risks in business planning

This free Notion document contains the best 100+ resources you need for building a successful startup, divided in 4 categories: Fundraising, People, Product, and Growth.

This free eBook goes over the 10 slides every startup pitch deck has to include, based on what we learned from analyzing 500+ pitch decks, including those from Airbnb, Uber and Spotify.

This free sheet contains 100 accelerators and incubators you can apply to today, along with information about the industries they generally invest in.

This free sheet contains 100 VC firms, with information about the countries, cities, stages, and industries they invest in, as well as their contact details.

This free sheet contains all the information about the top 100 unicorns, including their valuation, HQ's location, founded year, name of founders, funding amount and number of employees.

12 Types of Business Risks and How to Manage Them

Description

Everything you need to raise funding for your startup, including 3,500+ investors, 7 tools, 18 templates and 3 learning resources.

Information about the countries, cities, stages, and industries they invest in, as well as their contact details.

List of 250 startup investors in the AI and Machine Learning industries, along with their Twitter, LinkedIn, and email addresses.

List of startup investors in the BioTech, Health, and Medicine industries, along with their Twitter, LinkedIn, and email addresses.

List of startup investors in the FinTech industry, along with their Twitter, LinkedIn, and email addresses.

90% of startups fail .

Thanks to the explosion of the digital economy, business founders have plenty of opportunities that they can tap into to build a winning business.

Unfortunately, there is a myriad of challenges your new business has to navigate through. These risks are inevitable, and they are a part of life in the business world.

However, without the right plan, strategy, and instruments, your business might be drowned by these challenges.

Therefore, we have created this guide to show you how can your business utilize risk management to succeed in 2022.

There are many types of startup and business risks that entrepreneurs can expect to encounter in 2022. Most of these threats are prevalent in the infancy stages of a business.

To know what you’ll be up against, here is a breakdown of the 12 most common threats.

12 Business Risks to Plan For

1) economic risks.

Failure to acquire adequate funding for your business can damage the chances of your business succeeding.

Before a new business starts making profits, it needs to be kept afloat with money. Bills will pile up, suppliers will need payments, and your employees will be expecting their salaries.

To avoid running into financial problems sooner or later, you need to acquire enough funds to shore up your business until it can support itself.

On the side, world and business country's economic situation can change either positively or negatively, leading to a boom in purchases and opportunities or to a reduction in sales and growth.

If your business is up and running, a great way to limit the effect of negative economic changes is to maintain steady cash flow and operate under the lean business method.

Here's an article from a founder explaining how he set up a lean budget on his $400k/year online business.

2) Market Risks

Misjudging market demand is one of the primary reasons businesses fail .

To avoid falling into this trap, conduct detailed research to understand whether you will find a ready market for what you want to sell at the price you have set.

Ensure your business has a unique selling point, and make sure what you offer brings value to the buyers.

To know whether your product will suit the market, do a survey, or get opinions from friends and potential customers.

Building a Minimum Viable Product of that business idea you've had is the recommendations made by most entrepreneurs.

This site, for example, was built in just 3 weeks and launched into the market to see if there was any interest in the type of content we offered.

The site was ugly, had little content and lacked many features. Yet, +7,700 users visited it within the first week, which made us realize we should keep working on this.

90% of startups fail. Learn how to not to with our weekly guides and stories. Join 40,000+ founders.

3) Competitive Risks

Competition is a major business killer that you should be wary of.

Before you even start planning, ask yourself whether you are venturing into an oversaturated market.

Are there gaps in the market that you can exploit and make good money?

If you have an idea that can give you an edge, register it. This will prevent others from copying your product, re-innovating it, and locking you out of what you started.

Competitive risks are also those actions made by competitors that prevent a business from earning more revenue or having higher margins.

4) Execution Risks

Having an idea, a business plan, and an eager market isn’t enough to make your startup successful.

Most new companies put a lot of effort into the initial preparation and forget that the execution phase is equally important.

First, test whether you can develop your products within budget and on time. Also, check whether your product will function as intended and whether it’s possible to distribute it without taking losses.

5) Strategic Risks

Business strategies can lead to the growth or decline of a company.

Every strategy involves some risk, as time & resources are generally involved to put them into practice.

Strategic risk in the chance that an implemented strategy, therefore, results in losses.

If, for example, the Marketing Department of a company implements a content marketing strategy and a lot of months, time & money later the business doesn't see any ROI, this becomes a strategic risk.

6) Compliance Risks

Compliance risks are those losses and penalties that a business suffers for not complying with countries' and states' regulations & laws.

There are some industries that are highly-regulated so the compliance risks of businesses within them are super high.

For example, in May 2018, the EU Commission implemented the General Data Protection Regulation (GDPR), a law in privacy and data protection in the EU, which affected millions of websites.

Those websites that weren't adapted to comply with this new rule, were fined.

7) Operational Risks

Operational risks arise when the day-to-day running of a company fail to perform.

When processes fail or are insufficient, businesses lose customers and revenue and their reputation gets ruined.

One example can be customer service processes. Customers are becoming every day less willing to wait for support (not to mention, receive bad quality one).

If a business customer service team fails or delays to solve customer's issues, these might find their solution in the business competitors.

8) Reputational Risks

Reputational risks arise when a business acts in an immoral and discourteous way.

This led to customer complaints and distrust towards the business, which means for the company a big loss of sales and revenue.

With the rise of social networks, reputational risks have become one of the main concerns for businesses.

Virality is super easy among Twitter so a simple unhappy customer can lead to a huge bad press movement for the company.

A recent example is the Away issue with their toxic work environment, as a former employee reported in The Verge .

The issue brought lots of critics within social networks which eventually led the CEO, Steph Korey, to step aside from the startup ( she seems to be back, anyway 🤷‍♂️! ).

9) Country Risks

When a business invests in a new country, there is a high probability it won't work.

A product that is successful in one market won't necessarily be in another one, especially when people within them are so different in cultures, climates, tastes backgrounds, etc.

Country risk is the existing failure probability businesses investing in new countries have to deal with.

Changes in exchange rates, unstable economic situations and moving politics are three factors that make these country risks be even more delicate.

10) Quality Risks

When a business develops a product or service that fails to meet customers' needs and quality expectations, the chance these customers will ever buy again is low.

In this way, the business loses future sales and revenue. Not to mention that some customers will ask for refunds, increasing business costs, as well as publicly criticize the company's products, leading to bad reputation (and a viral cycle that means even less $$ for the business).

11) Human Risk

Hiring has its benefits but also its risks.

Employees themselves involve a huge risk for a business, as they become to represent the company through how they work, mistakes committed, the public says and interactions with customers & suppliers,

A way to deal with human risk is to train employees and keep a motivated workforce. Yet, the risk will continue to exist.

12) Technology Risk

Security attacks, power outrage, discontinued hardware, and software, among other technology issues, are the events that form part of the technology risk.

These issues can lead to a loss of money, time and data, which has many connections with the previously mentioned risks.

Back-ups, antivirus, control processes, and data breach plans are some of the ways to deal with this risk.

How Businesses Can Use Risk Management To Grow Business

To mitigate any future threats, you need to prepare a comprehensive risk management plan.

This plan should detail the strategy you will use to deal with the specific challenges your business will encounter. Here’s what to do.

1) Identify Risks

Every business encounters a different set of challenges.

Before mapping the risks, analyze your business and note down its key components such as critical resources, important services or products, and top talent.

2) Record Risks

Once risks have been identified, you need to assess and document the threats that can affect each component.

Identify any warning signs or triggers of that recorded risk, also.

3) Anticipate

The best way to beat a threat is to detect and prepare for it in advance.

Once you know your business can be affected by a certain scenario, develop steps that you will take to stop the risk or to blunt its effects.

4) Prioritize Risks

Not all types of business risk have the same effect. Some can bring your startup to its knees, while others will only cause minimal effects.

To keep your business alive, start by putting in place measures that protect the vital functions from the most severe and most probable risks.

5) Have a Backup Plan

For every risk scenario, have at least two plans for countering the threat before it arrives.

The strategy you put in place should be in line with the current technology and trends.

Ensure your communicate these measures with all your team members.

6) Assign Responsibilities

When communicating measures with the team, assign responsibilities for each member in case any of the recorded risks affect the business.

These members should also be responsible for controlling the risks every certain time and maintaining records about them.

What is a Business Risk?

The term "business risk" refers to the exposure businesses have to factors that can prevent them from achieving their set financial goals.

This exposure can come from a variety of situations, but they can be classified into two:

• Internal factors: The risk comes from sources within the company, and they tend to be related to human, technological, physical or operational factors, among others.
• External factors: The risk comes from regulations/changes affecting the whole country/economy.

Any of these factors led to the business being unable to return investors and stakeholders the adequate amounts.

What Is Risk Management?

Risk management is a practice where an entrepreneur looks for potential risks that their business may face, analyzes them, and takes action to counter them.

The steps you take can eliminate the threat, control it, or limit the effects.

A risk is any scenario that harms your business. Risks can emanate from a wide variety of sources such as financial problems, management errors, lawsuits, data loss, cyber-attacks, natural calamities, and theft.

The risk landscape changes constantly, therefore you need to know the latest threats.

By setting up a risk management plan, your business can save money and time, which in some cases can be the determinant to keep your startup in business.

Not to mention, on the side, that risk management plans tend to make managers feel more confident to carry out business decisions, especially the risky ones, which can put their startups in a huge competitive advantage.

Wrapping Up

Becoming your own boss is one of the most rewarding things you can do.

However, launching a business is not a walk in the park; risks and challenges lurk around every corner.

If you are planning to establish a new business come 2022, make sure you secure its future by creating a broad risk management plan.

90% of startups fail. Learn how not to with our weekly guides and stories. Join +40,000 other startup founders!

An all-in-one newsletter for startup founders, ruled by one philosophy: there's more to learn from failures than from successes.

100+ resources you need for building a successful startup, divided into 4 categories: Fundraising, People, Product, and Growth.

• Business Essentials
• Leadership & Management
• Credential of Leadership, Impact, and Management in Business (CLIMB)
• Entrepreneurship & Innovation
• Digital Transformation
• Finance & Accounting
• Business in Society
• For Organizations
• Support Portal
• Media Coverage
• Founding Donors
• Leadership Team

• Harvard Business School →
• HBS Online →
• Business Insights →

Business Insights

Harvard Business School Online's Business Insights Blog provides the career insights you need to achieve your goals and gain confidence in your business skills.

• Career Development
• Communication
• Decision-Making
• Earning Your MBA
• Negotiation
• News & Events
• Productivity
• Staff Spotlight
• Student Profiles
• Work-Life Balance
• AI Essentials for Business
• Alternative Investments
• Business Analytics
• Business Strategy
• Business and Climate Change
• Creating Brand Value
• Design Thinking and Innovation
• Digital Marketing Strategy
• Disruptive Strategy
• Economics for Managers
• Entrepreneurship Essentials
• Financial Accounting
• Global Business
• Launching Tech Ventures
• Leadership Principles
• Leadership, Ethics, and Corporate Accountability
• Leading Change and Organizational Renewal
• Leading with Finance
• Management Essentials
• Negotiation Mastery
• Organizational Leadership
• Power and Influence for Positive Impact
• Strategy Execution
• Sustainable Business Strategy
• Sustainable Investing
• Winning with Digital Platforms

What Is Risk Management & Why Is It Important?

• 24 Oct 2023

Businesses can’t operate without risk. Economic, technological, environmental, and competitive factors introduce obstacles that companies must not only manage but overcome.

According to PwC’s Global Risk Survey , organizations that embrace strategic risk management are five times more likely to deliver stakeholder confidence and better business outcomes and two times more likely to expect faster revenue growth.

If you want to enhance your job performance and identify and mitigate risk more effectively, here’s a breakdown of what risk management is and why it’s important.

Access your free e-book today.

What Is Risk Management?

Risk management is the systematic process of identifying, assessing, and mitigating threats or uncertainties that can affect your organization. It involves analyzing risks’ likelihood and impact, developing strategies to minimize harm, and monitoring measures’ effectiveness.

“Competing successfully in any industry involves some level of risk,” says Harvard Business School Professor Robert Simons, who teaches the online course Strategy Execution . “But high-performing businesses with high-pressure cultures are especially vulnerable. As a manager, you need to know how and why these risks arise and how to avoid them.”

According to Strategy Execution , strategic risk has three main causes:

• Pressures due to growth: This is often caused by an accelerated rate of expansion that makes staffing or industry knowledge gaps more harmful to your business.
• Pressures due to culture: While entrepreneurial risk-taking can come with rewards, executive resistance and internal competition can cause problems.
• Pressures due to information management: Since information is key to effective leadership , gaps in performance measures can result in decentralized decision-making.

These pressures can lead to several types of risk that you must manage or mitigate to avoid reputational, financial, or strategic failures. However, risks aren’t always obvious.

“I think one of the challenges firms face is the ability to properly identify their risks,” says HBS Professor Eugene Soltes in Strategy Execution .

Therefore, it’s crucial to pinpoint unexpected events or conditions that could significantly impede your organization’s business strategy .

Related: Business Strategy vs. Strategy Execution: Which Course Is Right for Me?

According to Strategy Execution , strategic risk comprises:

• Operations risk: This occurs when internal operational errors interrupt your products or services’ flow. For example, shipping tainted products can negatively affect food distribution companies.
• Asset impairment risk: When your company’s assets lose a significant portion of their current value because of a decreased likelihood of receiving future cash flows . For instance, losing property assets, like a manufacturing plant, due to a natural disaster.
• Competitive risk: Changes in the competitive environment can interrupt your organization’s ability to create value and differentiate its offerings—eventually leading to a significant loss in revenue.
• Franchise risk: When your organization’s value erodes because stakeholders lose confidence in its objectives. This primarily results from failing to control any of the strategic risk sources listed above.

Understanding these risks is essential to ensuring your organization’s long-term success. Here’s a deeper dive into why risk management is important.

4 Reasons Why Risk Management Is Important

1. protects organization’s reputation.

In many cases, effective risk management proactively protects your organization from incidents that can affect its reputation.

“Franchise risk is a concern for all businesses,“ Simons says in Strategy Execution . “However, it's especially pressing for businesses whose reputations depend on the trust of key constituents.”

For example, airlines are particularly susceptible to franchise risk because of unforeseen events, such as flight delays and cancellations caused by weather or mechanical failure. While such incidents are considered operational risks, they can be incredibly damaging.

In 2016, Delta Airlines experienced a national computer outage, resulting in over 2,000 flight cancellations. Delta not only lost an estimated $150 million but took a hit to its reputation as a reliable airline that prided itself on “canceling cancellations.”

While Delta bounced back, the incident illustrates how mitigating operational errors can make or break your organization.

2. Minimizes Losses

Most businesses create risk management teams to avoid major financial losses. Yet, various risks can still impact their bottom lines.

A Vault Platform study found that dealing with workplace misconduct cost U.S. businesses over $20 billion in 2021. In addition, Soltes says in Strategy Execution that corporate fines for misconduct have risen 40-fold in the U.S. over the last 20 years.

One way to mitigate financial losses related to employee misconduct is by implementing internal controls. According to Strategy Execution , internal controls are the policies and procedures designed to ensure reliable accounting information and safeguard company assets.

“Managers use internal controls to limit the opportunities employees have to expose the business to risk,” Simons says in the course.

One company that could have benefited from implementing internal controls is Volkswagen (VW). In 2015, VW whistle-blowers revealed that the company’s engineers deliberately manipulated diesel vehicles’ emissions data to make them appear more environmentally friendly.

This led to severe consequences, including regulatory penalties, expensive vehicle recalls, and legal settlements—all of which resulted in significant financial losses. By 2018, U.S. authorities had extracted $25 billion in fines, penalties, civil damages, and restitution from the company.

Had VW maintained more rigorous internal controls to ensure transparency, compliance, and proper oversight of its engineering practices, perhaps it could have detected—or even averted—the situation.

Related: What Are Business Ethics & Why Are They Important?

3. Encourages Innovation and Growth

Risk management isn’t just about avoiding negative outcomes. It can also be the catalyst that drives your organization’s innovation and growth.

“Risks may not be pleasant to think about, but they’re inevitable if you want to push your business to innovate and remain competitive,” Simons says in Strategy Execution .

According to PwC , 83 percent of companies’ business strategies focus on growth, despite risks and mixed economic signals. In Strategy Execution , Simons notes that competitive risk is a challenge you must constantly monitor and address.

“Any firm operating in a competitive market must focus its attention on changes in the external environment that could impair its ability to create value for its customers,” Simons says.

This requires incorporating boundary systems —explicit statements that define and communicate risks to avoid—to ensure internal controls don’t extinguish innovation.

“Boundary systems are essential levers in businesses to give people freedom,” Simons says. “In such circumstances, you don’t want to stifle innovation or entrepreneurial behavior by telling people how to do their jobs. And if you want to remain competitive, you’ll need to innovate and adapt.”

Netflix is an example of how risk management can inspire innovation. In the early 2000s, the company was primarily known for its DVD-by-mail rental service. With growing competition from video rental stores, Netflix went against the grain and introduced its streaming service. This changed the market, resulting in a booming industry nearly a decade later.

Netflix’s innovation didn’t stop there. Once the steaming services market became highly competitive, the company shifted once again to gain a competitive edge. It ventured into producing original content, which ultimately helped differentiate its platform and attract additional subscribers.

By offering more freedom within internal controls, you can encourage innovation and constant growth.

4. Enhances Decision-Making

Risk management also provides a structured framework for decision-making. This can be beneficial if your business is inclined toward risks that are difficult to manage.

By pulling data from existing control systems to develop hypothetical scenarios, you can discuss and debate strategies’ efficacy before executing them.

“Interactive control systems are the formal information systems managers use to personally involve themselves in the decision activities of subordinates,” Simons says in Strategy Execution . “Decision activities that relate to and impact strategic uncertainties.”

JPMorgan Chase, one of the most prominent financial institutions in the world, is particularly susceptible to cyber risks because it compiles vast amounts of sensitive customer data . According to PwC , cybersecurity is the number one business risk on managers’ minds, with 78 percent worried about more frequent or broader cyber attacks.

Using data science techniques like machine learning algorithms enables JPMorgan Chase’s leadership not only to detect and prevent cyber attacks but address and mitigate risk.

Start Managing Your Organization's Risk

Risk management is essential to business. While some risk is inevitable, your ability to identify and mitigate it can benefit your organization.

But you can’t plan for everything. According to the Harvard Business Review , some risks are so remote that no one could have imagined them. Some result from a perfect storm of incidents, while others materialize rapidly and on enormous scales.

By taking an online strategy course , you can build the knowledge and skills to identify strategic risks and ensure they don’t undermine your business. For example, through an interactive learning experience, Strategy Execution enables you to draw insights from real-world business examples and better understand how to approach risk management.

Do you want to mitigate your organization’s risks? Explore Strategy Execution —one of our online strategy courses —and download our free strategy e-book to gain the insights to build a successful strategy.

About the Author

Uncovering Hidden Risks: A Comprehensive Guide to Business Plan Risk Analysis

A modern business plan that will lead your business on the road to success must have another critical element. That element is a part where you will need to cover possible risks related to your small business. So, you need to focus on  managing risk  and use  risk management processes  if you want to succeed as an entrepreneur.

How can you manage risks?

You can always plan and  predict  future things in a certain way that will happen, but your impact is not always in your hands. There are many  external factors  when it comes to the business world. They will always influence the realization of your plans. Not only the realization but also the results you will achieve in implementing the specific plan. Because of that, you need to look at these factors through the prism of the risk if you want to implement an appropriate management process while implementing your business plan.

By conducting a thorough risk analysis, you can manage risks by identifying potential threats and uncertainties that could impact your business. From market fluctuations and regulatory changes to competitive pressures and technological disruptions, no risk will go unnoticed. With these insights, you can develop contingency plans and implement risk mitigation strategies to safeguard your business’s interests.

This guide will provide practical tips and real-life examples to illustrate the importance of proper risk analysis. Whether you’re a startup founder preparing a business plan or a seasoned entrepreneur looking to reassess your risk management approach, this guide will equip you with the knowledge and tools to navigate the complex landscape of business risks.

Why is Risk Analysis Important for Business Planning?

