Every business has risks. Part of what makes a business successful is how it eliminates or reduces those risks while still serving customers.
The hardware and software that power your ecommerce store create risks. I’ll call them technology risks.
Some technology risks are benign and don’t threaten the company. This could be, for example, the risk that the software driving your zip code lookup function breaks and your shipping department has to use Google Maps to find the zip code manually. It’s annoying and a hit to productivity. But it’s relatively minor.
Other risks can have a sizable impact on the business. Say the software that integrates the vendor database with your most popular product malfunctions so that the price drops from $199 to $1.99, causing a flood of orders. That could create a serious financial hardship.
In this article, I’ll describe a process to identify and minimize the technology risks associated with your ecommerce business.
Step 1: Identify Risks
First, identify the risks. This is a fun exercise, brainstorming about what can fail. It’s also a chance to air concerns or problems from customers and employees.
Making a list of where things can go wrong with your store will likely be eye-opening. You’ll presumably identify a wide variety of risks, not counting external macro events, such as natural disasters, government overhauls, and disruptions to the economy.
Integrations among platforms are prominent areas of risk for many merchants. This might be where your store syncs with your accounting or shipping software, or where it communicates with vendors or suppliers, or even how reports are printed and read by your employees.
Step 2: Evaluate Risks
Next, evaluate the risks and focus on those you can fix. Evaluate them based on standard, consistent criteria, such as:
- Likelihood of the risk occurring.
- Who or what the occurrence would impact. Would it affect employees, a single vendor, or every customer?
- How much damage the occurrence would cause. Try to quantify the damage, such as estimating financial cost. But sometimes you’ll have to evaluate it by the relative impact, from little damage to business shutdown.
- Whether employees can fix the occurrence.
Of the four criteria above, the last one is arguably the most important.
If the team assembled doesn’t have the authority, management expertise, or skills to eliminate a risk, it doesn’t make sense to spend time on it. Report the risk to someone who could fix it. But don’t spend time and energy trying to change something you cannot control.
Technical teams often get stuck on this. They care passionately fixing a problem, but they don’t have the ability. Sometimes they are blocked due to the lack of resources. Other times it was the regulatory environment. Discussing it is not only a waste of time but can cause the team to overlook a risk that they can fix.
Adopting a simple model to evaluate risks can be helpful. This could be a ranking system of, say, 1 to 5, with 5 causing the most damage if the risk occurred. It’s a simple shorthand to help make decisions, giving up precision for ease of understanding.
Step 3: Brainstorm Solutions
Once you’ve settled on the risks worth focusing on, it’s time to brainstorm how to fix, prevent, or reduce their impact. Depending on the risk, it could involve software changes, business changes, process changes, or a mix.
I prefer trying to prevent the risk from happening at a low level and then adding a second, higher-level check to report on it if the prevention didn’t work. For example, if there were a risk of orders getting placed with negative amounts because of coupon codes, I would address it in two places. First, I would use code to prevent any orders with a negative amount from checking out. Second, I would add an automated daily report to tell a manager if an order with a negative amount slipped through.
When brainstorming solutions, try to determine your budget, to identify realistic options. Consider the amount of potential damage and the probability of it occurring, and roughly compare that to the solution cost. That could prevent spending, say, $100,000 to minimize a risk that had a 1 percent chance of occurring and that would otherwise cause just $1,000 in losses.
Once you decide on a solution to minimize a risk or repair its occurrence, document it and communicate it to whoever needs to know. Explaining the reasoning behind the decision and the potential impact on the business can be helpful to obtain the required resources.
For example, if one of your developers told you that cardholder data is at risk with a high probability of leaking, you would likely give him anything he needed to fix it as soon as possible.
Your store will presumably always have technology risks. These will increase as more functions are absorbed by software vendors.
However, you can still take steps to prevent and protect. Identify the risks that you can control, evaluate the likelihood of their occurring, and implement ways to minimize their impact.