Risk Management. We hear that phrase in our operations daily. However, what does it really mean? And how do we set up a process to ensure that we are managing risk to the most efficient level? Turns out that mom was smarter than we gave her credit for, and some of the common- sense life lessons she imparted way back when can inadvertently apply now to our business’s risk management program.
Seem odd? Managing risk starts with four basic methods: avoid the risk; accept the risk; control the risk; and transfer the risk to another party. Let’s see if we can take what we learned from mom and apply it to those areas of risk management.
Mom’s adage: “If you can’t say something nice, don’t say anything at all.”
Sometimes business is about boiling complexities down to the simple things we learned as children. Just as mom taught us, sometimes it is better to not engage in an activity at all. We must ask ourselves: What is the benefit/upside of the activity? What is the cost/downside of the activity? Does the benefit outweigh the cost? This is an analysis each organization should go through whenever adding a new activity or risk to its operations.
However, successful as it can be, avoidance is often an impractical approach in this industry. Every day you engage in activities that inherently have risk associated with them. In order to completely eliminate the risk, your organization would have to shut down.
Still, avoidance can be a useful tactic in this industry. I recently saw a marketing firm attempting to boost sales by installing an “arcade” game integrated with a zip line. You would simply hang objects from tree limbs surrounding the line. Once zipping, you would try to hit as many objects as possible with a “wand” in your hand. The software would recognize how many objects were struck, giving you a score and creating competition for the high score throughout the zip tour.
Let’s think about the potential consequences: participant slowing down intentionally to yield more points; not paying attention to braking; increased tension on line due to sudden movements in different directions; the list goes on. This is a prime example of when to use avoidance and reject a potential activity for your operation.
Mom’s adage: “If you can’t afford it, don’t touch it.”
My mom was an antiques fan. Every time we visited a store, mom would caution, “Now Cameron, if you can’t afford it, don’t touch it.” I was told to not take my hands out of my pockets. This did not avoid the risk completely, but it was a largely successful strategy.
Controlling the risk involves taking steps to reduce the frequency and/or severity of injury. Control is the most important risk management technique for the aerial adventure park and zip line industry. Here are some of the most common control measures:
• Training for employees. Ninety-five percent of injuries are due to guide error or improper training. This is the most overlooked method of risk control. I recommend hiring a third party every year for training. Professional athletes hire trainers and coaches to be a consultant and third eye for them. If a professional athlete can benefit from a third party, your organization can benefit from one as well.
• Background checks on employees. How can you defend a sexual abuse claim when the plaintiff attorney finds out the accused employee is on the National Sex Offender Registry?
• Cross check waivers with IDs. How can you defend your organization in a claim when the injured participant did not sign the correct name? In this case, you do not have their waiver, which means the injured participant did not waive their right to sue.
• Signage. Post signage with rules of participation at many visible points throughout your course and check-in building. Once posted, take a couple of time-stamped photos of each sign. Take a close-up photo (to show what it says) and wide-angle photo (to show placement). Put these photos in a safe place away from the premises, or store them in the “cloud.” This would provide a defense mechanism in court to prove visible signs were in place to inform participants of age, weight, and other restrictions.
• Weigh all participants. Plaintiff attorneys like the argument, “You are the professional in this industry; the injured person did not know how imperative it was to weigh under 250 pounds.” Let’s make this argument moot.
• Inspections. This is your annual physical for the course. Many human diseases can be detected and treated properly before they turn severe through a simple visit to the doctor and a physical. The same is true for your course.
• Safety committee. Every organization should have a safety committee. The members should be an equal balance of employees, assistant managers, and executives. Each of these three levels of the organization sees different risks. This committee should meet at least once every two weeks.
• Access prevention. Make sure participants are not allowed to enter designated areas without being properly clipped in (climbing ladders to towers, climbing walls, etc.). Kids have a tendency to try to climb on structures even if they are told not to. A good control mechanism is to have a painted yellow line over which participants are told not to cross until properly clipped in. Also a good idea: a sign that states the same.
