When you invest in a major IT project, you expect significant value. If you didn’t, you wouldn’t start the project. At some level you know that achieving the value is not going to be risk free. Here’s the $64,000 question. Is the value worth the risk? Many IT software vendors would prefer you think only about the value and not about the risk. Their sales process may not include helping you understand the risks you will have to manage to gain the value.
The $64,000 Question
Answering the $64,000 question requires open, honest and realistic discussion of both the value and the risks. You need to understand specifically from where the value will come and how you will achieve the value in measurable terms. You also need to understand where the risks lie and what you can do to avoid, mitigate, and manage them. There will be technical risks and business risks. Your ability to capture the value is a business risk and a big one. For example, let’s say you’re replacing your purchasing system. The value will come from streamlining your purchasing processes including how you work with vendors as well as reorganizing your purchasing department. These changes come with significant risk that your purchasing staff and vendors may resist the required changes in how they work. Achieving the expected value will depend on how well you are able to mitigate and manage this risk. Software vendors may be willing to address technical risks because that is what they understand, control, and can mitigate. The software vendors shouldn’t and don’t control your business processes, vendor relationships, organizational structure, or people’s behavior in terms of accepting or resisting change. It is your job to recognize, understand, and manage this risk.
Eyes-Wide-Open
Understanding the details of both value and risk leads to an eyes-wide-open business decision regarding whether to proceed with a project or not. But for some organizations, saying aloud anything about risk is considered heresy, disloyalty, incompetence, or defeatism. Some people are superstitious, worrying that the mere mention of a risk will cause it to happen. Some people would just as soon close their eyes and pretend there are no risks. If you can talk about only the value, you may find your project in a crisis during the process re-design phase or in the middle of implementation. Or you may complete the project only to discover that the value you expected will never be achieved. Dealing explicitly with risk increases the probability of achieving value.
Risk Management
You manage risk from a project’s inception through implementation and post-project achievement of the value. Here are the general risk management steps:
1. Specify and quantify the value expected.
2. Identify and analyze the risks, including the probability of occurrence and severity of the impact.
3. Develop a mitigation plan. The mitigation plan defines actions you will take to reduce the probability of a risk materializing and to reduce the cost of containing that risk when it materializes. Mitigation activities are performed before the risk materializes and whether or not it materializes. These activities are included in the project plan in terms of tasks, schedule, and budget.
4. Develop a contingency plan. The contingency plan defines actions you will take when a risk materializes to contain its impact on the project. The contingency plan is used to identify and reserve time and money that will be spent only if the risk materializes.
5. Manage risk throughout the project by monitoring pre-identified triggers that indicate a risk is materializing and invoking your contingency plan.
There are numerous risk management models, techniques, and tools available from very simple and straight-forward to highly sophisticated. Some have automated risk calculators. Pick one that fits your organization’s culture and readiness to deal with risk.
Your First Step
The first and most important step you as an executive can take is to legitimize risk by making it a topic you openly discuss and by demonstrating your willingness to be responsible for your part in managing risks to achieve the expected value.
Eileen Strider conducts project reviews, project retrospectives, and IT organization assessments based on experience as a developer, project manager, IT manager, and CIO. She provides coaching for business and IT executives and fills in as a temporary CIO. With her partner Wayne Strider, she leads the annual Strider & Cline Leaders’ Forum. Her articles have been published in STQE magazine and on Stickyminds.com. To read more articles, go to http://www.striderandcline.com/takeaways.shtml or contact her at eileenstrider@worldnet.att.net.
