Managing Risk or: How to Stop Worrying and Avoid It Altogether

Even the largest budgets for digital projects pale in comparison with the amount spent on operating costs by a blue chip company. As a result, we all strive to do more with less, to make small budgets deliver substantial outcomes. Yet many of us ignore the simplest thing we could do to make our digital budgets work twice as hard  by thoroughly accounting and planning for risk.

Regardless of whether we’re talking about digital marketing, product and service innovation, or the implementation of digital technology in operations, risk is a significantly overlooked factor when when it comes to project planning. Yet understanding and effectively evaluating risk can lead to more effective, better organized, and more economical ventures.

Three Steps To Avoid Risk

Avoiding discussing risks at the onset of a project is the business equivalent of throwing money out of a window, then running downstairs and trying to catch as much of it as possible. Even if your plans are foolproof, more than one well-planned online venture has been brought to its knees by unanticipated success – by too much server traffic bringing down a site and driving it offline. In these instances, failing to consider the risk of infrastructural failure costs good ventures real money. What is required to avoid such situations is a little boost in skills but a big shift in culture.

Consider this article a crash course in risk as it pertains to strategy. The digital industry on the whole lacks both the vocabulary and toolset to examine and manage risk, and a thorough understanding of how to factor risk assessment into planning and development. To control for risk you need to: one – understand it, two – learn how to assess it, and three – select the steps you need to take to neutralize it.

1. Understand It

There are many definitions of risk, but my favorite (and Wikipedia’s favorite) is the one attached to the ISO 31000 standard that defines the purpose, activities, and boundaries of risk management: “risk is the effect of uncertainty on objectives, where uncertainty is both known and unknown and impact can be either positive or negative.” This is a concise and clear definition, its power coming in part from the way it connects with the purpose of strategy, the art and science, as Mike Arauz notes, of arriving at an outcome.

Simply put, risk is the chance that the outcomes of an initiative differ from expectations. Not all risk is bad. Outcomes can diverge from expectations in two ways: exceeding expectations is as much a product of risk as failing to meet them. In fact, many economists argue that higher risks yield higher returns (a principle called the “risk/return payoff”). In order to minimize the potential negative impacts of projects falling short or maximize the surplus opportunities created by an initiative we need effective ways to understand, measure, and adjust risk in the plans we make.

2. Assess It

The more variables you are able to identify at the onset of a project, the better your odds at accounting for and controlling its outcome and achieving your project goals. Moving risks from the unknown space to the known space is not necessarily a straightforward task, however. Risk originates from a variety of sources: risks can be internal or external, singular or systemic.

Internal vs External risks

Internal risks are uncertainties brought on by the elements that support the development, launch, and operation of a project. Internal risks affecting Digital are shaped by the availability and reliability of resources, whether these resources are physical (technology) or abstract (a brand), they can be stakeholders or partners. Because internal elements are within reach, the outcome of internal risks can be controlled or impacted to varying degrees through proper planning.

Risk is the chance that the outcomes of an initiative differ from expectations. Not all risk is bad.

External risks complete the ecosystem a project lives (or dies) in. They are mainly defined by the actions of competitors and the alignment of targets. External risks are harder to foresee, harder to measure, and nearly impossible to control for. Yet they’re worth considering because they’re likely to be systemic risks – issues that impact all of your activities. If your competitors were devoting a good deal of energy to making you fail, wouldn’t you want to know?

Singular vs Systemic risks

Singular risks are particular to a specific project or initiative; systemic risks are those that affect multiple projects or initiatives. While singular risks can sink projects, systemic risks can create dependencies between projects, coupling risky ventures together like dominoes ready to be toppled. Systemic risks can sometimes affect projects company wide or industry wide.
The second step to understanding risks is quantifying them.

Quantifying Risk

Risk management in Digital, like any industry, requires not just identifying risks but also eradicating them when possible. Prioritizing risks requires measuring the likelihood of the risk occurring and the scale of its impact on the business. As a manager, you will want to prioritize eliminating risks that are very likely to have negative consequences, or risks with substantial impact to a project. Things which are not very likely to happen, or will have limited impact, should be given less consideration than something that could bring about failure to a project.

Toby J.F. Bishop and Frank E. Hydoski of Deloitte Financial Advisory Center point to the significance of these two variables – likelihood and impact in a short article on fraud-risk for financial institutions. While their work is specific to the financial industry, the concepts behind it are applicable to all strategic initiatives. One of their proposed tools for risk management is a simple heatmap that facilitates conversations around identifying and prioritizing risks.

(Adapted from: http://hbr.org/2009/10/mapping-your-fraud-risks/ar/1)

A good exercise would be to categorize all project risks based on the two variables (likelihood and impact) into three groups for each (low, medium, high).

3. Neutralize It

Once we’ve nailed down the sources of risk and identified which risks are most important, the next logical step is to reduce or remove those risks. The goal is to maximize the expected payoff of a project or portfolio of projects. There are four ways to do that.

(Illustrations made with Paper.)

1. Abandon risky projects to avoid risks completely

Selecting or funding the right kind of projects is the first step. Sometimes, strategy has to be about choice. Matching the risk profile of a project with the appetite of a team is great tool for choosing a path forward when many options are on the table.

2. Redraw your plans to remove or change risky elements

Often times what makes projects exciting is the breaking of new ground. But, the goals of complex projects can be met in many ways. Changing or removing risky elements from a plan lowers the likelihood of failure. Is it a new partner? Unless they have an essential skill, go with a trusted partner instead. Is it a new technology? Perhaps there’s a familiar platform that will make things smoother.

3. Create stages in your project to lower the stakes

Million dollar ventures can sometimes be great. But for any ambitious challenge there is a minimum viable product that can be created for a tenth of the cost. Developing a startup mentality would be a tremendously valuable shift in culture for a large organization. There is no need to argue that the divide and conquer approach has merits in any strategic endeavour. From the perspective of risk, a phased and iterative approach limits the exposure to risk at any particular stage of a project. Making smaller bets keeps us in the game longer.

4. Organize and coordinate your project portfolio

Coordination – the alignment of efforts – is what makes strategy both elegant and effective (reference Michael Porter’s article titled “What is Strategy” to read about the basics). The most straightforward way to control risk is to start organizing your company’s projects like a portfolio. Although debated in scientific circles, a degree central planning can prove effective at times.

Diversifying your efforts will reduce the overall risk of your activities. But selecting wildcard projects shouldn’t hinder the success of other projects. Working with limited resources, embedded in selecting projects are the opportunity costs of not pursuing other projects. Risks are avoided also, but a coordinated effort where projects build on one another will bring long-term benefits.

What’s Next?

Coordinating a portfolio of projects is a delicate balancing act. It involves incorporating successful elements in future projects by iterating and evolving them. Scaling resources across project may create efficiencies. However, developing parallel solutions for a task will surface the best way of accomplishing it, reducing risks for future operations. For this you will need to seed a degree of variation in a suite of projects and and to create the mechanics for selection.

Risk assessment and management is a taxing activity, but the effects are vast. Accounting for risks will not guarantee success or even avoiding failure. It will however improve the odds that more projects will succeed, making every dollar spent in Digital work harder in the long run. So next time you’re planning a project, feel encouraged give due consideration risk to management.