Protecting the business: conducting a business risk assessment
The very concept of an enterprise contains within it the presence of elements of risk, but because of this, it becomes essential for an entrepreneur to know how to best manage possible threats. Even before managing them, however, it is necessary to know how to identify them in a timely manner. As Oscar Wilde said, after all,
“The great advantage of playing with fire is that you never get burned. It is only those who do not know how to play with it who get burned completely.”
Business risk assessment is something that is often underestimated but, in fact, should play an absolutely central role within every company’s business plan. This is even more true in the case of a startup. In the next few lines you will find all the elements that will help you get to the bottom of how to develop an effective plan against risk.
Letting your enthusiasm guide you the moment you decide to start a startup is not a mistake, but be careful not to get carried away: arming yourself with some healthy realism is, in fact, crucial. Remember well that focusing only on the positives and pretending that obstacles and risks do not exist will not help you manage them when they arise (spoiler: yes, they will arise).
Being aware of this and, consequently, properly drafting your business plan will not only help you in managing business risk, but will also make your image “better” in the eyes of your potential lenders. Think about it: would you trust anyone who presents you with a totally risk-free plan?
Before we know, specifically, the precise threats you need to watch out for in running your startup, it is important that you are clear about what is meant by business risk assessment.
There are 3 basic steps for proper enterprise risk assessment:
- the assessment of inherent or potential risk, i.e., that which you have to assess without considering the effects of measures put in place to prevent or mitigate its effects;
- the assessment of the adequacy and effectiveness of the control measures already implemented against an identified potential risk;
- the assessment of residual risk, that is, the risk that persists in the face of the measures taken.
Assessing risks means identifying potential threats and, of each, considering the probability of it actually occurring and the gravity of the consequences it may have on your business.
On the mix between these two factors depends, then, the management of each identified risk. To each of them you will have to associate a precise plan of action: if the threat is concrete and threatens to decisively jeopardize your chances of success, you must implement precise measures to prevent it from occurring or to minimize its impact (for example, by modifying a business process); in the case where the threat is remote and/or the repercussions on the company are contained, you can, instead, decide to “accept” that risk. There is, then, another scenario: you can choose to transfer a risk to others, for example, by taking out an insurance policy.
Knowing how to assess risk is useless, however, if you don’t know what business risk is and if you don’t know what are the concrete risks you may encounter by starting a startup. For the meaning of business risk, you can refer to its definition in business economics: it is the totality of the company’s responsibility for the company’s choices.
It is appropriate, however, to shed light on the meaning of two other concepts: those of legal risk and enterprise risk. Legal risk refers to the risk of suffering losses due to violation of laws or regulations, contractual or non-contractual liabilities, or other types of litigation. Enterprise risk, on the other hand, is, in general, an event uncertain in its possible realization, which may adversely affect the achievement of an enterprise’s objectives.
To provide further clarity on business risk, it is also possible to refer to a classification that is useful in distinguishing different types of it: in fact, it is possible to distinguish between internal and external risks.
For an enterprise, an internal risk is a risk directly attributable to it, the entrepreneur or its organization. Internal risks include:
- economic risks, which are related to the balance between the costs to be incurred and the revenues that can be achieved;
- financial risks, which may depend on a lack of financial resources on the part of the entrepreneur and/or difficulty in finding the necessary financing on the market to develop the business idea;
- market risks, which can be related either to the very nature of a specific market or to a momentary crisis in it;
- technical risks, which can refer to the poor quality of raw materials or a lack of their availability, as well as delays in the execution of certain operational steps.
As mentioned, you must pay just as much attention to external risks: these are the risks that do not depend directly on the actions and will of the company and, therefore, can be controlled only in part. This does not mean, however, that they should be neglected. External risks include:
- commercial risks, which depend on the market and how it (does not) receive the proposed product or service;
- the technological risks, which are related to the possibility of not being able to have the technologies necessary for the development of the business, due, for example, to the lack of infrastructure;
- the so-called country-risk, which concerns the situation in the country where the decision is made to start the business, in terms of security, economic development and other parameters;
- environmental risks mainly related to the production, management and distribution of goods, services or products of industrial processes, which, in the event of an accident, may affect the population, animals, land.
Graphically represent the business risk assessment
It should be clear to you now that to assess a risk you need to consider two parameters in particular, namely, the probability of it actually occurring and the impact on the business.
To translate this expedient into practice you can resort to a risk matrix, i.e., graphical representation of the assessment of business risks: as a first step, you have to assign a score for each of the two parameters to each business risk and then transfer the values within a Cartesian graph, in which on the x-axis you should report the scores relating to the gravity of the impact on the business of the various risks and on the y-axis you will report, instead, the numbers describing the probability of their materializing.
By doing so, it will be clearer for you to understand which business risks to prioritize: these are those that are in the upper right part of the chart, because they are characterized by high probability of occurrence and high negative impact on the business.
Insurance for businesses
As noted above, assessing business risks also means considering the possibility of transferring them to others by taking out an insurance policy.
In this regard, however, it is necessary for you to know that in order to insure your startup you need to meet precise requirements, which relate, for example, to the type of activity you carry out and where you carry it out. In some countries and for certain types of business, insurance coverage may be mandatory, but, in general, you are free to consider which choice to take among the different insurance proposals that exist.
The main insurance coverages
Having said the possibility that, in some cases, certain insurance coverages are mandatory, nowadays you are spoiled for choice among the various insurance products that companies offer to those who, like you, are launching or managing a startup and have to cope with business risk. It is possible, in conclusion of this analysis, to mention a few of them:
- legal protection, which covers expenses related to any lawsuits against your company in business;
- employer’s liability, which protects the employer in case of claims by employees who have become ill or injured while carrying out the business;
- third party liability, which gives insurance coverage in case a third party’s property is damaged while doing business or in case an outside person is injured on the company’s premises;
- professional liability, which protects in the event that a client sues for a mistake made during a professional consultation or service;
- defective products, which covers damage or injury caused by a defective product you designed, sold or repaired;
- supplies and materials, which provides coverage for losses related to damaged, lost or stolen materials and tools;
- real estate, which protects the building in which you conduct business from events such as fire, subsidence or flooding;
- business interruption, which compensates for financial losses generated by business interruption caused by events such as flood or fire.