Boardroom Risk Management 101 for Construction Companies
All large building companies will undoubtedly have a board meeting agenda standing item for health & safety. Aside from the very good reason that ensuring the safety of workers is the primary responsibility of every business, failing to do so can subject directors to significant penalties under the Health & Safety At Work Act.
The same is not true of other areas of risk however, so they may take a lower priority among directors, despite having the potential to significantly affect the operation of the company. And yet one of the most critical responsibilities for any board of directors is to anticipate and manage potential risk to the business.
For this reason we advocate for a broader “Business Risk” standing agenda item, under which health & safety would sit alongside a number of other areas of risk. These may be reviewed at different frequencies throughout the year but should nevertheless be considered and addressed on a regular basis.
At a high level consider these topics:
Future Outlook Planning
Evaluate and plan for the economic, cultural, social, technological, environmental, legal and political/regulatory trends that may affect the ongoing performance of the business over the next 5-10 years.
Frequency: Annual
Asset Valuation
This is not just an accounting exercise as it can have a material effect on the sums insured in the event of an insurance claim.
Frequency: Annual (in times of high inflation it may be prudent to do this biannually)
Hazard Identification
This might be where you have a sub-heading for health & safety (or you might choose to keep it as a high priority with its own item). Other items that sit within this section can include:
- natural hazards associated with particular locations your business is operating within
- workforce risks (eg. availability of trained staff)
- reliance on any particular suppliers or products that may affect your operation if they fail
The outcome of the hazard identification process is a risk register, quantifying all possible risks by their likelihood and severity, with mitigation strategies applied to each. This work will feed into your business continuity planning.
Frequency: Conducted annually, reviewed quarterly
Business Continuity Planning
Having a business continuity policy is an important board level responsibility for large companies (and frankly any sized business – with the plan & report scalable to suit). Alongside the policy should sit a plan that consolidates all critical business information enabling operations to continue, or restart quickly, after suffering a disaster. This would include:
- emergency response
- security (eg. protecting people from hazardous locations, preventing unauthorised entry)
- damage assessment
- crisis management & victim support
- recovery teams and roles
- critical time periods
- alternative recovery sites
- IT recovery – systems configuration & network diagrams
- insurance schedules & policies
- evacuation plans
- emergency communication methods
Frequency: Annual
Cyber Threats
While this might also fall under Hazard Identification, as an emerging and significant risk to businesses, it merits its own topic. Particularly with the startling rise of artificial intelligence and its potential use in identity fraud. Artificial intelligence can now mimic people’s voices and faces, putting at risk biometric security features such as face and voice recognition. The increasing sophistication of hackers and the range of threats, from social engineering and phishing to ransomware as well as simple misuse by employees means businesses must consider and respond to cyber threats in the same way as they would mitigate physical threats such as storm, fire and burglary.
Frequency: Quarterly (due to the rapidly evolving nature of the threat)
In Summary
A prudent board of directors should be regularly assessing risk across more than just health and safety. A good insurance broker should provide much more than simply renewing your cover each year. As a professional risk adviser they can support clients to identify, manage and mitigate risk right across their business, with insurance just one strand of a good risk management programme.