Risk Mapping

March 1, 2019

Recently I’ve been reading Simon Wardley’s book on strategy mapping. I’m finding it to be some of the best writing on strategy that I’ve ever come across, so I really recommend it if you have the inclination to learn more about strategy. Simon is a very vocal critic of the typical tools that we consultants use to ‘do strategy’ with. In particular, he is especially critical of the use of 2×2 diagrams and SWOT analysis. His central observation is that strategy as we do it today, does not take into account the landscape, climate and doctrines that should be applied. Instead, many, if not most of us, are guilty of talking about strategy while completely ignorant of the landscape, climate, etc. In fact, most strategy is usually a series of gut feelings backed up by the opinions of the highest paid people in the room and nothing more.

That’s quite a damning indictment of modern business strategy as it stands today. Unfortunately, I think it is a rather accurate critique based on my own experience. This reading on strategy has gotten me thinking about risk and how it relates to strategy. When we attempt to use a SWOT matrix to talk about strategy, one of the things we are attempting to do is address risk, at least indirectly. When we are talking about strategy, risk can be something that we run toward to take advantage of or run away from or try to guard against. In that sense, risk is a key consideration in the discussion of strategy.

I find that relationship of risk to strategy fascinating because risk is a precursor to many of the impediments that organizations face. If you haven’t seen it before, I have a model for how risks evolve in an organization over time. It works like this:

Risks => Impediments => Lessons Learned

According to this model, risks are a possible impediment that we may or may not encounter. Once we have encountered an impediment (assuming we have done nothing to mitigate or manage the risk), we may learn from the experience after the fact. So, this is a model for the evolution of risk for agile teams. The cool thing about this model is that we can use risks to detect upcoming impediments (think of finding risks as possible impediment detectors). 

Given that this model might hold true, how does strategy impact risks, and ultimately, organizational impediments? I think that strategy may be our first opportunity to understand the big risk picture. I suspect that in many organizations, this view is not widely shared, which is a shame. Also, if understanding the business landscape and climate is critical to understanding strategy, then isn’t the landscape and climate critical to understanding business risk as well? Perhaps we need to be using Wardley maps when we discuss risks too. It’s interesting food for thought.