Risk analysis is essential to business planning as it allows you to proactively identify and assess potential risks that could impact your business objectives. When you conduct a comprehensive risk analysis, you can gain a deeper understanding of the threats your business may face and can take proactive measures to mitigate them.

One of the key benefits of risk analysis is that it enables you to prioritize risks based on their potential impact and likelihood of occurrence . This helps you allocate resources effectively and develop contingency plans that address the most critical risks.

Additionally, risk analysis allows you to identify opportunities that may arise from certain risks , enabling you to capitalize on them and gain a competitive advantage.

It is important to adopt a systematic approach to effectively analyze risks in your business plan. This involves identifying risks across various market, operational, financial, and legal areas. By considering risks from multiple perspectives, you can develop a holistic understanding of your business’s potential challenges.

What is a Risk for Your Small Business?

In dictionaries, the risk is usually defined as:

The possibility of dangerous or bad consequences becomes true .

When it comes to businesses,  entrepreneurs , or in this case, the business planning process, it is possible that some aspects of the business plan will not be implemented as planned. Such a situation could have dangerous or harmful consequences for your small business.

It is simple. If you don’t implement something you have in your business plan, there will be some negative consequences for your small business.

Here is how you can  write the business plan in 30 steps .

Types of Risks in Business Planning

When conducting a business risk assessment for your business plan, it is essential to consider various types of risks that could impact your venture. Here are some common types of risks to be aware of:

1. Market risks

These risks arise from fluctuations in the market, including changes in consumer preferences, economic conditions, and industry trends. Market risks can impact your business’s demand, pricing, and market share.

2. Operational risk

Operational risk is associated with internal processes, systems, and human resources. These risks include equipment failure, supply chain disruptions, employee errors, and regulatory compliance issues.

3. Financial risks

Financial risks pertain to managing financial resources and include factors such as cash flow volatility, debt levels, currency fluctuations, and interest rate changes.

4. Legal and regulatory risks

Legal and regulatory risks arise from changes in laws, regulations, and compliance requirements. Failure to comply with legal and regulatory obligations can result in penalties, lawsuits, and reputational damage.

5. Technological risks

Technological risks arise from rapid technological advancements and the potential disruptions they can cause your business. These risks include cybersecurity threats, data breaches, and outdated technology infrastructure.

Basic Characteristics of Risk

Before you start with the development of your small  business risk  management process, you will need to know and consider the essential characteristics of the possible risk for your company.

What are the basic characteristics of a possible risk?

The risk for your company is partially unknown.

Your  entrepreneurial work  will be too easy if it is easy to predict possible risks for your company. The biggest problem is that the risk is partially unknown. Here we are talking about the future, and we want to prepare for that future. So, the risk is partially unknown because it will possibly appear in the future, not now.

The risk to your business will change over time.

Because your businesses operate in a highly dynamic environment, you cannot expect it to be something like the default. You cannot expect the risk to always exist in the same shape, form, or consequence for your company.

You can predict the risk.

It is something that, if we want, we can predict through a  systematic process . You can easily predict the risk if you install an appropriate risk management process in your small business.

The risk can and should be managed.

You can always focus your resources on eliminating or reducing risk in the areas expected to appear.

Risk Management Process You Should Implement

The risk management process cannot be seen as static in your company. Instead of that, it must be seen as an interactive process in which information will continuously be updated and analyzed. You and your small business members will act on them, and you will review all risk elements in a specified period.

Adopting a systematic approach to identifying and assessing risks in your business plan is crucial. Here are some steps to consider:

1. Risk Identification

First, you must identify risk areas . Ask and respond to the following questions:

• What are my company’s most significant risks?
• What are the risk types I will need to follow?

In business, identifying risk areas is the process of pinpointing potential threats or hazards that could negatively impact your business’s ability to conduct operations, achieve business objectives, or fulfill strategic goals.

Just as meteorologists use data to predict potential storms and help us prepare, you can use risk identification to foresee possible challenges and create plans to deal with them.

Risk can arise from various sources, such as financial uncertainty, legal liabilities, strategic management errors, accidents, natural disasters, and even pandemic situations. Natural disasters can not be predicted or avoided, but you can prepare if they appear.

For example, a retail business might identify risks like fluctuating market trends, supply chain disruptions, cybersecurity threats, or changes in consumer behavior. As you can see, the main risk areas are related to types of risk: market, financial, operational, legal and regulatory, and technological risks.

You can also use business model elements to start with something concrete:

• Value proposition,
• Customers ,
• Customers relationships ,
• Distribution channels,
• Key resources and
• Key partners.

It is not necessarily that there will be risk in all areas and that the risk will be with the same intensity for all areas. So, based on your business environment, the industry in which your business operates, and the business model, you will need to determine in which of these areas there is a possible risk.

Also, you must stay informed about external factors impacting your business, such as industry trends, economic conditions, and regulatory changes. This will help you identify emerging risks and adapt your risk management strategies accordingly.

The idea for this step is to create a table where you will have identified potential risks in each important area of your business.

2. Risk Profiling

Conduct a detailed analysis of each identified risk, including its potential impact on your business objectives and the likelihood of occurrence. This will help you develop a comprehensive understanding of the risks you face.

Qualitative Risk Analysis

The qualitative risk analysis process involves assessing and prioritizing risks based on ranking or scoring systems to classify risks into low, medium, or high categories. For this analysis, you can use customer surveys or interviews.

Qualitative risk analysis is quick, straightforward, and doesn’t require specialized statistical knowledge to conduct a business risk assessment. The main negative side is its subjectivity, as it relies heavily on thinking about something or expert judgment.

This method is best suited for initial risk assessments or when there is insufficient quantitative analysis data .

For example, if we consider the previously identified risk of a sudden shift in consumer preferences, a qualitative analysis might rate its likelihood as 7 out of 10 and its impact as 8 out of 10, placing it in the high-priority quadrant of our risk matrix. But, qualitative analysis can also use surveys and interviews where you can ask open questions and use the qualitative research process to make this scaling. This is much better because you want to lower the subjectivism level when doing business risk assessment.

Quantitative Risk Analysis

On the other side, the quantitative risk analysis method involves numerical and statistical techniques to estimate the probability and potential impact of risks. It provides more objective and detailed information about risks.

Quantitative risk analysis can provide specific, data-driven insights, making it easier to make informed decisions and allocate resources effectively. The negative side of this method is that it can be time-consuming, complex, and requires sufficient data.

You can use this approachfor more complex projects or when you need precise data to inform decisions, especially after a qualitative analysis has identified high-priority risks.

For example , for the risk of currency exchange rate fluctuations, a quantitative analysis might involve analyzing historical exchange rate data to calculate the probability of a significant fluctuation and then using your financial data to estimate the potential monetary impact.

Both methods play crucial roles in effectively managing risks. Qualitative risk analysis helps to identify and prioritize risks quickly, while quantitative analysis provides detailed insights for informed decision-making.

3. Business Risk Assessment Matrix

Once you have identified potential risks and analyzed their likelihood and potential impact, you can create a business risk assessment matrix to evaluate each risk’s likelihood and impact. This matrix will help you prioritize risks and allocate resources accordingly.

A business risk assessment matrix, sometimes called a probability and impact matrix, is a tool you can use to assess and prioritize different types of risks based on their likelihood (probability) and potential damage (impact). Here’s a step-by-step process to create one:

• Step 1: Begin by listing out your risks . For our example, let’s consider four of the risks we identified earlier: a sudden shift in consumer preferences (Market Risk), currency exchange rate fluctuations (Financial Risk), an increase in the minimum wage (Legal), and cybersecurity threats (Technological Risk).
• Step 2: Determine the likelihood of each risk occurring . In the process of risk profiling, we’ve determined that a sudden shift in consumer preferences is highly likely, currency exchange rate fluctuations are moderately likely, an increase in the minimum wage, and cybersecurity threats are less likely but still possible.
• Step 3: Assess the potential impact of each risk on your business if it were to occur . In our example, we might find that a sudden shift in consumer preferences could have a high impact, currency exchange rate fluctuations a moderate impact, an increase in minimum wage minor impact, and cybersecurity threats a high impact.
• Step 4: Plot these risks on your risk matrix . The vertical axis represents the likelihood (high to low), and the horizontal axis represents the consequences (high to low).

By visualizing these risks in a risk assessment matrix format, you can more easily identify which risks require immediate attention and which ones might need long-term strategies.

4. Develop Risk Indicators for Each Risk You Have Identified

The question is, how will you measure the business risks for your company?

Risk indicators are metrics used to measure and predict potential threats to your business. Simply, a risk indicator is a measure that should tell you whether the risk appears or not in a particular area you have defined previously. They act like a business’s early warning system. When these indicators change, it’s a signal that the risk level may be increasing.

For example, for distribution channels, an indicator can be a delay in delivery for a minimum of three days. This indicator will tell you something is wrong with that channel, and you must respond appropriately.

Now, let’s consider some risk indicators for the risks we have already identified and analyzed:

If you conduct all the steps until now, you can have a similar table with risk indicators in your business plan. You should monitor these indicators regularly, and if you notice a significant change, such as a drop in sales or an increase in attempted breaches, it’s time to investigate and take some action steps. This might involve updating your product line, hedging against currency risk, budgeting for higher wages, or improving your cybersecurity measures.

Remember, risk indicators can’t predict the future with certainty. But they can give you valuable insights that can help you prepare for potential threats.

5. Define Possible Action Steps

The question is, what can you do regarding the risk if the risk indicator tells you that there is a potential risk?

Once the risk has appeared and is located, it is time to take concrete action steps. The goals of this step are not only to reduce or eliminate the impact of the risk for your company but also to prevent them in the future and reduce or eliminate their influence on the business operations or the execution of your business plan.

For example, for distribution channels with delivery delayed more than three days, possible activities can be the following:

• Apologizing to the customers for the delay,
• Determining the reasons for the delay,
• Analysis of the reasons,
• Removing the reasons,
• Consideration of alternative distribution channels, etc.

In this part of the business plan for each risk area and indicator, try to standardize all possible actions. You can not expect that they will be final. But, you can cover some basic guidelines that must be implemented if the risk appears. Here is an example of how this part will look in your business plan related to risks we have already identified through the risk assessment process.

6. Monitoring

Because this risk management process is dynamic , you must apply the monitoring process. In such a way, you can ensure the elimination of a specific kind of risk in the future, and you will allocate your resources to new possible risks.

After implementing the actions, you need to ask yourself the following questions:

• Are the actions taken regarding the risk the proper measures?
• Can you improve something regarding the risk management process? Is there a need for new risk indicators?

Techniques and Tools for Business Plan Risk Assessment

Various risk analysis methods, techniques, and tools are available to conduct an effective risk analysis for your business plan. Here are some commonly used ones:

1. SWOT analysis

A SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis can help you identify internal strengths and weaknesses and external opportunities and threats. This analysis provides valuable insights into possible business risks and opportunities.

2. PESTEL analysis

A PESTEL (Political, Economic, Sociocultural, Technological, Environmental, Legal) analysis assesses the external factors that could impact your business. This analysis will help you identify risks and opportunities arising from these factors.

3. Scenario analysis

Consider different scenarios that could impact your business, such as best-case, worst-case, and most likely scenarios, as a part of your risk assessment process. You can anticipate potential risks and develop appropriate response strategies by analyzing these scenarios.

4. Monte Carlo simulation

Monte Carlo simulation uses random sampling and probability distributions to model various scenarios and assess their potential impact on your business. This technique provides you with a more accurate understanding of risk exposure.

5. Risk register

A risk register is a risk analysis tool that helps you record and track identified risks and their relevant details, such as impact, likelihood, mitigation strategies, and responsible parties. This tool ensures that risks are appropriately managed and monitored.

6. Business Impact Analysis (BIA)

Business impact analysis helps you understand the potential effects of various disruptions on your business operations and objectives. It’s about identifying what could go wrong and understanding how it could impact your bottom line. So, you can conduct business impact analysis as a part of your risk assessment inside your business plan.

7. Failure Mode and Effects Analysis (FMEA)

Using FMEA in your risk assessment process, you can proactively address potential problems, ensuring your business operations run as smoothly as you planned. It’s all about preparing for the worst while striving for the best.

8. Risk-Benefit Analysis (RBA)

The risk-benefit analysis allows you to make informed decisions, balancing the potential for gain against the potential for loss. It helps you choose the best path, even when the way forward isn’t entirely clear. This tool is a systematic approach to understanding the specific business risk and benefits associated with a decision, process, or project.

9. Cost-Benefit Analysis

By conducting a cost-benefit analysis as a part of your risk assessments, you can make data-driven decisions that consider both the possible risks (costs) and rewards (benefits). This approach provides a clear picture of the potential return on investment, enabling more effective and confident decision-making.

These techniques and tools allow you to conduct a comprehensive risk analysis for your business plan.

Mitigating and Managing Risks in a Business Plan

Identifying risks in your business plan is only the first step. To ensure the success of your venture, it is crucial to develop effective risk mitigation and management strategies. Here are some critical steps to consider:

• Risk avoidance : Some risks may be too high to justify taking. In such cases, consider avoiding these risks altogether by adjusting your business plan or exploring alternative strategies.
• Risk transfer : Transferring risks to third parties, such as insurance companies or outsourcing partners, can help mitigate their impact on your business. Evaluate opportunities for risk transfer and consider appropriate insurance coverage.
• Risk reduction : Implement measures to reduce the likelihood and impact of identified risks. This may involve improving internal processes, implementing safety protocols, or diversifying your supplier base .
• Risk acceptance : Some risks may be unavoidable or negatively impact your business. In such cases, accepting the risks and developing contingency plans can help minimize their impact.

In conclusion, a comprehensive risk analysis is essential for identifying, assessing, and managing different types of risk that could impact your success.

Conducting a thorough risk analysis can safeguard your business’s interests, capitalize on opportunities, and increase your chances of long-term success.

Related Posts

How to Write a Business Plan in 36 Steps

Risk Tolerance in Entrepreneurship: A Guide to Successful Business

Business Goals Questions to Develop SMART Goals

Risk Management Guide: Everything You Need to Know About Business Risk

Start typing and press enter to search.

• SUGGESTED TOPICS
• The Magazine
• Newsletters
• Managing Yourself
• Managing Teams
• Work-life Balance
• The Big Idea
• Data & Visuals
• Reading Lists
• Case Selections
• HBR Learning
• Topic Feeds
• Account Settings
• Email Preferences

Managing Risks: A New Framework

• Robert S. Kaplan
• Anette Mikes

Risk management is too often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. But rules-based risk management will not diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did not prevent the failure of many financial institutions during the 2007–2008 credit crisis.

In this article, Robert S. Kaplan and Anette Mikes present a categorization of risk that allows executives to understand the qualitative distinctions between the types of risks that organizations face. Preventable risks, arising from within the organization, are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, unethical, or inappropriate actions and the risks from breakdowns in routine operational processes. Strategy risks are those a company voluntarily assumes in order to generate superior returns from its strategy. External risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. Risk events from any category can be fatal to a company’s strategy and even to its survival.

Companies should tailor their risk management processes to these different risk categories. A rules-based approach is effective for managing preventable risks, whereas strategy risks require a fundamentally different approach based on open and explicit risk discussions. To anticipate and mitigate the impact of major external risks, companies can call on tools such as war-gaming and scenario analysis.

Smart companies match their approach to the nature of the threats they face.

Editors’ note: Since this issue of HBR went to press, JP Morgan, whose risk management practices are highlighted in this article, revealed significant trading losses at one of its units. The authors provide their commentary on this turn of events in their contribution to HBR’s Insight Center on Managing Risky Behavior.

• Robert S. Kaplan is a senior fellow and the Marvin Bower Professor of Leadership Development emeritus at Harvard Business School. He coauthored the McKinsey Award–winning HBR article “ Accounting for Climate Change ” (November–December 2021).
• Anette Mikes is a fellow at Hertford College, Oxford University, and an associate professor at Oxford’s Saïd Business School.

Partner Center

The New Equation

Executive leadership hub - What’s important to the C-suite?

Tech Effect

Shared success benefits

Loading Results

No Match Found

PwC Pulse Survey: Managing business risks

Read time: 10 minutes

of executives are focusing business strategy on growth

Cyber #1 business risk, with 40% citing it as a serious risk

are changing processes to address labor shortages

In our second Pulse Survey of 2022, business leaders point to a wide range of challenges in the current environment, even as they take proactive steps to respond.

Key findings include:

• Business leaders are cautiously optimistic about their future prospects. More than four-fifths (83%) are focusing the business strategy on growth — more than any other objective. And only 30% see recession as a serious risk.
• Executives cite acquiring and retaining talent as a serious risk. Yet even as companies fret about human capital, in particular the need for people with the skills to help them grow, they’re taking steps to streamline the workforce.
• Cyber is the No. 1 business risk, with 40% of all respondents listing more frequent and/or broader cyber attacks as a serious risk (and another 38% calling it a moderate risk). Cyber threats are no longer solely the domain of the CISO.
• While companies continue to invest in many areas of the business, they’re scaling back the most in real estate and capex. After two years of remote work, many companies simply need less space, and they’re allocating capital accordingly.
• As the yardstick for company performance expands beyond financial metrics, companies have an imperative to build trust and transparency among their stakeholders. Almost two thirds (65%) of executives tell us they’re focused on developing or refining their trust strategy.
• Tested by the pandemic, business executives are now more prepared for the future, and 69% of respondents say that they’re referring to a lessons-learned playbook developed out of COVID-19.

Cautious optimism

Despite a wide range of business risks and mixed economic signals, companies remain focused on growth.

of companies are focusing their business strategy on growth, more than any other objective.

Business executives are cautiously optimistic despite a challenging business environment

Executives cite a long list of business issues as serious risks to their companies. Cyber tops the list, with 40% citing more frequent and/or broader cyber risks as a serious risk.  Talent  acquisition and retention (38%) and rising production costs (34%) are close behind.

Among the less-frequently-cited risks were geopolitical factors like US-China relations (27% of respondents consider this a serious risk), a prolonged conflict in Ukraine (22%) and US societal unrest (17%). Recession was also well down on the list of business risks (only 30% consider it a serious risk, despite 60% of executives saying a recession is likely in the next year).

This comes as some economic data indicates signs of improvement. The  unemployment rate , for instance, edged down to 3.5%.  Inflation , while still high, showed some signs of stabilizing in July. This slight shift is also reflected in our survey, with 62% of executives now saying it's likely that inflation will remain elevated for the next 12 months, down from 69% in January. As a result, executives may be shifting from an active concern about the business environment to focusing on growth. Climate change was also low (23% consider it a serious risk), even with the growing emphasis on  environmental sustainability  at most companies.

Despite these risks, business leaders see bright spots. When asked how they are responding to the current business environment, 83% say they’re focusing their business strategy on growth. This is somewhat surprising given the mixed signals in the economy right now, including rising interest rates and slowing economic growth. After more than two years dealing with uncertainty related to the pandemic, business leaders recognize the urgent need to focus on growth in order to compete, and they’re zeroing in on what they can control.

With growth in mind, executives are exploring both acquisitions and increases in internal investment. Seventy percent tell us they’re considering an acquisition as a result of the current business environment. Internally, they’re increasing investments in digital transformation (53%), IT (52%), cybersecurity and privacy (49%) and customer experience (48%). Many of these investment areas can help improve efficiency and scalability and introduce new technology to boost productivity as companies continue to deal with talent shortages.

What your company can do

• Lean into growth even amid uncertainty. Focusing on your growth agenda will be key to competing. Pay close attention to the changes and trends that may impact your business and assess which ones you can plan for. Success is more than solely managing costs and risks. For example, you may need to change products, services or pricing — all of which drive growth.
• Take a hard look at all parts of your portfolio and where you can optimize. Position it to drive both operational excellence and growth. 
• Consider whether an acquisition would help you get the talent you need. The recent rise in interest rates has slowed deal activity, but dealmaking should always be an option — and some prices have come down.
• Don’t try to do too many things. Focus on the areas that free up the most dollars with the least amount of pain. Then look for value creation opportunities for your investments. Rather than expanding your investments in digital technologies broadly, for example, focus on those that drive productivity.

Despite concerns about their ability to hire and retain the right talent, some companies are starting to streamline their workforce.

of respondents are reducing their overall headcount, even as business leaders remain concerned about hiring and retaining talent.

Walking a tightrope on talent

Nearly two-thirds of businesses (63%) have changed or are planning to change processes to address labor shortages, up from 56% in January 2022 . Ironically, as businesses pivot even more toward automation, it’s critical to find employees with the right combination of deep functional knowledge and technology know-how. Without the right talent, automations can fail to deliver on promised efficiencies and increase operational risk.

Finding the right talent continues to be a challenge for business leaders. Talent acquisition came in second as a risk behind cyber, with 38% of respondents citing it as a serious risk. Companies continue to look for and attract new talent in creative ways, including:

Expanding remote work options for roles that allow: A large majority (70%) of respondents say they have either implemented this or have a plan in place. 

Pursuing acquisitions to gain access to talent: About half (52%) of executives say they’re considering an acquisition to gain access to needed talent.

Customizing their HR strategy by employee type: 59% either have a plan to do this or have implemented one.

At the same time, respondents are also taking proactive steps to streamline the workforce and establish the appropriate mix of worker skills for the future. This comes as no surprise. After a frenzy of hiring and a tight labor market over the past few years, executives see the distinction between having people and having people with the right skills. For example, 50% of all respondents are reducing their overall headcount, 46% are dropping or reducing signing bonuses and 44% are rescinding offers.

We see these precautionary actions more in certain industries. Consumer markets and technology, media and telecommunications companies, for example, are more likely to invest in automation to address labor shortages. At the same time, healthcare is seeing bigger talent challenges than other industries and is more focused on rehiring employees who have recently left.

Analyze your strategic workforce needs to understand both the skills and capabilities required today as well as those that will be needed to execute your company’s future strategic initiatives. Customize your HR strategy based on the employee type you need to grow.

For each component of your people experience (e.g., recruiting and performance management), consider what changes you might need to make to drive the right culture, experience and outcomes.

Use performance management tools that use data to assess how employees and managers are doing — especially given the shift to hybrid work where in-person oversight is less common.

Conduct periodic culture assessments to help assess and create an inclusive environment even as the talent profile of the organization changes. In particular, avoid a “two-tiered” organization in which in-person and remote workers are treated differently. Balance your automation efforts with both your talent needs and what you want your company culture to be.

Cybersecurity and threats

Growing cyber threats and a greater reliance on data in business models mean that cybersecurity is now a central responsibility for the entire C-suite and board.

of executives cite cyber attacks as a serious risk — the top business risk companies are facing

Cybersecurity is now on the agenda of the entire C-suite

Cybersecurity is becoming an enterprisewide issue, beyond the CISO’s office. Cyber attacks top the list of business risks, with 40% of all respondents listing it as a serious risk (and another 38% citing it as a moderate risk). Virtually all roles ranked cyber attacks high on their list of risks, including tax leaders (with 47% citing it as a serious risk), CFOs (44%) and CMOs (41%).

An even bigger signal of the growing concern around cyber is that 51% of board members cited it as a serious risk (and another 35% as a moderate risk) — more than any other category of business leader. In March 2022, the SEC proposed to enhance and standardize cybersecurity disclosures , requiring that the registrant’s board of directors oversee cybersecurity risk. The proposal would also require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise. As a result, board members are becoming increasingly attuned to cyber threats and their role in overseeing cybersecurity risk management.

Cybersecurity — including the related realms of privacy and data protection — is also becoming a growing policy concern of business leaders. Not surprisingly, 84% say they’re either monitoring closely or taking action on potential regulatory changes. 

The importance of cyber reflects two things. First, virtually all companies are now digital companies, with a heavy reliance on data and analytics and a growing reliance on mobile and cloud. Second, cyber threats continue to grow and become more sophisticated.

View cybersecurity as a broad business concern and not just an IT issue. Build cybersecurity and data privacy into agendas across the C-suite and board. Increase investment to improve security . 

Educate your employees on effective cybersecurity practices. 

For each new business initiative or transformation, make sure there’s a cyber plan in place.

Use data and intelligence to regularly measure your cyber risks. Proactively look for blind spots in your third-party relationships and supply chains.

Investment changes reflect new ways of working

Investments in real estate are declining more than any other area of the business — likely a response to hybrid and remote work.

of companies are scaling back their investment in real estate, more than any other business area.

Companies rethink their investments

As the trend for hybrid and remote work continues, companies are reassessing their physical office footprint with some deciding that less is more. Most (70%) have either expanded or have plans to expand permanent remote work options for job roles that allow. In fact, 42% have already implemented such measures — up from 30% in our January Pulse survey .

Only 31% of respondents plan to increase their investment in real estate, and 22% plan to decrease their investment (a higher decrease than any other investment area). Financial services and health industries are leading the way, with 30% and 29%, respectively, decreasing investments in real estate. Similarly, 15% of overall respondents say they will decrease their investment in facilities and general capex over the next 12 months. When a large swath of workers is no longer in the office on a regular basis, companies can significantly downscale their physical footprint.

On the other hand, executives are making investments in areas that will help drive growth. About half are increasing investments in digital transformation (53%), IT (52%) and cybersecurity and privacy (49%). Forty-eight percent are increasing investment in customer experience and 40% are putting more dollars toward research and development.

Align your investment plan with your company’s strategic direction. Make multi-year investments to drive both short- and long-term outcomes.

Embed clear return on investment expectations in the budget for every investment you make. Disciplined leaders are taking a very honest look at every part of their business.

Determine where your company wants to go with ways of working and how to most effectively optimize your talent, real estate and technology strategies to enable that plan.

As businesses grapple with risk and uncertainty, building and maintaining trust is key.

of respondents say they are focused on developing and/or refining their trust strategy.

The trust imperative

Trust is increasingly becoming a source of competitive advantage for companies that treat it as such — and a point of failure for companies that don’t. In our current survey, 42% of executives say businesses will be the most trusted entity in the next 12 months — up from 39% in January 2022. Executives are doubling down, with 65% saying they’re focused on developing and/or refining their trust strategy. 

As the yardstick for company performance expands beyond financial metrics, companies have an imperative to  build trust and transparency  among different stakeholder groups — employees, customers, suppliers, regulators and the communities in which they operate. This includes both doing the right things and communicating clearly on topics such as reporting and tax transparency.

One third (32%) of business executives tell us they’re very agile when changing business strategy to address stakeholder demands for transparency. That may not seem high in absolute terms, but it was second-highest among all responses regarding agility. 

As companies respond to an ever-shifting landscape of  risks , challenges and even crises, trust creates a multiplier effect — both positive and negative. Organizations that have cultivated trust as an asset and built up a reservoir of goodwill have more latitude in their response. Conversely, companies with a deficiency of trust make challenges that much tougher on themselves.

Identify the areas of your business that most significantly determine your ability to build (or lose) trust, including cybersecurity, supply chain and communications. Work with your teams to embed trust in those processes.

Trust can’t be limited to certain functions or business units. It needs to be an integral part of your organization’s DNA. 

Educate your leadership teams on their role in building trust and identifying areas where trust can be impaired. Senior executives should be consistent in aligning words to actions. Be visible and transparent with all stakeholders about your company’s plans for the future. If you’re considering actions such as rescinding offers, for instance, make sure you’re paying close attention to the potential impact on your reputation as an employer.

Create or refine your stakeholder plan, including your communication cadence for bringing each stakeholder along on your strategic journey. It’s critical to help your stakeholders understand the why. Set up listening channels to understand how stakeholders feel about your organization.

Pandemic lessons learned

Executives should take the time to reflect on their experiences of the past few years.

of respondents say they’re referring to a lessons-learned playbook developed out of COVID-19.

Tested by the pandemic, business executives feel more prepared for the future

If there’s a bright spot to the upheavals we’ve been experiencing over the past several years, it’s that companies and their leaders have become far more agile in how they respond. By the time executives could implement the changes they had scrambled to develop, something else would shift, causing the need for more changes. This time compression is forcing faster response times and, as a result, three- to five-year strategies can no longer be the go-to.

For manufacturers and other types of companies with long supply chains, many pivoted away from global just-in-time manufacturing after experiencing critical shortages due to production issues. Problem is, the processes were developed and used over decades because they were incredibly cost efficient. Smart executives are now reflecting on which investments made in response to the pandemic should be kept and which should be wound down.

Risks are also now more interconnected as well. The following examples highlight how business changes can result in new risks:

While heroic shifts to remote work happened overnight in early 2020, cybersecurity risks soared as employees were logging in from home. 

We’re now seeing companies settle on hybrid work models, with some employees working remotely all the time, some splitting their time between home and office and others working exclusively on-site. While this leads to added flexibility and allows companies to hire from a larger pool of employees, it also creates the potential for inequitable treatment of remote workers compared to in-office workers. In fact, 29% of CHROs say that finding a balance between in-office, remote and hybrid work will present a top-3 workforce-related concern for the next 12 months.

As companies continue to automate processes due to labor shortages, many are finding that they don’t have the talent they need. Without the right talent, automations can fail to deliver on promised efficiencies and increase operational risk.

• Conduct a lessons-learned exercise to explore how your company fared over the past few years. Do a gut check on any of the countermeasures you took as a result of the pandemic. Consider all aspects of your business, from supply chain to management to people to tax to systems. Make sure you involve the right people.
• Collaborate closely across the leadership team as you develop go-forward plans. Aligned leadership teams that connect dots are critical to driving effective execution. 
• Consider business partners and the idea of an ecosystem mentality. Business partners can help free up resources.
• Revisit the models that your company uses to drive decisions. Many models do not include consideration of new risks that can materially impact your business. For example, how will increasing political polarization impact your revenue goals? Bring all voices to the table to help develop new ideas and ways to drive growth and build trust.

This won’t be the last unusual business experience you face. Avoid the temptation to rush to consider how to emerge stronger.

Sector implications

• Health industries
• Financial services
• Industrial products
• Consumer markets
• Tech, media, telecom
• Energy and utilities
• Private companies

Health executives see cyber attacks, supply chain, tax policy as top business risks

Cyber attacks top the list of risks for health industries. Forty-three percent of health industries executives cite cyber attacks as a serious risk to their organization, compared to 40% of respondents overall. Amid the rising threat of data breaches, ransomware attacks and leaking of sensitive patient data, companies increasingly are using technology in real-time detection and defense. Almost one quarter of health industry executives tell us they’re already seeing  benefits from using artificial intelligence  in cyber defense.

These executives also rank supply chain disruptions and tax policy as more serious business risks than other sector leaders, with 41% citing these risks compared to 34% and 28% of other respondents, respectively. Pharmaceutical and life sciences companies in particular should develop strategies to prepare for the tax implications of the Inflation Reduction Act, which contains provisions aimed at  lowering the cost of prescription drugs and health insurance .

Rising production costs (37%) and talent acquisition and retention (31%) rounded out the top five most serious business risks for health industries. Our January 2022  PwC Pulse Survey  found health industry executives already grappling with staffing shortages and the risks COVID-19 variants pose to growth. We expect payer, provider and pharmaceutical and life sciences executives to continue preparing for those risks, along with the potential for recession as we move further into the inflation cycle.

Looking ahead to the next 12 months, health industries leaders are increasing their investments in IT (59%), digital transformation (57%) and cybersecurity and privacy (57%). Those are smart investments as  digitally connected health ecosystems  emerge for health services organizations and  pharmaceutical and life sciences companies use digital technologies  to become more consumer-centric. Health industries respondents are also more likely to say that they’re increasing investments in R&D and innovation in the next 12 months (51% versus 40% overall).

Awaiting a recession, FS leaders still seek talent

Financial services (FS) respondents are more bearish on the economy than their counterparts in other industries. Seventy percent tell us they think a recession is likely in the next 12 months, compared to 60% overall. Moreover, a full third (33%) of FS respondents — tied with respondents in industrial products — consider recession a serious risk, the highest among all industries. Despite these concerns, FS executives say they’ll continue investing in certain key areas over the next year. Sixty percent plan to increase spending on digital transformation (compared to 53% overall) and 56% say they’ll raise expenditures on customer experience (versus 48% overall). 

FS respondents also see talent acquisition and retention as a potentially bigger pitfall than anyone else. Forty-four percent say it’s a serious risk (versus 38% overall). In response, the sector is among the most likely to offer flexible work options, with 68% saying they’ve expanded remote work choice where possible or plan to do so, and only 27% say they’ve implemented a plan for having employees on-site more often (compared to 32% overall). In addition, FS is least likely to reduce headcount, with 36% of respondents saying they have no plans to do so. Perhaps as a result of these workforce policies, 30% of FS executives say they plan to cut investments in real estate over the next year, the most in any industry.

Interestingly, and in contrast to the above, only 38% of FS respondents indicate their companies will increase investments in the workforce, the lowest figure among all industries. Also of note, 31% of FS respondents, eight percentage points more than the average, report that their companies have no plans to make acquisitions to acquire talent. This indicates that most of them will make do with existing investments and develop needed skills on their own.

For US manufacturers, inflation, supply chain woes beg greater agility

While industrial products (IP) sector leaders still grapple with supply chain disruptions and labor shortages, they’re also being hit by the double-whammy of inflation and the specter of a recession, making agility ever more important. Due to these and other pressures on the sector, US manufacturing output contracted in both May and June. However, looking ahead, the  Inflation Reduction Act  and the  CHIPS and Science Act  may have important, positive implications.

Nearly three in four sector leaders (73%) cite rising production costs (e.g., wages, materials, energy, inventory) as posing a “moderate or serious” risk to their business. As a result, even more leaders (77%) say they’re increasing prices for products and services. Meanwhile, most IP executives (57%) report that their businesses are  streamlining their product portfolios  in the face of the challenging current environment presumably in order to protect shrinking margins.

The sector continues to be beleaguered by supply chain woes, with 71% saying they pose either a moderate or serious risk to their business. Still, yet, nearly as many, (75%) report that they’re  improving supply chain resiliency . Looking ahead, 45% of sector leaders believe that supply chain disruptions will ease in the next year.

Workforce issues, too, are still a pain point, with 77% of respondents agreeing that problems surrounding talent acquisition and retention pose risks to their business. IP executives are expanding permanent remote work options for roles that allow for it (64%) and increased compensation for existing employees (retention bonuses, off-cycle raises). Despite the challenging workforce environment, most IP leaders (69%) describe their businesses as “very or moderately” agile in responding to the shifts in the workforce and in attracting talent. Efforts underway may be paying dividends, as  payrolls in US manufacturing  rose unexpectedly by 30,000 jobs in July 2022.

Given the recent spike in cyber attacks on the industry , 75% of IP executives say that more frequent and/or broader attacks are either a moderate or serious risk to their companies. A vast majority (82%) say they’re taking action or closely monitoring policy around cybersecurity, privacy and data protection, and 76% are revising or enhancing their cyber risk management. Most IP sector leaders (73%) describe their companies as “very or moderately” agile in the changing cyber environment.

Investing for the future in uncertain times

Consumer-facing companies are more likely than their peers to expect a dip in earnings in 2022 due to a confluence of business risks ranging from supply chain issues and inflation to geopolitical concerns and residual COVID-19 considerations. 

In response, nearly two-thirds (65%) of consumer markets (CM) leaders have cut earnings forecasts (versus 58% for all sectors), 62% are reducing prices (versus 50% overall) and 58% (versus 52%) have either instituted hiring freezes or plan to do so. 

Close to half of CM leaders (44%) tell us supply chain disruptions pose a serious risk to their business (versus 34% for all sectors). Most (77%) plan to  digitize their supply chains  for resilience and flexibility. Rising production costs are also top of mind as is the role of inflation in depressing consumer demand. 

As consumers focus on necessities such as food and gas, CM executives are contending with unsold inventory and increasingly scarce warehouse space. Meanwhile, longer lead times stemming from supply chain disruption have further complicated the balance of supply and demand, exacerbating already  shifting consumer preferences . 

Despite these headwinds, CM companies are charting future moves. Almost 60% report increasing investments in both tech and digital transformation. CM leaders also expect to invest more in operations (51% versus 41% overall), R&D (48% versus 40%) and ESG initiatives (52% versus 45%). 

Their focus on tech-enabled innovation acknowledges that consumers  reward companies  for a seamless, one-of-kind customer experience with a business they can  trust  and whose values they identify with. To that end, CM leaders are closely monitoring policy developments in cybersecurity, data protection and privacy. 

Most CM companies (71%) are expanding permanent remote work opportunities, as roles allow, and 70% (versus 63% overall) are introducing automation to address labor shortages. Meanwhile, 68% (versus 59% overall) are customizing their HR strategy to meet employee needs in various roles. CM leaders’ commitment to growth signals their vision of an agenda for the future that they can navigate, regardless of current uncertainty and unforeseen disruptions.

Talent in flux: Preparing for growth as recession risk rises

The talent paradox is real. Forty percent of the technology, media and telecommunications (TMT) leaders who responded to our Pulse Survey ranked talent acquisition and retention as a serious risk to their companies. Yet TMT leaders were more likely than their peers to reduce employee headcount (58%), implement hiring freezes (58%), lower or eliminate signing bonuses (57%) or rescind job offers (49%).

The Pulse Survey comes as TMT companies recalibrate following a pendulum swing from pandemic boom to economic slowdown. But even as inflation and recession fears roil the markets, 88% of TMT leaders reported that they’re focusing their business strategies on growth. These findings dovetail with PwC’s recent  Global Entertainment & Media Outlook , which describes how priorities have shifted as the sector emerged transformed by a period of social upheaval. 

Identifying and capitalizing on growth alternatives may be essential to remaining competitive in today’s economic environment. Companies nimble enough to pivot to new growth opportunities may require a plan to cultivate talent well-suited to this moment. That may mean a smaller workforce, but one that’s more focused on new areas of development. Incentivizing current and recent employees may be key in this effort.

TMT companies were more likely to have increased compensation for existing employees (70% versus 64% overall). For roles that allow it, 81% of TMT leaders report that they have expanded or plan to expand remote work options (versus 70% for all sectors). They’re also more likely than their peers to encourage employees who recently left to return (58% versus 49% overall), potentially reducing the time necessary for onboarding and training.

Bold ambitions for energy and utilities in a world of amplified risks

Energy and utilities executives have  bold ambitions  for the future along with very real, present-day obligations. It’s a balancing act playing out amid a backdrop of emerging threats, economic uncertainty and rising costs as well as societal, political and regulatory pressures. Sector leaders feel the weight of this, citing cyber attacks, high US interest rates, supply chain disruptions, climate change, the US regulatory environment and tax policy changes as serious risks facing their companies. Notably, industry respondents rank these risks higher than executives overall.

The risks may feel amplified, and for good reason. Leaders are balancing the growing demand for net-zero sources of energy with the realities of today’s energy supply. Many cleaner energy initiatives hinge on the ability to procure solar panels and other materials including critical minerals. Meanwhile, new and evolving threats to grids, pipelines and energy infrastructure emerge daily.  

With the important task of protecting the nation’s energy supply, it’s increasingly important to make cybersecurity  everyone’s priority . Energy and utilities executives are aligned on the need to revise and enhance cyber risk management, naming it as the top action (84%) the industry is taking in response to today’s business environment. Executives are also looking to invest in cybersecurity, with 59% planning to increase investments in the next 12 months, the top area for investment. IT, digital transformation, customer experience and ESG round out the top five areas for investment.

Trust is top of mind for energy and utilities executives. At a level much higher than other industries, 63% of energy and utilities expect business to be the most trusted entity in the next 12 months. More than half (53%) plan to proactively become more transparent with all stakeholders. This includes taking action to address or monitor proposed  SEC climate disclosure rules , one of the top policy areas on their radars. The adoption of investor-grade climate and emissions reporting is one step in a bigger effort that’s underway. It also includes  operationalizing  ESG commitments, embedding ESG in business strategy and pursuing opportunities to lead the march toward a cleaner energy future.

Threats and talent top risks for private companies

Private companies are playing catch-up to public companies, as many delayed investments and deferred maintenance over the past few years. They’re also squarely focused on growth and the aspects of business that directly tie to the bottom line.

The vast majority of private company respondents tell us they’re both transforming business processes and revising/enhancing their cyber management (89% for both). Private companies are also increasing investments in several areas more so than other executives: IT (59% versus 52% overall), cyber (59% versus 49% overall) and digital transformation (57% versus 53% overall). Private company executives know that making investments in the right technologies and business processes will be essential to growth. 

