When you perform risk analysis for your CRM project, you are
identifying potential threats that prevent you from successfully reaching your
objectives. Risks are simply things that COULD happen, not things that
necessarily WILL happen, but without a plan for the “what ifs”, those minor
risks could turn into major issues. Analyzing risk early on prevents this from
By distinguishing the different types of risks and
proactively trying to alleviate them, you increase your chances for a
successful CRM deployment. Risk analysis is important in any software
implementation project, but today we’re focused specifically on how it applies
Types of Risk
Risk analysis must be viewed through three lenses: the project
risks, the technical risks, and the business risks. It’s beneficial to
categorize risks this way for a few reasons. First of all, it can reveal bigger
patterns or organizational weaknesses that must be addressed. In addition, it
helps teams perceive the risk from all perspectives within the organization –
from IT to sales to upper management. The perspectives improve understanding
for how the CRM project may affect other departments and how the risks may be
Every organization doing a CRM implementation will face its
own perils. If a project takes a long time to complete, for example, that can
increase the risk of CRM implementation failure. In our years of experience, we’ve
seen that correlation firsthand.
Studies have found that after about six months, the potential
success rate of the CRM deployment begins to drop significantly. However, that
statistic doesn’t necessarily apply to every organization. Companies doing
multi-phased, strategic CRM rollouts surely face longer project timelines, but careful
planning with an experienced Project Manager keeps things moving in a positive
direction and can spread unavoidable risk over time so that it is more
So, what are some examples of project, technical, and
business risks? Here are a few common ones:
- Going over budget and time (project risk)
- Poor user adoption (business risk)
- Issues with customizations (technical risk)
- Turnover of critical project resources (project risk)
- Major business process changes right before deploy (business risk)
- Vendor software upgrades (technical risk)
Once you identify all the risks, the next step of risk
assessment is to define the probability of each risk and the impact of that
risk on the success of your project. For example, if you don’t have a fully
fleshed out plan for user adoption, which should include components such as early
buy-in by key users, targeted training for various skill levels of users, and plans
for ongoing user support, will that have a high, medium, or low impact on your
success? Hint: it’s probably pretty high.
Are the impact levels of these risks acceptable? What
criteria are we using to define what is and what is not an acceptable risk?
What steps can be taken to aggressively manage these risks before they turn
into issues? Your CRM Project Manager (PM) can support your risk analysis and
offer advice and strategic plans to deal with the risk factors.
This is one of the many benefits of working with a skilled
CRM consultancy team. We’ve spent a lot of time implementing, customizing, and
training on CRM. From that experience, we’ve gained deep knowledge on the
process and its potential roadblocks. Every project is unique of course, but
consultants can offer time-tested, strategic pathways that guide teams around
obstacles. With proper foresight and planning, most CRM risks are mitigated
before they become insurmountable. Risk analysis in partnership with your PM is
key to this.
If risks occur, they become issues, but if you manage the
risk thoughtfully, you can avoid that escalation. Identifying and prioritizing
risks is half the battle. The other half of the battle involves planning your approach
through a risk response strategy.
For more complex projects, we often suggest a phased
approach to CRM implementation. By setting up the project in stages like this,
we spread the risk over the span of the entire project instead of letting it
get compacted into one jumbled mess. For example, staged roll-outs organized by
common groups of users or functionality requirements keep project goals
top-of-mind while breaking down the implementation into smaller, more digestible
pieces. In this way, the risks for each segment can be assessed as necessary
without overwhelming the development team.
There are commonly agreed upon best practices for managing
risk, regardless of your approach. These risk management strategies are defined
as: avoidance, transfer, mitigation, and acceptance. Let’s break these down to
get a better idea of what each entails.
#1 Risk Avoidance
As you may be able to guess, risk avoidance involves
strategies to avoid the identified risks altogether. You’re taking proactive
steps to eliminate the risk by putting the right measures in place to start
with. Some examples of this might be ensuring your requirements are clear so
that customizations are developed correctly the first time or performing
product selection against your requirements so that the CRM you choose is
already known to meet the majority of your needs.
Risk avoidance can be tricky, and in most cases during a CRM implementation, the risks cannot be avoided completely – just postponed. For example, if you decide to adjust your project scope to delay adding a function that is nonessential to the initial launch, you’re not eliminating that risk altogether. Instead, you’re spreading the risk over time and instituting the changes at a later date to avoid a major slowdown to the core implementation.
#2 Risk Transfer
Transferring the risk involves sharing or completely shifting the ownership of the risk with a third party. In most cases, this transferring of risk is specific to financial risks that are taken on by an organization like an insurance company, a GDPR consultant, etc. When you transfer risk, you are shifting the liability in addition to the ownership of the risk itself.
#3 Risk Mitigation
When you work to mitigate risk, you are trying to lessen its potential effect by lowering its exposure below your “acceptable” threshold. You defined what’s acceptable during the initial phases of your risk analysis, so now you’ll use those standards to help you target a response. For example, if one of your risks is that your data will no longer be GDPR compliant, you could lessen the effects of that risk by keeping an internal GDPR expert involved in the process. That person would be briefed on the CRM design and consulted on every design decision to ensure the implementation team is complying with their set GDPR standards.
#4 Risk Acceptance
As the saying goes, we must accept the things we cannot
change. In certain cases, you will have to do just that. It’s not ideal of
course, but it is a necessary strategy for two main situations: Either the
risks are minor enough that you can choose to handle them in the moment if they
come up, or the necessary response is simply not possible due to lack of
resources, budget, or time.
For instance, if you don’t have the budget to institute a change management program or the expertise of someone who knows how to do that, you may just have to accept the risk of certain user adoption issues. If, however, you were working with a CRM consultant during your implementation, your PM will have built some user adoption and change management procedures into your project, which would hopefully transform the acceptance into a mitigation strategy instead.
When it comes to choosing which of these strategies should
be applied to which situations, there is no perfect answer. Preferably though, avoidance
strategies would be your first approach, since eliminating risk altogether is
the most ideal. If complete elimination of the risk isn’t possible, your next
best bet would be to transfer the risk, although, the ability to do that is
still limited by your resources. If you can’t remove or transfer the risk,
minimizing it as much as possible through mitigation would be the way to go.
And finally, if every other pathway has been considered and there is no way
around it, some situations will require simple acceptance. For help with your
CRM risk analysis and management, employ the expertise of a CRM consultancy
team that uses strategic planning and project management best practices. If you
need a recommendation, I know just where to send you… 😉