure/inadequacy in internal processes, systems, and other entities.

11. Reputation Risk

Current or future risks to the business coming from negative public reviews, sentiments, or perceptions.

12. Residual impact

The impact that occurs when a risk materializes even after applying all the necessary controls, monitoring, and guarantee processes.

13. Residual risk

A risk that remains after you have considered the existing control environment and applied the controls around it.

14. Risk analysis

Process of understanding the nature, source, and causes of a risk after its identification and then studying the impacts and existing controls.

15. Risk attitude

The general approach an organization takes in assessing and addressing risks. Corporate’s risk attitude is vital in telling risk tolerance levels and if the mitigating actions are implemented on time.

16. Risk evaluation

The method used in comparing risk analysis results to determine if a particular likelihood of risk is within acceptable levels.

17. Risk identification

Process of finding, recognizing, and describing risks to quantify possible areas that can affect achieving the set objectives. This process uses historical data, theoretical analysis, opinions, professional advice, and stakeholder input to identify the underlying risks fully.

18. Risk management

Complete set of activities and procedures that direct an organization’s operations and how it controls the various risks that can negatively impact its objectives. It includes risk management principles, frameworks, and processes.

19. Risk mitigation

Efforts taken to either reduce the likelihood or impact of a risk.

20. Vulnerability

The organization’s susceptibility to risk incidents depending on readiness, agility, and adaptability.

 

Contact us today to learn more about how you can implement an effective risk management plan in your business. You can also read more about our risk assessment offering here.

ABOUT THE AUTHOR

402.763.2973

rkeenan@lutz.us

LINKEDIN

ROBERT KEENAN + CHIEF INFORMATION & RISK OFFICER

Robert Keenan is the Chief Information & Risk Officer at Lutz with over 20 years of compliance and operational risk experience. He focuses on risk management, compliance, and security for the firm, and will partner with the operations team to drive process improvement and operational efficiencies for Lutz.

AREAS OF FOCUS
  • Risk Management & Compliance
  • Operations
AFFILIATIONS AND CREDENTIALS
  • Association of Certified Fraud Examiners
  • Society of Compliance and Ethics Professionals
  • National Society of Compliance Professionals
  • Certified Fraud Examiner
  • Certified Compliance and Ethics Professional
EDUCATIONAL BACKGROUND
  • BA in Finance, University of Oklahoma, Norman, OK
  • MPA, Drake University, Des Moines, IA
COMMUNITY SERVICE
  • Association of Certified Fraud Examiners - Heartland Chapter, Past Board Member

SIGN UP FOR OUR NEWSLETTERS!

We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

What is a Comprehensive Risk Assessment? Does My Company Need One?

What is a Comprehensive Risk Assessment? Does My Company Need One?

 

LUTZ BUSINESS INSIGHTS

 

WHAT IS A COMPREHENSIVE RISK ASSESSMENT

what is a comprehensive risk assessment? does my company need one?

robert keenan, chief information & risk officer

 

Starting, running, or managing a business requires you to take risks. However, it is important to establish a risk management plan for any business endeavor in order to be successful. Risk management helps companies prepare for unanticipated future occurrences. To start managing your risk, you will need to conduct a comprehensive risk assessment.

 

What is a Comprehensive Risk Assessment?

A risk assessment is an organized method of identifying possible risks involved while carrying out a particular activity. Therefore, a comprehensive risk assessment goes one step further by discovering the risks and then categorizing them into three major classes: high, medium, or low risk.

The assessment provides an all-inclusive report detailing risks your business is currently or could potentially face. After discovery, each risk is then evaluated independently to determine the likelihood of them happening and rating each accordingly ordered from high to low.

Finally, the efforts required to remedy are indicated according to the ease of doing so (usually from easy to challenging). Quick and straightforward procedures (requiring, for example, less budget or resources) are implemented first, closely followed by medium-rated, and finally, the more difficult ones. 

 

What Does a Comprehensive Risk Assessment Cover?