Private companies are more concerned about talent acquisition and retention than public companies, with 61% of private company executives listing it as a serious risk (versus 38% overall). Private companies have traditionally found it harder to recruit top talent because they often don’t have the same access to capital, career development opportunities and brand recognition. 

Interestingly, private companies trail when it comes to raises for existing employees, with only 34% planning to increase compensation (versus 64% overall). On the other hand, only 20% of private company executives say they plan to — or have already — reduced headcount (versus 52% of public companies). Many private companies are outsourcing and using managed services more for non-core activities, which can help them focus on attracting key personnel for core activities.

Cyber tops the list of risks for both private and public companies. Fifty-seven percent of private companies mention more frequent and/or broader cyber threats as a serious risk (versus 39% of public companies). While cyber attacks are a risk for all businesses, public companies have spent years investing in security technologies and protocols. Private companies may not have the same resources, potentially leaving them more vulnerable to cyber attacks.

Private companies have a more pessimistic view of the economy, with 80% citing it likely that inflation will remain elevated (versus 62% overall) and 84% saying a recession is likely (versus 60% overall). The private sector typically feels the impact of both recession and recovery before the public sector. Still, nimble private companies that adjust their strategies quickly can take advantage of the opportunities that changes in the economic environment present.

Managing business risks: What’s top of mind in the C-suite?

About the survey.

Between August 1 and August 5, 2022, PwC surveyed 722 US executives including CFOs and finance leaders (13%), CHROs and human capital leaders (14%), tax leaders (13%), risk management leaders, including CROs, CAEs and CISOs (12%), COOs and operations leaders (12%), CIOs, CTOs and technology leaders (13%), CMOs and marketing leaders (13%) and corporate board directors (10%). Respondents were from public and private companies in six sectors: industrial products (24%), consumer markets (25%), financial services (22%), technology, media and telecom (14%), health industries (7%) and energy and utilities (4%). The Pulse Survey is conducted on a periodic basis to track the changing sentiment and priorities of business executives.

Download the chart pack Get access to the complete survey responses and data

Related content, pwc pulse survey: executive views on business in 2022.

Businesses are stymied by inflation, the pandemic and a talent shortage. The C-suite is uniting to prioritize investments that accelerate growth.

Upcoming and recent PwC tax webcasts

Register today to hear the latest insights from the world of tax.

2024 Tax Policy Outlook: Defining the choices ahead

The stakes rarely have been higher as business leaders seek to manage operations and plan investments in an environment of uncertain tax policy and tax changes....

2022 US Metaverse Survey

Learn what 6,000 business executives and consumers think about the metaverse in PwC’s inaugural survey. And find out what four areas to focus on to drive growth...

Thank you for your interest in PwC

We have received your information. Should you need to refer back to this submission in the future, please use reference number "refID" .

Required fields are marked with an asterisk( * )

Please correct the errors and send your information again.

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

• Data Privacy Framework
• Cookie info
• Terms and conditions
• Site provider
• Your Privacy Choices

How to Perform Business Risk Mitigation: Strategies, Types, and Best Practices

By Kate Eby | March 23, 2023

• Share on Facebook
• Share on LinkedIn

Link copied

Successful companies are always identifying, lessening, and eliminating business risks. We’ve gathered tips from industry experts on how they do this. We also provide risk assessment templates and step-by-step guidance on business risk mitigation.

Included on this page, you’ll find the main ways companies should respond to risks , best practices for business risk mitigation , a step-by-step process for performing good risk mitigation, and templates that can help guide you in assessing and dealing with business risks.

What Is Risk Mitigation?

Risks can pose a threat to a project or a business. Risk mitigation is the process of eliminating or lessening the impact of those risks. Teams can use risk mitigation in several ways to help protect a business.

Project leaders might use project risk management and mitigation to ensure the success of a specific project. Business leaders might use business risk mitigation — sometimes as part of overall enterprise risk management or enterprise risk assessment — to protect the long-term health of a company.

Why Is Risk Mitigation Important?

Risk mitigation is important because risks sometimes turn into realities. If your project team or business leaders haven’t figured out ways to deal with and lessen those risks, they can have a hugely negative impact on a project or business.

“Business risk mitigation is important because it helps organizations to identify and address potential risks that could impact their operations, reputation, or bottom line,” says Andrew Lokenauth, a former finance executive with Goldman Sachs and JP Morgan, an adjunct professor at the University of San Francisco School of Management, and the founder of Fluent in Finance . “By proactively managing risks, organizations can minimize disruptions and protect their assets, stakeholders, and long-term viability.”

Here are some of the top reasons that business risk mitigation is important:

• Maintain the Existence and Profitability of a Business: Some risks can torpedo the very existence of a business — especially if they happen when the business hasn’t prepared for them. Business leaders must identify and assess risks and figure out ways to lessen or eliminate high-priority risks.
• Maintain a Business Reputation for Stability: Some risks, when they happen, can  damage a company’s customer relationships. Business leaders want customers to be able to trust the stability of a business. Preparing for risks helps ensure that stability. 
• Keep Internal and External Stakeholders Happy: Both employees and external stakeholders want a business to succeed and be prepared for negative risks. Making sure your team performs good risk management — including risk mitigation — will give internal and external stakeholders confidence that the business is ready for any negative events.

• Keep Your Staff and Others Safe: The mitigation measures you need for weather events will also protect the safety of your staff and others. Mitigation measures against problems such as fire damage can also protect staff and customers. 
• Avoid Negative Societal and Economic Impacts: In some cases, risks to your organization can have large societal and economic impacts. Examples include risks to the operations of utilities, government agencies, or internet companies. Perform solid risk mitigation to prevent these negative risks or lessen their impact.
• Know That No One Else Will Do It for You: Many people believe that certain risks just won’t happen or that some government agency or other group is monitoring the situation and will assist if there is a problem. That is often not true. “This is typical of most Americans — not even just business heads or business leaders — that you don’t think it’s gonna happen to you,” says Andresen. “You think if it does happen, it's not going to be that bad, and that you're going to get help from somewhere else. And all of those things are patently false.”

What Are the Types of Risk Mitigation?

When people talk about the types of risk mitigation, what they’re often referring to are types of risk responses or risk response strategies. Risk mitigation is one possible risk response, but it is not the only one.

Another important thing to remember is that not all risks are negative. There are positive risks — or opportunities — that can happen for your business as well. Experts have outlined five primary ways to respond to negative risks and five primary ways to respond to positive risks, both of which are important to the long-term health of a company.

These are the five primary risk response strategies for dealing with negative risks:

• Mitigate: Risk mitigation involves taking steps to reduce the likelihood or impact of a risk. 
• Transfer: Leaders can choose to transfer a risk to another entity. Buying insurance is a good example of transferring risk. You still take steps to prevent fires at your property, but when you buy fire insurance, the insurance company assumes much of the financial risk if a fire happens.
• Accept: In some cases, it is simply not possible or economically feasible to avoid or mitigate risk. Leaders might choose to accept certain risks that are too costly to try to affect or that are unlikely to happen.“It may not be possible or practical to avoid or reduce a risk,” Lokenauth says. “In these cases, organizations may choose to accept the risk and manage it as it arises.”
• Escalate: In project risk management — though not often in business risk mitigation — leaders choose to escalate certain risks. This response involves providing information on the risk to top organizational leadership, so they can make a decision. This is usually the response to a significant risk that would require significant costs to mitigate.

These are the five primary risk response strategies for positive risks:

• Share:   If your company chooses to share a positive risk, that means it will work with another company or entity to take advantage of an opportunity. Sharing positive risk can increase the likelihood and impact of opportunities. However, they also require that the company split the resulting benefits. 
• Exploit: When a company chooses to exploit a positive risk, it devotes special attention and resources to making sure an event happens.
• Enhance:  Companies can enhance positive risks by improving the likelihood that it will happen. This is different from exploiting a risk, because the possibility still exists that the opportunity will never arise. 
• Accept: If your company understands that a positive risk might happen, it might prepare to act on it without investing resources to try to increase the chances that it will happen.
• Escalate: As with escalating negative risks, your team can escalate positive risks to company leadership to make decisions about which strategy to implement. This is common when teams identify opportunities that could have enormous benefit to the company but might take a large investment to enhance or exploit.

You can learn much more about risk assessments, and the primary ways that project managers and organizations can respond to both negative and positive risks, in this essential guide to project risk assessments .

Risk Mitigation Strategies

Businesses use a number of strategies to help them respond to business risks. These can include overall risk and contingency planning, as well as tactical moves, such as hiring a risk manager or outside risk management consultant.

Here are some overall risk response strategies teams can use:

• Risk Management Planning: Teams will very often produce a risk management plan for individual projects, but they can also create a risk management plan for an entire enterprise. This plan should describe how your team plans to identify, assess, respond to, and mitigate risks to the organization. You can learn much more about risk management plans and planning and can download risk management plan templates .
• Contingency Planning: Contingency planning is usually a part of project risk management, but teams can create contingency plans for their entire organization. Contingency plans include specific actions your team will take if a risk actually happens. The contingency plan might include extra funds or extra staff to respond to a risk.
• Business Continuity Planning: Business continuity planning is the most common risk response strategy that organizations use to deal with risks to the entire enterprise. For specific projects, organizations will more often use strategies such as contingency planning and project risk management planning. The goals of business continuity planning are to identify important risks to the organization and make plans for what the organization will do to lessen or eliminate those risks.

You can learn much more about business continuity plans . You can also download business continuity plan templates .

• Setting Aside Contingency Reserves: These are funds an organization sets aside to help it deal with and mitigate important risks if they happen.
• Employing a Risk Manager: Many organizations choose to employ a full-time risk manager to oversee the organization’s entire risk management program. This role may involve helping with project risk management, or overseeing the more general management of risk and compliance across an organization.
• Contracting with Outside Consultancies: Many organizations contract with outside risk experts to help with risk assessments and business continuity planning.
• Employee Training: Forward-thinking organizations also conduct employee training and drills to bolster their contingency and risk mitigation plans. The training helps employees understand what they should be doing if a risk happens. You can learn more about such training and drills as part of contingency plans. 
• Product Testing: For software and technology companies especially, it’s important to do product testing throughout the development of a product. That testing will lower the risk that your organization will have to spend extra money to fix problems or to repeat development work.
• Following Information Security Best Practices: Information security issues are a huge risk for many organizations. Most organizations understand the importance of good information security practices, such as implementing strict password policies and two-factor authentication requirements.

Risk Mitigation Best Practices

Experts recommend following certain best practices for business risk mitigation. Some best practices include being proactive in identifying and assessing risks and making management policies clear to all stakeholders.

Here are some important best practices for business risk mitigation:

• Create a Strong Culture of Risk Management: It’s important that your organization and its leaders understand the importance of investing in solid risk management. Avoid the temptation to believe that risk management is not important or necessary. “Humans want to avoid risks, so we want to even avoid the discussion of risks,” Contreras says. “Good risk management forces you to have those discussions. You have to face them and look them in the eye, then make some decisions on how you're going to handle them. Don't let it fall by the wayside.”
• Involve Stakeholders: Make sure you communicate with and involve stakeholders in your risk management work. That means asking for their input as you identify and assess risks.
• Create a Clear and Transparent Risk Management Framework and Policy: Your organization should outline the basics of its risk management program in a risk management policy. Everyone in your organization should have access to and understand that policy. “A risk management policy should outline the organization's approach to risk management, including the roles and responsibilities of different stakeholders; the processes for identifying, analyzing, and responding to risks; and the methods for monitoring and reviewing the effectiveness of risk management efforts,” Lokenauth says.
• Be Proactive: It is vital for any organization to be proactive and aggressive in identifying and planning for risks. Lokenauth recalls a time when he worked for a large company in New York that wasn’t prepared for all risks. When Hurricane Sandy hit in October 2012, the firm had no place for its employees to work. “We were home for a week or two getting paid, and we weren't doing any work,” he says. “Things weren't getting done. It took them about a week or two to send us laptops. And then it took another week to try to figure out where to put us, to rent some space in Jersey City. If they had a plan in place for a thing like that, it would have been better. “It's important to be proactive about identifying and addressing potential risks rather than waiting for them to occur,” he says. Contreras adds that a business leader’s perspectives on risks can affect how an entire company approaches risk — either to the company’s benefit or to their detriment. “Small and medium-sized businesses are usually led by one big leader,” he says. “That leader’s perspective can really sway the business — and maybe not in a good way. The leader might be super optimistic, always thinking, ‘Yeah, we can do this.’ But the leadership team really needs to look at things and ask, ‘What if it doesn’t go?’ What would be the downside here? What are the things that can go wrong?’ So you want to get people in a room and start thinking negatively. ‘What are the things that can go wrong? And what can we do about them? What can we do to mitigate them?’”
• Be Comprehensive: It’s important that your organization thinks about risks in all areas. Avoid focusing only on what leaders think might be the most obvious areas for risk. “It's important to develop a comprehensive risk management plan rather than focusing on individual risks in isolation,” Lokenauth says.

• Conduct Employee Training or Drills: Risk mitigation isn’t finished once a company writes a contingency plan. Leaders must also train employees to perform the actions outlined in the plan. They must also determine whether that contingency plan is going to be effective by performing drills. You can learn more about training and drills in contingency planning.
• Continuously Monitor Possible Risks: Too many organizations perform one risk assessment, then believe they are finished — sometimes for a year or two or more, experts say. However, risks are constantly changing, and organizations need to continually identify and assess new risks to avoid costly oversights. That means requiring routine risk assessments and creating a culture that is always monitoring and addressing new risks. “You want to establish policies on how you identify and monitor risks, and you want to monitor them every month,” Lokenauth says. That can be as simple as making sure your risk department works through a monthly checklist of risks that you are tracking and what’s happening with them. It also means watching for new risks or for changing circumstances around current risks, experts say.
• Make Changes Where Needed: When your organization’s continual assessment shows that a new risk has arisen, or that an older risk is changing, it must make changes in its risk response plan. “If you grow as a company, you now have a different footprint in which you need to assess your risk,” Andresen says. “If you shrink — again, you have a different footprint. You might not need the same control measures or countermeasures, and you can put that money somewhere else.”
• Communicate Your Risk Management Plans: It’s vital that your organization communicates often and effectively with organization leaders, employees, and other stakeholders about the organization’s risk management work.

What Is the Risk Mitigation Process?

Experts sometimes use the term risk mitigation process to describe how organizations identify, assess, and prepare to lessen or mitigate risks. More often, experts use the term risk management to describe that work.

Here are the seven basic steps of the risk management process:

• Identify All Possible Risks: Gather a team or multiple teams to offer input on all possible risks to your organization. You might do this through formal meetings or gather input in other ways. “The first thing you would do is have every department do their risk analysis — but not in a silo,” Andresen says. “You do want them talking to each other. Because you’ll get some people being inspired by the others. You’ll get others validating the risk of others. And you get a whole operating picture of the entire company: ‘Where are we weak? Where are we strong?’” Lokenauth suggests using such options as “brainstorming sessions, risk assessments, or reviewing industry data” to identify risks. Ask everyone involved — internally and externally — to think broadly about all possible risks. Your team can use a questionnaire to assess potential risks to your organization and analyze its risk culture.
• Analyze Risk Probability and Impact: After your team identifies all risks, it will need to assess each risk’s probability and the potential impact on your business. “You have to figure out what exactly is the most vital piece of your ability to conduct your business, then figure out the risks to that,” Andresen says. “Then you have to look at internal and external risks. What are the internal risks that you can encounter? And what are your external risks that you could potentially encounter? How do you want to solve for them? ”Contreras notes that your team can also assess the top risks for various departments within your organization, along with various kinds of risks. “If, say, it's a supplier risk, what are the top three suppliers that we should be concerned about?” he says. “And what are the top three infrastructure risks? What are the top three HR staffing risks that we have?”
• Prioritize Risks: Once your team has studied and assessed the probability and potential impact of each risk, it must then prioritize which risks are most important to address. “As the likelihood becomes very high — let's say over 50 percent — then you decide, ‘OK, we need to do something to mitigate that,’” Contreras says. “Then the second determination would be: ‘What's the cost?’ If it’s high likelihood and high dollars, those are the ones you do want to focus on — the more likely it is to happen and the more obvious the cost impact.” For example, a risk that could cost your organization millions of dollars will take priority over a risk that would cost them thousands at most. Similarly, a risk that is almost certain to happen will take priority over a risk that has almost no chance of happening.
• Create Response Plans: Create plans to deal with or lessen the effects of the most important risks. Your organization likely won’t have the resources to mitigate every risk your company identifies. That’s why you prioritize the most important risks to face. “The next step is to develop responses to address the important risks,” Lokenauth says. “This may involve implementing controls or safeguards to prevent the risk from occurring, transferring the risk to a third party, or accepting the risk and managing it as it arises.” Lokenauth adds that your team should consider the costs to your organization of mitigating even the high-priority risks. If mitigating a high-priority risk will be prohibitively expensive, an organization might decide to simply accept that risk, while mitigating lower-priority risks.
• Track and Monitor Risks: Remember that business risk mitigation is an ongoing, evolving process. Continually track risks and potential changes in risk probability or impact. Contreras suggests that risk teams hold regular meetings to assess and monitor risks. “You probably should make it monthly — where you revisit the risks, and you're either changing the probability, or you're taking some out because they didn't happen, or some of them occurred,” he says. “Now, it becomes not a risk, but an issue — a problem that you have to begin to solve.”
• Monitor Mitigation Measures: Your organization should also monitor its mitigation measures. Monitor how and whether your teams are implementing risk mitigation measures. In addition, monitor how the mitigation measures are working and what risks have already occurred.
• Report to Organization Leaders: Regularly report to organizational leaders about ongoing risks and mitigation measures.

Example Risk Response Plan

Download a Sample Business Risk Response Plan for  Excel | Microsoft Word

Download this completed example business risk response plan that can help your team understand how to write a risk response plan for your organization. This plan includes sample data, with components such as include risk, risk severity, description of mitigation plans for that risk, and if and how those mitigation plans are working. Use this template as a starting point, and customize it to create your own business risk response plan.

Risk Mitigation by Departments and Broad Areas

Teams can assess business risks by department, such as operations or sales. They can also assess them by broad categories, such as technical risks or compliance risks. This will help organizations avoid costly oversights during risk mitigation.

Organizations might assess risk in various departments, such as the following:

• Human Resources

They might also assess risks in broader, thematic areas. Those areas might include:

• Compliance Risks: There can be risks in areas where laws or government rules require certain actions and issue penalties for noncompliance.
• Management Risks: There can be risks surrounding a company’s management, such as a key leader leaving the company.
• Operational Risks: Risks can arise based on the operational structure of your organization, such as how it sources materials or hires staff members.
• Overall Costs Risks: Some risks threaten to significantly increase your company’s costs to operate.
• Reputational Risks: Some risks relate to your company’s image and reputation among customers or clients.
• Resources Risks: There can be risks to the resources your company needs to operate.
• Strategic Risks: Some risks involve a company’s overall business strategy.
• Technical Risks: There can be risks related to technology your company is using or producing.

Your team might also consider doing what is called a PESTLE analysis . In this analysis, your team considers the overall business environment and potential risk in six areas: political, economic, social, technological, environmental, and legal. 

Tip: You might see this type of analysis written as a PESTEL analysis . Both acronyms indicate the same six areas but are written in a different order.

PESTLE Analysis Template

Download a PESTLE Analysis Template Excel | Microsoft Word

Download this template to help guide you through a PESTLE analysis. This analysis helps your team focus on and think about risks to the business in six broad areas. Use the empty columns to list potential risks to your organization in each category and summarize your risk mitigation plan.

Risk Mitigation Tools

A variety of tools are available to help your team assess and mitigate risks. These include risk management plans and assessments. Many companies also use risk assessment frameworks (RAFs), which specifically measure IT risks.

These are some tools that can help all companies with risk management and risk mitigation:

• Risk Assessment Matrix: A risk assessment matrix can help your team calibrate risks based on probability and likelihood.
• SWOT Analysis: A SWOT analysis can help your team analyze threats to your organization, along with strengths, weaknesses, and opportunities.
• Root Cause Analysis: A root cause analysis can help your team determine the root cause of an issue or problem affecting your company. 
• Business Impact Analysis: A business impact analysis is a process that teams work through to assess the possible effects of major interruptions to an organization’s operations. Most often, these potential interruptions are events such as natural disasters, major accidents, or other emergencies.

These are some common RAFs that IT experts use:

• Factor Analysis of Information Risk (FAIR)
• Committee of Sponsoring Organizations of the Treadway Commission (COSA) Risk Management Framework
• Control Objectives for Information Technologies (COBIT) from the Information Systems Audit and Control Association
• Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework from Carnegie Mellon University
• Risk Management Framework from the National Institute of Standards and Technology (NIST)
• Threat Agent Risk Assessment (TARA), created by Intel

Risk Mitigation vs. Contingency

A risk mitigation plan might include a contingency reserve or contingency. While the risk mitigation plan includes many elements, the contingency is simply a reserve of funds, time, or other resources that can help mitigate certain risks.

Risk Mitigation vs. Risk Management

Risk mitigation is one part of the entire risk management process. When your organization performs risk management, it will perform risk assessments that might call for risk mitigation.

Stay on Top of Business Risks with Real-Time Work Management in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

How to Highlight Risks in Your Business Plan

Tallat Mahmood

5 min. read

Updated October 25, 2023

One of the areas constantly dismissed by business owners in their business plan is an articulation of the risks in the business.

This either suggests you don’t believe there to be any risks in your business (not true), or are intentionally avoiding disclosing them.

Either way, it is not the best start to have with a potential funding partner. In fact, by dismissing the risks in your business, you actually make the job of a lender or investor that much more difficult.

Why a funder needs to understand your business’s risks:

Funding businesses is all about risk and reward.

Whether it’s a lender or an investor, their key concern will be trying to balance the risks inherent in your business, versus the likelihood of a reward, typically increasing business value. An imbalance occurs when entrepreneurs talk extensively about the opportunities inherent in their business, but ignore the risks.

The fact is, all funders understand that risks exist in every business. This is just a fact of running a business. There are risks that exist with your products, customers, suppliers, and your team. From a funder’s perspective, it is important to understand the nature and size of risks that exist.

• There are two main reasons why funders want to understand business risks:

Firstly, they want to understand whether or not the key risks in your business are so fundamental to the investment proposition that it would prevent them from funding you.

Some businesses are not at  the right stage to receive external funding  and placate funder concerns. These businesses are best off dealing with key risk factors prior to seeking funding.

The second reason why lenders and investors want to understand the risk in your business is so that they can structure a funding package that works best overall, despite the risk.

In my experience, this is an opportunity that many business owners are wasting, as they are not giving funders an opportunity to structure deals suitable for them.

Here’s an example:

Assume your business is  seeking equity funding,  but has a key management role that needs to be filled. This could be a key business risk for a funder.

Highlighting this risk shows that you are aware of the appointment need, and are putting plans in place to help with this key recruit. An investor may reasonably decide to proceed with funding, but the funding will be released in stages. Some will be released immediately and the remainder will be after the key position has been filled.

The benefit of highlighting your risks is that it demonstrates to investors that you understand the danger the risks pose to your company, and are aware that it needs to be dealt with. This allows for a frank discussion to take place, which is more difficult to do if you don’t acknowledge this as a problem in the first place.

Ultimately, the starting point for most funders is that they  want  to invest in you, and  want  to validate their initial interest in you.

Highlighting your business risks will allow the funder to get to the nub of the problem, and give them a better idea of how they may structure their investment in order to make it work for both parties. If they are unsure of the risks or cannot get clear explanations from the team, it is unlikely they will be forthcoming when it comes to finding ways to make a potential deal work.

Brought to you by

Create a professional business plan

Using ai and step-by-step instructions.

Secure funding

Validate ideas

Build a strategy

• The right way to address business risks:

The main reason many business owners don’t talk about business risks with potential funders is because they don’t want to highlight the weaknesses in their business.

This is a fair concern to have. However, there is a right way to address business risk with funders, without turning lenders and investors off.

The solution is to focus on how you  mitigate the risks.  

In other words, what are the steps you are taking in your business as a direct reaction to the risks that you have identified? This is very powerful in easing funder fears, and in positioning you as someone who has a handle on their business.

For example, if a business risk you had identified was a high level of customer concentration, then a suitable mitigation plan would be to market your products or services targeting new clients, as opposed to focusing all efforts on one client.

Having net profit margins that are lower than average for your market would raise eyebrows and be considered a risk. In this instance, you could demonstrate to funders the steps you are putting in place over a period of time to help increase those margins to at least market norms for your niche.

The process of highlighting risks—and, more importantly, outlining key mitigating actions—not only demonstrates honesty, but also a leadership quality in solving the problems in your business. Lenders and investors want to see both traits.

• The impact on your credibility:

Any lender or investor  backs the leadership team  of a business first, and the business itself second.

This is because they realize that it is you, the management team, who will ultimately deliver value and grow the business for the benefit for all. As such, it is imperative that they have the right impression about you.

The consequence of highlighting business risks in your business plan with mitigations is that it provides funders a real insight into you as a business leader. It demonstrates that not only do you have an understanding of their need to understand risk in your business, but you also appreciate that minimizing that risk is your job.

This will have a massive impact on your credibility as a business owner and management team. This impact is more acute when compared to the hundreds of businesses they will meet that omit discussing the risks in their business.

The fact is, funders have seen enough businesses and business plans in all sectors to instinctively know what risks to expect. It’s just more telling if they hear it from you first.

• What does this mean for you going forward?

Funders rely on you to deliver on your inherent promise to add value to your business for all stakeholders. The weight of this promise becomes much stronger if they can believe in the character of the team, and that comes from your credibility.

A business plan that discusses business risks and mitigations is a much more complete plan, and will increase your chances of securing funding.

Not only that, but highlighting the risks your business faces also has a long-term impact on your character and credibility as a business leader.

Tallat Mahmood is founder of The Smart Business Plan Academy, his flagship online course on building powerful business plans for small and medium-sized businesses to help them grow and raise capital. Tallat has worked for over 10 years as a small and medium-sized business advisor and investor, and in this period has helped dozens of businesses raise hundreds of millions of dollars for growth. He has also worked as an investor and sat on boards of companies.

Table of Contents

• Why a funder needs to understand your business’s risks:

Related Articles

5 Min. Read

How to Improve the Accuracy of Financial Forecasts

3 Min. Read

What Is a Break-Even Analysis?

1 Min. Read

How to Calculate Return on Investment (ROI)

4 Min. Read

How to Create an Expense Budget

The Bplans Newsletter

The Bplans Weekly

Subscribe now for weekly advice and free downloadable resources to help start and grow your business.

We care about your privacy. See our privacy policy .

The quickest way to turn a business idea into a business plan

Fill-in-the-blanks and automatic financials make it easy.

No thanks, I prefer writing 40-page documents.

Discover the world’s #1 plan building software

9 strategic risk examples and how to successfully tackle them

What is meant by strategic risk? Strategic risk examples encompass many different risks — and depending on the nature of your business, you may face any or all of them. Understanding the types of strategic risk you face is fundamental to your ability to tackle them as part of your broader governance, risk and compliance (GRC) strategy.

Whether you are a chief risk officer and strategic risk falls firmly within your orbit, or whether as CFO, CEO or general counsel, you take more holistic responsibility for your organization's risk strategy. Understanding and mitigating risk at a strategic level will be a priority.

In today's hyper-connected world, the risk evolves faster than businesses can devise strategies to tackle it. Being familiar with different strategic risk examples can help you get ahead of the curve, helping you identify the types of strategic risk your organization faces and the tactics you can put in place to respond.

Understanding the different types of strategic risk

'Strategic risk' is a term that's often bandied about. But what does the phrase mean in practice? What types of risk are defined as 'strategic?' How do you identify strategic risks? What are the examples of strategic risks you might face in your organization? What are the types of strategic risk you should prioritize in your risk mitigation strategy?

What is strategic risk?

Strategic risk is a category of risk; alongside operational, financial, regulatory and other business risks, it forms part of the umbrella of risks your organization faces.

When we look at strategic risk examples, they are generally defined as those that threaten a business's ability to set and implement its chosen strategy.

They may be external; events like the Covid-19 pandemic are the perfect example here.

They may be 'self-inflicted,' brought about via an organization's own strategy and decision-making. An example of this would be the accelerating digital transformation of businesses, which has delivered many positives but has also exposed new types of risk.

Exploring strategic risk examples

Regulatory and legislative drivers relating to governance, risk and compliance strategies more generally are also prompting businesses to focus on strategic risk. At the same time, a spotlight has been thrown on strategic risk via growing awareness of the close ties between risk, compliance and business value .

This evolution of risk has led organizations to try and bring some structure to their mitigation strategies by categorizing and prioritizing the risks they face. Let's look at some of the examples of strategic risks you might face.

Some sources distill strategic risks into five types, sometimes called the 'five sources of strategic risk.' However, these aren't always consistent, however, look up several different sources, and you will find a variety of risks listed among the 'five types.'

Our list of strategic risk examples below therefore includes more than five.

What are the 9 examples of strategic risk?

Among the types of strategic risk you should have on your radar are:

• Competitive risk. The risk is that you fall behind your competitors as they innovate and improve their offerings faster than you.
• Change risk. The digital transformation risk we cited above is a prime example of this ' the inherent risks of introducing any change program.
• Disrupt your business
• Create new responsibilities
• Demand new technologies (and therefore linking back to change risk)
• Distract your business leaders from their operations as their time is abstracted to put in place new governance processes and control measures
• Reputational risk . The risk that your corporate standing is threatened. The potential causes of this are legion, from regulatory compliance breaches to shareholder activism or poor performance in public ratings, such as those used to measure ESG performance .
• Political risk. The potential for political change, or the political landscape overall, to disrupt your business. For example, through volatility in a country within your supply chain .
• Governance risk. The risk brought about by poor governance, risk and compliance processes within your organization.
• Financial risk. Risks relating to the financial health of the organization. This differs from...
• Economic risk. This refers to the broader economic landscape and its potential to affect the success of your business strategy.
• Operational risk. The risk is that your operations and business processes are not up to standard.

Many of these examples of strategic risk are inter-connected. For instance, if you face operational risks around the efficacy and rigor of your processes, this is likely to expose you to financial or regulatory risk. Similarly, if you fail to tackle governance risks, you may well encounter reputational risk.

The intertwined nature of the types of strategic risk emphasizes how important it is to take an integrated approach to address them.

How to tackle the different types of strategic risk

Amongst all these strategic risk examples, there are positives. The linkages that cause one risk to increase the chances of another can also work to your advantage. Take a coordinated, integrated stance on one aspect of strategic risk, and your performance in others should also improve. As companies refine their approaches to risk mitigation, they become better able to recognize these connections. As a result, they can approach risk strategically, capitalizing on synergies for a more robust result.

Below we also set out some specific tips that can help you tackle the different strategic risk examples:

• Competitive risk. Remaining competitive means understanding your competition; data is key here, and technology can be your friend in enabling you to provide your board with the competitive intelligence they need.
• Change risk. Here, good governance is the secret. Put governance at the heart of your change programs and reduce the risks they bring while enhancing their benefits.
• Regulatory risk. Keeping on top of the latest developments in the fast-moving regulatory landscape is vital here — you can't meet expectations if you're not aware of them. Ensure you keep abreast of the news and trends in risk and compliance .
• Reputational risk. Bolster your GRC processes , and you have a better chance of swerving the risks that can derail your brand.
• Political risk. There is less you can do here, although ensuring you build sustainable supply chains rooted in countries where political volatility is less of a threat can help make your operations more resilient.
• Governance risk. As with change risk, robust governance processes and controls are essential to reducing risk here.
• Financial risk. While some financial risks come from external factors, improving your ability to measure, monitor and respond to the business risks you face, if done successfully, should minimize the financial threats that fall within your wheelhouse.
• Economic risk.   S ustainable supply chains can help here, reducing the threat from economic instability in countries you source from. And, again, keeping pace with external events that can affect your risk profile is vital.
• Operational risk. One of the areas you have the most control over, introducing agility , rigor and structure to your operations can significantly reduce your risk across all areas of your organization.

Understand and respond to all types of strategic risk

Hopefully, this article has given you a deeper understanding of the types of strategic risk you face, some examples of strategic risk that bring this to life. It has also provided insights into how you can tackle different strategic risks.

Remaining on the front foot in terms of upcoming legislation, economic trends and governance best practice can really make the difference — amplifying your ability to be leverage strategic and proactive in the face of changing risks.

Master strategic risk in 2024: Expert insights & practical examples

The business landscape is constantly evolving. Stay ahead of the curve with insights from Renee Murphy , a recognized leader in the governance, risk, and compliance (GRC) space. Leveraging her 10 years of expertise at Forrester, this blog post dives deep into 9 real-world examples of strategic risks businesses face today. Learn how to identify, assess, and mitigate these threats to ensure your company's continued success.

Read the four-minute article now here: Risk in 2024 — 7 steps to calmly navigating the chaos

Solutions Solutions

• Board Management
• Enterprise Risk Management
• Audit Management
• Market Intelligence

Resources Resources

• Research & Reports

Company Company

Your data matters.

MANAGEMENT • 4 MIN READ

Taking Risks in Business the Right Way: Full Guide

As a  successful entrepreneur , business risks are essential to achieving growth and success. While it can be daunting to step outside of your comfort zone, the rewards can be significant.

In this article, we’ll explore the definition and importance of taking risks in business, provide examples of different types of business risks, and offer ideas and strategies for entrepreneurs looking to take calculated risks.

What Do We Mean By Taking Risks in Business?

Business risks refers to the process of identifying and pursuing opportunities that may be uncertain or have the potential for failure. It involves taking calculated risks to achieve  business objectives and goals , such as increasing revenue, market share, or expanding into new markets.

However, taking risks in business does not mean taking reckless or blind risks that may result in significant losses or problems to the business .

Should You Be Taking Risks in Business?

Taking risks in business is critical to achieving significant growth and success. According to the Bureau of Labor Statistics (BLS), 50% of small businesses fail within the first five years, while 65% fail within ten years.

However, businesses that take calculated risks are more likely to succeed and achieve long-term growth.

Are There Any Benefits?

• Increased innovation and creativity : Taking risks can encourage entrepreneurs to explore new and innovative ideas that can lead to breakthrough products or services.
• Competitive advantage : Businesses that take risks and innovate can gain a competitive advantage over their competitors, leading to increased market share and revenue.
• Improved decision-making skills : Taking risks requires entrepreneurs to make strategic decisions based on careful analysis and planning, which can improve their decision-making skills over time.
• Increased revenue and profitability : Taking calculated risks can lead to increased revenue and profitability, as businesses can identify new markets and revenue streams.
• Enhanced reputation : Successful risk-taking can enhance a business’s reputation, leading to increased customer loyalty and brand awareness.

9 Ideas for Taking Business Risks Effectively

There are many types of business risks out there. Some are better to take on than others.

Here are 9 examples of business risks and ideas to help take your business to the next level.

1. Launch a New Product or Service

Taking risks in product and service offerings can help businesses differentiate themselves from their competitors and appeal to new customers.

For instance, a restaurant may risk offering a new menu item, such as a vegan option, to attract a new customer base and create a competitive advantage.

2. Expand Into New Markets

Expanding into new markets can help businesses tap into new customer segments and increase revenue . It also helps to diversify their income streams and reduce risks associated with relying on one market.

Furthermore, entering new markets can help businesses gain insights into different cultures and new trends in the industry.

3. Invest in New Technology

Investing in new technology can help businesses increase efficiency, reduce costs, and improve the quality of their products or services. Companies that invest in technology are better equipped to compete in the global marketplace, as the technology helps them stay ahead of their competitors.

In addition, new technology can help businesses become more innovative and agile, allowing them to respond quickly to changing customer needs/

4. Take on Strategic Partnerships

5. diversify revenue streams, 6. hire new talent.

Hiring new talent can help businesses bring in fresh perspectives and ideas, leading to increased innovation and growth . New talent often brings with them fresh insights and skills that can help to grow a business in ways that existing staff may be unable to.

By bringing on new talent, businesses can tap into new markets, create new products and services, and open up new possibilities for growth.

7. Try New Marketing and Advertising Strategies

Trying new marketing and advertising strategies can help businesses reach new audiences and increase brand awareness. It can also help to boost sales and build customer loyalty. Companies should be open to experimenting with different strategies to achieve their desired results.

8. Pursue a New Business Model

Pursuing a new business model can help businesses adapt to changing market conditions and stay relevant. For instance, when the global pandemic hit, many businesses had to pivot to e-commerce or digital services in order to stay afloat.

9. Launch a New Business Venture

Challenges of taking risks in business and solutions, financial risks.

Taking financial risks can lead to significant losses if the business does not generate enough revenue to cover the investment.

To overcome this challenge, entrepreneurs should conduct a thorough financial analysis and consider alternative funding sources, such as loans or investors.

Market Risks

Entering new markets or launching new products can be risky if there is no demand or if the competition is too strong.

To overcome this challenge, entrepreneurs should conduct market research to identify customer needs and preferences and evaluate the competition.

Operational Risks

Making significant changes to business operations can be risky if they are not well-planned and executed.

To overcome this challenge, entrepreneurs should create a detailed vision and strategy and test the changes on a small scale before implementing them on a larger scale.

Reputational Risks

Taking risks that result in negative publicity can damage a business’s reputation and lead to a loss of customers.

To overcome this challenge, entrepreneurs should prioritize transparency and honesty in their operations and communication with customers.

Legal Risks

Taking risks that violate laws or regulations can lead to legal penalties and damage to the business’s reputation.

To overcome this challenge, entrepreneurs should consult with legal experts and ensure compliance with all relevant laws and regulations.

Take on Bigger Risks and Get 2X Success

Business coaching and mentoring can be an effective way for entrepreneurs to overcome the challenges of taking risks in business and achieve significant growth and success.

2X is a business coaching and mentoring company that helps entrepreneurs grow their business from 6 to 7 figures through customized coaching and mentorship programs.

Their book, From 6 to 7 Figures , provides practical advice and strategies for entrepreneurs looking to take their business to the next level .

Taking risks in business is critical to achieving significant growth and success. However, it requires careful analysis and strategic planning to minimize the potential for negative outcomes. Businesses that take calculated risks are more likely to succeed and achieve long-term growth.

By implementing the ideas and strategies outlined in this article and seeking guidance from a company like 2X, entrepreneurs can take risks that lead to accelerated growth and success in their business.

The Playbook To 7+ Figures

This has been called “the business Bible for 6-figure entrepreneurs”… now you can get it with exclusive bonuses for a crazy low price!

Related Articles

The 2X Backstory – Helping 6/7 Figure Businesses Scale

Breaking Down The Real-Life Principles That Matter To Help You Join The 4% Of Businesses That Make The Leap To 7-Figures

How to Use Business Systems To Scale to 7 & 8 Figures

So you're ready to scale, huh? You want to get out of the day-to-day operations and get the freedom, wealth, and predictable growth that you...

How To Build A Sales Department Into A High-Converting Machine

“What are the single best levers to scale?” I’ve asked myself this question more times than I can count. And now after working with hundreds...

How To Build a World-Class Team That Don’t Drain Your Time

To grow a business extremely fast, you need ONE key thing: Leverage. And there are three core forms of leverage a business owner can use...

How To Create Raving Fans With World-Class Fulfillment

If you ask almost any six-figure entrepreneur how to double their business as fast as possible, they’ll probably start telling you about marketing tactics and...

How To Use Numbers To Make Easier, Faster, Better Decisions

Create A Business Vision And Get Unstoppable Momentum

You don't get in the car until you know where you want to go… Yet most people try to drive their business without having a...

How To Join The Inc. 5000 List Of Fastest Growing Companies In 2023

2X has secured a spot on Inc. 5000’s list of fastest growing private companies in the U.S. for 2022.

2X Ranks In Inc. 5000 List Of Fastest Growing Private Companies

Brad Lea’s Secret Masterplan To Grow From 8 To 9 Figures

Listen below to the interview that 2X CEO Austin Netzley did with influencer Brad Lea. You’ll get powerful insights into systems, growth strategies, mindset, how...

Living His Dream: From 65 Hour Work Weeks To 7-Figures | 2X

You grind your fingers to the bone and work long, unsustainable hours in the pursuit of success.