Mom’s adage: “Only drive as fast as you can afford.”
As a teenager, I believed that driving time was wasted time. That led to more than one speeding ticket, and mom’s adage above.
In your business, there is a tolerable level of risk acceptance—rope burns and slips/falls, for example. You and your insurance advisor may decide that your company can withstand a $25,000 loss during the year for any incident. Therefore, you “accept” this level of loss through a deductible, and get a reduction in insurance premiums. You may decide that you have properly controlled the risks for employee theft. Therefore, you decide not to transfer this risk through insurance, and accept this risk.
There are two types of acceptance: voluntary and involuntary. Voluntarily accepting a risk is when you select to intentionally take a deductible or to self-insure employee theft. Involuntarily accepting a risk is when your organization finds out after a loss/claim that the claim is not covered. Involuntarily accepting a risk is something that your organization never wants to have happen. It is essentially an unplanned expense that has no limit. Take time to identify all your risk exposures to avoid surprises like this. (More on this below.)
Mom’s adage: “Don’t put all your eggs in one basket.”
This lesson is one that many of us have learned the hard way. Whether it comes to risk, investments, or life in general, it is always a good idea to diversify.
The key goal with a risk management plan is to reduce the total cost of risk. One way to accomplish this is to shift your organization’s risk to a third party. While insurance may be coming to mind right now, insurance should be the last way of transferring risk—it’s the most costly solution. Instead, consider the following as candidates for transfer:
• Builders. Having an ACCT Professional Vendor Member do your construction/maintenance pushes out the liability for design error, construction error, etc., to another party. This reduces your total risk within your organization.
• Trainers/Inspectors. Having a third party conduct your staff trainings and inspections pushes out the liability for training staff on proper mechanics and also the liability that arises from assuring the course is in acceptable working condition.
• Participants. Transfer liability to the participant by using a legally sound waiver. There are a couple of things to note regarding waivers: 1) Make sure a “legal guardian” is signing the waiver. Only a court can grant legal guardianship to a person. When Johnny is with his friend’s family, they cannot sign the waiver in place of Johnny’s parents; and 2) Make sure you are not collecting personal identifiable information or medical information that would make you subject to HIPPA laws or data breach laws.
• Insurance. When you can’t control the risk completely, can’t avoid it, it is above your comfortable level of acceptance, and you can’t transfer it through any of the above ways, you should then transfer the risk through insurance.
CALL TO ACTION
How do you put mom’s lessons into action within your organization? First, organize a formal meeting with your management staff. Second, create a
list of all the risks in your organization. Think outside the box; don’t just think about property loss, liability, etc. What about regulation changes? What happens when a key employee leaves your operation or suddenly dies? Computer systems crash? Data/security breach? Embezzlement? Reputational risk? Lease being terminated? Fire destroying waivers?
Typically risks fall into four categories:
• Hazard Risks. These arise from
property, liability, or personal loss exposure, and are generally related to the subject of insurance.
• Operational Risks. These arise from people or a failure in processes, systems, or controls, including those involving information technology.
• Financial Risks. These arise from the effect of market forces on financial assets or liabilities, and include market risk, credit risk, liquidity risk, and price risk.
• Strategic Risks. These stem from economic and societal trends, including changes in the economic, political, and competitive environments, as well as from demographic shifts.
As you compile your list of risks, keep these four categories discussed in mind. Write down all operational risks, strategic risks, financial risks, and hazard risks that are a threat to your organization. Then decide how you are going to deal with them—avoidance, control, transfer, or acceptance. Often, you will use a combination of techniques to mitigate the risk. It’s worthwhile to take the time and effort to do this because ultimately it will pay dividends.
The real benefit in this exercise is identifying the risks in the first place. Don’t be surprised if you find you lack a planned management technique for more than 50 percent of the risks you have listed. Just don’t leave it that way.
Cameron Annas, CIC, of Granite Insurance, provides risk management advice and insurance solutions to the aerial adventure park and zip line industries. Granite is a part of Keystone Insurers Group, one of the largest insurance agency organizations in the United States.