By definition, strategy is the skill in managing or planning an approach to achieving an end. It is crucial to accomplishing an entity’s long range plans. Strategy is concerned with controlling the entity’s destiny and achieving stated goals; while planning is a formalized procedure to produce an articulated expected outcome, in the form of an integrated system of decisions. However, as with most decisions there are risks. IT strategic risk is the current and prospective affect on value delivery arising from adverse decisions, improper deployment decisions, or lack of responsiveness to environment changes; whereas IT planning risk is the current and prospective affect on the control environment arising from incorrect identification, improper design decisions, or lack of reliable information. Thus, the prerequisite to sustaining a holistic strategy is adequate risk management planning.
“View Part I of the Not-for-profit Risk Management series here“