key risks business plan

This free Notion document contains the best 100+ resources you need for building a successful startup, divided in 4 categories: Fundraising, People, Product, and Growth.

This free eBook goes over the 10 slides every startup pitch deck has to include, based on what we learned from analyzing 500+ pitch decks, including those from Airbnb, Uber and Spotify.

This free sheet contains 100 accelerators and incubators you can apply to today, along with information about the industries they generally invest in.

This free sheet contains 100 VC firms, with information about the countries, cities, stages, and industries they invest in, as well as their contact details.

This free sheet contains all the information about the top 100 unicorns, including their valuation, HQ's location, founded year, name of founders, funding amount and number of employees.

12 Types of Business Risks and How to Manage Them

Description

Everything you need to raise funding for your startup, including 3,500+ investors, 7 tools, 18 templates and 3 learning resources.

Information about the countries, cities, stages, and industries they invest in, as well as their contact details.

List of 250 startup investors in the AI and Machine Learning industries, along with their Twitter, LinkedIn, and email addresses.

List of startup investors in the BioTech, Health, and Medicine industries, along with their Twitter, LinkedIn, and email addresses.

List of startup investors in the FinTech industry, along with their Twitter, LinkedIn, and email addresses.

90% of startups fail .

Thanks to the explosion of the digital economy, business founders have plenty of opportunities that they can tap into to build a winning business.

Unfortunately, there is a myriad of challenges your new business has to navigate through. These risks are inevitable, and they are a part of life in the business world.

However, without the right plan, strategy, and instruments, your business might be drowned by these challenges.

Therefore, we have created this guide to show you how can your business utilize risk management to succeed in 2022.

There are many types of startup and business risks that entrepreneurs can expect to encounter in 2022. Most of these threats are prevalent in the infancy stages of a business.

To know what you’ll be up against, here is a breakdown of the 12 most common threats.

12 Business Risks to Plan For

1) economic risks.

Failure to acquire adequate funding for your business can damage the chances of your business succeeding.

Before a new business starts making profits, it needs to be kept afloat with money. Bills will pile up, suppliers will need payments, and your employees will be expecting their salaries.

To avoid running into financial problems sooner or later, you need to acquire enough funds to shore up your business until it can support itself.

On the side, world and business country's economic situation can change either positively or negatively, leading to a boom in purchases and opportunities or to a reduction in sales and growth.

If your business is up and running, a great way to limit the effect of negative economic changes is to maintain steady cash flow and operate under the lean business method.

Here's an article from a founder explaining how he set up a lean budget on his $400k/year online business.

2) Market Risks

Misjudging market demand is one of the primary reasons businesses fail .

To avoid falling into this trap, conduct detailed research to understand whether you will find a ready market for what you want to sell at the price you have set.

Ensure your business has a unique selling point, and make sure what you offer brings value to the buyers.

To know whether your product will suit the market, do a survey, or get opinions from friends and potential customers.

Building a Minimum Viable Product of that business idea you've had is the recommendations made by most entrepreneurs.

This site, for example, was built in just 3 weeks and launched into the market to see if there was any interest in the type of content we offered.

The site was ugly, had little content and lacked many features. Yet, +7,700 users visited it within the first week, which made us realize we should keep working on this.

90% of startups fail. Learn how to not to with our weekly guides and stories. Join 40,000+ founders.

3) Competitive Risks

Competition is a major business killer that you should be wary of.

Before you even start planning, ask yourself whether you are venturing into an oversaturated market.

Are there gaps in the market that you can exploit and make good money?

If you have an idea that can give you an edge, register it. This will prevent others from copying your product, re-innovating it, and locking you out of what you started.

Competitive risks are also those actions made by competitors that prevent a business from earning more revenue or having higher margins.

4) Execution Risks

Having an idea, a business plan, and an eager market isn’t enough to make your startup successful.

Most new companies put a lot of effort into the initial preparation and forget that the execution phase is equally important.

First, test whether you can develop your products within budget and on time. Also, check whether your product will function as intended and whether it’s possible to distribute it without taking losses.

5) Strategic Risks

Business strategies can lead to the growth or decline of a company.

Every strategy involves some risk, as time & resources are generally involved to put them into practice.

Strategic risk in the chance that an implemented strategy, therefore, results in losses.

If, for example, the Marketing Department of a company implements a content marketing strategy and a lot of months, time & money later the business doesn't see any ROI, this becomes a strategic risk.

6) Compliance Risks

Compliance risks are those losses and penalties that a business suffers for not complying with countries' and states' regulations & laws.

There are some industries that are highly-regulated so the compliance risks of businesses within them are super high.

For example, in May 2018, the EU Commission implemented the General Data Protection Regulation (GDPR), a law in privacy and data protection in the EU, which affected millions of websites.

Those websites that weren't adapted to comply with this new rule, were fined.

7) Operational Risks

Operational risks arise when the day-to-day running of a company fail to perform.

When processes fail or are insufficient, businesses lose customers and revenue and their reputation gets ruined.

One example can be customer service processes. Customers are becoming every day less willing to wait for support (not to mention, receive bad quality one).

If a business customer service team fails or delays to solve customer's issues, these might find their solution in the business competitors.

8) Reputational Risks

Reputational risks arise when a business acts in an immoral and discourteous way.

This led to customer complaints and distrust towards the business, which means for the company a big loss of sales and revenue.

With the rise of social networks, reputational risks have become one of the main concerns for businesses.

Virality is super easy among Twitter so a simple unhappy customer can lead to a huge bad press movement for the company.

A recent example is the Away issue with their toxic work environment, as a former employee reported in The Verge .

The issue brought lots of critics within social networks which eventually led the CEO, Steph Korey, to step aside from the startup ( she seems to be back, anyway 🤷‍♂️! ).

9) Country Risks

When a business invests in a new country, there is a high probability it won't work.

A product that is successful in one market won't necessarily be in another one, especially when people within them are so different in cultures, climates, tastes backgrounds, etc.

Country risk is the existing failure probability businesses investing in new countries have to deal with.

Changes in exchange rates, unstable economic situations and moving politics are three factors that make these country risks be even more delicate.

10) Quality Risks

When a business develops a product or service that fails to meet customers' needs and quality expectations, the chance these customers will ever buy again is low.

In this way, the business loses future sales and revenue. Not to mention that some customers will ask for refunds, increasing business costs, as well as publicly criticize the company's products, leading to bad reputation (and a viral cycle that means even less $$ for the business).

11) Human Risk

Hiring has its benefits but also its risks.

Employees themselves involve a huge risk for a business, as they become to represent the company through how they work, mistakes committed, the public says and interactions with customers & suppliers,

A way to deal with human risk is to train employees and keep a motivated workforce. Yet, the risk will continue to exist.

12) Technology Risk

Security attacks, power outrage, discontinued hardware, and software, among other technology issues, are the events that form part of the technology risk.

These issues can lead to a loss of money, time and data, which has many connections with the previously mentioned risks.

Back-ups, antivirus, control processes, and data breach plans are some of the ways to deal with this risk.

How Businesses Can Use Risk Management To Grow Business

To mitigate any future threats, you need to prepare a comprehensive risk management plan.

This plan should detail the strategy you will use to deal with the specific challenges your business will encounter. Here’s what to do.

1) Identify Risks

Every business encounters a different set of challenges.

Before mapping the risks, analyze your business and note down its key components such as critical resources, important services or products, and top talent.

2) Record Risks

Once risks have been identified, you need to assess and document the threats that can affect each component.

Identify any warning signs or triggers of that recorded risk, also.

3) Anticipate

The best way to beat a threat is to detect and prepare for it in advance.

Once you know your business can be affected by a certain scenario, develop steps that you will take to stop the risk or to blunt its effects.

4) Prioritize Risks

Not all types of business risk have the same effect. Some can bring your startup to its knees, while others will only cause minimal effects.

To keep your business alive, start by putting in place measures that protect the vital functions from the most severe and most probable risks.

5) Have a Backup Plan

For every risk scenario, have at least two plans for countering the threat before it arrives.

The strategy you put in place should be in line with the current technology and trends.

Ensure your communicate these measures with all your team members.

6) Assign Responsibilities

When communicating measures with the team, assign responsibilities for each member in case any of the recorded risks affect the business.

These members should also be responsible for controlling the risks every certain time and maintaining records about them.

What is a Business Risk?

The term "business risk" refers to the exposure businesses have to factors that can prevent them from achieving their set financial goals.

This exposure can come from a variety of situations, but they can be classified into two:

• Internal factors: The risk comes from sources within the company, and they tend to be related to human, technological, physical or operational factors, among others.
• External factors: The risk comes from regulations/changes affecting the whole country/economy.

Any of these factors led to the business being unable to return investors and stakeholders the adequate amounts.

What Is Risk Management?

Risk management is a practice where an entrepreneur looks for potential risks that their business may face, analyzes them, and takes action to counter them.

The steps you take can eliminate the threat, control it, or limit the effects.

A risk is any scenario that harms your business. Risks can emanate from a wide variety of sources such as financial problems, management errors, lawsuits, data loss, cyber-attacks, natural calamities, and theft.

The risk landscape changes constantly, therefore you need to know the latest threats.

By setting up a risk management plan, your business can save money and time, which in some cases can be the determinant to keep your startup in business.

Not to mention, on the side, that risk management plans tend to make managers feel more confident to carry out business decisions, especially the risky ones, which can put their startups in a huge competitive advantage.

Wrapping Up

Becoming your own boss is one of the most rewarding things you can do.

However, launching a business is not a walk in the park; risks and challenges lurk around every corner.

If you are planning to establish a new business come 2022, make sure you secure its future by creating a broad risk management plan.

90% of startups fail. Learn how not to with our weekly guides and stories. Join +40,000 other startup founders!

An all-in-one newsletter for startup founders, ruled by one philosophy: there's more to learn from failures than from successes.

100+ resources you need for building a successful startup, divided into 4 categories: Fundraising, People, Product, and Growth.

• My Account My Account
• Cards Cards
• Banking Banking
• Travel Travel
• Rewards & Benefits Rewards & Benefits
• Business Business

Curated For You

Related content, types of business risks and ideas for managing them.

Published: July 06, 2023

There are several types of business risks that can threaten a company’s ability to achieve its goals. Learn some of the most common risks for businesses and ideas for how to manage them.

Business risks can include financial, cybersecurity, operational, and reputational risks, all of which can seriously impact a company’s strategic plans if business leaders don’t take action to mitigate them.

What’s most important is that business owners are aware of the risks that could shake up their operations. That way, they can take steps to prevent them or minimize their impact if they occur. Here’s a look at some common business risks. 

Financial Risks

Companies must generate sufficient  cash flow  to make interest payments on loans and to meet other debt-related obligations on time. Financial risk refers to the  flow of money  in the business and the possibility of a sudden financial loss. A company may be at  financial risk  if it doesn’t have enough cash to properly manage its debt payments and becomes delinquent on its loans.

Businesses with relatively higher levels of debt financing are considered at higher financial risk, since lenders often see them as having a greater chance of not meeting payment obligations and becoming insolvent. Types of financial risk include:

• Credit risk:  When a company extends credit to customers, there is the possibility that those customers may stop making payments, which reduces revenue and earnings. A company also faces credit risk when a lender extends business credit to make purchases. If the company doesn’t have enough money to pay back those loans, it will default.
• Currency risk:  Currency risk, also known as exchange-rate risk, can arise from the change in price of one currency in relation to another. For example, if a U.S. company agrees to sell its products to a European company for a certain amount of euros, but the value of the euro rises suddenly at the time of delivery and payment, the U.S. business loses money because it takes more dollars to buy euros.
• Liquidity risk:  A company faces  liquidity  risk when it cannot convert its assets into cash. This type of business risk often occurs when a company suddenly needs a substantial amount of cash to meet its short-term debt obligations. For example, a manufacturing company may not be able to sell outdated machines to generate cash if no buyers come forward.

Cybersecurity Risks

As more businesses use online channels for  sales  and e-commerce payments, as well as for collecting and storing customer data, they are exposed to greater opportunities for hacking, creating security risks for companies and their stakeholders. Both employees and customers expect companies to protect their personal and financial information, but despite ongoing efforts to keep this information safe, companies have experienced data breaches, identity theft, and payment fraud incidents.

When these incidents happen, consumer confidence and trust in companies can take a dive.

Not only do security breaches threaten a company’s reputation, but the company is sometimes financially liable for damages.

Ideas for managing security risks: 

• Investing in fraud detection tools and software  security solutions .
• Educating employees about how they can do their part to keep the company’s data safe. Basic guidance includes not clicking suspicious links in emails or sharing sensitive data without encrypting it first.

Operational Risks

A business is considered to have operational risk when its day-to-day activities threaten to decrease profits. Operational risks can result from employee errors, such as undercharging customers. Additionally, a natural disaster like a tornado, hurricane, or flood might damage a company’s buildings or other physical assets, disrupting its daily operations.

Of course, one of the starkest examples of negative impacts to companies' production and supply chain operations is the Coronavirus pandemic. In an April 2022 Small Business Pulse Survey conducted by the U.S. Census Bureau, roughly 65 percent of respondents reported that the pandemic had either a moderate negative effect or a large negative effect on their business. 

• Making time for necessary employee training to minimize internal mistakes.
• Developing contingency plans to shield against external events that may impact operations. For example, a restaurant impacted by a natural disaster might be able to partner with another local restaurant, bar, or coffee shop to use their kitchen and sell to-go items.

Reputational Risks

Reputational risk  can include a product safety recall, negative publicity, and negative reviews online from customers. Companies that suffer reputational damage can even see an immediate loss of revenue, as customers take their business elsewhere. Companies may experience additional impacts, including losing employees, suppliers, and other partners.

Ideas for managing reputational risks: 

• Pay attention to what customers and employees say about the company both online and offline.
• Commit not only to providing a quality product or service, but also to ensuring that workers are trained to deliver excellent customer service and to resolve customer complaints, offer refunds, and issue apologies when necessary.

The Takeaway

Business owners face a variety of business risks, including financial, cybersecurity, operational, and reputational. However, they can take proactive measures to prevent or mitigate risk while continuing to  seize opportunities for growth . To learn more about the benefits of risk management planning read,  "5 Hidden Benefits of Risk Management."

Frequently Asked Questions

1. what are the main types of business risks.

There are several types of business risks: • Financial Risks • Cybersecurity Risks • Operational Risks • Reputational Risks

2. What are common examples of business risks?

• Financial risks can include cash flow problems, inability to meet financial obligations, or taking on too much debt. • Cybersecurity risks are risks associated with data breaches, hacks, or cyber-attacks. • Operational risks include supply chain disruptions, natural disasters, or IT failures. • Reputational risks can occur when a company's reputation is damaged by negative publicity, scandal, or other events.

3. How can you identify a business risk?

There are a few key ways to identify business risks:

• Reviewing financial statements and performance indicators: This can help you identify risks related to cash flow, profitability, or solvency. • Conducting a SWOT analysis: A SWOT analysis (Strengths, Weaknesses, Opportunities, Threats) can also be a helpful tool for identifying risks and brainstorming ways to mitigate them. • Identifying key dependencies: Key dependencies are things that your business relies on to function, and if they were to fail or be disrupted, it could have a serious impact on your business. • Carrying out root cause analysis: Conducting root cause analysis can help you to identify what underlying factors could lead to a problem or issue.

A version of this article was originally published September 01, 2022.

Photo: Getty Images

Trending Content

How to Highlight Risks in Your Business Plan

Tallat Mahmood

5 min. read

Updated October 25, 2023

One of the areas constantly dismissed by business owners in their business plan is an articulation of the risks in the business.

This either suggests you don’t believe there to be any risks in your business (not true), or are intentionally avoiding disclosing them.

Either way, it is not the best start to have with a potential funding partner. In fact, by dismissing the risks in your business, you actually make the job of a lender or investor that much more difficult.

Why a funder needs to understand your business’s risks:

Funding businesses is all about risk and reward.

Whether it’s a lender or an investor, their key concern will be trying to balance the risks inherent in your business, versus the likelihood of a reward, typically increasing business value. An imbalance occurs when entrepreneurs talk extensively about the opportunities inherent in their business, but ignore the risks.

The fact is, all funders understand that risks exist in every business. This is just a fact of running a business. There are risks that exist with your products, customers, suppliers, and your team. From a funder’s perspective, it is important to understand the nature and size of risks that exist.

• There are two main reasons why funders want to understand business risks:

Firstly, they want to understand whether or not the key risks in your business are so fundamental to the investment proposition that it would prevent them from funding you.

Some businesses are not at  the right stage to receive external funding  and placate funder concerns. These businesses are best off dealing with key risk factors prior to seeking funding.

The second reason why lenders and investors want to understand the risk in your business is so that they can structure a funding package that works best overall, despite the risk.

In my experience, this is an opportunity that many business owners are wasting, as they are not giving funders an opportunity to structure deals suitable for them.

Here’s an example:

Assume your business is  seeking equity funding,  but has a key management role that needs to be filled. This could be a key business risk for a funder.

Highlighting this risk shows that you are aware of the appointment need, and are putting plans in place to help with this key recruit. An investor may reasonably decide to proceed with funding, but the funding will be released in stages. Some will be released immediately and the remainder will be after the key position has been filled.

The benefit of highlighting your risks is that it demonstrates to investors that you understand the danger the risks pose to your company, and are aware that it needs to be dealt with. This allows for a frank discussion to take place, which is more difficult to do if you don’t acknowledge this as a problem in the first place.

Ultimately, the starting point for most funders is that they  want  to invest in you, and  want  to validate their initial interest in you.

Highlighting your business risks will allow the funder to get to the nub of the problem, and give them a better idea of how they may structure their investment in order to make it work for both parties. If they are unsure of the risks or cannot get clear explanations from the team, it is unlikely they will be forthcoming when it comes to finding ways to make a potential deal work.

Brought to you by

Create a professional business plan

Using ai and step-by-step instructions.

Secure funding

Validate ideas

Build a strategy

• The right way to address business risks:

The main reason many business owners don’t talk about business risks with potential funders is because they don’t want to highlight the weaknesses in their business.

This is a fair concern to have. However, there is a right way to address business risk with funders, without turning lenders and investors off.

The solution is to focus on how you  mitigate the risks.  

In other words, what are the steps you are taking in your business as a direct reaction to the risks that you have identified? This is very powerful in easing funder fears, and in positioning you as someone who has a handle on their business.

For example, if a business risk you had identified was a high level of customer concentration, then a suitable mitigation plan would be to market your products or services targeting new clients, as opposed to focusing all efforts on one client.

Having net profit margins that are lower than average for your market would raise eyebrows and be considered a risk. In this instance, you could demonstrate to funders the steps you are putting in place over a period of time to help increase those margins to at least market norms for your niche.

The process of highlighting risks—and, more importantly, outlining key mitigating actions—not only demonstrates honesty, but also a leadership quality in solving the problems in your business. Lenders and investors want to see both traits.

• The impact on your credibility:

Any lender or investor  backs the leadership team  of a business first, and the business itself second.

This is because they realize that it is you, the management team, who will ultimately deliver value and grow the business for the benefit for all. As such, it is imperative that they have the right impression about you.

The consequence of highlighting business risks in your business plan with mitigations is that it provides funders a real insight into you as a business leader. It demonstrates that not only do you have an understanding of their need to understand risk in your business, but you also appreciate that minimizing that risk is your job.

This will have a massive impact on your credibility as a business owner and management team. This impact is more acute when compared to the hundreds of businesses they will meet that omit discussing the risks in their business.

The fact is, funders have seen enough businesses and business plans in all sectors to instinctively know what risks to expect. It’s just more telling if they hear it from you first.

• What does this mean for you going forward?

