For most entrepreneurs, worrying about risk takes a back seat to bringing in revenue and building their company’s brand. This is natural. But as their companies grow, business owners can and should start becoming more proactive about mitigating risk.
Related on MHA Consulting: Single Points of Failure: Protecting Yourself from Hanging by a Thread
Risk and the Entrepreneur
In writing today’s blog, I’m going to switch between my consultant’s hat and my entrepreneur’s hat.
As a business continuity consultant, I dislike risk and spend half my time trying to get my clients to reduce their risks.
As an entrepreneur, especially twenty-plus years ago when MHA was just getting started, I regarded risk as a distraction to be ignored while I focused on more immediately important goals. Those included landing consulting engagements, bringing in revenue, making ourselves known, and building our brand.
Looking back, some of the risks we ran in those early days makes me break out in a cold sweat. On the other hand, if we hadn’t run those risks, we wouldn’t be anywhere near as successful and secure as we are today.
When it comes to talking about what entrepreneurs need to know about risk, I have a double perspective. As a BC professional, I know how unmitigated risks can have a catastrophic impact on organizations. As an entrepreneur, I know that if you aren’t willing to tune out thoughts of risk in the very beginning, you might never build anything worth protecting.
Gradually Becoming More Risk Conscious
In the beginning, most ambitious entrepreneurs are going to have little to no interest in talking about risk mitigation. Acknowledging that reality, I would suggest the following:
- As soon as you gain a degree of momentum as a business, try to at least identify and mitigate your two or three greatest risks, the ones that have the potential to wipe you out.
- Anticipate that as your company grows, you will gradually ramp up your risk mitigation efforts.
This is the approach we took at MHA, and I’ll tell you two things about how it worked out: The early days of our company were like the Wild West. It was fun, free, and exciting. It also worked in terms of giving me the room I needed to get the company going.
Nowadays, things are very different. We have multiple layers of mitigation and protection across all facets of the organization. These days I take satisfaction in reviewing the processes, policies, and procedures we’ve implemented to reduce risk. I sleep better at night knowing our company, people, and clients are about as protected from the shocks of life as a company can be.
Where to Begin in Mitigating Risk
Suppose you are a business owner who feels you have reached a point where you can afford to take at least a preliminary cut at bringing your company’s risks down. Where should you begin? By assessing your company’s risks across three areas: people, processes, and technology. Let’s have a look at each.
- People. Talented, dedicated people are the lifeblood of any young enterprise. They are also its Achilles’ heel. This is because people have a tendency to quit, move away, change fields, retire, get sick, and all the other changes of fortune that can affect people’s relationship to their jobs. Most young companies are riddled with single points of failure in the form of key employees who are the only ones in possession of critical knowledge or capable of performing essential tasks. One of the first things a business owner needs to do in managing down risk is identify and mitigate the risks associated with employees who are single points of failure. This risk never goes away no matter how large or successful the company becomes.
- Processes. The next thing to look at is the company’s processes. Identify your most important processes and assess the controls around them. Many smaller and midsize companies lack a clear understanding of what specific processes need to function in order for the organization to make its widgets or provide its services. Work out what these are for your enterprise and look at the risks facing them. The goal is to ensure your key processes are running optimally without too much exposure. You want to protect those processes from point A to point Z. Not protecting your key processes can lead to financial, customer, legal, and regulatory exposure.
- Technology. Finally, look at the technology you depend on—everything you use to measure, manage, and monitor the business from a technical perspective. Business owners should identify their technology gaps and vulnerabilities. Mitigate the ones that have the greatest potential to impact your operations. Reduce your technology risks by eliminating single points of failure, creating a secure environment, using best-in-class solutions, and working with best-in-class vendors.
Achieving Maturity and Avoiding Complacency
It’s not realistic to expect entrepreneurs to avoid risk altogether. Business owners should aspire to get on a responsible glide path in their relationship to risk. As their organizations grow, they should mature their risk awareness and mitigation effort to keep pace. Their goal should be developing a mature risk mitigation program to ensure the viability and longevity of the organization over time.
In time, if their company prospers and their risk mitigation program grows along with it, they are likely to face a very different challenge in terms of risk mitigation: avoiding getting complacent. But that’s a topic for another blog.
Protecting Organizations and People
It’s natural for early-stage entrepreneurs to prioritize revenue generation and brand building over risk mitigation. In fact, a willingness to run risks is almost a prerequisite to creating a successful new enterprise.
However, business owners should strive to identify and mitigate the two or three most potentially devastating risks as soon as possible, looking specifically at the areas of people, processes, and technology. As companies grow, their risk mitigation efforts should mature to keep pace. In this way, entrepreneurs can protect the organizations they worked so hard to build and the people who have come to depend on them.
For more information on risk management and other hot topics in BCM and IT/disaster recovery, check out these recent posts from MHA Consulting: