Business operations are exposed to different types of risks because of uncertainty. Successful business management must ensure proper safeguard and cover against such potential risks. Some risks may be small and hamper the business operations for some time. Other risks may be very big and may destroy the company or change its course forever. Typically, a company may face several types of risks. With the increasing complexity in the business world and globalization, the types and severity of risks keeps changing.
Some of the potential risks to a business are:
i. Physical damage due to any natural or man-made calamity
ii. Loss of key people
iii. Employee fraud
iv. Economy fluctuations (rate changes, market crashes etc.)
v. Financial risks (bad debts, loss of material, sudden tax or penal liabilities etc.)
vi. Technology changes
vii. Legal risks (Some liability arising out of lawsuits, infringements, violations etc.)
viii. Risks arising out of business communication
ix. Financial risk
A company must prepare and implement a comprehensive framework to identify, assess, monitor, mitigate and reduce the impact of various risks which may threaten it.
For each type of risk, a suitable approach must be adopted to minimize the risk. Periodically, this must be reviewed and corrective actions must be taken.
Way # 1. Insurance:
Calamity can strike any time. To safeguard against any unexpected and undesirable disaster, the company should take precautions to cover all its assets through proper insurance.
Proper insurance cover can minimize the risk to a great extent.
Today, a variety of insurance products are available to cover almost all types of risks a business may face.
All the physical assets, stocks, cash or goods in transit must be covered through proper insurance against fire, natural calamities, loss, theft etc.
The business leaders or key persons in the business must be covered by an appropriate insurance policy.
The employees, who travel frequently for work, should be provided accident insurance.
Those traveling out of the country, should be covered by a suitable overseas travel insurance policy to take care of medical and other emergencies, while on foreign tour.
If the company policy and budget allows, all or selected employees of the company should be given health (or medi-claim) insurance. This is a very good motivation for employees, increasing their loyalty towards the company. Some companies also include the employees and some or all of their family members in such health insurances.
There are many group insurance policy schemes which should be checked for this purpose.
In recent times, the need for cyber liability insurance policy is increasing due to the proliferation of commercial and business activities on the Internet. We must explore the risks involved and take the necessary policy cover, if required.
Insurance companies regularly come out with many innovative schemes for companies. An experienced and knowledgeable insurance advisor should be consulted to find out the most suitable insurance products for the company.
All the conditions related to the insurance policy must be understood and complied with to ensure proper assessment and claim in case of such a need.
All the documents related to various insurance policies must be maintained properly.
A person should be assigned the responsibility to keep track of various due dates for premiums, renewals, paper work etc. to ensure proper continuity of the insurance policies.
Top management must review insurance status report regularly.
Way # 2. Succession Planning:
The potential life span of an organization is larger than an individual. People don’t remain static at one company. They move. They leave one job and go to another company. The movement may be due to changes in their life stages, relocating to another city or country, family circumstances, health reasons, career priorities or any other reason. When an employee leaves a company, it creates a gap. If the employee is responsible for some highly critical function of the company, her departure may threaten to disrupt the regular operations of the company.
Safeguarding against such possibilities must be given proper thought and attention. Every company has to accept the inevitability of employee movement and must equip itself so that it can continue its operations seamlessly without any significant disruption. For this purpose, succession planning for every important function or role in the company must be put in place.
Duplication of critical human resources is the best way to mitigate risk and ensure smooth operational continuity. We must identify all the critical functions within the company, which can’t be left dependent on a single individual. Every employee engaged in such critical functions in the company must have a backup in another employee. That person must be prepared in such a way that she can fill up the gap created by the outgoing employee easily and immediately.
We must make the creation of backup for every important employee compulsory. HR department must ensure that there is always a backup available for every critical function. We may have to spare resources and allow time for such backup creation.
Also, to minimize the risk of losing knowledge, information and experience gathered by the outgoing employee, we must make our systems and processes such that they are less dependent on individuals. The processes must be designed in such a way that all the important product, account, customer, vendors, market etc. related information gets automatically stored in a system which is always accessible to the company under all circumstances.