Funders rely on you to deliver on your inherent promise to add value to your business for all stakeholders. The weight of this promise becomes much stronger if they can believe in the character of the team, and that comes from your credibility.

A business plan that discusses business risks and mitigations is a much more complete plan, and will increase your chances of securing funding.

Not only that, but highlighting the risks your business faces also has a long-term impact on your character and credibility as a business leader.

See why 1.2 million entrepreneurs have written their business plans with LivePlan

Tallat Mahmood is founder of The Smart Business Plan Academy, his flagship online course on building powerful business plans for small and medium-sized businesses to help them grow and raise capital. Tallat has worked for over 10 years as a small and medium-sized business advisor and investor, and in this period has helped dozens of businesses raise hundreds of millions of dollars for growth. He has also worked as an investor and sat on boards of companies.

Table of Contents

• Why a funder needs to understand your business’s risks:

Related Articles

4 Min. Read

How to Create an Expense Budget

8 Min. Read

How to Forecast Personnel Costs in 3 Steps

11 Min. Read

How to Create a Sales Forecast

1 Min. Read

How to Calculate Return on Investment (ROI)

The Bplans Newsletter

The Bplans Weekly

Subscribe now for weekly advice and free downloadable resources to help start and grow your business.

We care about your privacy. See our privacy policy .

Tax Season Savings

Get 40% off LivePlan

The #1 rated business plan software

Discover the world’s #1 plan building software

How to write the risks and mitigants section of your business plan?

Whilst the risks and mitigants section of your business plan might seem difficult to draft, it’s one of the most important parts of the document.

Neglecting this section can lead potential partners and investors into thinking that you either missed key risks asssociated with your business or that you have something to hide.

Luckily for you, this guide provides a comprehensive overview of the risks and mitigants section of your business plan and what information should be included in it.

Ready? Let’s get started?

In this guide:

What is the objective of the risks and mitigants section of your business plan?

What information should i include in the risks and mitigants section of my business plan.

• How long should the risks and mitigants section of your business plan be?
• Example of risks and mitigants in a business plan

What tools can you use to write your business plan?

It's important to remember that managing risk is key to successful business operations. Stakeholders such as investors and lenders are often interested in assessing both risk and reward before making a final decision about whether to finance a business or not.

Entrepreneurs often create imbalances by focusing predominantly on financial opportunities and neglecting risk. This section of your business plan aims to address that issue by having you clearly state risks that could be of detriment to your business as well as explaining the contingency measures in place to counteract them. 

Doing so helps build trust and credibility amongst readers that you will be able to deliver your plan.

Need a convincing business plan?

The Business Plan Shop makes it easy to create a financial forecast to assess the potential profitability of your projects, and write a business plan that’ll wow investors.

The risks and mitigants subsection is at the end of the strategy section of your business plan, at which point the reader has a fairly clear idea of what your business does, what market you operate in and what your strategy to conquer that market is.

When writing this section, it’s important to be transparent. If you've forgotten to include a common or significant risk, the reader (particularly if it’s an investor), may think that you lack market knowledge.

Ultimately, you should state each business risk clearly, describe its potential impact and the chances of it occurring.You could use specific examples, data, or market trends to support your analysis.

You then need to discuss how you plan to mitigate these risks. This could be as simple as being insured against a particular risk, or more complex depending the circumstances.

For example, if a shortage of skilled labour is seen as a major risk, you could talk about your previous experience in hiring inexperienced workers and training them successfully to do the task at hand.

In any case, it is essential to outline procedures for regularly monitoring, evaluating, and updating your risk management activities. Prospective investors can be reassured that you are determined to manage risks appropriately and to adjust your business strategies by showing that you have a system in place to regularly review and amend your tactics if necessary.

It may prove helpful to categorize business risks based on their probability of occurrence and severity of impact. Common examples of risk categories include: 

• Market risks: these risks are related to shifts in the market environment, consumer preferences, or the level of competition. 
• Operational risks: these are risks related to the supply chain, personnel churn, or production bottlenecks.
• Financial risks: these risks threaten the stability and sustainability of the business, potentially arising from unfavorable profitability, unsustainable financial structures, or cash flow dilemmas.

How long should the risks and mitigants section of your business plan be? 

When it comes to the length of the business plan, the ideal rule of thumb is to write two to three paragraphs per risk. 

However, the actual length of the section depends on several factors, such as the number of risks and the extent of information being provided.

When determining the length, remember:

• While it's important to provide information about business risks, not every risk needs to be included. You should focus on including risks that have a high probability or a high impact.
• There should be adequate space for relevant statistics, graphs, and visual comparisons, such as historical trends and forecasts.
• Supporting documents can be included in appendices or reference sections if you have a lot of data, graphs, or other materials relating to the risk analysis.
• The level of detail you need to include depends on the reader’s familiarity with the business and the industry. If your business is in an emerging industry, you may need to provide extensive details as the reader may not be familiar with it. 

Example of risks and mitigants in a business plan 

Below is an example of what the risks and mitigants section of your business plan might look like.

It lists each risk beforehand and then explains the nature of it, the consequences it could have and discusses methods to counteract it.

This example was taken from one of our business plan templates .

Need inspiration for your business plan?

The Business Plan Shop has dozens of business plan templates that you can use to get a clear idea of what a complete business plan looks like.

In this section, we will review three solutions for writing a professional business plan:

• Using Word and Excel
• Hiring a consultant to write your business plan
• Utilizing an online business plan software

Create your business plan using Word and Excel

Creating a business plan using Word and Excel is old fashion, error prone, and (very) time consuming.

First of all, using Excel to create your financial forecast is only feasible if you have a degree in accounting and experience in financial modelling, because lenders are unlikely to trust the accuracy of your financial forecast otherwise.

Secondly, using Word means starting from scratch and formatting the document yourself once written - a process that is quite tedious. There are also no instructions or examples to guide you through each section making the overall process much longer than it needs to be.

Thirdly, for a business plan to be really useful it needs to be tracked against the company's actual financial performance and regularly updated which is a very manual process if you are using Excel.

Hire a consultant to write your business plan

This is a good option if you have the budget for it - from experience you need to budget at least £1.5k ($2.0k) for a complete business plan, more if you need to make changes after the initial version (which happens frequently after the initial meetings with lenders).

Consultants are experienced in writing business plans and most of them adept at creating financial forecasts without errors. Furthermore, hiring a consultant can save you time and allow you to focus on the day-to-day operations of your business.

Use an online business plan software for your business plan

Another alternative is to use online business plan software .

There are several advantages to using specialized software:

• You are guided through the writing process by detailed instructions and examples for each part of the plan
• You can be inspired by already written business plan templates
• You can easily make your financial forecast by letting the software take care of the financial calculations for you without errors
• You get a professional document, formatted and ready to be sent to your bank
• The software will enable you to easily track your actual financial performance against your forecast and update your forecast as time goes by

If you're interested in using this type of solution, you can try our software for free by signing up here .

Also on The Business Plan Shop

• How to do a market analysis for a business plan
• What is a business plan and how to create one?

Do you know someone who could use some assistance with their business plan? Help them out by sharing this article!

Founder & CEO at The Business Plan Shop Ltd

Guillaume Le Brouster is a seasoned entrepreneur and financier.

Guillaume has been an entrepreneur for more than a decade and has first-hand experience of starting, running, and growing a successful business.

Prior to being a business owner, Guillaume worked in investment banking and private equity, where he spent most of his time creating complex financial forecasts, writing business plans, and analysing financial statements to make financing and investment decisions.

Guillaume holds a Master's Degree in Finance from ESCP Business School and a Bachelor of Science in Business & Management from Paris Dauphine University.

Create a convincing business plan

Assess the profitability of your business idea and create a persuasive business plan to pitch to investors

500,000+ entrepreneurs have already tried our solution - why not join them?

Not ready to try our on-line tool ? Learn more about our solution here

Need some inspiration for your business plan?

Subscribe to The Business Plan Shop and gain access to our business plan template library.

Need a professional business plan? Discover our solution

Write your business plan with ease!

It's easy to create a professional business plan with The Business Plan Shop

Want to find out more before you try? Learn more about our solution here

Risk Management, Risk Analysis, Templates and Advice

• #1 Mind Mapping Tool
• Collaborate Anywhere
• Stunning Presentations
• Simple Project Management
• Innovative Project Planning
• Creative Problem Solving

The Top 50 Business Risks And How To Manage them!

Risk is simply uncertainty of outcome whether positive or negative ( PRINCE2, 2002, p239 ). Business risk is uncertainty around strategy, profits, compliance, environment, health and safety and so on. stakeholdermap.com

The Top 50 Business Risks

• Insure assets
• Compliance with fire & building regulations
• Early warning systems e.g. smoke alarms, sprinklers.
• Credit checks
• Set credit limits
• Set payment terms for suppliers
• Use debt collection agency
• Check financial background
• Use business intelligence agencies
• Early warning indicators e.g. late payment
• Avoid single source dependence
• Good record keeping
• Use analytics to measure engagement/CTR etc.
• Provide personalized useful insights
• Less may be more
• Create creative, entertaining content
• Have a clear vision
• Set clear goals and objectives
• Regularly review strategy against market conditions
• Improve cashflow management
• Review costs and inventory
• Accountancy software use/replacement
• Careful use of long and short term financing
• Use customer success managers
• Engage throughout the customer lifecycle
• Sell to the right customers
• Provide value
• Monitor trigger events e.g. change of ownership/Senior management team
• Gather intelligence and assess risk
• Deploy a defensive strategy
• Flip the negative messages e.g. if competitor says your company is too small, push your agility and ability to focus on your customers
• Use an industry research and advisory firm like Gartner or Forrester, to scan for competitive risk
• Invest in intelligence tools e.g. social media monitoring
• Improve competitive analysis
• Outsource to or engage consultants e.g. BrandTotal
• Reduce contractual disputes with contract advice and standard terms and conditions
• Train employees on legislation, e.g. around harassment, bribery, etc
• Insure against the risk of legal action
• Have inhouse counsel or retain a legal firm
• Employee training and refresher courses
• Seek legal advice on contracts, new legislation and industry specific regulations
• Create a quality assurance team
• Implement more quality and safety checks
• Register work via a copyright registration service
• Mark all work with a copyright notice, include in all footers etc
• Take prompt action on infringment
• Train employees to recognise infringment and to avoid infringing copyright in the materials they produce on behalf of your business
• Use stock footage and images
• Develop a dedicated strategy for components that are subject to volatility
• Use financial and operational hedging
• Monitor pricing trends
• Manage inventory to soften impact of price changes e.g. stockpile
• Identify the source of low satisfaction e.g. is it difficult to do business with your company or is product quality the problem
• Use Customer Relationship Management Software
• Review product quality increase quality controls
• Implement CSAT surveys or similar to monitor sentiment
• Invest in employee including sales training
• Get the essentials in place e.g. anti-virus, firewalls, password use, whitelisting, access control, SSL, SSO
• Network and data encryption
• Conduct component driven and system driven risk assessments
• Conduct security audits
• Lock down hardware e.g. company laptops, disable USB, company image if employees bring their own device
• Have a procedure which will be triggered in the event of loss or a suspected attack
• Consider focussing on solutions rather than the product
• Review marketing materials, sales plays, provide additional sales training
• Are the right customers/markets/locations being approached?
• Identify the unique selling point
• Improve market research and Research and Development
• Repurpose product
• Decomission product
• risk to employees of extreme weather - ensure safe temperatures at work, access to water, home working in bad weather, support with travel, accomodation etc
• risk to facilities, buildings, resources , materials - insurance e.g. buildings and contents, invest in storm protection, fire prevention etc
• Develop an emergency prevention and recovery plan
• Identifying your most valuable data and conduct a risk assessment
• Establish effective security policy - such as prohibiting password sharing and bringing your own devices to work
• Maintain efficient data access policy
• Secure your infrastructure. such as firewall and anti-virus, separate valuable data from your corporate network and prohibit access to it. Protect border routers and establish screen subnets
• Educate employees e.g. teach them about simple security practices, that they should incorporate in their daily workflow - lock unattended laptop, use strong passwords, challenge people without ID etc
• Conduct background checks
• Create proper termination procedure
• Monitor employee activity
• Accept the risk and buy or sell currency in the spot market
• Fix rate via a forward exchange contract
• Insure against the Forex risk
• Use an Forex structured product
• Back up generators and/or off grid solutions
• Water storage on site or own bore hole
• Move location for more reliable supply e.g. rural locations have more/longer black outs
• Change products/processes to reduce reliance on utilities e.g. require less water
• Create a health and safety policy
• Identify hazards
• Evaluate the risks and complete a risk assessment
• Provide staff training e.g. on manual lifting
• Have procedures for reporting incidents.
• Consider flexible working options e.g. working from home and hot desking
• Obtain longer leases or buy freehold office space
• Consider relocation
• Use government scheme e.g. apprenticeships
• On the job training
• Offer relocation packages for skilled recruits
• Use employee incentive or bonus schemes
• Check pay reflects industry (going rate)
• Identify top performers and reward/offer incentives to stay
• Remove hygiene factors e.g. poor parking, lack of flexible working
• Identify risks ask, "How can political actors or conditions impact our business?"
• Diversify sources of materials, suppliers, site locations, markets
• Influence the political landscape via lobbying, networking, assisting candidates/parties
• Agreed fixed rates, prices. Hedge against price volatility.
• Follow recommended servicing and maintenance schedules
• Keep stock of parts
• Have contract with emergency/24/7 repair services
• Train employees on safe use, maintenance and basic repair
• Make use of early adopters to refine the product
• Ask your existing customer base what they want/need
• Invest in beta testing
• Shadow test - open product for pre-ordering
• Investment risk models
• Use value at risk in measuring portfolio risk
• Monte Carlo simulation
• Sensitivity and scenario risk measures
• Identify natural hazards
• Measure vulnerability to natural hazards
• Connect to early warning systems if required
• Use forecasts to measure proximity of risk e.g. use weather forecast to decide date for shipment
• Create plans for responding to natural disasters
• Insure against losses were possible
• Conduct due diligence
• Identify new stakeholders
• Identify challenges e.g. curroption/lack transparency in new emerging markets
• Use shadow testing and beta testing to reduce exposure and test acceptance in the new market
• Used recognised Operational Risk Management (ORM) process
• Assess risks for each operational area e.g. IT, HR, finance, security
• Automate operational workflows
• Use risk-based capital
• Improve people management
• Additional training
• Invest in infrastructure
• Implement process to respond to patent notice letters, patent assertions and lawsuits
• Budget for patent defense expenses
• Develop standing litigation teams inhouse and outside
• Join Patent Pool
• Use Rational Patent Exchange (RPX) Corporation
• Review recruitment processes - employ great managers
• Don't use promotion to a management role as reward for long service
• Invest in training for your managers
• Have open transparent process for raising grievances, whistleblowing
• Take out Political Risk Insurance (PIR)
• Assess risk in the country, use consultants or government advice e.g. U.S. Department of State's background notes
• Negotiate compensation terms with a country before locating there
• Create contingency plans
• Diversify overseas investments
• Ensure realistic forecasting and sales pipeline. Understand what % of opportunities won't win.
• Improve quality of leads, before handing opportunities to sales
• Adjust sales pipeline multiplier
• Prevent orders being shipped without payments clearing in advance
• Have revenue incentives for suppliers who meet targets
• Increase sales quotas
• Reduce costs e.g. downsize office space by moving to hot desking or consider outsourcing some functions
• Undertake operational savings initiatives with a strong ROI
• Prioritise initiatives that enable high value customers to be identified and retained
• Take out key person insurance in case of redundancy
• Revise decision making processes to make them more nimble and faster
• Freeze recruitment i.e. don't replace leavers
• Review supplier list check that alternatives are available
• Invest in compliance consultants
• Train employees on regulations e.g. GDPR
• Use analytics and technology monitor compliance activities
• Conduct a compliance risk assessment
• Reputational risk occurs when performance doesn't match expectations. Track evolving stakeholder expectations to manage the risk
• Put a plan in place to manage a reputation crisis
• Monitor sentiment online using social media monitoring tools, engage promptly
• Use variance analysis and comparisons to highlight potential inaccuracies in forecasts
• Set high, low and expected forecasts (30, 50 and 70 percent probabilities)
• Measure forecasts against actual results to improve accuracy
• Update forecasts regularly e.g. monthly
• Consider a complete shutdown during off-peak periods to reduce costs
• Adapt your services/product to the seasons e.g. skiing in winter, walking in summer
• Market in off-peak times
• Reduce opening times during off-peak periods
• Provide medical insurance with a well-being program/incentives
• Log sickness, and trigger sickness absence procedures after x days
• Separate sick pay from annual leave so that it can be tracked
• Have a fit for purpose sickness absence policy
• Know the location of your suppliers and their suppliers facilities
• Meet with your suppliers and understand their rerouting procedures and risk management procedures
• Check your suppliers are compliant with local regulations
• Diversify your approved suppliers
• Outsource and/or use Software as a Service
• Continuously review the market and technological advances
• Invest in new technology companies e.g. buy shares, acquire the company
• Invest in Research and Development team
• Beta test new technology
• Build in redundancy and use data back ups
• Use SaaS model to reduce onsite hardware
• Have power and cooling back ups e.g. generators
• Invest in monitoring and early warning systems
• Invest in security hardware and personnel
• Invest in cyber security, encryption, VPN etc
• Retail style alarms on products
• Strict access control, badges, scanners, search etc
• Integrate innovation into your business
• Assign revenue goals for the R and D/ innovation team
• Cultivate pilot ready customers or market segments
• Automate the development process
• Purchase Marine Insurance which covers sear or air transit
• Chose a suitable freight forwarder
• Understand value of shipments, split high value shipments
• Be clear on the impact of losses in the supply chain on corporate financials
• Have a contract with a temp agency for HR resources needed over peak periods
• Outsource provision of human resources e.g. Amazon warehouse model
• Set expectations with customers and stakeholders around lead times
• Invest in automation and AI to free up resource from repetitive time-consuming work
• Keep some inventory (stockpile)
• Diversify supply chain
• Adjust supply for seasonal fluctuations e.g. holiday periods.
• Diversify locations
• Have data and warehouse backups in different locations
• Insure against war, terrorism and political violence

Download the full list of Business Risks

Word download - the top 50 business risks (word), pdf download - the top 50 business risks (pdf), 20 common project risks - example risk register, checklist of 30 construction risks, overall project risk assessment template, simple risk register - excel template, business risk - references and further reading, read more on risk management.

• Risk Assessment
• Construction Risk Management
• Risk Management Glossary
• Risk Management Guidelines
• Risk Identification
• NHS Risk Register
• Risk Register template
• Risk Management Report
• Risk Responses
• Prince2 Risk Register
• Prince2 Risk Management Strategy

Share this Image

Business Plan Risk Analysis - What You Need to Know

The business plan risk analysis is a crucial and often overlooked part of a robust business plan. In the ever-changing world of business knowing potential pitfalls and how to mitigate them could be the difference between success and failure.  A well-crafted business plan acts as a guiding star for every venture, be it a startup finding its footing or a multinational corporation planning an expansion. However, amidst financial forecasts, marketing strategies, and operational logistics, the element of risk analysis frequently gets relegated to the back burner. In this blog, we will dissect the anatomy of the risk analysis section, show you exactly why it is important and provide you with guidelines and tips. We will also delve into real-life case studies to bring to life your learning your learning.

Table of Contents

• Risk Analysis - What is it?
• Types of Risks
• Components of Risk Analysis
• Real-Life Case Studies
• Tips & Best Practices
• Final Thoughts

Business Plan Risk Analysis - What Exactly Is It?

