Almost every company has experience
with IT projects that exceeded costs,
were delivered late, didn’t align with the business’s objectives or failed to improve
productivity. The question then becomes:
Why are these problems so common?
“IT projects demand time-intensive investigation and planning to be properly implemented,” says CIMCO Communications’
Chief Information Officer Dave Braner. “Too
often, the time needed to properly assess
the project and its risks is unavailable and is
therefore not built into the plan.”
Smart Business asked Braner about identifying and mitigating the risks associated
with IT projects.
How do you begin in identifying risks?
Many times, people become so enamored
with the technology and automating a
process that other important aspects are not
studied. Financial risk models are common,
but they don’t address the other types of
risks. Standard checklists are used, but IT
projects are anything but standard. I recommend creating a SWOT (strengths, weaknesses, opportunities, threats) analysis as
part of the risk identification process. It
requires working cross-functionally and receiving input from disparate and impacted
functions to clearly identify all possibilities.
As part of this process, it’s critical to ask if
employees will really do their jobs using the
new technology. If employees are averse to
the technology change, they can sabotage
the usefulness and productivity gains when
a technology is deployed by creating their
own work-arounds. These professionals
can also help identify risks and opportunities that an IT person would not usually
consider. Good change management and
two-way communications throughout the
project can bring employees along, get
them engaged in the technology and use
their feedback for early detection of potential hurdles. Plan and incorporate your
change management and communications
strategies from day one.
Where’s the greatest danger of risk?
First, it’s important to be forthcoming
about the risks involved with a project. If you do not acknowledge the risks, you
could find your project in serious trouble
down the road. Be honest with your executive sponsor and leadership about the risks
in the beginning.
Another key area involves the process
used to develop your project plan. Always
ask your team and impacted users, ‘What
could go wrong with this project?’
Encourage people not to be afraid to bring
up the wildest possibility. There is a lot of
subjectivity and different perspectives in
looking at risk. For example, perhaps a new
technology captures more information or
presents it differently than previous technology. Suddenly, the historical data used in
making important decisions changes,
which could impact business strategy, regulatory oversight, and employee roles and
responsibilities.
Scope creep is the single biggest risk and
requires discipline. A superb, detailed project charter is critical. It is your contract and
your blueprint, and the project must be
managed against the framework established in the charter. Too often, people forget to review the charter after the project is
underway or only when the project is conflicted. If the scope goes beyond the project charter, you may need to make the difficult
decision to close out the project and start
over with a new, larger project.
How do you manage and monitor risks as
your project progresses?
In my experience, it’s just as critical to
understand how to mitigate each risk once
it’s been identified. Then, qualitatively
assess each risk and rank it by what is most
probable. This places a value to each risk
involved and helps you determine the point
of diminishing returns.
A risk response plan should be developed
for each risk. Since neither assessment nor
mitigation is static, the risk response plan
should be incorporated into the project
management discipline for review and status as events change. Just as you keep a log
of technical changes, you should keep a
similar risk log and assign a person the
responsibility of keeping an eye on it
throughout the entire project. Risks are
deleted from the log when they are no
longer possible, and new ones added as
events impact the project.
How can you anticipate all the possible risks
that a project may encounter?
You can’t. It’s a best guess. There are both
internal and external influences as well as
technology and business process elements
to consider. That’s why working cross-functionally and at all levels of the organization
better helps in the guessing game. Will a
major weather event impact deployment?
Will a corporate reorganization derail
progress? What if your executive sponsor
suddenly is gone? Or, how many times do
you think about the legal implications of an
IT project?
The bottom line is to minimize surprises
to keep the project on track and within
budget. Managing risk is challenging, but
doable with structure and discipline.
DAVID BRANER is Chief Information Officer of CIMCO Communications, based in the Chicago metropolitan area. Reach him at
(630) 691-8080 or [email protected].