Podcast Episode: 005
Date: Tue 29 June 2021
Title: Is Your Strategic Planning Really Any Good?
We promised to start the discussion of the all-important risk identification and assessment process High Quality Risk Assessment. But the first step is actually to check and fix the organization’s planning.
Longer Term Agenda: High Quality Risk Assessment
1. Investigate and fix the planning practice.
2. Establish the context
3. Identify risk
4. Evaluate Risk
5. Risk mitigation and review
6. How to conduct the High Quality Risk Assessment session
We can only address point 1 today: investigate and fix the planning practice. We cannot start straight in with risk ID! We must prepare by scrutinizing the organization’s planning regime! I think you will find it an important key to successful ERM.
Why this obsession with the planning practice in the organization? Why can’t we simply start with risk identification?
The intuitive, informal approach — does it work?
The importance of the planning language.
The spectrum from non-planning, to plans (improperly formulated), to plans (unsubstantiated).
Properly formulated goals.
Properly informed goals.
The economic reasons for planning and risk management: the crucial point in the development trajectory of business organizations, as well as public agencies and non-profits.
Planning and risk management regimes are crucial to the evolution of the organization.
Conclusions: we need proper planning as the logical precursor to risk management.
Complete planning practice
– self-identification: unique competitive advantage
– special relationships; clients and constituents
– capacity for change
– environmental scan
– stakeholder analysis
– gap analysis
– formulation of goals and objectives
-beneficial psychological effects of engaging staff in planning process.
Summary: Let’s review what we’ve covered today.
1. High Quality Risk Assessment is a precise method: the core practice that generates value in the ERM regime.
2. We cannot start with risk ID, but must discuss the planning practice of the organization.
3. Many organizations will be deficient in the documentation, formulation or background research.
4. At a crisis point in their development, firms have to build proper management systems or experience mediocre performance.
5. We can suggest the steps in a complete planning process.
6. As staff participates in research and planning, the company can experience a profound renewal.
7. 80% of the risk management team’s work could be to investigate and gain cooperation to improve the whole strategic and operational planning practice. The benefits, however, are significant.
We must have proper planning as the logical precursor to enterprise risk management. Yet we ask: “Why do so many strategic plans end up on the shelf? It’s curious, given that strategic planning is among the most popular of management tools.” (Robertson, 2019, p. iv)
E.Robertson Strategic Planning: Process, Templates and Effective Implementation (2019)
[edited for clarity]
Risk commentary podcast Episode 5: Is Your Strategic Planning Really Any Good?
Well we’re getting into methods now. And I promised to start the discussion of the all-important risk identification and assessment process. This is the core practice in enterprise risk management which makes the whole initiative worthwhile; this is where the value is, and this is what makes it inspiring. So for that reason, I closely specify this process and I have a special name for it. I call it High Quality Risk Assessment.
[01:14] So let me run through the agenda for the complete discussion of High Quality Risk Assessment. The points will be:
1. investigate and fix the planning practice
2. establish the context
3. identify risk
4. evaluate risk
5. risk mitigation and review
6. how to conduct the High Quality Risk Assessment session.
So I’m sure you recognized several points there from the classic stages of the risk management process with a few other things thrown in; e.g., investigate and fix the planning practice.
So maddeningly we can’t start in with the risk ID itself; we have to backtrack and review what the organization is doing in terms of planning.
This is really important and in fact will give us I think enough material for the entire podcast today.
So already I can hear some people complaining: “Well, why this obsession with the planning practice? Why can’t we just start in with risk ID? Our planning is good enough, we already know what our goals are…” and so on and so forth. Well let me tell you a few stories.
[02:24] Perhaps you’ve already experienced some of this. When we (at Risk Management Branch and with clients) first started experimenting with risk identification, we would have rather informal discussions — roundtable sessions — and identify risk. Pretty quickly, I discovered — especially as the person who was responsible for aggregating and making sense out of all of this information — that the whole thing was simply all over the map. What I mean is, we had people identifying risk at the level of the national economy;… at the level of the department;… in terms of, let’s say, too many laptops or too much stationery went missing. In other words, the topic, the bounds of the discussion and the scale of the discussion were not made clear.
Add to that the difficulty that people were conceptualizing risk as different things in their own minds. So some people would conceptualized risk in sort of an alarmist way. And this is the most common thing for people who are not practiced. They take the view of emergency risk, earthquake risk; floods and fire and so on — in other words all of the various hazards — without clearly conceiving risk, as required in the standards, as the uncertainty that is associated with goals and objectives.
So my take-away from this is: Do not try to identify risk simply by having an informal discussion without any method. That way is just going to lead to confusion.
[03:55] Well, let’s assume that you’ve already established the fact that you have to identify risk in relation to planned goals, and you’re starting to look at the expressed goals of the organization. Now there we run into a whole spectrum of different situations. One that is quite common is that there are no written goals. There’s no planning process, and all the goals and objectives and corporate values and so on simply reside in [the head of] the person who’s leading the organization. This is not uncommon, and it can lead to success — but if it does lead to success, it’s only by force of that person’s personality [or luck].
Another similar situation is to simply have a process in place [a routine workflow] without any clear conceptualization of goals, so that people in the organization simply repeat actions, and that seems to be adequate.
Now in the case where you’ve actually got documented plans — and in formal settings, documented plans will be required — you’ll have to publish the intended goals and objectives. It’s very often the case that they’re not properly formulated. In other words, people are not clear on the definitions in the planning language that they’re using. That means people don’t all conceive of what a goal is in the same way, nor do they relate goal to objective in the same way; nor do they express values in the same way or a vision… and so on.
So you might think, well you know this is all rather pedantic. Do you really have to focus on definitions such a minute way? It can be important. Let let me give you an example.
Let’s say we work for some sort of agency, whether it’s public or private, and our intention is to build an online payments system, and we are charged with expressing our goals in this regard. Okay, so some people would would say something like (and I’ve seen this quite often): “We’re going to build the best online payment system west of the Rockies.” “We’re going to build the the best online payment system in the state.” — or whatever it is.
Now that in itself, although it’s characterized as a goal, is not a goal that we can really deal with. We cannot assess risk with a goal that expressed like, that simply because, as risk managers, we don’t know what the intended actions are.
Now that statement, to build the best online payments system west of the Rockies or in the state of Colorado or something like that, you know, that might be a good vision statement — or at least part of vision. But it’s not an actionable goal. So that leads me to insist upon the clarification of the planning language and definitions therein, and to formulate goals properly so that they can be understood as something that is actionable. And in this regard you can look up just about any reference to what is called SMART goals (specific, measurable, actionable and so on). And that will already be a huge improvement to any vague statement of goals.
[06:54] Well let’s continue on our spectrum of non-planning to more structured planning. All right, let’s say we’ve got formulated goals that are pretty reasonable. We know they’re actionable; we can start to identify risk. But there is a question that crops up. Well, how well informed are these goals? Did they really take into account what the industry trends are? Do we know what the competition is doing? Do we know what the emerging issues are that are coming up on the horizon? Do we know what the leading jurisdictions are doing? Have we sufficiently canvassed our major stakeholders in this regard?
So it’s entirely possible to have goals that are well-formulated, well expressed, which is really good from the point of view of trying to identify risk — and yet if those goals are not substantiated, if they’re not well informed, then already you’re incurring risk.
[07:48] Now, these questions could be resonating with you. And if they are, it might be because you’re at a specific point in the evolution of your organization or your business. That is, at a certain point after you’ve been chugging along for a while and things are going all right, and you’re starting to reach a certain level of revenue, and maturity in the business, then there comes a critical point when you have to make or break. You have to start putting in place ordered systems. Now this argument could apply not only to small business startups and so on, but also public sector agencies and nonprofits. In the early stages of organizational development, it’s probably okay and feasible to have methods that are really not particularly organized — in other words, informal management goals that are residing in the minds of organizational leaders, executed by force of their own personal influence, their personality.
But at the next stage of evolution, there’s going to be sufficient level of sales, business activity and scale of operations, that, all of a sudden, things start to get complex. And it’s no longer sufficient to do things in an informal manner, because things start to go wrong. Too many mistakes are made; deadlines are missed; the quality suffers, whether that be of a product or a service. People start to realize: okay, well, if we’re going to move ahead; if we’re actually going to mature as an organization, we really have to start setting up proper management systems — or, on the other hand, just resign ourselves to a state of affairs where we make some headway and then fall back, make headway and fall back.
That’s not really a sustainable approach, because you’re going to be overtaken by the competition, or the credibility of teh organization will start to falter, and eventually it will fail. But you know I’ve observed and lived through this crisis of development in various organizations, and I can say that, in retrospect, it’s much better (it’s ideal actually) if when starting up you can begin with the correct methods.
Put in place methods that are scalable, that can be expanded and will meet the demands of a higher volume of business and greater complexity of business activity, and so on.
[10:11] So I started to look in detail at this whole management discipline of planning, and put together a schema for a logical path, to lead us to properly formulated and properly substantiated plans. So without going through the entire process, let’s do a a summary of the steps in a comprehensive planning process.