Risk analysis is like the radar system of a ship, scanning the unseen waters ahead for potential obstacles. It can forecast possible challenges that may occur in the business landscape and plan for their eventuality. Ignoring this can be equivalent to sailing blind into a storm. The business plan risk analysis section is a strategic tool used in business planning to identify and assess potential threats that could negatively impact the organisation's operations or assets. Taking the time to properly think about the risks your business faces or may face in the future will enable you to identify strategies to mitigate these issues.

Types of Business Risks

There are various types of risks that a business may face, which can be categorised into some broader groups:

• Operational Risks: These risks involve loss due to inadequate or failed internal processes, people, or systems. Examples could include equipment failure, theft, or employee misconduct.
• Financial Risks: These risks are associated with the financial structure of the company, transactions the company makes, and the company's ability to meet its financial obligations. For instance, currency fluctuations, increase in costs, or a decline in cash flow.
• Market Risks: These risks are external to the company and involve changes in the market. For example, new competitors entering the market changes in customer preferences, or regulatory changes.
• Strategic Risks: These risks relate to the strategic decisions made by the management team. Examples include the entry into a new market, the launch of a new product, or mergers and acquisitions.
• Compliance Risks: These risks occur when a company must comply with laws and regulations to stay in operation. They could involve changes in laws and regulations or non-compliance with existing ones.

The business risk analysis section is not a crystal ball predicting the future with absolute certainty, but it provides a foresighted approach that enables businesses to navigate a world full of uncertainties with informed confidence. In the next section, we will dissect the integral components of risk analysis in a business plan.

Components of a Risk Analysis Section

Risk analysis, while a critical component of a business plan, is not a one-size-fits-all approach. Each business has unique risks tied to its operations, industry, market, and even geographical location. A thorough risk analysis process, however, typically involves four main steps:

• Identification of Potential Risks: The first step in risk analysis is to identify potential risks that your business may face. This process should be exhaustive, including risks from various categories mentioned in the section above. You might use brainstorming sessions, expert consultations, industry research, or tools like a SWOT analysis to help identify these risks.
• Risk Assessment: Once you've identified potential risks, the next step is to assess them. This involves evaluating the likelihood of each risk occurring and the potential impact it could have on your business. Some risks might be unlikely but would have a significant impact if they did occur, while others might be likely but with a minor impact. Tools like a risk matrix can be helpful here to visualise and prioritise your risks.
• Risk Mitigation Strategies: After assessing the risks, you need to develop strategies to manage them. This could involve preventing the risk, reducing the impact or likelihood of the risk, transferring the risk, or accepting the risk and developing a contingency plan. Your strategies will be highly dependent on the nature of the risk and your business's ability to absorb or mitigate it.
• Monitoring and Review: Risk analysis is not a one-time task, but an ongoing process. The business landscape is dynamic, and new risks can emerge while old ones can change or even disappear. Regular monitoring and review of your risks and the effectiveness of your mitigation strategies is crucial. This should be an integral part of your business planning process.

Through these four steps, you can create a risk analysis section in your business plan that not only identifies and assesses potential threats but also outlines clear strategies to manage and mitigate these risks. This will demonstrate to stakeholders that your business is prepared and resilient, able to handle whatever challenges come its way.

Business Plan Risk Analysis - Real-Life Examples

To fully grasp the importance of risk analysis, it can be beneficial to examine some real-life scenarios. The following are two contrasting case studies - one demonstrating a successful risk analysis and another highlighting the repercussions when risk analysis fails.

Case Study 1: Google's Strategic Risk Mitigation

Consider Google's entry into the mobile operating system market with Android. Google identified a strategic risk : the growth of mobile internet use might outpace traditional desktop use, and if they didn't have a presence in the mobile market, they risked losing out on search traffic. They also recognised the risk of being too dependent on another company's (Apple's) platform for mobile traffic. Google mitigated this risk by developing and distributing its mobile operating system, Android. They offered it as an open-source platform, which encouraged adoption by various smartphone manufacturers and quickly expanded their mobile presence. This risk mitigation strategy helped Google maintain its dominance in the search market as internet usage shifted towards mobile.

Case Study 2: The Fallout of Lehman Brothers

On the flip side, Lehman Brothers, a global financial services firm, failed to adequately analyse and manage its risks, leading to its downfall during the 2008 financial crisis. The company had significant exposure to subprime mortgages and had failed to recognise the potential risk these risky loans posed. When the housing market collapsed, the value of these subprime mortgages plummeted, leading to significant financial losses. The company's failure to conduct a robust risk analysis and develop appropriate risk mitigation strategies eventually led to its bankruptcy. The takeaway from these case studies is clear - effective risk analysis can serve as an essential tool to navigate through uncertainty and secure a competitive advantage, while failure to analyse and mitigate potential risks can have dire consequences. As we move forward, we'll share some valuable tips and best practices to ensure your risk analysis is comprehensive and effective.

Business Plan Risk Analysis Tips and Best Practices

While the concept of risk analysis can seem overwhelming, following these tips and best practices can streamline the process and ensure that your risk management plan is both comprehensive and effective.

• Be Thorough: When identifying potential risks, aim to be as thorough as possible. It’s crucial not to ignore risk because it seems minor or unlikely; even small risks can have significant impacts if not managed properly.
• Involve the Right People: Diverse perspectives can help identify potential risks that might otherwise be overlooked. Include people from different departments or areas of expertise in your risk identification and assessment process. They will bring different perspectives and insights, leading to a more comprehensive risk analysis.
• Keep it Dynamic: The business environment is continually changing, and so are the risks. Hence, risk analysis should be an ongoing process, not a one-time event. Regularly review and update your risk analysis to account for new risks and changes in previously identified risks.
• Be Proactive, Not Reactive: Use your risk analysis to develop mitigation strategies in advance, rather than reacting to crises as they occur. Proactive risk management can help prevent crises, reduce their impact, and ensure that you're prepared when they do occur.
• Quantify When Possible: Wherever possible, use statistical analysis and financial projections to evaluate the potential impact of a risk. While not all risks can be quantified, putting numbers to the potential costs can provide a clearer picture of the risk and help prioritise your mitigation efforts.

Implementing these tips and best practices will strengthen your risk analysis, providing a more accurate picture of the potential risks and more effective strategies to manage them. Remember, the goal of risk analysis isn't to eliminate all risks—that's impossible—but to understand them better so you can manage them effectively and build a more resilient business.

In the ever-changing landscape of business, where uncertainty is a constant companion, the risk analysis section of a business plan serves as a guiding compass, illuminating potential threats and charting a course toward success. Throughout this blog, we have explored the critical role of risk analysis and the key components involved in its implementation. We learned that risk analysis is not just about identifying risks but also about assessing their potential impact and likelihood. It involves developing proactive strategies to manage and mitigate those risks, thereby safeguarding the business against potential pitfalls. In conclusion, a well-crafted business plan risk analysis section is not just a formality but a strategic asset that empowers your business to thrive in an unpredictable world. As you finalise your business plan, keep in mind that risk analysis is not a one-time task but an ongoing practice. Revisit and update your risk analysis regularly to stay ahead of changing business conditions. By embracing risk with a thoughtful and proactive approach, you will position your business for growth, resilience, and success in an increasingly dynamic and competitive landscape. Want more help with your business plan? Check out our Learning Zone for more in-depth guides on each specific section of your plan.

How to Develop Key Risk Indicators (KRIs) to Fortify Your Business

Vice Vicente

May 8, 2023

Risk management, compliance, and internal audit professionals are well versed in finding ways to help organizations manage risk. From employing Enterprise Risk Management or ERM best practices, to responding to real time disruptions, risk professionals have many tools in their proverbial toolbox — and they need them. Risk identification and assessment processes need to be iterative and dynamic. Auditors need to revise risk assessments and  modify risk responses and audit procedures throughout fast-changing and complex circumstances.

To help your company manage emerging threats and better prepare for the future, it’s vital that you and your team develop Key Risk Indicators (KRIs). This helps to safeguard your organization from the various types of risks that can sidetrack its plans, and even point to early warning signs of major disruptions. Safeguarding activities include:

• Developing a thorough understanding of each potential risk exposure.
• Documenting each risk, the impact, and likelihood of the risk occurring.  
• Closely monitoring performance via Key Performance Indicators. 
• Leveraging technology to assist this process.
• Conducting periodic and regular reviews of KRIs as situations change and evolve.

What Is a Key Risk Indicator?

Key risk indicators are metrics that predict potential risks that can negatively impact businesses. They provide a way to quantify and monitor each risk. Think of them as change-related metrics that act as an early warning risk detection system to help companies effectively monitor, manage and mitigate risks. KRIs provide visibility into the weaknesses within your company’s risk and control environment and processes — and help to develop a  risk assessment plan to fortify your business. 

Key risk indicators are not limited by function or silo and can be applied to many business processes and risk factors, informing an organization’s overall risk management strategy . 

The Primary Purpose of Key Risk Indicators

KRIs add value to overall operational risk management by playing an essential risk management role. KRIs predict potential risk — especially within high-risk areas and sectors. KRIs can help with:

• Identifying any risk exposure relating to current or emerging risk trends.
• Assessing and quantifying each risk and its potential impact.
• Providing perspective through benchmarking.
• Enabling timely and ongoing risk control and monitoring.
• Enabling leaders and key personnel to receive alerts of potential risks in advance.
• Providing time to develop the appropriate and effective risk responses and action plans. 
• Establishing objectivity within the risk management process.

In short, KRIs provide an early warning system” that allows companies to be prepared for risks.

Helping Companies Identify Emerging Risks

Emerging risks will continue to impact many  audit risk areas . Industries will put an emphasis on developing or bolstering their  risk assessment plans to focus on identifying  emerging risks within their supply chains and internal controls — as well as looking at fraud or cybersecurity threats due to remote working conditions. Climate change, natural disasters, and geopolitical factors play another role in the emerging risk landscape. 

As a powerful tool supporting  operational risk management (ORM) , KRIs help identify and define risks to ensure everyone understands the relationship between each KRI and potential risks. So, how do KRIs help companies identify these emerging risks? KRIs assist companies with:

• Comparing business objectives and strategy to actual performance to isolate changes.
• Measuring the effectiveness of processes or projects.
• Demonstrating changes in the frequency or impact of a specific risk event.

How to Identify Key Risk Indicators

Clearly identifying KRIs involves developing a roadmap — such as the one outlined below — to establish the right set of KRIs for the organization.  As with all risk management approaches, KRIs should be tailored to the risk profile of the company and take into account the major risks that face the business. This process will involve your risk management team, each business unit, and those responsible for internal audits . 

Risk Management Responsibilities

Before identifying KRIs, your risk management team will need to create a framework and provide guidance by ensuring everyone is trained on the KRI selection process. The risk management team can also provide guidance around risk mitigation and action plans, as well as oversight around effective KRIs and similar initiatives.

Business Unit Responsibilities

Each business unit will be responsible for identifying their respective KRIs, setting the thresholds, monitoring each KRI state, and escalating variances against these to management, including:

• Revisiting All Existing Metrics : As things change, all current metrics must be thoroughly reviewed; frequency will depend on the industry, internal and external changes, strategic goals, and other factors, but this should be done at least annually. Conduct an organization-wide SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats) to identify, analyze, and document the entire organization’s operational state and risk appetite.
• Conducting a Risk Control Self-assessment: Another aspect of assessing risk appetite is revisiting each metric and conducting a full risk assessment. This should be carried out to determine precisely how each potential risk affects strategic plans, the likelihood of it happening, and where the impact may occur, among other things. 
• Tracking Changes in the Control Environment: It’s necessary to track changes in the control environment. Published by the Committee of Sponsoring Organization ( COSO ), the Internal Control — Integrated Framework ensures the standards, processes, and structures in organizations are in place to safeguard your organization. Changes to processes and controls may negatively impact the control environment’s effectiveness and increase risk exposure.
• Prioritizing Significant Risks and Isolating Their Root Causes : Once risks are identified, they will need to be prioritized — each risk will require a risk response, but they all can’t be a top priority. Conducting a root cause analysis will be essential to determine the importance and action to be taken. 
• Systematically Collecting All Data on KRIs : To be of value to the organization, data relating to KRIs should be collated methodically. Make sure not to select a large number of KRIs that are too difficult to monitor, manage, or trace. To be effective and deliver strategic value, all KRIs should be measurable, predictable, comparable, and informational.  

Another part of identifying KRIs is setting thresholds or tolerances that enable flags to be raised when the situation moves outside of the normal. The thresholds should be based on industry norms or internal acceptance criteria. All thresholds should be carefully vetted by key stakeholders and approved by your company leadership or board of directors. Other tasks that need to be addressed when developing KRIs including determining who is responsible for:

• Tracking and reporting KRIs 
• Establishing risk responses
• Establishing or updating controls 
• Re-evaluating KRIs as circumstances change

Internal Audit Responsibilities

Internal audit will need to validate and provide assurances relating to the KRI process as well as build into the audit plan all the required inputs and record auditresults related to KRI audits. Internal audit will also need to identify, document, and report all exceptions or breaches to KRIs. Internal audit teams can play a major role in evaluating the suitability and relevance of KRIs, and it may be worthwhile for organizations to complete periodic KRI audits.

What Are Examples of Key Risk Indicators? 

There are various types of quantitative and qualitative KRIs — for example, some are focused on financial, human resource, operational, technical, or other aspects of the business. 

Quantitative KRIs 

These focus on provable facts and numerical data based on findings from mathematical models, system outputs, and analysis methods. 

Qualitative KRIs 

These types of KRIs focus on predicting probability-based outcomes to support things like sensitivity analysis.

Depending on your business or industry’s nature, the use of quantitative over qualitative KRIs may be more relevant. Some KRIs may also rank higher on the priority list, be of more importance than others, and be subject to change based on internal or external environmental factors. Here are examples of top types of KRIs used across a range of industries and sectors.

Financial KRIs

Quantitative financial KRIs may be of greater significance to commercial or retail banks, asset management or firms, or Certified Public Accounting (CPA) firms. Some examples of financial KRIs pointing to external environmental factors might include ones that measure an economic downturn or regulatory changes. Internal factors might be changes to strategic goals, budget limitations, or acquisitions. 

Human Resource KRIs

Staffing and recruitment firms and human resource departments are likely to be interested in using quantitative or qualitative people-based KRIs. High staff turnover, low staff satisfaction, labor shortages, or low recruiting conversion rates are some examples of human resource KRIs.

Operational KRIs

Operational KRIs could measure many things, from failed internal processes to ineffective internal controls. These types of KRIs can be typically developed in all industries. Factors impacting operational KRIs might center around process inefficiencies, leadership changes, or changes to strategic goals.

Technological KRIs

System failures, security breaches, and denial of service incidents are all examples of events measured by technology-based KRIs. These types of KRIs also impact all industries but can be of greater importance to a technology service provider or a firm that relies on online business portals. Technological risk factors might include increased operational complexity, security issues, changes to protocols, or regulations.

The Difference Between KRI and KPI: Are They Related?

It’s important to understand the difference between KRIs and KPIs. While they are related, they are different. They work together to provide companies and their leaders with the metrics needed to fortify their businesses. Both KPIs and KRIs are needed — they work hand-in-hand to create a complete picture for effective and timely decision-making. 

KPIs ** ** look backward and focus on how well companies are achieving their goals. KPIs identify and prioritize a company’s key goals as well as monitor performance against those goals.

KRIs are predictive. They assess and manage potential risks to goals. They focus on the likelihood of companies achieving their goals based on potential risk factors. KRIs are linked to an organization’s risk posture and strategic priorities, and identify current and emerging risks related to each key goal. KRIs also monitor risks and send an early warning when the business is at risk of not achieving its goals.

How to Develop Key Risk Indicators to Fortify Your Business?

Gauging performance and ensuring goals and milestones are met is one of the key aspects for which any leadership team is responsible. When looking at their dashboard each day, leaders across the business expect to see the information that tells them the current state of things — and that hopefully, they are on track — and this includes KRIs. When KRIs fall outside of thresholds, they alert management there’s increased potential for risk exposure — but KRIs are only useful when they’re developed using this methodical yet simple approach. 

Identify Relevant Risks

Prior to establishing KRIs, it is essential first to understand your company’s goals and any vulnerabilities that can cause risk points. Effective  enterprise risk management relies on identifying the most significant risks — these are the ones that will have the highest impact, the highest chance of occurring — or are the most likely to be outside of your company’s control.

Establish Your KRIs

If your company has already established Key Performance Indicators (KPIs), these can create KRIs. Why? The KPIs will already make sense and provide the underlying information — this can reduce the time spent on monitoring and the needed resources. Keep in mind: the KPIs being transferred to KRIs must also be relevant, timely, measurable, and make sense. If the KPIs are out of date or cover a period of time that is no longer applicable, then they shouldn’t be used. 

Establish a Solid Process

Since KRIs are developed by each department, a solid process for creating, assessing, monitoring, and reporting them to the appropriate individuals will need to be established. The following best practices can ensure things go smoothly.

• When identifying KRIs, involve all relevant stakeholders from the start.
• Gain stakeholder buy-in so everyone is on the same page and vested in the success.
• Ensure all information about KRIs and the process are accessible to all stakeholders.
• Create a central point of contact to whom stakeholders can go to get support. 
• Keep stakeholders updated in a timely manner as things change.

Following a methodical approach like the one above can help streamline the process of developing Key Risk Indicators. Using automation to aggregate KRIs and present them in a clear dashboard can also be a game-changer.

Potential Challenges of Developing Quantifiable, Good KRIs

Creating, monitoring, and reporting KRIs sounds pretty straightforward, but it’s a bit more involved than one might think. Many businesses still struggle with  common mistakes when establishing KRIs for these reasons:  

• Risks relating to the actual development of a KRI itself continue to go unaddressed. It requires conscious effort, resources, and executive and stakeholder buy-in. 
• There are also issues with access to credible and objective data — especially quantitative data.
• The available data can often be unnecessarily complex and difficult to decipher and use.

Being aware of these common challenges can help you design a KRI development approach that will anticipate data and process-related issues.

How to Use and Monitor KRIs Effectively 

Key risk indicators should be linked to a KPI and a strategic goal — and they should be prioritized to keep the focus on key risks. It’s also vital for KRIs to be continually monitored and tracked regularly — although the frequency will depend on the type of KRI. 

Risk management and audit professionals play a pivotal role in ensuring the right metrics are in place to reduce risk exposure. Effectively using KRIs also relies on having the right risk management platform in place. AuditBoard can assist in monitoring your company’s KRIs with integrated risk management software — get started with  RiskOversight today.

Frequently Asked Questions About Key Risk Indicators (KRIs)

What is a key risk indicator.

Key risk indicators are metrics that predict potential risks that can negatively impact businesses.

What are the different categories of Key Risk Indicators?

There are many categories of KRIs, including qualitative, quantitative, financial, operational, and technological KRIs, among others.

What’s the difference between KRI and KPI?

Key Performance Indicators (KPIs) look to the past to compare and measure current performance while also setting organizational goals. Key risk indicators (KRIs) are forward looking and try to anticipate, prevent, and/or mitigate risk events.

What are the potential challenges of developing KRIs?

Some challenges involved with developing KRIs is the collaboration and buy-in needed to establish effective KRIs, the complexity of data associated with measuring KRIs, and the lack of usable data within an organization to measure KRIs.

Vice Vicente started their career at EY and has spent the past 10 years in the IT compliance, risk management, and cybersecurity space. Vice has served, audited, or consulted for over 120 clients, implementing security and compliance programs and technologies, performing engagements around SOX 404, SOC 1, SOC 2, PCI DSS, and HIPAA, and guiding companies through security and compliance readiness. Connect with Vice on LinkedIn .

Related Articles

How to Develop Effective Key Risk Indicators + Best Practices for 2024

Table of Contents

What are key risk indicators?

Key performance indicators vs key risk indicators, challenges of developing key risk indicators, how to develop kris, key risk indicator examples, kri template, helping your company better prepare for the future with kris.

• April 11, 2024

Anna Fitzgerald

Senior Content Marketing Manager at Secureframe

Cavan Leung

Senior Compliance Manager at Secureframe

70% of organizations experienced at least two critical risk events in the past year, while over 40% experienced at least three, and nearly 20% suffered six or more incidents, according to a 2023 report by Forrester and Dataminr .

With enterprise risk on the rise, enterprise risk management (ERM) is more important than ever. Developing key risk indicators, or KRIs, can strengthen ERM.

KRIs track the potential occurrence of certain risk events. When triggered, they can alert management and other stakeholders to a potential threat that would have a significant impact on business operations, such as falling out of compliance with security frameworks like SOC 2 .® 

Ready to learn more? Below we dig into the basics of KRIs, how to establish them, and tips for maintaining KRIs over time.

Key risk indicators (KRIs) are a way to proactively measure risks that a business may face. They serve as early warning signs of upcoming crises, which can provide an organization’s management team time to create an action plan to mitigate that risk’s potential impact or prevent it from occurring. 

KRIs are also tied to risk appetite, which sets a threshold for the level of risk exposure that a business will take on to achieve its objectives. KRIs can alert leadership of any upcoming threats or vulnerabilities that might exceed that threshold.

KRIs aren’t meant to track every specific risk that your company may face. Instead, they’re meant to track the most important types of risks that could put your business’s primary objectives and priorities in jeopardy. 

Both key risk indicators and key performance indicators (KPIs) are metrics that help businesses make informed decisions and accurately plan for the future. However, KRIs and KPIs differ in what they measure. Let’s take a closer look at these two metrics below.

Key performance indicators

KPIs are used to measure the company’s performance against a goal or objective over a period of time. They can be used to look toward the future or back on the past, depending on the type.

• Leading KPIs evaluate outcomes of certain actions and processes to indicate a company’s progress toward achieving its business goals. Examples include customer satisfaction and percent growth in new markets.
• Lagging KPIs evaluate outputs of past actions and processes, like product launches and events, to determine whether the company achieved its goals. Examples include annual revenue and growth in annual sales.

Key risk indicators

KRIs are used to indicate potential risks that may affect the company’s ability to achieve its core objectives. KRIs can help a company meet its KPIs by reducing significant risks that can jeopardize business operations and growth initiatives.

For example, if a company establishes a KPI to measure IT system performance, then a complementary KRI might measure the number of system backup failures or critical incidents. If either of these KRIs exceeded its threshold, then stakeholders could be alerted and have time to mitigate the risk before the IT system performance was impacted. 

While KRIs boast a wide range of benefits that include the ability to proactively address an organization's risks, businesses also face a range of challenges when it comes to setting and tracking KRIs. 

In a recent poll conducted during a webinar by the CEOs of Nymro Clinical Consulting Services and Cyntegrity, 22% of business leaders said that finding the right method to calculate KRIs is their top challenge. 

Other common challenges businesses face when utilizing KRIs include:

• A failure to incorporate KPIs with KRIs
• Inefficient tracking of KRIs due to lack of resources or tools such as automation
• Trouble accessing objective qualitative data to identify risk trends
• Not associating actions with risk thresholds

Before your business can begin benefiting from KRIs, you’ll need to do a bit of prep work. We walk through the steps for KRI design below. 

1. Understand your key objectives

A KRI is a metric for tracking the potential occurrence of certain risk events that will have an adverse effect on your company’s objectives.

So before you can begin developing effective KRIs, it’s essential that you understand your company’s most important objectives. For example, one core objective might be to increase profits by increasing revenues and decreasing costs. There are several risks you may map to this core objective, like economic downturns or operational inefficiencies.

2. Identify priority risks

The risks that pose the biggest threat to your business objectives— with a high probability of occurring and a potentially damaging outcome — are the kind you’re looking to include when you establish KRIs.

Here are a few ways to identify relevant risks:

• Conduct a risk assessmen t to identify the risks that will cause the biggest impacts to your overall objectives and goals. 
• Review your risk register to tip you off to certain risks that are subject to swift changes in risk level, indicating that they could benefit from the early warning of a KRI.
• Keep your core business objectives at the forefront as you design your KRIs, which will help you prioritize the most important risks.
• Consider risks that fall above or below your risk appetite threshold , as they will likely need additional oversight. 
• Conduct an internal audit to assess your internal controls against a framework as you prepare towards audit readiness.

3. Select KRIs

There are two primary methods for choosing KRIs: top-down and bottom-up approaches. 

• Top-down approach : Senior leadership selects KRIs for the entire organization. This approach can be helpful in aligning with strategic KPIs and can help the organization’s understanding of risk impact and how it can affect business objectives. 
• Bottom-up approach : Business units across the organization select and monitor KRIs that map to their operational processes. The bottom-up approach ensures risks are tracked on a more granular level and fosters buy-in from departments. 

Whether you opt for a top-down or a bottom-up approach, after top-priority risks have been identified you can begin to design KRIs. For initial KRIs, it can be helpful to start small with two or three indicators for your top risks. 

When setting up KRIs, keep things simple by focusing on your priority risks. Include relevant subject matter experts from your organization to help identify a few key indicators that will help you properly track risks. 

Remember that key traits of a good KRI are:

• Measurable : KRIs are quantifiable by percentages, numbers, etc. 
• Predictive : KRIs can be used as an early warning system.
• Informative : KRIs are used to shape decision-making. 
• Comparable : KRIs can be benchmarked internally and to industry standards. 

4. Set thresholds for KRIs 

Once you’ve identified KRIs, set upper and lower tolerance values to track against each risk. Any time a risk moves beyond these thresholds of acceptance, you should alert key stakeholders and assign follow-up tasks to mitigate that risk. 

These tolerance values can be changed as data is captured, so don’t spend too much time perfecting them in the beginning. To start, you can use industry norms or internal criteria to set them and ensure they’re approved by your board of directors or other key leadership.  

When you’re confident in the data being collected from your initial indicators, you can expand the KRI program into different business departments.

5. Maintain KRIs over time

Once KRIs are in place, they need to be monitored and tracked regularly, whether in real time or with a quarterly check-in.

Automation can help simplify this process, but you may also want to consider appointing key individuals to manually track certain indicators that make sense for your organization.  

Additionally, you can use the first few data-gathering periods as a way to check if your risk threshold settings are correct. This will help ensure that future alerts are configured correctly and prevent false alarms.

It’s important to document and report all risk occurrences related to your KRIs. This should include a formal process for alerting key leadership when indicator tolerance levels are high.

While you can map KRIs to any aspect of your business, common KRI types include operational, financial, technological, and people-related indicators. 

Operational KRIs

Operational KRIs are closely related to operational risk. Examples include: 

• Process inefficiencies
• Internal failures
• Leadership changes

Financial KRIs

Financial KRIs are commonly used by banks and CPA firms. Examples include:

• Economic downturn
• Regulatory changes
• Acquisitions
• Budget changes

Technological KRIs

Technological KRIs are used by businesses across industries. Examples include:

• System failures
• Data breach incidents

People KRIs

These KRIs are often used by human resource departments or companies that handle staffing and recruitment. Examples include:

• High turnover
• Low employee satisfaction
• Low recruiting conversion

Cybersecurity KRIs

Cybersecurity key risk indicators can be used by any company to measure, monitor, and manage their cybersecurity risk. Cybersecurity risk relates to the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems as a result of digital attacks. Examples include:

• Number of cyber incidents
• Number of exposed data records
• Cyber incident response times

Information security KRIs

Information security KRIs can be used by any company to measure, monitor, and manage their InfoSec risk. InfoSec risk is the risk to organizational operations, organizational assets, and individuals due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. Examples include:

• Failed login requests
• Percentage of systems in use that are no longer supported
• Increase in attacks on firewall 

Anti-money laundering key risk indicators are commonly used by financial and other regulated institutions to help them comply with AML and anti-terrorist financing legislation. Examples include:

• Size of the business
• Number of transactions
• Types of products and services sold to customers
• Customer type

Key risk indicator template

KRIs are an important operational risk management tool for risk identification and risk mitigation. Now that you understand how to develop key risk indicators, it’s time to map out your own set of KRIs. We created this simple KRI template to help you think through your company’s risks.

Establishing KRIs is an important aspect of any enterprise risk management strategy. 

Key risk indicators are an invaluable tool for forward-thinking businesses to fully understand their risk profile, manage upcoming threats, and act swiftly to mitigate potential disruptions. 

They can also be easily mapped to security standards and regulatory requirements to help your business stay compliant with frameworks like SOC 2 and HIPAA .

KRI implementation is just one of the approaches for baking risk prevention into your business. We’ve created a visual guide to inspire your business to adopt a more risk-minded cybersecurity approach.

What is a KRI?

A KRI stands for key risk indicator. These indicators are used to measure an organization's performance against their defined risk appetite and risk tolerance. For example, they can validate that the organization is operating within its defined risk appetite or demonstrate where risk tolerances have been exceeded so that organizations can proactively address risks.

What are key risk indicators examples?

Examples of key risk indicators are number of data breach incidents, cyber incident response times, percentage of systems in use that are no longer supported, network traffic surges, or statistical deviations from normal user behavior.

What is difference between KPI and KRI?

A key performance indicator (KPI) is used to measure a company’s performance against a goal or objective over a period of time, whereas a key risk indicator (KRI) is used to indicate potential risks that may affect the company’s ability to achieve its core objectives.

What are key risk indicators for employees?

Key risk indicators for employees are often used by human resource departments or companies that handle staffing and recruitment. Examples include total turnover rate, retention rate per manager, employee satisfaction (could be an NPS score), number of applicants per job, and offer acceptance rate.

SOC 1 ® , SOC 2 ® and SOC 3 ® are registered trademarks of the American Institute of Certified Public Accountants in the United States. The AICPA ® Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy is copyrighted by the Association of International Certified Professional Accountants. All rights reserved.

Not finding what you are looking for?

• Chat with us!
• Culture and Business Transformation

Key types of business risk every leader should plan for

• June 16, 2021

Preferred partners

Risk Management Intelligence 20 Anson, Road #19-01 Twenty Anson, Singapore 079912 Company Reg No: 201210650Z

• +65 3158 0772
• [email protected]

© RMI - All Rights Reserved 2024. Site by Manning&Co.

Quick links

Get the latest insights.

• Search Search Please fill out this field.

What Is Business Risk?

Understanding business risk, reducing business risk, the bottom line, what is business risk definition, factors, and examples.

Business risk is the exposure a company or organization has to factor(s) that will lower its profits or lead it to fail. Anything that threatens a company's ability to achieve its financial goals is considered a business risk . There are many factors that can converge to create business risk. Sometimes it is a company's top leadership or management that creates situations where a business may be exposed to a greater degree of risk.

However, sometimes the cause of risk is external to a company. Because of this, it is impossible for a company to completely shelter itself from risk. However, there are ways to mitigate the overall risks associated with operating a business ; most companies accomplish this by adopting a risk management strategy.

Key Takeaways

• Business risk is any exposure a company or organization has to factor(s) that may lower its profits or cause it to go bankrupt.
• The sources of business risk are varied but include changes in consumer taste and demand, the state of the overall economy, and government rules and regulations.
• Risk can be created by external factors that the business doesn't control, as well as by decisions made within the company's management or executive team.
• While companies may not be able to completely avoid business risk, they can take steps to mitigate its impact, including the development of a strategic risk plan.

Investopedia / Xiaojie Liu

When a company experiences a high degree of business risk, it may impair its ability to provide investors and stakeholders with adequate returns. For example, the CEO of a company may make certain decisions that affect its profits, or the CEO may not accurately anticipate certain events in the future, causing the business to incur losses or fail.

Business risk is influenced by a number of different factors including:

• Consumer preferences, demand, and sales volumes
• Per-unit price and input costs
• Competition
• The overall economic climate
• Government regulations

A company with a higher amount of business risk may decide to adopt a capital structure with a lower debt ratio to ensure that it can meet its financial obligations at all times. With a low debt ratio, when revenues drop the company may not be able to service its debt (and this may lead to bankruptcy). On the other hand, when revenues increase, a company with a low debt ratio experiences larger profits and is able to keep up with its obligations.

To calculate risk, analysts use four ratios: contribution margin, operation leverage effect, financial leverage effect, and total leverage effect. For more complex calculations, analysts can incorporate statistical methods.

Business risk usually occurs in one of four ways: strategic risk, compliance risk, operational risk, and reputational risk .

Types of Business Risk

Strategic risk.

Strategic risk arises when a business does not operate according to its business model or plan. When a company does not operate according to its business model, its strategy becomes less effective over time, and the company may struggle to reach its defined goals.

For example, imagine ABC Store is a big box store that strategically positions itself as a low-cost provider for working-class shoppers. Its main competitor is XYZ Store, which is seen as a destination for more middle-class consumers. However, if XYZ decides to undercut ABC's prices, this becomes a strategic risk for ABC.

Compliance Risk

The second form of business risk is compliance risk, sometimes known as regulatory risk. Compliance risk primarily arises in industries and sectors that are highly regulated. For example, in the wine industry, there is a three-tier system of distribution that requires wholesalers in the U.S. to sell wine to a retailer, who then sells it to consumers. This system prohibits wineries from selling their products directly to retail stores in some states.

However, there are many U.S. states that do not have this type of distribution system; compliance risk arises when a brand fails to understand the individual requirements of the state in which it is operating. In this situation, a brand risks becoming non-compliant with state-specific distribution laws and may face fines or other legal action.

Operational Risk

The third type of business risk is operational risk . This risk arises from within the corporation, especially when the day-to-day operations of a company fail to perform. For example, in 2012, the multinational bank HSBC faced a high degree of operational risk and as a result, incurred a large fine from the U.S. Department of Justice when its internal anti-money laundering operations team was unable to adequately stop money laundering in Mexico.

Reputational Risk

Any time a company's reputation is ruined, either by an event that was the result of a previous business risk or by a different occurrence, it runs the risk of losing customers and its brand loyalty suffering. The reputation of HSBC faltered in the aftermath of the fine it was levied for poor anti-money laundering practices.

Business risk cannot be entirely avoided because it is unpredictable. However, there are many strategies that businesses employ to cut back the impact of all types of business risk, including strategic, compliance, operational, and reputational risk.

The first step that brands typically take is to identify all sources of risk in their business plan . These aren't just external risks—they may also come from within the business itself. Taking action to cut back the risks as soon as they present themselves is key. Management should come up with a plan in order to deal with any identifiable risks before they become too great.

Finally, most companies adopt a risk management strategy . This can be done either before the business begins operations or after it experiences a setback. Ideally, a risk management strategy will help the company be better prepared to deal with risks as they present themselves. The plan should have tested ideas and procedures in place in the event that risk presents itself.

Once the management of a company has come up with a plan to deal with the risk, it's important that they take the extra step of documenting everything in case the same situation arises again. After all, business risk isn't static—it tends to repeat itself during the business cycle. By recording what led to risk the first time, as well as the processes used to mitigate it, the business can implement those strategies a second time with greater ease. This reduces the timeframe in which unaddressed risk can impact the business, as well as lowering the cost of risk management.

What Are the 4 Main Types of Business Risk?

The four main types of risk that businesses encounter are strategic, compliance (regulatory), operational, and reputational risk. These risks can be caused by factors that are both external and internal to the company.

Why Is Risk Management Important In Business?

Businesses face a great deal of uncertainty in their operations, much of it outside their control. This uncertainty creates risk that can jeopardize not both a company's short-term profits and long-term existence. Because risk is unavoidable, risk management is an important part of running a business. When a business has a thorough and carefully created risk management plan in place, and when they are able to iterate on that plan to deal with new an unexpected risks, the business is more likely to survive the impact of both internal and external risk.

What Are Internal Risks That Can Impact a Business?

Internal risks that can impact a business often come from decisions made by the management or executive team in pursuit of growth. These decisions can create physical or tangible risks. For example, on-site risks such as fires, equipment malfunctions, or hazardous materials can jeopardize production, endanger employees, and lead to legal or financial penalties. Policies that guarantee a safe working environment would, in this instance, be an effective strategy for managing internal risks.

In business, risks are factors that an organization encounters that may lower its profits or cause it to go fail. Sources of risk can be external, such as changes in what consumers want, changes in competitor behavior, external economic factors, and government rules or regulations. They can also be internal such as decisions made by management or the executive team.

No company can completely avoid risks, especially because many risk factors are external. However, businesses can put risk management strategies into place. These strategies can be used both to reduce risk and to mitigate the impact of risks when they arise. By documenting the sources of risk and creating a strategic plan that can be repeated, businesses can reduce the overall impact of risk and deal with it more efficiently and effectively in the future.

United State Department of Justice. " HSBC Holdings Plc. and HSBC Bank USA N.A. Admit to Anti-Money Laundering and Sanctions Violations, Forfeit $1.256 Billion in Deferred Prosecution Agreement ."

• Terms of Service
• Editorial Policy
• Privacy Policy
• Your Privacy Choices

• GLOBAL SEARCH
• WEB SUPPORT

16 Entrepreneurs Explain What Work Means to Them

25 Entrepreneurs Share Essential Skills One Needs to be a CEO

22 Entrepreneurs Share How They Incorporate Health and Fitness into Their Day

8 Entrepreneurs Reveal How Much They Work In a Week

11 Entrepreneurs Reveal Their Why/Motivation

12 Entrepreneurs Share Views on Whether Entrepreneurs are Born or Made

7 Entrepreneurs Share Essential Skills One Needs to be a CEO

30 Entrepreneurs Share Essential Skills One Needs to be a CEO

15 Entrepreneurs Explain The Misconceptions Around Entrepreneurship & Business

• Wordpress 4 CEOs

How to Create a Google Business Profile / Tips to Optimize Google Business Profile

How to Get Your Product Into Walmart- {Infographic}

Make Money using Facebook – Make Great Posts

2 Interesting Updates from WordPress 4.8 Evans

How To Know If Your Business Idea Will Succeed

This is How to Write a Converting Email Autoresponder Series

15 Entrepreneurs Explain What They Love And/Or Hate About WordPress

6 Updates That I’m Paying Attention to with WordPress 4.7 – Vaughan

Download Our Free Guide

5 Entrepreneurs Share Their Favorite Business Books

18 Entrepreneurs and Business Owners Reveal Their Best Leadership Tips

30 Entrepreneurs Share Their Thoughts On the Role of Middle Management Within Organizations

30 Entrepreneurs Reveal The Future Trends They Anticipate in Entrepreneurship

27 Entrepreneurs Reveal The Future Trends They Anticipate in Entrepreneurship

12 Entrepreneurs Explain What Hustle Means To Them

7 Entrepreneurs Reveal Their Business Goals for 2024

27 Entrepreneurs List Their Favorite Business Books

14 Entrepreneurs Describe Their Leadership Style

30 Entrepreneurs Define The Term Disruption

25 Entrepreneurs Define Innovation And Disruption

16 Entrepreneurs Define The Term Disruption

15 Entrepreneurs Define Innovation And Disruption

• GUEST POSTS
• WEBSITE SUPPORT SERVICES
• FREE CBNation Buzz Newsletter
• Premium CEO Hack Buzz Newsletter

Business Plan 101: Critical Risks and Problems

When starting a business, it is understood that there are risks and problems associated with development. The business plan should contain some assumptions about these factors. If your investors discover some unstated negative factors associated with your company or its product, then this can cause some serious questions about the credibility of your company and question the monetary investment. If you are up front about identifying and discussing the risks that the company is undertaking, then this demonstrates the experience and skill of the management team and increase the credibility that you have with your investors.  It is never a good idea to try to hide any information that you have in terms of risks and problems.

Identifying the problems and risks that must be dealt with during the development and growth of the company is expected in the business plan. These risks may include any risk related to the industry, risk related to the company, and risk related to its employees. The company should also take into consideration the market appeal of the company, the timing of the product or development, and how the financing of the initial operations is going to occur. Some things that you may want to discuss in your plan includes: how cutting costs can affect you, any unfavorable industry trends, sales projections that do not meet the target, costs exceeding estimates, and other potential risks and problems.  The list should be tailored to your company and product. It is a good idea to include an idea of how you will react to these problems so your investors see that you have a plan.

Related Posts

Business Plan 101: Overall Schedule

Business plan 101: personal financial statement.

This Teach a CEO focuses on Google Business Profile formerly Google My Business. List your business on Google with a...

How can you get your products into Walmart? Many entrepreneurs struggle with the lack of ideas on where exactly they...

As we know that ‘Content is the King’, therefore, you must have an ability to write and share good quality...

WordPress 4.8 is named "Evans" in honor of jazz pianist and composer William John “Bill” Evans. There's not a log of...

Business Plan 101: Financial History

Leave a reply cancel reply.

Your email address will not be published. Required fields are marked *

Privacy Policy Agreement * I agree to the Terms & Conditions and Privacy Policy .

This site uses Akismet to reduce spam. Learn how your comment data is processed .

Join CBNation Buzz

Our Latest CBNation Content:

• IAM2068 – Marketing Expert Helps Authors Translate their Personal Stories into Bestsellers
• IAM2067 – Founder and Author Shares the Advantages of Robo Investing and How it has Evolved
• IAM2066 – Social Entrepreneur Owner of Insurance Agency Helps Families, Women and Girls Realize Their Dreams
• IAM2065 – Consultant, AR Man Journalist Helps Support Heavy Metal Artists
• Innovator and Author Enhances Cognitive Function through Neuroplasticity
• CEO Helps in Scaling Small Businesses with Personalized Communication

Our Sponsors

Join thousands of subscribers & be the first to get new freebies.

What is CBNation?

We're like a global business chamber but with content... lots of it.

CBNation includes a library of blogs, podcasts, videos and more helping CEOs, entrepreneurs and business owners level up

CBNation is a community of niche sites for CEOs, entrepreneurs and business owners through blogs, podcasts and video content. Started in much the same way as most small businesses, CBNation captures the essence of entrepreneurship by allowing entrepreneurs and business owners to have a voice.

CBNation curates content and provides news, information, events and even startup business tips for entrepreneurs, startups and business owners to succeed.

+ Mission: Increasing the success rate of CEOs, entrepreneurs and business owners.

+ Vision: The media of choice for CEOs, entrepreneurs and business owners.

+ Philosophy: We love CEOs, entrepreneurs and business owners and everything we do is driven by that. We highlight, capture and support entrepreneurship and start-ups through our niche blog sites.

Our Latest Content:

• IAM2064 – Award-Winning Speaker Helps Individuals Unlock their Greatness
• IAM2063 – CEO and Fitness Innovator Elevates the Future of Fitness Industry
• IAM2062 – CEO Empowers Businesses and Consumers by Leveraging on Using AI Technology
• IAM2061 – Property Management Expert Specializes in Short-Term and Mid-Term Rental Management

Privacy Overview

• Teach A CEO

Share on Mastodon

Uncovering Hidden Risks: A Comprehensive Guide to Business Plan Risk Analysis

A modern business plan that will lead your business on the road to success must have another critical element. That element is a part where you will need to cover possible risks related to your small business. So, you need to focus on  managing risk  and use  risk management processes  if you want to succeed as an entrepreneur.

How can you manage risks?

You can always plan and  predict  future things in a certain way that will happen, but your impact is not always in your hands. There are many  external factors  when it comes to the business world. They will always influence the realization of your plans. Not only the realization but also the results you will achieve in implementing the specific plan. Because of that, you need to look at these factors through the prism of the risk if you want to implement an appropriate management process while implementing your business plan.

By conducting a thorough risk analysis, you can manage risks by identifying potential threats and uncertainties that could impact your business. From market fluctuations and regulatory changes to competitive pressures and technological disruptions, no risk will go unnoticed. With these insights, you can develop contingency plans and implement risk mitigation strategies to safeguard your business’s interests.

This guide will provide practical tips and real-life examples to illustrate the importance of proper risk analysis. Whether you’re a startup founder preparing a business plan or a seasoned entrepreneur looking to reassess your risk management approach, this guide will equip you with the knowledge and tools to navigate the complex landscape of business risks.

Why is Risk Analysis Important for Business Planning?

Risk analysis is essential to business planning as it allows you to proactively identify and assess potential risks that could impact your business objectives. When you conduct a comprehensive risk analysis, you can gain a deeper understanding of the threats your business may face and can take proactive measures to mitigate them.

One of the key benefits of risk analysis is that it enables you to prioritize risks based on their potential impact and likelihood of occurrence . This helps you allocate resources effectively and develop contingency plans that address the most critical risks.

Additionally, risk analysis allows you to identify opportunities that may arise from certain risks , enabling you to capitalize on them and gain a competitive advantage.

It is important to adopt a systematic approach to effectively analyze risks in your business plan. This involves identifying risks across various market, operational, financial, and legal areas. By considering risks from multiple perspectives, you can develop a holistic understanding of your business’s potential challenges.

What is a Risk for Your Small Business?

In dictionaries, the risk is usually defined as:

The possibility of dangerous or bad consequences becomes true .

When it comes to businesses,  entrepreneurs , or in this case, the business planning process, it is possible that some aspects of the business plan will not be implemented as planned. Such a situation could have dangerous or harmful consequences for your small business.

It is simple. If you don’t implement something you have in your business plan, there will be some negative consequences for your small business.

Here is how you can  write the business plan in 30 steps .

Types of Risks in Business Planning

When conducting a business risk assessment for your business plan, it is essential to consider various types of risks that could impact your venture. Here are some common types of risks to be aware of:

1. Market risks

These risks arise from fluctuations in the market, including changes in consumer preferences, economic conditions, and industry trends. Market risks can impact your business’s demand, pricing, and market share.

2. Operational risk

Operational risk is associated with internal processes, systems, and human resources. These risks include equipment failure, supply chain disruptions, employee errors, and regulatory compliance issues.

3. Financial risks

Financial risks pertain to managing financial resources and include factors such as cash flow volatility, debt levels, currency fluctuations, and interest rate changes.

4. Legal and regulatory risks

Legal and regulatory risks arise from changes in laws, regulations, and compliance requirements. Failure to comply with legal and regulatory obligations can result in penalties, lawsuits, and reputational damage.

5. Technological risks

Technological risks arise from rapid technological advancements and the potential disruptions they can cause your business. These risks include cybersecurity threats, data breaches, and outdated technology infrastructure.

Basic Characteristics of Risk

Before you start with the development of your small  business risk  management process, you will need to know and consider the essential characteristics of the possible risk for your company.

What are the basic characteristics of a possible risk?

The risk for your company is partially unknown.

Your  entrepreneurial work  will be too easy if it is easy to predict possible risks for your company. The biggest problem is that the risk is partially unknown. Here we are talking about the future, and we want to prepare for that future. So, the risk is partially unknown because it will possibly appear in the future, not now.

The risk to your business will change over time.

Because your businesses operate in a highly dynamic environment, you cannot expect it to be something like the default. You cannot expect the risk to always exist in the same shape, form, or consequence for your company.

You can predict the risk.

It is something that, if we want, we can predict through a  systematic process . You can easily predict the risk if you install an appropriate risk management process in your small business.

The risk can and should be managed.

You can always focus your resources on eliminating or reducing risk in the areas expected to appear.

Risk Management Process You Should Implement

The risk management process cannot be seen as static in your company. Instead of that, it must be seen as an interactive process in which information will continuously be updated and analyzed. You and your small business members will act on them, and you will review all risk elements in a specified period.

Adopting a systematic approach to identifying and assessing risks in your business plan is crucial. Here are some steps to consider:

1. Risk Identification

First, you must identify risk areas . Ask and respond to the following questions:

• What are my company’s most significant risks?
• What are the risk types I will need to follow?

In business, identifying risk areas is the process of pinpointing potential threats or hazards that could negatively impact your business’s ability to conduct operations, achieve business objectives, or fulfill strategic goals.

Just as meteorologists use data to predict potential storms and help us prepare, you can use risk identification to foresee possible challenges and create plans to deal with them.

Risk can arise from various sources, such as financial uncertainty, legal liabilities, strategic management errors, accidents, natural disasters, and even pandemic situations. Natural disasters can not be predicted or avoided, but you can prepare if they appear.

For example, a retail business might identify risks like fluctuating market trends, supply chain disruptions, cybersecurity threats, or changes in consumer behavior. As you can see, the main risk areas are related to types of risk: market, financial, operational, legal and regulatory, and technological risks.

You can also use business model elements to start with something concrete:

• Value proposition,
• Customers ,
• Customers relationships ,
• Distribution channels,
• Key resources and
• Key partners.

It is not necessarily that there will be risk in all areas and that the risk will be with the same intensity for all areas. So, based on your business environment, the industry in which your business operates, and the business model, you will need to determine in which of these areas there is a possible risk.

Also, you must stay informed about external factors impacting your business, such as industry trends, economic conditions, and regulatory changes. This will help you identify emerging risks and adapt your risk management strategies accordingly.

The idea for this step is to create a table where you will have identified potential risks in each important area of your business.

2. Risk Profiling

Conduct a detailed analysis of each identified risk, including its potential impact on your business objectives and the likelihood of occurrence. This will help you develop a comprehensive understanding of the risks you face.

Qualitative Risk Analysis

The qualitative risk analysis process involves assessing and prioritizing risks based on ranking or scoring systems to classify risks into low, medium, or high categories. For this analysis, you can use customer surveys or interviews.

Qualitative risk analysis is quick, straightforward, and doesn’t require specialized statistical knowledge to conduct a business risk assessment. The main negative side is its subjectivity, as it relies heavily on thinking about something or expert judgment.

This method is best suited for initial risk assessments or when there is insufficient quantitative analysis data .

For example, if we consider the previously identified risk of a sudden shift in consumer preferences, a qualitative analysis might rate its likelihood as 7 out of 10 and its impact as 8 out of 10, placing it in the high-priority quadrant of our risk matrix. But, qualitative analysis can also use surveys and interviews where you can ask open questions and use the qualitative research process to make this scaling. This is much better because you want to lower the subjectivism level when doing business risk assessment.

Quantitative Risk Analysis

On the other side, the quantitative risk analysis method involves numerical and statistical techniques to estimate the probability and potential impact of risks. It provides more objective and detailed information about risks.

Quantitative risk analysis can provide specific, data-driven insights, making it easier to make informed decisions and allocate resources effectively. The negative side of this method is that it can be time-consuming, complex, and requires sufficient data.

You can use this approachfor more complex projects or when you need precise data to inform decisions, especially after a qualitative analysis has identified high-priority risks.

For example , for the risk of currency exchange rate fluctuations, a quantitative analysis might involve analyzing historical exchange rate data to calculate the probability of a significant fluctuation and then using your financial data to estimate the potential monetary impact.

Both methods play crucial roles in effectively managing risks. Qualitative risk analysis helps to identify and prioritize risks quickly, while quantitative analysis provides detailed insights for informed decision-making.

3. Business Risk Assessment Matrix

Once you have identified potential risks and analyzed their likelihood and potential impact, you can create a business risk assessment matrix to evaluate each risk’s likelihood and impact. This matrix will help you prioritize risks and allocate resources accordingly.

A business risk assessment matrix, sometimes called a probability and impact matrix, is a tool you can use to assess and prioritize different types of risks based on their likelihood (probability) and potential damage (impact). Here’s a step-by-step process to create one:

• Step 1: Begin by listing out your risks . For our example, let’s consider four of the risks we identified earlier: a sudden shift in consumer preferences (Market Risk), currency exchange rate fluctuations (Financial Risk), an increase in the minimum wage (Legal), and cybersecurity threats (Technological Risk).
• Step 2: Determine the likelihood of each risk occurring . In the process of risk profiling, we’ve determined that a sudden shift in consumer preferences is highly likely, currency exchange rate fluctuations are moderately likely, an increase in the minimum wage, and cybersecurity threats are less likely but still possible.
• Step 3: Assess the potential impact of each risk on your business if it were to occur . In our example, we might find that a sudden shift in consumer preferences could have a high impact, currency exchange rate fluctuations a moderate impact, an increase in minimum wage minor impact, and cybersecurity threats a high impact.
• Step 4: Plot these risks on your risk matrix . The vertical axis represents the likelihood (high to low), and the horizontal axis represents the consequences (high to low).

By visualizing these risks in a risk assessment matrix format, you can more easily identify which risks require immediate attention and which ones might need long-term strategies.

4. Develop Risk Indicators for Each Risk You Have Identified

The question is, how will you measure the business risks for your company?

Risk indicators are metrics used to measure and predict potential threats to your business. Simply, a risk indicator is a measure that should tell you whether the risk appears or not in a particular area you have defined previously. They act like a business’s early warning system. When these indicators change, it’s a signal that the risk level may be increasing.

For example, for distribution channels, an indicator can be a delay in delivery for a minimum of three days. This indicator will tell you something is wrong with that channel, and you must respond appropriately.

Now, let’s consider some risk indicators for the risks we have already identified and analyzed:

If you conduct all the steps until now, you can have a similar table with risk indicators in your business plan. You should monitor these indicators regularly, and if you notice a significant change, such as a drop in sales or an increase in attempted breaches, it’s time to investigate and take some action steps. This might involve updating your product line, hedging against currency risk, budgeting for higher wages, or improving your cybersecurity measures.

Remember, risk indicators can’t predict the future with certainty. But they can give you valuable insights that can help you prepare for potential threats.

5. Define Possible Action Steps

The question is, what can you do regarding the risk if the risk indicator tells you that there is a potential risk?

Once the risk has appeared and is located, it is time to take concrete action steps. The goals of this step are not only to reduce or eliminate the impact of the risk for your company but also to prevent them in the future and reduce or eliminate their influence on the business operations or the execution of your business plan.

For example, for distribution channels with delivery delayed more than three days, possible activities can be the following:

• Apologizing to the customers for the delay,
• Determining the reasons for the delay,
• Analysis of the reasons,
• Removing the reasons,
• Consideration of alternative distribution channels, etc.

In this part of the business plan for each risk area and indicator, try to standardize all possible actions. You can not expect that they will be final. But, you can cover some basic guidelines that must be implemented if the risk appears. Here is an example of how this part will look in your business plan related to risks we have already identified through the risk assessment process.

6. Monitoring

Because this risk management process is dynamic , you must apply the monitoring process. In such a way, you can ensure the elimination of a specific kind of risk in the future, and you will allocate your resources to new possible risks.

After implementing the actions, you need to ask yourself the following questions:

• Are the actions taken regarding the risk the proper measures?
• Can you improve something regarding the risk management process? Is there a need for new risk indicators?

Techniques and Tools for Business Plan Risk Assessment

Various risk analysis methods, techniques, and tools are available to conduct an effective risk analysis for your business plan. Here are some commonly used ones:

1. SWOT analysis

A SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis can help you identify internal strengths and weaknesses and external opportunities and threats. This analysis provides valuable insights into possible business risks and opportunities.

2. PESTEL analysis

A PESTEL (Political, Economic, Sociocultural, Technological, Environmental, Legal) analysis assesses the external factors that could impact your business. This analysis will help you identify risks and opportunities arising from these factors.

3. Scenario analysis

Consider different scenarios that could impact your business, such as best-case, worst-case, and most likely scenarios, as a part of your risk assessment process. You can anticipate potential risks and develop appropriate response strategies by analyzing these scenarios.

4. Monte Carlo simulation

Monte Carlo simulation uses random sampling and probability distributions to model various scenarios and assess their potential impact on your business. This technique provides you with a more accurate understanding of risk exposure.

5. Risk register

A risk register is a risk analysis tool that helps you record and track identified risks and their relevant details, such as impact, likelihood, mitigation strategies, and responsible parties. This tool ensures that risks are appropriately managed and monitored.

6. Business Impact Analysis (BIA)

Business impact analysis helps you understand the potential effects of various disruptions on your business operations and objectives. It’s about identifying what could go wrong and understanding how it could impact your bottom line. So, you can conduct business impact analysis as a part of your risk assessment inside your business plan.

7. Failure Mode and Effects Analysis (FMEA)

Using FMEA in your risk assessment process, you can proactively address potential problems, ensuring your business operations run as smoothly as you planned. It’s all about preparing for the worst while striving for the best.

8. Risk-Benefit Analysis (RBA)

The risk-benefit analysis allows you to make informed decisions, balancing the potential for gain against the potential for loss. It helps you choose the best path, even when the way forward isn’t entirely clear. This tool is a systematic approach to understanding the specific business risk and benefits associated with a decision, process, or project.

9. Cost-Benefit Analysis

By conducting a cost-benefit analysis as a part of your risk assessments, you can make data-driven decisions that consider both the possible risks (costs) and rewards (benefits). This approach provides a clear picture of the potential return on investment, enabling more effective and confident decision-making.

These techniques and tools allow you to conduct a comprehensive risk analysis for your business plan.

Mitigating and Managing Risks in a Business Plan

Identifying risks in your business plan is only the first step. To ensure the success of your venture, it is crucial to develop effective risk mitigation and management strategies. Here are some critical steps to consider:

• Risk avoidance : Some risks may be too high to justify taking. In such cases, consider avoiding these risks altogether by adjusting your business plan or exploring alternative strategies.
• Risk transfer : Transferring risks to third parties, such as insurance companies or outsourcing partners, can help mitigate their impact on your business. Evaluate opportunities for risk transfer and consider appropriate insurance coverage.
• Risk reduction : Implement measures to reduce the likelihood and impact of identified risks. This may involve improving internal processes, implementing safety protocols, or diversifying your supplier base .
• Risk acceptance : Some risks may be unavoidable or negatively impact your business. In such cases, accepting the risks and developing contingency plans can help minimize their impact.

In conclusion, a comprehensive risk analysis is essential for identifying, assessing, and managing different types of risk that could impact your success.

Conducting a thorough risk analysis can safeguard your business’s interests, capitalize on opportunities, and increase your chances of long-term success.

Related Posts

Risk Management Guide: Everything You Need to Know About Business Risk

Why Prioritizing Risk Management is Crucial for Healthcare Businesses

Start typing and press enter to search.

• Starting a Business
• Growing a Business
• Small Business Guide
• Business News
• Science & Technology
• Money & Finance
• For Subscribers
• Write for Entrepreneur
• Entrepreneur Store
• United States
• Asia Pacific
• Middle East
• South Africa

Copyright © 2024 Entrepreneur Media, LLC All rights reserved. Entrepreneur® and its related marks are registered trademarks of Entrepreneur Media LLC

Business Plan Risks How to present your business risks without scaring away investors

By Stever Robbins • Dec 11, 2004

Opinions expressed by Entrepreneur contributors are their own.

Q: I would like to include a risk analysis in my business plan. I don't know how to show risks without sending investors into an anxious frenzy.

A: Any start-up idea will have enough risk to fill a dozen business plans. No investor expects a risk-free plan. Angels and VCs know start-ups are incredibly risky. If they don't, don't take their money--they don't know what they're doing! Most projects fail for reasons that could have been (and sometimes were) predicted far in advance. Since entrepreneurs are optimistic folks by nature: They tend to brush off predictions of doom and charge ahead assuming they will find a way to overcome. You can often avoid the most dire scenarios with intelligent upfront risk planning.

