Strategic planning is a fascinating and complicated process. There is no “correct” way to create a strategic plan; every leadership team has a unique definition of where the company is going or how you’ll get there.
While this wide range of options allows for tremendous latitude and flexibility, a company’s planning process can be TOO easygoing. It’s a bit like having a body with all the bones connected (immobilized) and one that has no bones at all (a bowl of jelly). Both extremes — too rigid or too relaxed — make it easier for threats to creep in and destroy what you’ve worked so hard to create.
Most organizations use a Strategic Plan (though certainly not all, in my experience). And most plans define the company’s Vision, Mission, Values, Objectives, and Measures — which I abbreviate as VMVOM.
But while a plan can look great on paper, most strategic plans do not consider strategic risks.
In this post, I’ll review 5 types of risks specific to the strategic planning process, and which one I believe is the most critical to organizational growth.
The 5 Types of Risk
While there are innumerable types of vulnerabilities that could impact your organization’s growth and success, I like to boil them down into 5 categories.
These include:
- Governance
- Operational
- Competitive
- Financial
- Reputational
I’ll explain each risk one at a time, ending with my perspective on the one that you must absolutely, positively use in your planning process.
Governance Risks
The first aspect of strategic risk acts as the foundation for all essential organizational functions.
Governance involves establishing a system that maintains order. It is the process of determining goals, creating tactics, controlling variables, and monitoring results. Organizations with solid governance are able to make intelligent decisions and steer the company toward a brighter future.
Governance also helps to clarify top leaders’ expectations, which are expressed both directly (using Policies, which express “Why” and “What”; and Procedures, which explain “How”), and indirectly (with unspoken or undefined norms & taboos, often called “company culture”).
While management teams operate differently, every team needs two things: control over outcomes, and a planning process. Most Governance risks occur due to inadequate formation of their strategic plan, including the Vision, Mission, Values, Objectives, and Measures (VMVOM). These problems disappear when the goals are obvious, the rules are clear, and everyone knows what is required to achieve the objectives.
Questions to Check Your Governance Risks
- Is our vision and mission the focal point in decision-making?
- Do we thoroughly review our strategic plan every month?
- Are we absolutely sure where we’re headed as an organization?
- Do we have strong, clear controls in place?
- Are we following best practices?
- Are internal processes at maximum efficiency?
- Do we standardize every procedure?
- Do people get what they need, in the right way, at the right time, and in the right amount?
Operational Risks
The second type of risk is Operational. This is the engine that drives your business forward by producing results.
Most operational vulnerabilities occur when a set of actions results in inefficiency and waste. These can include:
- Higher numbers of defects and variability in day-to-day activities (especially evident after a Lean Six Sigma evaluation)
- Inefficient hand-offs (wasted time and effort between steps in the process)
- Increase in “leaks” in your service or product distribution cycle
Even if you have a solid quality assurance or risk management program in place, hidden risks often lurk in the background.
The best way to evaluate Operational vulnerabilities is to create efficiencies while also increasing the potential of achieving your company’s overall goals. Regular evaluations of inefficient processes can help you identify areas of waste, loss, and fraud.
Questions to Check Your Operational Risks
- Are our Vision and Mission clearly understood by everyone?
- Do employees trust leaders’ decisions?
- Are we measuring results consistently?
- Are the rules being followed?
- Do we operate at higher-than-average industry standards?
- Does every process make logical, intuitive sense?
- Are our methods and instructions standardized?
- Are we cross-training and mentoring consistently?
Competitive Risks
Competitive risks are all about the market: shifts in purchasing decisions, overall market changes, and customer cycle and attrition rates. These types of risk are typically evaluated as part of a Marketing Plan.
One important point to remember here is that a Marketing Plan is not the same thing as an overall Strategic Plan. I have observed several organizational leaders make the mistake of treating their marketing plan (which describes how to win over and keep customers) like a strategic business plan (which identifies the company’s overall direction, goals, tactics, and measures).
