Risks Associated With Information Technology Projects Management

Align with Objectives

Objectives need to conform to the risks associated with information technology projects (hardware failure, software failure, human error, spam, viruses and malicious attacks). Aligning objectives ensure shared understanding/expectations between interested parties in the risk management process. Changes in goals must be met with similar alignment procedures to provide controlled risk management.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Fits the Context

The internal and external environment of the IT project are the determinants of how the risk strategy is to be customized or adapted. The external and internal context of a project is critical determinants of an organizations performance. It is therefore of essence that risk management is structured to fit both settings if it is to be effective.

The external environment of an IT project consists of the target market, location, government policies and existing technologies. The internal context of an IT project includes: organizational culture, relationships between patrons, and processes implemented. Effective risk management should reflect all changes in context.

Engage stakeholders

Effective risk management engages stakeholders and handles various perspectives of risks. Perceptions of the potential of a situation posing risks to objectives vary considerably between individuals and groups. Stakeholder engagement requires the adoption of a suitable level and style of communication in order:

• To identify persons and groups with vested interests in the activities the organization is undertaking.
• To understand their expectations of the project and how they perceive the risks
• To influence their way of thinking about the project
• To enhance their overall contribution to the project regarding risk identification, support, planning and owning their actions

Provides Clear Guidance

Effective risk management offers clear, articulate guidance to the patrons. Useful guidance ensures that the sponsors have a bright idea of how the project team identifies, assesses and controls risks to project aims across various views.

Informs Decision Making

Effective risk management is important in the decision-making processes of the project team. A proper project risk management needs to educate the project team about the benefits threats as well as opportunities that could be realized by taking alternative courses of action. This principle can be achieved by using risk tolerance, KPI's and early warning indicators.

Facilitates Continual Improvement

Effective risk management incorporates historical data and enables learning for continuous improvements. Continual improvement is aided by collecting real performance data together with data about previous risks that were identified, assessed and mitigated meaning that new projects have history and experience refer.

Continual improvement can also be achieved through the use of risk management health checks and M_O_R Maturity model to identify the weak points of the project as well as possible improvements.

Creates a Supportive Culture

For M_O_R to be beneficial to a project, a culture that understands that risk management is all about taking chances must be built within the project team. M_O_R in an IT project encourages a culture that is aware of uncertainties as well as supportive of considered risk-taking. A supportive culture can be created by:

Recognizing and rewarding people for proactive risk management. Rewards should only be based on proactive risk management actions and not on heroic recoveries from crises.

Training and coaching the entire project team on proactive risk management.

Achieves Measurable Value

Risk management is a crucial contributor to the overall measurable value of an organization. A structured risk M_O_R approach is essential to the creation and protection of the organization's value. Risk management can be used to measure and quantify the value of an IT project.

Relevant M_O_R approaches/documents

• Risk Register - this is a scatterplot deployed to achieve regulatory acquiescence by acting as a depository for all identified risks. A risk register often has more information about the risk.
• Issue Register - this is a log that keeps all records of emerging issues in a project. It is mainly used for monitoring issues as well as tracking actions are taken to manage issues.
• Risk Management Policy - this is a formal acknowledgment of the commitment of the organization to an all-inclusive, competent and effective method to risk management. Its primary objective is to ensure that concerted effort is put in by the project team and the organization as a whole to mitigate risk effectively, maximize on opportunities and minimize the adverse effects of uncertainty.
• Risk Management Process Guide - This is a document that elaborates the entire risk management process to be implemented in a particular project. It is primarily used in risk analysis to approximate the level of risk.
• Risk Management Strategy - provides a structured articulate approach to the identification, assessment, and management of risk. It embeds a procedure for making regular updates and reviews the evaluation with regards to new developments and mitigating actions.
• Risk Improvement Plan - this is a document prepared by a project manager to forecast risks, approximate their impacts and define appropriate mitigating actions.
• Risk Communication Plan - this is a document that details the areas (science, capacity, and policy) in which appropriate mitigating actions coupled with domestic and international contributors can improve generation, propagation, and regulation of risk communication.
• Risk Progress Report - this is a report that presents an overview of the up to date progress on the implementation of risk management actions.
• Risk Response Plan - this is a document outlining the mitigating actions a project team is going to undertake to mitigate risks.

