How to Identify Strategic Risk
First, the basic process: As discussed in previous posts, strategic risk assessment should be a review of goals, objectives and corporate values, as expressed in a plan. Risk assessment benefits from a multi-disciplinary round table reviewing the schedule of intended action. The risk lens brings to light the things that may prevent the successful execution of the plan.
Tracing through all stages of the plan, ask the question: What could hinder or prevent the accomplishment of this particular objective?; or, What could compromise the safeguarding of this professional value? In the broadest analysis, it is a matter of identifying phenomena that call into question the strategic direction, approach to a project, or feasibility of a program. The mitigation of such risk involves action on the same scale: to shift the planned direction; to build up one aspect of the business; to attenuate another.
But there is always some unique twist in a risk assessment…
In a recent session for a private professional association, I began to question our results. I said that I didn’t feel that we were generating any new insight. Participants’ ideas of risk were just accumulating in recurring familiar themes, which seemed rather remote or abstract, and so relegated to a “parking lot” on one corner of the white board. I remembered that this had happened before in another session with a social services agency of government. In both cases, the 8 to 10 parking lot issues were finally recognized as fundamental risks affecting all programs. Here are three examples of these generalized risks:
1. poor communications, and in particular, broken down trust with key stakeholders;
2. overcommitment to projects resulted in missed deadlines and failed deliverables;
3. lack of clarity regarding core identity and mission led to a confusion of practices and conflicting priorities.
Now, these risks had crucial things in common:
Interpretation of Risks
1. they affected the operation and success of the entire agency;
2. they were known to all participants, not distinctly, but rather as vague, uneasy feelings and recurring complaints;
3. they had never been recognized nor addressed with specific plans.
The treatments for these risks were along these lines…
Strategic Risk Mitigation
1. set up meetings with stakeholders to establish better working methods and common understanding;
2. create strict criteria to vet proposed projects and limit the agency’s commitments;
3. review the agency’s mission, and reconcile or phase out activities that were out of scope.
The novelty and value of the mitigation actions like these catch the board’s attention.
Insight into Strategic Risk
I conclude from these experiences that it takes two steps to arrive at deeper insight into strategic risk. One is a rigorous process by which risks are identified and formulated in a consistent manner. Second, you need to be able to pause, step back, and consider common themes and complaints. Try to identify the issues underlying the entire risk profile.
You might see that there are indeed fundamental risks that escaped detection. It is only natural: program managers and others participating in risk ID are concerned with immediate deliverables. Because they are too close to the work — that is, because they have unspoken and unchallenged assumptions about how the organization conducts its business — they do not formulate the strategic risks that are hiding in plain sight.
Tags: strategic risk assessment