Business risk

Business risk is exposure to threatening influences that can deteriorate company’s ability to meet its strategic, financial and/or operational goals thus it has to be met at both strategic and operational levels.


Business risk in Balkans – a reminder for managers


Risk is part of every day’s life, especially for those who run a business in Balkan. Besides usual and well known business risk categories Serbia’s enterprises experience illegal competition from grey economy, cheap imports, corruption and not very business-friendly legislation what makes surviving even more difficult. Some risks can only make small harm on business and could be controlled easily, but others may endanger its very existence.

Past decades brought significant increase in complexity and level of business risk which was due to higher business dynamics (IT advancements and frequency of making business decisions) and globalisation (interdependence of firms and markets). Indeed, in today’s “speedy world”, a company can expect sudden changes in its business environment any time. This is why a “plan B” must be on the table before a risk strikes, otherwise a company may find itself losing competitiveness, market share or even worse.

Managing strategy in many ways comes close to managing business risk. Therefore, the process must start with analysis of current business situation and environment in order to carefully judge what would be the quantity and intensity of acceptable risk. A company should choose only those activities, projects and ventures that could be successfully controlled with available resources.

In order to recognise various business risks one must first learn where and what to look for. Some of them may be known to you from before but others hide in bushes or simply sit hardly detectable in the middle of the road. Keep in mind that risk is not a privilege of big firms as it predominantly feeds on your activity and environment, not size.

I operate in Balkan where most of local companies can be classified as SMEs according to the EU standard (up to 250 employees and/or annual turnover under €50m). Unfortunately many business owners and managers believe that probability and impactability of risk come down with a size of enterprise. As a result, they rarely approach business risk in a structured manner – meaning no formal analyses or dedicated meetings are practiced. “Fire-fighting” prevails over prevention.

Let me remind you of some of the most common risk categories. I will start with a financial risk which is the most usual cause of SME bankruptcies. It includes lack of current funds to pay budget items, taxes and creditors which is usually caused by company’s inability to collect money from its debtors. For example, in Serbia one can expect to receive funds from debtors in 4-6 months on average, however in some cases it goes up to a year. Otherwise, a company can go to court with uncertain outcome. Collapse of one company or its systematic delay of payment to creditors may pull many members of the same supply chain into trouble. Unfortunately there is little difference in behaviour between private and state owned enterprises. It is therefore up to a creditor to provide enough working capital! Everybody complain about it, but little changes. Keep in mind that financial risk affects all companies thus must be treated properly. Only those with daily focus on cash flow from the very top may survive.

If you deal with foreign partners don’t forget about currency risk as sometimes well planned and executed sale can turn into unplanned loss.

Next to a financial stands commercial risk or inability of an enterprise to sell enough goods or services at a price that at least covers all costs. This category includes successful market placement of goods and services and depends on overall competitiveness (both product and market placement ability of a company), supply and demand. A recession or market stagnation may reduce demand and cut margins; or customers’ interest may change due to sudden innovation; or your brand suffers as a result of a new dominant competitor. In Serbia, additional risks come from the “grey economy” competitors who don’t pay duties, taxes and/or VAT as well as cheap imports, especially of those goods that have been subsidised at the source country. Don’t expect any help from the state, apart from fighting the grey economy with doubtful success.

Another aspect of commercial risk is loss of reputation. It can happen as a result of something that a company does, or loss of its critical product attribute or wrong doing of its employee or any other connected person. Imagine if your company appeared in the news in negative context. Would key customers, suppliers, even employees stay with you? What would be the impact on future revenues?

Supply chain interruption includes incidents with individual suppliers as well as potential collapse of a major input source market. It manifests itself as inability of suppliers to meet your demand in quantity and/or quality of supplies on a short or long term what could, at worse, force you to cease operations. How vulnerable are you?

