← Back to Insights
Growth Strategy

Derisking Growth: A Structured Approach

December 2024 • 8 min read

Every significant business decision carries risk. New markets, acquisitions, major investments, product launches—the bigger the opportunity, the bigger the potential downside. The difference between businesses that grow successfully and those that stumble isn't avoiding risk entirely. It's systematically identifying, assessing, and mitigating risks before committing significant resources.

This isn't about eliminating uncertainty—that's impossible. It's about understanding what could go wrong, how likely it is, and what you can do about it. Structured derisking turns "we hope this works" into "we've stress-tested this against realistic scenarios and have contingency plans in place."

Why Most Growth Initiatives Fail

Research consistently shows that 60-70% of acquisitions fail to deliver expected value. New market entries fare similarly poorly. Large capital projects routinely exceed budgets and timelines. The common thread isn't bad luck—it's inadequate risk assessment before the decision was made.

The problem typically isn't that risks weren't identified. It's that they weren't systematically assessed, quantified, or addressed. Decision-makers often fall prey to:

  • Optimism bias — Assuming the most likely outcome is better than evidence supports
  • Confirmation bias — Seeking information that supports the decision already made
  • Sunk cost thinking — Continuing because of what's already invested, not what's ahead
  • Groupthink — Suppressing concerns to maintain consensus
  • Time pressure — Rushing analysis to meet artificial deadlines

Structured derisking counters these biases by forcing systematic consideration of what could go wrong, not just what could go right.

A Framework for Systematic Derisking

Effective derisking follows a structured process. This isn't bureaucratic box-ticking—it's a discipline that surfaces issues early when they're cheapest to address.

The Five-Step Derisking Process

  1. Identify — Systematically catalogue all potential risks across categories
  2. Assess — Evaluate likelihood and impact of each risk
  3. Prioritise — Focus attention on high-impact, high-probability risks
  4. Mitigate — Develop specific actions to reduce, transfer, or accept each risk
  5. Monitor — Track risk indicators and adjust as circumstances change

This process should happen before major commitments, not after. Once contracts are signed or capital is deployed, your options narrow dramatically.

Risk Categories to Consider

Different initiatives face different risk profiles. A new market entry has different risks than an acquisition or major capital investment. But most growth initiatives share common risk categories:

Market Risk

Will customers actually buy what you're selling, at the price you need, in the volumes you're projecting?

Examples: Market size overestimated, customer needs misunderstood, pricing too high, timing wrong, competitive response underestimated

Execution Risk

Can your organisation actually deliver? Do you have the capabilities, resources, and capacity?

Examples: Integration challenges, key person dependencies, supply chain constraints, technology implementation failures, quality issues

Financial Risk

Can you fund this through to positive returns? What happens if costs exceed projections or revenues lag?

Examples: Cash flow timing, working capital requirements, currency exposure, cost overruns, revenue delays

Strategic Risk

Does this initiative still make sense if the competitive landscape or market conditions change?

Examples: Competitor response, regulatory changes, technology disruption, macroeconomic shifts, customer preference changes

Operational Risk

What could go wrong in day-to-day operations? What are the single points of failure?

Examples: Key supplier failure, IT system outages, staff turnover, compliance breaches, safety incidents
Key insight: The risks that kill initiatives are often not the ones that were analysed in detail. They're the ones in adjacent categories that were overlooked entirely. A structured approach ensures you're asking the right questions across all categories, not just the obvious ones.

Assessing Risk: The Probability-Impact Matrix

Not all risks are equal. Some are highly likely but minor in impact. Others are unlikely but catastrophic if they occur. A probability-impact matrix helps prioritise where to focus attention.

Low Impact
Medium Impact
High Impact
High Probability
Monitor
Mitigate
Avoid/Transfer
Medium Probability
Accept
Monitor
Mitigate
Low Probability
Accept
Accept
Contingency Plan

The matrix guides action. High-probability, high-impact risks need active mitigation or the initiative may not be viable. Low-probability, low-impact risks can often be accepted. The tricky decisions are in the middle—and those require judgment informed by your organisation's risk appetite.

Scenario Planning: Stress-Testing Your Assumptions

Every business case rests on assumptions. Revenue projections, cost estimates, timing, competitive response—all are uncertain. Scenario planning tests how sensitive your outcomes are to these assumptions.

At minimum, model three scenarios:

Scenario Description Purpose
Best Case Everything goes better than expected Understand the upside potential
Base Case Most likely outcome given current information Primary decision basis
Downside Case Multiple things go wrong simultaneously Test survivability and contingency triggers

The downside case is the most important. Not because it's likely, but because it tests whether you can survive if things go wrong. If the downside case threatens the core business, you need either stronger mitigations or a different approach to the opportunity.

Common mistake: Creating downside scenarios that aren't actually that bad. A true downside case should make you uncomfortable. If your "worst case" is just 80% of base case revenue, you haven't stress-tested properly. What if it's 50%? What if the timeline doubles? What if your key hire leaves?