1. Compliance and Operational Risk Review

Businesses across different industries must comply with various regulations and compliance requirements. Additionally, many firms and organizations continue to experience rising threats of non-financial risks, which include technology failures and operational mistakes. Thus, it is vital to conduct a review to ascertain that you are not only adhering to the laws governing the operations of your business but are also upholding operational risks at a manageable level.

Failing to conduct a compliance and operational risk assessment may lead corporate to losses, expensive litigation or fines, remediation costs from non-adherence to compliance, employee safety issues, or damage to the business’s reputation. The review encompasses a complete assessment of everything that touches compliance, operations, organizational structure resources, location, training, and policy & procedures.

2. Physical Security Assessment

This form of assessment can answer most of your questions as a business owner or executive. What are the biggest risks to my physical structure and my most valuable asset, my employees? Where is the business most susceptible?

A physical security assessment refers to an evaluation performed on the assets to be protected and the best strategies to employ outstanding protection measures. The review helps you to fix:

  •  Major threats facing your people and property.
  • Loopholes or weak points you may have disregarded previously.
  • Priority on how to tackle each item suitably.

The output of the security assessment highlights the following areas and give corresponding recommendations on what to do in each:

  • Physical restrictions or access control of the assets.
  • Reviews the security of the staff members when they are in your physical buildings/locations.
  • Establishes an emergency communication strategy.
  • Ensures there is a rapid response notification system in place.

3. Technology Assessment

Today, businesses rely on technology for almost all business functions. From email to document storage, inventory, and other day-to-day tasks, your business most likely operates online in one way or another. What would happen if your technology failed? Does your company have an efficient disaster & recovery plan? How effective are your existing data security measures?

Cybersecurity threats continue to rise as technology advances and attacks become more sophisticated. A high-level cybersecurity assessment is designed to identify the risks to one of the most vital corporate assets, your data. This review seeks to determine whether your business is well-prepared to frustrate attempts by cybercriminals to gain illegal or unauthorized access to your business data and networks. It also determines whether you have conducted security awareness training (SAT) and implemented advanced endpoint protection of your system.

4. Fraud Risk Assessment

The last thing you would want to ignore in business is fraud and potential fraudulent deals. A fraud assessment enables you to identify possible areas and gaps in your current controls that pose a risk to your organization. Basically, a fraud review reveals unknown dangers, especially when there are changes in internal processes and controls, organizational structure, or segregation of duties among various personnel. The fraud assessment will review the appropriate diligence procedures, employee threats, ineffective or non-existing controls, and protection and implementation plans.

 

Does Your Company Need a Comprehensive Risk Assessment?

Before you can decide whether requesting a comprehensive risk assessment is right for your business, you should ask yourself the following questions:

1. Do I have a feeling that I am missing something? 

If you feel this way, an assessment can help relieve and assure you if what you currently have in place is enough or if changes or improvements need to be made. For instance, many businesses were unprepared for the COVID-19 pandemic that hit the world in 2020. 2021 still holds many uncertainties – have you thought about and prepared for everything?

2. Do you have policies/protocol(s) in place? Are they enough?

If your response is no or you are unsure, you need a risk assessment to help put the necessary policies or protocols in place to remain safe and compliant. If you responded yes, a risk assessment would still help by reviewing your policies to ensure they are practical and obliging. This is because policies often change, so you need to assess them regularly.

3. Do you currently or did you recently have an issue?

A risk assessment can help to develop a plan to mitigate any identified risks exclusively.

4. What is the fallout and damage control?

A comprehensive risk assessment will help you identify what damage could be caused by each potential risk and help you prepare a strategic plan to mitigate such events.

5. Do you have an internal employee that monitors your processes and procedures?

When a new process is added or significant changes are made to your operations, a risk assessment should be conducted to ensure you capture any new potential threats or unplanned outcomes/consequences to remain prepared and compliant.

Conclusively, a comprehensive risk assessment will help you understand all the threats that could create problems for you and your company and create a proper plan for mitigating and addressing these issues. If you have any questions, please contact us. You can also learn more about our risk assessment services here.

ABOUT THE AUTHOR

402.763.2973

rkeenan@lutz.us

LINKEDIN

ROBERT KEENAN + CHIEF INFORMATION & RISK OFFICER

Robert Keenan is the Chief Information & Risk Officer at Lutz with over 20 years of compliance and operational risk experience. He focuses on risk management, compliance, and security for the firm, and will partner with the operations team to drive process improvement and operational efficiencies for Lutz.

AREAS OF FOCUS
  • Risk Management & Compliance
  • Operations
AFFILIATIONS AND CREDENTIALS
  • Association of Certified Fraud Examiners
  • Society of Compliance and Ethics Professionals
  • National Society of Compliance Professionals
  • Certified Fraud Examiner
  • Certified Compliance and Ethics Professional
EDUCATIONAL BACKGROUND
  • BA in Finance, University of Oklahoma, Norman, OK
  • MPA, Drake University, Des Moines, IA
COMMUNITY SERVICE
  • Association of Certified Fraud Examiners - Heartland Chapter, Past Board Member

SIGN UP FOR OUR NEWSLETTERS!

We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

Why You Should Have a Business Continuity Plan in Place

Why You Should Have a Business Continuity Plan in Place

 

LUTZ BUSINESS INSIGHTS

 

WHY YOU SHOULD HAVE A BUSINESS CONTINUITY PLAN IN PLACE

Why You Should Have a Business Continuity Plan in Place

SCOTT KROEGER, LUTZ TECH SHAREHOLDER

 

Businesses rarely know before a disaster strikes. For this reason, it is crucial to ensure your business is prepared to overcome any damaging threats that could come its way. This is where a business continuity plan comes into action. 

A business continuity plan (BCP) details procedures and processes designed to help maintain operations or restore them as quickly as possible in the event of significant disruption. Without a comprehensive plan, businesses run the risk of experiencing financial loss, extended downtime, and even damage to their brand’s reputation. This guide will help you understand the importance of implementing a disaster recovery plan and how to get started creating one. 

 

What is Business Continuity? 

Business continuity is the idea of safeguarding your company by preparing for potential crises. Having a plan in place gives you peace of mind that your core business functions and operations will not be severely affected by the known or unforeseen incident, ensuring the business can continue functioning during and after the disruption. 

 

Why is Having a Business Continuity Plan Important? 

Here are the six main benefits of having a business continuity plan in place:

1. Maintain business operations

The main goal of a BCP is to protect personnel and assets while keeping the business operational during a disaster. 

2. Build customer confidence

Companies that are transparent about their ongoing business continuity efforts show their customers that they are committed to providing service — no matter what. This builds trust and confidence among customers and other outside parties you do business with.

3. Preserve your brand value and reputation

Businesses that are not prepared to handle disruptions risk appearing incompetent to the public. A BCP ensures a smooth recovery, preserving your stellar reputation and carefully crafted brand value.

4. Protect the supply chain

A BCP details processes and procedures necessary to ensure your supply chain will be protected in the event of a disaster, ensuring you can continue delivering products and services as promised. 

5. Mitigate financial risk

Disruptions are costly, but with the right plans to restore operations quickly, you can minimize your losses as much as possible. 

6. Gives you a competitive advantage

Your ability to respond and get back up and running after a disaster will go a long way in showing customers and potential business partners that your brand is one of the best. 

 

Top Threats to Business Continuity 

Before you start creating a business continuity plan, you need to conduct a vulnerability assessment to understand your company’s potential risks. Every company has different industry-specific threats, but the following are the most common risks affecting businesses in various industries. 

1. Global Pandemics

As we have witnessed through the recent COVID-19 pandemic, global pandemics can throw a wrench in business operations and even force employees to work from home. Companies should establish adequate policies to cover increased employee absence and have an effective succession plan for those with critical roles. You should also implement a reliable communication model to ensure employees can collaborate at all times. Additionally, plan for possible supply chain disruptions by identifying alternative suppliers in your BCP.