Relevant M_O_R Processes

Operational risk management in IT projects is composed of nine key components and six distinct process stages and three activities. The six process stages are; context establishment, risk identification, quantifying the impact of risks, prioritizing risks, treating risks and monitoring risk strategies. The three activities that rise above the entire risk management process are modeling risks, feedback loop, and oversight to ensure compliance.

Establishing Context

It is common practice for companies to broaden the range of M_O_R to cover areas, not under the rule of the project group. Asking project teams to mitigate risks outside the scope of their project causes uncertainty and waste of attempt and also shows the necessity for a Project Management Team which is more productive than project teams in alleviation danger across the companies' scope of business. The condition of the team in risk management should be confined to the budget, timeframe, quality and critical objectives.

Risk Identification

Proper identification of risks is a crucial step towards an effective risk management process. Often, project risks will have various symptoms, conditions or events that indicate the probability of a threat. The most common mistake many project teams make at this stage is identifying the risk indicator as the risk while the real risk goes unnoticed. The danger of identifying the indicator as the risk is that the real risk remains undocumented and thus unmanageable. Managing risk indicators without recognizing the real risk causes delays, unplanned expenditures as well as a substandard project.

Quantifying risk impact

Some risks are problematic to define as their effects vary from one individual or organization to another. For example, the risk "substantial cost overrun" needs to be quantified since what one might view as a substantial budget overrun might be considered to be inconsequential in other quarters. Quantifying risks is also important when monitoring risks since it is illogical to spend a lot of money to manage a risk whose impact is less than the cost of handling it. To effectively mitigate risk, its probable effect on the project needs to be quantified objectively. Risk management requires proper understanding of the goals of the project to ensure sound decision making when it comes to risk management.

Prioritizing risks

After risks have been appropriately identified and quantified, it is important to prioritize them. Prioritization of risks ensures that more effort is put into managing high impact risks. Risk prioritization is done through structured schemes, and there are numerous of them ranging from simple high/low schemes to more elaborate schemes like Monte Carlo simulation.

Treating Risks

This step can be achieved through the implementation of one of four distinct care strategies: Avoid, Transfer, Mitigate, and Accept.

• Avoidance - modifications are made to the planned project to get laid off the risk.
• Transfer - Risk transferred to the second party, e.g., insurance companies.
• Mitigate - This involves developing a treatment plan to manage the risk.
• Accept - this strategy comes into play where the cost of managing risk is less than its financial impact on the project.

Monitoring Risk Treatment

This can be achieved in two ways: tactical monitoring and strategic monitoring. Tactical monitoring is the daily monitoring practices of the project team to determine how the risk management process is performing. Strategic monitoring is conducted during reviews by the management especially during both internal and external auditing or at the completion of the project.

Modeling risks

A likelihood model is a structured plan of a treatment plan that was identified to mitigate particular recurring project risk. A risk model consists of, proven risk management strategies, assets, mitigating actions, triggers, and performance data. Strategies and treatment procedures that were determined as ineffective in mitigating risk are also included in the risk model.

Feedback Loop

The defining characteristic of an active feedback loop is processes that spread information across an organization allowing for the development and modification of risk models. Wiki is an excellent example of a software tool for providing a feedback loop to distributed project teams.

Oversight to Ensure Compliance

The challenging nature of a proper risk management process necessitates supervision at both tactical and strategic levels. Integration of Quality Assurance Reviews and Management Reviews is essential to ensure oversight is operational.

Relevant concepts of M_O_R

M_O_R can be defined as a path towards risk management that brings together principles, interrelated processes and insights to more elaborate guides on risk management techniques and specializations. The concepts of M_O_R relevant to an IT project include:

Risk Management Concepts

Risk Capacity: this s the maximum impact of a risk on a project team with regards to its reputation, resources, and capital.

Risk Appetite: this is a quantified amount of risk a project team is willing to accept. Risk appetite should be less than the risk capacity.

Risk Tolerance: these are boundaries for risk levels which when exceeded may trigger an escalation.

The proximity to risk: this refers to how close a risk is with regards to time. The proximity to risk is used in the risk prioritization stage of the risk management process to ensure more urgent tasks are attended to first.

Embedding and Reviewing M_O_R

For the effectiveness of the principles, approaches, and process, the project management team needs to ensure they are applied continuously across the organization and constant enhancements are made to their application.

The complexity of Information Systems Development Projects

Modern-day companies use projects to manage their information systems development undertak...