I begin with the planning team establishing what I call Strategic Identity, and that simply means taking an inward view and trying to define what is the character of the organization. What are unique assets? — from the point of view of not just material assets but also capacities or competencies. What is our position in the marketplace? Whom do we serve; and who are our special constituents or clients; what are the trends and conditions that are affecting those groups?
So once we self-define, and understand anew the people that we serve, we can state what our mission is: the reason for the existence of the organization. And keep in mind at this point we don’t try to state specific goals, but rather we want to define the mission and our values — principles that guide behaviours. Finally we want to assess in a frank manner our capacity for organizational change. So that might strike you as odd, to try to look at our capacity for organizational change as part of a planning exercise. But really it becomes very important because we want to know: What kind of culture are we dealing with? Are they progressive and asking for change? Or are they rather conservative and reticent?… and so on.
If we’ve characterized sufficiently the organization itself, we can start to look outward and ask: What’s happening in the industry? What’s happening in our particular vertical? What does our environmental scan tell us? — not only with regard to the basic economic indicators and political analysis, and so on, but what are the cutting edge developments? What are the emerging issues on the horizon that are going to really affect our industry? And have we also considered the various opportunities to might be coming up?
It might also be appropriate to list all the various stakeholders that have some dealings with the organization, I mean, apart from the core client group, our constituency [e.g., supply chain] and to understand: what are their motives? What are the trends? What are the issues that these groups are facing? This is going to affect our planning.
All right, so at this point we’ve looked both inward to characterize the organization itself, as well as outward to characterize the conditions in the environment and among our stakeholder groups. And I really think that only at this point are we really prepared to define what the vision is.
[12:51] The vision is a word picture — a picture painted words — as to the ideal operation of the organization in some future state, without stating quite yet how we’re planning to get there. What follows next is a gap analysis, to compare the picture of the vision, the ideal operation of our organization, with the current state of affairs. With that gap analysis, we can start to actually formulate our goals our objectives: What do we intend to accomplish in the next planning period? (whether it’s six months or a year…)
I’ve been describing a complete process for strategic planning, which is of course of an important precursor for enterprise risk management. But I want to say a few words about the process. The best information on planning will characterize it not as just the final documents, but actually as a process, an iterative process.
I want to emphasize that if you are at this crucial stage in the history of the development of the organization, this whole exercise of doing the strategic planning can be very profound. It can have real effects on the motivational spirit, the morale of the organization as a whole, as well as to consolidate the team-building and cooperation among the members of the planning group themselves.
[14:07 So you might have decided as the leader of this initiative to call a round-table with people who have let’s say considerable seniority, in terms of their length of employment with the agency, and yet they’ve never been involved in any planning discussions before. Further, it could be possible to extend the discussion to the entire staff, in the form of a blue sky session, or something like that. So what we have here is a tremendous opportunity to engage not only the planning group, but also the the full staff in a cooperative discussion of the company’s future, which can rejuvenate the whole morale of the company.
The whole exercise has to be framed and managed in a way that is fair and equitable to all concerned. So that staff have to take into account the difficulties that are faced by management in a new environment; that is, particular challenges, especially in the face of declining revenues or some other crisis. Conversely, management has to allow discussion of, and take into account, conditions of employmewnt, staff concerns, and opportunities to improve the HR regime, recruitment, retention, etc.
[15:16 Well, we seem to have strayed quite far from risk management into strategic planning. But let’s review the points that we covered today just to understand why we did that.
1. High Quality Risk Assessment is a precise method. We pay attention to that because it is the core practice that really generates value in ERM regime.
2. We can’t start with risk ID but must discuss at some length the first step in High Quality Risk Assessment — to examine the planning practice of the organization. And it’s the very definition of risk in the standards that makes this necessary.
3. In many organizations we will likely discover that their planning is deficient either in the documentation of plans, or in their specific formulation, or in terms of background research.
4. This is typically seen in organizations that have reached a crisis point in their development, where they have to make or break. In other words, they have to either build proper management systems, or experience mediocre performance and possibly eventual failure.
5. Recognizing that proper strategic planning is the logical precursor to risk assessment, we can suggest the steps in a complete planning process.
6. As staff participate in research, and planning of strategy and operations, the company experiences a profound renewal of motivation and cooperative spirit.
7. There seems to be an 80/20 rule where 80% of the work undertaken by the risk management team could consist in trying to gain cooperation to improve the whole strategic and operational planning practice. The benefits are very significant, because once strategic planning is rationalized in this way, then the risk assessment process becomes very straightforward!