The risk analysis in your plan is to show that you've thought through risks, that you know how to plan for probable risks, and that your plan can survive when things go wrong.

Your plan can address several kinds of risk. You don't need to address every kind of risk in the book, but pick the risk categories that are most relevant to your company and include a paragraph or two about each:

• Product risk is the risk that the product can't be created. Biotech firms often have a high degree of product risk. They never know for sure they can produce the drug they are hoping to produce.
• Market risk is the risk that the market will develop differently than expected. Sometimes markets take too long to develop, and cash runs out while a company is waiting for customers.
• People risk is big in companies that depend on having certain employees or certain kinds of employees. I was with a company that had hired one of the world experts in a certain type of 3-D modeling. It was possible that without this man on board and happy, the company wouldn't be able to create their product.
• Financial risk is the risk that a company will run out of money or mismanage their money in some way. Finance companies may have huge financial risk, since bad lending policies combined with poor investment policies can sink them.
• Competitive risk is the risk that a competing product or service will be able to win. Many Web-based businesses have high competitive risk since they can be started with little money and have no way of locking in customers.

What investors want is to know that you are prepared to respond to risks. To the extent possible, outline what your response is to the risk you anticipate. After all, assuming you get funding, those risks may really come to pass. And you will really have to do something about it. By showing investors some of the alternatives you've thought through, you raise their confidence that you'll be able to deal if things don't go according to plan.

For example, consider the risk to a restaurant that people won't come back. What are the reasons you believe that would happen? What can you do to keep that from happening in the first place? It amazes me how many restaurants have a lousy menu selection or bad food and go under without ever asking customers, "Did you enjoy your meal? What could we do to make it better?" An at-the-table survey may be how you propose to avoid having the wrong menu. If things go wrong, you may decide to proactively invite critics to the restaurant for specific feedback on how to make the experience better.

The key is acknowledging that things can go wrong and demonstrating some creativity in finding a solution. You certainly needn't respond to every risk imaginable. Your goal is to provide enough to help your investors feel secure that you have anticipated and dealt with major risks, and they can count on you to handle things that come up once the business is under way.

Stever Robbins is a consultant specializing in mastering overwhelm, power and influence. The author of It Takes a Lot More Than Attitude...to Lead a Stellar Organization , he has been a team member or co-founder of nine startups, an advisor and angel investor, and co-developer of Harvard's MBA program. You can find his other articles and information at SteverRobbins.com .

This article originally appeared on Entrepreneur.com in 2002.

Stever Robbins is a venture coach, helping entrepreneurs and early-stage companies develop the attitudes, skills and capabilities needed to succeed. He brings to bear skills as an entrepreneur, teacher and technologist in helping others create successful ventures.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick Red Arrow

• A Student in an Ivy League University's Most Popular MBA Leadership Class Asked a Tough Question: What If Your Boss's Downfall Is Necessary to Get Ahead?
• Lock Zillow Co-Founder Shares a 'Misunderstood' Truth About Starting, Funding and Selling Your Company
• Lisa Vanderpump Says If You Want to Run a Business, Get Some Thicker Skin
• Lock These Are the 10 Best States for Starting a Side Hustle , New Research Reveals
• Popular Appetite Suppressant Ozempic Can Be Made for Less Than $5 a Month , New Research Suggests
• Lock Bankruptcy Isn't a Sign of Failure — It's a Strategy. Here's Why It Might Be the Right Move for You .

Most Popular Red Arrow

Getting laid off allowed him to focus on his sentimental side hustle. now he's on track to earn over $700,000 in 2024..

Alaa El Ghatit wasn't fulfilled at his day job. So he started LifeOnRecord to help people record memories and well wishes.

This Is the Framework You Need to Create a Brand Worth Your Customers' Loyalty and Make More Money Doing It

The first impression your customers will get of your business in this day and age is your website — so it needs to be created with intent. Here's how to use compelling storytelling on your website and one specific framework to capture their attention.

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

This Once Single Mom Had Negative $1,500 in Her Bank Account Before She Started a Lucrative Side Hustle — and Earned $100,000 Within 1 Year

Dixie Bagley did a friend a favor — and it turned into a high-paying business opportunity.

Scale Your Content Output with Write Bot — Now Just $40

This AI content writer can save you time and money, especially now that it's just $39.99 for a lifetime subscription.

You Need a Community With Shared Values to Find Long-Term Success — Here's How to Cultivate It.

Entrepreneurs need to remember this growth strategy: nurturing a purpose-driven community of like-minded entrepreneurs around them.

Successfully copied link

.css-s5s6ko{margin-right:42px;color:#F5F4F3;}@media (max-width: 1120px){.css-s5s6ko{margin-right:12px;}} Join us: Learn how to build a trusted AI strategy to support your company's intelligent transformation, featuring Forrester .css-1ixh9fn{display:inline-block;}@media (max-width: 480px){.css-1ixh9fn{display:block;margin-top:12px;}} .css-1uaoevr-heading-6{font-size:14px;line-height:24px;font-weight:500;-webkit-text-decoration:underline;text-decoration:underline;color:#F5F4F3;}.css-1uaoevr-heading-6:hover{color:#F5F4F3;} .css-ora5nu-heading-6{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:start;-ms-flex-pack:start;-webkit-justify-content:flex-start;justify-content:flex-start;color:#0D0E10;-webkit-transition:all 0.3s;transition:all 0.3s;position:relative;font-size:16px;line-height:28px;padding:0;font-size:14px;line-height:24px;font-weight:500;-webkit-text-decoration:underline;text-decoration:underline;color:#F5F4F3;}.css-ora5nu-heading-6:hover{border-bottom:0;color:#CD4848;}.css-ora5nu-heading-6:hover path{fill:#CD4848;}.css-ora5nu-heading-6:hover div{border-color:#CD4848;}.css-ora5nu-heading-6:hover div:before{border-left-color:#CD4848;}.css-ora5nu-heading-6:active{border-bottom:0;background-color:#EBE8E8;color:#0D0E10;}.css-ora5nu-heading-6:active path{fill:#0D0E10;}.css-ora5nu-heading-6:active div{border-color:#0D0E10;}.css-ora5nu-heading-6:active div:before{border-left-color:#0D0E10;}.css-ora5nu-heading-6:hover{color:#F5F4F3;} Register now .css-1k6cidy{width:11px;height:11px;margin-left:8px;}.css-1k6cidy path{fill:currentColor;}

• Business strategy |
• What is a contingency plan? A guide to ...

What is a contingency plan? A guide to contingency planning

A business contingency plan is a backup strategy for your team or organization. It lays out how you’ll respond if unforeseen events knock your plans off track—like how you’ll pivot if you lose a key client, or what you’ll do if your software service goes down for more than three hours. Get step-by-step instructions to create an effective contingency plan, so if the unexpected happens, your team can spring into action and get things back on track.

No one wants Plan A to fail—but having a strong plan B in place is the best way to be prepared for any situation. With a solid backup plan, you can effectively respond to unforeseen events effectively and get back on track as quickly as possible. 

A contingency plan is a proactive strategy to help you address negative developments and ensure business continuity. In this article, learn how to create a contingency plan for unexpected events and build recovery strategies to ensure your business remains healthy.

What is contingency planning?

What is a contingency plan .

A contingency plan is a strategy for how your organization will respond to important or business-critical events that knock your original plans off track. Executed correctly, a business contingency plan can mitigate risk and help you get back to business as usual—as quickly as possible. 

You might be familiar with contingency plans to respond to natural disasters—businesses and governments typically create contingency plans for disaster recovery after floods, earthquakes, or tornadoes. 

But contingency plans are just as important for business risks. For example, you might create a contingency plan outlining what you will do if your primary competitors merge or how you’ll pivot if you lose a key client. You could even create a contingency plan for smaller occurrences that would have a big impact—like your software service going down for more than three hours.

Contingency planning vs risk management

Project risk management is the process of identifying, monitoring, and addressing project-level risks. Apply project risk management at the beginning of the project planning process to prepare for any risks that might come up. To do so, create a risk register to identify and monitor potential project risks. If a risk does happen, you can use your risk register to proactively target that risk and resolve it as quickly as possible. 

A contingency plan is similar to a project risk management plan or a crisis management plan because it also helps you identify and resolve risks. However, a business contingency plan should cover risks that span multiple projects or even risks that could affect multiple departments. To create a contingency plan, identify and prepare for large, business-level risks.

Contingency planning vs crisis management

Contingency planning is a proactive approach that prepares organizations for potential emergencies by implementing pre-planned risk mitigation strategies. It involves identifying threats and crafting strategies in advance. 

Crisis management , on the other hand, is reactive, focusing on immediate response and damage control when a crisis occurs. While contingency planning sets the stage for effective handling of emergencies, crisis management involves real-time decision-making and project management during an actual crisis. Both are important for organizations and businesses to maintain their stability and resilience.

Contingency plan examples

There are a variety of reasons you’d want to set up a contingency plan. Rather than building one contingency plan, you should build one plan for each type of large-scale risk or disaster that might strike. 

Business contingency plan

A business contingency plan is a specialized strategy that organizations develop to respond to particular, unforeseen events that threaten to disrupt regular operations. It's kind of like a business continuity plan, but there's one key difference. 

While business continuity plans aim to ensure the uninterrupted operation of the entire business during a crisis, a business contingency plan zeroes in on procedures and solutions for specific critical incidents, such as data breaches, supply chain interruptions, or key staff unavailability. 

A business contingency plan could include:

Strategies to ensure minimal operational disruption during crises, such as unexpected market shifts, regulatory compliance changes, or severe staff shortages.

Partnerships with external agencies that can provide support in scenarios like environmental hazards or public health emergencies.

A comprehensive communication strategy with internal and external stakeholders to provide clear, timely information flow during crises like brand reputation threats or legal challenges.

Environmental contingency plan

While severe earthquakes aren’t particularly common, being unprepared when “the big one” strikes could prove to be catastrophic. This is why governments and businesses in regions prone to earthquakes create preparedness initiatives and contingency plans.

A government contingency plan for an earthquake could include things like: 

The names and information of the people designated to handle certain tasks in advance to ensure the emergency response is quick and concise

Ways to educate the public on how to respond when an earthquake hits

A timeline for emergency responders.

Technology contingency plan

If your business is particularly data-heavy, for example, ensuring the safety and cybersecurity of your information systems is critical. Whether a power surge damages your servers or a hacker attempts to infiltrate your network, you’ll want to have an emergency response in place.

A business’s contingency plan for a data breach could involve: 

Steps to take and key team members to notify in order to get data adequately secured once more

The names and information of stakeholders to contact to discuss the impact of the data breach and the plan to protect their investment

A timeline to document what is being done to address the breach and what will need to be done to prevent data breaches in the future

Supply chain contingency plan

Businesses that are integral parts of the supply chain, such as manufacturing entities, retail companies, and logistics providers, need an effective supply chain contingency plan to continue functioning smoothly under unforeseen circumstances.

These plans hedge against supply chain disruptions caused by events like natural disasters or technological outages and help organizations reduce downtime and ensure real-time operational capabilities. 

A supply chain contingency plan could include:

Secure critical data and systems while promptly notifying key team members, such as IT staff and management, for immediate action.

A predetermined list of essential stakeholders, including suppliers, customers, investors, and authorities, should be contacted to inform them about the disruption and steps being taken.

A detailed timeline is essential for documenting the immediate response and outlining long-term strategies to prevent future disruptions in the supply chain.

Pandemic contingency plan

In the face of a global health crisis, a pandemic contingency plan is vital for organizations in healthcare, retail, and manufacturing. This plan focuses on mitigation strategies to minimize operational disruptions and ensure the safety of employees while maintaining business continuity. 

A pandemic response plan could include:

A comprehensive health and safety protocol for employees, which integrates regular health screenings, detailed risk analysis, and emergency medical support as key components.

Flexible work arrangements and protocols for remote operations and digital communication.

A list of key personnel and communication channels for immediate response and coordination.

Regularly reviewing and adapting the pandemic contingency plan as part of an ongoing disaster recovery plan to address evolving challenges and lessons learned.

How to create a contingency plan

You can create a contingency plan at various levels of your organization. For example, if you're a team lead, you could create a contingency plan for your team or department. Alternatively, company executives should create business contingency plans for situations that could impact the entire organization. 

As you create your contingency plan, make sure you evaluate the likelihood and severity of each risk. Then, once you’ve created your plan—or plans—get it approved by your manager or department head. That way, if a negative event does occur, your team can leap to action and quickly resolve the risk without having to wait for approvals.

1. Make a list of risks

Before you can resolve risks, you first need to identify them. Start by making a list of any and all risks that might impact your company. Remember: there are different levels of contingency planning—you could be planning at the business, department, or program level. Make sure your contingency plans are aligned with the scope and magnitude of the risks you’re responsible for addressing. 

A contingency plan is a large-scale effort, so hold a brainstorming session with relevant stakeholders to identify and discuss potential risks. If you aren’t sure who should be included in your brainstorming session, create a stakeholder analysis map to identify who should be involved.

2. Weigh risks based on severity and likelihood

You don’t need to create a contingency plan for every risk you lay out. Once you outline risks and potential threats, work with your stakeholders to identify the potential impact of each risk. 

Evaluate each risk based on two metrics: the severity of the impact if the risk were to happen and the likelihood of the risk occurring. During the risk assessment phase, assign each risk a severity and likelihood—we recommend using high, medium, and low. 

3. Identify important risks

Once you’ve assigned severity and likelihood to each risk, it’s up to you and your stakeholders to decide which risks are most important to address. For example, you should definitely create a contingency plan for a risk that’s high likelihood and high severity, whereas you probably don’t need to create a contingency plan for a risk that’s low likelihood and low severity. 

You and your stakeholders should decide where to draw the line.

4. Conduct a business impact analysis

A business impact analysis (BIA) is a deep dive into your operations to identify exactly which systems keep your operations ticking. A BIA will help you predict what impact a specific risk could have on your business and, in turn, the response you and your team should take if that risk were to occur. 

Understanding the severity and likelihood of each risk will help you determine exactly how you will need to proceed to minimize the impact of the threat to your business. 

For example, what are you going to do about risks that have low severity but high likelihood? What about risks that are high in severity, but relatively low in likelihood? 

Determining exactly what makes your business tick will help you create a contingency plan for every risk, no matter the likelihood or severity.  

5. Create contingency plans for the biggest risks

Create a contingency plan for each risk you’ve identified as important. As part of that contingency plan, describe the risk and brainstorm what your team will do if the risk comes to pass. Each plan should include all of the steps you need to take to return to business as usual.

Your contingency plan should include information about:

The triggers that will set this plan into motion

The immediate response

Who should be involved and informed?

Key responsibilities, including a RACI chart if necessary

The timeline of your response (i.e. immediate things to do vs. longer-term things to do)

For example, let’s say you’ve identified a potential staff shortage as a likely and severe risk. This would significantly impact normal operations, so you want to create a contingency plan to prepare for it. Each person on your team has a very particular skill set, and it would be difficult to manage team responsibilities if more than one person left at the same time. Your contingency plan might include who can cover certain projects or processes while you hire a backfill, or how to improve team documentation to prevent siloed skillsets. 

6. Get approval for contingency plans

Make sure relevant company leaders know about the plan and agree with your course of action. This is especially relevant if you’re creating team- or department-level plans. By creating a contingency plan, you’re empowering your team to respond quickly to a risk, but you want to make sure that course of action is the right one. Plus, pre-approval will allow you to set the plan in motion with confidence—knowing you’re on the right track—and without having to ask for approvals beforehand.

7. Share your contingency plans

Once you’ve created your contingency plans, share them with the right people. Make sure everyone knows what you’ll do, so if and when the time comes, you can act as quickly and seamlessly as possible. Keep your contingency plans in a central source of truth so everyone can easily access them if necessary.

Creating a project in a work management platform is a great way of distributing the plan and ensuring everyone has a step-by-step guide for how to enact it.

8. Monitor contingency plans

Review your contingency plan frequently to make sure it’s still accurate. Take into account new risks or new opportunities, like new hires or a changing business landscape. If a new executive leader joins the team, make sure to surface the contingency plan for their review as well. 

9. Create new contingency plans (if necessary)

It’s great if you’ve created contingency plans for all the risks you found, but make sure you’re constantly monitoring for new risks. If you discover a new risk, and it has a high enough severity or likelihood, create a new contingency plan for that risk. Likewise, you may look back on your plans and realize that some of the scenarios you once worried about aren’t likely to happen or, if they do, they won’t impact your team as much.

Common contingency planning pitfalls—and how to avoid them

A contingency plan is a powerful tool to help you get back to normal business functions quickly. To ensure your contingency planning process is as smooth as possible, watch out for common pitfalls, like: 

Lack of buy-in

It takes a lot of work to create a contingency plan, so before you get started, ensure you have support from executive stakeholders. As you create your plan, continuously check in with your sponsors to ensure you’ve addressed key risks and that your action plan is solid. By doing so, you can ensure your stakeholders see your contingency plan as something they can get behind.

Bias against “Plan B” thinking

Some company cultures don’t like to think of Plan B—they like to throw everything they have at Plan A and hope it works. But thinking this way can actually expose your team to more risks than if you proactively create a Plan B.

Think of it like checking the weather before going sailing so you don’t accidentally get caught in a storm. Nine times out of ten, a clear sunny day won’t suddenly turn stormy, but it’s always better to be prepared. Creating a contingency plan can help you ensure that, if a negative event does occur, your company will be ready to face it and bounce back as quickly as possible. 

One-and-done contingency plans

It takes a lot of work to put a contingency plan together. Sometimes when you’ve finished, it can be tempting to consider it a job well done and forget about it. But make sure you schedule regular reminders (maybe once or twice a year) to review and update your contingency plan if necessary. If new risks pop up, or if your business operations change, updating your contingency plan can ensure you have the best response to negative events.  

You’ve created a contingency plan—now what?

A contingency plan can be a lot of work to create, but if you ever need to use it, you’ll be glad you made one. In addition to creating a strong contingency plan, make sure you keep your plan up-to-date.

Being proactive can help you mitigate risks before they happen—so make sure to communicate your contingency plan to the team members who will be responsible for carrying them out if a risk does happen. Don’t leave your contingency plan in a document to collect dust—after creating it, you should use it if need be!

Once you’ve created the plan, make sure you store it in a central location that everyone can access, like a work management platform . If it does come time to use one of your contingency plans, storing them in a centrally accessible location can help your team quickly turn plans into action.

Related resources

Solve your tech overload with an intelligent transformation

9 steps to craft a successful go-to-market (GTM) strategy

Unmanaged business goals don’t work. Here’s what does.

How Asana uses work management to effectively manage goals

Why Are Major Risks in the Business Plan?

• Small Business
• Business Planning & Strategy
• Business Risk
• ')" data-event="social share" data-info="Pinterest" aria-label="Share on Pinterest">
• ')" data-event="social share" data-info="Reddit" aria-label="Share on Reddit">
• ')" data-event="social share" data-info="Flipboard" aria-label="Share on Flipboard">

Purpose of Financial Analysis

Strategic analysis of a company, what is 'systems thinking' in business.

• The Purpose of Analytical Business Reports
• Fundamental Principles of Strategic & Business Planning Models

Risk factors are possible events that, should they happen, could cause a company’s revenues or profits to be lower than what the owner had forecast. They are a standard part of a thorough business plan, whether the plan is designed for internal use by the management team or will be presented to outside investors. Risk factors are also called threats, because they threaten the business’s success and in extreme circumstances even its survival.

