An intelligent way to approach risk management

By Derrick Van Mell, Gregory Monday

The pain and shock of the recession has made many family business owners wish they’d better assessed the risks they took in boom times. Too many business leaders accepted risk unnecessarily or without adequate compensation simply because they did not consciously address it.

A new way of thinking about risk will be particularly important as the economy recovers. Companies that had cut costs or deferred spending will be seeking to take on new debt or invest in hiring, facilities, equipment or business acquisitions—all decisions that entail risk. An approach we call “AS-IS” can help a business to manage risk more carefully and profitably.

Thinking about risk management

Family business leaders should actively assess risk management in three contexts:

1. Members of the company’s board of directors or advisers should require executives to report on risk management at regular board meetings. Larger boards may set up a committee to work with executives on risk management and give presentations to the full board or family council. The board should press the executives to make risk management a high priority.

2. The executive team should hold regular meetings to address risks. The team should be prepared at any time to report to the board the risks the business faces and how the executives are addressing them. All executives and managers should be trained to think about risk management in a manner consistent with the interests of the owners, as communicated by the board. Family business executives should understand the investors’ level of risk tolerance and make business decisions accordingly. People’s attitude toward risk changes over the years, and the founder’s risk tolerance might be very different from that of later-generation owners.

3. Whenever a large project or transaction is under consideration, the board and executives should confer specifically about those particular risks. This sounds obvious, but many high-profile business mistakes have been caused by a board’s failure to adequately understand the executives’ approach to risk management before approving a transaction. Keep in mind that declining to pursue a transaction may also entail risks that a board must understand and assess.

Six categories of risk

To use the AS-IS approach to risk management, begin by organizing your thoughts and discussions about risk into broad categories based on the core management disciplines:

• Business structure: Owner liability, governance mechanisms, acquisitions, facility projects and exit strategies.

• Marketing and sales: Promotions, existing and new products or services, existing and expanding territories. External demographic changes can create, increase or reduce market risks.

• Operations: How products or services are produced and delivered.

• Information: Communication technology, data storage and retrieval.

• Personnel: Hiring/firing, compensation, succession planning.

• Financial: Distribution of profits, capital contributions, debt and equity. External macroeconomic risk factors can include changes in international trade, inflation and interest rates.

Then systematically consider the risks under each category. For example, under the category of “Personnel,” the business may have risks that include loss of the CEO, employee injury, employee theft, health care costs and retirement plan liability.

In thinking about specific risks, remember that these management disciplines can be affected by external forces, including:

• Regulation: Industry-specific standards, labor laws and taxation.

• Technology: Developments or events affecting communications, data storage and retrieval, product production, and shipping and distribution.

• Management innovation: New business models.

• Acts of God: weather, accidents, terrorism, illnesses and war.

Levels of risk

When you have identified the various risks under each category, assess the probability and consequence for each risk. Risk managers of the family’s financial portfolio quantify probability and consequences in all manner of permutations, but simply coding each probability and each consequence as High, Medium or Low will be helpful. For example, the risk of losing an employee for a day because of a cold has a high probability—in fact, it is almost a certainty—but the consequence is low. In contrast, the probability that a lethal flu epidemic would decimate your workforce is low, but the consequence would be high. Risks that are rated as high probability/high consequence should receive the most immediate and aggressive attention.

The four ways to address risk

After you have identified each risk and assessed its probability and consequences, you can determine how to address it. This is where the “AS-IS” acronym applies. When thinking about how to address risk, consider four different options: Accept, Share, Insure or Shed. The best approach may involve a combination of options. The acronym is contradictory, in a way, because you should always be proactive about risk management and never take a literal “as is” approach.

Accept: You can accept a risk, but you should do so knowingly and make sure you are being fully compensated for it. For example, a new employee with little experience will be paid less than a new employee with a more complete résumé. The lower payroll cost compensates the business for the risk of hiring an unproven commodity. This is also why a lender will demand a higher interest rate for a riskier loan or a life insurance carrier will demand a higher premium for an older insured person. Notice that in each of these examples the compensation for risk is realized immediately, at least in part, through lower costs paid or higher prices received.

Share: You can share risk with another party. For example, when joint venture partners jointly and severally guarantee debt, they are sharing the risk of default. Even when one party indemnifies the other party against a particular risk, a form of risk sharing is involved because the indemnification is only as sound as the ability of the indemnifying party to make good on it.

Risk sharing should be a central focus of contract review when agreements are being negotiated. Many contract provisions that appear to be technical or mere boilerplate may significantly affect the allocation of risk among the parties. For each transaction or contractual relationship, understand how risk is allocated among the parties and assess each party’s ability to bear its share of the risk.

Insure: You can commercially insure against a risk, but you should use insurance intelligently. Understand the risks you are insuring and all the terms of the coverage you are purchasing. In particular, an insurance contract should not contain coverage the business does not need or exclusions that impair the effectiveness of the coverage when applied to the business’s unique circumstances.

Also, do not use insurance to patch over poor business practices. For example, consider how better hiring protocols, employee supervision and data controls may reduce the risk of employee theft, rather than just insuring over it.

Shed: You can “shed” some risk, often by improving or changing business operations. For example, to shed the risk that one of your delivery drivers might drive drunk, you could require breathalyzer tests before every trip. Or to mitigate the risks of injuries on the job, you could ask your insurers to provide a safety assessment.

With respect to a particular project or transaction, you can shed risk through contract provisions, such as a waiver of claims or liability, or by deciding not to proceed with the project or transaction. Note, however, that sometimes the project or transaction itself is necessary in order to shed risk, such as when a business purchases a key vendor to reduce the risk of supply shortages.

Bringing it all together

The AS-IS approach to risk management breaks down elements of the business and its operations that are necessarily interrelated. Any one risk may require a combination of accepting, sharing, insuring or shedding. Furthermore, sometimes the AS-IS options that are used can create or increase other risks or costs.

It takes courageous leadership to create a single table of all the risks you face, but the AS-IS approach provides a framework that enables family business directors and executives to analyze and discuss risk, and to make informed decisions.

Derrick Van Mell is principal of Van Mell Associates LLC in Madison, Wis., a firm that focuses on business and project planning ( Gregory Monday is a partner with Foley & Lardner LLP in Madison, Wis., and a member of the firm’s Transactional & Securities Practice. He also is an adjunct professor at the University of Wisconsin Law School, and co-chair of an American Bar Association subcommittee on Governance of Private and Family Controlled Companies (







Copyright 2012 by Family Business Magazine. This article may not be posted online or reproduced in any form, including photocopy, without permssion from the publisher. For reprint information, contact

Article categories: 
Print / Download
May/June 2012

Other Related Articles

  • Cybersecurity attacks target the wealthy

    Changes in technology over the past couple of decades have created untold opportunities. With terms like digital age, information age, wireless and connectivity, the era of computers combined with the...

  • Amping up structures to prepare for the future

    In the late 1980s, Charles A. Collat Sr. asked his four children if they knew what it meant to run a family business.“Being young and naive, we said, ‘Absolutely, we know what it means to run a fa...

  • Practical steps you can take to help your business survive COVID-19

    Conflict and disruption are woven deeply into the fabric of most family businesses. If there isn’t an external threat occupying the family’s attention, an internal one is ever present. Because of ...

  • Financial strategies to deploy in tough times

    Many economists believe the United States may already be in a recession, due to widespread business disruptions from the COVID-19 ­pandemic.Unemployment claims spiked to 6.64 million during the week ...