McElroy Risk Advisors

As the overall cost of insurance continues to be a major expense, it is extremely important for businesses to observe sound insurance and risk management practices. Too frequently errors in a policy’s coverage and premiums are not detected. Unfortunately, the average commercial insurance buyer is not sufficiently informed to be able to monitor this process and catch the errors.

 

The risk manager often feels limited in relying on the insurance carrier or the broker/ agent for the information needed to fulfill this charge. For instance, if an agent or broker lacks construction industry experience, or is unfamiliar with the risks and/or loss exposures associated with a specific class of business, it is difficult for an owner to obtain an optimal result.

 

Many insurance agents and brokers are generalists. Therefore, owners should be more proactive in selecting a qualified insurance or risk management professional that can recommend and structure a comprehensive risk management program that covers all of their risks and loss exposures. This will significantly reduce the potential of any coverage gaps or coverage duplications.

 

Do your homework.  Be sure that the firm you are relying on is a qualified, credible source that will provide your business unbiased data and guide you through the insurance audit.

 

Your insurance audit should begin with an evaluation of the effectiveness and extent of your current insurance programs with a review of the following areas:

• Protection afforded
• Adequacy of limits
• Cost competitiveness

 

Specifically, look for insurance coverage gaps, coverage duplications, as well as cost inefficiencies that are sometimes hidden within insurance policies.

 

In addition to analyzing your current insurance program, you may also elect to evaluate your insurance carrier and broker on the following aspects:

• Quality and effectiveness of service
• Cost fairness and fee/commission structure

 

Following an analysis, request a report of the findings, conclusions and actionable recommendations.  Some firms may also be available to guide you through the next steps – the request for proposal (RFP) and broker selection process.

 

Have a pro carefully study your operation to see what’s acceptable and what’s not

Portland Business Journal – October 27, 2006 by Sean Meyers Special to the Business Journal

 

Should your business conduct a formal risk assessment?

 

 

In its simplest form, a business risk assessment is committing to paper what has already swirled around in your head for years. “Every business has a different risk profile. You should always ask yourself, ‘What keeps me up at night?’ What’s the worst exposure to loss that we have, and would it cripple the business if it happened?” says Scott McElroy of McElroy Risk Advisors in Portland.

 

A risk assessment means different things to different officers of the company. A chief financial officer, especially in a company with any outside investors, must constantly analyze threats to operating cash flow. As attractive as return rates on some riskier investments might seem, the CFO’s job is to keep the patient breathing at all costs.

 

The firm’s information technology officer looks at threats to the company’s data. Should a backup server be purchased? How strong is the firewall? Where best to spend the department’s limited funding? What’s the plan in the event of a catastrophic loss of data? Will the company be sued if there is a gross defect in software sold to the public?

 

The human resources manager works to prevent the possibility of an employee-driven lawsuit regarding unfair labor practices. The safety officer prevents lawsuits by minimizing the risk of bodily injury to employees or clients.

 

But what’s really driving the business risk assessment industry in the United States today are product and quality control managers and their relationship to the insurance industry, says McElroy. Insurance companies are understandably tired of paying out claims for customers who were killed or injured using a poorly made product, and they’re refusing to insure companies that don’t adequately address potential risks to the public.

 

So it’s no coincidence that when you set about to get a business risk assessment for your company, you’ll find that many of those assessors — we hope you’re sitting down for this one — also sell insurance that will help offset that risk.

 

That can be a problem on two levels, says McElroy.

 

“There are a lot of great insurance agents out there who will give you good advice on managing risk. But they often are compensated by commission, and that commission generally increases in proportion to increases in the premium. When you ask an agent how much insurance you’re going to need to offset a certain risk, of course they’re going to give you a higher number.”

 

Second, insurance isn’t the answer to all risk. Some risk cannot be assumed. Given the precarious nature of entrepreneurship in the United States, it’s safe to say that the average business owner is not only comfortable in the cold arms of risk, but has, at various times through the early stages of the company, put on a lampshade and partied with risk all night long.

 

The only person who can adequately define insurable risk verses uninsurable risk is the business owner.

 

Most small companies don’t survive a catastrophic event such as a fire or a flood even when they have insurance, McElroy points out.

 

“If your IT manager isn’t backing up the company’s data every week, insurance money isn’t going to get you up and running again when the system crashes.”

 

An alternative to adding insurance might be to subcontract portions of your workload out to other companies, or sharing risk directly with a supplier or distributor through a contract, or getting an IT manager that actually backs up data when they’re supposed to, says McElroy.

 

Another option is to assume all the possible consequences of a certain risk.

 

The insurance company has, after all, assessed the risk of insuring your risk, and has every intention of receiving more in premiums than it will pay out in claims.

 

McElroy is an independent risk consultant, which means he gets paid by the client, not by an insurer.

 

There are only a handful of companies in the United States doing exactly what he does, McElroy believes.

 

He typically works with companies with 50 to 500 employees and from $10 million to $100 million in sales.

 

McElroy conducts on-site inspections of the business and meets with key players across all divisions of the company. “Risk management is enterprise-wide.”

 

A substantial portion of what he does is to audit insurance policies.

 

“I find a lot of holes in insurance policies,” he says. “Companies sometimes trade dollars with the insurance broker foolishly.”

 

For example, a lot of companies keep a low deductible on outdated equipment they’ve paid off and have no intention of ever making a small claim on, he says.

 

Whether your company conducts its own risk assessment or seeks an outside consultant, don’t make the mistake of shelving it after the process is completed, advises McElroy.

 

“People think, ‘Great, I’ve done this. Now I can move on to the next thing.’ But risk assessment is an ongoing process, and you need to keep updating your plan so that it’s current if you ever need

it.”