Risk Management

Simplified risk management methods for entrepreneurs

Entrepreneurship is all about risk management. I don't know any successful entrepreneurs who "like" to take risks. No one in their right mind likes to take risks. Entrepreneurs don't avoid risks either. Would they like to avoid risks, they would never start a business. Instead of avoiding risks, entrepreneurs prefer to accept risks and manage them, or rather manage the uncertainties that are at the root of the risks. 

Traditionally risks would be avoided of mitigated (financially) today risks are "managed" by focussing on the uncertainties that cause the risks and eliminate those uncertainties by doing trial and error learning by doing pilots using prototypes and taking you value propositions to your customers as soon as you can. Check before acting. Convert assumptions into facts. 

For emerging entrepreneurs its helpful to understand the basics of risk management, therefore we will cover the basics here. When you truly want to understand modern risk management, buy the book: Managing the Unknown.

Strategies to deal with risk:

When confronted with risk you can choose one of four strategies to deal with the risk:
  • Avoid
    • don't do there, don't do it
  • Accept
    • make your business can survive the damage
  • Transfer
    • hatch risk or take insurance
  • Manage
    • follow management of risks and uncertainties as explained below 
Risk management model


Low MediumHigh


Severe/criticalinsuremanage severely or avoidavoid
Moderatemanagemanage severelymagage severely
Limitedacceptaccept or managemanage

Basic formula for risk management:

Risk (exposure) = Chance x Damage

That means risks can be managed by reducing the chance that the damage happens or reducing the damage when it happens. For instance; you can manage your risk for high costs of dental care by brushing and flossing your teeth on a daily basis (reducing chance by proper precautions) and visiting a dentist regularly so he can fix dental caries in an early stage to save the tooth (reducing damage by early repair).

Actually you can do calculations on this formula. You can calculate the risk by multiplying the chance (average occurrence expressed in: 1/time) by the damage (maximum damage when occurrence happens). When you want to save on brushing and flossing, you reduce the direct costs involved with the precautions, but you increase the chance of damage happening. You can compare the costs of brushing and flossing with the costs of additional dental repair and decide whether you want to take the risk or not.

The problem with making these calculations is that its hard to find the right facts. When you need to guess the risk you will underestimate both the chance and the damage. When that happens, you will have underestimated the risk by twice that underestimation. For example, if you have underestimated both chance and damage by 50%, you will have underestimated the risk by 75% (50%*50%=25%) therefore the actual risk will be 4 times higher than you expect.

Decomposing risk in its elements chance and damage seems an elegant way to approach risk, but its not always clear whether a measure is focussed on reducing chance or damage. In the dental care example one can argue that going to the dentist is reducing change as well as reducing damage. Don't worry to much about that as log as the measures end up on the equitation.

Assumptions and risks
biggest risk
or risk
risk occurs (%)
assumption not true
Impact on business
when risk occurs or
when assumption not true
Risk Strategy
research strategy
validate assumption
What will you do
when risk occurs or
assumption not true
1Assumption or risk A
2Assumption or risk B
3Assumption or risk C
4Assumption or risk D
5Assumption or risk E
6Assumption or risk F
7Assumption or risk G
Source: https://docs.google.com/spreadsheets/d/1Z8HwXGcyd8_5YDZkaghv_QG7cpLPFRybztdMhJv0H2U/edit#gid=0

Case: Costa Concordia

Image courtesy of www.theaustralian.com.au/

Safety at sea is a big issue. Ships are constructed to certified specifications and are classified (inspected) regularly by surveyors like Det Norske Veritas and Lloyds. Officers and crew are certified and safety procedures on board and at sea are rigorously trained and maintained. Therefore, when procedures are followed, the risk of a ship running aground or sinking in good weather is almost nil. Yet the Costa Concordia ran aground and sank in good weather.

Say you are the captain of the Costa Concordia and you want to manage the risk of sinking your vessel and loosing your passengers and crew. What can you do to manage that risk:

Reduce Chance:
  1. Make sure the ship is sturdy and well maintained
  2. Make sure it has good safety procedures and these procedures are frequently trained
  3. Make sure your officers and crew are able and well trained seamen
  4. Make sure you navigate safely and keep a good watch
  5. Make sure you and your officers on the bridge are not distracted while navigating the ship
Reduce Damage
  1. Exercise evacuation of crew and passengers
  2. Exercise damage control crews
  3. Exercise communication protocols on board and ship to shore
  4. Run your ship aground when it is about to sink
What did the captain fail to do to reduce chance:
  • He decided to impress his girlfriend by passing close to shore (4)
  • His helmsman was late following rudder instructions and did not repeat the orders (3)
  • The officers and crew on the bridge were distracted by the captains girlfriend (5)
What did the captain fail to do to reduce the damage:
  • He failed to exercise emergency evacuation procedures properly (1)
  • The damage control crew failed to immediately report the extend of the damage (2)
  • The captain failed to maintain communication protocols by leaving the ship early and not communicating the extend of the damage to the proper authorities (3)
  • The captain did however ground his ship close to shore and therefore probably saved a lot of lives.
So in this case the risk could have been greatly reduced if captain, officers and crew would have followed safety rules and shown proper seamanship, therefore the captain is guilty of neglect and recklessness by endangering his ship and the lives of all aboard.

The big question is: "Why" did the Costa Concordia sink and "how" could the loss of the ship and the death of 32 passengers have been avoided? (hint: the captain is not the only one to blame).

Origins of risk in New Businesses:

Risk can originate on three levels:
  • Business risks (micro level)
    • usually mitigated by good management, training and precautions
  • Commercial risks (meso level)
    • usually mitigated by managing uncertainties, i.e. learning by investigation and trial and error
  • Financial risks (meso level)
    • Usually mitigated by hedging 
  • Environmental risks (macro level)
    • usually mitigated by either managing damages or insurance
Examples of business risks:
  • Fraud and theft (finance, information and privacy)
  • Corruption and nepotism
  • Accidents and disasters (fire and flooding, also environmental risk, so insurance is an option)
  • Spillage and Spoilage 
  • Project management and process management failure
  • HRM management failure
  • IT, communication and energy systems failure
  • Supply side failure
  • Distribution side failure
  • Fuck-ups in general
Examples of commercial risks:
  • Disappointing product/service sales
  • Disappointing product/service margins
  • Disappointing product/service quality/performance
  • Disappointing product/service costs
  • Disappointing product/service availability
  • Disappointing product/service warranty claims
  • Increased competition
  • Manufacturing issues
  • Technical issues
  • Liability issues
  • Intellectual property issues
  • Bad publicity issues
Examples of financial risks
  • price fluctuation of raw materials and energy
  • price fluctuation of exchange rates
  • price fluctuation of interest rates
  • credit risks
Examples of environmental risks:
  • Risks related to DEPESTII:
    • Demographic factors, such as aging and number of households;
    • Economic factors, such as purchasing power and inflation;
    • Political-legal factors, such as tax laws and legislation;
    • Environmental factors, such as climate, environment and natural resources;
    • Socio-cultural factors, such as concern for the environment and values;
    • Technological factors, such as the emergence of new technologies and Internet;
    • Institutional factors*, such as a civil society, independent courts, access to education, good government;
    • Infrastructural factors*, open borders, access to transport, access to energy/water/sewage, access to banking.
  • Natural disasters
  • Social breakdown (civil upheaval and war)
  • Economic crisis
  • Bad government and institutional breakdown
  • Infrastructure breakdown (ports, roads, railways, airports, power, telephone and internet)
  • Robbery and piracy
  • Corruption and extortion

Additional Resources

(c) Nils de Witte - 2003