Businesses flourish over time because they take risks. And businesses fail for the same reason.  This article will examine a number of risks together with where the responsibility of risk management might be housed. Hopefully these observations will enhance your awareness of enterprise risk management, and perhaps foster expanded commitment to ensuring that the risks you face are mitigated, and the risks you take are calculated.

Historically, risk management efforts have revolved around the financial risks that businesses experience. But, protecting family businesses today extends far beyond financial risk, and the oversight of those risks does not fall neatly under the purview of any one committee or group.

Financial Risk

While many types of financial risk exist, the following will be discussed below: market risk, credit risk, operational risk and the growing risks from systems and processes.

Market Risk

Market risk involves any type of macroeconomic risk that is external to the business including: interest rates, currencies, unemployment, inflation and consumer spending. These risk variables are beyond the control of management. Yet awareness of, and responsiveness to market risks have enormous power – the power to weather the assault these factors can bring, or the power to destroy the business because resources dry up in the scramble to react.

When developing a strategy for your business, ambition and optimism must be embedded into the strategic plan. That said, good strategies also plan for the worst. If revenues drop by 20% next year, what impact will that have on your bottom line? Given that discovery, what decisions must you be ready to make? (For example: What variable costs can be reduced immediately, what overhead costs can be trimmed, and in what priority will action be taken?)

As you likely know, funders are your friends when the wind is at your back, but often the first sign of a downturn will result in a pretty quick “divorce.” Many businesses don’t enjoy the luxury of a rainy-day reserve. However, a plan of action in response to a possible recession (the threat of which is more real now than in the past several years) will likely help you to navigate out of a tough situation. If your board has an audit committee, it is the responsibility of that committee to work with internal financial managers to map out multiple scenarios to manage the risks that emerge from market factors.

Credit Risk

Credit risk exists when you have difficulty meeting your financial obligations, typically to the bank. Lenders are primarily concerned with your capacity to repay loans, your capital availability and the security they have for the funds they have lent to the business. The best way to manage credit risk is to be consistently aware of where the business stands in relation to its debt obligations. That is the job of the CFO together with oversight provided by the audit committee and the full board. In many businesses, credit risk is reviewed at every board meeting.

Operational Risk

Operational risk is associated with day to day operations — the mechanics of maintaining a competitive advantage. There are many operational risks in any business, some of which are outlined below: talent, culture, customers, suppliers and systems/processes.

Family businesses, while often great employers, can be plagued by turnover that is too low. You’ve had employees who have worked with the business for decades, and might even have their own adult children working in the business. That serves the business well, for as long as those employees bring the skills and wisdom that a growing business requires. One of the most painful decisions management must make in a family business is to transition long-standing employees out of a position they have held for years. Yet, if the risk of leaving those employees in that position is high enough to jeopardize the growth and continuity of the business, it will ultimately serve no one. It is the ongoing responsibility of management and the board to review talent, in order to validate alignment between position mandates and individual expertise.

In a family business, the risk of keeping people in seats because they have occupied them in the past is high. All employees must, in some capacity, make money for the business. If they don’t do so, they are a cost, as opposed to a source of profit. Unless you can justify the cost of an employee in some measurable way, it is likely that they present a financial risk. Over time, any accumulation of those employees will present a financial risk that competitors will happily exploit.

How do you manage the threat of cultural dilution as your business grows? It might be one of the most significant and somewhat invisible risks and is not given the attention it merits. Management is responsible for shaping and strengthening culture within the business, through the inevitable transitions of the business such as organic growth, mergers, acquisitions, divestitures, or crises. Successful strategic execution is to a large extent, a function of your culture. Boards have begun to spend more time discussing culture, specifically: what needs to be sustained and/or improved; what cultural risks emerge from changes in the business; and mitigation tactics. 

One trend we have seen over the course of increased online purchasing, is that overall customer loyalty is declining. Something that has not changed is the fact that it is easier to maintain existing customers than it is to obtain new ones. Yet many businesses don’t make the effort to collect intelligence about their customers that can reduce the risk of losing them. Management is sometimes surprised to discover that the assumptions they have been making about current and potential customers are incorrect. When that is the case, strategic execution based on false assumptions will fail. Strong customer data that will help us shape marketing/sales/service strategies help answer the following questions:

  • Who are our customers? What is their profile?
  • Who are our most profitable customers?
  • What would be the impact of losing our top three customers, and how can we mitigate that risk?
  • Why do our customers buy from us? (often for reasons that you had not considered)
  • What do our customers think about our competitors? Do they also buy from them?
  • In what ways can we add more value to our customers?

Procurement responsibilities become more complex as a business grows, particularly with multiple locations in multiple geographies. You may be sourcing products from a growing number of suppliers from several countries — a labyrinth that brings increased risk.
Much like customer risk analysis, good data play an integral role in developing and managing a strategy. Today’s available data mining technology can help establish an integrated supplier database, with detailed reports on supplier characteristics. Losing key suppliers (particularly when they provide a key input that distinguishes your product or service) has a material impact on the business. It is management’s role to understand what risks suppliers present, and what can be done to mitigate procurement risks.

Systems and Process Risks
Every business requires systems and processes in place that can be understood, appreciated, and will create value for the organization. These will need to evolve over time in order for the company to remain competitive. Automation and other forms of technology can create efficiencies that make a real difference to customers and to your bottom line. Often process and system improvements represent a significant investment. As such, discussion of the associated risks receives fairly regular attention from both management and the board. Today, discussions about cyber risk and risk mitigation strategies get significant air time in management and board meetings.

Reputational Risk

Your reputation is one of your most treasured assets: difficult to develop and easy to destroy. Managing the reputation of your business requires “all hands on deck.” Management, the board, and all family members have a responsibility to help preserve and strengthen the reputation of the business. Many business-owning families establish media and code-of-conduct policies that equip family members with the guidance they need to not only avoid perilous missteps, but to help nurture others’ perception of the business as a value-add enterprise that contributes to society in a meaningful way. Management and the board should be discussing reputational risk regularly; partly because we know that it can create competitive advantages for family businesses, but also due to your reputation’s fragility.

Shareholder Alignment Risks

All of the risks discussed in this article can be addressed by management and overseen by the board and the family. However, the most significant risk of continuity in many family businesses is a lack of alignment among the shareholders about what they hope for and expect from the business. As the family grows, so does diversity of needs and expectations. In order for management to develop and execute successfully on strategy, and for the board members to represent the shareholders (to whom they have a legal responsibility), there needs to be some clarity on some key parameters, within which management and the board can operate. Shareholders can reduce continuity risk by establishing as a collective, what they envision as optimal growth, return, risk and liquidity. If shareholders can align on those four parameters, it provides management and the board with the confidence they need to focus on building the business. Misalignment among shareholders is crippling for those in the business and represents a high risk of business failure.


There are diverse risks associated with any business and a top-down, integrated effort should be made throughout your business to develop a process of risk management. Given that risk management is multi-faceted, it is onerous to rely on a single entity to take on that responsibility. Often boards will split the responsibility between two committees: the audit committee and either a distinct risk management committee or even the governance committee. Those committees work together to develop recommendations to the full board, which is ultimately responsible for full oversight of enterprise risk management.

Risk management should be considered part of the strategic planning process, versus a distinct initiative. It is not a separate project. Awareness of what risks you face in your business, and a process for mitigating those risks lead to better-informed decisions and increases the likelihood of realizing your strategic goals.