Encourages Contingency Planning

The risk factors section of the business plan should go beyond simply listing what might go wrong. Being aware of what could negatively impact the company is important, but the real value of including risk factors is the business owner’s thinking process to determine how she would mitigate the risks to minimize the financial damage to her company. The thinking process is referred to as contingency planning, also know as “what if” analysis. The business owner will make changes to her marketing strategies, operations and financial management in response to these risks becoming a reality.

Focus on the Business Environment

A company should have a system in place to gather information about emerging or potential risks. Monitoring competitors on an ongoing basis is one aspect of this system. The decisions a company’s competitors make pose threats, because they are designed to give the competitors a stronger market position by taking potential business away from the company. Risk factors are not just considered at the time the company is preparing its annual business plan -- they are year-round considerations, because new threats emerge throughout the year.

Alert Potential Investors

A venture capital firm or angel investor that is contemplating putting money into a business enterprise must assess the risk that the company’s financial results will be lower than forecast. The value of the company grows as the revenues and profits of the business grow. The risk factors alert the investor to the fact there is always a possibility of losing part or all of the money he puts into the company. If the investor believes the risks could severely hurt the company should they occur, he may decline to make the investment. As a practical matter, sophisticated investors do their own risk analysis prior to putting money in a company, but the fact the management team is aware of, and has strategies for dealing with, the risks can make the investors more confident about the management team’s abilities.

Moving Forward Confidently

Analyzing risk factors allows the management team to be confident it is ready for whatever business environment the company may face in the upcoming year and beyond. The team has strategies in place that can be quickly implemented to minimize the damage caused by threats from competitors or changes in the overall economy. The management team assesses which risks are most likely to become actual threats and which have a very low likelihood of occurring. Owners of companies will always have external threats to worry about, but the risk analysis process helps reduce the number of worries to those that have the potential to negatively impact their revenues or profits.

• Inc.: Managing Risk in a New Venture

Brian Hill is the author of four popular business and finance books: "The Making of a Bestseller," "Inside Secrets to Venture Capital," "Attracting Capital from Angels" and his latest book, published in 2013, "The Pocket Small Business Owner's Guide to Business Plans."

Related Articles

How do changes in the business environment affect the cost and profit analysis, why perform a swot analysis, what happens when businesses have contingency plans, key concepts of financial management, business enterprise planning, what is the business planning process, what are the parts of an effective risk management program, what is the meaning of corporate planning, assessment strategies in business, most popular.

• 1 How Do Changes in the Business Environment Affect the Cost and Profit Analysis?
• 2 Why Perform a SWOT Analysis?
• 3 What Happens When Businesses Have Contingency Plans?
• 4 Key Concepts of Financial Management

More From Forbes

How To Start Writing A Business Plan That Works

• Share to Facebook
• Share to Twitter
• Share to Linkedin

For the entrepreneur, knowing how to start writing a business plan can be as exhilarating as it is overwhelming. The business plan is a foundational document and the blueprint of your business and is critical for securing funding, setting clear goals, and communicating your vision to the world.

Let’s explore the significance of a business plan, the essential elements it should include, and strategies to forge a plan that resonates with stakeholders and steers your business toward success.

Whether you are about to launch your first business or need to revitalize an existing business strategy, a business plan provides the foundation that supports your entrepreneurial journey.

Why a Business Plan Is Needed

A business plan is not solely for the benefit of a bank manager or an investor . The business plan is a document that helps bring clarity to your vision and can guide every decision and strategy within your company.

A well written business plan forces you to put your goals and ideas into concrete, manageable steps. It cuts through the noise, ensuring you stay focused on what truly matters for your business’s growth.

Best High-Yield Savings Accounts Of 2024

Best 5% interest savings accounts of 2024.

For startups looking to secure that critical initial investment, a business plan is often the first point of reference for potential backers. It’s a chance to sell your vision, show your financial acumen, and demonstrate a roadmap to profit.

Identifying potential pitfalls early is a vital aspect of proactive business ownership. A good business plan helps you prepare for the unexpected and develop strategies to mitigate risk and safeguard the longevity of your business.

Setting clear, measurable goals in your business plan provides a framework for tracking your progress. This will give you the insight needed to pivot or double down on strategies as the market dictates.

Creating Your Story

Before you start drafting sections and compiling data, step back and consider the story of your business. Your plan should be like a good book, with a clear narrative arc that compels the reader from the first sentence to the last.

Any good story is rooted in an understanding of the world it inhabits. Your business's narrative begins with a comprehensive analysis of the industry in which you operate, as well as the consumers you aim to serve.

Think about how you define your unique selling proposition (USP) . What sets your business apart from competitors? All good stories have a unique twist, and your business plan should articulate what makes your venture different from, and better than, the competition.

Introduce your team into the story. Highlight their expertise, experience, and any relevant achievements that lend credibility to the business’s ability to execute on its vision.

Writing Your Business Plan Is Just the Beginning

A business plan can span from a quick roadmap sketched on the back of a napkin to a hefty document carefully crafted to align with industry standards. Regardless of size, it should contain certain fundamental elements .

The act of writing a business plan, while pivotal, is just the first step in an ongoing process of refinement and execution.

Here’s how to make sure your business plan is a living document:

1. Regular reviews and updates

Markets shift, consumer behavior changes, and your business will grow. Your plan must evolve with these factors, which makes regular reviews and updates a must-do.

2. Be realistic

It’s essential to be both ambitious and realistic in your plan. Don’t over-inflate projections or underestimate costs. An unrealistic plan is as unattractive to investors as a lack of vision and ambition.

3. Seek professional input

Don’t be afraid to ask for help. Experienced business advisors, accountants, and mentors can provide invaluable feedback and spot issues you may have missed.

4. Start small

Your first draft doesn’t have to be perfect. Write down your initial thoughts, outline your ideas, and refine them over time. Starting with a large plan can be intimidating but working on it gradually can be a more manageable and effective approach.

The bottom line is that writing a business plan can feel overwhelming, but with the right approach and attention to detail, you can create a document that not only articulates your vision but actively works to make that vision a reality. It’s a living, breathing narrative that outlines your business’s course of action, and should be treated with care and enthusiasm.

Melissa Houston, CPA is the author of Cash Confident: An Entrepreneur’s Guide to Creating a Profitable Business . She is the founder of She Means Profit, which is a podcast and blog . As a Finance Strategist for small business owners, Melissa helps successful business owners increase their profit margins so that they keep more money in their pocket and increase their net worth.

The opinions expressed in this article are not intended to replace any professional or expert accounting and/or tax advice whatsoever.

• Editorial Standards
• Reprints & Permissions

New-business building: Six cybersecurity and digital beliefs that can create risk

If it’s a great idea, just do it. In boardrooms around the world, entrepreneurial leaders understand that successful business building is about putting words into action. Nobody ever created a unicorn by having another meeting. Still, while business leaders are renowned for their ability to get things done, there is a flip side to the value creation gene. In the rush to market, it is easy to forget that the world’s most successful companies have often withstood early threats to their viability. Indeed, our experience shows that business leaders who build resilience into their strategies are most likely to create winning propositions.

About the authors

This commentary is a collaborative effort by Justin Greis , Ari Libarikian , Patrick Rinski , Joy Smith, and Marc Sorel , representing views from McKinsey’s Cybersecurity Practice and McKinsey Digital.

Business building is high on CEO agendas: in a recent McKinsey Global Survey, eight in ten CEOs cite new-business building as a top five priority, despite heightened economic volatility. 1 The online survey was in the field from July 19 to September 1, 2022, and garnered responses from 1,007 participants representing the full range of regions, industries, company sizes, functional specialties, and tenures. To adjust for differences in response rates, the data are weighted by the contribution of each respondent’s nation to global GDP. Business leaders are building 50 percent more new businesses per year than they did two to five years ago. And every dollar of revenue from new businesses generates almost twice the enterprise value of every dollar of core business revenues.

McKinsey commentary — Vinnie Liu, CEO, Bishop Fox

"In cybersecurity, a common misconception prevails: many assume that attackers exclusively target large enterprises. The reality, however, is quite the opposite. Attackers have evolved to strategically focus on the weakest links within a business’s ecosystem, spanning supply chains, vendors, subsidiaries, and newly incubated ventures. They exploit these smaller, less protected targets because the risk–reward balance heavily favors them. Furthermore, these smaller entities often hold trusted relationships with larger organizations, providing exploitable entry points.

Another prevalent misconception is that attackers are only interested in customer records or personal data. The underground economy has evolved considerably, making any type of data valuable. Credit card details and personally identifiable information represent just a fraction of the broader spectrum. The black market value chain’s industrialization gives value to a diversity of data types, while also creating opportunities in non-data-related theft (that is, ransomware). This shift is evident as nearly all companies, regardless of industry, now safeguard not only their assets but also their critical operational capabilities—as demonstrated by recent incidents involving critical infrastructure like oil pipelines, ocean shipping, and meat processors.

For most organizations, the failure to prioritize security from the outset is akin to hanging drywall in a building before installing the plumbing. An emerging trend in enterprises is for buyers to require that suppliers and vendors exhibit a suitable level of cybersecurity diligence commensurate with their stage and size. While not every security measure is mandatory, a lack of sufficient safeguards is no longer acceptable.”

Still, new businesses also create unseen risks. For instance, in digital-business building, one commonly overlooked area is cybersecurity—the protection of information systems and networks from attacks by malicious actors. At the current rate of growth, it is estimated that cybercrime costs will reach about $10.5 trillion annually by 2025—a 300 percent increase from 2015 levels. 2 Steve Morgan, “2022 Cybersecurity Almanac: 100 facts, figures, predictions, and statistics,” Cybercrime Magazine , January 19, 2022. Still, decision makers often fall victim to “normalcy bias,” or the tendency to underestimate the likelihood or impact of a potential hazard based on the belief that things will continue as they did in the past. In other words, “It won’t happen to me.”

Actually, it might. As testified by Julia Houston, chief strategy and marketing officer at Equifax, victim of a 2017 data breach: “Every executive needs to be a student of crisis.” 3 “Managing a cyber risk event: ‘Be a student of crisis,’” McKinsey, March 3, 2023. Moreover, given the importance establishing trust when starting a new venture, there is no better time to be a student than early on.

McKinsey commentary — Alberto Yépez, cofounder and managing director, Forgepoint Capital

“As our lives become increasingly digital, we work, learn, collaborate, and transact via new applications often running on our mobile phones and other personal computing devices.

The developers of these applications are often most concerned with the [digital] customer experience, ease of deployment, and usability—they do not hesitate to spend the majority of their budgets on design studios and usability testing. When it comes to cybersecurity and privacy testing, it is often an afterthought and leaves the application security and privacy testing budgets to a minimum. The testing is often left to be performed by junior resources under pressure to meet aggressive deployment deadlines.

These dynamics often create a business risk for the program’s or new venture’s overall success that could be mitigated by good cybersecurity hygiene. Cybersecurity is a business enabler, foundational to innovation and growth.

As the saying goes, an ounce of prevention could be worth a pound of cure.”

If a new business integrates a discipline of risk management into its strategy and planning from the start, cybersecurity will almost inevitably be identified as a potentially catastrophic threat to its operations. When this does not happen, it is often testament to the blind excitement and energy required to set up the business and attract new customers. But in the race to success, new companies (NewCos) are missing an opportunity to lay the groundwork for future rapid expansion.

In fact, when considered up front and built into products by design, cybersecurity can be a product’s greatest feature, creating trust and confidence in the minds of consumers that can extend a company’s competitive lead in the market. In a recent survey of over 3,000 consumers, 4 McKinsey Global Survey on Digital Trust, May 2022. 53 percent made purchases and/or used digital services from a company only after making sure it had a reputation for being trustworthy with their data, and 40 percent stopped using digital services if they learned the company was not protecting customer data. In other words, trust and security matter when it comes to buying decisions in the minds of consumers.

McKinsey commentary — William Lin, CEO and cofounder, AKA Identity

“After investing in security start-ups for a decade, I’ve discussed the risk of ‘the cobbler’s children have no shoes’ at multiple levels, including the board level, CEO level, and customer level.

The reality is that, when stepping back from the security lens, there are numerous risks that can threaten a start-up’s ability to conduct business. The main short-term focus revolves around capital, runway, and execution.

In the hierarchy of needs, capital, whether through revenue or investors, is indeed the most fundamental requirement for a company. However, it’s not the sole requirement for success.

The issue that many industries have faced before the maturation of various expertise areas like sales, marketing, engineering, product, legal, and finance, is not knowing what they don’t know. Each of these skill sets can one day become fundamental pillars of an organization and serve as business enablers. Cybersecurity is the most recent expertise undergoing transformation to become an enabler.

This presents start-ups with a significant opportunity to be mindful and to incorporate the value of cybersecurity early in their journey. They can establish a foundation for these skills to grow organically within the organization, to compound through investment, and ultimately become business enablers.”

Some business builders are not convinced that risk management and cybersecurity should be early priorities. However, those attitudes increasingly fly in the face of common practice: 95 percent of board committees, for example, discuss cyber and tech risks four times or more a year. 5 BPI and McKinsey Cybersecurity and Board Governance Survey, August 2020. A common challenge for smaller companies is that leaders understand the importance of risk and cyber oversight but are uncertain about how to build and manage the required capabilities. In this article, we share six beliefs that reflect these perspectives, examine their implications in practice, and show how some forward-looking companies have tackled the challenge.

Six common beliefs that create unnecessary risks

Business leaders and entrepreneurs often bring a positive attitude that can drive the new venture forward, inspire others, and attract customer attention. However, these powerful creative instincts often lead to shortcuts in strategic thinking and six common misconceptions:

Mistaken belief: Because we are testing a new concept, we don’t need “extras” like cybersecurity or risk management. We definitely don’t need to be concerned about data privacy as we don’t have any customers yet.

The reality: If an executive team has decided to form a NewCo around a business concept, then the concept is probably mature enough to warrant investment in resources including talent, tech, and processes. These are valuable assets that are susceptible to cyberattacks.

Mistaken belief: If we establish processes and/or cybersecurity measures, our launch will be delayed, and we will lose our edge. And other start-ups don’t do cybersecurity, so why should we?

The reality: Adding risk management and cybersecurity will consume time but not an unmanageable amount of time. Indeed, the effort required at the beginning will prevent rework in the end. Conversely, NewCos that rush to launch without structured risk thinking may face more significant problems—such as regulatory fines, data breaches, or lawsuits— down the road.

Mistaken belief: Spending on risk management and cybersecurity is not a guarantee of protection, so it is not worth assigning resources to these areas.

The reality: There is often a mismatch in cyber spending and cyber maturity among large corporations, but at launch there is a foundational level of risk management and cybersecurity that every company needs. The basics are not difficult to implement, but they do require experience and expertise. And the longer they go unaddressed within the product development life cycle, the harder and more expensive it becomes to incorporate them into the product.

Mistaken belief: Our product guys have it under control. They understand our proposition and how bad actors might threaten it. Our chief technology officer says he knows about cyber controls, so I am comfortable.

The reality: Product team leaders and team members have varying levels of knowledge, for example, in relation to the latest data encryption standards or security operations center monitoring solutions. Cybersecurity is a vast discipline that requires specialized knowledge; even the most experienced professionals seek opinions and consultations from others when innovating new products and services.

Mistaken belief: We are small and insignificant, but our parent is a behemoth. I am sure it is on top of our risk management and cybersecurity.

The reality: Frequently, parent company security teams do not have the capacity to secure the NewCo. This may be because of tech stack mismatches (for example, the parent has not yet moved to the cloud). The parent company’s security resources are usually already stretched, which means it cannot pay a lot of attention to the NewCo when decisions need to be made.

Mistaken belief: We already have a tool, which we paid a lot for, so I am pretty sure that we are at least covered for the main risks.

The reality: A tool alone is never sufficient. A combination of process, people, and technology is required. Also, you can buy the best tool on the market, but will its utility reflect your needs? After investing, many NewCos don’t have the capabilities to leverage more than 80 percent of the solution.

Strategies for effective NewCo cybersecurity and risk management

Cyber resilience is critical to consider and build into your new business. However, the way and the speed at which you do so may differ from cyber in the core business. With that in mind, a strategic approach and structured rollout can go a long way toward avoiding potential pitfalls. The key for decision makers will be to incorporate risk-based thinking into the wider business plan, and then to execute diligently to ensure all the bases are covered. The following are key principles that can help illuminate the way forward:

• A good rule of thumb is that if a concept merits investment, it is worth an executive’s time to consider and mitigate risks. In addition, in a fast-growing business, it is vital to engage early. That means putting in place a framework to help identify major risks and mitigation measures. Some of these will apply to almost every business, while others will be situation dependent. But all should be assessed with a view to future growth and the user experience.
• Forward-looking NewCos see cybersecurity as a core element of business architecture. Where they don’t have the internal skills to put it in place, they recruit external experts to provide input, accelerate delivery, and coordinate controls. Decision makers find the most efficient way to address both product/software and enterprise security is to ensure that cyber experts work closely with the business.
• The role of the parent will vary, depending on leadership engagement, crossover potential, and the priorities of the new company. Ideally, a nuanced collaborative approach is required, which means working with the parent company to meet (and typically exceed) established risk and security standards but leveraging the parent company resources only where it makes sense.
• When it comes to implementation, a key principle is to ensure that risk management and cybersecurity are embedded from product ideation to final delivery. For tech-based companies, it makes sense to adopt the principles of DevSecOps (development, security, and operations), integrating security testing at every stage of the software development process. Tools should be tailored to specific operational focus areas, ensuring key areas of investment are property protected.

A business that has reached the stage of launching a minimum viable product has assets, investments, and trust-building goals that are worth protecting. In that context, enterprise risk management and cybersecurity are no longer optional. Even in a resource-constrained environment, investment in risk management is likely to drive operational resilience and provide the assurance that will foster trust in the brand as the business grows.

Justin Greis is a partner in McKinsey’s Chicago office, Ari Libarikian is a senior partner in the New York office, Patrick Rinski is a partner in the São Paulo office, Joy Smith is an alumna of the Philadelphia office, and Marc Sorel is a partner in the Boston office.

Explore a career with us

Related articles.

A technology survival guide for resilience

What is cybersecurity?

The data dividend: Fueling generative AI

KPMG Personalization

How to identify risks and foster resilience in times of distress

Restructuring Insights | Issue 5

• Share Share close
• Download How to identify risks and foster resilience in times of distress pdf Opens in a new window
• 1000 Save this article to my library
• View Print friendly version of this article Opens in a new window
• Go to bottom of page
• Home ›
• Insights ›

A rapid assessment of a business in times of distress, for the benefit of shareholders, management, or even key customers and suppliers, can help identify potential risks and initiate appropriate countermeasures in a timely manner to preserve value for all stakeholders.

Identify and mitigate risks

After a period of continuous recovery following the COVID-19 pandemic, Q3/2023 marked the first time since Q3/2021 that non-performing loans increased, both in absolute values and in relation to total loans.

In a tightening economic environment, it is crucial to understand business-related risks and to develop strategies to mitigate these risks.

Risks can arise in various areas and differ in nature and complexity. Therefore, it is recommended to perform a holistic analysis including the following key aspects:

Market and competition

With new trends and technologies, such as AI, evolving, disruptive products and services may put traditional products under pressure. That potentially leads to a short-, medium- or long-term decline in revenue and competitiveness.

An evaluation of market dynamics and the competitive positioning of the business can indicate a need to fine-tune the marketing strategy, product portfolio and/or operating model.

Especially in well established businesses, an outside-in perspective can bring fresh impulses.

Inefficient operations could be the reason for excess cost or unutilized capacity, leading to low profitability or negative cash flow.

Operations are key for the success of any business. However, internal processes develop and businesses change over time. This could result in operational processes and business strategies diverging, impacting effective execution of the strategy in a profitable manner.

