Saturday, February 3, 2018

The Cheapest and Fastest Way to Launch - Define the Problem

If you want to launch your startup, efficiency is key.

  • Why waste time pursuing a bad idea that no one wants? 
  • Why pursue a good idea that no one wants to pay for? 
  • Why fix a problem that people see but which you won't address? 
In the next few posts I'll discuss a logical strategy to guide you as you pursue your potential startup.

#1: Define a Problem Worth Solving

Write down the problem for an individual. __________________

This is a problem that a person has, right? Don't list a problem for "people" or "society." Groups and institutions don't buy products, people do.

Then consider doing a simple "Problem Interview" with someone who you believe is in your target audience:
  1. Create a story for a persona. "I know this person, Jack, who is struggling with ___. What would you do?"
  2. See if the problem/challenge resonates with your interviewee. 
    1. NO? Perhaps that person isn't your target. Try someone else. 
    2. Still NO? Seems like you perceive a problem that others don't.
  3. YES! What part of it resonates? Define the top three problems in additional detail
  4. Ask them, "Are they doing anything to solve the problem today?"
    1. NO? Perhaps it isn't a problem
    2. YES! You are on your way!
Next, build a landing page and see if anyone shows any interest (e.g. as Buffer, Dropbox did). Check out KickoffLabs, UnBounce

Within a day you should have a clue if you indeed have identified a problem that a potential customer needs and wants to solve.

The above is step #1. If step #1 fails, STOP!

Entrepreneurs are an inspired and stubborn lot. They tend to toward reaffirm their assumptions and ideas and attempt to confirm their brilliance and potential. The purpose of the above strategy is to address that flaw. So be ready to dump your idea and come up with a better one. Or perhaps come up with 10 ideas and pick the best. But don't get stuck on the one "perfect" solution especially if early on you can see that there is no problem that your "solution" is addressing.

Tuesday, December 5, 2017

Risk Management and Mitigation

Objective: Understand risk management considerations as well as mitigation through insurance, proper security procedures, and contingency management strategies.

Key Concepts

Goal: What are the most important precepts and prescriptions for an organization to consider regarding risk management and mitigation?

Risk Management Considerations

Protect or Enhance Value

  • Risk is “the “effect of uncertainty on objectives” (ISO, 2009; ISO 2015)
  • “Risk management is a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues.” (Heinz-Peter, 2010)
Risk management consists of organizational activities to identify, direct and control risk. Risk management can enhance value and help it achieve outcomes or protect it from untoward events or conditions. Categories of risk include (The Institute of Risk Management, 2002; DCU Risk & Compliance Office, 2015):
  1. Financial,
  2. Operational,
  3. Reputational/ Knowledge Management
  4. Governance and Compliance,
  5. Strategic.
As an example, in terms of reputation risk, the damage to a brand and reputation may be to the short or long term. Its effect can be in multiple spheres from revenue and expenses to perception such as ranking among the competition, revenue, employee morale, community support, overall rating, and public perception. It can affect relationships and oversight including agreements with partners and government regulation. Examples would include the recent events at United Airlines, Wells Fargo, and British Petroleum).
Inadequate risk management can impact the entire organization, customers, potential customers, or the broader public. Engaging in risk management ensures the organization achieves maximal benefit. The intent is to minimize adverse or unanticipated effects.

Address Uncertainty

The goal of risk management is addressing uncertainty in a stepwise, logical, consistent, and comprehensive fashion (The University of Adelaide, 2005; WorkSafe ACT, 2012). Here is an example step-wise strategy:

Step 1: Establish the context: Identify the objectives and internal and external parameters that represent potential types of risks. Identify those on a daily operational level as well as longer-term strategic concerns including those associated with new activities.

Step 2: Describe the specific risks in detail. Identify
  1. Negative factors that affect achievement of objectives. How will they impact the objectives – will they lead to prevention, degradation, or delay?
  2. Positive factors that might create, enhance, or accelerate success.
  3. The impact of doing nothing and potentially missing an opportunity.
  4. The source of the risk and the likely cause.
  5. The potential consequences and impact on the internal aspects of the enterprise.
  6. The potential consequences and impact on components that are external to the organization.
  7. The relationship of the risk to other events and thus its predictability as well as potential impact.
  8. The likelihood of the occurrence of the risk in time, place, or activity
  9. The predictability of the risk and the potential for a repeat of the risk.
  10. The ability to control the risk or influence it
  11. What personnel or departments have authority to control the risk. Who will coordinate if there are more than one?
Step 3: Understand the risk: Outline the strengths and weaknesses of existing sources available to mitigate the risk.

Step 4: Evaluate the risk: Determine if the risk is acceptable or not. If the risk is not acceptable decide on the need for actions to mitigate the risk by changing behavior or accepting the risk.

Step 5: Treat the risk: If management decides to take action, apply effort to mitigate the cause of the risk.

Step 6: Monitor risk response effectiveness (or performance).

Risk Management Mitigation (Step 5 above)

Responses to risk include (Crane et al, 2013; The Chartered Institute of Management Accountants, 2007):
  1. Acceptance: Hope the risk doesn't happen or calculate that if it does, it will be more straightforward to deal with it after it happens.
  2. Avoidance: Stop activities that potentially lead to risk. This approach is not an option in most cases since the action is typically essential to accomplish an objective.
  3. Reduction: Mitigate the risk via an internal action. Outline the management processes to address the risk including:
    1. Decrease the likelihood of the risk occurring such as by emphasizing prevention, quality assurance, closer management, or a change in the business process
    2. Minimize exposure to the risk or potentially isolate the source of the risk from other activities to minimize consequences
    3. Contingency planning. Create a “what if” scenario.
  4. Share or transfer risk: Engage external resources such as insurance to address risk. This strategy moves the responsibility to an organization outside the enterprise using a contract, insurance, or partnership/joint venture. Note that this strategy can, in fact, introduce additional risk if the intended transfer, transfers the risk to an organization that suffers from its own risk or cannot assume the risk and eventually returns it to the original organization.


Risk financing such as an insurance program mitigates the financial consequences of risk. Some losses or may be uninsurable and thus may have a broader impact (e.g., the consequences of allegations related to Uber’s leadership). Types of insurance for business include
  1. Professional liability or errors and omissions (E&O) insurance. Protects against negligence claims. Such insurance does not cover fraud or criminal acts.
  2. Property insurance. Covers items owned by the company (e.g., equipment, inventory, and furniture) and the office if the company owns the office. Note that some risks are not typically covered including floods and earthquakes; they require separate insurance coverage.
  3. Workers’ compensation insurance. Required to cover medical treatment, disability, and death benefits if the employee is injured or dies because of work performed as a part of the enterprise.
  4. Unemployment insurance. Required insurance to provide benefits to employees who have sufficient work in the recent past to qualify.
  5. Home-based business insurance. Your homeowner’s insurance may not cover your business loss if you work from home.
  6. Product liability insurance. Essential insurance in case your product causes damage to a customer or as a result of its normal use.
  7. Vehicle insurance. Similar to personal car insurance; however the total coverage may need to be higher depending on the assets of the company that are at risk. Personal insurance usually covers vehicles that the employee uses as a part of work except for when the vehicle is used for delivery.
  8. Business interruption insurance. Compensates company in case of an acute event that limits the productivity of the company
  9. Key man and Director’s insurance. Key man insurance compensates the company if an officer is injured and cannot work. The payout is to the company to cover its need to replace the value provided by the officer. Director’s insurance covers the board of directors in case they are sued based on an action of the company. A member of the Board of Directors may insist that she or he is covered by director’s insurance.

Security Procedures

Security provides protection via a separation or control between the asset at risk and the threat (the agent that will be responsible for the risk. The asset can be harmed, changed, or destroyed. A control can be physical or non-physical, including electronic controls and documented processes.
Conceptually there are three types of security controls:
  • preventative,
  • detective, and
  • responsive.
For example, a security mechanism
  • prevents alteration by the threat to the asset (e.g., a locked door),
  • detects that a compromise occurred or a compromise is happening (e.g., a monitoring camera that detects motion and sends an alert) or
  • responds to a compromise while it’s happening or after it has been discovered (e.g., sounds an alarm or locks a door to prevent further compromise).
Similarly, virus detection software can stop the installation of dangerous software, detect that software is trying to something it is not supposed to do (e.g., change key operating system file) or respond to a virus by renaming the file and put it into a special “quarantine” folder.

Contingency Management Strategies

A contingency strategy manages exposure to an infrequent event that is unpredictable in its timing or severity (Protiviti, 2006). A marketing contingency plan will identify a change if sales disappoint due to market changes in desire, a new entrant or perception of poor product quality. Similar contingencies could be in place for higher than expected usage or purchase. In the case of Pokemon Go, the software game had frequent crashes because the designer of the software required much network traffic to play the game. And there were not enough resources to handle the increasingly frequent requests as the game grew quickly.
Similarly with new iPhone sales seem to grow higher and higher. Apple has learned to develop contingencies if it cannot build new equipment fast enough. Not only do they avoid annoying customers but they gain the bragging rights based on the rapid and enormous sales value that occurs soon after the launch of the new iPhone.

