Why it is Crucial to Have a Company Risk Management Plan

It may appear impossible to escape: employee liability—and the often catastrophic consequences that it causes for firms and leading brands—is a seemingly constant presence in headline news across the country. As the regulatory environment remains uncertain, it is up to companies to take proactive steps to fortify themselves against risk.

Your Firm Isn’t Helpless in Preventing Liability: 3 Areas Where a Company Risk Management Plan is a Must-Have

Here are three key areas of vulnerability that your firm can’t afford to overlook when assessing a company risk management plan:

1. Evolving Regulatory Standards

From The Occupational Health and Safety Organization (OSHA) to the U.S. Equal Employment Opportunity Commission(EEOC), American regulatory bodies have instituted numerous changes in the required standards and parameters of workplace regulatory compliance during the past decade. Even as a new presidential administration passes its second year, the future of regulatory enforcement at the country’s top agencies are still anything but certain. That means your company should be prepared for changes in the number, complexity, and enforcement intensity of existing federal workplace laws, even if your firm is well-protected in the current environment.

Are you effectively managing your risk of workplace regulatory non-compliance?

Are you and your team up-to-date on current workplace regulations in the US? Here are some important regulatory guidelines that impact most American employers:

EEOC Resources: Current Rules and Standards

OSHA Resources: Current Rules and Standards

OSHA’s Top Ten Most Cited Violations

  1. Fall protection, construction (29 CFR 1926.501) [related OSHA Safety and Health Topics page]
  2. Hazard communication standard, general industry (29 CFR 1910.1200) [related OSHA Safety and Health Topics page]
  3. Scaffolding, general requirements, construction (29 CFR 1926.451) [related OSHA Safety and Health Topics page]
  4. Respiratory protection, general industry (29 CFR 1910.134) [related OSHA Safety and Health Topics page]
  5. Control of hazardous energy (lockout/tagout), general industry (29 CFR 1910.147) [related OSHA Safety and Health Topics page]
  6. Ladders, construction (29 CFR 1926.1053) [related OSHA Safety and Health Topics page]
  7. Powered industrial trucks, general industry (29 CFR 1910.178) [related OSHA Safety and Health Topics page]
  8. Machinery and Machine Guarding, general requirements (29 CFR 1910.212) [related OSHA Safety and Health Topics page]
  9. Fall Protection–Training Requirements (29 CFR 1926.503) [related OSHA Safety and Health Topics page]
  10. Electrical, wiring methods, components and equipment, general industry (29 CFR 1910.305) [related OSHA Safety and Health Topics page]

2. Employee Personal Liability

Employee risk is perhaps the most intensely researched and least understood aspects of a company risk management plan. While employees may be the source of much of a company’s security and financial risk, they may also account for additional risk factors in terms of provoking lawsuits based on individual employee behavior. A recent survey of entrepreneurs and C-suite executives revealed that as much as 47% of small to mid-sized businesses had experienced a significant data breach due to human error. In addition, businesses face ongoing internal legal risks regardless of the size of their staff. At present, American employers have just over a 1 in 10 chance of being sued by an employee: many of these lawsuits are due to the behavior of fellow employees in the workplace, such as alleged sexual harassment.

Is your business at a high risk for an employee lawsuit?

If your business is located in one of the following states, you may face a higher risk of an employee lawsuit.

  • Washington, D.C +65%
  • Nevada +47%
  • Alabama +41%
  • California +40%
  • Mississippi +39%
  • Delaware +35%
  • Illinois +34%
  • Arkansas +22%
  • Tennessee +20%

3. External Malicious Threats

While many employers struggle to enforce internal data security measures, external malicious threats are an ongoing challenge for 54% of American companies, even as the number of reported ransomware attacks has decreased this year. The decrease is not due to a safer industrial environment, say researchers, but rather because black hat operatives have changed their tactics and returned to more “traditional” methods of data theft such as phishing. A recent survey of 1,300 IT security professionals showed that 56% viewed phishing* attacks as their most significant security threat. And despite the fact that many firms have anti-viral software in place, about 92% of all malware is delivered through email, with more than 77% of data breaches being “fileless” or occurring when a recipient simply opens an email, for example. These attacks can be costly, with some estimates as high as $301 per employee. According to a 2018 study by IBM, it takes an average of 365 days to uncover a data breach—during which time costs and data lost will multiply.

*Phishing involves the theft of personal details such as banking or login information through the use of a falsified email address or similar means.

Are you covering the basics in your company risk management plan?

Even if you are currently in the process of developing your company risk management policy, there are several action items that you should be certain to check off your list right away:

  • Hold harmless agreements and make sure that your legal team has secured these important documents for every contractor and supplier along your supply chain.
  • Statements of financial responsibility (certificates of insurance) Be aware of the importance of these documents as well and be certain that each contractor is only operating under your company’s purview with current documents on file.
  • Codify management, safety, and employee behavior procedures and instructions From a management perspective, risk management education efforts will inevitably fail if your company’s policies aren’t detailed with exacting clarity and universally distributed to the entire staff.
  • Establish a document retention policy The old “paper trail” cliché is well known for a reason. Documenting key aspects of your business’s operations is an essential component of risk management.
  • Detail risk management roles clearly for staff and management Making certain that everyone has a clear understanding of their responsibilities is just as important as any other aspect of business operations quality assurance. Written, detailed role assignments and relevant risk management tasks are important components of a strong company security policy.

Create a Proactive Company Risk Management Plan: Education is Your First Line of Defense

The good news is that research has shown that internal and external risk can be limited through strong employee educational programming. According The Occupational Health and Safety Organization (OSHA), risk management education promotes employee safety and enhances worker productivity. Continuing employee education is considered by many company risk analysts as the best way to address human error, employee knowledge and competency gaps, and malicious behavior risks.

The creation of a simplified, user-experience focused employee education program shouldn’t monopolize company resources

Streamlined continuing education processes empower a successful risk management strategy. WestNet Learning empowers companies to safeguard their employees from risk through the creation of a customized learning experience.

WestNet Learning’s powerful LMS allows companies to develop a responsive risk management strategy that can adapt to changes in internal and external risk climates. The WestNet platform allows you to easily create a comprehensive risk management program that ensures your staff is up-to-date on current government and company regulatory compliance standards throughout their careers. WestNet’s proprietary software suite offers user-friendly, self-paced learning experiences and innovative user assessment components that promote knowledge retention and employee accountability.

It’s time to fight back against unacceptable risk.

WestNet Learning is an all-in-one, LMS solution to help growth and safety needs. Customized eCourses, analytics, reporting, and certifications help management & staff stay on top of what matters most.

If you’re looking for to strategize and improve your company risk management plan, schedule a 1-on-1 strategy session with WestNet today!