Skip to main content

4 Mechanisms of Risk Management (Learned from “Momma”)

Risk Management. We hear that phrase in our operations daily. However, what does “risk management” really mean? How do we set-up a process to ensure that we are managing risk to the most efficient level? It all starts with the four basic ways to manage risk. 1) Avoid the Risk; 2) Accept the Risk; 3) Control the Risk; 4) Transfer the Risk to another party. Chances are your mother once taught you the aspects of risk management at a very young age. Now let’s see if we can take what “momma” taught us and apply it to our business’s risk management program.


“If you can’t say something nice, don’t say anything at all”

I’m sure you have never heard this adage, right? Growing up with a sister who was four years older was never an easy thing. My sister, being the girl, was ALWAYS right about EVERYTHING. However, maybe this taught me the true “Golden Rule” of life at an early age… Women are never wrong (right, guys?!). Needless to say, being a typical little brother I always had the most wonderful compliments to give my sister: “You weren’t good enough as a child, that’s why they had me” and “You were adopted.” You know, just typical comments that siblings say to one another. At an early age, soon after these comments started emerging, my mother disciplined me and told me the famous life lesson: “If you can’t say something nice, don’t say anything at all… or else.” As my eyes grew as large as baseballs, I knew exactly what the “or else” meant.

Sometimes business is about boiling all the complexity to the simple things we learned as children. Just as momma taught us, sometimes it is better to not engage in an activity. What is the benefit/upside of the activity? What is the cost/downside of the activity? Does the benefit outweigh the cost? This is an analysis each organization should go through whenever adding a new activity or risk to their operation.

However, in this industry avoidance is somewhat of an impractical approach to managing risk. Every day you are engaging in activities that inherently have risk associated with them. In order to completely eliminate the risk, your organization would have to shut down its operations which is not practical. Avoidance can be used in this industry though.

I recently saw a marketing firm advertising to boost sales by installing an “arcade” game integrated with a zipline. You would simply hang objects from tree limbs surrounding the zipline. Once zipping, you would then try to hit as many objects as possible with your “wand” that is in your hand. The software would recognize how many objects that were struck with the wand giving you a score and creating competition for the high score throughout the zip tour. Sounds like a great idea, right?? Let’s think about the potential consequences: participant slowing down intentionally to yield more points; not paying attention to braking due to distraction; increased tension on line due to sudden movements in different directions; etc. As you can see, this would be a prime example of when to use avoidance and deny integrating this activity into your operation.


“If you can’t afford it, don’t touch it.”

When I was little, one of my momma’s favorite places to go was an antique store. She thought it was the most WONDERFUL store ever. Yet as an energetic and rambunctious child (some would have called me a hellion), I could not imagine a more boring store. So of course my sister and I had to spice up our trip to the antique store, by playing tag through the aisles, tossing the 100-year-old snow globe around like a baseball, or even trying to play “Sweet Child of Mine” by Guns N’ Roses on a vintage 1906 guitar (which apparently was not acceptable). However, one thing that I will always remember about the 10 steps leading up to the front door of the antique store is my momma saying, “Now Cameron, if you can’t afford it, don’t touch it. Do you understand?” Little did I know, this saying would teach me a lot about risk management in my career.

The second risk management technique is controlling the risk. This involves taking steps to reduce the frequency and/or severity of injury. In the antique store, in order to reduce the frequency and severity of my breaking an item, I was told to not take my hands out of my pockets. While this did not avoid the risk completely, it reduced the risk by using a proper control mechanism. If momma wanted to practice the avoidance method she would have told me to stay in the car to avoid the risk entirely.

Control is the most important risk management technique for the aerial adventure park and zipline industry. Here are some of the most common control measures:

    • Training for Employees: I cannot emphasize how important this is. 95% of injuries are due to guide error or improper training. This is the most overlooked method of risk control. I recommend hiring a third party every year for training. Professional athletes hire trainers and coaches to be a consultant and third eye for them. If a professional athlete can benefit from a third party, I can assure you that your organization can benefit from one as well.
    • Background Checks on Employees: How can you defend a sexual abuse claim when the plaintiff attorney finds out the accused employee is on the National Sex Offender Registry? Wouldn’t it have been better if you had known this prior to hire so that you could screen your applicants?

Cross Check Waivers with IDs: How can you defend your organization in a claim when the injured participant did not sign the correct name? Therefore, you do not have their waiver which means the injured participant did not waive their right to sue.

  • Signage: Post signage with rules of participation at many visible points throughout your course and check-in building. Once posted, take a couple of time-stamped photos of each sign. Take a close-up photo (to show what it says) and far-away photo (to show placement). Place these photos in a safe place away from the premises or in the “cloud”. This would provide a defense mechanism in court to prove visible signs were in place to inform participants of age, weight, etc. restrictions.
  • Weigh all Participants: Plaintiff attorneys are continually using the argument, “You are the professional in this industry; the injured person did not know how imperative it was to weigh under 250 lbs. Thus you are the responsible party for not weighing them.” Let’s take this argument out of their bag of tricks.
  • Inspections: This is your annual physical for the course. Many human diseases can be detected and treated properly before they turn severe through a simple visit to the doctor and a physical. The same is true for your course.
  • Safety Committee: EVERY organization should have a safety committee. The members should be an equal balance of employees, assistant managers, and executives. Each of these three levels of the organization sees different risks in the organization. This committee should meet at least once every two weeks.
  • Access Prevention: Make sure participants are not allowed to enter designated areas without being properly clipped-in (climbing ladders to towers, climbing walls, etc.). Kids have a tendency to try to climb on structures even if they are verbally told “Do not climb until you are clipped-in.” A good control mechanism is to have a painted yellow line over which participants are told: “not to cross until properly clipped-in”. Also, a sign that states the same at the point of access is a good idea (refer to “signage” above on documentation).



