what are critical risks in business plan

Uncovering Hidden Risks: A Comprehensive Guide to Business Plan Risk Analysis

A modern business plan that will lead your business on the road to success must have another critical element. That element is a part where you will need to cover possible risks related to your small business. So, you need to focus on  managing risk  and use  risk management processes  if you want to succeed as an entrepreneur.

How can you manage risks?

You can always plan and  predict  future things in a certain way that will happen, but your impact is not always in your hands. There are many  external factors  when it comes to the business world. They will always influence the realization of your plans. Not only the realization but also the results you will achieve in implementing the specific plan. Because of that, you need to look at these factors through the prism of the risk if you want to implement an appropriate management process while implementing your business plan.

By conducting a thorough risk analysis, you can manage risks by identifying potential threats and uncertainties that could impact your business. From market fluctuations and regulatory changes to competitive pressures and technological disruptions, no risk will go unnoticed. With these insights, you can develop contingency plans and implement risk mitigation strategies to safeguard your business’s interests.

This guide will provide practical tips and real-life examples to illustrate the importance of proper risk analysis. Whether you’re a startup founder preparing a business plan or a seasoned entrepreneur looking to reassess your risk management approach, this guide will equip you with the knowledge and tools to navigate the complex landscape of business risks.

Why is Risk Analysis Important for Business Planning?

Risk analysis is essential to business planning as it allows you to proactively identify and assess potential risks that could impact your business objectives. When you conduct a comprehensive risk analysis, you can gain a deeper understanding of the threats your business may face and can take proactive measures to mitigate them.

One of the key benefits of risk analysis is that it enables you to prioritize risks based on their potential impact and likelihood of occurrence . This helps you allocate resources effectively and develop contingency plans that address the most critical risks.

Additionally, risk analysis allows you to identify opportunities that may arise from certain risks , enabling you to capitalize on them and gain a competitive advantage.

It is important to adopt a systematic approach to effectively analyze risks in your business plan. This involves identifying risks across various market, operational, financial, and legal areas. By considering risks from multiple perspectives, you can develop a holistic understanding of your business’s potential challenges.

What is a Risk for Your Small Business?

In dictionaries, the risk is usually defined as:

The possibility of dangerous or bad consequences becomes true .

When it comes to businesses,  entrepreneurs , or in this case, the business planning process, it is possible that some aspects of the business plan will not be implemented as planned. Such a situation could have dangerous or harmful consequences for your small business.

It is simple. If you don’t implement something you have in your business plan, there will be some negative consequences for your small business.

Here is how you can  write the business plan in 30 steps .

Types of Risks in Business Planning

When conducting a business risk assessment for your business plan, it is essential to consider various types of risks that could impact your venture. Here are some common types of risks to be aware of:

1. Market risks

These risks arise from fluctuations in the market, including changes in consumer preferences, economic conditions, and industry trends. Market risks can impact your business’s demand, pricing, and market share.

2. Operational risk

Operational risk is associated with internal processes, systems, and human resources. These risks include equipment failure, supply chain disruptions, employee errors, and regulatory compliance issues.

3. Financial risks

Financial risks pertain to managing financial resources and include factors such as cash flow volatility, debt levels, currency fluctuations, and interest rate changes.

4. Legal and regulatory risks

Legal and regulatory risks arise from changes in laws, regulations, and compliance requirements. Failure to comply with legal and regulatory obligations can result in penalties, lawsuits, and reputational damage.

5. Technological risks

Technological risks arise from rapid technological advancements and the potential disruptions they can cause your business. These risks include cybersecurity threats, data breaches, and outdated technology infrastructure.

Basic Characteristics of Risk

Before you start with the development of your small  business risk  management process, you will need to know and consider the essential characteristics of the possible risk for your company.

What are the basic characteristics of a possible risk?

The risk for your company is partially unknown.

Your  entrepreneurial work  will be too easy if it is easy to predict possible risks for your company. The biggest problem is that the risk is partially unknown. Here we are talking about the future, and we want to prepare for that future. So, the risk is partially unknown because it will possibly appear in the future, not now.

The risk to your business will change over time.

Because your businesses operate in a highly dynamic environment, you cannot expect it to be something like the default. You cannot expect the risk to always exist in the same shape, form, or consequence for your company.

