A digital transformation program begins. The kick-off is polished: 40 slides, a risk matrix, ribbon-cutting, applause.
But after that first meeting, as a stakeholder, did you ever look at the risk matrix again? Or did you assume that if something changed and affected you, someone would let you know?
As a program manager, how many times have you built a perfect risk matrix at the beginning of a program, only to abandon it a few weeks later?
The limits of a plan
Risk and dependency management is probably the hardest part of program management. And the challenge often comes from treating risks as a simple waterfall: plan, execute, monitor. Stakeholders tend to believe that once risks are identified and logged, it’s enough to follow the plan.
That might work in a small project, with one Scrum team of 5–7 people.
If that’s your case, a matrix of probability vs. impact (high, medium, low), a few risk management plans (avoid, mitigate, transfer, etc), and a red-yellow-green traffic lights dashboard will do. Common project risks are well-documented here.
When it’s no longer a project
But if you’re looking to learn how to resolve bigger challenges, here’s the truth: once your stakeholder list has more than ten names, you’re running a program, no matter what it’s called. And program risks are very different.
The bad news: project-level risks don’t go away. Program-level risks pile on top, adding complexity and volatility.
I’ve seen many “projects” with 30+ people and multiple squads disguised as projects to cut costs. As a result, program risks remain invisible and unmanaged.
Program risks you can’t miss
- Dependencies In a single Scrum team, backlog changes can be absorbed. In a multi-team program, one change triggers a chain reaction: frontend to backend, architecture, integration, testing. Or think about another real life example: the data team overlooked a key component that marketing required for a customer loyalty program. By the time budget and vendors were approved, Christmas was already over.
- Conflicting risks Classic dilemma for components acquisition: buy off-the-shelf or build custom? Buying reduces risks around cost, maintenance, and performance. But having a standard solution creates others: dissatisfied users, lost sales, manual workarounds, and so on and so forth.
- VUCA environment (Volatility, Uncertainty, Complexity, Ambiguity) Small projects can ignore it. You can probably make do with a static risk matrix. But the programs spanning months or years are subject to constant changes: a key sponsor leaves, budgets are cut, technology stacks shift, and suddenly your teams don’t know the new tools. Even the best plan becomes obsolete without continuous adaptation.
But don’t worry, we are not doomed. Program Managers are here to save the day.
(Image credit: Warner Bros.)
From controlling to orchestrating
In previous posts, I’ve written about orchestration. The metaphor matters: like a conductor aligning instruments, a Program Manager must harmonize risks across workstreams so they don’t turn into chaos.
Orchestrating risks means:
- Managing interdependencies: how does one team’s risk ripple across the program? Is a fix reversible? At what cost?
- Mapping the risk network: not just listing risks but seeing how they connect. A positive action in one area can create friction in another. Think agility vs. security.
- Building dynamic scenarios: simulate two or three risks hitting at once. Usually, you can only fund one mitigation plan; the rest requires workarounds, and some even acceptance. As Scarlett O’Hara said: “I’ll think about that tomorrow.”
- Bridging strategy and operations: translate technical risks into business impact. Monetization brings clarity – and puts you in the center of attention. Stakeholders may not care about APIGEE, but they understand a USD 30,000 loss.
Risk maturity is not about building dashboards: it’s about predicting and responding as a team.
Have you ever lived through a domino effect of a risk exploding in one of your programs? Did you take away any lesson learned? Please share.
I am a Senior Program Manager with 12+ years of experience leading large-scale multicultural programs. Every week I will write here about program and project management. If this sparks your interest, hit subscribe and stay tuned.