“Only drive as fast as you can afford.”

As a teenager, I preferred to get places quickly. It was my perception that I could be more productive in my day if I minimized the amount of time driving, thus not abiding by the speed limit. As much as I tried to plead my case while holding that yellow speeding ticket in front of my momma, she did not accept my reasoning of trying to be more productive in my day by reducing the amount of time spent driving. After the second speeding ticket within a short period of time, she stated a simple phrase, “Go as fast as you want. However, only drive as fast as you can afford.” After realizing the court costs, attorney costs, increased insurance costs, etc. I finally realized that I could not afford to drive much over the speed limit if any at all.

Driving down the highway 20 MPH over the speed limit, I was accepting 100% of the risk of getting a ticket. There was no avoiding the risk. There was no controlling the risk. There was no transferring the risk. 100% acceptance. In my personal life, I had to decide how much cost of risk I could financially afford and justify.

In your business, there is a tolerable level of acceptance. Let’s use rope burns and slips/falls as an example. Through analyzing your financial statements and previous loss history, you and your insurance advisor may come to the conclusion that your company can withstand a $25,000 loss during the year for any incident. Therefore, you “accept” this level of loss through a deductible and get a reduction in insurance premiums. You may decide that you have properly controlled the risks for employee theft. Therefore, you decide to not transfer this risk through insurance and accept this risk.

There are two types of acceptance: voluntary and involuntary. Voluntarily accepting a risk is when you select to intentionally take a deductible or to self-insure employee theft. Involuntarily accepting a risk is when your organization finds out after a loss/claim that the claim is not covered. Involuntarily accepting a risk is something that your organization never wants to have happen! It is essentially an unplanned expense that has no limit.


“Don’t put all your eggs in one basket.”

This lesson is one many of us learned the hard way; if only we’d just listened to our parents, huh? Whether it comes to risk, investments, or life in general, it is not a bad idea to spread your eggs around to many baskets. The same is true with the risk within your organization. The key goal with a risk management plan is to reduce the total cost of risk. One effective way to accomplish this is to shift your organization’s risk to a third party. While insurance may be coming to your mind right now, insurance should be the LAST last way of transferring risk (that may sound completely opposite of what you would expect a risk and insurance advisor like me to say). Insurance is the most costly way to transfer risk.

In this industry, there are many ways to transfer risk to another organization or party. Some are:

Construction: Having an ACCT Professional Vendor Member do your construction/maintenance pushes out the liability for design error, construction error, etc. to another party. This reduces your total risk within your organization.

Trainings/Inspections: Having a third party conduct your staff training and inspections pushes out the liability for training your staff on proper mechanics and also the liability that arises from assuring the course is in acceptable working condition.

Participant: Transfer liability to the participant by using a legally sound waiver. There are a couple of things to note regarding waivers:

1) Only a court can grant legal guardianship to a person. This means that when Johnny is on a beach trip with his friend’s family that they cannot sign the waiver in place of Johnny’s parents. The waiver would be invalid in a court setting. Make sure a “legal guardian” is signing the waiver.

2) Make sure you are not collecting personally identifiable information or medical information that would make you subject to HIPPA laws or data breach laws.

Insurance: When you can’t control the risk completely, you can’t avoid it, it is above your comfortable level of acceptance, AND you can’t transfer it through any of the above ways, you should then transfer the risk through insurance. Insurance should be the last resort to transfer risk as it is the most costly way to do so.

Call to Action

How do we take all the above risk management techniques and put them into action within your organization? It’s simple! First, organize a formal meeting with you and your management staff. Second, get a sheet of paper and start listing all the risks in your organization. Think outside the box; don’t just think about property loss, liability, etc. What about regulation changes? What happens when a key employee leaves your operation or suddenly dies? Computer systems crashing? Data/security breach? Embezzlement? Reputational risk? Lease being terminated? Fire destroying waivers? These are all possibilities that we should be thinking about. Typically risks fall into four key categories:

  • Hazard Risks arise from property, liability, or personnel loss exposure and are generally related to the subject of insurance.
  • Operational Risks fall outside the hazard risk category and arise from people or a failure in processes, systems, or controls, including those involving information technology.
  • Financial Risks arise from the effect of market forces on financial assets or liabilities and include market risk, credit risk, liquidity risk, and price risk.
  • Strategic Risks arise from trends in the economy and society, including changes in the economic, political, and competitive environments, as well as from demographic shifts. (Risk Assessment: ARM 54 Course Guide, 2008)

When sitting down to compile the list of all the risks to which your organization is exposed keep the four categories above in mind. Write down all operational risks, strategic risks, financial risks, and hazard risks that are a threat to your organization. Once these risks have been identified and written down, beside the risk decide how you are going to treat it (avoidance, control, transfer, or acceptance). Most risks should use a combination of techniques to mitigate the risk (control in combination with transfer). I would be willing to bet that when you have compiled the list you will find you do not have a planned risk management technique for at least 50% of the risks you have listed.

About Granite Insurance

Cameron Annas, CIC, at Granite Insurance specializes in providing risk management and insurance solutions to the aerial adventure park and zipline industries. Our client approach at Granite Insurance is to understand the unique needs of your business and tailor a risk management/insurance program that is designed around these needs. Granite is a part of Keystone Insurers Group which is the largest insurance agency organization in the United States. This resource, in combination with our expertise, makes us uniquely qualified to design and implement a risk management and insurance solution for your organization.

Skip to content