2. Natural Disasters

The frequency and severity of natural disasters like earthquakes, flooding, storms, wildfires, and hurricanes are rising. These events often strike with little to no warning. They can throw businesses in disarray, halting operations, disrupting supply chains through affected areas, and causing severe damage to physical infrastructures. Business continuity plans should incorporate the potential economic and operational impact of such events.

3. Utility Outages

Utility disruptions, such as an extended power failure, can present significant challenges and potential financial losses for businesses. They can result in data and production loss and equipment damage. Your BCP should factor in the impact of utility disruptions and provide options to mitigate the risks, such as backup generators. 

4. Cyberattacks

Cyberattacks are critical threats you need to include in your BCP. These refer to any attack on the company’s technical assets such as ransomware, data theft, denial of service (DDOS) attacks, and SQL injections. Therefore, businesses must formulate cybersecurity strategies to ensure they are prepared for incident response and recovery.

 

Developing a Business Continuity Plan 

Here is a step-by-step guide on how to create a reliable BCP that works.  

1. Identify the Scope of the Plan

The BCP should have a broad scope if it is to effectively address the many disaster situations that could affect the business. A BCP broadly applies to all critical business functions, including IT, operations, public relations, human resources, and more. 

2. Identify Key Stakeholders

Select the critical stakeholders of each department in your company to form a business continuity management team that will implement and execute the BCP. It is advisable to designate one person as the team leader and ensure they have the authority to get things done.

3. Identify Critical Functions

To develop a good BCP, conduct a risk assessment and business impact analysis (BIA) to identify essential functions without which the company cannot operate smoothly. For example, if you are running an e-commerce business, critical functions could be inventory management, order fulfillment, e-commerce platform functionality, or supply continuity.

4. Identify Dependencies Between Various Business Areas and Functions

This helps you determine the order in which lost functions must be restored to understand where to allocate resources. A business function with more business processes relying on it to be operational should have a higher priority during resource allocation. 

5. Determine Acceptable Downtime for Each Critical Function

Document the acceptable minimum levels of operations each function can afford and identify the time frame necessary to restore it to full operation. 

6. Create a Plan to Maintain Operations

Identifying threats to your organization is crucial but knowing how to react and recover is essential to bouncing back after an unanticipated event. This stage involves identifying strategies to maintain operations and describes how to implement them. 

7. Develop a Testing and Training Program

Perhaps the most crucial step is to test and maintain your plan. This could include basic training and an overview of the BCP or more in-depth drills such as tabletop exercises and simulations. This is an effective way to ensure your employees are fully trained on emergency procedures in case of a disruption.

 

The Importance of Reviewing and Testing Your Business Continuity Plan 

Business continuity planning should evolve with your company. With changing technology, environmental conditions, personnel, and organizational structures, your BCP can quickly become outdated and unusable.

Performing ongoing tests and reviews helps you identify any weaknesses or gaps in the BCP for improvement. This keeps it up to date, ensuring your plan fits your organization’s needs increasing the chances for smooth and safe execution. It is advisable to review your business continuity plan at least once a year. However, review frequency can depend on employee turnover and changes to business processes and IT. 

 

Bottom Line

No one can predict the future, but companies can minimize financial loss and other adverse effects of business disruption with a sound business continuity plan in place. Contact us if you have any questions or click here to learn more about our technology offerings.

ABOUT THE AUTHOR

402.827.2304

skroeger@lutz.us

SCOTT KROEGER + LUTZ TECH SHAREHOLDER

Scott Kroeger is a Lutz Tech Shareholder with over 15 years of technology related experience. His primary responsibilities include overseeing the areas of managed technology services, custom software development, and creative services. In addition, he provides CIO level consulting to clients.

AREAS OF FOCUS
  • Sales and Operations
  • CIO Level Consulting
  • Managed Technology Services
  • Custom Software Development
  • Creative Services
  • Interface Design
  • Web Technologies
  • Systems Infrastructure
  • Databases
  • Programming
  • Application Integration
EDUCATIONAL BACKGROUND
  • BA in Computer Science, DePauw University, Greencastle, IN
  • Institute of European Studies, Freiburg, Germany
COMMUNITY SERVICE
  • Omaha Children’s Museum, Past Board Member

SIGN UP FOR OUR NEWSLETTERS!

