An intelligent way to approach risk management

By Derrick Van Mell, Gregory Monday

The pain and shock of the recession has made many family business owners wish they’d better assessed the risks they took in boom times. Too many business leaders accepted risk unnecessarily or without adequate compensation simply because they did not consciously address it.

A new way of thinking about risk will be particularly important as the economy recovers. Companies that had cut costs or deferred spending will be seeking to take on new debt or invest in hiring, facilities, equipment or business acquisitions—all decisions that entail risk. An approach we call “AS-IS” can help a business to manage risk more carefully and profitably.

Thinking about risk management

Family business leaders should actively assess risk management in three contexts:

1. Members of the company’s board of directors or advisers should require executives to report on risk management at regular board meetings. Larger boards may set up a committee to work with executives on risk management and give presentations to the full board or family council. The board should press the executives to make risk management a high priority.

2. The executive team should hold regular meetings to address risks. The team should be prepared at any time to report to the board the risks the business faces and how the executives are addressing them. All executives and managers should be trained to think about risk management in a manner consistent with the interests of the owners, as communicated by the board. Family business executives should understand the investors’ level of risk tolerance and make business decisions accordingly. People’s attitude toward risk changes over the years, and the founder’s risk tolerance might be very different from that of later-generation owners.

3. Whenever a large project or transaction is under consideration, the board and executives should confer specifically about those particular risks. This sounds obvious, but many high-profile business mistakes have been caused by a board’s failure to adequately understand the executives’ approach to risk management before approving a transaction. Keep in mind that declining to pursue a transaction may also entail risks that a board must understand and assess.

Six categories of risk

To use the AS-IS approach to risk management, begin by organizing your thoughts and discussions about risk into broad categories based on the core management disciplines:

• Business structure: Owner liability, governance mechanisms, acquisitions, facility projects and exit strategies.

• Marketing and sales: Promotions, existing and new products or services, existing and expanding territories. External demographic changes can create, increase or reduce market risks.

• Operations: How products or services are produced and delivered.

• Information: Communication technology, data storage and retrieval.

• Personnel: Hiring/firing, compensation, succession planning.

• Financial: Distribution of profits, capital contributions, debt and equity. External macroeconomic risk factors can include changes in international trade, inflation and interest rates.

Then systematically consider the risks under each category. For example, under the category of “Personnel,” the business may have risks that include loss of the CEO, employee injury, employee theft, health care costs and retirement plan liability.

In thinking about specific risks, remember that these management disciplines can be affected by external forces, including:

• Regulation: Industry-specific standards, labor laws and taxation.

• Technology: Developments or events affecting communications, data storage and retrieval, product production, and shipping and distribution.

• Management innovation: New business models.

• Acts of God: weather, accidents, terrorism, illnesses and war.

Levels of risk

When you have identified the various risks under each category, assess the probability and consequence for each risk. Risk managers of the family’s financial portfolio quantify probability and consequences in all manner of permutations, but simply coding each probability and each consequence as High, Medium or Low will be helpful. For example, the risk of losing an employee for a day because of a cold has a high probability—in fact, it is almost a certainty—but the consequence is low. In contrast, the probability that a lethal flu epidemic would decimate your workforce is low, but the consequence would be high. Risks that are rated as high probability/high consequence should receive the most immediate and aggressive attention.

The four ways to address risk

After you have identified each risk and assessed its probability and consequences, you can determine how to address it. This is where the “AS-IS” acronym applies. When thinking about how to address risk, consider four different options: Accept, Share, Insure or Shed. The best approach may involve a combination of options. The acronym is contradictory, in a way, because you should always be proactive about risk management and never take a literal “as is” approach.

Accept: You can accept a risk, but you should do so knowingly and make sure you are being fully compensated for it. For example, a new employee with little experience will be paid less than a new employee with a more complete résumé. The lower payroll cost compensates the business for the risk of hiring an unproven commodity. This is also why a lender will demand a higher interest rate for a riskier loan or a life insurance carrier will demand a higher premium for an older insured person. Notice that in each of these examples the compensation for risk is realized immediately, at least in part, through lower costs paid or higher prices received.

Share: You can share risk with another party. For example, when joint venture partners jointly and severally guarantee debt, they are sharing the risk of default. Even when one party indemnifies the other party against a particular risk, a form of risk sharing is involved because the indemnification is only as sound as the ability of the indemnifying party to make good on it.

Risk sharing should be a central focus of contract review when agreements are being negotiated. Many contract provisions that appear to be technical or mere boilerplate may significantly affect the allocation of risk among the parties. For each transaction or contractual relationship, understand how risk is allocated among the parties and assess each party’s ability to bear its share of the risk.

Insure: You can commercially insure against a risk, but you should use insurance intelligently. Understand the risks you are insuring and all the terms of the coverage you are purchasing. In particular, an insurance contract should not contain coverage the business does not need or exclusions that impair the effectiveness of the coverage when applied to the business’s unique circumstances.

Also, do not use insurance to patch over poor business practices. For example, consider how better hiring protocols, employee supervision and data controls may reduce the risk of employee theft, rather than just insuring over it.

Shed: You can “shed” some risk, often by improving or changing business operations. For example, to shed the risk that one of your delivery drivers might drive drunk, you could require breathalyzer tests before every trip. Or to mitigate the risks of injuries on the job, you could ask your insurers to provide a safety assessment.

With respect to a particular project or transaction, you can shed risk through contract provisions, such as a waiver of claims or liability, or by deciding not to proceed with the project or transaction. Note, however, that sometimes the project or transaction itself is necessary in order to shed risk, such as when a business purchases a key vendor to reduce the risk of supply shortages.

Bringing it all together

The AS-IS approach to risk management breaks down elements of the business and its operations that are necessarily interrelated. Any one risk may require a combination of accepting, sharing, insuring or shedding. Furthermore, sometimes the AS-IS options that are used can create or increase other risks or costs.

It takes courageous leadership to create a single table of all the risks you face, but the AS-IS approach provides a framework that enables family business directors and executives to analyze and discuss risk, and to make informed decisions.

Derrick Van Mell is principal of Van Mell Associates LLC in Madison, Wis., a firm that focuses on business and project planning ( Gregory Monday is a partner with Foley & Lardner LLP in Madison, Wis., and a member of the firm’s Transactional & Securities Practice. He also is an adjunct professor at the University of Wisconsin Law School, and co-chair of an American Bar Association subcommittee on Governance of Private and Family Controlled Companies (







Copyright 2012 by Family Business Magazine. This article may not be posted online or reproduced in any form, including photocopy, without permssion from the publisher. For reprint information, contact

Article categories: 
Print / Download
May/June 2012

Other Related Articles

  • Ensuring Your Trust Is Exactly as You Plan It — Through Generations

    A trust can serve as one of the most powerful and enduring instruments of your legacy.  Whether providing a financial safety-net for your family or supporting the philanthropic causes that matter...

  • Resolving the rising generation paradox

    Every generation has its defining moments, particularly for the youth who are coming of age. For the Silent Generation, it was the Great Depression and World War II. For Baby Boomers, it was the civil...

  • Yields are near 0%. Why should I own bonds?

    Since 1981, when the 10-year U.S. Treasury yield peaked at over 15%, investors have enjoyed the benefit of holding Treasury bonds in their portfolios. Longer-maturity Treasuries have been the perfect ...

  • Family-owned retail chain stays strong during pandemic

    Robert Matthews (Matt) Beall III’s promotion to CEO of Beall’s Inc., a retailer based in Bradenton, Fla., was announced in December 2019. Just three months later, the COVID-19 pandemic struck the ...