5 Risk Management Moves Every CEO Should Make

Being a CEO means that you have to have a vision for this company, a vision that should be positive and successful that has the company growing. Unfortunately, some CEOs want to focus on the positives so much, they forget to realize that every company faces the threat of going under. It’s important to be optimistic about your business, especially in front of potential investors or your board of directors, but to your inner circle, it’s healthy to worry and care about some of your weaknesses. Not every business can easily bounce back from a million dollar lawsuit and changes in the economy can threaten businesses that thrived for years; look at the recession in the late 2000s or how minimum wage hikes on the west coast have affected local businesses. The most important thing a CEO can do is to predict the unpredictable and to prepare for the worst. Every billion dollar corporation got to be the way it is today by persevering through rough waters and coming out stronger on the other side.

1. Build Your Managing Team 

The first step any CEO should make when figuring out risk management is who should be on his/her team. When a situation or crisis occurs, the response team should be small and efficient, filled with trust-worthy people committed to the company. By creating a close-knit group, you’re keeping decisions down to a few people who know what they’re doing while keeping too many cooks out of the kitchen. A trust-worthy vice president, a long-time partner, and PR director are examples of people you want on your team. Even outside help, like a lawyer or retired former colleague can be brought in to share their experience, respectfully. Another choice would be to add a Risk Management-specific team member. Universities, including the University of Iowa and the University of Minnesota, have started adding “Risk Management” as a major, while others, like the University of Nebraska, have groups in their College of Business dedicated to risk Management. Having an employee completely dedicated to risk management means that there should be minimal surprises. After forming your team, make sure to hold regular meetings (either quarterly, monthly, or weekly; depending on your company and team) to lay the groundwork in case of crises. These meetings should include finding risks the company is susceptible to and “mock crises” to see how the team works together should the situation arise. 

2. Make a Risk Chart for you Company 

All risks are not created equal, and the severity and probability of each risk should determine how much time and energy you should spend on each possibility. Every possible risk a company faces can be put into a chart like the one below:


Low Probability

High Probability

Minor Severity

  Block 1

 Block 2

Major Severity

  Block 3

 Block 4

  • Risks in Block 1 are usually not worth worrying about, as they’re usually seen as forgivable accidents, like a routine shipment running late or the flu keeping a few workers at home for a couple days.
  • Risks in Block 2 are the little bothersome things that can be fixed with preparedness, like extra supplies and giving ample time for projects, or a simple change in routine, like backing up data regularly or checking the stock room daily.
  • Risks in Block 3 can potentially hurt a company, but more often than not, having adequate insurance protects from out of the ordinary issues.  For CEOs, the underused Directors & Officers Insurance can protect yourself and upper management from faults of employees.
  • Risks in Block 4 contain the real risks to your company, including market fluctuation, financial and legal barriers, and general “company killers”. These are the issues that risk management teams spend 90% of their time on, and for good reason. Because they can do the most damage to the business.

3. Target the "Company Killers"

Each CEO runs a different business, so different factors could be scarier or more overwhelming to different CEOs. By running through a list of questions, it is easy to see where your business is safe, and where it could falter.

  • Are we financially strapped for cash or consistently in the red?
  • Is our client base growing, stagnant, or shrinking?
  • Is our industry overcrowded or over saturated?
  • Do we need to change the way we do business?
  • Are we up to date technologically?
  • Are we susceptible to any major lawsuits?
  • Are we susceptible to any hacking or theft?
  • Do we have adequate counsel or retainer?
  • Do we have adequate insurance?
  • Is our company under threat of closing in the next 3 months?

By asking these questions, you can eliminate potential risks, while focusing on the ones most important to you and your company. But while the market and competitors can be unpredictable, the most crucial and least predictable element to any business are your employees. The old saying that “You’re only as strong as your weakest link” is very true.

4. Increase Every Employee's Risk IQ

Employees might not be aware of how much trust a company puts on them, so while a CEO needs to be able to pick the right people, he or she needs to have faith in them to protect the company while teaching them how to do it. Running regular meetings on information security and computer usage can limit cyber-attacks on personal data, especially at a time when BYOD (Bring Your Own Device) policies are more popular than ever. Investing in malware and encryption for BYOD employees show how invested you are in them while protecting your information. With cyber-attacks increasingly becoming a problem, making sure that your employees know how to handle themselves online can keep unpredictable problems from occurring. Having strict HR policies and enforcing them in the workplace limits inter-company lawsuits and creates a healthier work environment. Any resistance to policies like these might show an employee’s true colors and might give you reason to rethink their place at the company. Finally, providing quarterly updates on potential risks shows transparency and can alert employees about what they should be paying attention to. 

5. Start Now

If you’re starting a new risk management policy now, or severely updating your current policy, it might take some time to see results. Unfortunately in the business world, a crisis won’t stop because you aren’t ready, and staying ahead of the risks is the best way to beat them when they come. Your employees might need a little time adjusting to new policies and communication between risk management team members who are new to the job can be rough at the start. Finding the right insurance for your company and right counsel can also take some time to make sure you’re not paying for insufficient coverage on either end. Starting now means starting your new risk management culture that hopefully filters throughout the company; the goal of this culture is for employees and management alike to have a conversation about potential problems in a safe and secure environment with everyone looking out for the company so that the CEO is never surprised. Managing a successful company means that rough patches will come, but these rough patches separate the pretenders from the real deal; make sure you’re up for the challenge.

For assistance in assessing the risks facing your business or to create a risk management plan, please contact the Goosmann Law Firm at info@goosmannlaw.com or call (712) 226-4000.


Subscribe Our Blog

Posts by Topic

DISCLAIMER: The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. By visiting this website, blog, or post you understand that there is no attorney client relationship between you and the Goosmann Law Firm attorneys and website publisher. No information contained in this post should be construed as legal advice from Goosmann Law Firm, PLC, or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.