How to read 10-K risk factors to pressure-test a bull case
The risk-factors section is where an issuer describes, in its own words, what could break its business. Reading Item 1A claim by claim turns it into the most efficient bear-case source in the filing.
Most bull cases are written from the sections of a 10-K that describe what is going well: the business overview, the growth numbers, the management commentary. The risk-factors section, Item 1A, is the one place in the same filing where the issuer is required to describe what could go wrong. That makes it the most efficient single section for pressure-testing a thesis, and it is the section this guide covers.
This sits inside the broader ThesisCheck methodology: translate the thesis into checkable claims, then compare each claim with the filing evidence. A companion guide covers the whole-filing workflow; this one goes deep on a single section. As always, the output is descriptive. It does not provide buy, sell, hold, rating, sizing, or price-target recommendations.
What Item 1A actually is
The risk-factors section exists because of a disclosure rule, not because of editorial choice. Item 105 of Regulation S-K requires a discussion of the material factors that make an investment in the registrant or offering speculative or risky, organized under relevant headings, with risks that could apply generically to any registrant grouped at the end under a "General Risk Factors" caption.
Two details of that rule matter for readers. First, the standard is materiality: in 2020 the SEC amended the rule to ask for "material" risk factors rather than the older "most significant" phrasing, and added a summary requirement when the section runs past 15 pages. Second, the rule itself acknowledges that generic risks exist and pushes them to the back. The structure of the section is therefore a built-in reading aid: the issuer has already partially sorted specific from generic.
The SEC's Form 10-K instructions place Item 1A in Part I, immediately after the business description, and Investor.gov's guide to reading a 10-K lists it among the sections investors commonly review.
Step 1: split boilerplate from issuer-specific language
Read the section once with a single question: could this paragraph appear, nearly unchanged, in a competitor's filing? Risks about general economic conditions, cybersecurity in the abstract, or the possibility of litigation usually could. Those paragraphs are real disclosures, but they rarely pressure a specific thesis.
The paragraphs that survive this filter tend to name things: a customer that accounts for a stated share of revenue, a supplier or platform dependency, a patent cliff with a year attached, a regulatory approval the plan depends on, a covenant in a named credit facility. Specificity is the signal. A named dependency is a checkable fact; a generic hazard is not.
Step 2: map each specific risk to a thesis claim
A risk factor on its own is just a disclosure. It becomes useful when it is attached to the claim it pressures. For each issuer-specific risk, ask which sentence of the thesis it touches:
- A revenue-concentration risk pressures any claim about durable or diversified growth.
- A supplier or platform dependency pressures claims about margin control or pricing power.
- A refinancing or covenant risk pressures claims that the company can fund its plan internally.
- A regulatory or approval risk pressures claims with a timeline attached.
Risks that map to no thesis claim go into a context pile. Risks that map to a claim become bear-case entries for that claim, which is exactly how a forced bear case gets built from the issuer's own words. The broader workflow for that lives on the stock bear case analysis page.
Step 3: compare against last year's section
Item 1A is most informative in the differences. Pull the prior year's 10-K and compare: which risk factors are new, which were removed, which moved up the ordering, and which gained specificity (a general competition risk that now names a technology shift, for example). New or sharpened language is a dated, sourced signal that the issuer's own view of a hazard changed. Removed language is worth confirming rather than celebrating, since sections also get restructured for drafting reasons.
Step 4: record what the section did not say
The last pass is about absence. If the thesis depends on something specific, a renewal cycle, a concentrated customer staying, a plant expansion finishing on time, and the risk-factors section is silent on it, that silence is not support. It is an evidence gap: a claim that matters to the thesis with no filing passage either backing or pressuring it. Recording gaps explicitly is what keeps the exercise honest, because a thesis can survive every disclosed risk and still rest on undisclosed assumptions.
What the finished read looks like
The output of this section-level read is a compact table, not a verdict: each issuer-specific risk factor, the thesis claim it pressures, the filing passage it came from, and any thesis-relevant topic the section was silent on. Alongside the 10-K sections that support the thesis, this becomes the pressure side of a complete source ledger.
That format is deliberately descriptive. The risk-factors read ends with a cleaner map of what the issuer has disclosed against the thesis, and where the public record is silent. What to do with that map stays with the reader.
Sources
- Form 10-KU.S. Securities and Exchange Commission · accessed 2026-07-02
- How to Read a 10-KInvestor.gov · accessed 2026-07-02
- 17 CFR 229.105 (Item 105) Risk factorseCFR (Code of Federal Regulations) · accessed 2026-07-02
- SEC Adopts Rule Amendments to Modernize Disclosures of Business, Legal Proceedings, and Risk Factors Under Regulation S-KU.S. Securities and Exchange Commission · 2020-08-26