Eight to Late

Sensemaking and Analytics for Organizations

Operational and strategic risks on projects

with 4 comments


Risk management is an important component of all project management frameworks and methodologies, so most project managers are well aware of the need to manage risks on their projects. However, most books and training courses offer little or no guidance about the relative importance of different categories of risks.   One useful way to look at risks is by whether they pose operational or strategic threats. The former category includes risks that impact project execution and the latter those that affect project goals. A recent paper entitled, Categorising Risks in Seven Large Projects – Which Risks do the Projects Focus On?, looks at how strategic and operational risks are treated in typical, real-life projects. This post is a summary and review of the paper.

Operational and strategic risks

For the purpose of their study, the authors of the paper categorise risks as follows:

  1. Operational risk: A risk that affects a project deliverable.
  2. Short term strategic risk: A risk that impacts an expected outcome of the project. That is, the results expected directly from a deliverable. For example, an order processing system (deliverable) might be expected to reduce processing time by 50% on average (outcome).
  3. Long term strategic risk: A risk that affects the strategic goal that the project is intended to address. For example, an expected  strategic outcome of a new order processing system  might be to boost sales by 25% over the next 2 years.

It is also necessary to define unambiguous criteria by which risks can be assigned to one of the above categories. The authors use the following criteria to classify risks:

  1. A risk is an operational risk if it can impact a deliverable that is set out in the project definition (scope document, charter etc.) or delivery contract.
  2. A risk is a short-term strategic if it can have an effect on functionality that is not clearly mentioned in the project documentation, but is required in order to achieve the project objectives.
  3. A risk is considered to be a long-term strategic if it affects the long-term goals of the project and does not fall into the prior two categories.

The authors use the third category as a catch-all bucket for risks that do not fall into the first two categories.


The authors collected data from the risk registers of seven large projects. Prior to data collection, the conducted interviews with relevant project personnel to get an understanding of the goals and context of the project. Further interviews were conducted, as needed, mainly to clarify points that came up in the analysis.

A point to note is that the projects studied were all in progress, but in different phases ranging from initiation to  closure.

Results and discussion

The authors’ findings can be summed up in a line: the overwhelming majority of risks were operational. The fraction of risks that were classified as long-term strategic was less than 0.5 % of the total (with over 1300 risks were classified in all).

Why is the number of strategic risks so low? The authors offer the following reasons:

  1. Strategic risks do not occur while a project is in progress: The authors argue that this is plausible because strategic risks are (or should be) handled prior to a project being given the go-ahead.  This makes sense, so in a well-vetted project strategic risks will occur only if there are substantial changes in the hosting organisation and/or its environment.
  2. Long term strategic risks are not the project’s responsibility: This is a view taken by most project management methodologies: a project exists only to achieve its stated objectives; its long-term impact is irrelevant.  Put another way, the focus is on efficiency, not (organisational) effectiveness (I’ll say more about this in a future post).  The authors recommend that project risk managers need to be aware of strategic issues, even though these are traditionally out of the purview of the project. Why? Well, because such issues  can have a  major impact on how the project is perceived by the organisation.
  3. Strategic risks are mainly the asset owner’s (or sponsor’s) responsibility: According to conventional management wisdom strategic risks are the responsibility of management, not the project team. In contrast, the authors suggest that the project team is perhaps better placed to identify some strategic risks long before they come to management’s attention.  From personal experience I can vouch that this is true, but would add that it can be difficult to raise awareness of these risks in a politically acceptable way.


The main point that the article makes is that strategic risks, though often ignored, can have a huge effect on projects and how they are viewed by the larger organisation.  It is therefore in important that these risks are identified and escalated to sponsors and other decision makers in a timely manner.  This is a message that organisations would do well to heed, particularly those that have a “shoot the messenger” culture which discourages honest and open communication about such risks.

Written by K

June 2, 2010 at 10:29 pm

4 Responses

Subscribe to comments with RSS.

  1. […] This post was mentioned on Twitter by ricky_elias, Kailash Awati. Kailash Awati said: Operational and strategic risks on projects: http://bit.ly/9rtAls […]


  2. Managing risk can be difficult but is never more so than with a large project schedule. There are just too many tasks to wade through without wasting a lot of time – another valuable resource. See http://www.steelray.com/scheduleanalyzer.php


    Laura Bamberg

    June 3, 2010 at 3:07 am

  3. Thanks for the article – I haven’t thought to evaluate strategic risks as short term and long term before.

    I guess one problem with strategic risks is that they are the elephant in the room, that is, everyone knows them but nobody wants to hear about them



  4. Thank you for the article it was really helpful



    April 18, 2020 at 8:29 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: