Accounting & Financial Services

The Role of Risk Management in a Family Enterprise

Weekly Edition • August 28, 2019
The Role of Risk Management in a Family Enterprise
The Role of Risk Management in a Family Enterprise
From FFI Practitioner

This week, we are pleased to share an article by Bilal Zein examining the topic of risk management in family enterprises. In the article, Bilal explores the unique risk culture he has observed in family firms and provides advisors with practical recommendations to manage risk when working with family enterprise clients.

Risk Management (RM) is an essential part of any organisation. Family enterprise advisors need to be aware that the risk appetite of family decision-makers can make or break a family business.

Although leaders in advisory or board positions are generally aware of the importance of the RM function within the organisation, the proper identification, comprehension, and understanding of risk and of how it impacts the organisation and its key stakeholders should be prerequisites for advisors who want to develop organizational strategy at a high level and protect their clients from potential downfalls.

Cultural Context

Risk culture1 operates on several levels, from the personal to the corporate to the wider cultural and ethical environment in which a business operates. Given the tendency for executives to suffer from optimism bias, the corporate board needs to consider and identify its own biases (Lovallo and Kahneman, 2003) and must understand more objectively the family enterprise’s approach to risk. Family firms with executive family members and/or entrepreneurs tend to be more prone to optimism bias than non-family firms, whose leadership tends to assess the firm’s situation and make decisions in a more structured and data-driven way. Furthermore, research shows that men are more likely than women to be predisposed to taking risks (PCL, 2016), so looking at the gender composition of the board and weighing the risk disposition compared to societal averages is useful. Family business advisors should be aware of this data as well as other research and offer advice in line with the risk appetite and entrepreneurial outlook of the family members in the business, whilst potentially exerting their influence as trusted advisors in order to moderate less stable risk-taking impulses.

It is not possible to eliminate or mitigate all risk

“It is not possible to eliminate or mitigate all risk. Nor is it in the interest of a company with ambitions of success, since without being willing to encounter potential danger, there is no chance to benefit from opportunities with uncertain outcomes.”

Relevance to Family Enterprise

From the perspective of families with operating companies, the strategic aspects of risk management are important. Risk management infrastructure, policies, and processes may be in place, but it is the family firm’s ability to identify and assess both current and future risks and to map these risks on to its own risk appetite—and, more importantly, on to the family business’s capacity to bear the consequences of the risks taken—that will influence its long-term survival and success. A risk matrix should be compiled by the risk manager, and then an assessment of identified risks should be assembled. This assessment should examine the relevant points for each risk and divide them into relevant categories, e.g., operational, legal, marketing, personnel, and physical assets.

A family business advisor may be better placed to guide management through this process, rather than an employee in an internal risk management position, because the advisor’s distance from day-to-day operations gives them perspective on the situations under consideration. Moreover, their advisory capacity means they can be more robust in their approach to management.

Questions leadership could pose to itself include the following:

  • When was the risk appetite and profile last reviewed?
  • What is the risk appetite in the context of the company’s current situation?
  • Have we identified the current and future risks (apparent and disguised)? Which risk types is the company most sensitive to?
  • How does the company’s risk-taking compare with its peers and competitors—for example, geographical, political, R&D/innovation risks?
  • Are the justifiable risks rewarded accordingly? Are unjustifiable risks discouraged/ penalised?
  • Does the board adequately understand the risks and the actions needed to alleviate or mitigate those risks? If all the risks that the board has the appetite for are stress-tested, are they bearable?
  • Are risk reports accurate and are the implications of the identified risks fully understood by the recipients?


Kris Verburgh
September 24, 2019


How will the Fourth Industrial Revolution impact our health, mind, and bodies? How will promising new biotechnologies, and reversing the aging process, transform medicine and our lifespans? How can investors and firms prepare for and seize on the opportunities in this new Biotech Age? New paradigm shifts in health and longevity will be discussed. Dr. Verburgh will also address the risks, promises, and concerns of this new biotech revolution and its consequences for society as a whole.

Two classes of risk relevant to a family enterprise

  1. General business risks
    • Corporate Governance
    • Economic
    • Legal
    • Operational
    • Personnel
    • Political
    • Reputational
  2. Family business risks
    • Communication
    • Compliance
    • Family conflict
    • Generational differences
    • Informality of decision making/lack of formal board
    • Relationship (Family and non-family, e.g., employees and suppliers)
    • Over-optimism/Over-caution
    • Succession Planning
    • Unwillingness to take third party advice/domineering personality

Unique Risks in the Context of the Family Enterprise

It is not possible to eliminate or mitigate all risk. Nor is it in the interest of a company with ambitions of success, since without being willing to encounter potential danger, there is no chance to benefit from opportunities with uncertain outcomes (McNally and Tophoff, 2014). Although there are other areas of significant risk for operating companies, such as internal non-control and human resources mismanagement (Simpkins and Ramirez, 2008), with effective enterprise risk management (ERM) processes in place, these risks should be under control of management and of those who are in positions with perspective over the company (Frigo and Anderson, 2011). A few risks unique to family enterprise are provided below.

