Andy Jordan
President of Roffensian Consulting
Andy Jordan is President of Roffensian Consulting S.A., a Roatan, Honduras based management consulting firm with a strong emphasis on organizational transformation, portfolio management and PMOs. Andy is an in-demand keynote speaker and author who delivers thought provoking content in an engaging and entertaining style, and is also an instructor in project management related disciplines including PMO and portfolio management courses on LinkedIn Learning.
When I first started managing projects, I thought risk management was one of the most accessible aspects of the role. I had a standard list of project risks for every initiative – someone might leave, there might be late changes, the solution might not work, and so on. As a team, we added a few ‘custom’ risks to reflect the specifics of the current project. Then, like most project teams, we did some fundamental analysis of the impact and likelihood of it occurring, assigned an owner to monitor each risk, and delivered the project.
It was simple because, in those days, risks were focused solely on the triple constraint – schedule, budget, and scope. It was also simple because I didn’t truly understand what it meant to manage risks. Hopefully, I’ve learned a few things in the many years since then, and my view of risks around a project has evolved considerably. To start with, I now know about strategic risk management.
What is strategic risk?
Risks around the triple constraint are essential but far from the only risks associated with a project. There is another category of strategic risks that must be considered. This includes the risk that a product or service won’t be accepted in the market or that a newly developed solution won’t deliver the expected cost savings. There are even risks that economic conditions will change and render a new solution ineffective.
Strategic risks impact the ability of the organization to achieve the required business outcomes from a project. Often, they directly apply to the solution – the product, service, or similar that the project delivers. However, they can also be tied to the triple constraint. For example, if a project is delayed, it may result in a competitor getting to market first, hurting the ability to make sales, gain market share, and generate revenue.
For project managers, strategic risks matter because they may cause more damage to an organization than most. But many project managers don’t understand strategic risks or don’t believe it’s up to them to manage them.
What is strategic risk management?
Strategic risk management shares many similarities with traditional project risk management. Identifying, assessing, and prioritizing strategic risks is still necessary. Appropriate management approaches must be developed, and contingency plans must be implemented if a risk is triggered. The key differences are in the timing, the nature of that management, and the stakeholders involved in the process.
A strategic risk assessment should occur before the project starts and a project manager is appointed. That should help identify the possibility of a delay in the schedule impacting the ability to sell a product because a competitor is getting to market first. Then, the decision can be made to reprioritize the project and start it earlier to mitigate that risk. That can’t happen if the project is already underway when the risk is spotted!
Strategic risk management focuses more on stakeholder engagement than project risk management. It may involve sacrificing the process and approach to project delivery to ensure that the final solution meets business needs. It may even consciously damage the ability to achieve the triple constraint.
Strategic risk in action
Consider this example: something that happened to me. A competitor launched a rival product before our solution was ready. The risk of losing market share, revenue, profitability, and so on became very real. What did we do?
We didn’t throw people at the project to try and speed it up. We didn’t drop features to try and launch more quickly. Fewer features wouldn’t have encouraged people to buy our product. A rushed release with problems and bugs wouldn’t have helped either. We decided to delay the project even further. We added scope items to deliver features that the competitor didn’t have. Then, when we launched, we could show customers that our offering was better. The risks were never triggered – we didn’t miss our market share, revenue, or profitability targets – because we managed the strategic risk properly. And it was a different way than if we had focused solely on accelerating the schedule.
The bottom line
Projects aren’t approved and funded just to deliver a product, service, system, or on time, scope, and budget. They are authorized to provide business benefits – cost savings, customer satisfaction, revenue, etc. When delivering a project, project managers must focus on a solution’s ability to ultimately provide those business benefits, which means understanding and managing strategic and project risks.
Download whitepaper
on project data protection to learn more
