Imagine you have a great idea. Perhaps it’s for a start-up venture. Perhaps it’s a new, better way of doing something at your workplace. Perhaps it’s changing the way your business has always done something. Perhaps it’s a substantial capital works project.

Each of these will require a business case to convince stakeholders that your idea is, in fact, great, and ought to be implemented. Key aspects considered and explained should include:

  • what the good idea is
  • how it fits into the current market or organization
  • the benefits it will bring
  • the upfront and ongoing costs that it will entail
  • the risks the proposed course of action will carry
  • what will be done to address these risks

These points can be separated into the three elements of any good business case: the ‘what’, the cost-benefit analysis, and the risk management strategy. The effort and detail required to prepare a convincing business case will vary depending on the idea, but it is unlikely to gain stakeholder acceptance without these three key elements.

The ‘what’ and the cost-benefit analysis are generally well understood. However, business case risk management strategies are often difficult to interpret for readers. When you consider that those reading a business case will likely be those deciding if your (great) idea is accepted, the benefit of a clear and concise risk management strategy becomes obvious.

So, what does a clear and concise risk management strategy involve? How can one best be prepared and presented? And how can it be made convincing as part of a business case?


The essence of a convincing risk management strategy is emphatically not a statement of “here are the risks, and here is what we will do about them so we don’t think they will happen.”

This is, essentially, a list of problems.  When deciding on a new course of action as a start-up, a small business or a large organization, a list of problems in a business case will not give decision-makers confidence.

This is especially the case if, as proposed by AS31000 (the Australian Standard for risk management), the goal of the risk management strategy is to ensure risks are ‘tolerable’, which generally means they are unlikely to occur. This argument to unlikelihood is particularly unconvincing if a decision-maker asks “I accept that this risk is unlikely, but what if it happens?”

A clearer and more convincing approach is to present a case that states “here are the critical issues, here is why we don’t believe any have been overlooked, and here is why we believe all reasonable measures are in place to address them.”

This approach takes a solution (rather than hazard) based approach. A hazard-based approach typically identifies many specific problems and puts them in a list, before thinking of things to do about them. Its perspective is “here’s what could go wrong with my great idea, and here’s why I don’t think it will.”

This approach tends to focus on problems and their complexity, going into detailed, oft-impenetrable risk analysis, making it difficult for senior decision-makers to fully comprehend due to the specialist skill-sets required. Problems are often taken out of context for the organization, and measures identified for each problem tend to be specific to each problem and as such hard to justify. It creates analysis paralysis.

A solution-based approach, by contrast, begins by looking at what measures are in place in similar situations, and what further measures might be needed for this specific context. It is actually an options analysis and provides the case for action. Its perspective is "here’s what we should have in place to be confident going ahead with my great idea.”

This shift from problems to solutions is key to presenting a convincing business case. It pushes the focus to the way forward, and takes an overarching, holistic viewpoint, making recommendations clearly explicable to senior decision-makers. It ensures the organization’s context is always considered, and identifies a smaller number of solutions that address multiple potential issues, with a focus on implementing recognized good practice rather than presenting unnecessarily detailed analysis.

Where needed, this approach can still generate the level of detail required for budget contingency estimation (e.g. through Monte Carlo simulation). However, it ensures that this detail remains contextually sound, and is only provided where beneficial to decision-making.

This approach is also simpler, faster, more efficient, often cheaper, and certainly more defensible if something does go wrong. They provide an argument as to why decisions are diligent, rather than why they are ‘right.’ In short, a solution-based approach provides a far superior decision basis than a hazard-based approach. And that’s something that any business case should aim for.

By Tim Procter and Richard Robinson, directors R2A