  • One unique risk lies in the nature of entrepreneurs, who may go into uncharted territories to fulfil their visions and implement their ideas and strategies. In most cases, these entrepreneurs are much faster than their risk managers to make decisions and to implement new plans. Meanwhile their boards, even if properly in place, are behind the curve and have to play catch-up to address areas of concerns.
  • A second unique risk is that family business leaders may come under the sway of non-family member executives or advisors who have ulterior motives. Under their influence, these family enterprise leaders may make strategic and financial decisions that are not in the family’s long-term interests, but which serve the short-term career or social ambitions of the non-family executives (Strike, 2013).
  • Furthermore, family businesses often struggle to differentiate between revenue and profits. Focusing on high-growth, high-risk projects can be interesting for the careers of management involved, but they are often a poor long-term approach to maintaining and building value for shareholders.
  • Finally, it is important to appreciate that in the context of a first-generation family enterprise, there may be a lack of management experience and governance structures, as people are learning at the same time that the business is evolving. The failure to adopt or comply with formal management and governance procedures can introduce elements of risk that would not manifest themselves in a more structured corporate environment.
Risk management infrastructure, policies, and processes

“Risk management infrastructure, policies, and processes may be in place, but it is the family firm’s ability to identify and assess both current and future risks and to map these risks on to its own risk appetite…that will influence its long-term survival and success.”


  • Start by appointing a formal board (including independent directors) and populating it with experienced executives and independent directors who can perform the traditional functions of the board (IFC, 2012)2 and can stand up to dominant family members when necessary.
  • Implement a thorough ERM programme with a sufficiently senior person, who is not in a position of conflict, and appoint him or her to investigate, monitor, and report the risks of the company to the board and to suggest appropriate action.

All things considered, a carefully contemplated approach should be taken when considering acting in an advisory capacity to family businesses, as they may have the appetite to take on risks that would seem impossible to corporate organisations, and may potentially lack the expertise and systems that non-family corporate organisations might have to identify and mitigate these risks.

1 Risk culture is a term describing the values, beliefs, knowledge, attitudes and understanding about risk shared by a group of people with a common purpose. This applies to all organisations – including private companies, public bodies, governments and not-for-profits. (The Institute of Risk Management)

2 A Formal Board is a properly constituted board of Directors with a full range of decision-making powers, made up of independent directors and executive directors. It is a step up from both the entry level ‘paper board’, who formalise decisions made by the senior family members in the business, and the slightly more sophisticated ‘advisory board’ who are often made up of associates of the family (Source IFC, 2008 pp.37-42).


Dowd, Kevin (CRIS) 2008 ‘Moral Hazard and the Financial Crisis’

Frigo, M. and Anderson R. 2011 ‘Strategic Risk Management: A Foundation for Improving Enterprise Risk Management and Governance’

IFC Family Business Governance Handbook, 2nd Edition (2008) ‘Section IV: Senior Management in a Family Business’, IFC, Word Bank.

Lovallo, D. and Kahneman D. (2003) ‘Delusions of Success: How Optimism Undermines Executives’ Decisions’, Harvard Business Review

McNalty, J.s. and Tophoff, V.H. ‘Leveraging effective risk management and internal control’, Strategic Finance, April 2014

PCL, 2016: (Accessed 2019)

Simkins, B and Ramirez S.A. ‘Enterprise-wide risk management and corporate governance’ Loyola University Chicago Law Journal, Vol 3.9 (Spring, 2008)

Strike, V. 2013 ‘The Most Trusted Advisor and the Subtle Advice Process in Family Firms’ Family Business Review 26(3) 293-313

Bilal Zein
About the Contributor
Bilal Zein has 28 years of experience. His C-Level experience ranges across various sectors such as industrial, trading, contracting and commercial in the EMEA region. He holds a Bachelor of Electrical Engineering and an MBA from ESCP. and holds FFI advanced certificates in the in Family Business (ACFBA) and Family Wealth Advising (ACFWA). He is a member of the FFI 2019-2021 UK/Europe Regional Planning committee.
About Quanon Capital Ltd.
In 2001 Bilal set up Quanon Capital Ltd (Single Family Office). Services covered include oversight of operating businesses, investment strategy, opportunity sourcing, deal closing (M&A), Real Estate, Treasury, Tax and corporate structuring, investment & consolidated reporting, Bank and Trustee liaisons as well as lifestyle services. Quanon Capital also facilitates and provides governance for the family and the family business.
About the 2019-2021 FFI UK/Europe Regional Planning Committee

The purpose of this committee is to expand the presence of FFI as an organization and the FFI members themselves in UK and Europe area in the coming years, to build enthusiasm for the 2021 October conference in London, and to promote the multidisciplinary, global approach that is at the core of FFI’s mission “to be the most influential global network of thought leaders in the family enterprise field.” This is the second in a series of articles from the committee members. On September 24, the UK/Europe Regional Committee will host a master class with Belgium doctor, Kris Verburgh, author of The Longevity Code, at KPMG Canada Wharf in London. See Sidebar to register.

Up Next Week

Research Applied: FBR Précis for FFI Practitioner

“Research Applied: FBR Précis for FFI Practitioner

by Guido Corbetta