We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

4 Data Analytics Tools Your Company Should Be Using

4 Data Analytics Tools Your Company Should Be Using

 

LUTZ BUSINESS INSIGHTS

 

4 DATA ANALYTICS TOOLS YOUR COMPANY SHOULD BE USING

4 data analytics tools your company should be using

tony desantis, data analytics manager

 

If businesses wonder where they can obtain more information about customer insights, leaks in productivity and efficiencies, and how to increase their revenue, they need to look no further than the data they already collect each day. While many organizations understand that the data they collect contains vital information, some may be unsure of the simple tools they can use to analyze it. This article reviews four tools for businesses that want to incorporate data analytics into their overall business strategy.

 

Microsoft Excel 

For smaller businesses, there is no better place to get started with data analytics than the Excel spreadsheets you likely use every day. While Excel may seem like a less than momentous choice, it is familiarity and reliability are precisely the reasons why businesses should not overlook this tool. Many businesses already use Excel spreadsheets or at least have the package available, which means they will not have to invest money into another software product. In addition, the learning curve for Excel is minimal, so businesses can get up and running very quickly.

Microsoft has also made some enhancements to Excel over the years, which can help businesses construct a variety of analytics ranging from basic models to more complex forecasting. Two such enhancements include their Power Query feature and their Analysis ToolPak.

The biggest drawback of using Microsoft Excel for data analytics projects is its inability to scale; both in volume of data and the ability to connect multiple data sources. As businesses grow, they continue to collect data, requiring a robust, easily adaptable tool that can handle their data analytics projects’ increased size and complexity.

 

Data Visualization Tools

Data visualization tools are available for both smaller and larger organizations, with some visualization tools either already part of a larger software package or available as an independent application such as Microsoft’s Power BI or Tableau. Regardless, visualization tools are helpful in analyzing data through their ability to connect large volumes of disparate information and present it in useful formats such as a chart or a dashboard. These visual formats allow users to see both trends and patterns, as well as data anomalies. 

The visualization tools today will also allow users to explore their data; allowing users to slice and dice data on the fly. As a result, users can ask questions of the data, identify answers, and highlight anomalies/areas that may need further investigation.

 

Robotic Process Automation

Robotic process automation (RPA) is an automated technology consisting of software bots or “digital workers” using artificial intelligence. While smaller businesses may have assumed these types of tools are out of their reach, that is not necessarily the case. There are a number of no or low code options available, making these types of tools available to organizations both large and small.

RPAs are capable of performing a multitude of functions, including moving data from legacy applications to a data store or repository, cleaning and standardizing data, saving file attachments to emails, and automatically combining files into a specified folder. By automating the process of aggregating data, RPA can free up resources so users can focus on performing analysis or reviewing analytics output.

 

Text Analytics Tools

Last but not least are text analytics tools. These tools are invaluable for a multitude of tasks. For companies who have large amounts of unstructured data such as emails, Word documents, call logs, service requests, or customer reviews, text analytics tools can help in the analysis process of these types of information.

Text analytics tools read and process text by way of Natural Language Processing (NLP). They can help determine whether a customer is happy or dissatisfied by identifying high-frequency phrases or words. These tools are also often found in chatbots, utilizing RPA processes, and they can also create written text from analysis of data through Natural Language Generation (NLG).

 

Selecting the Right Tool

Each company must determine what its particular goals are when it comes to developing a sound analytics strategy. The tools and techniques they employ will depend upon what insights they hope to discover within their data. Depending upon their strategy, organizations may chart a course of gradual expansion of data analytics processes or decide to take a more aggressive approach and employ a variety of tools and techniques to help them reach their goals. If you would like to learn more about leveraging the power of analytical tools to strengthen and grow your business, please contact us.

