Risk Do's and Don'ts for Start-ups
For any start-up to succeed, risk management should be front of mind from day one. So, how should new firms get risk right? I met recently with Rowan Ellis, a highly-experienced finance leader who was happy to share his insight as a SOX guru on start-ups and transactional due diligence.
Rowan is a finance consultant, financial controller and finance transformation director with a track record that spans transactions (IPOs), private practice, the government sector, payments, banking and private equity.
The breadth of his experience adds an extra dimension to his understanding of risk – his career has taken in businesses including Toronto Dominion Bank, Lombard, ABN AMRO, RBS, World Pay, Deutsche Bank, Metro Bank, Co-operative Bank and WiZink Bank.
I was keen to get Rowan’s take on the risk dos and don’ts for start-ups, particularly as his motto is “getting risk management right, early doors.”
Don’t ignore non-mandatory governance
Before a company goes public, some elements of the finance and risk framework are optional, rather than mandatory. It’s tempting for start-ups to ignore them at the start and instead focus on more pressing priorities. This is a costly mistake that will come back and bite them later, either because of mandatory transactional due diligence or when a related issue makes a negative impact on the business.
Don’t take short cuts
Start-ups theoretically have no legacy. They can select technology systems off the shelf, banking platforms, ERPs, risk systems, treasury systems etc. It’s essential to spend time and money getting it right, yet too many start-ups and challenger banks still don’t. Three years into the journey, they end up shoehorning in a systems’ transformation programme often at great expense just prior to a transaction.
Don’t leave it too late
Many start-ups only turn their attention to risk as they approach the milestone of a listing or acquisition. Suddenly, the mandatory due diligence kicks in and it’s panic stations. Cue a flurry of costly activity and documentation creation, usually with management consultants leading the way. Even if the documentation is up to scratch, it sticks out like a sore thumb when the relevant practices are not yet embedded.
Do make time for risk
Risk and control frameworks always seem to be on the back burner or not even considered at inception. Yet, when a business is still small, employees have more time to give to non-revenue generating tasks. Building sustainable control frameworks from the start will potentially save significant sums down the line, while equipping you to satisfy regulators at any stage of the journey.
Do maximise communication
At the start of the journey, leaders should create robust communication channels, which then act as a control in themselves. When different business functions engage seamlessly with each other, controls are not duplicated or missed out. There are many efficiencies to be gained.
Do embed control into your culture
The key is to get the governance working and ensure your people buy into it. Then it will become clockwork, part of the DNA, which will pay off in the long term.
The biggest take away for me is to prioritise risk and control from the start. Give your people time to focus on it. Identify key processes, then start to build your framework. Make sure you give yourself time for the implementation. And always remember that most key processes in finance are the controls themselves. So, best get them operating effectively right from the start.