Risk Management Summary PDF

Introduction to risk management What is risk? Risk can lead to losses, but can also lead to gain. 2 main elements: 1) Probability/ Uncertainty 2) Concequenses Some definitions of risk: - International Organization for Standardization (ISO) = “Effect of uncertainty on objectives; an effect is a deviation from the expected – positive or negative.” - Oxford English Dictionary (OED) = “Exposure to the possibility of loss, injury, or other adverse or unwelcome circumstance; a chance or situation involving such a possibility.” - Cambridge Advanced Learner’s Dictionary = “The possibility of something bad happening.” Uncertainty: - An uncertain event which may (or may not) happen in the future. - Its likelihood or probability can only be estimated. - May prevent or delay the achievement of an organization’s objectives or goals. Hazard or threat: - An uncertain event with a negative outcome or threat to the organization - Managing risk in this context means using management techniques to reduce the probability or impact of the negative event. - So-called ‘downside risk’ in investment context Opportunity: - So-called ‘upside risk’ - Risk can be seen as a source of opportunity to business, uncertain event with a positive outcome. - E.g., asset or investment will increase in value beyond expectations. Key components of risk: Probability or Impact/effect or Uncertain consequences likelihood of (future) event future itself (on objectives, uncertainty on results) Types of risks: dynamic vs. static risks - Dynamic or speculative risks: ⇒ Risks brought about by changes in the economy; two-dimensional: can lead to gains or losses. ⇒ Dynamic risks are un-insurable. ⇒ Very common in business undertakings and implies a deliberate choice or action. ⇒ E.g., start-up, investments, gambling, market risk, … - Static of pure risks: ⇒ A risk where there is only the possibility of a loss, or you maintain a status quo. ⇒ Static risks are ‘insurable’. ⇒ Undesired –> caused by irregular action, mistakes by human or disastrous acts of nature. ⇒ E.g., fire, theft, earthquake, liability … Risk categories or risk universe: External Financial Strategic ICT-Cyber Operational Reputation Compliance External risk = a risk that is fully beyond control, external cause to the organization - The insurance industry defines external risk as the risk of disasters that are beyond the control of a policy holder such as earthquakes, wildfires, floods and pandemics. - Impact or consequences can be very important for the organization! - How can an organization cope with (some) external risks? ⇒ Timely, pro-actively monitoring of organization’s environment (e.g., trends, economy, …) ⇒ Long term policy, incl. contingency plans (i.e., BCP, DRP) ⇒ Increase risk awareness culture within the organization. Strategic risk = risk that an organization’s strategy becomes less effective and its business struggles to achieve its objectives - It could be due to technological changes, a powerful new competitor entering the market, shifts in customer demand, increases in the cost of raw materials, a major change in macro-economic parameters, - Illustrations: Operational risk = these risks result from failed or inappropriate policies, procedures, systems or activities, causes can be technical or human, e.g. - Failure of a system - Poor quality of services delivered - Lack of appropriate planning - Health & Safety risks - Staff skill levels - No process to track contractual commitments - How to manage? 🡪 Good understanding and command of business processes Compliance and legal risk = risks when not complying with all the necessary laws, regulations, contracts, and agreements that apply to the organization - Environment (3M) - Safety and health at work - Food safety (Federaal Agentschap Veiligheid Voedselketen) - GDPR (General Data Protection Regulation) - Licenses and permits (e.g. FSMA for financial services) - How to manage? ⇒ Know-your-business! Seek advice from (external) experts. ⇒ Liability insurance to protect to some extent of compliance exposure. Reputation risk = risk that organization engages in activities