Key Risk Conversations to Have With Your Board and Investors

Building a startup is a risky business. The only way to stay ahead of the risks is to be aware and informed about them.

The board of directors, in particular, needs to know enough about the risks in the business to make well-rounded strategic decisions. As for investors, most of them do their own risk analysis on a startup before putting in money. But if the startup is upfront about identifying and discussing its risks with investors, it is more likely to inspire confidence and credibility. With that in mind, here are a few key risks that startups should definitely discuss with their board and investors.

Business Plan Risks

The purpose of analyzing your business plan risk is to demonstrate to investors and the board that you’ve thought through the major risks confronting the organization, and have developed effective strategies to deal with these risks. Your business plan should be able to survive when things go wrong. Because things will go wrong.

So, while developing your business plan, consider the following risk areas:

Market risk is the risk that the market will evolve in an unexpected way. For instance, your offering could be too early for the market. Many companies developed tablet computers in the early 2000s, including Microsoft, Fujitsu, and HP. But the market wasn’t ready then. Now it is hard to imagine life without a tablet computer. Sometimes markets take too long to develop, and cash runs out while a company is waiting for customers.

Product risk is the risk that the product can’t be developed as envisioned with the right economics, scale, or performance. Biotech firms often have a high degree of product risk. There is no certainty that they can produce the drug that is expected.

Financial risk is the risk that a company will run out cash before achieving a state where more funds can be raised. Customers don’t always materialize at the expected rates, and may not always renew their contracts. Often, costs are much higher than expected to achieve the set milestones. The cost of capital is also very high. Boards and directors want to know these risks have been analyzed, and that reasonable plans have been identified to mitigate them.

Talent risk is another major risk area. A startup’s performance is directly linked to the capabilities, expertise, and experience of its employees. Therefore, the startup needs to figure out how to find employees with the required skills and capabilities. They also need to factor in the cost of attracting and retaining these employees. Then at some point, most startups dream of going public. But do they have the time, effort, and money to do so? Filing an IPO is an expensive process. And there are multiple legal, reporting, and regulatory compliance risks involved. After all that, what if the company doesn’t take off? Also, what if ownership gets diluted? Many startups forget that when people are investing in a company, they have the right to vote on certain decisions. As a result, business goals and operation methods may change. Is the startup prepared for these risks?

Another risk area is that of acquisitions, divestitures, and mergers. The opportunities involved are plentiful. But acquiring or merging a company means absorbing their liabilities, risks, legal claims, compliance obligations, and everything else. It also means reconciling major cultural differences between two different workforces. Have these issues been considered? When I was part of the board for a company, it was not uncommon for us to spend as much time discussing the business risks as the opportunities of acquisitions. And that’s an approach that I continue to practice and recommend.

Cybersecurity Risks

Many startups think that they’re too insignificant to matter to cyber attackers. But, in fact, they are prime targets because unlike larger companies, startups don’t usually have the time or funds to implement sophisticated cybersecurity measures. Recently, the New York Times reported how several small Web startups—including Vimeo, Basecamp, Shutterstock, and MailChimp—were hit up by a wave of denial-of-service (DDoS) attacks.

Meanwhile, the latest internet security threat report from Symantec revealed that targeted spear-phishing attacks aimed at small businesses (1-250 employees) increased throughout 2013. One in five small businesses was targeted with at least one spear-phishing email.

Are startups doing enough to manage these risks?

Pages: Page 1, Page 2

Author: Shellye Archambeau

Ms. Archambeau is the CEO of MetricStream, a Silicon Valley-based, Governance, Risk, Compliance (GRC) and Quality Management software company that helps companies around the world improve their business performance. Under Ms. Archambeau's leadership, MetricStream has grown into a recognized global market leader with over 1000 employees around the world. The company has been recognized for growth and innovation, and has been consistently named a leader in GRC by leading independent analyst firms. Ms. Archambeau has proven global business expertise combined with public policy passion. As a member of the board of directors for the Silicon Valley Leadership Group, a nationally recognized organization focused on fostering a cooperative effort between business and government officials to address major public policy issues affecting Silicon Valley, Ms. Archambeau has led initiatives and Washington, DC delegations to address regulatory compliance and improve governance. She served on the Board of Directors, and the Audit and Technology committees for media research company, Arbitron, Inc. [NYSE: ARB] from 2005 until acquired by Nielsen in 2013. She currently serves on the board of directors of Verizon Communications Inc. [NYSE, NASDAQ: VZ], a global leader in delivering broadband and other wireless and wireline communications services. Ms. Archambeau is a sought after speaker who has presented on GRC issues around the world to Fortune 500 corporations, members of Congress, and associations including IIA, ISACA, and NASDAQ. Ms. Archambeau is frequently quoted in top-tier media including the Wall Street Journal, New York Times, Compliance Week, Silicon Valley Business Journal, and currently pens a column on leadership and entrepreneurship for Xconomy. In April 2013, Ms. Archambeau was named the “#2 Most Influential African American in Technology” by Business Insider.