In this episode, Paula Bell talks to us about risk, and urges us to look beyond typical in-project risks such as time, scope, and budget and adopt a systems thinking approach to risk by identifying organizational risks that may come up as a result of your project.

After listening to this episode, you'll understand:

  • Why it’s important to look beyond in-project risks
  • How your project solution can lead to increased risk across the organization
  • How to address different types of risk
  • Who you need to involve to help address organizational risk

Show Notes

Managing risk is everyone’s responsibility.  Often we have a narrow focus of risk, thinking only about risk to our project and the scope, time, and budget.

We need to see the bigger picture and take a systems thinking approach to risk by considering the organizational risk that our solution may create.

If you don’t take organizational risk into consideration, you can create solutions that could potentially put your organization in a bad situation from a litigation, financial, and reputation standpoint.


Types of Risk

There are many different types of risk you should consider when thinking about potential solutions to addressing stakeholder needs.  Some common types of risk are:

Operational Risk: This is risk associated with the process and can include breakdowns in internal procedures as well as interactions between people and systems.  Consider the impacts your project may have on the processes and procedures that govern operations.

Financial Risk: This is an umbrella risk covering many related risks such as financing, financial transactions, and loans that put the company at risk of default.  Credit risk is the risk that a consumer might default on a debt and may also be considered here.  Financial risks may result is a disruption of cash flow or increased costs.

Compliance Risk: This is the risk of legal sanctions.  Failing to comply with regulations may result in financial losses and can have a great impact across your organization.

Reputational Risk: This is essentially the risk of damage to your brand.  Consider how your project’s solution and its upstream and downstream impacts will be perceived by customers and those outside your organization.  An increase in other types of risk (operational, financial, compliance, etc.) can increase reputational risk.


Getting Started

If you’re new to risk management, start with a few of the most common types of risk and go deep.  Think about the impacts your project and other organizational changes will have from a risk standpoint.

Bring in experts from Legal, Compliance, Information Security, and other areas to provide input as to the risk associated with the change.

It’s beneficial to bring in representatives from Legal, Compliance, and Risk at the beginning of a project to understand potential impacts and involve them throughout the project; especially at the solution development phase.

Help representatives to better understand potential risk by providing an overview of the project at the beginning.  This helps them to include the appropriate subject matter experts in the project.


What to Do About Risks

Once a risk is discovered, take action to address the risk.  You can work to mitigate, avoid, or transfer the risk, or even accept the risk if the likelihood and impact is small enough.

Your partners in Legal, Compliance, and Risk can help you establish appropriate controls to address the risk.  This may include new procedures, exception reporting, or changes to requirements.

If you choose to accept a risk, document it and why you accepted the risk as well as the names of those who approved the acceptance of the risk.


Think outside the iron triangle of scope, time, and budget to identify and address risks resulting from your change effort.

Listen to the full episode to hear all of Paula’s advice on having a holistic approach to risk.



Your Homework

1) Look beyond the surface and go deeper. As you are working on your project, ask why.  Ask “At this step, what could go wrong?” and if there is a risk, determine how you will address the risk.

2) Identify who your stakeholders are in your Compliance area, your Legal area, and your Risk area. If your organization doesn’t have teams for these areas, find out who has knowledge in those areas so that you can involve them and not put your organization at risk.


Links mentioned in this episode:

Paula Bell

Paula Bell

Paula A. Bell Consulting, LLC

Paula Bell is a Business Analyst, consultant, mentor, author, and speaker known for providing guidance to aspiring business analysts.  She’s held just about every role in a RACI matrix including business analyst, technical writer, project manager, developer, test lead, and product owner.

Paula is a frequent speaker at industry conferences and writes articles on BA and project related topics.

Thank you for listening to the program

To get more valuable content to enhance your skills and advance your career, you can subscribe on iTunes.

Also, reviews on iTunes are highly appreciated! I read each review and it helps keep me motivated to continue to bring you valuable content each week.