I believe this should just be re-titled "how to identify risks in your startup." Because often there are very real risks - and you should not "de-risk" them. You should just be aware of what they are, and make educated decisions around those risks.
That's a really nice structured approach to what risk is and how to classify it but it doesn't actually address how to get rid of any specific risk and that is what is required to actually get rid of the risk, the secret is in between those line-items listing various stages of risk.
And quite a few existential risks in the start-up world are not so easily classified to begin with, for instance, founder conflict is a huge risk and yet didn't even make the list of examples here.
Still, very useful post but mostly from an analysis point of view, a 'where are we and where do we want to go' rather than 'how are we going to get there'.
To add: Choosing which risks to tackle should definitely be weighted by difficulty, impact and available resources.
Also, this feels like it's forcing an external portfolio manager view on the internal operations of a startup. Nothing wrong with this - it's just odd to me.
I encountered a similar idea in a university project management course, which turned out to not be a completely waste of time, although I've forgotten most of the ideas. It was filled with useful ideas that I'd never encountered during my 10+ years on HN.
Let's compare the typical startup risk management strategy:
The project owner keeps all risks in their head, no formal tracking or acknowledging of risks. People mention risks and mostly go unheard; if the risk is low probability, it's excused, if a risk is high probability but low impact, it's excused. The project owner can't track too many things, so risks are dismissed rather than adding stress to the project owner who tracks it all in their head. If the project owner is feeling good and engaged, the project owner picks their favorite risk and then has a meeting and pressures people into dealing with it somehow. If the project owner is overwhelmed, just ignore the risks.
Yeah, big danger. I'm not super new to the whole startup / investor cycle and we got semi burned by that some years ago, i.e. wasting way too much time on something that turned out to go nowhere. My stance is to keep shipping and developing as if nothing is going on.
Also, my idea is to onboard small businesses slowly. Maybe, adopting and building out features/tools for one business at a time. Until the project is more completed and I can focus on scaling the onboarding.
One refinement is that there are a number of earlier challenges you faced that are now "solved problems" so some of the squares should be marked blue instead of black or white because it's a risk you have encountered and mastered. For example, how to file taxes as a corporation. How to hire someone.
A second refinement: there are also decision rules you can follow that limit your exposure to entire categories of risk. For example: don't finance your startup using credit card debt.
Startups have to do risk management all of the time -- it's a core activity of entrepreneurship. Can we trust this vendor? Is this new hire going to work out? Will this API vendor scale to what we need/be around in the future?
Finance is no different. There are no "safe" investments, only varying levels of risk and reward. Mitigating the risk of a single bank failure locking up your $2MM raise is a couple hours of work. Only you can say whether mitigating that risk is worth the effort.
Yeah, identifying risk is important. But thinking one can "identify risk" as some random dude posting on Hacker News, criticizing a guy with a lot of experience running cutting-edge tech companies that make stuff like cars and spaceships (ACTUAL tech, not these lame web sites that people call "tech" these days), is ... well, delusional would be a polite word for it.
Hey everyone, looking to learn a little more about how other startups are managing their risk, particularly during these times. Just a few of questions below:
Do you use any tools, software, systems to manage certain types of risk?
What do you currently do to manage risk in yoru business (this can be any kind of risk from COVID related risks to cybersecurity to operational, strategic, compliance or financial risks etc)
Do you tend to take a more proactive or reactive approach?
What areas do you tend to focus most when it comes to risk management (e.g. Cybersecurity, compliance, financial etc)?
Cheers :)
It's slightly unclear whether the OP is talking about risk assessment and reducing unknown unknowns, or simply advocating becoming more well-rounded in your problem domain.
Also, I would argue there's much more to consider before offhandedly determining anything you don't know "is the riskiest part of your business". The real answer probably lies in the question: Can I hire somebody to do this, or is it important enough to distract us from other goals? If yes then do it, otherwise reconsider when resources free up.
Appreciate your advice on the risk, I will well put a note on it, from at the first time whoever join and start code on it, i'll ensure all parties understand of what focus exactly are our target, which is not becoming the firm itself, but more like for bootstrapping on our soon becoming products.
I like your advice on the second risk, despite of what i think, other people and circumstance can get effect. i'll more hardly note about it.
Good execs understand that security is risk management. I've found that this is better understood outside startups trying to hockey-stick. Finance in particular is a place where reasoning about risk often comes naturally to leaders.
That's how you run a large corporation. Not a successful startup or moonshot project.
It is perfectly valid to ignore a risk and then assume you'll figure something out if it comes to pass. Few things happen quickly so you'll have time to talk to other founders and investors and so on. Or maybe you'll fail and then start a new venture in six month. Trying to plan for mitigations ahead of time will mean you spend all your time on mitigating risk versus growing the business. A climber that does that is a corpse.
The most dangerous thing is someone high in confidence and low of experience.
Related: this is why I warn people not to get caught up in a startup unless the leadership has had multiple rounds of experience. You are exposing yourself to the whims of people who know no better, and with whom you could waste a lot of time and effort in dealing with.
Also, Hanlon's Razor is a relevant tool in assessing these situations.
The one I've seen missed most often in startups is directly implied by a lot of the other points and obvious to anyone with long experience: Take the time and put a lot of thought into how to break up your big transitions into smaller stages, each of which are functional. It's usually possible to at least narrow down the risky parts to a few finer grained steps and when something fails only rolling back one part to get to a good state is almost always faster and safer.
It's very easy to get absorbed into the awareness of the high level change you're making and miss the details of the process. Even just sitting down together and outlining what you think is actually going to go on (and then breaking those down into what they each are comprised of) can make it really clear that you don't have to run as many giant risks. I'm occasionally amazed how brilliant people (including some with big names in devops) can forget it's an option.
It's like taking small steps from stable to stable when you're going across a steep scree slope and only jumping when you have to - sometimes it feels riskier to take lots of small steps, but if you start to slide it can be a lot easier to recover from. Your chance of dying taking a big leap isn't the sum of the equivalent small steps. Perhaps complex computer systems have the equivalent of an Angle of Repose?
Sure, but that's my point: weigh the actual risks.
How big is the company you're working for? Could they have gotten that big in the first place without using these tools? Companies change as they scale and solutions that worked when they were young will almost always need to change as they grow, so I don't see that as a particularly bad situation. It's a cycle of constant change management and risk mitigation.
Usually the bigger company has the resources to make changes while a startup trying to plan for 100x future size usually ends up limiting its own growth.
reply