Risk & Business Magazine Jones DesLauriers Insurance Magazine F2017/W2018 | Page 28
THE RISK AUDIT
BY: DINA GODINHO
PARTNER, ACCOUNT EXECUTIVE,
JONES DESLAURIERS INSURANCE
The Risk Audit:
A 60-Minute Conversation You Can’t Afford to Skip
N
o one relishes the idea of
pulling back the curtain
on his or her business to
discover what disasters
may be lurking, ready to
compromise future livelihoods. There
is, however, a new tool—the Risk
Audit—that aims to identify risks that
are unique to your business, establishes
a plan to address these risks, and
ultimately helps you sleep at night.
The Risk Audit is a quick but thorough
process that focuses on identifying
exposures to your business, assessing
your ability to mitigate those exposures,
and developing a plan to mitigate the
risks. The ultimate goal of the Risk Audit
is to lower your total cost of risk (TCOR)
and maximize the effectiveness of the
money your company spends to mitigate
risk, either through an insurance product
or transferring the risk to others.
28
THE AUDIT
The initial step involves a 60-minute
meeting between a senior executive of
your company who understands all facets
of your operation and a risk management
consultant who focuses specifically on
your business segment. The consultant
will visit your office and spend the
necessary time going through your
specific concerns and emerging areas of
risks that the consultant has witnessed
trending in your industry. As part of
the initial meeting, the consultant will
complete a pre-audit questionnaire that
is specific to your business. While the
audit questionnaire is unique to each
client, some areas of discussion are
common to all industries:
• Cybersecurity
• Employee theft and dishonesty
• Human Resources and employment
practices and issues
• Business continuity
• Supply-chain exposures
• Workplace violence
• Some of the more traditional exposures
normally addressed through a
comprehensive insurance program
SCORING
During the initial audit process, each
risk is identified and scored based on its
potential impact on your business. The
risks are then assessed based on your
operation’s current state of preparedness
to address these exposures.
Example: A financial institution
may score a 10 (the highest possible
business impact) on compromising
client information (cyber exposures)
and a five on preparedness due to a
large investment in state-of-the-art