Risky Business: Proactively Planning for Risk in Customer Success

September 12, 2022

Kate McBee

Category: Customer Retention, Customer Success as a Service, Customer Success Maturity, Customer Success Operations, Customer Success Strategy, Digital Customer Success

Wouldn’t it be nice to have a superpower that allowed us to see into the future? We could prepare for the unexpected, saving time and money and preventing roadblocks from ever getting in the way of desired outcomes in the first place. It would be nice (although things might get a little boring).  

As far as I know, there is no superpower that can provide us with this kind of insight, but what we can do is invest time in creating a plan of action in case something unexpected does knock us off course. In Customer Success, there are a million things to keep track of, from staying on top of our daily tasks to preparing EBRs and collecting NPS scores, the list goes on and on. When we take on a new project, spending some of our precious and limited time on risk management can save us a lot of hurt in the long run.  

So, what is risk management? It includes the processes of identifying and analyzing potential risk, strategizing response options and using those strategies in practice, followed by monitoring, and evaluating actual risk. Risk management can be used in anything from the implementation of a new project or process to part of the measure of customer health. Due to its applicability to so many different scenarios, there are also many different approaches to risk management – a quick Google search will return thousands of results, from industry-specific to organizational approaches to managing risk. At ESG, we utilize a six-step approach that you can easily apply in your Customer Success organization and initiatives:   

STEP ONE: Identify Risk 

  • Risk identification should be done by all project or program stakeholders throughout an engagement. This could mean all stakeholders on a project RASCI diagram, or all customer-facing roles (Account Executive, CSM, Account Manager, Support Rep, etc.) throughout a customer’s lifecycle. 
  • Describe and categorize the risk. Is it a threat or an opportunity? What is the source of the risk and who may be the right person to resolve the risk? 

STEP TWO: Analyze Risk 

  • Perform a qualitative risk analysis – prioritize the risk and assess the impact and likelihood of the risk occurring. This helps determine the urgency, severity, and priority of the risk.
  • Perform a quantitative risk analysis – to what degree does this risk, combined with other risks, impact the overall program or project? 
  • Who should be consulted to determine the right strategy to address this risk? Is it an internal stakeholder, or someone at your customer?  

STEP THREE: Strategize Response to Risk 

  • There are six main response types to opportunities or threats: 
    • Escalate opportunities or threats to higher levels of authority or influence to minimize impacts and maximize benefits of a risk. Examples of escalation techniques may include notifying the Sales team of an expansion opportunity or notifying your manager that a key employee has left the client’s company. 
    • Avoid threats that could negatively impact project scope, timeline, cost, or quality, by reducing or removing the risk with a focused approach on the root cause. Examples of avoidance techniques may include extending the schedule, clarifying requirements, reducing scope, or improving communications. 
    • Exploit opportunities to increase the likelihood of potential benefits that have been identified from the risk during the project or program. Examples may include assigning high-value resources to a project or solving a customer challenge to reduce time to completion or improve quality. 
    • Transfer / Share a threat or opportunity across third parties to offset or spread out the impact or benefit of a risk. Transfer strategies may include asking for help from another internal resource. Examples of sharing opportunities might include cross-functional agreements to extend the benefits to others – either internally within teams and across the organization, or externally for the client and broader customer base. 
    • Mitigate / Enhance a threat or opportunity to either reduce the impact or increase the benefit of a risk. Mitigation strategies might include testing or adding redundancy to a system to reduce the likelihood or impact of threats. Techniques to enhance an opportunity may include adding resources to complete work early or to increase the volume of work delivered. These strategies are best applied proactively early in risk management, rather than after the risk event has occurred. 
    • Accept or acknowledge the threat or opportunity but take no proactive approach to the event. This strategy is best applied in low-priority risk events. 
  • Depending on size, severity, and urgency of the risk, response strategies can be developed individually, as a team, or with the broader support of your strategy and leadership teams. 
  • Validate and confirm the risk owner and determine the proper timeframe to address the risk. 

STEP FOUR: Respond to Risk 

  • Once you have decided on the best strategy to use, take the determined action on the risk accordingly.  

STEP FIVE: Track Risk Response 

  • Document and track the effectiveness of the selected strategy. How is the risk trending? Is the strategy working, or do you need to adjust? Are there any residual impacts or new risks that need to be addressed? 
  • Based on the size, urgency, and timeline to address the risk, ensure regular monitoring on a fixed interval to consistently track progress. 

STEP SIX: Evaluate Risk Outcomes 

  • Document the final outcome of the risk event. Was the risk successfully resolved? How was the project or customer relationship impacted? 
  • Communicate outcomes, feedback, and lessons learned as appropriate to help drive continuous improvement within the engagement and across the organization. 

While there are many different approaches and philosophies around risk management, there is a clear consensus across industries and organizations that effective risk management is critical to project, customer, and organizational success. Managing risk is not a one-time event, nor is it one person’s responsibility. Risks can emerge at any point in a customer’s lifecycle, for any number of reasons, and from a variety of sources. Everyone on the team, from initial sale through renewal and expansion, is responsible for identifying and communicating risk. 

Life is unpredictable and our jobs are not immune to unexpected changes and challenges but incorporating risk management into your organization’s processes can make tackling these obstacles, with minimal long-term impact, a lot more feasible.