The business owners and leaders must also ensure the smooth transition of ownership and control of the company to the next in command and must prepare the ground well in advance. The company must not be left leaderless in any unexpected situations. More details about leadership succession planning in family owned businesses.
Way # 3. Important Documents, Paperwork:
The business requires different types of documents, papers, agreements, certificates, licenses etc. All the documents related to the business and its owners must be kept at a known place. The original documents must be kept at a safe (preferably a fireproof safe) place.
At least two sets of photo copies must be kept at two different locations, outside of the company premises. This will ensure at least a partial recovery, when the originals are lost due to any reason. Get all the important documents scanned and make their digital copies available easily. This can be useful in sending the documents quickly online or by email etc.
Also, get the digital copies stored somewhere on the Internet cloud storage. Educate every person who should know about this and also about how to retrieve documents from such storage. Some of these documents may need regular renewal or some other type of re-authentication. Assign somebody the responsibility to take care of all the matters related to the documents and their remaining up-to-date.
Original copies of some of the documents which must be maintained properly are:
1) Agreements of all the premises owned/leased/rented by the company or its owners
2) Share certificates of such premises
3) Income Tax Numbers/PAN cards, Passports, Voters Cards and other Identification proofs of the business owners and leaders.
4) Different types of municipal licenses and registration certificates
5) Taxation related documents
6) Export/Import related licenses and certificates
7) Credit/Debit cards and their PIN documents
8) Digital signature cards, USB sticks or other documents
9) Power of Attorney and other deeds, contracts etc. related to the company, its business leaders or owners.
10) Software licenses, upgrades, certificates in print or digital format.
We should add to the above list as per the importance of various documents in our business. The business leaders must regularly review all important documents, their renewals, modifications etc.
Way # 4. Passwords:
These days, a lot of business activities are done with the help of Internet or some other form of digital technology. For conducting transactions through such an online or automatic mode, some type of password or authorization code is used. These passwords or codes must be properly managed.
The company must assign the responsibility of giving access to these passwords to some trusted representatives.
Regular updating and monitoring of the password related transactions must be conducted by the business leaders.
In case of banks, there may be two or three levels of passwords available. Some allow only viewing of bank transaction statements; others allow making online payments with limited or full authority. Here, viewing-only passwords can be given to those who only need to track the transactions. The transaction passwords must be given to the seniors.
Many web sites for e-filing of various tax returns, documents require creation of usernames. Ideally, all such usernames must be linked to a single email ID. When you forget the password or you wish to change it, this email will be useful. The password of such key email ID must be known to the business leaders or somebody always accessible to them.
The PIN numbers of credit or debit cards must be updated periodically and must be known to the selected persons. The limits of risk exposures for such credit or debit cards must be ensured.
Way # 5. Backup and Upgrading of Data:
With information technology becoming an important part of day-to-day business operations, the safety and security of business data assumes increasing importance.
The company must ensure that all the data being generated by it is safely recorded, stored and backed up regularly.
This may include all critical data like accounting and other business transactions, sales leads, reports, databases, emails etc.
At least two copies of such data must be kept outside of any computer (e.g. on external hard disks, pen drives, tapes, CD/DVDs etc.)
At least one copy of critical data must be kept outside of the company premises, to safeguard against some sudden physical damage or loss. It is compulsory for all banks, financial institutions etc. to make sure that their data is stored at some remote but safe and secure multiple locations. The backed up data must be regularly checked for proper restoration.
It must be ensured that this business data is updated for its accuracy and integrity. Some persons in the company must be intimately thorough with the critical data management of the company. These persons must also be technically competent to handle the data management requirements.
With ever-changing software and hardware technologies, all data must be always kept updated such that it is in the format usable in the latest software-hardware tools used by the company. Whenever data migrations or conversions may be required for smooth and uninterrupted operations they must be implemented properly.
Way # 6. Intellectual Property Rights (IPR) Protection:
In business, it is not only physical or tangible assets which need protection. A lot of intangible assets also must be safeguarded, because if some of company’s vital secrets are known to others and are used by them, it may very severely affect the business adversely. The brand names, designs, unique business processes etc. are parts of the intellectual property of a company which must be protected such that they cannot be used by others without proper permission and consent.