Three Ways To Triple Your Revenue In 12 Months | 2X

If you’ve never scaled a business to 7-figures before, it can feel like an uphill battle. You soon discover that the tools that got you...

How Erin Built A Thriving Business Without The Stress

Sometimes the growth of your business can lead you into a false sense of security. Because, on the face of it, things are going well....

Working From Home: Work-Life Balance Strategies for Entrepreneurs | 2X

Are you an entrepreneur who is struggling to balance work and life? Are you finding it hard to stay focused when working from home? If...

10 Key Takeaways From The October 2022 2X Mastermind Event

WOW! The dust is just starting to settle after an amazing two days at our Mastermind Event in Austin, Texas last week.

More From Forbes

Fundamentals of risk assessment: methods and tools used to assess business risks.

• Share to Facebook
• Share to Twitter
• Share to Linkedin

CEO of Schwenk AG & Crisis Control Solutions LLC , a leading expert in risk and crisis management for the automotive industry.

In the intricate tapestry of the modern business landscape, every thread is intertwined with an element of risk. From startups navigating the treacherous waters of market entry to conglomerates expanding their global footprint, understanding and adeptly managing these risks has become a distinguishing factor between fleeting success and enduring resilience.

As the pace of innovation surges and the global marketplace transforms, the significance of comprehensive risk assessment is only magnified. As a top expert in risk and crisis management, I've served major clients as well as numerous smaller firms in Europe and the U.S. Here's my guide for businesses.

Key Components Of Risk Assessment

Risk assessment stands as a cornerstone in strategic business decision-making, demanding a structured and meticulous approach to ensure effectiveness.

1. Identify

At the heart of this process is the task of identifying risks. This involves recognizing and describing potential pitfalls that a business might face. Recognizing these risks early ensures that businesses can allocate resources and strategize aptly without being caught unprepared.

Best High-Yield Savings Accounts Of September 2023

Best 5% interest savings accounts of september 2023, 2. quantify.

Following the identification phase, businesses need to quantify the risks, gauging both their potential impact and likelihood.

Employ tools such as statistical models, analyses of historical data and simulated scenarios as they can all provide valuable insights in this dimension. It's through this quantification that businesses can discern which threats merit immediate attention and which can be set aside for later.

3. Prioritize

Once quantified, the next logical step is to prioritize these risks. Here, businesses rank and evaluate the identified risks, determining which should be addressed first based on their significance.

Instruments like risk matrices , which juxtapose the likelihood of a risk against its impact, play a crucial role in this assessment phase. Not every risk poses an immediate threat, and thus it's essential to ensure the most significant risks are addressed immediately, streamlining resources for maximum efficacy.

4. Evaluate

Subsequent to prioritization, a comprehensive evaluation of these risks is essential. This phase requires businesses to weigh the magnitude of each risk against their inherent risk appetite.

Compare industry benchmarks, past experiences or predetermined thresholds to decide the most appropriate way to address each threat. This step is pivotal in ensuring that risk management efforts are in harmony with a company's overarching objectives and risk tolerance levels.

5. Mitigate And Manage

Mitigating and managing risks forms the next stage. Strategic decisions come into play, determining how each identified risk should be addressed. Depending on the nature and magnitude of the risk, businesses might opt to transfer the risk through mechanisms like insurance, change their business processes to avoid it entirely, put in place safeguards to diminish its effect, or even accept it outright.

Effective risk management, in this regard, becomes a dual-edged sword; while it safeguards against potential adversities, it can also pave the way for opportunities, enabling growth and improvement.

6. Monitor And Review

Risks are inherently dynamic, fluctuating with time and circumstances. Regular audits, feedback mechanisms and even third-party reviews ensure that strategies employed remain effective and that emergent risks are identified promptly.

This continuous monitoring helps businesses stay nimble, adjusting their strategies to the evolving landscape of risks, better ensuring both survival and prosperity in an uncertain world.

Methods Of Risk Assessment

1. qualitative assessments.

The qualitative assessment is predominantly based on descriptive, nonnumerical data, and it shines in scenarios where garnering accurate numerical data is challenging. One of its significant advantages is its capacity to harness the power of expertise, intuition and experience to scrutinize risks.

There are several techniques under this umbrella. For instance, SWOT analysis delves into both the internal and external elements that might influence a project or business. It identifies the strengths, weaknesses, opportunities and threats.

The expert judgment method seeks insights from those with specialized expertise. Another technique, the Delphi method , orchestrates a structured dialogue among a panel of experts. This communication continues in multiple rounds until a consensus emerges.

2. Quantitative Assessments

The quantitative assessment employs numerical data. By leveraging statistical, financial or numerical analyses, it provides a more systematic and data-centric perspective on potential risks.

Techniques in this category include the Monte Carlo simulation , which uses an algorithm that hinges on constant random sampling to deduce numerical outcomes. Decision trees provide a visual representation of decisions and their possible results. Additionally, sensitivity analysis explores how varying values of one variable can influence another.

3. Additional Assessments

Scenario analysis empowers businesses by laying out an array of potential future situations. It aids in sketching the best-case, worst-case and the most-probable scenarios, enabling firms to visualize and weigh the potential risks and rewards.

Stress testing dives deep into analyzing potential vulnerabilities in any given system. It designs models that emulate challenging, often drastic conditions. A classic example of its application is in the financial realm , where banks deploy this method to unearth potential weak points in their financial statements.

The comparative risk assessment offers a comparative perspective. By juxtaposing potential risks against a benchmark or another risk, businesses can determine which threats deserve immediate attention, especially when resources are sparse and setting priorities becomes vital.

A hybrid method epitomizes adaptability. Realizing that no single technique can capture the entirety of risks, many entities interweave both qualitative and quantitative strategies. This amalgamated approach furnishes a richer, more detailed depiction of the risk environment surrounding a business.

Navigating Risk

To make an informed decision on which assessment method to employ, decision-makers should consider the nature of the risk, available data and desired depth of analysis.

Whether leaning toward qualitative methods that harness expertise and intuition or quantitative techniques that provide data-centric insights, the key is to choose a method (or combination thereof) that aligns with the specific context and objectives of the business, ensuring both its survival and prosperity amid uncertainties.

In essence, managing risk boils down to four strategies: avoiding it, mitigating its impact, transferring it, or simply accepting it. The chosen approach depends on the nature and magnitude of the risk in question.

Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?

• Editorial Standards
• Reprints & Permissions

• Sign up for free
• SafetyCulture
• Risk Management
• Risk Management Plan

Why Your Business Needs a Risk Management Plan

Understand the basics of risk management planning and discover how essential it is for your business to have one.

What is a Risk Management Plan?

A risk management plan is a systematic and structured plan to identify, analyze, assess, measure, and monitor risks and threats to an organization. It serves as an important tool for managing the risks that affect the running of an organization.

Simply put, a risk management plan is a comprehensive strategy that identifies and analyzes potential risks to a business or organization and devises solutions to minimize or avoid them, maximizing the probability of success or reaching organizational goals.

How Do You Plan for a Risk Management Plan?

Creating a risk management plan can seem daunting, but it’s important to have one in place to help protect your business from risks. Here are the basic steps you need to take to create a risk management plan:

Step 1: Develop a solid risk culture

An essential component of any successful risk management plan is the establishment of strong risk culture. Risk culture is commonly known as the shared values, beliefs, and attitudes toward the handling of risks throughout the organization.

It is the responsibility of senior management and the board of directors to create the company culture and set the tone from the top-down and communicated throughout the organization.

Step 2: Engage key stakeholders

Stakeholders emerged from various functions inside and outside of your organization. They could be employees, customers, vendors, etc. In order to plan risk management properly, it is important to engage with them every step of the way. This is because stakeholders provide you with a detailed representation of all facets of your business along with corresponding risks.

Step 3: Create appropriate risk management policies

A clear policy with delineated roles, responsibilities, and templates is essential for an effective risk management strategy. This will help you identify all risks that could potentially affect your business, evaluate the impact of those risks, and develop plans to mitigate them.

Step 4: Communicate

Communication is one of the most important aspects of risk management planning. It is critical for an effective risk management plan to have a good understanding of how communication works and how it can help you to manage risk.

Step 5: Implement transparent monitoring

By implementing transparent risk monitoring processes, we can be sure that all risk mitigation endeavors are effective. A risk management plan is an always-changing and essential process. With these best practices, you should be able to create a strategy for your organization.

5 Steps in a Risk Management Process

To make an effective risk management plan, it is essential to know the process of risk management as it is a systematic process used by a company in managing risks.

• Risk Identification – Risk Identification is the process of determining which risks could potentially affect the organization. It involves brainstorming, reviewing past events, and analyzing current trends.
• Risk Analysis – Risk Analysis is the process of determining the probability that a particular risk will occur and the potential impact it could have on the organization. This step also involves prioritizing risks in order of importance.
• Risk Control – Risk Control is the process of implementing measures to reduce or eliminate the risks identified in the previous two steps. This may involve changing processes or procedures, investing in new technology, or increasing insurance coverage.
• Risk Financing – Risk Financing is the process of setting aside funds to cover the costs associated with a potential risk. This may involve purchasing insurance, establishing a reserve fund, or self-insuring.
• Claims Management – Claims Management is the process of dealing with actual or potential claims arising from a risk event. This includes investigating claims, negotiating settlements, and paying out benefits.

Digitize the way you Work

Empower your team with SafetyCulture to perform checks, train staff, report issues, and automate tasks with our digital platform.

How to Create a Risk Management Plan

Now that you understand the basics of a risk management plan, it’s time to talk about how to create one. This is important, as it will ensure that your plan is effective and can be used to identify and mitigate any risks that may occur.

There are a few key steps to writing a risk management plan:

• Assess your risks – The first step is to list and assess all of the risks that your business may face. This includes anything from natural disasters to cyberattacks.
• Mitigate your risks – Once you have identified the risks, you need to come up with ways to mitigate them. This could include developing contingency plans , increasing security measures, or purchasing insurance policies.
• Review and update – It’s important to review and update your risk management plan regularly, as new risks may emerge and old risks may change.

By following these steps, you can create a risk management plan that will help protect your business from any potential dangers.

Create Your Risk Management Plan with SafetyCulture (formerly iAuditor)

Why use safetyculture.

SafetyCulture can help you create a risk management plan specific to your organization. It features an audit tool that can be used to identify potential risks, as well as thousands of customized templates and forms to help you document and track your risk management activities.

SafetyCulture provides a mobile application to access and store your risk management plan, automatically generate reports after an inspection, and share those reports with the appropriate people. Having SafetyCulture as part of your digital risk management process creates data sets that better inform your decisions and encourage compliance within your organization.

Risk Management Plan Template

This free risk management plan template lets you identify the risks, record the risks’ impact on a project, assess the likelihood, seriousness and grade. Also, specify planned mitigation strategies and assign corrective actions needed to responsible individuals. Breakdown costs and set the timeline of mitigation actions.

SafetyCulture Content Team

Related articles

• Reputational Risk

Learn more about reputational risk, why it’s important that businesses properly manage it, and how to effectively implement risk mitigation strategies.

• Find out more

• Reputation Management

This guide will discuss what reputation management is, why it’s important, and ways in which business leaders can maintain their organization’s healthy image

• Environmental Aspects and Impacts

Explore the intricacies of environmental aspects and impacts of the organization’s practices to enhance the company’s sustainability, compliance, and competitive advantage.

Related pages

• Process Hazard Analysis Software
• EHS Risk Assessment Software
• Integrated Risk Management Software
• Operational Risk Management Software
• Risk Based Inspection Software
• Risk Mitigation Strategies
• Risk Assessment Examples
• Contract Risk Assessment Checklist
• Point of Work Risk Assessment Template
• 7 Best Risk Assessment Templates
• 5×5 Risk Matrix Template
• Risk Mitigation Plan Template

JavaScript is disabled in your browser. To view the website properly, please enable JavaScript in your browser settings and refresh the page.

Apply for and manage a grant or program for your business.

Manage your interactions with the R&D Tax Incentive program.

• Risk management
• Risk assessment and planning

Business risks

On this page

What is risk management?

How you can manage risk in your business, why manage risk, risks that you must manage, types of risk, risk management in your state or territory.

Risk management helps you make better business decisions. It involves reducing the things that could have a negative effect on your business. For example, the reducing the risk of injury by through safety procedures. You can also look for opportunities that could have a positive impact on your business.

Jimmy owns a transport business. He drives trucks, moving commercial products around Australia. Some of the hazards Jimmy faces each day include:

• contact with chemicals and fumes when refuelling
• uncomfortable seating and fatigue, especially on long journeys
• no heating or air-conditioning to change the temperature inside the truck.

Some steps Jimmy could take to reduce the risks in his daily work include:

• wearing appropriate clothing to reduce his exposure to chemicals
• taking regular breaks during his trips to stretch and walk around
• ensuring that he only works the legal hours for his industry to deal with fatigue
• installing fans or air-conditioning in his truck
• having suitable clothing and water for each trip.

Begin by finding out about risk management practices and how you can use them. You should also talk to others involved in your business (including your employees and customers) to decide on the best way to manage risk in your business.

Before you decide what to do, you’ll need to work out what your risks are and which ones are most urgent:

• Identify – work out what risks your business could face.
• Analyse – find the level of the risks and which ones are most urgent.
• Evaluate – compare the risk against set risk criteria to decide what to do.

Find out how to manage risk in your business.

By managing risk, you can reduce the impact of unexpected events on your business.

Managing risk can also help you to:

• improve your relationships with customers, suppliers, employees and the community, by understanding and managing their expectations
• improve staff confidence in a safe work environment, through workplace health and safety (WHS) and workers’ compensation insurance
• keep your business open during natural or economic disasters, by having an emergency management plan
• reduce your compliance and insurance costs, by having a lower risk of damages.

You won't always have enough information or the resources to manage every risk. A good risk management plan will allow you to change your approach if it isn't working, or when unexpected risk happens.

You're required by law to manage some risks. For example, you must manage or reduce the risk of:

• accidents and injury by making your workplace safe under work health and safety (WHS) laws
• customer complaints by treating customers fairly under Australian Consumer Law
• injury or harm to employees by having workers' compensation insurance
• damaging the environment by meeting the environmental laws that apply to you.

It's a good idea to understand the different types of risks your business may face so you can recognise and plan ahead for them.

Risks can be:

• opportunity-based risk from choosing one option over other options (such as buying a new property)
• uncertainty-based risk from uncertain or unknown events (such as natural disasters or loss of suppliers)
• hazard-based risk from dangerous materials or actions (such as using hazardous chemicals or working at heights).

Opportunity-based risks

This type of risk comes from taking one opportunity over others. By deciding to commit your resources to one opportunity, you risk:

• missing a better opportunity
• getting unexpected result.

Opportunity-based risks for a business include moving a business to a different location, buying a new property, or selling a new product or service.

Uncertainty-based risks

This type of risk is from uncertainty around unknown or unexpected events. It’s hard to predict these events and the damage they can cause. It’s also hard to control the damage once they occur.

Examples of uncertainty-based risks include:

• damage by fire, flood or other natural disasters
• unexpected financial loss due to an economic downturn, or bankruptcy of other businesses that owe you money
• loss of important suppliers or customers
• decrease in market share because new competitors or products enter the market
• court action.

To reduce the impact of uncertain events on your business, you can do things like:

• develop an emergency management plan to reduce the damage to your business in an emergency
• keep a supplier database to help you manage your stock and equipment
• seek and use regular feedback from your customers and other people you deal with in your business
• check your business environment regularly for risks such as changes in trends and customer expectations
• seek expert advice every now and then to check the financial health of your business and to get advice on how to improve your business.

Hazard-based risks

These types of risks come from dangerous situations in the workplace.

Some common examples include:

• physical hazards caused by high noise levels, extreme weather or other environmental factors
• equipment hazards caused by faulty equipment or poor processes when using equipment such as machinery
• chemical hazards caused by improper storage or use of flammable, poisonous, toxic or carcinogenic chemicals
• biological hazards caused by viruses, bacteria, fungi or pests
• ergonomic hazards caused by poor workplace design, layout or equipment use
• psychological hazards caused by bullying and harassment , discrimination, heavy workload or mismatch of employee skills with job duties.

Find information on managing risk in your state or territory

Australian capital territory.

Learn about risk management for your business on the Access Canberra website.

New South Wales

Read SafeWork NSW's work environment and facilities to help identify safety risks in your workplace.

Northern Territory

Read about the NT WorkSafe's small business safety program .

Read about risk management on the Queensland Government website.

South Australia

Find information on risk management on the South Australian Government website.

Read information on managing risk in your business on the Business Victoria website.

Find out what to include in your risk management plan.

Learn about the different insurance types to protect your business from risk., was this page helpful, thanks for sharing your feedback with us..

Our live chat service is open from 8am - 8pm, Monday to Friday, across Australia (excluding national public holidays ).

Learn about the other ways you can contact us .

All our experts are busy now. Please try again later or contact us another way

We're open from 8am - 8pm, Monday to Friday, across Australia (excluding national public holidays ).

We use cookies to give you a better experience on our website. Learn more about how we use cookies and how you can select your preferences.

• Our Approach
• Our Programs
• Group Locations
• Member Success Stories
• Become a Member
• Vistage Events
• Vistage CEO Climb Events
• Vistage Webinars
• Research & Insights Articles
• Leadership Resource & PDF Center
• A Life of Climb: The CEO’s Journey Podcast
• Perspectives Magazine
• Vistage CEO Confidence Index
• What is Vistage?
• 7 Laws of Leadership
• The CEO’s Climb
• Coaching Qualifications
• Chair Academy
• Apply to be a Vistage Chair

Research & Insights

• Talent Management
• Customer Engagement
• Business Operations
• Personal Development

Strategic Planning

Strategic planning: managing assumptions, risks and impediments

Share this:

• Click to share on LinkedIn (Opens in new window)
• Click to share on Facebook (Opens in new window)
• Click to share on X (Opens in new window)

While no one likes the idea of having one foot on the brake while doing strategic planning, there are very good reasons to take the time required to be cautious. We are speaking to the undeniable link between the business assumptions we make and the risks we introduce to the organization during strategic planning. In fact, the assumptions we base strategies upon can mushroom into grave risks and show-stopper impediments down the line – appearing out of nowhere when the business attempts to execute to a seemingly well-laid plan. Twelve to eighteen months into strategy implementation is too late to go back and ask, “What were we assuming…?” Given that time will always be of the essence, what kind of strategic assumption vetting and risk management is warranted? How much is enough?

Assumptions Introduce Risk

At a minimum, the planning process must involve an evaluation of the impacts that the strategy will have on the business to determine if it will actually help accomplish the outcomes intended. That is the absolute minimum requirement.

The strategic planing process is the one key point to get in front of idle supposition and truly manage assumptions, risks and impediments. When strategy is well developed, there will be an actual plan for implementation associated with the strategy. A holistic plan defines goals that support the strategy and addresses the operational tactics that will accomplish the goals. No business possesses a crystal ball to know exactly what will happen in the economy, financial markets or competitors next bold moves. That means that business assumptions are a necessary evil.

Given that we must rely upon certain assumptions to put strategic plans together and that risk will always be present (as will natural impediments to execution of strategy), the following sections will explore each of these factors at the planning level…beginning with a definition of terms and ending with approaches to better manage process.

What is an assumption in strategic planning?

The dictionary defines an assumption as follows: “ something taken for granted; a supposition ”.

Assumptions form the basis of strategies, and those underlying assumptions must all be fully vetted. Testing strategic assumptions requires allowing those involved with planning to back away from the “givens” and challenge them to ensure the team is not assuming the rosiest of scenarios on which to base strategy.

Considering that the synonyms for the word “assumption” includes words like “hypothesis”, “conjecture”, “guess”, “postulate” and “theory” the concept takes on a more weighty meaning in the  strategic planning process. Yes, assumptions are beliefs we take for granted, but they can be no better than guesses in many cases.

Assumptions are not always justifiable. Defending an assumption may be difficult, as facts are not always available to support the belief. That does not mean that they are incorrect, but it does underscore the challenge assumptions present in planning. In fact, assumptions are particularly difficult to even identify because they are usually unconscious beliefs.

An assumption about assumptions:

One can safely assume that if an assumption is sound, the inferences and conclusions associated with the assumption will also be sound. Unfortunately, the reverse is also safe to assume.

