Risk and Crisis Management
BETTER OUTCOMES WITH BETTER ADVICE
We serve businesses, business owners, board members, investors and lenders.
At McAlan our attention is most often focused on businesses. Many companies, especially smaller companies, treat risk management as an after-thought, to be handled by an in-house functionary as part of an annual insurance review. However, as shown in this website, risk management is much more than that.
Risks come in many sizes and flavors, including well-understood risks, like premises and product liability, and more esoteric risks, such as cyber risk. We will not list all the kinds of risks a company may face — a tall if not impossible order — but here are two especially worth remembering:
- Mission failure. All businesses are created with a mission in mind, so there are always risks of mission failure.
- Inadequate risk management. Those in charge, from the board down through lower middle management, are graded in part by how they manage risk.
Investors want the companies they invest in to be valuable and increase in value over time, and they certainly don’t want to be seen as having made a foolish investment. Assessing the downside is equally if not more important than perceiving the upside.
Business owners want their companies to be healthy and profitable. Business owners often also want their companies to be saleable to potential buyers for a good price, pursuant to a carefully prepared exit plan, or even in a forced sale. A risky business is a less-valuable business, and it can be unsaleable at any price. Accordingly, risk management is absolutely essential from the viewpoint of a business owner.
Acquirors of Businesses
Acquirors want a good “acquisition experience”. Experienced professional investors typically expend considerable effort in due diligence to help form their baseline expectations, the amounts they are willing to pay, and the terms and conditions of buy-sell agreements, including reps and warranties insurance. However, due diligence often misses risks, and rarely takes account of a company’s risk management program or competencies, or the adequacy of the target’s business insurance.
Risk management is equally or more important post acquisition, to uncover previously unrecognized risks, to make systematic improvements, and to enhance the value of the acquired company.
Boards of directors should be actively involved in their companies’ risk management. This requires, first, getting an understanding of the company’s risk profile, then creating a legal and practical framework for allocating responsibilities and lines of communication, monitoring and periodic top/down review. The policy should provide guidance on board involvement in the event of a crisis.
Board members also need to be informed of their legal and reputational risks. Surprisingly, most board members are not aware of the in’s and out’s of directors and officers insurance policies, or that the coverage may be less protective than they thought.
All lenders know that high risk borrowers can be problematical.
We can help lenders on all matters pertaining to risks, including assessments of potential customers’ risk management programs.
What We Provide
Assessments of vulnerabilities
The beginning point of risk management is a survey of all aspects of a company to identify risks and assess their significance. We have a proprietary methodology for preliminary assessments (and get buy-in from C-suite executives and board members). If the company is ready to proceed, we work with management to dig deeper to find all the material risks and rank them in terms of impact and probability.
With a risk assessment in hand, the company is ready to develop strategies to deal with specific risks and to work with management to create policy and an overall risk management program.
Our solutions include:
- Legal solutions
- People solutions
- Creative risk transfer arrangements
Risk management is increasingly recognized as a matter for boards of directors and trustees. We can assist your board in establishing policies, committees and procedures, and in connection with periodic risk management reviews.
We can also provide advice and solutions regarding Board liability for all matters, including the failure of the board to discharge risk management duties.
Risk management processes and systems
We have procedures and systems for overall risk management, and we can assist in selecting systems to deal with particular matters.
Risk management advice
We stand ready to advise you on your risk management concerns.
Ask yourself: How good is my company’s risk management program or department?
Due Diligence Services
We are available to be your risk advisor, including helping you find the right resources to meet your specific needs.
Crisis management services
Crises are often outside of anyone’s control. “Crisis management” therefore can be as much about crisis response as it is about management. We draw upon all our resources to get crises resolved as best possible.
Our Approach to Risk and Crisis Management is Unique
Our founder and CEO is an attorney. A legal perspective is more than helpful; it is essential in risk and crisis management. Moreover, there are times, especially during a crisis, when the privileged status of attorney-client communications is highly desirable.
We look at all the risks and vulnerabilities of an organization, ranging from ownership through the business environment
We bring to bear the full range of skills and experiences that are appropriate to get the job done.
Although we appreciate the usefulness of automation, we know that ultimately it is people who are accountable for their decisions and actions. Accordingly, our system places specific responsibilities on individuals.
Risk management always involves teamwork. Crisis management usually — but not always — requires teamwork. We act as your coach, your quarterback or your consultant.
Multiple perspectives and related competencies
are needed for effective risk and crisis management.
Each of the element-boxes in the diagram is discussed below.
McAlan brings legal expertise and experience to assess a client’s legal needs and counsel a client accordingly. The basic requirement here is legal education and training, supplemented by experience, handling compliance with laws and regulations, and managing disputes.
Every contract creates risks. McAlan can be helpful in connection with Contract Lifecycle Management (CLM), which covers the various stages in the life of a contract, beginning with negotiation, through performance, and post-performance/termination matters. CLM can be the domain of the legal department or some other department and/or shared.
Insurance and risk transfer
Insurance is the industry most closely associated with risk management. We have dedicated resources to find the best insurance solutions.
Risk Transfer means contractual shifting of risk from one party to another, most often seen in financial and commodities hedging operations.
Management of human resources is important but too-often overlooked in risk and crisis management. An organization is well-served if its people have the psychological and wellness attributes that make them strong and effective in their jobs. We call this “resilience”. We have information and resources available to help your people become resilient. Because resilience is built up over time, long-term programs are helpful. We can help your HR department in that regard.
A modern business needs to be aware of the expectations not only of its shareholders, but also of other stakeholders, and to develop and implement appropriate policies. These increasingly are categorized as ”ESG factors” (ESG standing for environmental, social and governance factors). Because most of ESG is not required by law, ESG is sometimes called “soft law”.
McAlan is a pioneer is considering ESG Management an important component of overall Risk Management.
IT and systems are at the heart of virtually every business. System integrity is essential.
We live in a world of extreme cyber risk. There is simply no excuse for neglecting cyber risk.
Business Owner/Manager and Generalist Work Experience
High-level business experience is invaluable. What is ideal will vary from company to company. Based on what we learn – what the company has and does not have – it may be best to bring in industry or functional expertise or general experience/skills.
Communications, Public/Investor Relations
It is important to have effective communications to manage risk and even more so to respond effectively to a crisis. These communications can be inward-facing or outward-facing – directed to suppliers or customers, or to “the court of public opinion”.
Financial resources are essential, and cash flow is keeps a business going.
Our founder worked on Wall Street as an investment banker and ran the corporate finance department of a regional investment banking firm.
Our analysis often includes an assessment of a company’s financial needs and resources. Although a company may have solid financial management, in a crisis, new perspectives and resources may be required, and we can be help arrange for that.
C-Suite/Board “People Solutions” Expertise
An organization needs to know what needs to be done and have the right people in charge of all functions. Those people can be in-house, full-time or fractional, part-time, outsourced, or employed in other creative ways.
Many companies do not have a risk management department or even a risk management program. Finding and/or arranging for the right people is important.
We have dedicated resources to deliver “people solutions” for your risk management program or department.
Just as resilience is desirable in a company’s workforce, in a time of crisis it can be essential in the C-suite – or for a company’s owner(s). We can arrange for individual counseling and coaching.