Now is also a good time to carry out a detailed risk assessment to understand the suitability of the strategy. A corporate risk register should be maintained to monitor and manage key assumptions
As each of the outputs are brought together, you will often find that some of the key successes of the strategic plan are dependent in their turn on a number of key activities. In addition, a number of significant activities and new projects may emerge in the plans and it becomes quickly apparent that not all of them can be implemented within the time frame. It is important to identify key risks associated with plans and document them in a central register. This IT strategy risk register should be actively managed. Do not list every possible thing that might go wrong, but just the top 10 or 20 risks that will most adversely affect the plan.