Doing IT Projects Right with Risk Management

Last week, I talked about IT project risk management and gave a real-world example of doing it wrong, with the expected consequences. But some organizations do it right, and it’s worth looking at those examples as well.

Not long ago, I spent a few months at a client site reviewing a couple of major IT projects. The main focus was on an already-deployed system that had been having some issues, but I was also asked by management to look at another system under development (we’ll call it “System X”) and identify any major risks.

I quickly found that there was little for me to add. Not because System X had no risks, but because the project team itself was actively and aggressively identifying and managing those risks. For starters, I found that the System X team had one person whose major responsibility was risk management for the project. I found this novel and refreshing; while I have heard of the idea having a person in charge of risk management on large IT projects, up until then I don’t think I had ever met someone who actually had that as his or her principal responsibility.

Second, I found out (from this person) that the System X team was using a web-based collaboration tool (Microsoft SharePoint) for the project, and within that they had a whole subsystem devoted to risks. Anyone on the team could submit what she or he felt was a meaningful risk. Information about the risk included what aspect of the software development lifecycle was involved, the estimated likelihood of the risk occurring, and the likely impact to the project should the risk come to pass.