A benchmarking of industry-specific KPIs against competitors can help identify operational inefficiencies and value creation opportunities.

Monitoring the right financial KPIs can give you early warning signs of imminent distress, such as:

• a decrease in sales
• deterioration of margins
• liquidity constraints.

Understanding the key drivers of the historical performance and development over time helps to identify challenges and opportunities for improvement.

Ultimately, the performance of a business is reflected in its financials, and it is important to target the right areas and restore healthy financial KPIs.

Tax and legal

The tax and legal framework is often neglected or is focused solely on ensuring minimum necessary compliance. However, the accuracy and effectiveness of legal agreements, corporate structure or business licenses can be key factors for success. In addition, new legislation or changes in the legal framework can have significant impacts on a business.

A thorough analysis of existing requirements and potential implications of upcoming changes can reveal tax opportunities to benefit from available reliefs and incentives, or avoid penalties, which could range from fines to revocation of operating licenses.

Rapid business assessment as a tool

A rapid business assessment can help identify potential risks before they materialize and impact performance. This type of assessment can also be used to identify value creation opportunities that can improve performance and make the business more resilient against external adverse influences.

A rapid business assessment may not only apply to a company’s operations. It can also be beneficial to understand the resilience of key stakeholders, especially in situations in which dependencies prevail. In such  cases, it is essential to evaluate the business partner’s reliability to avoid a potential spillover effect on a company’s own operations.

Contact our Turnaround and Value Creation experts if you want to understand more about the benefits of a rapid business assessment or are interested in any of our service offerings.

Restructuring Insight - Rapid Business Assessment

Key contacts

Connect with us.

• Find office locations kpmg.findOfficeLocations
• Email us kpmg.emailUs
• Social media @ KPMG kpmg.socialMedia

The quarterly trends and restructuring insights from Deal Advisory Services, KPMG in Thailand.

The quarterly trends and restructuring insights from Deal Advisory Services.

KPMG helps management to stabilise the business, reorganise borrowings, enhance profitability and build a platform for sustainable growth.

KPMG helps management to stabilise the business, reorganise borrowings,....

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

• Entire Site
• Research & Funding
• Health Information
• About NIDDK
• Diabetes Overview

Healthy Living with Diabetes

• Español

On this page:

How can I plan what to eat or drink when I have diabetes?

How can physical activity help manage my diabetes, what can i do to reach or maintain a healthy weight, should i quit smoking, how can i take care of my mental health, clinical trials for healthy living with diabetes.

Healthy living is a way to manage diabetes . To have a healthy lifestyle, take steps now to plan healthy meals and snacks, do physical activities, get enough sleep, and quit smoking or using tobacco products.

Healthy living may help keep your body’s blood pressure , cholesterol , and blood glucose level, also called blood sugar level, in the range your primary health care professional recommends. Your primary health care professional may be a doctor, a physician assistant, or a nurse practitioner. Healthy living may also help prevent or delay health problems  from diabetes that can affect your heart, kidneys, eyes, brain, and other parts of your body.

Making lifestyle changes can be hard, but starting with small changes and building from there may benefit your health. You may want to get help from family, loved ones, friends, and other trusted people in your community. You can also get information from your health care professionals.

What you choose to eat, how much you eat, and when you eat are parts of a meal plan. Having healthy foods and drinks can help keep your blood glucose, blood pressure, and cholesterol levels in the ranges your health care professional recommends. If you have overweight or obesity, a healthy meal plan—along with regular physical activity, getting enough sleep, and other healthy behaviors—may help you reach and maintain a healthy weight. In some cases, health care professionals may also recommend diabetes medicines that may help you lose weight, or weight-loss surgery, also called metabolic and bariatric surgery.

Choose healthy foods and drinks

There is no right or wrong way to choose healthy foods and drinks that may help manage your diabetes. Healthy meal plans for people who have diabetes may include

• dairy or plant-based dairy products
• nonstarchy vegetables
• protein foods
• whole grains

Try to choose foods that include nutrients such as vitamins, calcium , fiber , and healthy fats . Also try to choose drinks with little or no added sugar , such as tap or bottled water, low-fat or non-fat milk, and unsweetened tea, coffee, or sparkling water.

Try to plan meals and snacks that have fewer

• foods high in saturated fat
• foods high in sodium, a mineral found in salt
• sugary foods , such as cookies and cakes, and sweet drinks, such as soda, juice, flavored coffee, and sports drinks

Your body turns carbohydrates , or carbs, from food into glucose, which can raise your blood glucose level. Some fruits, beans, and starchy vegetables—such as potatoes and corn—have more carbs than other foods. Keep carbs in mind when planning your meals.

You should also limit how much alcohol you drink. If you take insulin  or certain diabetes medicines , drinking alcohol can make your blood glucose level drop too low, which is called hypoglycemia . If you do drink alcohol, be sure to eat food when you drink and remember to check your blood glucose level after drinking. Talk with your health care team about your alcohol-drinking habits.

Find the best times to eat or drink

Talk with your health care professional or health care team about when you should eat or drink. The best time to have meals and snacks may depend on

• what medicines you take for diabetes
• what your level of physical activity or your work schedule is
• whether you have other health conditions or diseases

Ask your health care team if you should eat before, during, or after physical activity. Some diabetes medicines, such as sulfonylureas  or insulin, may make your blood glucose level drop too low during exercise or if you skip or delay a meal.

Plan how much to eat or drink

You may worry that having diabetes means giving up foods and drinks you enjoy. The good news is you can still have your favorite foods and drinks, but you might need to have them in smaller portions  or enjoy them less often.

For people who have diabetes, carb counting and the plate method are two common ways to plan how much to eat or drink. Talk with your health care professional or health care team to find a method that works for you.

Carb counting

Carbohydrate counting , or carb counting, means planning and keeping track of the amount of carbs you eat and drink in each meal or snack. Not all people with diabetes need to count carbs. However, if you take insulin, counting carbs can help you know how much insulin to take.

Plate method

The plate method helps you control portion sizes  without counting and measuring. This method divides a 9-inch plate into the following three sections to help you choose the types and amounts of foods to eat for each meal.

• Nonstarchy vegetables—such as leafy greens, peppers, carrots, or green beans—should make up half of your plate.
• Carb foods that are high in fiber—such as brown rice, whole grains, beans, or fruits—should make up one-quarter of your plate.
• Protein foods—such as lean meats, fish, dairy, or tofu or other soy products—should make up one quarter of your plate.

If you are not taking insulin, you may not need to count carbs when using the plate method.

Work with your health care team to create a meal plan that works for you. You may want to have a diabetes educator  or a registered dietitian  on your team. A registered dietitian can provide medical nutrition therapy , which includes counseling to help you create and follow a meal plan. Your health care team may be able to recommend other resources, such as a healthy lifestyle coach, to help you with making changes. Ask your health care team or your insurance company if your benefits include medical nutrition therapy or other diabetes care resources.

Talk with your health care professional before taking dietary supplements

There is no clear proof that specific foods, herbs, spices, or dietary supplements —such as vitamins or minerals—can help manage diabetes. Your health care professional may ask you to take vitamins or minerals if you can’t get enough from foods. Talk with your health care professional before you take any supplements, because some may cause side effects or affect how well your diabetes medicines work.

Research shows that regular physical activity helps people manage their diabetes and stay healthy. Benefits of physical activity may include

• lower blood glucose, blood pressure, and cholesterol levels
• better heart health
• healthier weight
• better mood and sleep
• better balance and memory

Talk with your health care professional before starting a new physical activity or changing how much physical activity you do. They may suggest types of activities based on your ability, schedule, meal plan, interests, and diabetes medicines. Your health care professional may also tell you the best times of day to be active or what to do if your blood glucose level goes out of the range recommended for you.

Do different types of physical activity

People with diabetes can be active, even if they take insulin or use technology such as insulin pumps .

Try to do different kinds of activities . While being more active may have more health benefits, any physical activity is better than none. Start slowly with activities you enjoy. You may be able to change your level of effort and try other activities over time. Having a friend or family member join you may help you stick to your routine.

The physical activities you do may need to be different if you are age 65 or older , are pregnant , or have a disability or health condition . Physical activities may also need to be different for children and teens . Ask your health care professional or health care team about activities that are safe for you.

Aerobic activities

Aerobic activities make you breathe harder and make your heart beat faster. You can try walking, dancing, wheelchair rolling, or swimming. Most adults should try to get at least 150 minutes of moderate-intensity physical activity each week. Aim to do 30 minutes a day on most days of the week. You don’t have to do all 30 minutes at one time. You can break up physical activity into small amounts during your day and still get the benefit. 1

Strength training or resistance training

Strength training or resistance training may make your muscles and bones stronger. You can try lifting weights or doing other exercises such as wall pushups or arm raises. Try to do this kind of training two times a week. 1

Balance and stretching activities

Balance and stretching activities may help you move better and have stronger muscles and bones. You may want to try standing on one leg or stretching your legs when sitting on the floor. Try to do these kinds of activities two or three times a week. 1

Some activities that need balance may be unsafe for people with nerve damage or vision problems caused by diabetes. Ask your health care professional or health care team about activities that are safe for you.

Stay safe during physical activity

Staying safe during physical activity is important. Here are some tips to keep in mind.

Drink liquids

Drinking liquids helps prevent dehydration , or the loss of too much water in your body. Drinking water is a way to stay hydrated. Sports drinks often have a lot of sugar and calories , and you don’t need them for most moderate physical activities.

Avoid low blood glucose

Check your blood glucose level before, during, and right after physical activity. Physical activity often lowers the level of glucose in your blood. Low blood glucose levels may last for hours or days after physical activity. You are most likely to have low blood glucose if you take insulin or some other diabetes medicines, such as sulfonylureas.

Ask your health care professional if you should take less insulin or eat carbs before, during, or after physical activity. Low blood glucose can be a serious medical emergency that must be treated right away. Take steps to protect yourself. You can learn how to treat low blood glucose , let other people know what to do if you need help, and use a medical alert bracelet.

Avoid high blood glucose and ketoacidosis

Taking less insulin before physical activity may help prevent low blood glucose, but it may also make you more likely to have high blood glucose. If your body does not have enough insulin, it can’t use glucose as a source of energy and will use fat instead. When your body uses fat for energy, your body makes chemicals called ketones .

High levels of ketones in your blood can lead to a condition called diabetic ketoacidosis (DKA) . DKA is a medical emergency that should be treated right away. DKA is most common in people with type 1 diabetes . Occasionally, DKA may affect people with type 2 diabetes  who have lost their ability to produce insulin. Ask your health care professional how much insulin you should take before physical activity, whether you need to test your urine for ketones, and what level of ketones is dangerous for you.

Take care of your feet

People with diabetes may have problems with their feet because high blood glucose levels can damage blood vessels and nerves. To help prevent foot problems, wear comfortable and supportive shoes and take care of your feet  before, during, and after physical activity.

If you have diabetes, managing your weight  may bring you several health benefits. Ask your health care professional or health care team if you are at a healthy weight  or if you should try to lose weight.

If you are an adult with overweight or obesity, work with your health care team to create a weight-loss plan. Losing 5% to 7% of your current weight may help you prevent or improve some health problems  and manage your blood glucose, cholesterol, and blood pressure levels. 2 If you are worried about your child’s weight  and they have diabetes, talk with their health care professional before your child starts a new weight-loss plan.

You may be able to reach and maintain a healthy weight by

• following a healthy meal plan
• consuming fewer calories
• being physically active
• getting 7 to 8 hours of sleep each night 3

If you have type 2 diabetes, your health care professional may recommend diabetes medicines that may help you lose weight.

Online tools such as the Body Weight Planner  may help you create eating and physical activity plans. You may want to talk with your health care professional about other options for managing your weight, including joining a weight-loss program  that can provide helpful information, support, and behavioral or lifestyle counseling. These options may have a cost, so make sure to check the details of the programs.

Your health care professional may recommend weight-loss surgery  if you aren’t able to reach a healthy weight with meal planning, physical activity, and taking diabetes medicines that help with weight loss.

If you are pregnant , trying to lose weight may not be healthy. However, you should ask your health care professional whether it makes sense to monitor or limit your weight gain during pregnancy.

Both diabetes and smoking —including using tobacco products and e-cigarettes—cause your blood vessels to narrow. Both diabetes and smoking increase your risk of having a heart attack or stroke , nerve damage , kidney disease , eye disease , or amputation . Secondhand smoke can also affect the health of your family or others who live with you.

If you smoke or use other tobacco products, stop. Ask for help . You don’t have to do it alone.

Feeling stressed, sad, or angry can be common for people with diabetes. Managing diabetes or learning to cope with new information about your health can be hard. People with chronic illnesses such as diabetes may develop anxiety or other mental health conditions .

Learn healthy ways to lower your stress , and ask for help from your health care team or a mental health professional. While it may be uncomfortable to talk about your feelings, finding a health care professional whom you trust and want to talk with may help you

• lower your feelings of stress, depression, or anxiety
• manage problems sleeping or remembering things
• see how diabetes affects your family, school, work, or financial situation

Ask your health care team for mental health resources for people with diabetes.

Sleeping too much or too little may raise your blood glucose levels. Your sleep habits may also affect your mental health and vice versa. People with diabetes and overweight or obesity can also have other health conditions that affect sleep, such as sleep apnea , which can raise your blood pressure and risk of heart disease.

NIDDK conducts and supports clinical trials in many diseases and conditions, including diabetes. The trials look to find new ways to prevent, detect, or treat disease and improve quality of life.

What are clinical trials for healthy living with diabetes?

Clinical trials—and other types of clinical studies —are part of medical research and involve people like you. When you volunteer to take part in a clinical study, you help health care professionals and researchers learn more about disease and improve health care for people in the future.

Researchers are studying many aspects of healthy living for people with diabetes, such as

• how changing when you eat may affect body weight and metabolism
• how less access to healthy foods may affect diabetes management, other health problems, and risk of dying
• whether low-carbohydrate meal plans can help lower blood glucose levels
• which diabetes medicines are more likely to help people lose weight

Find out if clinical trials are right for you .

Watch a video of NIDDK Director Dr. Griffin P. Rodgers explaining the importance of participating in clinical trials.

What clinical trials for healthy living with diabetes are looking for participants?

You can view a filtered list of clinical studies on healthy living with diabetes that are federally funded, open, and recruiting at www.ClinicalTrials.gov . You can expand or narrow the list to include clinical studies from industry, universities, and individuals; however, the National Institutes of Health does not review these studies and cannot ensure they are safe for you. Always talk with your primary health care professional before you participate in a clinical study.

This content is provided as a service of the National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK), part of the National Institutes of Health. NIDDK translates and disseminates research findings to increase knowledge and understanding about health and disease among patients, health professionals, and the public. Content produced by NIDDK is carefully reviewed by NIDDK scientists and other experts.

NIDDK would like to thank: Elizabeth M. Venditti, Ph.D., University of Pittsburgh School of Medicine.

Red flag for the job market? Behind booming employment gains, white-collar hiring slows

The U.S. economy added a booming 303,000 jobs in March, a recent report shows, filling out the portrait of a stunningly resilient labor market that keeps shrugging off high interest rates and inflation .

Yet the job market may not be as hot as it looks.

Professional and business services – a sprawling sector that includes most white-collar fields – added a meager 7,000 jobs last month and has created just 71,000 positions since June of last year. The tally was pumped up by January’s 48,000 white-collar payroll gains.

Economists have questioned the employment totals in that month because of challenges the Labor Department faces early in the year as it seasonally adjusts the raw figures from its monthly survey.

During the same eight-month period in 2022 and 2023, professional and business services added 275,000 jobs.

A downshift could be a troubling sign for the economy and labor market because professionals earn among the highest salaries and provide a big boost to consumer spending, says economist Agron Nicaj of MUFG Bank.

What industries experienced job gains?

U.S. job growth, in fact, mostly has been driven by just four large sectors since fall – government; health care; leisure and hospitality; and construction. Local governments and leisure and hospitality – which includes restaurants and bars – have been catching up to their pre-pandemic employment levels. Health care has been buoyed by aging baby boomers. And construction hiring has been propped up by a dire housing shortage and recently easing mortgage rates.

Analysts say that’s not enough to juice hiring in the months ahead.

“How long can two to four industries sustain economic activity in the United States?” Nicaj asks.

How does the jobs report affect interest rates?

There may be a silver lining to a softening job market. Reports in the past week revealing robust job growth and higher-than-anticipated inflation have led the futures market to push back forecasts for the Federal Reserve’s first interest rate cut from June to September. And its estimate of three rate cuts this year has been trimmed to two. If job growth lags, it could help convince the Fed to reduce rates sooner, assuming inflation continues to ease.

What job fields are declining?

Other large sectors also have turned in weak employment growth since mid-2023, or even longer in some cases, but they’ve been constrained by industry-specific factors. Financial activities have been hindered by high interest rates; the information industry, by massive tech layoffs after excessive hiring during the pandemic; and manufacturing, by a shift in consumer purchases from goods to services since the health crisis has faded and by high rates that discourage business investment.

Professional and business services, however, include 23 million workers in a wide variety of fields, including law, accounting, architectural and marketing firms; HR consulting companies; temporary staffing firms; travel agencies; and office administration services.

In other words, it pretty much reflects the U.S. economy. If the economy is chugging along nicely, so should professional services.

Why is it so hard to get a white-collar job right now?

Much of the shortfall in white-collar hiring can be traced to employment by temporary help services, which has fallen by 181,000 over the past year. Traditionally, companies cut temporary workers before laying off their own permanent staffers, so the sharp drop-off augurs poorly for future job growth, Nicaj says.

But economist Dante DeAntonio of Moody’s Analytics points out that payrolls of temporary staffing firms have been declining for two years. He says companies relied heavily on temp agencies when they couldn’t find permanent workers during the pandemic and so their payrolls have been returning to normal as labor shortages have eased.

Noting that payrolls at temporary staffing agencies have slid below pre-pandemic levels, he also suggests that worker shortages may have given temp workers the leverage to ask their companies to convert them to permanent staffers.

But, he adds, “It’s not clear whether this is enough to explain the trend.” It’s possible, he says, that the pullback in temp worker employment also signals wider layoffs ahead.

What white-collar jobs are at risk?

Temporary help isn’t the only industry within professional services that’s shedding or flatlining jobs, Nicaj notes. Over the past year, employment has been unchanged at marketing and HR consulting firms and down at business support services, such as call centers. Since July, payrolls have held steady at management consulting services.

With the course of the economy uncertain, many companies may be scaling back their outsourcing of services like HR and marketing and shifting those duties to in-house employees to save money, Nicaj says.

In the summer and early fall, professional and business services shed jobs for four straight months, a streak that normally indicates an ongoing recession, Nicaj says. That’s not currently the case, he says, because at least some of the weak hiring can be traced to labor shortages rather than feeble demand by employers. In February, the gap between job openings and hires was wider for professional services than for U.S. industries overall, he says.

 Still, he says, employer demand for office workers is softening as well.

'I'm going to be very cautious'

Adam Morris, CEO of SalesFirst Recruiting, says orders for sales reps, account managers and marketing professionals have been falling and the Portland, Oregon-based company saw sales decline last year. He attributes the drop-off to a correction after a burst of post-pandemic activity and hiring in 2021 and 2022.

Claiming your parents on your taxes? Can I claim my parents as dependents? This tax season, more Americans are opting in

Morris says that applies to his own recruiting firm as well. He has 13 employees, down from 20 or so in 2022 because he decided not to replace those who left last year. So far this year, business has picked up a bit and he plans to expand his staff but warily.  

Saying he doesn’t think it’s ethical to hire workers only to let them go, Morris says, “I’m definitely going to hire one to two people. I’m going to be very cautious after that.”