Starting a business is a risky business. According to Standard Bank, about 50% of all start-up businesses in South Africa fail within 24 months. By the 10-year mark, the number of successful start-ups dwindles to 9%. Why is this number so low?

By Alex Roberts, regional director : sales and operations at Cura Software Solutions

Forbes reports that 90% of startups don’t fail due to the competitive environment; they ‘self-destruct’ as a result of their own poor decision-making. Even the few start-ups that do succeed are likely to encounter several potentially destructive experiences during their lifespan – the difference is how they deal with these potential problems.

So, how do successful start-ups survive and thrive? Although there’s no ‘magic formula’ for a start-up’s success, being proactive and prepared for any eventuality and having effective risk management strategies in place from the start is a step in the right direction. Conversely, failing to manage risks may prevent start-ups from achieving their objectives, and ultimately lead to an increased need for risk-based ‘fire-fighting’, loss of competitive advantage or even closure. Despite its importance, strategic risk management is too often overlooked by small business managers – some feel that it is a domain reserved for larger, more established businesses, but this couldn’t be further from the truth.

Particularly as we enter the Fourth Industrial Revolution, the uncertainty, velocity and vast scope of this new era poses serious risks – and creates significant opportunities – for businesses of today. In an age of innovation, disruptive start-ups have the potential to overshadow well-established companies that are no longer able to dominate on quality, speed, or price. To remain relevant and competitive, businesses of all sizes need to be agile, willing to constantly reinvent how they operate; otherwise, they are going to be left behind before they even start.

In these uncertain times, there’s one thing we can be sure of: effective risk management, in combination with a well-planned GRC framework, has become an increasingly critical tool for the majority of organisations operating in the digital era.


What is GRC?

Governance, Risk and Compliance (GRC) is a collection of capabilities that integrate the governance, management and assurance of performance, risk, and compliance activities. Together, these capabilities enable an organisation to reliably achieve its objectives, act with integrity and address uncertainty in instances of unexpected events or non-compliance. Consequently, neglecting to manage GRC can be catastrophic for small, medium and micro-sized enterprises (SMMEs) and start-ups.


Size doesn’t matter

The scale of compliance and governance isn’t necessarily dictated by company size, and small businesses are often subject to the same guiding principles and legislation as much larger companies. This means that, despite having fewer resources, SMMEs needs to ensure that they demonstrate the same level of compliance as a larger, more established business in the same

industry. One may even argue that start-ups and SMMEs have an even greater need for effective GRC strategies than established companies do. With a lack of defined processes, loyal client bases, resources and cash flow, start-ups are often in more vulnerable positions than their experienced counterparts.


So, how do start-ups increase their chances of finding themselves in the positive 50th percentile that does survive into year three of business?

Successful start-ups tend to be those that are proactive about implementing GRC, foreseeing and managing potential issues before they become serious problems. This proactive approach increases their chances of survival in numerous ways – they set up systems to deal with failure and problems, prepare to adapt in a dynamic world, comply with necessary legislation and regulations, and present a more prepared and proactive proposition to potential investors.


Using risk as an advantage

By its very nature, all enterprise is the undertaking of risk for reward. Although the concept of risk can seem detrimental, entrepreneurs need to change their perspectives of risk and view it as an opportunity. If handled efficiently, risk is an asset that creates a platform for a start-up to expand to new heights and exceed expectations. For this reason, an organisation should never construct a strategy around avoiding enterprise risk, but rather develop a concise strategy to manage it well.


Six steps to start-up for success

  1. Research is essential to gain an understanding of what GRC is and how it affects your specific industry.
  2. Understanding and documentation of the different risk types (market risk, credit risk, operational risk, reputational risk etc.) that affect business.
  3. Business’ specific risks need to be ranked
  4. Compliance parameters need to be defined within industry and context.
  5. A GRC strategy and framework

Various risks can be a distraction from core business, and so starting a list with the risks associated directly with business objectives can assist in maintaining those actions whilst preventing any real crisis.

To successfully achieve any risk management activity, it is critical that the right people have access to the right information, at the right time. This is why Cura Software Solutions focuses on making the vital GRC process as seamless and accessible as possible, with a software as a service (Saas) GRC solution.