Interrogate and Extend Concepts

Goal: Propose and answer clarifying questions about the topics to consider and challenge the resources, ideas, and concepts.

Q & A #1

  1. Q: In my company how do I make sure that an employee who works with the finances doesn’t steal from me?
  2. A: From a security perspective of risk management you can prevent theft by having careful hiring practices, clear policies and expectations and a dual role model such that large transactions require effort by 2 people. Detection can be done by having credit cards and bank accounts sent out warning emails when large transactions occur, say > $5000. One can also have a monthly review of finances on an unpredictable day of the month. Finally, one can set up one's accounts such that a very large transaction request will shut down access to the bank account until a phone call is made from a corporate officer.

Q & A #2 (Devil’s Advocate)

Q: Accounting for all risks is a waste of time. Wouldn’t it be more efficient to just deal with all risks on a contingency basis?

A: For some risks, yes. That the purpose of interrogating the risks and understanding them. Some risks are so minor or so infrequent and unpredictable that it makes little sense to prepare for an eventuality that may never happen, for which no preparation is possible, or where the negative outcome is minor in impact.

In contrast, if you had a fire in your office not only could it destroy your office and lead to significant downtime, but it may eliminate some records that are absolutely essential. Further, if your office includes a server which has your electronic files, you may lose far more than a bunch of papers. Even though a fire may be a relatively uncommon event if it did occur it could potentially destroy the viability of the entire company.

In contrast, it is relatively simple to make sure that server files are copied off-site on a routine basis. Paper-based records can be scanned and stored in such a system so that even if the papers are destroyed there is an electronic copy available. Finally, there is the risk to staff which is incalculable. Simple mechanisms such as safety procedures, fire detectors, and fire extinguishers are inexpensive controls which can prevent, detect, and mitigate such risks.

Supplement Concepts

Goal: Supply current, quality web links to supplementary material that support, illustrate, elaborate/expound on, typify, and challenge a concept, piece of content, or idea.
Discussion of Supplementary Material
    1. Why we chose the supplementary material: Not all risks are to materials; reputation risks can be the most expensive
    2. What is important about it: Wells Fargo set up a compensation system the increased the risk of fraudulent activity. It did not have systems in place to detect or halt such activity.
    3. What part(s) of the Learning Module it supplements: Security Procedures
    4. What the key takeaways are: Through corporate choices, one can actually introduce a novel security risk.
    1. Why we chose the supplementary material: An example of a risk internal to the company
    2. What is important about it: We often see “teaching to the test” as acceptable, but any support for gaming the system opens up the company to the risk of internal fraud
    3. What part(s) of the Learning Module it supplements: The need to avoid some risks at all costs.
    4. What the key takeaways are: Fraud can inflict enormous damage on a brand. Scrupulous honesty is essential to avoid this risk.
    1. Why we chose the supplementary material: To highlight the importance of monitoring the risk management system
    2. What is important about it: GM had a system, they just ignored it
    3. What part(s) of the Learning Module it supplements: The final step in the risk assessment process when one assesses if the system is functioning adequately
    4. What the key takeaways are: There is no sense in creating a risk mitigation system if you aren’t going to take action when a problem is identified.
    1. Why we chose the supplementary material: To highlight the importance risk management to an enterprise and to management
    2. What is important about it: Errors due to an inadequate risk management system are inevitable and can lead to failure of the company
    3. What part(s) of the Learning Module it supplements: The role of management is creating, supporting and evaluating a risk management system.
    4. What the key takeaways are: Ignoring risks is not an option. The steps can seem distracting and time-consuming but skipping necessary risk management assessment and mitigation can have an enormous impact.


Saturday, November 11, 2017

Social Responsibility in 2017 and Beyond (630-7)

Corporate Social Responsibility (CSR) was all the rage post Enron. Then we had more and disasters including the BP oil spill, banks selling toxic mortgages, sexual predator behavior by company leaders, ill-treatment of an airline customer, and defrauding bank customers by creating fake accounts. What happened?

CSR was a tag along. As It’s a Jungle in There implies, if you add the following elements to your business:
  • “be responsible” and,
  •  “give something back,” 
you are good to go. The reality was these words are and were hollow add-ons. So, for example, some movie producers gave us wonderful movies and were abusive at the same time. A company was "Beyond Petroleum", but actually did nothing to move us away from a carbon-spewing economy.

