In a recent series of posts on his blog, Jeff Davis, for whom I worked for several years at GE, proposes some tools and processes for managing strategic, operational, and organizational business risk. These provide an outstanding set of recommendations, so I wanted to take this opportunity to highlight some of the key posts Jeff has made, and I encourage you to read them in more detail and consider implementing some of the practices in your next annual review process.
- Porter’s Five Forces Applied to Strategic Risk (via Jeffrey J Davis)
In Stress Testing Your Business Strategy, Jeff suggests using Michael Porter’s Five Forces model to consider significant changes that may occur in your customers, competitors (direct, indirect, and new), and suppliers that would put your strategy at risk. Instead of thinking about these as risks to your own company, think about them as risks to your nearest competitor, to eliminate the inherent bias we have that supports our own strategies. Jeff then proposes ranking the probability and severity of these risks from high to low (any number of scoring matrix approaches would work for this) and arranging them on a two-axis grid. A series of questions then help determines the potential impact to your existing strategies and how you might react, and Jeff finishes by proposing that key executives each be assigned a few of the 10-15 risk you have identified to monitor and review periodically throughout the year.
In Safeguarding Your Daily Business Operations, Jeff points out that “LEANing” your business (as many have in response to recent economic challenges) creates greater risk to your daily functioning by significantly reducing your margin for error. He suggests first using the elements of a typical Ishikawa diagram, or “fishbone analysis”, to identify potential areas of risk (machine, materials, “man”, method, and “mother nature”), and then using a Failure Mode and Effects Analysis (FMEA) to assign a risk prioritization number (RPN) to each risk you identify to serve as a ranking mechanism. The highest risks (those with a “severity” of at least seven in the FMEA, or an overall RPN of three hundred or above) should drive development of plans to either bring the likelihood of occurrence or the resulting severity down. While I have performed FMEA’s for specific projects such as new product developments, I have never seen it applied business-wide in such a manner, and it seems a potentially useful approach if done to the right level.
In Vulnerabilities in Your Team, Jeff walks through some scenarios that often develop in small and medium-sized companies – technical know-how concentrated in the hands of an expert, a sales manager who is the linchpin to your customer relationships, and similar. While a little shorter on specific process recommendations than the other two posts in the series, this post suggests the importance of organizational planning and development. This is especially important for small- and medium-size business that lack the bench depth of a GE, but all too often such processes are overlooked or treated as a once-per-year “performance review” event. Jack Welch, the former CEO of GE, often stated that he spent over 50% of his time on people, so if you aren’t investing that type of time as a leader, then you are running a risk that critical talent retires or walks out the door without backup plans in place.
What Jeff has done in this series is point out how you can take a subjective and difficult to address topic like strategic or operational risk and use a process to quantify it and build plans to mitigate it. I’m a big fan of any tool that can bring order and reason to the normally chaotic process of strategic planning, and I look forward to trying out some of these approaches in the near future.
Twitter
Facebook
LinkedIn
Posterous