that could threaten it’s (good) name, image, and reputation - Illustrations: - How to manage? Tough to control; key is to responds appropriately to the negative events or publicity and to communicate in a transparent way (cfr. crisis communication) ICT and cybercrime risk = all risks related to the use of ICT, data security and network security - It is a specific type of operational risk, with increased importance in today’s organizations ⇒ Data protection ⇒ Privacy ⇒ IT-fraud ⇒ Phishing ⇒ Industrial spionage ⇒ Hacking ⇒ Cyber attack Financial risk = relating to the financial operations of an entity and includes many sub- categories. More relevant for financial institutions, but certainly not exclusively - Credit risk = a loss may occur from the failure of another party to perform according to the terms of a contract (cfr. counterparty risk) - Currency risk = the value of a financial instrument could fluctuate due to changes in foreign exchange rates (market risk) - Interest rate risk = interest rate changes could affect financial results. - Liquidity (or funding risk) = an entity may encounter difficulty in realizing assets or otherwise raising funds to meet financial commitments. What is risk management? = “Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.” Key concepts of risk management: Risk Risk Risk appetite culture governance Definitions of risk appetite: - “Risk appetite is the amount or level of risk that a firm is prepared (willing) to accept, to tolerate, or to be exposed to when conducting its business activities” - “Amount and type of risk that an organization is prepared to pursue, retain or take” - Importance of risk appetite 🡪 a thought risk appetite framework and statement will drive the level of measures and controls to put in place for risk mitigation. - How to ‘grasp’ risk appetite? Acceptable balance between growth, risk, and return Levels of risk appetite: Risk averse Risk taker Risk cautious Generic approach of risk management: Risk measurement = “Risk measurement (also risk quantification) is a broad term denoting any activity aiming to quantify (produce numerical measures) risks to an organization. The risks in scope for measurement are normally thought to have been isolated in the risk identification process that logical precedes risk measurement.” How to measure and quantify risk? Probability Impact Risk Risk management allows prioritization: Very high M M H H H High L M M H H Moderate L L M M H o b P a r Low L L L M H Very low L L L L M Very low Low Moderate High Very high Impact Risk management allows quantification: Very high 5 5 10 15 20 25 High 4 4 8 12 16 20 Moderate 3 3 6 9 12 15 o b P a r Low 2 2 4 6 8 10 Very low 1 1 2 3 4 5 Very low 1 Low 2 Moderate 3 High 4 Very high 5 Impact Risk response: how to deal with risk? How to perform a risk analysis? What is a risk analysis? - “A risk analysis is a method in which specified risks are quantified by determining the probability that a threat will occur and its consequences: risk = probability x consequence. The risk analysis is the first step in the risk management process." - In a risk analysis, risks are identified, described, and mapped. For each risk, the probability of its occurrence is determined, and the impact or consequence is calculated if a risk actually occurs. - Based on the risk analysis, a company can decide which measures should be taken (= risk response) in accordance with its risk appetite 4P’s of risk analysis Can be used as a tool, both for step 2 and for step 3 - Process: risks of individual or combination of business processes: production process, sales process, purchasing process, logistic process,... - Product: risks related to products and services - Project: project risks with respect to time and budget overruns, and/or incorrect delivery - programme = set of (sub)projects Position: risks that may affect the image and/or market position Stakeholders risk analysis While performing a risk analysis, it involves different parties or people in the company, also known as stakeholder. Who that is specific to your chosen SME depends very much on the situation, the size, etc... It is useful to already have a clear view of the people or stakeholders involved for your SME during the intake interview. How to perform a risk analysis in 6 steps? Step 1: Prepare Goal: in this step you collect available information, conduct an intake interview with the SME, make agreements with your teammates. In short, you prepare the intake interview, also in function of the next steps Output: useful information and relevant documentation about SMEs to get started with your risk analysis; a concrete (team) planning for the next steps, clear agreements with the team. Report intake interview. 