Operating risk relates to a potential malfunction of any resource which is essential for running critical operating activities and could therefore result in production arrest and interruption of product and service delivery to customers. It covers everything from people to machinery and buildings. As for most companies people being the key operating resource, their culture, organisational structure and interpersonal relationships have major impact on this risk. It usually manifests in productivity, quality, delivery and service support failures.

For those industries which are predominantly functioning via projects (e.g. construction) the most common is project risk. However it doesn’t mean that this risk couldn’t be found in other industries. It includes risks to plant, equipment or technology, loss of key personnel, interruption in project finance, poor planning and/or project management and manifests in delays and budget overruns. Pay special attention to new projects as all planning stage inefficiencies usually turn into real problems soon.

As soon as you start setting up a business you will come under safety and security risks. Safety doesn’t affect only employees but all other people on your sites and beyond (e.g. those in the neighbourhood who might be affected by your activity) and expands even to users of your products and services. Security risk covers premises, workplace, people, equipment, information, intellectual property and technology.

Owning and operating of specific technology can be critical for your business model what takes us to technology risk. It covers search for innovation, implementation, exploration, maintenance and upgrades.

As the importance of creating, processing and using information becomes critical for business, we must recognise information system risk. It includes technology (software and hardware), data, operators (programmers, maintenance and support staff) and users. Malfunctioning of a part or complete information system could block a whole business. Imagine if you run a factory and its controlling software collapses or try a week of selling without accounting software. It could also cause your non-compliance with certain rules and standards. Another story is about losing critical information that could be a source of your competitive advantage or customer data being hacked. What would it mean for your reputation and brand?

Let me close this list with compliance risk. It relates to current laws, regulation, standards, procedures and contractual obligations and occurs as a result of weak organisational structure, failure of employees to adhere to internal procedures or simply any other human factor. In such a situation one may encounter a corrupted official, especially in this region. Or an apparatchik might ask for a ‘favour’ to speed up your case through the bureaucratic system. Even though it appears as pragmatic choice momentarily, it actually grabs you into a long-term sick and very costly relationship, apart from business ethics.

Each of the above risks, if materialise, can break your well planned budget if not recognised and mitigated in time. Besides avoiding and/or reducing impact of unfavourable events on business and protecting people, assets, revenue and profit, subscribing to risk management practice enables your organisation to better understand the benefit and value of implementing formal business procedures. Organised risk management increases confidence of employees in the safety and security of their workplace as well as customers’ confidence in the quality and integrity of your products and services.

At the end I suggest that you answer following questions in order to briefly assess your current situation.

  1. Do you have a formal process of monitoring changes in business environment and evaluating their impact?
  2. Do you have a formal process for identification, evaluation and mitigation of risk?
  3. Is risk management integral part of your operations and projects?
  4. Have you established a formal procedure for each major business process?
  5. Do you periodically assess employees’ compliance with established business procedures?
  6. Do you believe that your business is too risky?

After reading my reminder (the list of risks is not exhausted) I sincerely hope that your enterprise, irrespective of its size, adopt and implement principles of systematic and organised risk management as soon as possible (if not done already). Download the risk management process guide here.


Strategic business risks in Balkans v


Over the next 12 months period extramarket generated trade and industry risks will worry business people in Balkans the most however, over three years intramarket generated and technology risks are expected to overtake them


According to my latest strategic business risk survey covering my Balkan business community connections on LinkedIn (April 2019) I found that extramarket generated trade and industry risks are perceived as a major strategic threat in the near term. Second and third place share intramarket generated and technology risks followed by regional political instability and the least feared – project risks.

In the coming 12 months almost half of the participants (47%) deem extramarket generated trade and industry risks possible, 28% consider them probable and 14% expect them to strike with most certainty. When asked about the three year trend in the same risk category the participants were split between those who didn’t expect major change (53%) and those who expected considerable increase (44%).