What is a risk in strategic planning?

As a noun, risk means something that may cause injury or harm or the chance of loss or the perils to the subject matter. As a transitive verb, risk means to “expose to hazard or danger” or “to incur the risk or danger of”.

In strategic planning, the definitions applying to both the noun and the transitive verb usage are relevant. A risk might be an event or condition that might occur in the future. Likewise, we may risk financial losses if we bet on an assumption that is incorrect.

An unmitigated risk can become an impediment, so risks must be evaluated in terms of the likelihood they will occur and the impact they will have if they do occur. If the impact/likelihood of a risk is high “enough”, we should identify a mitigation path – as an unmitigated risk can become an impediment later on.

All risk can never be removed from a strategic plan, therefore business planning teams must approach risk management from a Cost / Benefit perspective. Business risk mitigation in planning can cost speed, but if risks are addressed early the organization can avoid future impediments.

What is an impediment in strategic planning?

An impediment is something that makes movement or progress difficult. It differs from being a risk in that risks are future-based and an impediment is something that is occurring now.

During the strategic planning process, impediments might be grouped into macro or micro categories. Macro impediments might include: poor culture, business process inefficiencies, lack of job descriptions, no performance metrics and many other general types of issues. Micro impediments might include: core competency gaps, having people in the wrong roles, lack of sufficient tools to support business functions and technology / infrastructure issues.

Knowing business impediments and factoring them into the planning process adds realism to the strategy being developed and the operational tactics needed to implement it.

How should risks, assumptions and impediments be identified?

Identification of assumptions.

Strategic planning is a team sport, so working in teams is a great way to approach the identification of assumptions. In small groups, conduct a “round robin” to identify the assumptions within each strategic theme of the plan. Review the assumptions compiled by each team and discuss. This same approach can be used to identify impediments and risks.

The following are questions that assist to identify assumptions:

• Is there anything being taken for granted?
• Are there beliefs that we are ignoring that we shouldn’t?
• What beliefs are leading us to this conclusion?
• What is… (this project, strategy, explanation) assuming?
• Why are we assuming…?

Identification of Risks

Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the source of problems, or with the problem itself. Remember, risk sources may be internal or external to the organization. Examples of risk sources are: external stakeholders, employees, finance, political and even weather.

Risks are related to the identified threats from SWOT analysis, so that is another valuable reference during the identification process. For example: the threat of losing money, the threat of a major planned product launch being delayed or the threat of a labor strike disrupting critical manufacturing operations. The threats may exist with various entities, most importantly with shareholders, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: banks withdrawing funding support for expansion; confidential information may be stolen by employees; weather delaying construction projects, etc.

Additionally, other methods of risk identification may be applied, dependent upon culture, industry practice and compliance. For instance, objectives-based risk identification can focus on any potential threats to achieving strategic objectives. Any event that may endanger achieving an objective partly or completely can be identified as risk. Scenario-based risk identification – In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk. As a final example, a taxonomy-based risk identification can be utilized, where the taxonomy is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire can be compiled and the answers to the questions used to reveal risks.

How should risks, assumptions and impediments be dealt with?

Dealing with identified assumptions essentially becomes a task of translating the assumption to a risk. Once all risks have been identified, they must then be assessed as to their potential severity of impact (generally a negative impact, such as damage or loss) and to the probability of occurrence.

The assessment of risk is critical to make the best educated decisions in order to mitigate known risks properly. Once risks have been identified and assessed, the strategies to manage them typically include transferring the risk to another party, avoiding the risk, reducing the negative effect or probability of the risk, or even accepting some or all of the potential or actual consequences of a particular risk.

Taking the time and caution to identify, asses and deal with the risks and other factors will always be a worthy investment, even when time is of the essence. The vetting of these factors will pay off in smooth implementation of the strategic plan down the line. Your plan can proceed, free of the potholes and other roadblocks that, with a little planning, might well have derailed the best-laid plans.

Related articles:

Four innovation strategies to take your company from complacent to competitive

Category : Strategic Planning

Vistage facilitates confidential peer advisory groups for CEOs and other senior leaders, focusing on solving challenges, accelerating growth and improving business performance. Over 45,000 high-caliber execu

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Gain deeper insights when you join Vistage

Take advantage of peer advisory group advice, 1-to-1 executive coaching, industry networks, exclusive events and more.

Privacy Policy

Your contact and business information will be used to fulfill this request and to share other Vistage services.

See Vistage's Privacy Policy for details.

Privacy Overview

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

Why Are Major Risks in the Business Plan?

• Small Business
• Business Planning & Strategy
• Business Risk
• ')" data-event="social share" data-info="Pinterest" aria-label="Share on Pinterest">
• ')" data-event="social share" data-info="Reddit" aria-label="Share on Reddit">
• ')" data-event="social share" data-info="Flipboard" aria-label="Share on Flipboard">

Purpose of Financial Analysis

Strategic analysis of a company, what is 'systems thinking' in business.

• The Purpose of Analytical Business Reports
• Fundamental Principles of Strategic & Business Planning Models

Risk factors are possible events that, should they happen, could cause a company’s revenues or profits to be lower than what the owner had forecast. They are a standard part of a thorough business plan, whether the plan is designed for internal use by the management team or will be presented to outside investors. Risk factors are also called threats, because they threaten the business’s success and in extreme circumstances even its survival.

Encourages Contingency Planning

The risk factors section of the business plan should go beyond simply listing what might go wrong. Being aware of what could negatively impact the company is important, but the real value of including risk factors is the business owner’s thinking process to determine how she would mitigate the risks to minimize the financial damage to her company. The thinking process is referred to as contingency planning, also know as “what if” analysis. The business owner will make changes to her marketing strategies, operations and financial management in response to these risks becoming a reality.

Focus on the Business Environment

A company should have a system in place to gather information about emerging or potential risks. Monitoring competitors on an ongoing basis is one aspect of this system. The decisions a company’s competitors make pose threats, because they are designed to give the competitors a stronger market position by taking potential business away from the company. Risk factors are not just considered at the time the company is preparing its annual business plan -- they are year-round considerations, because new threats emerge throughout the year.

Alert Potential Investors

A venture capital firm or angel investor that is contemplating putting money into a business enterprise must assess the risk that the company’s financial results will be lower than forecast. The value of the company grows as the revenues and profits of the business grow. The risk factors alert the investor to the fact there is always a possibility of losing part or all of the money he puts into the company. If the investor believes the risks could severely hurt the company should they occur, he may decline to make the investment. As a practical matter, sophisticated investors do their own risk analysis prior to putting money in a company, but the fact the management team is aware of, and has strategies for dealing with, the risks can make the investors more confident about the management team’s abilities.

Moving Forward Confidently

Analyzing risk factors allows the management team to be confident it is ready for whatever business environment the company may face in the upcoming year and beyond. The team has strategies in place that can be quickly implemented to minimize the damage caused by threats from competitors or changes in the overall economy. The management team assesses which risks are most likely to become actual threats and which have a very low likelihood of occurring. Owners of companies will always have external threats to worry about, but the risk analysis process helps reduce the number of worries to those that have the potential to negatively impact their revenues or profits.

• Inc.: Managing Risk in a New Venture

Brian Hill is the author of four popular business and finance books: "The Making of a Bestseller," "Inside Secrets to Venture Capital," "Attracting Capital from Angels" and his latest book, published in 2013, "The Pocket Small Business Owner's Guide to Business Plans."

Related Articles

How do changes in the business environment affect the cost and profit analysis, why perform a swot analysis, what happens when businesses have contingency plans, key concepts of financial management, business enterprise planning, what is the business planning process, what are the parts of an effective risk management program, what is the meaning of corporate planning, assessment strategies in business, most popular.

• 1 How Do Changes in the Business Environment Affect the Cost and Profit Analysis?
• 2 Why Perform a SWOT Analysis?
• 3 What Happens When Businesses Have Contingency Plans?
• 4 Key Concepts of Financial Management

The state of AI in early 2024: Gen AI adoption spikes and starts to generate value

If 2023 was the year the world discovered generative AI (gen AI) , 2024 is the year organizations truly began using—and deriving business value from—this new technology. In the latest McKinsey Global Survey  on AI, 65 percent of respondents report that their organizations are regularly using gen AI, nearly double the percentage from our previous survey just ten months ago. Respondents’ expectations for gen AI’s impact remain as high as they were last year , with three-quarters predicting that gen AI will lead to significant or disruptive change in their industries in the years ahead.

About the authors

This article is a collaborative effort by Alex Singla , Alexander Sukharevsky , Lareina Yee , and Michael Chui , with Bryce Hall , representing views from QuantumBlack, AI by McKinsey, and McKinsey Digital.

Organizations are already seeing material benefits from gen AI use, reporting both cost decreases and revenue jumps in the business units deploying the technology. The survey also provides insights into the kinds of risks presented by gen AI—most notably, inaccuracy—as well as the emerging practices of top performers to mitigate those challenges and capture value.

AI adoption surges

Interest in generative AI has also brightened the spotlight on a broader set of AI capabilities. For the past six years, AI adoption by respondents’ organizations has hovered at about 50 percent. This year, the survey finds that adoption has jumped to 72 percent (Exhibit 1). And the interest is truly global in scope. Our 2023 survey found that AI adoption did not reach 66 percent in any region; however, this year more than two-thirds of respondents in nearly every region say their organizations are using AI. 1 Organizations based in Central and South America are the exception, with 58 percent of respondents working for organizations based in Central and South America reporting AI adoption. Looking by industry, the biggest increase in adoption can be found in professional services. 2 Includes respondents working for organizations focused on human resources, legal services, management consulting, market research, R&D, tax preparation, and training.

Also, responses suggest that companies are now using AI in more parts of the business. Half of respondents say their organizations have adopted AI in two or more business functions, up from less than a third of respondents in 2023 (Exhibit 2).

Future frontiers: Navigating the next wave of tech innovations

Join Lareina Yee and Roger Roberts on Tuesday, July 30, at 12:30 p.m. EDT/6:30 p.m. CET as they discuss the future of these technological trends, the factors that will fuel their growth, and strategies for investing in them through 2024 and beyond.

Gen AI adoption is most common in the functions where it can create the most value

Most respondents now report that their organizations—and they as individuals—are using gen AI. Sixty-five percent of respondents say their organizations are regularly using gen AI in at least one business function, up from one-third last year. The average organization using gen AI is doing so in two functions, most often in marketing and sales and in product and service development—two functions in which previous research  determined that gen AI adoption could generate the most value 3 “ The economic potential of generative AI: The next productivity frontier ,” McKinsey, June 14, 2023. —as well as in IT (Exhibit 3). The biggest increase from 2023 is found in marketing and sales, where reported adoption has more than doubled. Yet across functions, only two use cases, both within marketing and sales, are reported by 15 percent or more of respondents.

Gen AI also is weaving its way into respondents’ personal lives. Compared with 2023, respondents are much more likely to be using gen AI at work and even more likely to be using gen AI both at work and in their personal lives (Exhibit 4). The survey finds upticks in gen AI use across all regions, with the largest increases in Asia–Pacific and Greater China. Respondents at the highest seniority levels, meanwhile, show larger jumps in the use of gen Al tools for work and outside of work compared with their midlevel-management peers. Looking at specific industries, respondents working in energy and materials and in professional services report the largest increase in gen AI use.

Investments in gen AI and analytical AI are beginning to create value

The latest survey also shows how different industries are budgeting for gen AI. Responses suggest that, in many industries, organizations are about equally as likely to be investing more than 5 percent of their digital budgets in gen AI as they are in nongenerative, analytical-AI solutions (Exhibit 5). Yet in most industries, larger shares of respondents report that their organizations spend more than 20 percent on analytical AI than on gen AI. Looking ahead, most respondents—67 percent—expect their organizations to invest more in AI over the next three years.

Where are those investments paying off? For the first time, our latest survey explored the value created by gen AI use by business function. The function in which the largest share of respondents report seeing cost decreases is human resources. Respondents most commonly report meaningful revenue increases (of more than 5 percent) in supply chain and inventory management (Exhibit 6). For analytical AI, respondents most often report seeing cost benefits in service operations—in line with what we found last year —as well as meaningful revenue increases from AI use in marketing and sales.

Inaccuracy: The most recognized and experienced risk of gen AI use

As businesses begin to see the benefits of gen AI, they’re also recognizing the diverse risks associated with the technology. These can range from data management risks such as data privacy, bias, or intellectual property (IP) infringement to model management risks, which tend to focus on inaccurate output or lack of explainability. A third big risk category is security and incorrect use.

Respondents to the latest survey are more likely than they were last year to say their organizations consider inaccuracy and IP infringement to be relevant to their use of gen AI, and about half continue to view cybersecurity as a risk (Exhibit 7).

Conversely, respondents are less likely than they were last year to say their organizations consider workforce and labor displacement to be relevant risks and are not increasing efforts to mitigate them.

In fact, inaccuracy— which can affect use cases across the gen AI value chain , ranging from customer journeys and summarization to coding and creative content—is the only risk that respondents are significantly more likely than last year to say their organizations are actively working to mitigate.

Some organizations have already experienced negative consequences from the use of gen AI, with 44 percent of respondents saying their organizations have experienced at least one consequence (Exhibit 8). Respondents most often report inaccuracy as a risk that has affected their organizations, followed by cybersecurity and explainability.

Our previous research has found that there are several elements of governance that can help in scaling gen AI use responsibly, yet few respondents report having these risk-related practices in place. 4 “ Implementing generative AI with speed and safety ,” McKinsey Quarterly , March 13, 2024. For example, just 18 percent say their organizations have an enterprise-wide council or board with the authority to make decisions involving responsible AI governance, and only one-third say gen AI risk awareness and risk mitigation controls are required skill sets for technical talent.

Bringing gen AI capabilities to bear

The latest survey also sought to understand how, and how quickly, organizations are deploying these new gen AI tools. We have found three archetypes for implementing gen AI solutions : takers use off-the-shelf, publicly available solutions; shapers customize those tools with proprietary data and systems; and makers develop their own foundation models from scratch. 5 “ Technology’s generational moment with generative AI: A CIO and CTO guide ,” McKinsey, July 11, 2023. Across most industries, the survey results suggest that organizations are finding off-the-shelf offerings applicable to their business needs—though many are pursuing opportunities to customize models or even develop their own (Exhibit 9). About half of reported gen AI uses within respondents’ business functions are utilizing off-the-shelf, publicly available models or tools, with little or no customization. Respondents in energy and materials, technology, and media and telecommunications are more likely to report significant customization or tuning of publicly available models or developing their own proprietary models to address specific business needs.

Respondents most often report that their organizations required one to four months from the start of a project to put gen AI into production, though the time it takes varies by business function (Exhibit 10). It also depends upon the approach for acquiring those capabilities. Not surprisingly, reported uses of highly customized or proprietary models are 1.5 times more likely than off-the-shelf, publicly available models to take five months or more to implement.

Gen AI high performers are excelling despite facing challenges

Gen AI is a new technology, and organizations are still early in the journey of pursuing its opportunities and scaling it across functions. So it’s little surprise that only a small subset of respondents (46 out of 876) report that a meaningful share of their organizations’ EBIT can be attributed to their deployment of gen AI. Still, these gen AI leaders are worth examining closely. These, after all, are the early movers, who already attribute more than 10 percent of their organizations’ EBIT to their use of gen AI. Forty-two percent of these high performers say more than 20 percent of their EBIT is attributable to their use of nongenerative, analytical AI, and they span industries and regions—though most are at organizations with less than $1 billion in annual revenue. The AI-related practices at these organizations can offer guidance to those looking to create value from gen AI adoption at their own organizations.

To start, gen AI high performers are using gen AI in more business functions—an average of three functions, while others average two. They, like other organizations, are most likely to use gen AI in marketing and sales and product or service development, but they’re much more likely than others to use gen AI solutions in risk, legal, and compliance; in strategy and corporate finance; and in supply chain and inventory management. They’re more than three times as likely as others to be using gen AI in activities ranging from processing of accounting documents and risk assessment to R&D testing and pricing and promotions. While, overall, about half of reported gen AI applications within business functions are utilizing publicly available models or tools, gen AI high performers are less likely to use those off-the-shelf options than to either implement significantly customized versions of those tools or to develop their own proprietary foundation models.

What else are these high performers doing differently? For one thing, they are paying more attention to gen-AI-related risks. Perhaps because they are further along on their journeys, they are more likely than others to say their organizations have experienced every negative consequence from gen AI we asked about, from cybersecurity and personal privacy to explainability and IP infringement. Given that, they are more likely than others to report that their organizations consider those risks, as well as regulatory compliance, environmental impacts, and political stability, to be relevant to their gen AI use, and they say they take steps to mitigate more risks than others do.

Gen AI high performers are also much more likely to say their organizations follow a set of risk-related best practices (Exhibit 11). For example, they are nearly twice as likely as others to involve the legal function and embed risk reviews early on in the development of gen AI solutions—that is, to “ shift left .” They’re also much more likely than others to employ a wide range of other best practices, from strategy-related practices to those related to scaling.

In addition to experiencing the risks of gen AI adoption, high performers have encountered other challenges that can serve as warnings to others (Exhibit 12). Seventy percent say they have experienced difficulties with data, including defining processes for data governance, developing the ability to quickly integrate data into AI models, and an insufficient amount of training data, highlighting the essential role that data play in capturing value. High performers are also more likely than others to report experiencing challenges with their operating models, such as implementing agile ways of working and effective sprint performance management.

About the research

The online survey was in the field from February 22 to March 5, 2024, and garnered responses from 1,363 participants representing the full range of regions, industries, company sizes, functional specialties, and tenures. Of those respondents, 981 said their organizations had adopted AI in at least one business function, and 878 said their organizations were regularly using gen AI in at least one function. To adjust for differences in response rates, the data are weighted by the contribution of each respondent’s nation to global GDP.

Alex Singla and Alexander Sukharevsky  are global coleaders of QuantumBlack, AI by McKinsey, and senior partners in McKinsey’s Chicago and London offices, respectively; Lareina Yee  is a senior partner in the Bay Area office, where Michael Chui , a McKinsey Global Institute partner, is a partner; and Bryce Hall  is an associate partner in the Washington, DC, office.

They wish to thank Kaitlin Noe, Larry Kanter, Mallika Jhamb, and Shinjini Srivastava for their contributions to this work.

This article was edited by Heather Hanselman, a senior editor in McKinsey’s Atlanta office.

Explore a career with us

Related articles.

Moving past gen AI’s honeymoon phase: Seven hard truths for CIOs to get from pilot to scale

A generative AI reset: Rewiring to turn potential into value in 2024

Implementing generative AI with speed and safety

Explainer: What are Harris' business views? Friendly to Big Tech, aggressive in climate fight

• Medium Text

• Alphabet Inc Follow
• eBay Inc Follow
• Intuit Inc Follow

TECH REGULATION

Wall street, artificial intelligence.

Sign up here.

Reporting by Greg Bensinger in San Francisco, Valerie Volcovici and Ahmed Aboulenein in Washington, and Chris Prentice, Echo Wang, Megan Davies, Lananh Nguyen and Nupur Anand in New York; editing by Chris Sanders, Leslie Adler and Alistair Bell

Our Standards: The Thomson Reuters Trust Principles. , opens new tab

Trump tells Christians they won't have to vote after this election

Republican presidential candidate Donald Trump told Christians on Friday that if they vote for him this November, "in four years, you don't have to vote again. We'll have it fixed so good, you're not gonna have to vote."

Is this the solution to California’s soaring insurance prices due to wildfire risk?

• Copy Link URL Copied!

In the past several years, homeowners across the state have been either burdened with extremely high insurance premiums or have struggled to find coverage at all. Wildfires have sent California’s homeowners insurance market into crisis and the situation is only getting worse. So far, 2024 has seen 219,247 acres burned , more than 20 times the amount this time last year. As wildfires become more frequent and destructive, insurers have worked to lower their risk exposure through rate hikes, nonrenewals, and even halting new policies in the state entirely.

New buyers and those whose policies have not been renewed have limited options since the biggest companies, State Farm, Farmers, Allstate, USAA, Travelers, Nationwide and Chubb, have limited or paused new policies in the last few years. Earlier this month State Farm’s cancellations of 30,000 homeowner policies mostly in high wildfire risk areas, took effect. In late June, State Farm requested a 31% rate increase , its largest increase in recent history, on the heels of a 22% increase earlier this year. Allstate also recently filed a request for a significant 34% rate increase .

Homeowners are finding the expense and lack of options unsustainable. Sharon Goldman, longtime resident of the Pacific Palisades, has not had her policy canceled yet, but she has seen increases to her premium and worries she could be next. In her ZIP Code the wildfire risk is high, and State Farm decided to not renew 70% of their policies. Starting in 2019, rates of nonrenewals in high- and very high-risk areas grew to 14% compared with 3% and 2% for moderate- and low-risk areas.

Goldman, using her maiden name out of concern for retribution from State Farm, has paid her premiums each year since she bought her home 50 years ago. She has never filed a claim. But she has seen her rate increase 78% in the past two years. Her agent has told her that her fire coverage will be replaced with the state-run FAIR plan in 2025, an increasingly common insurer strategy that leaves homeowners paying more for less coverage.

Goldman and her neighbors are left wondering what options they have left. She hears stories of people paying tens of thousands a year, an impossible amount for her to cover on her retirement budget. She has started looking into moving out of state and out of the home where she raised her children.

While the state does not require insurance, mortgage lenders do. So, going without is not an option for many. Those whose mortgage is paid off, like Goldman, may not be comfortable leaving their home, typically their most expensive asset, uninsured. High rates and loss of fire coverage have pushed desperate homeowners to riskier nonadmitted carriers or to the state-run FAIR plan, meant to be the plan of last resort. But the California Department of Insurance worries that it is quickly becoming overburdened.

Over the past year, Insurance Commissioner Ricardo Lara has been rolling out his plan to increase policy writing in vulnerable areas and get people off of the FAIR plan. One big component of his strategy is allowing insurers to use wildfire catastrophe models to set overall rates. Insurers say the tool would help them more accurately predict the correct rate for the amount of risk.

As a trade-off, Lara says companies that use these models will be required to increase service in distressed areas with a high wildfire risk and a high concentration of FAIR plan policies.

In public workshops held by the Department of Insurance, consumer advocates raised concerns about a lack of transparency with “black box” models that may be used to justify unnecessary rate hikes. Industry advocates are concerned the plan will take too long to implement when they desperately need changes now.

How likely is it a house will be damaged in a wildfire?

There are many versions of catastrophe models. Each modeling company has their own proprietary analysis but they all generally use the same data inputs to answer the same question.

Each modeled event starts with an ignition , the probability that a fire will start at that location, spread , the probability that the fire will travel based on the land cover in the area, and property characteristics . Using those data, the model simulates a large number of possible outcomes for a given location, estimates the likelihood that a structure will burn from wildfire, and calculates the loss for any buildings there.

The USDA Forest Service developed a national analysis of wildfire risk that is similar to what models created for insurance companies would look like. Based on vegetation and fire-behavior fuel models, topographic data, historical weather patterns and long-term simulations of large wildfire behavior, their wildfire likelihood map shows the probability of a fire in any given year.

A critical part of predicting the potential spread of the fire is the available fuel. The Forest Service’s land cover classifications are used in many wildfire models. They specify 40 different fuel types such as grass, shrub, timber, and nonburnable types. Each category is further subdivided based on depth of the cover and humidity or aridity of the climate.

For example , in an arid climate, coarse continuous grass at a depth of 3 feet would have a very high spread rate. A combination of low grass or shrubs and dead leaves or needles in the forest would have a low spread rate.

Property characteristics such as the type of roof or whether the siding is fire-resistive make a significant difference in whether a structure will ignite from wildfire embers. The Center for Insurance Policy and Research found that structural modifications can reduce wildfire risk up to 40%, and structural and vegetation modifications combined can reduce wildfire risk up to 75%.

All of these factors are combined in the model with information about the rebuilding cost and level of coverage to generate an amount of risk unique to the individual property.

Could these models turn the industry around?

Currently, companies are required to calculate their projected losses, on which their overall rates are based, using a historical view of wildfire loss over the previous 20 years. As wildfires increase, however, this means that the average loss trails behind the current state of wildfire risk.

Nancy Watkins, an actuary and principal at the insurance consulting firm Milliman, said that she believes the inclusion of catastrophe models could save the industry. She analyzed the effect of a model on rates compared with using just historical experience. While the rates would generally be higher, the increases would be more even.

In April during a public meeting, Allstate said that if wildfire catastrophe models were allowed, they would once again start writing new policies in the state.

But wildfire catastrophe models are already used by insurance companies in California for some business decisions and have been for some time. They use models to determine where to write or renew policies, which is one of the reasons nonrenewals have disproportionately happened in high-risk areas.

In recent rate filings, Allstate, Farmers and State Farm cited a modeled wildfire risk score as the basis for not renewing policies. Allstate used CoreLogic’s Risk Meter score in 2019 to classify all policies that fell above certain risk thresholds as ineligible for renewal. A 2023 filing from Farmers documents eligibility guidelines for new and renewing policies that sets a risk level using Verisk’s FireLine and Zesty.ai’s Z-FIRE scores. State Farm’s recent 30,000 nonrenewals are based on CoreLogic’s Brushfire Risk Layer.

Amy Bach, executive director of United Policyholders, says that wildfire models worked their way into rates without enough state oversight. “We didn’t regulate the use of risk scores and now [they] are having a dramatic impact on the market and the genie is out of the bottle.”

Some companies use models to assess relative risk between properties and adjust individual rates accordingly. State Farm multiplies its base rate by a location rating factor, calculated using catastrophe models produced by CoreLogic and Verisk. Areas with high wildfire risk have seen dramatic increases in the location rating factor in the past few years.

This process is called segmentation and the Department of Insurance is aware that it is opaque. Department spokesperson Michael Soller says, “People do not know what their risk score is. They don’t know what goes into the risk score. It’s a black box. Yet, the risk score can be used to [charge you] double what somebody else pays.”

How much has your State Farm premium changed because of wildfire risk?

Some high-risk areas have seen rate increases of nearly 300% since 2020.

July 26, 2024

While these situations are significant for some, they generally only apply to select high-risk properties. The median effect of the location rating factor has remained fairly stable.

But under the commissioner’s new policy, model results could also be incorporated directly into the overall rate. Soller says that one important difference in this new regulation is that for a model to be valid, it will need to incorporate property and community level risk mitigation into rates, including state agency forest thinning and utility company efforts. As more investment goes into making communities safer, in theory the rates should decrease.

Only you can prevent forest fires?

Wildfire mitigation happens at the state and local level. Since 2020, in addition to baseline spending, California has allocated more than $2.6 billion towards its wildfire and forest resilience package. 872 communities in the state are registered participants in Firewise USA, a program administered by the National Fire Protection Association that sets standards for fire safety.

For an individual, retrofitting one’s home for wildfire resistance is not cheap. On average, homeowners spend $15,000 on a new roof.

As of October 2022, companies such as State Farm that use wildfire models in segmentation are already supposed to give mitigation discounts. A February filing from State Farm breaks down how their discounts would work in a low-, medium- and high-risk area.

For the low-risk group, the dollar amount saved may not be worth the investment in mitigation. For the high-risk group, the slightly lower percentage reductions would still result in more substantial dollar amounts saved.

According to the State Farm documents, these discounts are given at a set rate for all properties across the state. Granular catastrophe models take into account the impact of mitigation on the property level, nearby community mitigation and any recent wildfire history that might indicate a temporarily reduced risk.

However, a complaint raised several times during the regulation workshops was that when homeowners do spend money, often thousands, on lowering risk, they do not see any changes in their insurance premiums. Some say their policies were still dropped.

Goldman has already completed the property-level mitigation work. She has a class A Spanish tile roof. She does the brush clearance every year. This past year it cost about $1,200. She even has an outdoor sprinkler system. But she did not learn about mitigation from her insurance company. Instead, it was on one of Bach’s monthly educational community calls where she got the idea to install fire-resistant vents.

Sharon Goldman walks through the exterior of her home where she has lived for about 50 years and raised four kids in Pacific Palisades. (Dania Maxwell/Los Angeles Times)

And yet, she has not received a mitigation credit from State Farm and has not received any information about how to receive one. When she asked her agent whether the work she had done on her home qualified for a discount he said no. The Department of Insurance says that they review consumer complaints for rate accuracy and conduct regular examinations of insurance companies. They noted that concerned consumers should contact them to review their specific situation.

Making models a reality

The catastrophe modeling regulation requires insurers to submit their modeling information to the Department of Insurance for review by an internal model advisor and any necessary consultants. Some proprietary information is allowed to remain confidential but proponents of the plan say that the regulators will have all the information they need to assess the models even if the general public does not.

The department says it is still considering public input from the most recent workshop and has no further plans for additional workshops. Once the regulation is finalized there will be a public hearing. Commissioner Lara plans to have this regulation and the rest of the Sustainable Insurance Plan in place by the end of the year.

In addition to forward-looking catastrophe models, Lara’s plan will introduce the ability for insurance companies to include reinsurance costs in rates and to increase coverage in the FAIR plan. Details for both of those changes are expected to be released this month.

More to Read

California home insurance program accused of selling policies with subpar fire coverage

Allstate seeking 34% rate increase for California homeowners insurance

July 11, 2024

Opinion: Wildfire smoke kills thousands of Californians a year. It doesn’t have to be so deadly

July 2, 2024

Inside the business of entertainment

The Wide Shot brings you news, analysis and insights on everything from streaming wars to production — and what it all means for the future.

You may occasionally receive promotional content from the Los Angeles Times.

Gabrielle LaMarr LeMee is a data reporter on the Los Angeles Times Data Desk. She was previously the data editor at Chalkbeat, a nonprofit news organization covering education across several cities and states. LaMarr LeMee has a master’s degree in information design and data visualization from the College of Arts, Media and Design at Northeastern University.

More From the Los Angeles Times

World & Nation

Justice Department says TikTok collected U.S. user views on issues like abortion and gun control

July 27, 2024

Hollywood Inc.

Video game actors are on strike. Here’s what that means

From Heisman Trophy to SUV, O.J. Simpson property auction approved to pay off civil claims

Most of Wall Street leaps in a widespread rally, from big stocks to small

• Search Search Please fill out this field.
• Trading Skills
• Risk Management

How Do Modern Companies Assess Business Risk?

Gordon Scott has been an active investor and technical analyst or 20+ years. He is a Chartered Market Technician (CMT).

Before a business can assess or mitigate business risk , it must first identify probable or likely risks to its bottom line. There is no surefire method for identifying these risks, but companies rely on past experience for reasonably approximating what could happen. Risk processes naturally evolve and mature over time, but there are some fundamental principles that stay constant.

Key Takeaways

• Businesses are vulnerable to two broad forms of risk: internal and external.
• External risks include economic trends, government regulation, competition in the market and consumer taste changes that originate outside the firm.
• Internal risks include employee performance, procedural failure, and faulty or insufficient infrastructure and are much more controllable.
• A company should allocate capital based on risk as determined by cost-benefit analysis.

Assessing Business Risks

Business risks come in all shapes and sizes. This means that effective risk assessment must be adaptable to or uniquely designed for specific dangers. Whenever possible, a firm should group similar risks into comparable analytic processes.

Ideally, a company should allocate capital based on risk as determined by cost-benefit analysis. Every risk identification process should lead to effective analysis, and every analysis should inform corporate governance .

Internal vs. External Risk Analysis

Two broad forms of risk primarily affect a business: internal and external.

External Risks

External risks are those that originate outside of the firm and include economic trends, government regulation, competition in the market and consumer taste changes.

External risk assessment is almost always data heavy. Since most external risks are systemic to an economic system—and therefore outside of the control of the company—forecasts cannot be adjusted based on different corporate governance decisions.

The external assessment begins by categorizing potential risks. Some scales are nominal, and some are ordinal. Companies prefer nominal categories because they are easier to manipulate and compare. Quantitative techniques, such as benchmarking or probabilistic modeling, adapt to new data as it arrives. Companies can then track relevant indicators and create thresholds of acceptable risk for a given project.

Internal Risks

Internal risks affect far more specific and controllable processes. Risks include employee performance, procedural failure, and faulty or insufficient infrastructure. Companies use operational risk assessment for risk of loss from inadequate business decisions. Compliance risk assessment is crucial, particularly in tightly controlled industries, such as banking or agriculture.

Internal audit risks must be assessed, particularly for publicly traded companies. It wasn't long ago that companies simply operated on industry-standard practices. Modern companies, however, assess internal risks by considering the likelihood and impact on specific objectives.

• Terms of Service
• Editorial Policy
• Privacy Policy

You're reading a free article with opinions that may differ from The Motley Fool's Premium Investing Services. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. Learn More

Retirees in These 9 States Risk Losing Some of Their Social Security Checks

• The federal government taxes a portion of Social Security benefits if your income exceeds certain thresholds.
• Retirees in nine states may be subject to additional income taxes from their state government.
• With advance planning, it is often possible to reduce the amount of state taxes that you will owe.
• Motley Fool Issues Rare “All In” Buy Alert

Are you living in one of them?

Social Security is the foundation for most Americans' retirement plans. Without that benefit program, nearly 4 in 10 Americans 65 and older would have incomes that fall below the federal poverty line, according to the Center on Budget and Policy Priorities. The difference between keeping all of their benefits and losing even a portion of them can be massive for those households. And even for those who enter retirement on a solid financial footing, Social Security usually plays a key role in their budgets.

Unfortunately for people living in nine states, depending on their incomes, there's a chance they'll owe state income taxes on a portion of their Social Security benefits this year.

Here's what you need to know.

How are Social Security benefits taxed?

Anyone collecting Social Security ought to know the details of how the federal government taxes their benefits.

The federal government will tax a portion of your Social Security benefits if your "combined income" exceeds certain thresholds. Combined income is a special metric used just to determine Social Security taxes. It's equal to the sum of half your Social Security income, your adjusted gross income , and any untaxed interest income. Benefits are subject to taxation based on the following table.

Data source: Social Security Administration.

You might look at those thresholds and think they're quite low, and you'd be right. Congress has not updated them for inflation in over 30 years, and there's no plan in Washington to adjust them in the future. But as benefits receive cost-of-living adjustments almost every year, more and more retirees are paying taxes on some of their Social Security.

Careful planning could help you avoid a surprise tax bill come April. Retirees collecting Social Security need to consider how additional capital gains or retirement account withdrawals will impact their overall tax bill. But retirees in nine states have an extra consideration to worry about.

Image source: Getty Images.

9 states that tax Social Security

Most states don't tax Social Security benefits, and the number that do has been dropping. Kansas, for example, just eliminated its tax on Social Security earlier this year, effective for the 2024 tax year.

But nine states still impose some income taxes on some people's benefits. If you live in one of these states you should take the extra time to do some research on your personal situation or consult a professional to learn if there are ways to reduce your tax bill.

Here are the basics for each state.

Colorado: Taxpayers under 65 with more than $20,000 in taxable benefits on their federal income tax return will owe state income taxes on the amount above that threshold. Retirees 65 or older are exempt from state taxes on Social Security benefits. The state tax rate is 4.4%.

Connecticut: The portion of your Social Security income that is taxed at the federal level may be subject to state taxes in Connecticut if your adjusted gross income exceeds $75,000 for individuals or $100,000 for joint filers. However, the amount subject to state taxes is limited to 25% of your benefits, regardless of what percentage is taxed federally. The tax rate ranges from 2% to 4.5%.

Minnesota: Taxpayers can deduct up to $4,560 as individuals or $5,840 for married couples filing jointly in Social Security benefits from their taxable incomes. That deduction begins getting reduced for residents with combined incomes above $69,250 for individuals or $88,630 for married couples, and phases out completely at combined incomes of $78,000 or $100,000, respectively. The income tax rate ranges from 6.8% to 9.85%.

Montana: Any portion of your Social Security income that is taxed at the federal level is also subject to state income tax in Montana. The tax rate ranges from 4.7% to 5.9%.

New Mexico: Taxpayers with adjusted gross incomes exceeding $100,000 for individuals or $150,000 for married couples filing jointly will owe state taxes on any Social Security income that is also taxed at the federal level. https://www.tax.newmexico.gov/social-security-income-tax-exemption/ The state tax rate ranges from 4.9% to 5.9%.

Rhode Island: Taxpayers below their full retirement age as defined by Social Security with adjusted gross incomes above certain thresholds will owe taxes on any portion of Social Security income that is also taxed at the federal level. Those thresholds were $101,000 for individuals or $126,250 for married couples filing jointly in 2023, but they get adjusted for inflation each year. The tax rate ranges from 4.75% to 5.99%.

Utah: Taxpayers with adjusted gross incomes exceeding $45,000 for individuals or $75,000 for married couples filing jointly will owe taxes on any Social Security income that is taxed at the federal level. People below those thresholds qualify for a credit to offset the taxes. The tax rate is 4.65%.

Vermont: Taxpayers with adjusted gross incomes above $50,000 for individuals or $65,000 for married couples filing jointly will owe income taxes on at least a portion of any Social Security income included on their federal income tax return. The tax rate ranges from 3.35% to 8.75%.

West Virginia: 65% of any Social Security income included on your federal income tax return is subject to state income tax in West Virginia. However, those taxes are being phased out. In 2025, 35% will be taxable, and starting in 2026, the state will stop taxing benefits. The tax rate ranges from 2.55% to 5.525%.

Don't make decisions about where to retire based entirely on taxes

While retirees in those nine states may be subject to extra taxes, it's important to consider the big picture in retirement.

Hopefully, you'll have a long retirement, and states' tax policies can change drastically over time. Many have taken steps to reduce or eliminate their taxes on Social Security in just the past few years.

More important considerations for picking where you'll settle down in retirement may include the cost of living and what a community has to offer. Those factors can have much bigger impacts on your ability to live on your own terms in retirement than a few dollars worth of state taxes.

That said, there are many different ways to reduce your tax bill in retirement without changing where you live. Planning in advance, effectively using Roth retirement accounts, and managing your capital gains and losses can help avoid taxes and keep more of your retirement income for yourself.

The Motley Fool has a disclosure policy .

Related Articles

Premium Investing Services

Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services.

• Share full article

Advertisement

Supported by

your money adviser

How to Rein In Rising Auto Insurance Rates

Taking a safe driver course can save you 10 percent on the premium, one expert said. Improving your credit score can also help as can getting married.

By Ann Carrns

Even as inflation has eased , car insurance rates are rising by double digits. But drivers have some options for reining in premiums.

According to the Bureau of Labor Statistics, auto insurance costs were 19.5 percent higher in June than a year earlier. Insurers blame the higher cost of automobiles, parts and repairs, as well as more accidents because of lingering bad driving habits that spread during the depths of the pandemic. They have also cited increased losses from severe weather, including hail storms .

Most drivers already know about discounts available for “bundling” auto and homeowner insurance policies with the same carrier or for insuring multiple cars. But other tactics can help as well.

Becoming a better driver may help. Just one accident can mean you’re paying an average of 43 percent more than drivers with clean safety records, according to the financial website Bankrate, which analyzed insurance data from Quadrant Information Services. The average annual premium for a driver with full-insurance coverage and a pristine driving history is just over $2,300, the analysis found, while the average for a driver with one at-fault accident is about $3,300.

Cultivating safe habits behind the wheel — like setting your phone to “do not disturb” to avoid distraction, and keeping a safe distance from the car in front of you — can help avoid accidents, said Ryan Pietzsch, a driver safety expert with the National Safety Council, a nonprofit focused on reducing preventable injuries and death. He suggested following the “three second” rule: Note the car ahead of you as it passes a fixed object, like a sign along the road. Then, start counting slowly from one to three (say, “one, one thousand; two, one thousand; three, one thousand”). If your car passes the sign before you reach three, you’re too close.

Taking a safe driver course may save you 10 percent on your auto premium, said Benjamin Preston, an auto writer at Consumer Reports. Check with your agent to see if it’s an option in your state. Some courses charge a fee.

We are having trouble retrieving the article content.

Please enable JavaScript in your browser settings.

Thank you for your patience while we verify access. If you are in Reader mode please exit and  log into  your Times account, or  subscribe  for all of The Times.

Thank you for your patience while we verify access.

Already a subscriber?  Log in .

Want all of The Times?  Subscribe .