🡪 QUICKSCAN SME - upload in Canvas – see assignment for instructions. Tips: think of what information you want to collect, what questions you want to ask. Keep track of your sources. Create a questionnaire and checklist. Guidelines: 1) Collecting information about your SME Which sector, industry – business activities Which products/services Financial figures Number of employees Who are the customers (B2C, B2B, B2B2C, B2G, combinations,...); who are the competitors?... 2) Sources: annual reports, annual accounts, website SME, website professional federation, media, keywords on the internet, intake interview,... 3) Intake interview: what questions to ask? Need to know vs. nice to know. 4) Sufficient insight into the company is necessary for a good risk analysis. Step 2: Determine risk policy Goal: describe the existing risk policy or formulate the risk policy if non-existent. This is the general line within the company for dealing with risks. Central to the risk policy is the risk appetite of the company and its management/owners. Output: risk attitude SME, risk policy with objectives, risk strategy to achieve these objectives. Tips: - The risk policy is part of the general policy of the company, therefore it must always start from mission, vision and the business plan for this step you can start from the 4 focus areas: the 4P’s will help you in determining the objectives per P; in formulating the risk appetite or risk attitude per P = which risks are acceptable, and which are no? How to map risk apatite or risk attitude? - Process: has the company taken measures with respect to its business processes to reduce potential risks? E.g. measures to reduce theft, accidents, debt management, … Product: what risks does the company have by offering the product or service? What measures has it taken against this? - Position: what measures has the company taken to protect its market position and its image/reputation? - Project: what measures has the company taken to prevent time and budget overruns in projects? How is the collaboration between different internal services? How is the relationship/collaboration with service provides (SLAs?)? Is there a policy of outsourcing? Examples of risk objectives: - Process: the maximum turnover of one customer does not exceed 5% of the total turnover in a year - Product: the number of recall actions in e.g. children's toys are a maximum of one every ten years. A recall action is the recall of products due to a serious incident. - Position: the market share may decrease by a maximum of 5% per year in segment X or Y Project: the maximum allowed budget overrun of project Z is 10% of the initial budget (=baseline) - Tip: sometimes it can be challenging to formulate risk objectives (SMART) before identifying and analyzing the risks. Therefore, remember to review step 2 after you have worked out steps 3 and 4. Step 3: Identify the (relevant) risks. Goal: get an accurate and complete picture of the relevant risks of the company: which risks are present and known, what are the causes, what measures are already being taken. What other risks do you see or think of? How?: Make use of all kinds of tools depending on the specifics of your SME, there is no general method in identifying risks. What input? QuickScan; 4 P’s; internal and external sources of information; company visit (e.g. cleanliness, fire extinguishers, dangerous conditions, access and exits,...); conversations/interviews; brainstorming in your team;... You can also use various techniques: mind