Extramarket generated trade and industry risks are caused by dynamic frictions at national, regional or global (politicized) economy level and result in contraction of trade between states, contraction of markets or their stagnation and/or disruption of international supply chains. I believe that my survey respondents mostly fear from lost sales and potentially disrupted supply chains caused by Kosovo tariffs and possible trade wars between US and China, EU and US and EU and China not to mention Bregzit and sanctions on Russia, Venezuela and Iran. Although Balkans mostly trade with EU there is an increasing influence and on site presence of eastern partners. Trade tensions may be geographically remote but, due to a global nature of world economy, they make considerable impact on Balkan economies. In the same time oil prices are moving steadily up as a result of these conflicts as well as interests of some oil producing countries to keep the barrel above $70. The uncertainty of natural gas supply from Russia (the saga of South Stream and lately Turkish Stream) clearly creates additional risk. As Balkan economies struggle to deliver “work ready” graduates, employ and retain them, certain profiles of qualified labour increasingly migrate to EU countries where secured and better paid jobs are on offer. It leaves some local industries and towns without enough human resource for new projects, investment and development.

Second and third place on a near-term strategic risk list belong to intramarket generated and technology risks.

79% of survey respondents consider intramarket risks possible or likely to occur during the one-year period with 17% of them disagreeing. In the same time more than half (55%) expect mid-term (3 years) increase in pressure from intramarket generated risks but still 45% don’t expect major change. This risk category occur as a result of market participant activity within a specific (market) system and include competitors who offer goods and services, their supply chains, customers, consumers as well as all other stakeholders. Worries probably originate from increased competition among growing number of local players as they keep achieving new capabilities every day and foreign companies who arrive with large systems, experience and resources behind what all together put significant pressure on margins. These competitors fight now not only for limited market (demand) capacity but also for limited inputs such as a workforce what can lift their costs and reduce margins further. Besides external factors a company can also deteriorate as a result of own poor management, inefficient capacity or capital utilisation, brand erosion, depending too much on a too few customers or missing to spot a change in customer priorities.

According to my findings majority of Balkan business people (59%) expect the growth in technology risks to outpace all others over the next three years though serious worries exist in the near-term (12 months) too. 69% of respondents deem technology risks possible, likely or almost certain to occur. I have also noticed higher dispersion among “near-term” answers in this risk category comparing to other risks. It could be a result of significant diversity of industries among participants (70% service, 30% goods) and in particular the dependence of their business models and strategies on technology.

Technology risks usually strike due to outdated production process or (sudden?) emergence of new dominant technology. Another area is IT. Temporary breakdown of IT system from various reasons or hacker attack to steal proprietary technology or customer data may lead to a loss of competitive advantage, reputation, market share as well as prosecution. In the next period businesspeople expect increase in such incidents and timely protection (risk mitigation) is essential. On the other hand a company may create harm on itself by executing poor digital strategy e.g. being late in implementing such technologies including IoT and AI. This will give competitors the advantage that will take time and money to regain.

Next on my strategic risk list come those caused by regional political instability. 35% respondents think these risks will probably strike during next 12 months with further 39% expressing similar views by voting either „possible“ or „almost certain“. Regarding later trend more than half (58%) believe that regional politics won’t create additional risk pressure over next three years but won’t make it less risky either. Still 35% of respondents believe in medium-term risk increase. In case of Balkan countries political instability usually happen due to internal power struggles (regularly boosted by foreign interference), corruption, inefficient or lack of rule of law and growing regional conflicts. In addition, a stagnation or even step back in EU accession can only pore gasoline on fire.

At the bottom of my list, causing least worries, are project risks. Received answers demonstrate evenly spread disagreement among participants especially regarding the twelve-month period: from “highly unlikely” (10%) to “almost certain” (10%) with median on “possible” (29%). Although a clear majority (58%) don’t expect any major change in exposure over next three year period 32% of them still worry about upsurge. It could be a sign that some companies have a number of complex mid-term projects in a pipeline while others don’t. Hopefully they both know that failure of a major project could result in falling behind competitors for many years. Similar happens when major investment or acquisition fails.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: