Identifying and Prioritizing Needs and Risks in Strategic Planning

For the strategic plan to be a success ownership of the plan is critical among all organizational members. For this reason it is important for leadership to engage everyone in some way in the structuring of the plan by inviting input and creating an atmosphere of team involvement throughout the planning process. This buy-in cannot be stressed enough. Without ownership by everyone involved in the organization, the strategic plan will not be utilized to its fullest potential, which will be detrimental to the organization.

By now a rough draft with a broad range of strengths, weaknesses, and foundational elements of the organization to be built on are laid out in the plan along with some critical assessments and weaknesses pinpointed in an addendum. Now it is time for the leadership team to prioritize its needs and then identify risks inherent with plan implementation.

At this point the lists of actions that must be taken to implement the strategic plan can be overwhelming – even for a small organization. For larger organizations, the lists can be staggering and seem hopeless. But, as the proverb goes, "You can only eat an elephant one bite at a time," so goes the actions required with executing the strategic plan. For enabling leaders to make an accurate priority assessment, quality indicators are needed for proper evaluation.

Quality data for prioritizing the needs in an organization's plans of action comes from solid indicator results within the following data assessment areas:

  • The impact steps have on the overall plan

  • Outcomes from both negative and positive steps taken within the plan

  • Outputs required to strengthen weaknesses

  • Activities involved to rectify known critical areas

  • The organization's strengths payout toward overall goals within strategic plan

This data then needs to be evaluated as either: needed for meeting immediate goals; goals within five years; or future goals.

When looking at the data, specific questions can be asked to help translate the general investigative findings into specific information useable for the strategic plan. Questions to ask and keep in mind when sifting the results are:

  • What is our overall goal?

  • Does this fit within our values?

Once the information has met those criteria, the next sets of questions that need to be asked are:

  • Will this help us meet our immediate goals?

  • If not, what needs to be implemented first for this data to meet our goals?

  • If (?) is implemented, will this data then be useful for our five year goal or further in the future?

If the results are unclear or absent, then prioritizing the steps for plan implementation will be challenging. Without this data it will be hard for leadership to know if the steps are progressing as planned and if there are any changes or corrective actions needed. If the results are missing this could be an indicator there are areas of resistance to the strategic plan within the organization and buy-in to the process within that area needs to be readdressed.

By now leadership should be analyzing results from various steps within the rough draft that have been implemented. A "result" is defined as "the progress that has been made in direct correlation to a planned and implemented change," – in this case the planned and implemented change is steps or procedures within the strategic plan rough draft. In scientific terms, it's the relationship between "cause and effect," which is commonly diagramed out using what is known as a fishbone – or a fish skeleton. In the diagram the backbone is the "effect" line. The top of the skeletal structure are the items "causing" the change. The lower bones are the "who" that is being affected by the change. This gives a visual of the "cause and effect" that is taking place as steps in the process are beginning within the strategic plan. Using this diagram aide's leadership in understanding what steps within a process are affecting who within the organization. Understanding the "who" in the equation will then assist the leaders in knowing if the affect is positive, negative, or if the process is in need of adjustments or even realigning.

As needs are being prioritized and processes are tested, leadership should not be using the priority list as an itemized check list that is in need of completion. This is not the time for management to have a race to see who can complete their priority list first. However, it is a time to stop and look at the overall effect the changes are having on the organization's "big picture." The steps themselves are not the goal of the strategic plan, but it's the impact the newly brought about activities are having within the organization that needs to be scrutinized by leadership. Is the impact resulting in the organization achieving its immediate, five year, and future goals – its overall goal? That is the main focus upper leadership should be measuring as the strategic plan unfolds.

Identifying Risks

Every day people accept a certain amount of risk. Getting into a car and pulling out of your driveway indicates you are accepting some risks – the risk that you will be involved in an accident of some kind or the risk that you will not get to your destination because the vehicle will break down. These are known as acceptable risks. But exactly what is a risk?

Risks are "matters – concerns, controversies, issues, questions, subjects, problems, points, contentions – that if not addressed once identified, could cause significant trouble to the organization in the near future." Identifying and assessing risks is not a problem that can be tackled using conventional methods although conventional methods can be used to identify risks. To properly pinpoint a risk and assess it requires expert knowledge – an intimate knowledge of the details surrounding the risk and the potential outcomes. For this reason, when risks are identified, they should not arbitrarily be labeled as acceptable risks for the organization, but each known risk factor should be carefully weighed and its risk mitigated to optimum levels.

While most risks can never be eliminated, there is a perfect area where risks should be for an organization to grow. Without risks an organization will become stagnant and not experience growth. That's the reason it's vital for leadership to assess each risk and to understand all the various aspects of how it can affect an organization. Risks are inherent with doing business in today's world and some risk is good, but unnecessary risks can be the death of an organization.

Risks within a strategic plan are incongruous processes or identified disparities that are implemented within the plan's processes. Let's say your organization used to have an automated calling system for customers. Customers were required to listen to a menu and make proper selections so they were directed to the proper individual or department. In the strategic plan, one of the goals was to become a more personable organization. For this to take place one of the new processes is for an operator to answer each phone call and to then transfer the customer to the proper person or department within the organization. This step now is a risk because it looks good on paper, but many disparities are evident. Some easily identified risks are: what if call volume exceeds operator's capabilities? What if an operator gets angry with a difficult customer? What if a customer becomes crude and lewd and the operator then sues the organization for being exposed to such lewdness? These are risks that must be weighed by leadership prior to implementation of the new process.

In this instance, risks could be alleviated by implementing a backup phone system that places callers on hold until an operator is available. This isn't a perfect solution but it is a viable one. Operators also could be required to attend training classes for handling customers. This does not completely eliminate the risks, but for many organizations this would bring the risks down to an acceptable level.

With a project as large as writing and implementing a strategic plan – even for a small organization – there will be numerous identifiable risks. For this reason, leadership should have a risk register that identifies risks, prioritizes them, and documents the leader's risk analysis and summarizes mitigating strategies. This register is a continuous cycle register meaning it should be monitored and frequently updated as new data emerges and strategies are evaluated.

The way to determine the severity of a risk is by looking at two factors: a risks impact and the likelihood of the risk coming to fruition. As stated earlier, a risk is a matter that could have a negative effect on the organization, but although identified, its results are not fully known. A risk's impact basically is the detrimental affects the risk could have on the positive results of the strategic plan or an organization's goals. So for a leader to know the seriousness of a risk or for the leader to place a numeric value on the identified risk, the impact is multiplied by the likelihood of the risk taking place and this equals the risk's threat level. Utilizing this equation enables leadership to incorporate a priority list for addressing known risks within the organization. There are four common areas for risks within an organization: operational, developmental, financial, and reputation.

Operational risks come from the various areas of an organization performing its day-to-day activities. Risks can come from legal issues – environmental laws changing, tax laws, interstate transportation laws, consumer laws, etc. Or the organization could identify risks from safety factors within its operational structure. Other operational risks could be from consumer hazards using an organization's manufactured product or even its product's packaging.

Developmental risks can be detrimental to an organization. One that is common within the Department of Defense that garners media attention is "cost overruns" for new weapon systems. This risk is real in any organization implementing new changes in operations or new products and should be closely monitored. Another common developmental risk is a product or service being poorly received. This could severely hurt an organization's bottom line.

Financial risks come from all angles – internally and externally. Depending on the size of the organization, financial risks can be aggravated by a weakened global or local economy. Other risks can be strictly internal – accounting errors, theft, overspending, or financial risks can be created from developmental or organizational risks. Financial risks should be a priority for an organization and frequently monitored.

Reputation risks are becoming more difficult to manage with the ever-expanding internet. An organization's reputation in today's technological age is fleeting at best. There now are internet social media sites where people can voice their likes and dislikes about products and companies. To protect an organizations reputation, these sites constantly must be monitored and negative and even positive comments must be acknowledged by organizational leadership. An organization's reputation in a community is another area that can be inherent with risks – from an employee committing a crime, to an industrial disaster that affects the community. For this reason public relations is an area that cannot be ignored by leadership or in the plan.

Managing risks within an organization is an on-going process and leadership must be proactive in its approach for the well-being of the organization. For this reason department leaders should be made aware of known risks and at the same time, should be trained to look for and identify risks within their areas of expertise. Any strategic plan should include risk management training for all its leadership to ensure the organization remains a healthy organization.

Leadership should give ownership to knowledgeable and reliable experts for specific risks. This individual should have the authority to coordinate, gather information, and respond to the specific risk with the end result being the risk matter being resolved – either by eliminating the risk or reducing the risk to acceptable operational levels.

As seen, both prioritizing an organization's needs and risks is an ongoing process – especially during the planning, writing, and implementation stages in a strategic plan. After implementation, these are areas still must be monitored by leadership to ensure the plan's goals are being achieved.