Practical Risk Assessments and Successful Outcomes

July 30, 2018 | Posted in:

IT Strategy

Posted by John Sterling

Risk Assessment

Risk management is something I am passionate about. My mantra is "plan to win," which basically means, fear is the devil. Find a viable plan, communicate, and execute. Why? Because with excellent risk management, you can optimize teams to move more quickly - and focus on successful outcomes.

I went to college on a ROTC scholarship, so a lot of my early leadership training was with the military. There are many misconceptions about military leadership training, the most common of which is the idea that military leaders are control-oriented.

In reality, my training was quite the opposite. In a rotation at the National Training Center, for example, we were simulating desert war fighting with live fire exercises. As a leader, I was not expected to 'avoid risks,' I was expected to:

  • Be disciplined about assessing risks,
  • Mitigate risks to avoid recklessness,
  • Have a contingency plan if any serious risks came to fruition to respond well and limit damage.
These basic principles are a great way for all organizations to handle decision-making around risk-oriented items without getting stuck in the mud of fear.

In Technology Organizations, Allow for Objectivity

One of the challenges for technology organizations are these competing goals:

  • Maintain a highly secure and stable infrastructure.
  • Innovate with technology to make the business more nimble.

It can be very challenging to defend the perimeter and innovate at the same time, but as technology leaders, this is our job. Risk assessment tools can help with this. I recommend separating the risk assessment from the decision-making. Let your technologists assess and score risks, recommend mitigation, and plan for contingencies. These are all actions they are probably excellent at and enjoy doing. The leader's job is to consult the experts on their risk assessments and help make judgments to move forward.

To include risk assessments within your decision making, follow these steps:
  1. Add a risk scoring tool to every important decision, considering both the impact and likelihood of all major risks.
  1. React to these risks as necessary:
    1. High Risk: Find options to lessen the risk to medium or low. Organizations should almost never move forward without lowering the risk by mitigating actions.
    2. Medium Risk: Consider options to mitigate as long as trade-offs are minimal. Only move forward with a contingency plan in place (how to react if the risk comes to fruition).
    3. Low Risk: Do nothing. Sometimes, teams will pile on mitigation steps for things that are either highly unlikely to happen or really don't have a huge impact if they do. To maintain agility, don't add overhead to avoid risks that are not likely to hurt, and don't punish teams for taking these types of risks.
Empowering individuals on the team to have a more objective role in the process makes the job more enjoyable - they are able to help the company avoid recklessness while not making tough business trade-off decisions on their own. This also allows the leadership team to make determinations about which risks are worth taking to move the business forward.

Common Mistakes

In the end, there are hundreds of viable ways to run a business - the success of an initiative is influenced far more by how you execute and respond to situations than on the excellence of the original plan. The pattern I see in technology organizations is this:

  1. Too much time is spent on planning.
  2. Leaders get frustrated with lack of progress and are pressured to move ahead, meaning:
    1. They don't do a proper risk assessment causing them to move forward with reckless risk.
    2. They cut corners on communication leaving the team confused and unclear about the goals.
    3. The team is not prepared to execute, so when risks pop up, it leads to confusion and fear, and progress halts. 
Ultimately, a lack of discipline around risk management will cause project failure, increase costs, and diminish morale. When done correctly, it can improve agility and remove barriers.


What is the solution? Go back to the basics of planning:

  • Strive for great, but not perfect.
  • Dedicate real time to communicating.
  • Have discipline around risk assessments so the team is comfortable moving forward with risks and is able to react well when things go wrong.

To speak to a Systems Engineering representative, email info@syseng.com or call 888.624.6737.


John Sterling is the Director of Engineering at Systems Engineering, bringing 20+ years of IT experience in a variety of leadership roles. Most recently, John was Senior Director, Software Engineering at CashStar, Inc. Prior to that, he was Lead Architect at LabNetwork Inc.; Vice President of Global Product Development at WEX Inc.; and Director of Application Development at VISA USA.