Strategic and Operational Risks

Our post last week focused on project assumptions and risks, but there are other business risks that SIs should be wary of. For instance, there is also executive management risks which this article categorizes as strategic and operational. The author describes the difference as:

  • Strategic risks arise when a business strategy fails to deliver the expected outcomes, affecting the firm’s development and growth. Such risks can be created due to a technological change, an evolving competitive landscape, or changes in customer demands.
    • Strategic decisions that are unclear or poorly communicated
    • The introduction of new products or services
    • Changes in senior management
    • Unsuccessful mergers or acquisitions
    • Changes to customer demands or expectations
    • Damage to the company’s reputation
    • Financial challenges (e.g., poor cash flow)
    • Entry of new competitors
    • Problems with suppliers, vendors, or other stakeholders
  • Operational risks can arise from inadequate or failed internal procedures, employee errors, cybersecurity events, or external events.
    • Inadequate or failed internal processes
    • Human error
    • System downtime or failure
    • Inadequately-trained staff
    • Breakdown of process controls
    • Fraud
    • Cybersecurity events (e.g., data breaches)
    • External events (e.g., earthquakes or pandemics)

The end of the article was a bit of a sales pitch, but I thought the distinction between strategic and operational risk was worth passing along. How do you categorize risk in your organization?

April 13, 2022