mapping, error tree analysis and fishbone diagram. Intermediate check: make an interim report during step 3 to check relevance with your SME. Output: inventory of the identified risks in a risk list; forms the basis for a risk register per risk. Create a risk register for each risk, which you will extend with the output from steps 4 and 5 (see further slides) Risk list: # Risk description Cause Risk owner Existing measures Customer steals Customer has the Store 1 Gates goods ability to steal Manager Engaging recruitment 2 Insufficient staff Tight labour market HR Manager agency Business premises 3 Arson, careless work Management Insurance burn down Late payment 4 Too low liquidity Management None customer 5 … … … …. Error is issue tree analysis: - An error tree analysis examines in depth, but not quantitatively, what can go wrong with a product, service, process or even project. It helps to de-compose complex issues, errors, or risks. - The error tree visually maps out what can go wrong with the product, by asking the question: "Why is this, what is the cause of this?". In this way, an (inverted) tree is obtained, which shows the (underlying) causes downwards. - E.g. what the causes (and risks) can be in the case of a bicycle that does not brake Fishbone diagram Ishikawa: - Developed by Kaoru Ishikawa, who found through his work at Kawasaki that a large number of factors can potentially influence a process. - Problems are the result of one or more causes. By detecting and removing the causes, problems can be solved, and risks of problems can be identified. - Especially useful for production processes where multiple factors play a role: people, process/method, machine, material. Step 4: Analyze the risks Goal: risks are further analyzed on the basis of the risk list from step 3. The end goal of this step is to determine the ranking and priority of the risks. This is the most 'risk-technical' step, involving calculations and estimates, after which it will become clear which risk are the ‘largest'. How?: There are different methods, we chose the quantitative and qualitative method. The biggest challenge will be the determination of the probability of a risk, have this checked/challenged by your SME. Sometimes there are risk/damage statistics at industry level. Intermediate check: make an interim report during step 4 to check relevance with your SME. Output: risk score or risk amounts table; updated risk register; risk matrix or risk heatmap Tips: it is recommended to return to step 2 after steps 3 and 4, in which the risks were identified and analyzed, to review the risk objectives and possibly adjust them. 1) Quantitative method: ⇒ Risk amounts: de onderlinge vergelijking van risico’s in geldbedragen per jaar 🡪 risk amounts table ⇒ Risk factors: de onderlinge vergelijking van risico’s gaat met behulp van kansklassen, gevolgklassen en risicofactoren 🡪 risk score table 2) Qualitative method: ⇒ Some risks are difficult to measure and are very difficult to express in numbers or amounts, a qualitative assessment (H-M-L) is a good alternative 🡪 risk heatmap. How to prioritize risks? 2 fundamental questions (cf. risk = probability x impact) 1) What is the probability that a risk will occur and lead to damage? 2) How large/important can the damage be? Determine probability classes: - Provides the degree/class of expected probability of an uncertain future event. Class In % Description Probability 1 10% Less than or 1 time every 10 Very unlikely years 2 30% 1 per 5-10 years Unlikely 3 50% 1 per 2-5 years Somewhat likely 4 70% 1 per 1-2 years Likely 5 90% 1 or more per year Very likely - Provides the maximum impact (= damage/consequence) if the risk occurs Class In % Description impact score 1 < 1.000€ Very low impact on … 2 1.000€ < impact < 2.500€ Low impact on … 3 2.500€ < impact < 10.000€ Medium impact on … 4 10.000€ < impact < 50.000€ High impact on … 5 > 50.000€ Very high impact on … Example risk amounts table: Risk Probability in % (Based Probabilit Impact in EUR Risk €/year on statistics) y Fire 1 on 1000 companies = 0,001 500.000 500 0,1% Break-in 1 time in 5 years = 20% 0,2 10.000 2.000 Computer crash 1 time in 5 years = 20% 0,2 20.000 4.000 Shoplifting 1% 0,01 1.000.000 10.000 Unpaid invoices 2% 0,02 1.000.000 = 20.000 1.000 * 1.000 Example risk score table: Risk Cause Relationshi Risk owner Probabilit Impact Risk Measures p risk/ goals y score score scor taken e Customer Custome Reduction in Store 5 3 15 Camera steals r is able profit manager surveillance goods to steal entrance gates Insufficien Tight Reduction HRM 5 1 5 Engaging t staff labour of quality of manager recruitment available market service agency Business Arson, Business Managemen 1 4 4 Insurance fire premises careless continuity at t extinguishers burn down work risk alarm system … … … … … … … … Examples risk matrix: - Probability score and consequence score can be displayed in a risk matrix. - At the top right are the very serious risks with a high probability and a large consequence/impact, while at the bottom left are the lowest risks. - Also called risk heatmap. Or RAG matrix (Red-Amber-Green) Step 5: Articulate measures Goal: determining and articulating the appropriate measures to make risks 'acceptable'. Appropriate measure = effective and efficient Categories of risk responses can be used to come up with specific measures. 1) Avoid: no longer carry out certain activities, avoid associated risk 2) Reduce e.g. limiting risks through internal control, increased controls, etc. 3) Transfer outsourcing activity or taking out insurance 4) Accept: no measures to be taken. Output: Articulation and adding of the measures in the risk register = different data entries per risk such as description, cause, risk owner and the measures taken or to be taken Action plan, who will implement which measure, timeline for the measure, cost, etc. (see next slide) Example risk register 🡪 Examples of measures: - Credit limit on each debtor (~financial) - Multiple suppliers to ensure continuity of supply (~purchasing process) - Reminder procedures to follow up on customer invoice collection (~sales process) - Segregation of duties to prevent fraud (~position-risk; reputation) - Preventive yearly maintenance of machines (~operational risk; process risk) - Firewall as protection attacks hackers (~operational risk) - Business interruption insurance (~operational risk) - Liability insurance - Etc… Step 6: Write the report. Goal: processing all collected information from the previous steps into a coherent and fluently readable report Output: cfr. document “Guidelines and structure risk analysis” on Canvas. Don't forget to integrate the content of your QuickScan into your final report. - Steps 1 & 2: descriptive (cfr. QuickScan) - Steps 3 & 4: investigative/analytical: inventory and analysis - Step 5: solution-oriented – recommending measures Corporate insurances (for SME’s) What is insurance? - “Coverage by contract whereby one party undertakes to indemnify or guarantee another against loss by a specified contingency or peril.” - Insurance is a contract between 2 parties, represented by a policy, in which an individual or entity receives financial protection or reimbursement against losses from an insurance company. - Key elements of an insurance contract: premium, policy limit, deductible ⇒ A policy's premium is its price, expressed as a monthly or yearly cost. The premium is determined by the insurance company based on risk profile, creditworthiness, … ⇒ Policy limit is the maximum amount an insurer will pay for a covered loss. Typically, higher limits mean higher premium. ⇒ The deductible is a specific amount the policyholder must pay out-of-pocket before the insurer pays a claim. Transfer of risks = insurance: - “A transfer of risk is a business agreement in which one party pays another to take responsibility for mitigating specific losses that may or may not occur.” - Insuring a risk is one of the possible measures to consider for specific identified and analyzed risks to further investigate in step 5 of your risk analysis. - Risks may be transferred from individuals to insurance companies, or from insurers to reinsurers. Not all risks are insurable: - Dynamic or speculative risks: ⇒ Risks brought about by changes in the economy; two-dimensional: can lead to gains or losses. ⇒ Dynamic risks are un-insurable. ⇒ Very common in business undertakings and implies a deliberate choice or action. ⇒ E.g. start-up, investments, gambling, market risk, … - Static or pure risks: ⇒ A risk where there is only the possibility of a loss, or you maintain a status quo. ⇒ Static risks are ‘insurable.’ ⇒ Undesired –> caused by irregular action, mistakes by human or disastrous acts of nature. ⇒ E.g. fire, theft, earthquake, liability … Considerations of insurer and insured: - Insurance firms or insurers do not ‘accept’ all risks, only risks that are calculable and risks that fit into the insurer’s portfolio. ⇒ E.g. small regional insurers will not be able & willing to insure large potential damages. - Key considerations for the insured: 1) Do we need an insurance? E.g. Law firm will not need a ‘legal assistance’ insurance. 2) When we need an insurance, which coverage, and policy limit? Refers to the (maximum) policy amount and the scope of what is and what is not insured. 3) Instead of paying for an insurance, perhaps we could increase the mitigation or preventive measures in order to reduce the risk to an acceptable level (cfr. Risk appetite) Aansprakelijkheidsverzekering Wetgeving Contractuele aansprakelijkheid: “iedereen die een overeenkomst aangaat, is gehouden tot naleving van de verplichtingen die zijn opgenomen in deze overeenkomst” – van toepassing tussen contracterende partijen. In geval van niet-naleving of tekortkoming 🡪 schadevergoeding mogelijk Extra-contractuele aansprakelijkheid: “iedereen die schade lijdt, heeft de mogelijkheid om deze schade te verhalen op de aansprakelijke partij” – 3 zaken dienen te worden aangetoond: fout-schade-oorzakelijk verband tussen fout en schade (art. 1382 BW – onrechtmatige daad) - “Elke daad van de mens, waardoor aan een ander schade wordt veroorzaakt, verplicht degene door wiens schuld de schade is ontstaan, deze te vergoeden” Strafrechtelijke aansprakelijkheid: “iedereen die een strafrechtelijke inbreuk pleegt kan strafrechtelijk aansprakelijk worden gesteld” – hierbij is geen schade vereist, eventuele benadeelden kunnen zich burgerlijke partij stellen om schadevergoeding te bekomen Case wetgeving 1 Samuel & Sofia hebben samen een webdesign onderneming opgericht en hebben hun eerste klant te pakken dankzij de sales pitch van Samuel. Samen bezoeken ze de klant, een kledingzaak, voor een tussentijdse bespreking. De eigenaar biedt hen iets te drinken aan. In zijn commercieel enthousiasme stoot Samuel zijn koffie om, recht op de nieuwe kassa van de zaak waardoor deze onbruikbaar wordt (kostprijs 3.500 euro). De eigenaar claimt deze schade op basis van: 1) Contractuele aansprakelijkheid 2) Extra-contractuele aansprakelijkheid 3) Strafrechtelijke aansprakelijkheid 4) Combinatie van bovenstaande 5) Geen van bovenstaande Case wetgeving 2 Al bij al, nog geen man overboord. Er wordt met de klant formeel overeengekomen om de website binnen de maand online te hebben. Sofia, die de websites maakt, heeft echter nog snel een last-minute reisje geboekt met haar papa, waardoor de ontwikkeling vertraging oploopt en dus niet tijdig kan opgeleverd worden. Hier kan er sprake zijn van: 1) Contractuele aansprakelijkheid 2) Extra-contractuele aansprakelijkheid 3) Strafrechtelijke aansprakelijkheid 4) Combinatie van bovenstaande 5) Geen van bovenstaande Case wetgeving 3 Samuel krijgt de kans om bij de NV WebMasters, een jong en succesvol bedrijf gespecialiseerd in webdesign, als freelance sales director aan de slag te gaan voor enkele maanden. Als freelancer heeft hij onbeperkt toegang tot gevoelige bedrijfsinformatie en Samuel beslist het klantenbestand te kopiëren. Handig om later nieuwe prospecten te benaderen, denkt hij. Na verloop van tijd en wanneer Samuel er niet meer werkt, ontvangt de zaakvoerder enkele reacties van klanten dat ze benaderd zijn door Samuel. Waarna de zaakvoerder ontdekt dat zijn klantenbestand werd gekopieerd. Welke aansprakelijkheid kan hier ingeroepen worden? 1) Contractuele aansprakelijkheid 2) Extra-contractuele aansprakelijkheid 3) Strafrechtelijke aansprakelijkheid 4) Combinatie van 1 & 2 5) Geen van bovenstaande Welke? BA – uitbating / Tegen lichamelijke of stoffelijke schade veroorzaakt door BA – exploitatie daden van ondernemer of personeel tegenover derden tijdens het uitoefenen van beroepsactiviteiten. Extra- contractuele aansprakelijkheid. Belangrijk: correcte omschrijving beroepsactiviteiten in polis. BA – management / Als u tijdens uw mandaat als bestuurder fouten begaat, kan BA – bestuurder u hoofdelijk aansprakelijk worden gesteld. Bij een schadeclaim of proces kan uw privévermogen in gevaar komen, deze verzekering beschermt privé-vermogen. Zowel kleine als grote ondernemingen. Professionele Deze verzekering richt zich vooral tot zelfstandigen (vrije BA-verzekering of beroeps- beroepen als artsen, architecten, advocaten), kmo’s, grote aansprakelijkheid ondernemingen die hoofdzakelijk intellectuele activiteiten uitoefenen. Ze beschermt intellectuele dienstverleners tegen gevolgen van daden/dienstverlening waardoor derden fysieke of stoffelijke schade kunnen lijden. BA – toevertrouwde Hiermee dekt u eventuele schade aan u toevertrouwde goederen goederen voor nazicht, onderhoud of herstelling. Vb. Voertuig in herstelling bij garage; reparatie laptop, smartphone e.d. BA – na levering of Niet het product zelf (geen garantieverzekering). Deze productaansprakelijkheid verzekering is bedoeld om u te beschermen tegen de gevolgschade of schadeclaims van derden na levering producten of uitgevoerde werken. Vb. voedselvergiftiging; waterschade door slechte interventie loodgieter; garagist sluit motorkap van wagen slecht af en deze vliegt tijdens het rijden open BA – objectieve Deze wettelijk verplichte verzekering beschermt aansprakelijkheid exploitanten van instellingen/gebouwen en publiek toegankelijke gelegenheden als o.a. culturele centra, stations, sportcomplexen en verzorgingscentra bij brand en ontploffing. Zowel lichamelijke als stoffelijke schade. Controle door gemeente. Af te sluiten door exploitant, niet per sé eigenaar Case 1 Ilyas opent een pop-up store en hangt zelf een nieuwe lichtreclame aan zijn gevel. Een uur later valt die er weer af op het hoofd van een toevallige voorbijganger. Het slachtoffer spreekt Ilyas aan en eist de medische kosten terug. Vraag 1: welke aansprakelijkheid komt hier in het gedrang? 🡪 extra-contractuele aansprakelijkheid Vraag 2: welke verzekering had Ilyas kunnen afsluiten zodat hij niet zelf voor deze kosten dient op te draaien? 🡪 BA-uitbating Case 2 Noah is loodgieter en installeert een nieuwe verwamingsketel bij de bvba Colora. De brander geraakt echter oververhit waardoor er brand ontstaat. Hierdoor dient het bedrijf te worden geëvacueerd, worden voorraden en afgewerkte producten onherstelbaar beschadigd door het bluswater en kunnen de werknemers een hele dag geen productie draaien. Onderzoek wijst uit dat een slechte afstelling van de verwarmingsketel aan de oorzaak ligt van de oververhitting. Vraag 1: kan Noah aansprakelijk gesteld worden? 🡪 ja Vraag 2: had Noah zich hiervoor kunnen verzekeren? Zo ja, welke verzekering? 🡪 BA-na levering of productaansprakelijkheid Case 3 Sara heeft een schildersbedrijf en heeft een opdracht om een winkelruimte (=cliënt) te schilderen. Sara vertrouwt deze opdracht toe aan Maria, een stagiare. Maria gebruikt echter de verkeerde kleur verf waardoor de cliënt niet wenst te betalen. Er zal dus niets anders opzitten om het werk te herdoen met de juiste verf. De kosten lopen voor Sara echter hoog op; zij dient niet alleen nieuwe verf aan te kopen maar ook extra uurloon te betalen aan haar werknemer, aangezien Maria haar stage ondertussen is beëindigd. Vraag: zal één van deze verzekeringen tussenkomen? 1) BA uitbating 2) BA na levering 3) BA toevertrouwde goederen 4) Geen van bovenstaande Case 3 bis Idem case 3 maar variant: het werk wordt wel correct uitgevoerd. Echter, Maria schermt de houten vloer echter niet goed af waardoor er onherstelbare schade ontstaat (kostprijs 7.500 euro). De klant claimt deze schade. Vraag 1: wie kan aansprakelijk worden gesteld? Sara of Maria? 🡪 Sara is aansprakelijk want ze is de eigenaar (bedrijf is aansprakelijk) Vraag 2: zal één van deze verzekeringen tussenkomen? 1) BA uitbating 2) BA na levering 3) BA toevertrouwde goederen Case 4 Laura heeft een trendy foodbar in het hartje van Antwerpen. Bij het betreden van haar foodbar schuift een klant uit en komt zwaar ten val. Het slachtoffer dient te worden opgenomen in het hospitaal en zal enkele maanden arbeidsonbekwaam zijn. Zowel de medische kosten als de gederfde arbeidsinkomsten worden bij Laura geclaimd. Vraag: is Laura aansprakelijk? 1) scenario 1: regenachtige dag 🡪 Laura niet aansprakelijk 2) scenario 2: droge dag en vloer net gedweild 🡪 Laura wel aansprakelijk Brandverzekering (onderdeel patrimoniumverzekering) Beschermt de het gebouw en de bezittingen van de onderneming tegen brand en enkele andere standaardwaarborgen voor eenvoudige risico’s 1) Brand 2) Waterschade 3) Storm, hagel, sneeuw, ijsdruk 4) Natuurrampen 5) Glasbreuk 6) BA gebouw 7) Diefstal (optioneel in patrimonium, zeker aanbevolen) 8) Machinebreuk (optioneel in patrimonium, zeker aanbevolen) 9) Bedrijfsschade (optioneel in patrimonium, zeker aanbevolen) Aandachtspunt: eigenaar vs. huurder van een gebouw 🡪 andere polis Aandachtspunten bij screening 1) Wat is precies verzekerd? Wat niet? 2) Voor welk bedrag verzekerd? ⇒ Evenredigheidsregel: wat? ⇒ Gebouw vs. inhoud 3) Eigenaar of huurder 4) Vrijstelling of hoogte franchise 5) Juiste beroepsactiviteit verzekerd? 6) Preventiemaatregelen a) Algemene of wettelijk bepaalde maatregelen (cfr. algemene voorwaarden) b) Specifiek: brandblustoestellen, jaarlijks onderhoud risico-toestellen, jaarlijkse inspectie elekrische installatie, e.d.m. Arbeidsongevallenverzekering - Elke onderneming (of organisatie) met personeel is wettelijk verplicht deze polis af te sluiten - Bij een ongeval (=plotse gebeurtenis) op de werkvloer of op weg van of naar het werk zijn de medische kosten gedekt en een vergoeding voor tijdelijke werkonbekwaamheid gedekt, indien het geval - Hoogte van de premies in functie van de activiteit 🡪 hoe risicovoller de activiteit, hoe hoger de premie - Bij overlijden van een werknemer wordt aan de nabestaanden de uitvaartonkosten en een ‘rente’ betaald Rechtsbijstandverzekering - Juridische bijstand (door de verzekeraar) om de rechten en belangen van de onderneming te doen gelden bij geschillen over exploitatie, goederen of beroepsactiviteiten. Aanbeveling is om aparte onafhankelijke rechtsbijstand te nemen, niet geïntegreerd in andere polis (vb. brand). Waarom? - Enkele voorbeelden van geschillen: ⇒ Terugvordering schade door fout van derde ⇒ Geschil met werknemer, fiscus ⇒ Slechte afhandeling schadegeval ⇒ Betwisting kwaliteit geleverde producten leverancier ⇒ Klant weigert factuur te betalen ⇒ Verkeersovertredingen ⇒... Overige bedrijfsverzekeringen: selectie - Verzekering gewaarborgd inkomen of arbeidsongeschiktheids-verzekering: inkomensgarantie in geval ziekte of ongeval. Kan voor een bepaalde beperkte periode of tot aan de pensioenleeftijd - Kredietverzekering: ondernemingen die exporteren kunnen laten bepalen welk kredietrisico eventueel te dekken (per transactie/debiteur/omzetbedrag) om het risico van wanbetaling te beperken als klanten betalingsuitstel krijgen - Hospitalisatieverzekering KMO: aanvullende hospitalisatieverzekering voor medewerkers ter terugbetaling van de kosten ten gevolge van een hospitalisatie naar aanleiding van een ongeval, ziekte of bevalling. Diverse ‘formules’ mogelijk: nationaal vs. internationaal; met of zonder vrijstelling; minimum aantal dagen; enz. How to audit/ analyze insurances? 1) In step 5: determine which risks from step 4 require/need insurance? 2) Collect the current insurance policies and check the coverages. 3) Analyze and assess, preferably together with your contact person if any changes should be made to the current insurance policies to align with the findings in the risk analysis. 4) Identify any duplicate coverage in different insurance contract. Or redundant contracts 5) Determine if additional or new insurance is needed in line with the findings in the risk analysis.

Risk Management Summary PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue