5. Risk Management

5. Risk Management

Many entrepreneurs believe that this business operation is probably the riskiest thing they have ever done. That’s probably true, at least from the perspective of financial decisions. (Commercial bankruptcy is unfortunate but highly survivable; each sports cars and the two kill a much higher fraction of users.)

The risk in business is handy. This is a main reason why businesses exist as a concept; they bring a source of risk (the company) and then separate into common economic upper undertake the risk, responsibilities related to risk, and the actual functions to operate the business.

Incorporation is a way that Internet companies employ to limit the risk, covering the amount the owners / investors are exposed to liability for debts or damage or injury to others should not, generally resulting business in the owners / investors. Companies do not like the prospect of losing all their capital when such a trial, though, so there should be other mechanisms as well. We’ll talk about some of them.


Insurance is a way to transfer the risk from the insured to the insurance company. The insurance company did this in exchange for guaranteed payments (“premiums”) of a large group of policyholders. Assume the insurance company assesses the insurance properly and / or investing premiums before paying, they benefit to offer this service while their customers are trading the uncertainty of a catastrophic loss for the certainty of predictable insurance payment.

Businesses buy a number of types of insurance. The overwhelming majority of policies (and the share of payments) is for insurance on employment, which is discussed in more detail elsewhere. A much smaller part is for policies that protect the society.

Liability / professional errors and omissions insurance

Companies that produce software that interacts with other business data or produce the software business running, or working on systems owned by customers, have relatively high risk in case of their default software operation. A software update disrupts midsize business can cost them tens or hundreds of thousands of dollars in lost revenue; they might decide to continue to collect. A contractor who accidentally drops the production database while the trial could be held responsible for all costs to replace it, which could be almost unlimited.

These risks are covered by professional liability insurance, sometimes called insurance “errors and omissions” (E & 0). The mechanisms of politics are simple: pay a little money each year (usually about $ 1,000 at the beginning; he slowly measure the number of employees or corporate income). If you do not get sued, nothing happens. If you get sued, you “open a claim” (forward appropriate details) to your insurance company. The responsibility for claims covered by your insurance shifts to your insurance company, to the extent described in your policy and subject to the limits and deductibles. The insurance company typically succeed respond to the suit, which will often result in them offering a settlement to avoid the expense of trial. (The trials are expensive and almost nobody wants to take through the entire process.)

Very few software providers actually get sued! (Insurance companies reported in regulatory filings that the risk for such small software development consultation is less than 1% per year. You can dig out of this fact rankings regulatory if you want to.) Most companies that deal primarily with consumers limit their liability with contracts and offer refunds if the software is not loving customers. It’s incredibly unlikely that you will be sued just because someone is simply unhappy with your services.

That said, if your softwaredamageActuallya materiallycustomer, which is quite plausible for B2B services, a trial is a distinct possibility. This is especially the US True, dealing institutionally much controversy through the court system where they would be resolved through private negotiation or other countries. (It sometimes amazes contractors doing business internationally.)

In addition, because the sophisticated businessknowthat there exists the possibility that you do you interface with their systems expose them to expensive remediation, they often require, as a term to do business with you, you carry an insurance policy.

The policy limits for E & O policies typically start at $ 1 million. (The trials are usually significantly cheaper than limit do they average about $ 40,000 in the regulations and costs asregulatory classifications of. A company E & O through all their policyholders in the technology industry companies) Purchasing more is relatively inexpensive; $ 1 million is generally sufficient for companies just starting. You can (and should) replace your policy annually; Renewal time is a great time to think if you have adequate coverage for your exposures.

Commercial insurance in the US is generally sold by agents of insurance companies, which are sales representatives combination and professional advisers. Of course, since they are paid on commission by the insurance companies, professional advice is often as you make more of them. Your lawyer or accountant can often give you a rough idea of ​​what is the appropriate level indicated the level of exposure of your business.

General Liability Insurance

Virtually every business should pay insurance “general responsibility” if you have a physical presence in the United States. (If you do not, you can choose to skip this if this is not the norm in your country.)

General liability insurance is often sold bundled with the E & O insurance.

Insurance E & O ensures against the risks posed only by the type of work you do. The overall responsibility is more diffuse; it ensures against the risks posed by the physical existence of your company. For example, if you have an office, it is theoretically possible that someone could slip in or outside the office, resulting in your company is responsible for their (perhaps essential part) medical bills. It is relatively uncommon, but the overall responsibility covers enough sources “relatively infrequent” distinct effort to be worth the peace of mind it brings to many entrepreneurs.

In addition to accidents to your physical location, general liability could protect against embezzlement of employees, having the fly of your business property, the loss in the event of a fire or similar. The risks covered are listed in your specific policy; read himvery carefully. You file typically only a general query of responsibility when something extremely expensive thing happened, you do not want to be told that “we do not cover this very expensive thing that happened; did you not read paragraph D on page 22? It clearly indicates that … ”

Contrary to occasional grumble, insurance companies usually are not crooks. They are extensively regulated in the United States. They are just by the nature of the business,verydetail oriented, a lot more like programming than creative writing.

You will buy your general liability insurance with an insurance agent, presumably the same one that sells you your E & O line. The policy could be combined with your policy E & O or be sold separately. Expect to pay only a few hundred dollars this year.

Risk reducers for warranty

As part of obtaining a written insurance policy, you will be asked by the department of “guaranteed” by the insurer that needs to decide if your business has a risk level that can be profitable assured given the premium the insurance company wants to charge you. It is to your advantage to know to answer questions of a guarantor in a professional and honest manner such that they approve your application.

Usefully, know the kinds of things that insurance companies look is very useful, because they are literally in business to figure what choices end badly. You can change some of your business operations for more positive responses to their questions, both of which increase your likelihood of getting covered with lower premiums and also remove the sources of risk to your business.

Here are some questions that might Thee asked:

Do you use written contracts to sell services? The answer is, of course, “yes. “Some guarantors will drill into details of the contracts, such as:

  • The contracts they have words limiting the scope of your warranty or guarantee as to work?
  • The contracts they have terms intensified to the level of care that you are required to provide, or are you given more discretion?
  • The contracts they have mid-project control issues such as milestones with approval required from the customer, a defined repayment schedule, etc.?
  • They limit the contracts of damages you may be evaluated?
  • The contract he is considering a formal change order process where both parties must be in writing agreed scope changes?

All of these allow guarantors to see that your contract was written in anticipation of potentially considered him a controversial project with a client.

Do you have substantial experience in the industry? More experience is better than less experience, of course. It is usually to your advantage to write your description of your experience in a way that is absolutely true and easily understood by someone who is not an expert in your field.

Click-through agreements and public orders

Some kind of framework contracts are relatively non-negotiable. You almost certainly an agreed-for example, if you have never “accept the Terms of Use” or sign a contract with a mobile phone company.

These contracts are used when a) is in talks individualized contract terms with each client would be against-productive and b) when contracts can still clearly limit the exposure of the company at risk.

You are strongly for some contracts that generally apply to people doing business with you. You will also few public written policies that are not contract, but rather are designed to clarify some important details about doing business with you.

Depending on what your company does, you might want to have:

  • privacy policy
  • Refund, warranty and return policy
  • Terms of use / Terms of use

Privacy policy

Every Internet company gathers data. Big, big mountains of data.

Consumers want to know that you will not abuse personal information you collect. More importantly, the government regulators want companies tell consumers about the practices in company data. Laws, regulations, and tips cover there and sometimes contradictory about intimate revelations, some of which vary by industry or the state (excluding all foreign laws), but usually you will have a written privacy policy available your website or mobile app anywhere you do business.

Companies that collect personal user data or handle online generally have a privacy policy. You may be legally required to report a privacy policy under certain national laws and / or laws that apply to specific industries or if you engage in certain activities, such as online advertising. There is a wide range of counterparties, including financial institutions and host providers, which would take the non-existence of a privacy policy against you, even if you have good inside were understanding “we are just the usual no-spam, Google Analytics, Nginx standard logs. “Also, if you sell to other businesses, your business customers will likely require you to report a privacy policy as a condition of doing business with you.

Privacy policies are less a legal contract and a semi-standardized way for you to communicate your plans regarding data with customers. Having an inaccurate privacy policy may be worse in some respects than not having it at all.

The privacy policy is usually written in non-technical language and clear is relatively short. Important aspects to cover in a privacy policy of the United States include:

  • What information you gather
  • Who has access to it
  • Under what circumstances would you want to release it to third
  • How you use data for advertising, including online tracking
  • For how long you store

Additional information may be required if you are doing business in whole or in part outside the United States, where more stringent laws of privacy may apply (egg the European Union).

Most Internet companies do not list every single bit of information they collect, but rather employ representative examples, largely because customers are not competent to assess the details. (If you are in a very conscious field of privacy such as health care or if you collect personal information from children, where there exist specific regulations, details import quite a few and are out of scope of this guide.)

If you do not have a ready privacy policy, consider what information you collect, organize your thoughts inwardly, then take a pre-written privacy policy and adapt to customer needs to ensure that it is accurate to the operations of your business, working with your attorney if needed. Automatic, WordPress manufacturers have generously released their under a license lax, so that you can make light edits to it and has a reasonably sensible policy ready almost immediately.

