how to avoid being negligent when it comes to risk

robert keenan, chief information & risk officer


Risk is something that we all face in our day-to-day journeys, no matter who we are or what we do in life. If left unexamined, these risks could either create a small bump in the road or end up providing significant challenges that are difficult to recover from. The only difference between the two is whether you’ve neglected to plan ahead or not. When you’re running a business, you can’t afford to be negligent when it comes to risks and planning for them. These six steps will help you get started.

1. Start With Due Diligence

To properly mitigate your risks and avoid negligence, you first have to know what risks your company may face. Is your customer’s data safe? What about the personal safety of them or your employees? Is your building or product at risk for theft or harm? What events could disrupt your daily business or end up creating lawsuits? Asking yourself these questions will help you assess every way your company can either be a risk or be at risk. In summary, ask yourself, “What keeps you up at night?” or “Why do you have that nagging feeling that you are forgetting something?”

By doing your due diligence, not only are you identifying all the issues you’re prone to run into, but you’re beginning to protect your customers, employees, and business as well. Mitigating risks can save you precious time and money that might otherwise be spent on refunds, lawsuits, or workman’s compensation benefits. It will also help boost your reputation as people will view you as trustworthy and reliable partner.

2. Form A Mitigation Plan

Now that you’ve got a good idea of where your risks are coming from, it’s time to figure out what you need to do about them. 

In an ideal world, simple prevention measures would be enough to take care of all your problems. However, this is often not the case, and you’ll need to come up with a backup plan to ensure that all of your bases are covered. While simply preventing a problem from occurring in the first place is going to be your foremost goal, you always need to have alternate action plans in place to help mitigate worst-case scenarios. For example, you have fire insurance in case something terrible happens, but the follow-up is, “Where will you go when your building burns down. What was in the building that insurance/money can’t replace?”

It’s also important to remember that there are some situations that, no matter what you do, you won’t be able to prevent. However, it’s still vital to ensure you’ve got a plan of action prepared since you never know exactly how an issue will present itself and what other unforeseen problems might arise from it. COVID-19 is a perfect example.

3. Consult With Professionals

When forming your risk mitigation plans, you need to consider all the resources you have at your disposal. One resource you want to be sure to utilize is a risk assessment professional. Their very nature is to help you plan, “What are all the things that can go wrong, and what are the chances that certain things will go wrong?” They can help you be sure that you’re doing everything you can to protect your business. These professionals will have access to resources that you may not, and an outside perspective can help you see issues or view things at angles you might have missed yourself. They help you get over the fear of the unknown.

4. Perform Regular Inspections/Assessments

You’ve assessed your risks and created an action plan, so the job is done, right? No, it is not. Regular inspections and follow-up assessments of your action plan and risk points are an essential part of your risk mitigation journey. Not only are regular inspections required for safety issues, if you’re not assessing and inspecting your problem areas on a scheduled basis, you’ll have no idea if your plans are working properly or not. You’ll also be missing other potential issues that may crop up from the action plans you’ve created if you’re not vigilant. Has your company experienced growth? Are the plans in place now satisfactory for the future? After an issue occurs, how do you put plans in place to ensure that it doesn’t happen again?

5. Establish Clear Communication and Education

Proper education and clear communication with your staff and other involved parties will be the bridge between the plans you put on paper and their successful execution.

Improperly trained employees, lack of clear instructions, and failing to communicate important changes can turn even the best risk mitigation plans into a disaster. Steps could be missed, time and money would be wasted, and dangerous situations could be created, increasing your risk instead of reducing it.

6. Keep Clear, Concise, And Updated Documentation of Everything

The last step in your risk mitigation journey is making sure you’re documenting everything that you do. This should be evaluated against a project plan that you developed with your risk professional in the due diligence phase. Every consultation, plan adjustment, assessment and inspection, all training and communication events, and records of any incidents that occurred all have to be properly documented and easily accessible.

If you miss this step, then when something eventually does happen, you won’t be able to prove that you’ve done everything you possibly can to prevent the incident or mitigate the severity of the outcome. Even if you’ve executed everything flawlessly, you can still end up being negligent if you don’t have the paper trail required to cover you.

No matter where you are in your risk assessment journey, we have the tools necessary to ensure you get it done right. Contact us if you have any questions or to get started with a risk assessment.





Robert Keenan is the Chief Information & Risk Officer at Lutz with over 20 years of compliance and operational risk experience. He focuses on risk management, compliance, and security for the firm, and will partner with the operations team to drive process improvement and operational efficiencies for Lutz.

  • Risk Management & Compliance
  • Operations
  • Association of Certified Fraud Examiners
  • Society of Compliance and Ethics Professionals
  • National Society of Compliance Professionals
  • Certified Fraud Examiner
  • Certified Compliance and Ethics Professional
  • BA in Finance, University of Oklahoma, Norman, OK
  • MPA, Drake University, Des Moines, IA
  • Association of Certified Fraud Examiners - Heartland Chapter, Board Member
  • Oklahoma University Price College of Business, Board Member


We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021