ABOUT THE AUTHOR

Tony DeSantis

402.496.8800

tdesantis@lutz.us

LINKEDIN

TONY DESANTIS + DATA ANALYTICS MANAGER

Tony DeSantis is a Data Analytics Manager at Lutz with over 20 years of experience. He is responsible for interpreting and analyzing data, as well as designing report visuals in support of client engagements. In addition, he specializes in data management and the application of artificial intelligence to simplify business processes.

AREAS OF FOCUS
  • Data Analytics
  • Data Visualization
  • Data Management
  • Artificial Intelligence
  • Forensic Analytics
EDUCATIONAL BACKGROUND
  • BS in Finance and Operations, Minor in Management Information Systems, University of Delaware, Newark, DE
COMMUNITY SERVICE
  • Junior Achievement, Volunteer
  • Gilda's Club Chicago, Past Board Member

SIGN UP FOR OUR NEWSLETTERS!

We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

Lutz Launches Data Analytics & Insights Service Line

Lutz Launches Data Analytics & Insights Service Line

 

LUTZ BUSINESS INSIGHTS

 

Lutz launches data analytics & insights service line

Lutz, a Nebraska-based business solutions firm, recently announced a new service offering, Data Analytics & Insights. Offerings include data visualization, data and statistical analytics, analytics strategy development and information management. In addition, our team can assist clients with their data migration, integration, workflow automation and training needs.

Tony DeSantis, Data Analytics Manager at Lutz, said, “Businesses have a wealth of information at their fingertips. However, many struggle to tap into this valuable resource or understand what their data can tell them. Our goal is to simplify the process and help businesses leverage their data to uncover the answers to their most pressing questions. By analyzing your data, we will provide actionable insights that your business can use to increase revenue, decrease costs, anticipate changes and drive client satisfaction.

Lutz’s Data Analytics and Insights service offers a personalized approach to business intelligence, analytics and automation.

“Technology has always been at the forefront of our business. The development of our data analytics service represents our continued commitment to technological advancement and focus on client success. Our combination of deep industry experience and unique analytics skill sets allow us to drive insights and opportunities for our clients. We are excited to see how this offering will help Lutz and our customers grow and prosper,” said Mark Duren, Lutz Managing Shareholder.

Learn more about Lutz’s Data Analytics & Insights offering here: https://www.lutz.us/services/consulting/data-analytics/

RECENT POSTS

SIGN UP FOR OUR NEWSLETTERS!

We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021

How To Avoid Being Negligent When It Comes To Risk

How To Avoid Being Negligent When It Comes To Risk

 

LUTZ BUSINESS INSIGHTS

 

HOW TO AVOID BEING NEGLIGENT WHEN IT COMES TO RISK

how to avoid being negligent when it comes to risk

robert keenan, chief information & risk officer

 

Risk is something that we all face in our day-to-day journeys, no matter who we are or what we do in life. If left unexamined, these risks could either create a small bump in the road or end up providing significant challenges that are difficult to recover from. The only difference between the two is whether you’ve neglected to plan ahead or not. When you’re running a business, you can’t afford to be negligent when it comes to risks and planning for them. These six steps will help you get started.

1. Start With Due Diligence

To properly mitigate your risks and avoid negligence, you first have to know what risks your company may face. Is your customer’s data safe? What about the personal safety of them or your employees? Is your building or product at risk for theft or harm? What events could disrupt your daily business or end up creating lawsuits? Asking yourself these questions will help you assess every way your company can either be a risk or be at risk. In summary, ask yourself, “What keeps you up at night?” or “Why do you have that nagging feeling that you are forgetting something?”

By doing your due diligence, not only are you identifying all the issues you’re prone to run into, but you’re beginning to protect your customers, employees, and business as well. Mitigating risks can save you precious time and money that might otherwise be spent on refunds, lawsuits, or workman’s compensation benefits. It will also help boost your reputation as people will view you as trustworthy and reliable partner.

2. Form A Mitigation Plan

Now that you’ve got a good idea of where your risks are coming from, it’s time to figure out what you need to do about them. 