Risk Mitigation Strategies

Once risks are identified and prioritised, you have four basic options:

Avoid

Eliminate the risk entirely by not proceeding or choosing a different approach. Sometimes the best mitigation is recognising a risk isn't worth taking.

Reduce

Take actions that lower either the probability or impact of the risk. This is the most common strategy—phased rollouts, pilot programs, additional due diligence.

Transfer

Shift the risk to another party through insurance, contracts, partnerships, or deal structure. Earnouts in acquisitions are a classic example.

Accept

Consciously decide to proceed despite the risk, with monitoring and contingency plans in place. Appropriate for low-impact risks or when mitigation costs exceed expected losses.

The right strategy depends on the specific risk, your organisation's capabilities, and the overall risk profile of the initiative. Most significant initiatives will use all four strategies for different risks.

Derisking in Practice

Acquisitions and Tuck-Ins

As we explore in our article on tuck-in acquisitions, smaller bolt-on acquisitions have much higher success rates than large transformational deals—partly because the risks are more manageable. But even smaller deals require systematic derisking:

  • Customer concentration — What happens if the target's largest customer doesn't continue post-acquisition?
  • Key person risk — Does critical knowledge walk out the door if certain people leave?
  • Integration complexity — Are systems, processes, and cultures compatible?
  • Hidden liabilities — What's not on the balance sheet?

Thorough due diligence is risk identification. Deal structure—including earnouts, holdbacks, and warranties—is risk transfer. Integration planning is risk reduction.

New Market Entry

Entering new markets—whether geographic or product-based—carries significant risk. Derisking strategies include:

  • Pilot programs — Test assumptions with limited investment before full commitment
  • Partnerships — Share risk with local partners who have market knowledge
  • Phased investment — Gate further investment on achieving milestone targets
  • Market research — Validate assumptions with actual customer data, not secondary sources

Major Capital Investments

Capital projects—new facilities, equipment, technology implementations—are notorious for cost overruns and delays. Derisking approaches include:

  • Contingency budgets — Plan for overruns, don't just hope to avoid them
  • Fixed-price contracts — Transfer cost risk to contractors where appropriate
  • Reference checking — Talk to others who've done similar projects
  • Independent review — Have someone outside the project team challenge assumptions

Derisking and Business Value

There's a direct connection between derisking and business value. As we explain in our article on business valuation, the multiple buyers will pay is fundamentally about risk. Lower perceived risk equals higher valuation multiples.

This means derisking isn't just about avoiding failure—it's about building a more valuable business. Reducing owner dependency, diversifying customer concentration, documenting processes, building management capability—these are all derisking activities that directly increase business value.

The Risk-Value Connection

Consider two businesses with identical earnings. Business A has concentrated customers, owner dependency, and project-based revenue. Business B has diversified customers, a strong management team, and recurring revenue.

Business A might sell for 3x earnings. Business B might command 6x or more. The difference isn't in what they earn—it's in the perceived risk to future earnings. Business B has systematically derisked its operations.

Making the Go/No-Go Decision

After completing risk assessment and developing mitigation plans, you need to decide: proceed, proceed with modifications, or walk away. A structured decision framework helps:

Decision Framework

1
Are there any unmitigable "fatal flaw" risks? If yes, stop or fundamentally restructure the initiative
2
Does the downside case threaten the core business? If yes, reduce scale, stage investment, or reconsider
3
Is the risk-adjusted return attractive? Consider expected value across scenarios, not just base case
4
Are mitigations in place and monitoring established? Know your early warning indicators and response triggers
5
Is there organisational alignment and commitment? Execution risk increases dramatically without buy-in

Key Takeaways

  • Derisking isn't risk avoidance — It's systematic identification, assessment, and mitigation that enables confident decision-making
  • Do this before committing — Options narrow dramatically once contracts are signed and capital is deployed
  • Use a structured framework — Systematic processes counter the biases that lead to poor decisions
  • Stress-test with real scenarios — If your downside case doesn't make you uncomfortable, it's not realistic
  • Match mitigation to risk — High-impact, high-probability risks need active mitigation; low risks can be accepted
  • Derisking builds value — The same activities that reduce risk in initiatives also increase business value
  • Monitor and adapt — Risk assessment isn't a one-time exercise; circumstances change

The goal isn't a risk-free business—that doesn't exist. The goal is a business that takes calculated risks with eyes open, appropriate mitigations in place, and the resilience to adapt when things don't go as planned.

Need Help Derisking a Major Initiative?

We provide structured derisking analysis, scenario planning, and business case development for acquisitions, new ventures, and major investments. Rigorous analysis delivered remotely.

Learn About Our Strategy Services

Related Articles

Planning a Major Initiative?

Start with a confidential conversation about derisking your growth plans

Get in Touch 029 0431 0422