You can predict the risk.

It is something that, if we want, we can predict through a  systematic process . You can easily predict the risk if you install an appropriate risk management process in your small business.

The risk can and should be managed.

You can always focus your resources on eliminating or reducing risk in the areas expected to appear.

Risk Management Process You Should Implement

The risk management process cannot be seen as static in your company. Instead of that, it must be seen as an interactive process in which information will continuously be updated and analyzed. You and your small business members will act on them, and you will review all risk elements in a specified period.

Adopting a systematic approach to identifying and assessing risks in your business plan is crucial. Here are some steps to consider:

1. Risk Identification

First, you must identify risk areas . Ask and respond to the following questions:

• What are my company’s most significant risks?
• What are the risk types I will need to follow?

In business, identifying risk areas is the process of pinpointing potential threats or hazards that could negatively impact your business’s ability to conduct operations, achieve business objectives, or fulfill strategic goals.

Just as meteorologists use data to predict potential storms and help us prepare, you can use risk identification to foresee possible challenges and create plans to deal with them.

Risk can arise from various sources, such as financial uncertainty, legal liabilities, strategic management errors, accidents, natural disasters, and even pandemic situations. Natural disasters can not be predicted or avoided, but you can prepare if they appear.

For example, a retail business might identify risks like fluctuating market trends, supply chain disruptions, cybersecurity threats, or changes in consumer behavior. As you can see, the main risk areas are related to types of risk: market, financial, operational, legal and regulatory, and technological risks.

You can also use business model elements to start with something concrete:

• Value proposition,
• Customers ,
• Customers relationships ,
• Distribution channels,
• Key resources and
• Key partners.

It is not necessarily that there will be risk in all areas and that the risk will be with the same intensity for all areas. So, based on your business environment, the industry in which your business operates, and the business model, you will need to determine in which of these areas there is a possible risk.

Also, you must stay informed about external factors impacting your business, such as industry trends, economic conditions, and regulatory changes. This will help you identify emerging risks and adapt your risk management strategies accordingly.

The idea for this step is to create a table where you will have identified potential risks in each important area of your business.

2. Risk Profiling

Conduct a detailed analysis of each identified risk, including its potential impact on your business objectives and the likelihood of occurrence. This will help you develop a comprehensive understanding of the risks you face.

Qualitative Risk Analysis

The qualitative risk analysis process involves assessing and prioritizing risks based on ranking or scoring systems to classify risks into low, medium, or high categories. For this analysis, you can use customer surveys or interviews.

Qualitative risk analysis is quick, straightforward, and doesn’t require specialized statistical knowledge to conduct a business risk assessment. The main negative side is its subjectivity, as it relies heavily on thinking about something or expert judgment.

This method is best suited for initial risk assessments or when there is insufficient quantitative analysis data .

For example, if we consider the previously identified risk of a sudden shift in consumer preferences, a qualitative analysis might rate its likelihood as 7 out of 10 and its impact as 8 out of 10, placing it in the high-priority quadrant of our risk matrix. But, qualitative analysis can also use surveys and interviews where you can ask open questions and use the qualitative research process to make this scaling. This is much better because you want to lower the subjectivism level when doing business risk assessment.

Quantitative Risk Analysis

On the other side, the quantitative risk analysis method involves numerical and statistical techniques to estimate the probability and potential impact of risks. It provides more objective and detailed information about risks.

Quantitative risk analysis can provide specific, data-driven insights, making it easier to make informed decisions and allocate resources effectively. The negative side of this method is that it can be time-consuming, complex, and requires sufficient data.

You can use this approachfor more complex projects or when you need precise data to inform decisions, especially after a qualitative analysis has identified high-priority risks.

For example , for the risk of currency exchange rate fluctuations, a quantitative analysis might involve analyzing historical exchange rate data to calculate the probability of a significant fluctuation and then using your financial data to estimate the potential monetary impact.

Both methods play crucial roles in effectively managing risks. Qualitative risk analysis helps to identify and prioritize risks quickly, while quantitative analysis provides detailed insights for informed decision-making.

