An enterprise-wide approach to risk management will enable a new company to consider the potential impact of all types of risk on all processes, activities, stakeholders and services. Implementing a comprehensive method will result in the company benefiting from the opportunities of risk management, including additional value created from operational decisions made by the company that will be reflected in revenue increases and cost savings.
Risk management should be the central part of a new company’s strategic management. The company should create a process to methodically address the risks associated with different activities. It should implement suitable risk responses based on the assessment of significant risks with an objective of achieving the maximum sustainable value from all activities. The goal should be to increase the probability of the company’s success and reduce the probability of failure and the level of uncertainty associated with achieving its goals. As risks are discovered, appropriate information about each risk should be recorded. Appropriate definitions should be established for different levels of risk including the likelihood and consequences associated with those risks. In most cases, there may be hazard risks, opportunity risks, or risks that may result in even greater uncertainty.
Starting a company is a highly risky and disruptive process in itself. There is a finite amount of time within which a new company needs to create enough revenue and gain enough market share to justify the funds received from its investors. This aggressive schedule requires the firm to adapt an experimental mindset for most of its activities. An experimental mindset allows for a research and development approach to work where testing, learning and adaptation have higher priority than standardization. The goal is to encourage less formal, exploratory behavior and provide a communications medium for rapid action-taking.
A new company should protect itself from operational threats by incorporating risk management into strategy in addition to tactics. Strategic decisions and associated risks should be made with the intention of achieving strategic benefits, including staying ahead of the competition. In this case, the mindset should be operational - creating a stable infrastructure supported by a standardized set of procedures and detailed budgets and schedules. This includes the choice of hardware and software; redundant configurations of mission critical IT systems and applications; utilization of external cloud technology and virtual environments; outsourcing of many infrastructure services to take advantage of lower costs and risks; ensuring that backups of all systems and applications are current and available both from local and offline or cloud-based storage; utilization of encryption; and anticipation of operational needs three to five years down the line. Risks within the projects should be managed so that the projects are delivered to specifications, on time and within budget. Aim should be to deliver projects early and under budget, thereby increasing the opportunity to gain benefits and advantage from risk management.
A new company’s greatest asset and value generator are its employees. To ensure alignment with enterprise risk management, new employee education should begin from the initial interview. Each individual possesses a unique and diverse combination of background, knowledge, history and experience. Not every person enjoys working in a dynamic start-up environment. The individuals who should be approached are those whose own risk tolerance aligns with the company’s enterprise risk tolerance. The interview process should ensure that employees who join the company share its propensity for both opportunity and risk.
Once an employee joins a new company, the company should do its best to maximize the employee retention. Employees should have access to the knowledge they need, as well as the obligation to share the knowledge which they acquire. Incentives should encourage employees to gather and share knowledge, through yearly reviews and enterprise-wide recognition. Through the company’s Enterprise Resource Planning (ERP) systems, in addition to their own level, all employees should have access to one level higher. In some cases, such an environment may create security concerns. However, the fact remains that a new company has a limited amount of time to succeed. Additionally, the highest value assets are its people. Enabling access to information and knowledge is therefore critical for the rapid success needed to guarantee its survival.
Knowledge-sharing through open communication should be established through the company’s culture from day one. The management should encourage people to come forward with new knowledge as well as concerns, problems and suggestions. From the risk management perspective, the most dangerous situations will arise when warning signs are ambiguous, and the event’s potential for causing the company harm is unclear. To avoid the situation where such risks are ignored, especially due to cultural biases, a new company should create a culture in which whistle-blowing is anticipated, even encouraged.
However, coming forward with a potential problem will not be enough to prevent ambiguous threats from turning into costly failures. A new company should therefore develop systematic capabilities for identifying, evaluating and responding to ambiguous threats. Ambiguous threats have a final window for recovery - a time period between the first sign of a potential problem and a major failure. The recovery window should be used as an opportunity to create a better process, procedure or service. This behavior will improve the company’s rapid problem-solving and teamwork skills through additional practice. It will also encourage employees to explore possible responses to threats through rapid, low-cost experimentation. Reacting to potential problems while simultaneously building capabilities will help the company to grow more innovative and stay ahead of the competition.