JHM Risk Management Services

Risk Management services and liability claims handling

John Harvey Murray Bsc (econ) CPFA

'Phone and fax: 01925 445215 email: info@jhmriskmanagementservices.co.uk



Contact US Blogs Ezines Books

What I do

I am John Harvey Murray.

I offer risk management services, including data protection, cyber security and liability claims handling to clients in the public, private and third sectors as well as to individuals, helping them save time and stress as well as money. My services can usually be paid for out of the savings generated. For details of these services click here Services.

What is Risk Management ?

Simply the management of risk. As life is full of risks, we all manage them: sometimes consciously, sometimes not; sometimes well, sometimes badly. What I am offering is a planned, deliberate approach, resulting in written evidence of how each of your risks is managed.


What it is NOT:

  • Insurance
  • Health and Safety
  • A Quick Fix
  • A New Idea


Risk Dice


What are the main Classes of Risk?

It is important that risks of every kind are managed. This is a list of some of the categories of risk you may encounter.


  • Property Risks - Fire, Storm, Theft, Accidental Damage.
  • People Risks - Injury, Disease, Stress, Dismissal, Bullying, Discrimination.
  • Financial Risks - Investments and Money-Management, Fraud.
  • Environmental Risks.
  • Cyber Risks - Loss or Misuse of IT, Data Protection, Social Media.
  • Reputational Risks - Bad Publicity, Libel and Slander.
  • Business Risks - Loss of Sales, Runaway Costs, Bad Strategic Decisions.
  • Regulatory Risks - Failure to Comply with Requirements.
  • Business Continuity Risks - Events Affecting Your Ability to Remain in Business.
  • Liability Risks - Claims Against You or Your Business for Injuries, Losses, or Damage for Which You are Held Responsible.

What are the benefits of Risk Management and how does it pay for itself?

  • Reduces the Chance of Incurring Catastrophic Losses
  • Controls Recurring Losses
  • Improves Efficiency and Profitability
  • Increases Confidence
  • Reduces Stress on Managers and Staff
  • Reduces Insurance Premiums
  • Helps Win Tenders
  • Helps Obtain Loans and Grants


What is the cost of Risk Management?

The real question is “What is the cost of Risk?”

How much is it costing you NOW?

The cost of Risk includes:


  • Claims
  • Accidents
  • Complaints
  • Health & Safety
  • Security
  • Inspections
  • Quality Control
  • Certain elements of HR
  • Insurance
  • Uninsured losses
  • Risk Management Fees


The real aim is to minimise the TOTAL cost of all the above. My fees, or anyone’s, are always a tiny proportion ot this total.

Risk Dice

About Me and My Services

JHM John Harvey MurrayJohn Harvey Murray

I offer advice and help to clients in various aspects of managing risks, reducing the cost of claims and other losses, by drawing on my wide experience in accountancy, audit, insurance and risk management.

I studied Economics and Accounting at Bristol University before going into a career in public sector finance, being the Insurance Officer at St. Helens Council in the 1990’s and 2000’s, where I reduced the cost of risk to 15% below the national average.

For details click here Achievements. I am qualified member of CIPFA, the Chartered Institute of Public Finance and Accountancy and a member of the Institute of Risk Management.

I write and speak on various issues, notably risk and management. For details click here Publications. I also read and write fiction. There is more information about me on my Linkedin profile.

Click here Linkedin.

My Services

As each client’s situation is unique, I tailor my services to the needs. Those listed below are indications, not a set menu. I aim to help clients establish systems and policies to enable them to manage risks themselves as well as giving advice on specific risks. I offer training and coaching as parts of the service.
Services include:


  • Reviews of policies and procedures
  • Risk Registers
  • Risk Analysis
  • Risk Assessments
  • Help with tenders
  • Help with grants and loans
  • Training and coaching
  • Liability claims handling
  • Data protection
  • Cyber security


For more information on Data Protection and Cyber Essentials please follow the links below: -


JHM John Harvey MurrayJHM Risk Management Services


Let the facts speak for themselves!

Click on the button below to look at the statistics extracted from CIPFA Benchmarking Reports.

These compare St Helens Council with a group of 12 similar authorities and with all 65 unitary authorities in England and Wales taking part in the exercise, relating to the period when I was managing claims at St Helens.


Overall, I achieved savings of around 15% a year on the Council’s total cost of insurance and uninsured risks.




I write blogs, articles, newsletters, and books on various subjects, notably risk and management. I also write about matters relating to faith. I am currently in the process of writing a work of fiction.



My publications can be found by clicking on the relevant word below:



JHM Claims


Q1. What is a Public Liability claim?


It is a written demand for money ("damages" or "compensation") based on the assertion that some act or failure by you, or your organisation, has resulted in injury or damage to the claimant or his/her property. It is not the same as a complaint or request, but may result from the same incident.



Q2. What should I do if I get a claim?


  • First, acknowledge the letter, without commenting on the contents.
  • Then check whether you are covered by any of your insurances. This may be a specific Public Liability or Combined Liability policy or it may be included as part of a Household or Business policy, so do check. If you are covered, or if you are not sure, inform your insurers or brokers.
  • Always comply with any instructions they give or you may invalidate your policy.
  • If you are not insured, you may be able to investigate and deal with the claim yourself, or you may wish to seek help from a professional. They should be able to give you some initial advice to enable you to decide whether to engage their services.



Q3. Do you work for claimants or defendants?


  • JHM Risk Management Services primary function is to provide services for those needing to defend claims.
  • However, investigations are essentially neutral and can conducted on behalf of either side.
  • See also "Investigations and Services for Solicitors".



Q4. Are your services necessary if I have liability insurance cover?


  • Perhaps! You may have an insurer who gives first class personalised service, making anything else superfluous, but many people find they need someone to act as go-between, to chase up their insurer, to interpret what their insurers say to them, or to hold their insurer to account, so as to get better value for money for their premiums.
  • Most of my best work has been done working in conjunction with insurers. Cooperation rather than conflict has been my main experience.
  • Some insurers find it helpful to have someone with relevant knowledge and experience whom they can deal with on behalf of their client, especially where the client does not have the time or ability to deal with all their questions as promptly as is needed.
  • You may find some or all aspects of your claim are not covered and so your insurer is unable to help resolve them.



JHM Risk Management


Q1. What is the link between risk management and insurance?


  • Insurance is a means of managing some of the financial effects of risk. It is important to remember:
  • The need to manage the underlying causes
  • Not all risks can or should be insured
  • Good risk management helps reduce the cost of insurance.



Q2. What risks do we have to manage?


  • These are many and varied. No list could cover them all.
  • For a general description of each of the main 12 categories, go to HERE
  • For growing businesses see my article at HERE



Q3. What are the biggest risks?


  • That depends entirely on your business and on your particular circumstances.
  • A growing but neglected class of risks are those around data protection. See separate section of FAQs on Data Protection.



Q4. Are there any risks you cannot manage?


  • Some things, such as the weather and national events are beyond the control of most of us
  • Even if you cannot prevent something, you can mitigate its effects by having a recovery plan for instance.
JHM Risk Management
JHM Data Protection

Data Protection

1. Who is Responsible for Data Protection AND can you transfer this responsibility?


  • A lot of people still seem to think that Data Protection is a matter for their IT manager. In fact the buck really does stop with the man, or woman, at the top. There may be disciplinary repercussions for the IT manager or whoever else caused the breach, but the primary responsibility lies with the business owner.
  • Similarly, a lot of people think that if they outsource IT services or even payroll, accountancy, or other services, the responsibility for the data involved will transfer to the business providing the service.
  • This is all untrue. The Act places all the responsibility on the business whose data it was in the first place, defined as the “Data Controller”. The other business is defined as the “Data Processor”. Changes have been introduced which will allow the authorities to fine the Data Processor as well, but they will not remove the burden from the Data Controller.
  • If you have written your contracts carefully enough, you may be able to obtain some compensation from the business actually responsible for the data breach, but that will probably be after you have been prosecuted and fined.



2. Do I Offer IT Solutions When I Offer Data Protection Services?


I do not. I would like you to think about the following points.


  • In a recent survey IBM found that 40% of data breaches were caused by human error and that another 35% were caused maliciously, leaving IT issues a poor third.
  • Having great IT security does not stop people leaving laptops on trains or printouts on photocopiers, just as great physical security is ineffective if staff forget to lock doors.
  • It is too easy to find that you cannot see wood for trees if you get too involved in the details of IT systems without stepping back and looking at the big picture.
  • Once an issue has been identified it is often possible for the client’s existing IT provider, internal or external, to resolve it.
  • Where the client agrees that an IT solution is required, I have several highly competent IT experts whom I can call upon for advice or support.
  • It is very easy to spend a lot of money on improving your IT when all you really need is to use your existing hardware and software properly and to establish realistic but secure procedures for everyone in the business to follow online and offline.

I am always happy to hear from you

Yes, please