3. Business Risk Assessment Matrix

Once you have identified potential risks and analyzed their likelihood and potential impact, you can create a business risk assessment matrix to evaluate each risk’s likelihood and impact. This matrix will help you prioritize risks and allocate resources accordingly.

A business risk assessment matrix, sometimes called a probability and impact matrix, is a tool you can use to assess and prioritize different types of risks based on their likelihood (probability) and potential damage (impact). Here’s a step-by-step process to create one:

• Step 1: Begin by listing out your risks . For our example, let’s consider four of the risks we identified earlier: a sudden shift in consumer preferences (Market Risk), currency exchange rate fluctuations (Financial Risk), an increase in the minimum wage (Legal), and cybersecurity threats (Technological Risk).
• Step 2: Determine the likelihood of each risk occurring . In the process of risk profiling, we’ve determined that a sudden shift in consumer preferences is highly likely, currency exchange rate fluctuations are moderately likely, an increase in the minimum wage, and cybersecurity threats are less likely but still possible.
• Step 3: Assess the potential impact of each risk on your business if it were to occur . In our example, we might find that a sudden shift in consumer preferences could have a high impact, currency exchange rate fluctuations a moderate impact, an increase in minimum wage minor impact, and cybersecurity threats a high impact.
• Step 4: Plot these risks on your risk matrix . The vertical axis represents the likelihood (high to low), and the horizontal axis represents the consequences (high to low).

By visualizing these risks in a risk assessment matrix format, you can more easily identify which risks require immediate attention and which ones might need long-term strategies.

4. Develop Risk Indicators for Each Risk You Have Identified

The question is, how will you measure the business risks for your company?

Risk indicators are metrics used to measure and predict potential threats to your business. Simply, a risk indicator is a measure that should tell you whether the risk appears or not in a particular area you have defined previously. They act like a business’s early warning system. When these indicators change, it’s a signal that the risk level may be increasing.

For example, for distribution channels, an indicator can be a delay in delivery for a minimum of three days. This indicator will tell you something is wrong with that channel, and you must respond appropriately.

Now, let’s consider some risk indicators for the risks we have already identified and analyzed:

If you conduct all the steps until now, you can have a similar table with risk indicators in your business plan. You should monitor these indicators regularly, and if you notice a significant change, such as a drop in sales or an increase in attempted breaches, it’s time to investigate and take some action steps. This might involve updating your product line, hedging against currency risk, budgeting for higher wages, or improving your cybersecurity measures.

Remember, risk indicators can’t predict the future with certainty. But they can give you valuable insights that can help you prepare for potential threats.

5. Define Possible Action Steps

The question is, what can you do regarding the risk if the risk indicator tells you that there is a potential risk?

Once the risk has appeared and is located, it is time to take concrete action steps. The goals of this step are not only to reduce or eliminate the impact of the risk for your company but also to prevent them in the future and reduce or eliminate their influence on the business operations or the execution of your business plan.

For example, for distribution channels with delivery delayed more than three days, possible activities can be the following:

• Apologizing to the customers for the delay,
• Determining the reasons for the delay,
• Analysis of the reasons,
• Removing the reasons,
• Consideration of alternative distribution channels, etc.

In this part of the business plan for each risk area and indicator, try to standardize all possible actions. You can not expect that they will be final. But, you can cover some basic guidelines that must be implemented if the risk appears. Here is an example of how this part will look in your business plan related to risks we have already identified through the risk assessment process.

6. Monitoring

Because this risk management process is dynamic , you must apply the monitoring process. In such a way, you can ensure the elimination of a specific kind of risk in the future, and you will allocate your resources to new possible risks.

After implementing the actions, you need to ask yourself the following questions:

• Are the actions taken regarding the risk the proper measures?
• Can you improve something regarding the risk management process? Is there a need for new risk indicators?

Techniques and Tools for Business Plan Risk Assessment

Various risk analysis methods, techniques, and tools are available to conduct an effective risk analysis for your business plan. Here are some commonly used ones:

1. SWOT analysis

A SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis can help you identify internal strengths and weaknesses and external opportunities and threats. This analysis provides valuable insights into possible business risks and opportunities.

2. PESTEL analysis

A PESTEL (Political, Economic, Sociocultural, Technological, Environmental, Legal) analysis assesses the external factors that could impact your business. This analysis will help you identify risks and opportunities arising from these factors.