A marketing plan is important to identify the current landscape, industry, economic changes, and buyer needs. It is equally crucial, however, to view your marketing plan from a big-picture context, looking at the potential vulnerabilities to long-range growth.
Questions to Check Your Competitive Risks
- Do our Vision and Mission drive marketing decisions?
- Do people trust us, both internally and externally?
- Do we set SMART and CLEAR goals?
- Do the rules make logical sense to staff and managers?
- Are we consistently enforcing and updating policies?
- Do our actions pull customers toward our service or push them away?
- Do we allow employees the freedom to expand their job description?
- Does every staff member have the skills and knowledge to achieve results?
Financial Risks
Financial risks involve revenue generation and cost control. While the accounting team is responsible for a bulk of these types of risk, financial vulnerabilities can occur at every department level.
Questions to Check Your Financial Risks
- Are we using the Vision and Mission to drive financial decisions?
- Do we perform post-event root cause analysis?
- Do we review the financial impact of each objective?
- Are we adequately protecting shareholders?
- Do our outcomes exceed industry standards?
- Is every process evaluated for maximum profitability?
- Are all procedures tied to financial outcomes?
- Are we routinely finding ways to cut costs and increase revenue?
Reputational Risks
Reputational risks include public and customer perception, as well as employee engagement. If you have a formal Public Relations strategy, you’re ahead of the game. Most leaders tend to avoid these types of risks until they’re in crisis mode.
Questions to Check Your Reputational Risks
- Does our marketing plan accurately reflect the Vision and Mission?
- Is our social media and online presence a high priority?
- Do all stakeholders (staff, managers, customers, investors) know our strategic objectives?
- Do we welcome “bad news” and face it directly?
- Is the public aware of how we meet industry standards?
- Do we have a staff and customer offboarding (exit) process?
- Do we have healthy feedback loops that welcome and respond to “bad news”?
- Do we know which rewards and incentives motivate our staff?
The Most Critical Strategic Risk
All of the 5 areas of strategic risk directly impacts on organization’s goal-setting, decision-making, and development. However, the most critical one—and the one that is my primary focus—is Governance: the overall control needed to achieve organizational goals.
The biggest challenge in good Governance is having an unbiased perspective of what is really going on.
I’m amazed at how many managers are completely unaware of problems that happen right around them. It’s not because they’re unwilling to help; in fact, the majority of leaders I work with are extremely empathetic and open to hearing the truth. The problem is, they literally cannot see what others — their staff, customers, the public — can see.
Even the most capable, intelligent, and diligent executive leaders have blind spots. In my opinion, every organization reflects the beliefs, personalities, and philosophy of its top leaders.
So we can also conclude that those same leaders’ limitations are woven into the organization’s internal culture.
As we’ve discussed above, “Strategic Risk” is a combination of risk management and strategic planning, and Governance risks are the most important. Governance requires strong leadership, and it also contains those leaders’ vulnerabilities.
I believe the majority of organizational vulnerabilities stem from the blind spots and bias of leaders themselves.
We have reviewed the most critical piece in a strategic plan. While it is vital to regularly review all 5 types of strategic risk, Governance is the hub. The others (Operational, Competitive, Financial, and Reputational) are like spokes on the wheel of risk intelligence.
Effective change can only happen when top leaders are committed to creating a culture of empathy, which is most effective when you hear the unpleasant news straight from staff and customers.
Interested in hearing how you can reverse a toxic workplace? Find out more here.
Grace LaConte
Grace LaConte is a Decision & Continuity Advisor who helps independent owners in manufacturing, B2B, and professional services to uncover hidden profit leaks and build stronger companies without burnout or added complexity. She uses proven frameworks and data-driven insights to improve cash flow, boost margins, and create lasting value. When not consulting, she develops practical tools that help owners protect their bottom line and grow businesses that last.