In an ideal world, simple prevention measures would be enough to take care of all your problems. However, this is often not the case, and you’ll need to come up with a backup plan to ensure that all of your bases are covered. While simply preventing a problem from occurring in the first place is going to be your foremost goal, you always need to have alternate action plans in place to help mitigate worst-case scenarios. For example, you have fire insurance in case something terrible happens, but the follow-up is, “Where will you go when your building burns down. What was in the building that insurance/money can’t replace?”

It’s also important to remember that there are some situations that, no matter what you do, you won’t be able to prevent. However, it’s still vital to ensure you’ve got a plan of action prepared since you never know exactly how an issue will present itself and what other unforeseen problems might arise from it. COVID-19 is a perfect example.

3. Consult With Professionals

When forming your risk mitigation plans, you need to consider all the resources you have at your disposal. One resource you want to be sure to utilize is a risk assessment professional. Their very nature is to help you plan, “What are all the things that can go wrong, and what are the chances that certain things will go wrong?” They can help you be sure that you’re doing everything you can to protect your business. These professionals will have access to resources that you may not, and an outside perspective can help you see issues or view things at angles you might have missed yourself. They help you get over the fear of the unknown.

4. Perform Regular Inspections/Assessments

You’ve assessed your risks and created an action plan, so the job is done, right? No, it is not. Regular inspections and follow-up assessments of your action plan and risk points are an essential part of your risk mitigation journey. Not only are regular inspections required for safety issues, if you’re not assessing and inspecting your problem areas on a scheduled basis, you’ll have no idea if your plans are working properly or not. You’ll also be missing other potential issues that may crop up from the action plans you’ve created if you’re not vigilant. Has your company experienced growth? Are the plans in place now satisfactory for the future? After an issue occurs, how do you put plans in place to ensure that it doesn’t happen again?

5. Establish Clear Communication and Education

Proper education and clear communication with your staff and other involved parties will be the bridge between the plans you put on paper and their successful execution.

Improperly trained employees, lack of clear instructions, and failing to communicate important changes can turn even the best risk mitigation plans into a disaster. Steps could be missed, time and money would be wasted, and dangerous situations could be created, increasing your risk instead of reducing it.

6. Keep Clear, Concise, And Updated Documentation of Everything

The last step in your risk mitigation journey is making sure you’re documenting everything that you do. This should be evaluated against a project plan that you developed with your risk professional in the due diligence phase. Every consultation, plan adjustment, assessment and inspection, all training and communication events, and records of any incidents that occurred all have to be properly documented and easily accessible.

If you miss this step, then when something eventually does happen, you won’t be able to prove that you’ve done everything you possibly can to prevent the incident or mitigate the severity of the outcome. Even if you’ve executed everything flawlessly, you can still end up being negligent if you don’t have the paper trail required to cover you.

No matter where you are in your risk assessment journey, we have the tools necessary to ensure you get it done right. Contact us if you have any questions or to get started with a risk assessment.

ABOUT THE AUTHOR

402.763.2973

rkeenan@lutz.us

LINKEDIN

ROBERT KEENAN + CHIEF INFORMATION & RISK OFFICER

Robert Keenan is the Chief Information & Risk Officer at Lutz with over 20 years of compliance and operational risk experience. He focuses on risk management, compliance, and security for the firm, and will partner with the operations team to drive process improvement and operational efficiencies for Lutz.

AREAS OF FOCUS
  • Risk Management & Compliance
  • Operations
AFFILIATIONS AND CREDENTIALS
  • Association of Certified Fraud Examiners
  • Society of Compliance and Ethics Professionals
  • National Society of Compliance Professionals
  • Certified Fraud Examiner
  • Certified Compliance and Ethics Professional
EDUCATIONAL BACKGROUND
  • BA in Finance, University of Oklahoma, Norman, OK
  • MPA, Drake University, Des Moines, IA
COMMUNITY SERVICE
  • Association of Certified Fraud Examiners - Heartland Chapter, Past Board Member

SIGN UP FOR OUR NEWSLETTERS!

We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021