Key Risk Conversations to Have With Your Board and Investors


Building a startup is a risky business. The only way to stay ahead of the risks is to be aware and informed about them.

The board of directors, in particular, needs to know enough about the risks in the business to make well-rounded strategic decisions. As for investors, most of them do their own risk analysis on a startup before putting in money. But if the startup is upfront about identifying and discussing its risks with investors, it is more likely to inspire confidence and credibility. With that in mind, here are a few key risks that startups should definitely discuss with their board and investors.

Business Plan Risks

The purpose of analyzing your business plan risk is to demonstrate to investors and the board that you’ve thought through the major risks confronting the organization, and have developed effective strategies to deal with these risks. Your business plan should be able to survive when things go wrong. Because things will go wrong.

So, while developing your business plan, consider the following risk areas:

Market risk is the risk that the market will evolve in an unexpected way. For instance, your offering could be too early for the market. Many companies developed tablet computers in the early 2000s, including Microsoft, Fujitsu, and HP. But the market wasn’t ready then. Now it is hard to imagine life without a tablet computer. Sometimes markets take too long to develop, and cash runs out while a company is waiting for customers.

Product risk is the risk that the product can’t be developed as envisioned with the right economics, scale, or performance. Biotech firms often have a high degree of product risk. There is no certainty that they can produce the drug that is expected.

Financial risk is the risk that a company will run out cash before achieving a state where more funds can be raised. Customers don’t always materialize at the expected rates, and may not always renew their contracts. Often, costs are much higher than expected to achieve the set milestones. The cost of capital is also very high. Boards and directors want to know these risks have been analyzed, and that reasonable plans have been identified to mitigate them.

Talent risk is another major risk area. A startup’s performance is directly linked to the capabilities, expertise, and experience of its employees. Therefore, the startup needs to figure out how to find employees with the required skills and capabilities. They also need to factor in the cost of attracting and retaining these employees. Then at some point, most startups dream of going public. But do they have the time, effort, and money to do so? Filing an IPO is an expensive process. And there are multiple legal, reporting, and regulatory compliance risks involved. After all that, what if the company doesn’t take off? Also, what if ownership gets diluted? Many startups forget that when people are investing in a company, they have the right to vote on certain decisions. As a result, business goals and operation methods may change. Is the startup prepared for these risks?

Another risk area is that of acquisitions, divestitures, and mergers. The opportunities involved are plentiful. But acquiring or merging a company means absorbing their liabilities, risks, legal claims, compliance obligations, and everything else. It also means reconciling major cultural differences between two different workforces. Have these issues been considered? When I was part of the board for a company, it was not uncommon for us to spend as much time discussing the business risks as the opportunities of acquisitions. And that’s an approach that I continue to practice and recommend.

Cybersecurity Risks

Many startups think that they’re too insignificant to matter to cyber attackers. But, in fact, they are prime targets because unlike larger companies, startups don’t usually have the time or funds to implement sophisticated cybersecurity measures. Recently, the New York Times reported how several small Web startups—including Vimeo, Basecamp, Shutterstock, and MailChimp—were hit up by a wave of denial-of-service (DDoS) attacks.

Meanwhile, the latest internet security threat report from Symantec revealed that targeted spear-phishing attacks aimed at small businesses (1-250 employees) increased throughout 2013. One in five small businesses was targeted with at least one spear-phishing email.

Are startups doing enough to manage these risks? … Next Page »

Single PageCurrently on Page: 1 2

Shellye Archambeau is CEO of MetricStream, a Palo Alto, CA-based company offering governance, risk, compliance, and quality management solutions to enterprises in the pharmaceutical, medical device, high tech manufacturing, energy, financial services, healthcare, manufacturing, food and beverage, and automotive industries. Follow @metricstream

Trending on Xconomy