M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
Small Business New Year’s Resolution: When Was Your Last Risk Assessment?

Small Business New Year’s Resolution: When Was Your Last Risk Assessment?

Overview of how to conduct an annual risk assessment for a small IT business.

Thursday, January 9, 2014/Categories: insurance-requirements

You may be wondering, what is a risk assessment? That’s good. It means you’re actively trying to reduce the risks that threaten your business.

A risk assessment is a comprehensive overview of the environmental, contractual, financial, and professional risks a small business faces.

That's a mouthful. Let's break it down.

At least twice a year, you should reexamine the past, present, and future risks you're exposed to. A good way to do that is by asking yourself the following questions (though probably not out loud, because people might start worrying about you)…

  • What are you doing to prevent accidents in the workplace?
  • Have your risks changed over the last six months?
  • Has your business changed or expanded in such a way that you need different insurance coverage and risk management strategies?
  • Do you need to improve customer relations or make changes to the way you communicate with clients?
  • Looking ahead, are there important changes on the horizon you should be prepared for?
  • Does your E and O Insurance cover your current and future liabilities?

Those are some pretty big questions, and obviously, you can't see into the future. While you may not know what risks are over the horizon, you can take some steps to minimize your risks, regardless of what the future holds.

IT Risk Management: How to Perform a Risk Assessment

Every risk assessment is different, because each business has different risks. If you're an IT consultant who runs a one-person business from home, you face different risks than a computer repair tech who rents an office space and employs a half dozen workers.

That said, each risk assessment should include a combination of the following…

  • Environmental safety inspection. Inspect your office for hazards (e.g., loose cords, bad wiring, non-ergonomic office furniture, etc.). Check to see if your smoke detectors, carbon monoxide detectors, and fire extinguishers are all in working order. Is the fire exit door accessible? For more information about workplace hazards, you can read OSHA's small business handbook.
  • Emergency planning. Depending on where your business is located, your office could be vulnerable to floods, hurricanes, or other emergency weather situations. Have a plan in place for evacuating, closing the office early, and contacting employees about closures.
  • Client education efforts. How confident are you that clients are using software securely? A study by Symantec found that two-thirds of data breaches are caused by human error and systems problems like mishandling of data, improper settings, and failure to follow government guidelines.
  • Data breach response guide. Read our comprehensive guide to writing a data breach response plan. Your plan should include information about your legal requirements for contacting customers, state data breach laws, and an outline of the important steps you need to take after a data leak.
  • Insurance review. Business insurance isn't like car insurance. While you might have the same car for ten years and roughly the same auto insurance, your business might change significantly over the course of six months. Your small business insurance needs to change as you hire new more people, move offices, work with new clients, buy new equipment, introduce new services, and generally expand. If you're unsure about whether you need to adjust your policies, talk with your insurance agent.
  • Financial risks. Are there times when cash flow is tight? Remember that accepting large, long-term projects is actually a risk (as well as a reward). While you're working on a large project, you often can't work on others. If you're only paid in a lump sum at the end of the project, your business could be short of cash in the interim. Consider setting milestones in your large contracts and having clients pay you for reaching these.

Whether it's reviewing your E&O policy or rescheduling vendor payments to improve cash flow, the adjustments you make after a risk assessment can potentially save your business a huge amount of hassle and money.

For a more thorough analysis of IT risk management strategies, download our eBook "Protection for Tech Pros," which offers tips on independent contractor liabilities, how to manage those liabilities with contracts, and other useful advice.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader