Examples of a Mitigation Plan

A business that does not address risk management from the onset is one that will find itself
vulnerable to the various intangible things that happen. There are four primary methods a
company can plan for risk: avoidance of risk, risk mitigation, transfer of risk and risk acceptance.
Risk mitigation sets plans in place to address predictable problems, while other operations
processes continue. To fully understand examples of mitigation plans, lets first understand how
the various methods of risk work.

Managing Business Risk

Running a business involves risk. This is no secret to business owners who accept certain levels

of risk, ideally, to reap the rewards of success. At the end of the day, the capital risk is the result
of many other internal and external risks. A business leader must consider what might affect the
company at any given time, and then plan accordingly. Some risk is acceptable while others
could lead to a complete shutdown of the company.

Avoidance of risk is a strategy in which business leaders make decisions to avoid a risk
altogether. For example, the company may decide to avoid opening a store in a community
known for crime and break-ins, and where the target market is a small part of the demographic.
Even though the company is not taking advantage of a potential growth opportunity, it is avoiding
risk. In situations like this, the choice is based on whether the potential profits are worth the
potential loss. By avoiding the risk, the business is stating that the problems wouldn't be worth
the opportunity and potential rewards presented.

Risk mitigation revolves around reducing the impact of potential risk. A jewelry store might
mitigate the risk of theft, by having a security system or even a security guard at the entrance.
This won't stop all theft occurrences, but it might dissuade criminals from targeting this store over
another store that has no security measures.

Transfer of risk is a strategy which understands that there are risks that are unavoidable and
that the risk is also something that can be mitigated. Insurance policies are the most common
form of risk transference, in which a business owner pays a premium to protect against large
losses. The insurance company assumes the risk via the insurance hazard plan.

Acceptance of risk is the last strategy. If a business owner has reviewed the risks and has
determined that the amount of loss would not have a significant impact on the business bottom
line, then he might accept the risk. A children's play center accepts a certain level of injury risk,
when children are playing in the facility. Sprained ankles, cuts and scrapes might be common, in
spite of mitigating efforts. The business owner could have certain policies in place to reduce
potential injury, but a potential injury is inherent to the business and the only way to prevent that
risk would to not be in business.

Risk Mitigation Plan Definition

As already described, risk mitigation seeks to reduce the impact of a potential risk and the loss
associated with that risk. Mitigating risk doesn't reduce the risk at all. In fact, it accepts that the
business will not be able to stop some type of loss. Therefore, the risk mitigation plan seeks to
limit the financial impact on the company if something goes wrong.

Risk mitigation is sometimes called risk limitation, meaning that it limits the impact to the
business' bottom line. A restaurant maintains sanitary food practices to reduce the chances of
food poisoning by patrons. Law firms establish complex IT protocols, that have security
measures to protect private client data from becoming breached. Medical offices might have two
waiting rooms, one for regular checkups and one for sick patients, to reduce the likelihood that
healthy patients might become ill from being in close contact with contagious patients.

These are all regular examples of risk mitigation for businesses. If a business knows what the
most likely problems are, it can take measures to reduce the overall impact on the business, its
employees and its customers.

Contingency Plan vs. Mitigation Plan

A contingency plan and a mitigation plan are often used interchangeably but they are, in fact,
different types of risk planning strategies. A contingency plan is what you do after something
happens; it's like a plan B. The mitigation plan is what you do simultaneously to normal business
practices and are often integrated into daily routines such as the medical office using flu masks
during flu season to prevent the additional spread of illness to doctors, nurses, staff and healthy
patients.

A contingency plan is what you do when your standard modes of practice have not prevented a
loss. Contingency plans are an idea until they are required to be put in place. A disaster recovery
plan is one type of contingency plan. Most businesses are not operating with the assumption that
a tornado, hurricane, flood or other disasters will create a problem. Assume a flood closes a city
down but an insurance company in the middle of the city needs to help concerned customers
experiencing a loss. The insurance company might be experiencing a loss and interruption in
business as well but must have a contingency plan to establish operations to help clients at their
time of need.

Contingency plans begin as a risk loss is happening or the signs suggest that it will start to
happen shortly. You can't predict a fire or an earthquake, but you can predict a snow storm or
hurricane's effect on your business. Contingency plans are implemented as soon as an event
happens or as it becomes imminent.

While contingency plans are widely established along with insurance transference of risk
regarding disasters, they go far beyond the natural disaster scope for businesses. Assume a
business is preparing for the Thanksgiving weekend holiday sales but the shipment doesn't
arrive with the inventory. The business might need to implement a contingency plan. The better
prepared ahead of time for these types of issues, the easier the business can implement it.

In a situation such as this, the business only has one shot every year at Black Friday. They could
still hold their sale and offer free home delivery for all purchases made on Black Friday. While
business might incur some additional costs based on the contingency plan, this is a better
scenario that shutting the business' doors on the biggest shopping day of the year.
Proper Risk Assessment

When thinking about what risk management strategies you need to address, consider your
industry, the geographic locations of offices and stores as well as the typical issues seen in
fulfillment. Areas often considered by business leaders first are disaster plans, security protocols,
product issues and fulfillment considerations. Risk mitigation could address the entire enterprise
or it could address a specific department or project.

A business should appoint a risk manager. The owner often wears this hat in a small business
but this might be a specialized employee for larger companies. Once the appropriate person is
tasked with risk management, he must identify and clearly define the risks. Once the risks are
defined, he must analyze and prioritize the risks. Then a plan is developed.

The risk manager is implementing more than just mitigation strategies. He might incorporate a
combination of aversion, mitigation and transference depending on the risk. There are some risks
that might be deemed acceptable and just part of doing business. Once the risk strategy is
implemented, it is important to monitor progress and make adjustments as deemed necessary.
If an accounting firm knows it gets 10 times the amount of business during peak tax season, the
mitigation plan to properly service consumers might be to hire five temporary staff members to
deal with customer intake, basic data entry and administrative work. Monitoring the plan might
show that five temporary employees were either too many or too few. Adjustments to the staffing
would improve bottom line revenues while maintaining high levels of customer satisfaction and
employee accuracy.
Resiliency as a Goal

The goal of risk management strategy is to make a business resilient to the many potential

problems a business faces. Business leaders who focus merely on growth and fulfillment
become vulnerable to any number of risks.

For example, a business that doesn't have the right type of insurance policy to cover loss of
revenue after a major loss might not be able to sustain itself in the recovery phase after a
warehouse fire. While the inventory, building and people might be insured, it takes time for the
claim to be processed and the business to restock inventory. Being in a situation where you
cannot fulfill even the basic of business expenses because of loss or other problems is poor
planning and the sign of a non-resilient business.

Business leaders and risk strategies need to coordinate with key resources to properly plan. This
involves talking to internal managers to see what critical issues are regular problems. It also
requires consulting with attorneys, insurance agents, IT professionals and accountants to ensure
a clear understanding of issues is present. Attorneys will help with compliance issues while
insurance agents help develop proper transference protections. Each professional will be able to
help a business risk manager better understand the potential issues the company faces.

Once risks are prioritized and a plan is implemented, the business has taken steps to become
more resilient in the face of adversity. Of course, there is no strategy that will protect against all
risk which is why prioritizing the risk is so important. Cover key critical issues and budget the
most funds for those strategies.

Creating a Culture of Mitigation

Every company should establish practices to encourage a culture of mitigation strategies. The
mitigation plan cannot be left to one person for the company to develop market resiliency.
Business leaders must take the time to educate and train employees on the risk involved, the
strategies being implemented and the protocol every employee should embrace and why.
A bank in a high-robbery zone might install double doors where employees and customers must
enter one at a time and wait in a secure throughway, until one door is locked and the employee
or customer gets a green light to enter. Employees must lead by example, entering as individuals
and not in multiples, to ensure that customers do the same.

The medical office that's concerned with the possibility that its elderly patients might become ill
while seeing a practitioner in the office, must train its staff to adopt the habit of washing their
hands and using hand sanitizer. It is not sufficient if the only people using hand sanitizers are the
doctors and nurses examining patients. Everyone needs to engage in this mitigation practice for
it to succeed.

A dog-boarding facility that's trying to prevent the spread of kennel cough must have employees
who care enough about the animals' well-being to double check all records of incoming animals,
even if they are regular visitors to the facility.

These are all examples of risk mitigation strategies that require a company culture to buy-in to
the plan, so that the company may succeed. This may become part of the hiring practices, but it
certainly requires managers to hold meetings and training to review the potential problems and
mitigating measures. All risk-management efforts and plans reduce the impact of adverse events
and unforeseen circumstances on the bottom line revenue of the company.