As always the documents as a contract, if you have any questions, ask a lawyer.

Refund Policy / returns policy

When e-commerce first began, people were terrified about sending money over the Internet. What if the goods exactly they did not like? What if the GIF 20kb not showing the color of the dress exactly? What if? What if? What if?

Reimbursement policies are a great way to meet pre-emptive “what if? “In a way that increases your conversion rate, minimizes unhappy customers, and streamline your operations. If you take online payments, your payment processor will require that you have a refund policy reported evidence; it is usually to your advantage to have clear near the checkpoint because some clients look.

Generally most Internet companies choose to be extraordinarily generous with refunds. This is especially true IP-based companies that have relatively little hard costs to provide their goods / services, such as software or SaaS companies.

Many software providers have the following as their full refund policy. (Feel free to use or adapt, if you want.)

Refund Policy we want you to be thrilled with your purchase. If it is not satisfactory for any reason, we will gladly refund the full purchase price for up to 30 days after your purchase.

The policies for e-commerce companies are usually a little more complicated, especially around the returns of actual goods, such as clothing and other consumer products.

You should report what the process for requesting a return, where the returned item should be shipped, if the item can be returned if used, which are the timelines, which absorb the cost for shipping ( and return shipping), etc.

The has one might ask “why even the most generous refund policies often time-limited? This is something that your accountant will probably require you; unlimited refund policy greatly complicated when you are allowed to identify revenue. Many companies say officially they only treat repayments in the first 30 or 60 days while they (officially or unofficially) actually pay any purchase ever made, even years after the fact.

In some countries it is a legal requirement that the repayment period to extend receiving a product or performing a service, not the date of transaction, if the transaction is above. There may also be conditions that the repayment period is at least a certain period (egg, 90 days). Generally one can simply adopt the most generous terms; tightening your language repayment is very rarely the point of most leverage in your business.

Terms of use / Terms of use

Most commercially operated websites, and almost all Web applications, will have conditions. (These are sometimes called “Terms of Use” and abbreviated TOU or the TOS.)

They range from informal descriptions behind what constitutes acceptable use of the site (often including words such as “spamming no,” “no loading virus,” and “no threats of violence”), for applications, full contract specifying the terms of payment, limitation of liability, etc.

Many companies do not charge directly their website choose to edit more informal conditions. If you take commitments to your site, you may need that customers accept the terms of use through checking a box during the engagement. Save the date / time of acceptance, in case you’d be informed about later.

If you sell software or software as a service, your conditions of use is probably a real contract, although short. A lawyer can write one for you, but it’s probably unnecessary unless your software works in a market that is likely to require a high level of attention to the concerns of compliance or accountability. (Health care, financial services, and similar mind-came to ask your lawyer if you’re curious.)

If you produce the software for consumers or smaller businesses, you can probably adapt Terms lax authorized Automatic their product WordPress. This will only take you a few minutes. Force clients to agree on it via a checkbox by registering for your service; save the time consent was given.

Do I have never actually need these things!?

You may never find your policies examined in a court of law.

Having policy is used as a control by companies and regulators if you operate your business in a professional fashion.

You will not likely be approved by a financial institution to accept payments unless you have a TOS, refund policy, and in returning the policy (if you board the actual goods).

For example, in case of a chargeback filed against a purchase for your software, you can expect to lose almost automatically if the issuing bank says “the customer said they did not agree on salary. You have a contract? “And your only response is” good it has registered for an account. “The right answer is” Bob Smith has registered for an account on 23 March. He affirmatively accepted our terms and conditions, a copy of which I have attached. The conditions explicitly state that customers have to pay for the service. ”

You always lose some chargebacks, even when you have documented everything properly, but do everything correctly gives you an opportunity.

Companies can benefit from the practice of drafting a privacy policy as it forces you to think critically about your practice data, understand the regulatory landscape (which may involve some – and expensive – rules and strange regulations), and establish policies and procedures that will benefit your company long-term. The establishment of good privacy practice at the outset of aid to ensure that you maximize the value of your data assets, avoid regulatory pitfalls and mitigate risk (and consequences) of a data breach.

Become minimally comply with these policies can usually be done quickly and effectively, especially in light of the benefits. You will need to review and update these policies (especially your privacy policy) as your business changes and grows, and can expect to do a deeper dive in the future when you have more resources. With that said, depending on where you are doing business and what your business is, these documents may need to be changed more often. For example, if your business involves processing data provided by children, then there is a patchwork of different national laws that currently apply and the regulatory landscape is constantly changing; if your business is a subscription service,








Leave a Review

Publishing ...
Your rating has been successfully sent
Please fill out all fields

Start your Journey here