Implementing an Advancement CRM? Don’t Forget Risk Management

Having an emergency plan before the emergency occurs increases the success of your advancement Constituent Relationship Management (CRM) implementation. A successful risk management program helps you consider the full range of risks your advancement CRM implementation may face. Risk management also examines the relationship between different types of risks and the cascading impact they could have on your implementation and strategic goals.


Risk management should be viewed in three categories: the project risks, the technical risks, and the business risks. Categorizing risks is beneficial because it can reveal more extensive patterns or organizational weaknesses that must be addressed. Additionally, it helps you perceive the risk from all perspectives within your organization. These perspectives improve understanding of how the CRM project may affect other departments and how the risks may be correlated.


We discuss four key components to consider as you develop your advancement CRM risk management plan.

Risk Identification

Risk identification should be done at the early planning stages of a project. Allotting time early on for risk identification enables you and your team to:

  • think through what you’re trying to accomplish in your CRM implementation project;
  • distinguish who is going to be involved;
  • identify resources and budget needs;
  • assess components; and
  • outline barriers to success.

From a resource perspective, a key risk identification related to your advancement CRM implementation resources might include staff going on family leave during the project. Another common resource risk identification is having a role on a project you know that is not adequately trained.

Risk Analysis

After you’ve identified risks, you must complete risk analysis. Analyzing risk includes evaluating and assessing a risk score. This helps you to determine the likelihood of the risk occurring but also enables you to understand the impact on the project if that risk occurs. Specifically, during risk analysis asking, what is the source of the risk and components involved?


For example, data breaches in the middle of the implementation project have a lower probability of occurring. However, in the healthcare space, data security or Health Insurance Portability and Accountability Act (HIPAA) violations would be a very high risk from an impact perspective.


Important tip: Risk analysis and identification is not a one-and-done thing, and these tasks aren’t exclusive to the planning stage.


Risk can be unveiled along the way and at any point, so its best to be doing these things during the early planning stages but also have a plan to do them ongoing.

Risk Mitigation

Now that you’ve identified risk and the analysis, you can mitigate it. As you plan for risk mitigation, focus on prioritizing the potential impact of what’s happening. Again, risk mitigation plans are working documents and must accompany identification and analysis. You can identify and analyze risk, but those are just documents if you don’t develop a mitigation plan.


Risk mitigation strategies should be useful and actionable. They are truly the “exit plan,” determining the route you need to take if the risk were to occur. This exit plan reduces the chance of the risk happening and minimizes the consequences—helping you achieve two things:

  1. acting early helps you reduce the risk’s likelihood; and
  2. lessening its impact and preventing it from happening again if the risk does occur. 

One common (and considerable) risk during CRM implementation projects is scope creep. A risk mitigation plan addresses scope and policies and allows for scope creep helps you contain and change it, making it less detrimental to your CRM implementation project. Changing the scope of the project becomes very fluid and increases success if you prepare for scope creep in your risk mitigation strategy.


Here are other things to consider in your risk mitigation strategy.

  • Comprehensive test plans and scripts ensure quality and reduce the risk of integrating a solution that doesn’t work. A risk mitigation plan integrates test plans and scripts to ensure whatever is developed meets the needs.
  • Contingency plans: Contingency planning should be completed for all significant impact or high-likelihood items during the analysis. Many organizations forget about contingency plans when formulating risk mitigation strategies. But it’s better to have the plan in place rather than trying to create it during chaos.

Tracking and Monitoring

The most underrated aspect of establishing a risk management plan is determining methods for tracking and monitoring. Too often, organizations spend much time identifying and analyzing risk but do not have established tracking and monitoring methods once the risk has occurred.


You need to establish risk metrics and triggers and know when to enact the strategies for all your action plans. Otherwise, you won’t know the risk is occurring or the circumstances that triggered it. Answering these questions up front support the monitoring and tracking process and set your risk management plan and advancement CRM up for success.