The problem is that being “responsible” wasn't built into the core company. Even Google’s “don’t be evil” is a little vague. It leaves a lot of wiggle room for “get away with whatever you can as long as no one gets hurt.” Apple’s hiding of profits offshore (and Google’s) is an excellent example of “legal” behavior. Unfortunately, that action is not supporting the country that launched Silicon Valley startups, trained staff in top universities, built communication and travel infrastructure, created the dynamic economy required to develop wondrous innovations, and (lest we forget) invented GPS and the Internet.

Honestly, in a world of “profit” vs. “responsible” which one is going to win? What will the board of directors demand? How about the investors? Or the stock owners? Or the mutual fund? Is a mutual fund guided by pension plans that are seriously underwater due to overoptimistic (or deceptive) promises of future revenue from investments going to risk a low ROI? They certainly aren’t going to trade ROI for some fuzzy “good for the world/earth/society/individual” mission. If being “responsible” isn’t baked into the core organization then like a bumper sticker that has gotten old and out of date, it will be removed. And “stakeholders” will demand that "responsible" behavior stays on the periphery of the company's agenda.

Additionally, there is the familiar “everyone else is doing it” argument. If you don’t put profit first (and second and third), then you’ll be out of business in a heartbeat. The mantra says, "Better to live on for another day then to drown in a sea of red ink." That argument, although quite useful has never been compelling and lacks ethical rigor.

The winning strategy is then to come up with slogans like “Beyond Petroleum,” greenwash your company, follow the leaders in the industry, and give some money to charity. Prove that yours is a “good” organization and it will be showered with profit.

When corporations and other organizations weren’t looking, the customer suddenly took charge. Sure some industries have successfully treated their customers poorly (e.g., airlines), but the positive feelings toward the monopoly that is Amazon are instructive. At Amazon, the “customer experience” is king. Somehow it is hellbent on providing more products, faster, with unbiased reviews, at lower prices, and with greater convenience. Where is the profit in that? How did that happen? Because Amazon actually responds to customer demand and customers are pretty demanding. Customers want all the aspects of the Amazon experience that Amazon delivers.

Even the punching bag that is the airline industry recently learned that it couldn’t drag a person off of a plane without generating a firestorm of rage from consumers. You won’t see an airline treating a customer like United did again (as long as folks have smartphones in their pocket). “Beyond Petroleum” is gone as a slogan. Wells Fargo paid for is misdeed; again that strategy isn’t likely to be followed by anyone else. Uber’s leader and a movie industry leaders have been toppled.

The alternative argument for the rise of consumer power would be to search for examples where organizations have been “irresponsible,” continued that behavior, and still remain profitable and successful. Starbucks settled with the EU. Pharma companies that tried to gouge customers backed off. Companies may stay profitable, but almost always they change their ways. What about Apple, Facebook, Google, and Amazon? When are they going to acknowledge the country that supported the means to acquire such enormous wealth? In the end, they too will need to explain why profit is more important than being responsible. Keep in mind that they are the most powerful companies (and valuable). When they change course, there won’t be many enterprises left that can act like being responsible is a mostly meaningless add-on to fool everyone and justify maintaining the status quo.

Perhaps customers don’t really care about clean water – tell that to folks in Michigan. Do they prefer money or healthy food? We see low-carb diets increasing and people demanding GMOs. Sales of fast food are down even though it is cheaper than “fast-fresh” restaurants. It’s hard to find high fructose corn syrup, and soda profits are decreasing. Customers are demanding more and slowly getting what they want.

The good news for corporate leaders and future organizational leaders is that customers want you to bake responsibility into your organization and will reward you for it. They have seen the perils of a “profit-first” approach, potentially first hand when they lost their house in 2009 or when yet another company told them “too bad for you, what are you going to do about it?” You can even see the change in autocratic regimes like China where folks are finally fed up with pollution. They may not have the power to attack the political system, but they can demand cleaner air.

So greenwashing your company won’t work. Now will adding flowery words to the mission statement. If you want to please customers, you need to provide clear benefit and not sacrifice it when it becomes inconvenient. In a few years, it’ll be the only way to survive in this competitive business environment.

So if you are building a new enterprise, take a chance and tell everyone that your goal is only to be profitable and provide high ROI to investors. Or take the safe route and demand that your organization considers its interaction with the environment, society, and individuals in everything it does.