Almost every company has experience with IT projects that exceeded costs, were delivered late, didn’t align with the business’s objectives or failed to improve productivity. The question then becomes: Why are these problems so common?
“IT projects demand time-intensive investigation and planning to be properly implemented,” says CIMCO Communications’ Chief Information Officer Dave Braner. “Too often, the time needed to properly assess the project and its risks is unavailable and is therefore not built into the plan.”
Smart Business asked Braner about identifying and mitigating the risks associated with IT projects.
How do you begin in identifying risks?
Many times, people become so enamored with the technology and automating a process that other important aspects are not studied. Financial risk models are common, but they don’t address the other types of risks. Standard checklists are used, but IT projects are anything but standard. I recommend creating a SWOT (strengths, weaknesses, opportunities, threats) analysis as part of the risk identification process. It requires working cross-functionally and receiving input from disparate and impacted functions to clearly identify all possibilities.
As part of this process, it’s critical to ask if employees will really do their jobs using the new technology. If employees are averse to the technology change, they can sabotage the usefulness and productivity gains when a technology is deployed by creating their own work-arounds. These professionals can also help identify risks and opportunities that an IT person would not usually consider. Good change management and two-way communications throughout the project can bring employees along, get them engaged in the technology and use their feedback for early detection of potential hurdles. Plan and incorporate your change management and communications strategies from day one.
Where’s the greatest danger of risk?
First, it’s important to be forthcoming about the risks involved with a project. If you do not acknowledge the risks, you could find your project in serious trouble down the road. Be honest with your executive sponsor and leadership about the risks in the beginning.
Another key area involves the process used to develop your project plan. Always ask your team and impacted users, ‘What could go wrong with this project?’ Encourage people not to be afraid to bring up the wildest possibility. There is a lot of subjectivity and different perspectives in looking at risk. For example, perhaps a new technology captures more information or presents it differently than previous technology. Suddenly, the historical data used in making important decisions changes, which could impact business strategy, regulatory oversight, and employee roles and responsibilities.
Scope creep is the single biggest risk and requires discipline. A superb, detailed project charter is critical. It is your contract and your blueprint, and the project must be managed against the framework established in the charter. Too often, people forget to review the charter after the project is underway or only when the project is conflicted. If the scope goes beyond the project charter, you may need to make the difficult decision to close out the project and start over with a new, larger project.
How do you manage and monitor risks as your project progresses?
In my experience, it’s just as critical to understand how to mitigate each risk once it’s been identified. Then, qualitatively assess each risk and rank it by what is most probable. This places a value to each risk involved and helps you determine the point of diminishing returns.
A risk response plan should be developed for each risk. Since neither assessment nor mitigation is static, the risk response plan should be incorporated into the project management discipline for review and status as events change. Just as you keep a log of technical changes, you should keep a similar risk log and assign a person the responsibility of keeping an eye on it throughout the entire project. Risks are deleted from the log when they are no longer possible, and new ones added as events impact the project.
How can you anticipate all the possible risks that a project may encounter?
You can’t. It’s a best guess. There are both internal and external influences as well as technology and business process elements to consider. That’s why working cross-functionally and at all levels of the organization better helps in the guessing game. Will a major weather event impact deployment? Will a corporate reorganization derail progress? What if your executive sponsor suddenly is gone? Or, how many times do you think about the legal implications of an IT project?
The bottom line is to minimize surprises to keep the project on track and within budget. Managing risk is challenging, but doable with structure and discipline.
DAVID BRANER is Chief Information Officer of CIMCO Communications, based in the Chicago metropolitan area. Reach him at (630) 691-8080 or email@example.com.