How to Evaluate Risk in Modern Industry

By Ron Ries

While the allure of unchecked growth may be strong among fast-growing businesses, it may open the door to introduce more risk for the company. People live in more uncertain times today than in the past. Cutting-edge technology, varied means of communication, and a more globalized social, political, and economic environment have created a different vision of how society functions as a whole. Today’s rapidly expanding companies must play recognize and overcome uncertainties.

The modern social, political, and economic environment brings with it, in its diversity and ability to operate within its own framework, a renewed sensitivity and awareness of risk. People and institutions face a myriad of risks on a daily basis and must make decisions with such risks in mind. Acknowledging risk in advance can help identify the degree of success or failure of future plans. In the modern world, however, many new risks are constantly developing due to the changing society and marketplace. Faced with all this, what is the responsibility of businesses to confront their risk environment? What can and should comanies do to mitigate and manage those risks in order to continue to maintain confidence remain true to their mission statements?

Internal Risk Considerations

Broadly speaking, risks can be categorized as either internal or external. Internal risks come from elements within the operations of a company, including risks involved with running administrative, fiscal, and other management efforts. Each company has its own unique structure, key operating elements and personnel, but the following items are always relevant when making internal risk assessments.

Administrative, Personnel and Support Risks

Background checks should be performed on all personnel, not only to prevent potential legal and other undesirable past issues, but also to ensure that all potential personnel have the capability to perform their prospective duties. Appropriate levels of insurance should be in place for all applicable needs, including facilities, personal injury, professional misconduct, directors and officers, and business interruption insurance, as well as all other property and casualty applicable to the company’s operations. Of course, all regulations relating to payroll and related employee benefits should be followed to the letter. All board members and other interested parties should be kept up to date on the organization’s activities, particularly during onboarding of new management, or other significant changes in operations. Finally, strong measures should be in place to protect all sensitive internal data and operating systems, whether in electronic or hard copy form.

External Risk Considerations

In addition to these internal risks, businesses should also be aware of the significant external risks that exist. These can be easy to identify, but may also appear ambiguously, and therefore may difficult to detect. Areas to consider include the following:

• Outside payroll services, including employee benefit providers;
• Insurance agents and contractors; fast-growing companies require fast answers
• Vendors that provide maintenance, security, and other services to the facilities;
• Outside professionals, including accountants, attorneys, bankers, investment advisors, public relations agents, and other professionals;
• New laws and regulations regarding industry standards, personnel, and other issues;
• Security for all systems provided by outside consultants used in operations, including fiscal, HR, development, and fundraising.


Nothing on the above lists is new to maintaining effective operational control, but successful control requires a new sense of awareness based on modern complexities and more comprehensive due diligence. Failure to properly assess risk can result in financial loss, unnecessary harm and exposure, and ultimately increased reputational risk. Reputational risk supersedes individual concerns and thrusts an organization into the spotlight, not only for employees, clients, board members, and others, but also for the public and marketplace at large. Most consequences of risk failure can be overcome with appropriate attention and action, but reputational risk is the hardest. Do the individuals and organizations the business relies on meet the criteria of professional reliability, integrity, ethics, insurability, fiscal strength and sustainability, and good reputation within their respective industries? Organizations must examine these questions deeper and more carefully than

Each company has its own nuances and goals, but the modern world requires a renewed level of scrutiny and management oversight than ever before. Data theft, corruption, and government scrutiny are all on the rise, as are public awareness, concern, and doubt as to the culture, viability, and sustainability of many industries and organizations. Many organizations are hiring compliance officers and risk managers to address these issues, and in surveys, many CFOs list risk awareness and assessment as increased mandates in their job description. Each company must do what it deems necessary to control its own environment. To use a familiar phrase, it takes only one bad apple to spoil the barrel; each company must respond if and when it sees its sector’s environment threatened by outside influences. It is imperative to keep a pulse on one’s surroundings; when in doubt, ask, and when confronted by reality, respond accordingly.

No company can escape the nuances of the modern world; ignorance is no longer bliss, and inaction can no longer be tolerated. Everyone must be as proactive as possible and continue to deal with new threats.

Industries will continue to thrive, grow, but they must understand that risks will continue to be a part of day-to-day life. Everyone must do what is necessary

This article was originally published in the April 2016 issue of the CPA Journal.




Download the PDF version of this article

Poll Question



CURRENT NOTES