Designing a Risk Management Process

In his memoir, Charlie Beckwith, the founder of the US Army’s Elite Delta Force, stated that risk is inherent to any job worth doing.

What separates the elite operators is their thorough preparation or the ‘practiced plan’ for the foreseen risk and their ability to adapt to unforeseen risks. He essentially explained the old army adage: The more you sweat in peace, the less you bleed in war. 

What does all this have to do with Customer Success (CS)? In today’s market, where Net Revenue Retention is a leading valuation metric and companies are prioritizing efficient and durable growth, companies that have a proven risk management process in place will retain more customers. It’s as simple as that.

In other words, designing and implementing a risk management process during the heydays is that peacetime sweat or the ‘practiced plan.’ Implementing that plan with an at-risk customer is the battle to keep/win the customer.

Designing a Risk Management Process 

In today’s complex operating environment, the risk to a customer relationship is a composite of multiple occurrences (leadership change, non-responsive customer, etc.) which need to be tracked and remedied simultaneously. As a result, the risk management process also becomes complex and multi-faceted. 

Let’s start with identifying the key ingredients of an effective risk management process:

1. It should be simple to understand and adopt
2. It should be data-driven but allow for risks not captured through data
3. It should allow for escalation, when required 
4. It should inform customers health scores
5. It should be cross-functional and give leaders visibility toward the risk

Now, let’s understand the process and the different decision points. The flowchart below elucidates the process.

Source: Krishna Reddy Katipelly, Gainsight

1. Identify the Risk

The first step is identifying the risk. Risks can be identified when the data shows warning signs or the CSM reads warning signs in their interactions with the customer. Of course, for this, you need access to the right adoption, support, consumption, survey, entitlements, and contract data. 

Sometimes your data may be lagging or out of sync with the reality of your customer situation. For example, if a new stakeholder joins your customer, your data can make you believe that everything is hunky dory in their first few months, but there might be changes brewing in the background. Or a CSM finds out that the customer doesn’t have any budget for your solution the next year. In such situations, CSMs should be able to raise the risk as well. 

There are two ways to raise a risk: 

1. Automation: Triggered when the data shows an anomaly such as a drop in usage month over month, low likelihood to renewal survey score, etc.
2. Manual: When a CSM (or any customer-facing person) detects a risk and raises it. 

2. Raise the Risk

Once you’ve identified a risk, you need to bring it to the right people’s attention. To raise a risk, CSMs need to identify the reason for the risk accurately so that the organization can course-correct to improve customer experience. For example, if most of the risks are raised with onboarding as a reason, you should consider improving your onboarding experience as a whole and not try to solve it on a customer-to-customer basis. 

How do you raise a risk? By adding all relevant information on the risk, creating a call to action, and a timeline for resolution in your customer success tool. CSMs must be required to put in weekly updates against the progress on the timeline. We recommend using a timeline template to drive consistency.

3. Escalate the Risk

Sometimes CSMs are unable to resolve risks on their own and the risk needs to be escalated to managers and leaders to provide visibility to the leadership and receive guidance and help. When should a risk be escalated?

• Frustration: The customer expresses frustration and the CSM observing this frustration does not feel equipped to manage it effectively. This can be something expressed directly by the customer or something sensed by the CSM, such as a negative tone in an email or conversation.
• Escalation Request: The customer specifically requests escalation for an issue they are facing.
• Non-Responsiveness: Customer is non-responsive for five business days unless there’s a known reason (e.g., vacation, end of the quarter).
• Renewal: A renewal is in process.
• Internal escalation from Support/CAM/Executive.
• Delays: If a customer is at risk by your department’s definition (e.g., delays in the project plan, delay in reaching first value). 
• No Clear Path to Resolution: Ask yourself, “Could I write an email articulating the next steps, who owns them, and their ETA?” If not, you need to escalate the matter.
• Catchall: Escalate when you feel less than 100% equipped to manage the risk independently as a CSM.

It is important to emphasize that escalating a risk is not a reflection of CSM’s ability to do their job. Escalating should be encouraged and celebrated because it allows the organization to dissolve the risk sooner rather than later.

4. Update the Customer Health Score

As soon as an escalated risk is raised, the scorecard should be configured to automatically turn the overall health score to “Red.” Your health score should reflect the reality of the customer’s situation immediately. This is an important step that your admin should be able to configure. Check out this link on how you can configure this in Gainsight. Note that the exception should take effect only when there is an escalated risk to avoid red herrings.

5. Next Steps

Risk Not Escalated: If the risk raised is not escalated, CSMs should continue to work with customers and cross-functional colleagues to drive the risk to closure. A good example of a risk that does not require an escalation is a low NPS score from the end users, who will most likely not influence renewal and the ongoing relationship. CSMs can offer to meet the end users and understand the adoption and product challenges. Escalation of this particular risk is not required as it is contained and can be managed easily by the CSM.

Escalated Risk: If the risks fall in the escalated bucket, CSMs and their managers must discuss it in weekly risk reviews with cross-functional leadership with specific asks. A good example of an escalated risk is if a customer refuses to renew unless a certain product enhancement is delivered. In this case, during the weekly risk review, the ask would be to the product leadership, requesting them if they can modify or update their product roadmap to accommodate the enhancement.

6. Unmitigated Risk

If, despite your best efforts, a customer churns, make sure to interview the customer using third-party partners to understand the root cause of the churn. Customers are generally more open to a third party than an organization they have just churned from. Learning from churn will help identify gaps in process, technology, and/or resources. 

At Gainsight, we have seen the above process work over the years, not just at our company but also for hundreds of other customers. By using this process, leaders and CSMs can identify risks quickly, understand the impact of a risk on the overall business and ask for help cross-functionally. 

Always remember, risk management isn’t just a CSM or even just a CS responsibility. Cross-functional leaders should be informed about critical risks and must play a critical role in removing hurdles, establishing exec-level connections, mobilizing resources, and identifying recurring risk themes to be resolved at a more holistic level. 

Learn More

For more on how to minimize churn risk, check out our Essential Guide to Churn and download our Durable Growth Playbook.