Intellectual Property Rights (IPR) protection is assuming more and more importance in today’s knowledge-based and globalized business environment. The company must try to extract maximum value from its IPR and prevent its unauthorized use by others.
Following are the various ways IPR are protected:
Any literary or artistic work, software, music etc. should be protected through copyright. It protects us against any unauthorized copying, duplication, resell, distribution etc. of our work.
If you have a unique brand, a logo or a slogan which identifies your business, it eventually gets associated with the identity of your business. No one else should be able to copy it. The purpose of trade mark protection is to stop other businesses imitating us and confusing the customers by keeping a trademark similar to ours.
A trademark is generally classified as a word-mark or a logo. Our brand names, taglines, slogans, must be registered under trademarks as word-marks. If our logos or symbols are unique and we wish to protect them, too, to avoid copying, then they must be registered under trademarks as logos.
Generally, as soon as our application is submitted to trademark authorities, we can write TM next to our brand name. Registered mark (R) can be used when the trademark registration is granted to us. It is advisable to search for the availability of a trademark before we choose it as our brand name. Also, we should register it before starting its widespread use. Preserve the proof of use of the trademark with dates to prove our right over it.
iii. Industrial Designs:
Every physical design or external appearance of a product which is our unique creation can be registered under Industrial Designs in India. Check for the corresponding registration options in other countries, through a competent IPR attorney or advisor. This can prevent others from making a copy of our products through identical designs.
If we develop any unique processes, methods or inventions which are novel, non-obvious and useful, they can be protected as patents. Others can be prevented from using the same. If others wish to use the same patented method, they can do the same by obtaining authorization rights from us by paying us royalty for the same.
Remember the Following for IPR Protection:
i. The registration of various types of IPR is not compulsory, but it is advisable to avoid future problems.
ii. All types of IPR registrations are valid for certain number of years. They must be renewed periodically. Regular review of the IPR status will ensure this.
iii. We must display the IPR ownership (TM, Copyright, Patent etc.) in all our external communications to safeguard the same.
iv. We should keep all our IPR records updated. All the relevant documents must be kept in easily accessible way somewhere. Assign the responsibility related to keeping the IPR records and updating the same to someone in the company.
v. The IPR can be applied for national or multinational protection with varying conditions and restrictions.
vi. Take the help of a good Intellectual Property lawyer or advisor to help you in the IPR protection process.
Way # 7. Business Communication:
A company interacts with a lot of outside agencies and individuals. There is a lot of communication coming into and going out from a company on a regular basis. Irresponsible communication by any of our employees may pose a big risk to the revenue or reputation of the company. The responsibility of each such communication done on behalf of the company by an employee rests with the company.
The company must take steps to ensure that every communication coming into the company is attended and responded properly and responsibly. Sometimes, ignoring a communication or delaying a response to it may prove to be expensive, e.g. some notice, a legal document or some complaint. Every outgoing communication, particularly in written form, must be regulated. An irresponsible communication by any of our employee may cause a lot of problems for us.
The company must draft standard communication formats for regular business communication. E.g. Quotation, request for quotation, sales letter, response to a customer query or complaint, interview intimation, offer letter, appointment letter, employee experience certificate etc. are some examples of regular business communication. Everybody who sends out regular communication must follow these draft formats.
Ignorance or immaturity of our employees should not be allowed to affect our company’s business communication adversely. We must train our people for this purpose. The company must get the formats of all the outgoing documents checked by some expert before adopting them as the standard formats.
Agreements, contracts, quotations, invoices, guarantee letters, certificates, offer letters, appointment letters, responses to customer complaints etc. need to be checked before they are allowed to be sent.
There is a practice of adding a disclaimer at the bottom of the emails going out from a company. We must adopt a similar safeguard, as per our needs. In current times, any content published on social media on behalf of our company or on our web site must also be watched to avoid any controversy or avoidable disputes. We must get this content curated by somebody competent and responsible for the same.