3. Scenario analysis

Consider different scenarios that could impact your business, such as best-case, worst-case, and most likely scenarios, as a part of your risk assessment process. You can anticipate potential risks and develop appropriate response strategies by analyzing these scenarios.

4. Monte Carlo simulation

Monte Carlo simulation uses random sampling and probability distributions to model various scenarios and assess their potential impact on your business. This technique provides you with a more accurate understanding of risk exposure.

5. Risk register

A risk register is a risk analysis tool that helps you record and track identified risks and their relevant details, such as impact, likelihood, mitigation strategies, and responsible parties. This tool ensures that risks are appropriately managed and monitored.

6. Business Impact Analysis (BIA)

Business impact analysis helps you understand the potential effects of various disruptions on your business operations and objectives. It’s about identifying what could go wrong and understanding how it could impact your bottom line. So, you can conduct business impact analysis as a part of your risk assessment inside your business plan.

7. Failure Mode and Effects Analysis (FMEA)

Using FMEA in your risk assessment process, you can proactively address potential problems, ensuring your business operations run as smoothly as you planned. It’s all about preparing for the worst while striving for the best.

8. Risk-Benefit Analysis (RBA)

The risk-benefit analysis allows you to make informed decisions, balancing the potential for gain against the potential for loss. It helps you choose the best path, even when the way forward isn’t entirely clear. This tool is a systematic approach to understanding the specific business risk and benefits associated with a decision, process, or project.

9. Cost-Benefit Analysis

By conducting a cost-benefit analysis as a part of your risk assessments, you can make data-driven decisions that consider both the possible risks (costs) and rewards (benefits). This approach provides a clear picture of the potential return on investment, enabling more effective and confident decision-making.

These techniques and tools allow you to conduct a comprehensive risk analysis for your business plan.

Mitigating and Managing Risks in a Business Plan

Identifying risks in your business plan is only the first step. To ensure the success of your venture, it is crucial to develop effective risk mitigation and management strategies. Here are some critical steps to consider:

• Risk avoidance : Some risks may be too high to justify taking. In such cases, consider avoiding these risks altogether by adjusting your business plan or exploring alternative strategies.
• Risk transfer : Transferring risks to third parties, such as insurance companies or outsourcing partners, can help mitigate their impact on your business. Evaluate opportunities for risk transfer and consider appropriate insurance coverage.
• Risk reduction : Implement measures to reduce the likelihood and impact of identified risks. This may involve improving internal processes, implementing safety protocols, or diversifying your supplier base .
• Risk acceptance : Some risks may be unavoidable or negatively impact your business. In such cases, accepting the risks and developing contingency plans can help minimize their impact.

In conclusion, a comprehensive risk analysis is essential for identifying, assessing, and managing different types of risk that could impact your success.

Conducting a thorough risk analysis can safeguard your business’s interests, capitalize on opportunities, and increase your chances of long-term success.

Related Posts

Risk Management Guide: Everything You Need to Know About Business Risk

Why Prioritizing Risk Management is Crucial for Healthcare Businesses

Start typing and press enter to search.

• My Account My Account
• Cards Cards
• Banking Banking
• Travel Travel
• Rewards & Benefits Rewards & Benefits
• Business Business

Curated For You

Related content, types of business risks and ideas for managing them.

Published: July 06, 2023

There are several types of business risks that can threaten a company’s ability to achieve its goals. Learn some of the most common risks for businesses and ideas for how to manage them.

Business risks can include financial, cybersecurity, operational, and reputational risks, all of which can seriously impact a company’s strategic plans if business leaders don’t take action to mitigate them.

What’s most important is that business owners are aware of the risks that could shake up their operations. That way, they can take steps to prevent them or minimize their impact if they occur. Here’s a look at some common business risks. 

Financial Risks

Companies must generate sufficient  cash flow  to make interest payments on loans and to meet other debt-related obligations on time. Financial risk refers to the  flow of money  in the business and the possibility of a sudden financial loss. A company may be at  financial risk  if it doesn’t have enough cash to properly manage its debt payments and becomes delinquent on its loans.

Businesses with relatively higher levels of debt financing are considered at higher financial risk, since lenders often see them as having a greater chance of not meeting payment obligations and becoming insolvent. Types of financial risk include:

• Credit risk:  When a company extends credit to customers, there is the possibility that those customers may stop making payments, which reduces revenue and earnings. A company also faces credit risk when a lender extends business credit to make purchases. If the company doesn’t have enough money to pay back those loans, it will default.
• Currency risk:  Currency risk, also known as exchange-rate risk, can arise from the change in price of one currency in relation to another. For example, if a U.S. company agrees to sell its products to a European company for a certain amount of euros, but the value of the euro rises suddenly at the time of delivery and payment, the U.S. business loses money because it takes more dollars to buy euros.
• Liquidity risk:  A company faces  liquidity  risk when it cannot convert its assets into cash. This type of business risk often occurs when a company suddenly needs a substantial amount of cash to meet its short-term debt obligations. For example, a manufacturing company may not be able to sell outdated machines to generate cash if no buyers come forward.

Cybersecurity Risks

As more businesses use online channels for  sales  and e-commerce payments, as well as for collecting and storing customer data, they are exposed to greater opportunities for hacking, creating security risks for companies and their stakeholders. Both employees and customers expect companies to protect their personal and financial information, but despite ongoing efforts to keep this information safe, companies have experienced data breaches, identity theft, and payment fraud incidents.

When these incidents happen, consumer confidence and trust in companies can take a dive.

Not only do security breaches threaten a company’s reputation, but the company is sometimes financially liable for damages.

Ideas for managing security risks: 

• Investing in fraud detection tools and software  security solutions .
• Educating employees about how they can do their part to keep the company’s data safe. Basic guidance includes not clicking suspicious links in emails or sharing sensitive data without encrypting it first.

Operational Risks

A business is considered to have operational risk when its day-to-day activities threaten to decrease profits. Operational risks can result from employee errors, such as undercharging customers. Additionally, a natural disaster like a tornado, hurricane, or flood might damage a company’s buildings or other physical assets, disrupting its daily operations.

Of course, one of the starkest examples of negative impacts to companies' production and supply chain operations is the Coronavirus pandemic. In an April 2022 Small Business Pulse Survey conducted by the U.S. Census Bureau, roughly 65 percent of respondents reported that the pandemic had either a moderate negative effect or a large negative effect on their business. 

• Making time for necessary employee training to minimize internal mistakes.
• Developing contingency plans to shield against external events that may impact operations. For example, a restaurant impacted by a natural disaster might be able to partner with another local restaurant, bar, or coffee shop to use their kitchen and sell to-go items.

Reputational Risks

Reputational risk  can include a product safety recall, negative publicity, and negative reviews online from customers. Companies that suffer reputational damage can even see an immediate loss of revenue, as customers take their business elsewhere. Companies may experience additional impacts, including losing employees, suppliers, and other partners.

Ideas for managing reputational risks: 

• Pay attention to what customers and employees say about the company both online and offline.
• Commit not only to providing a quality product or service, but also to ensuring that workers are trained to deliver excellent customer service and to resolve customer complaints, offer refunds, and issue apologies when necessary.

The Takeaway

Business owners face a variety of business risks, including financial, cybersecurity, operational, and reputational. However, they can take proactive measures to prevent or mitigate risk while continuing to  seize opportunities for growth . To learn more about the benefits of risk management planning read,  "5 Hidden Benefits of Risk Management."

Frequently Asked Questions

1. what are the main types of business risks.

There are several types of business risks: • Financial Risks • Cybersecurity Risks • Operational Risks • Reputational Risks

2. What are common examples of business risks?

• Financial risks can include cash flow problems, inability to meet financial obligations, or taking on too much debt. • Cybersecurity risks are risks associated with data breaches, hacks, or cyber-attacks. • Operational risks include supply chain disruptions, natural disasters, or IT failures. • Reputational risks can occur when a company's reputation is damaged by negative publicity, scandal, or other events.

3. How can you identify a business risk?

There are a few key ways to identify business risks:

• Reviewing financial statements and performance indicators: This can help you identify risks related to cash flow, profitability, or solvency. • Conducting a SWOT analysis: A SWOT analysis (Strengths, Weaknesses, Opportunities, Threats) can also be a helpful tool for identifying risks and brainstorming ways to mitigate them. • Identifying key dependencies: Key dependencies are things that your business relies on to function, and if they were to fail or be disrupted, it could have a serious impact on your business. • Carrying out root cause analysis: Conducting root cause analysis can help you to identify what underlying factors could lead to a problem or issue.

A version of this article was originally published September 01, 2022.

Photo: Getty Images

Trending Content

• Our Approach
• Our Programs
• Group Locations
• Member Success Stories
• Become a Member
• Vistage Events
• Vistage CEO Climb Events
• Vistage Webinars
• Research & Insights Articles
• Leadership Resource & PDF Center
• A Life of Climb: The CEO’s Journey Podcast
• Perspectives Magazine
• Vistage CEO Confidence Index
• What is Vistage?
• 7 Laws of Leadership
• The CEO’s Climb
• Coaching Qualifications
• Chair Academy
• Apply to be a Vistage Chair

Research & Insights

• Talent Management
• Customer Engagement
• Business Operations
• Personal Development

Business Growth & Strategy

Strategic planning: managing assumptions, risks and impediments

Share this:

• Click to share on LinkedIn (Opens in new window)
• Click to share on Facebook (Opens in new window)
• Click to share on X (Opens in new window)

While no one likes the idea of having one foot on the brake while doing strategic planning, there are very good reasons to take the time required to be cautious. We are speaking to the undeniable link between the business assumptions we make and the risks we introduce to the organization during strategic planning. In fact, the assumptions we base strategies upon can mushroom into grave risks and show-stopper impediments down the line – appearing out of nowhere when the business attempts to execute to a seemingly well-laid plan. Twelve to eighteen months into strategy implementation is too late to go back and ask, “What were we assuming…?” Given that time will always be of the essence, what kind of strategic assumption vetting and risk management is warranted? How much is enough?

Assumptions Introduce Risk

At a minimum, the planning process must involve an evaluation of the impacts that the strategy will have on the business to determine if it will actually help accomplish the outcomes intended. That is the absolute minimum requirement.

The strategic planing process is the one key point to get in front of idle supposition and truly manage assumptions, risks and impediments. When strategy is well developed, there will be an actual plan for implementation associated with the strategy. A holistic plan defines goals that support the strategy and addresses the operational tactics that will accomplish the goals. No business possesses a crystal ball to know exactly what will happen in the economy, financial markets or competitors next bold moves. That means that business assumptions are a necessary evil.

Given that we must rely upon certain assumptions to put strategic plans together and that risk will always be present (as will natural impediments to execution of strategy), the following sections will explore each of these factors at the planning level…beginning with a definition of terms and ending with approaches to better manage process.

What is an assumption in strategic planning?

The dictionary defines an assumption as follows: “ something taken for granted; a supposition ”.

Assumptions form the basis of strategies, and those underlying assumptions must all be fully vetted. Testing strategic assumptions requires allowing those involved with planning to back away from the “givens” and challenge them to ensure the team is not assuming the rosiest of scenarios on which to base strategy.

Considering that the synonyms for the word “assumption” includes words like “hypothesis”, “conjecture”, “guess”, “postulate” and “theory” the concept takes on a more weighty meaning in the  strategic planning process. Yes, assumptions are beliefs we take for granted, but they can be no better than guesses in many cases.

Assumptions are not always justifiable. Defending an assumption may be difficult, as facts are not always available to support the belief. That does not mean that they are incorrect, but it does underscore the challenge assumptions present in planning. In fact, assumptions are particularly difficult to even identify because they are usually unconscious beliefs.

An assumption about assumptions:

One can safely assume that if an assumption is sound, the inferences and conclusions associated with the assumption will also be sound. Unfortunately, the reverse is also safe to assume.

What is a risk in strategic planning?

As a noun, risk means something that may cause injury or harm or the chance of loss or the perils to the subject matter. As a transitive verb, risk means to “expose to hazard or danger” or “to incur the risk or danger of”.

In strategic planning, the definitions applying to both the noun and the transitive verb usage are relevant. A risk might be an event or condition that might occur in the future. Likewise, we may risk financial losses if we bet on an assumption that is incorrect.

An unmitigated risk can become an impediment, so risks must be evaluated in terms of the likelihood they will occur and the impact they will have if they do occur. If the impact/likelihood of a risk is high “enough”, we should identify a mitigation path – as an unmitigated risk can become an impediment later on.

All risk can never be removed from a strategic plan, therefore business planning teams must approach risk management from a Cost / Benefit perspective. Business risk mitigation in planning can cost speed, but if risks are addressed early the organization can avoid future impediments.

What is an impediment in strategic planning?

An impediment is something that makes movement or progress difficult. It differs from being a risk in that risks are future-based and an impediment is something that is occurring now.

During the strategic planning process, impediments might be grouped into macro or micro categories. Macro impediments might include: poor culture, business process inefficiencies, lack of job descriptions, no performance metrics and many other general types of issues. Micro impediments might include: core competency gaps, having people in the wrong roles, lack of sufficient tools to support business functions and technology / infrastructure issues.

Knowing business impediments and factoring them into the planning process adds realism to the strategy being developed and the operational tactics needed to implement it.

How should risks, assumptions and impediments be identified?

Identification of assumptions.

Strategic planning is a team sport, so working in teams is a great way to approach the identification of assumptions. In small groups, conduct a “round robin” to identify the assumptions within each strategic theme of the plan. Review the assumptions compiled by each team and discuss. This same approach can be used to identify impediments and risks.

The following are questions that assist to identify assumptions:

• Is there anything being taken for granted?
• Are there beliefs that we are ignoring that we shouldn’t?
• What beliefs are leading us to this conclusion?
• What is… (this project, strategy, explanation) assuming?
• Why are we assuming…?

Identification of Risks

Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the source of problems, or with the problem itself. Remember, risk sources may be internal or external to the organization. Examples of risk sources are: external stakeholders, employees, finance, political and even weather.

Risks are related to the identified threats from SWOT analysis, so that is another valuable reference during the identification process. For example: the threat of losing money, the threat of a major planned product launch being delayed or the threat of a labor strike disrupting critical manufacturing operations. The threats may exist with various entities, most importantly with shareholders, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: banks withdrawing funding support for expansion; confidential information may be stolen by employees; weather delaying construction projects, etc.

Additionally, other methods of risk identification may be applied, dependent upon culture, industry practice and compliance. For instance, objectives-based risk identification can focus on any potential threats to achieving strategic objectives. Any event that may endanger achieving an objective partly or completely can be identified as risk. Scenario-based risk identification – In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk. As a final example, a taxonomy-based risk identification can be utilized, where the taxonomy is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire can be compiled and the answers to the questions used to reveal risks.

How should risks, assumptions and impediments be dealt with?

Dealing with identified assumptions essentially becomes a task of translating the assumption to a risk. Once all risks have been identified, they must then be assessed as to their potential severity of impact (generally a negative impact, such as damage or loss) and to the probability of occurrence.

The assessment of risk is critical to make the best educated decisions in order to mitigate known risks properly. Once risks have been identified and assessed, the strategies to manage them typically include transferring the risk to another party, avoiding the risk, reducing the negative effect or probability of the risk, or even accepting some or all of the potential or actual consequences of a particular risk.

Taking the time and caution to identify, asses and deal with the risks and other factors will always be a worthy investment, even when time is of the essence. The vetting of these factors will pay off in smooth implementation of the strategic plan down the line. Your plan can proceed, free of the potholes and other roadblocks that, with a little planning, might well have derailed the best-laid plans.

Related articles:

Grow from a position of strength (Video)

Four innovation strategies to take your company from complacent to competitive

Category: Business Growth & Strategy

Tags:   risk management , Strategic Planning

Since 2006, Joe Evans has been President & CEO of Method Frameworks, one of the world's leading strategy and operational planning management consultancies. The firm provides services for a diverse field of clients, ranging …

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Gain deeper insights when you join Vistage

Take advantage of peer advisory group advice, 1-to-1 executive coaching, industry networks, exclusive events and more.

Privacy Policy

Your contact and business information will be used to fulfill this request and to share other Vistage services.

See Vistage's Privacy Policy for details.

Privacy Overview

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.