Abstract
Risk management is undertaken differently in varied sectors. In a survey of 415 projects in Brazil, the revelation came out that hiring a risk manager or planning for risk enhances project success rate. However, risk means diverse things for different sectors. In IT, some risks are desirable, because they disrupt the status, making some people redundant and increasing the opportunities for the skilled. Hence, the path taken to manage risk in the IT field is different from how risk is managed in other areas. The construction industry is intensive in the use of resources, and risk management should be based on the resources required by the project. Lastly, it is possible that most measures of risk try to eliminate the deliberate ignorance of factors that influence the project. Ignoring such aspects like the environment or social issues may affect the optimal success levels of a project, and, although the project might still be a success, makes it hard to determine how far it fell short of the optimal potential.
Introduction
Project managers are always concerned with potential impacts that costs, scope, and timelines have on the overall objectives of a project, and especially following the global financial crisis which shook global economies in 2008 (Rabechini and Marly 1). A risk can generally be described as uncertainty on a matter that has the potential to affect the outcome of a project either positively or negatively. The uncertainty could be an anticipated future event that can or cannot happen and whose magnitude to the project is still unknown. Thus, risk management has a task of characterizing the probability of the occurrence of uncertain events with the uncertain impact that it will have on the objectives of a project. Of most importance to note, however, is that risk management plays no role in influencing success perceptions or success factors in a business project.
Risk management primarily deals with managing risks in all aspects of a project and includes elements such as communications and engagement with project stakeholders, agreed-on levels of quality, scope, budget and schedule of a project. Conducting risks analysis and especially in planning construction projects has been found to be beneficial to organizations; actual implementation of risk management procedures significantly differs across industrial segments but in any case, a holistic approach must be adopted so as to link strategic planning in particular resource-based view and project risk management. This approach links project risks to anticipated costs (Govan and Ivan 2).
Risks occur throughout the project lifecycle. In planning and design phase, risks may occur because of uncertainties in the pricing of the overall project and in what quantities of units will be needed to complete the project. The estimates of pricing, timelines, scope and the objectives of the project are likely to affect the overall outcome of the project that is being undertaken. Actual project construction is normally associated with uncertainties of ambiguous user requirements of the project that is to be undertaken. The user requirements sometimes keep changing and this is likely to affect the final software product since changing functional requirements of an IT project is likely to change the scope of the project. When the completed software is system is deployed, project team members are likely to be worried if it will be accepted by the intended users and how they will manage the change that is anticipated. In all the phases of a project lifecycle, project team members are likely to be worried about one or multiple factors that are related to scope, budget, quality and costs of the project.
Risk Management in IT and Construction
Common risks within an IT project environment could result from human errors from project team members. This risk can be mitigated by recruiting qualified persons to take part in the software development project, adopting a peer review model in the deliverables and forming cohesive teams that will work on a particular project. Risks come from unrealistic schedules and budget, and this risk can be mitigated through reuse of codes, incremental development and use of business case models to find out the requirements of the project accurately. Risks can also come from the use of standard software in which case, risks can be mitigated from prototyping, benchmarking, installations and compatibility analysis before installation of business software is done on any hardware. Other risks may be caused by development functions as well as requirements that do not match the needs of the business. These risks can be mitigated through prototyping and description of the system from early stages using business-case analysis. The user interface for a completed IT system and this should be mitigated through the development of scenarios before the real system is developed. Users sometimes constantly alter the requirements of the system which may not be possible to implement given inadequate architecture of the client. These risks can be mitigated by business modeling, simulation, and planning for change within an environment where it will be implemented.
Risk management mostly deals with behaviors that prove risks are a top priority for project managers. Risk management strategies are aimed at preventing negative risks becoming a hindrance to accomplishing the goals of the project while maximizing opportunities from positive risks. Risk management involves considerable collaboration between all project stakeholders and project team members where risk management strategies are reviewed periodically for monitoring of their effectiveness in the project being undertaken. Before a risk is properly managed, it is first identified, understood, analyzed and described. All risk management approaches are aimed at maximizing the effectiveness and efficiency of the project.
Risk management process involves main activities that are carried out in risk management planning, risk identification process, risk analysis, risk registration, risk allocation and risk reporting and monitoring. Risk management planning involves deciding the tools, approaches, and method of executing risk management activities of the project being undertaken. In risk management planning, project managers have the responsibility of establishing the contexts in an organization through which risks occur. Normally, organizations have a broad scope of risk management in a project, some of which goes beyond the control of the organization’s management. Risks outside the scope and boundaries of primary objectives of the project being undertaken demand it is dwelt with by senior business executives, in which case it may delay the progress and performance of the IT project. However, when defining the context of a project, it must be confined to projects quality, schedule, budget and mission to be accomplished.
Risk identification for IT projects entails listing potential risks for the project to be undertaken through creative methods such as brainstorming as well as analytical methods. In this process, a risk checklist is most suitable to complete this process (DIDRAGA 92). Identification of IT project risks can be made easier through systems, events and conditions that point to the presence of a risk within that project. Project managers need to be careful as to identify true risks and not risk indicators. The identified risks should then be properly documented, as it is from this document that subsequent steps in designing methods and approaches that are needed to mitigate risks are drawn from.
Risk analysis process is a stage that determines the probability of an occurrence of the risks and its potential impact on the project. Effective risk management analysis stage in IT Projects demands that project managers objectively quantify the risks impacts of the identified risks. This is done by determining the substantial costs that are likely to be associated with the project delay, enlarged project scope as well as costs overruns that the project team has already incurred (Rabechini and Marly 2). This gives the project leaders an overview of what they should prioritize in the risk management plan. Risk analysis should also include an examination of how regulatory changes within the jurisdiction that the IT project team is operating in are likely to affect the performance and delivering the required system software for the project.
On the other hand, the risk registration stage involves specifying the anticipated sequence of risks and how they will be dwelt with. Here, the losses as a result of the occurrence of the risk events are qualitatively evaluated. Risk registration has an objective of prioritizing high-impact risks. Risk allocation plan will then be developed with a true reflection of risks that cannot be rescheduled as delays would result in huge economic losses to the organization from the IT project that is being carried out. This makes it possible for the risk management strategy to yield highly by focusing more efforts on high-impact risks. The risk is first registered based on the actual impact it will have on the project and then followed by the probability of its occurrence. Risk allocation stage makes use of risk prioritization schemes that include Monte Carlo simulation model. This stage is where actions to mitigate risks are initiated.
The risk reporting and monitoring stage is where evaluation of the efficiency of the instituted countermeasures is done. It makes use of risk monitoring metrics that were developed during the risk planning stage of the project. In risk reporting risk awareness is created, risk priorities defined, commitment is created, a positive feeling about the risk is created and clarifying the expectations of the risks done (DIDRAGA 92). Risk monitoring is implemented using tactical or strategic approaches. Tactical monitoring is typically conducted during day-to-day operations of the IT project team. In this approach, performance measures are taken, actual performance noted and trigger points evaluated. Tactical monitoring of risks has objectives of evaluating whether the risk treatment plan has capabilities of effectively mitigating risks in the project lifetime. It makes a comparison between the actual progress of the project against the preset performance measures and when trigger points have been noted, the project manager will activate the actions that are needed so that projects will be efficiently completed. Risk control is implemented as a general management review when company executives are conducting internal and external audits, usually at the end of an IT project (DIDRAGA 92). It mainly deals with long-term improvements on the project that has already been delivered to the positive. Strategic monitoring makes extensive use of patterns as well as anomalies in designing a risk input model.
Hazards of Ignoring Risks
Sometimes when IT project managers are faced with multiple risks and uncertainties in the project, they fail to carry out a detailed analysis of the challenges facing the project and ends up affecting the ultimate goals of the project. Risks have a potential to affect the ability of a project manager to effectively meet project’s predefined scope, costs and time objectives (Kutsch and Mark 254). While it is true that mental errors can often mislead a person when they are making budget estimate schedule, when doing resources planning, and when making management decisions, it should be noted that project managers need to be careful in responding to the potential risks that have been identified so that the team will successfully manage the project. Recent research findings show that most IT projects in the world fail because project managers failed to respond appropriately to the risk indicators and true risks that had already been identified for the project. In particular, it was noted that project managers who fail to respond to risks signals end up with collapsed projects that overrun budgets, exceed the time that had been allocated for it and the quality of the final software product is usually relatively low. Project failures are defined as when the final software product does not meet the threshold expectation of the client and also misses the deployment deadline significantly. IT projects fail when project managers ignore to identify the real sponsors of the project, do not produce a formal project and risk management plan and do not define the scope of the project.
It is a well-known fact that information systems projects fail mainly because of project aims that have not been stated and documented well, poor structure of the project team, project management disciplinary measures that are insufficient, project team members with inadequate technical knowledge, disengagement between project teams and stakeholders, and increased project costs that had not been anticipated (Govan and Ivan 6).
Most often, when project managers do not ignore risk indicators, they fail to gain the support of the executive and therefore the team will not have the authority to achieve its objectives. Lack of this support means the project does not materialize as these executives do not get engaged in making critical decisions that define the progress of the project. Failing to adopt a risk management approach means facilitating a conflict between stakeholders and the project team which is likely to cause a disruption to the overall progress of the project. The disconnect between project managers and stakeholders creates mistrust between the project sponsors and the project team; thus, budgets that may be required are sometimes not availed. Failing to respond to risks within an IT project makes it possible to broaden or narrow the scope of the project as in most cases. This is because user requirements keep on increasing without subsequent changes in the budget or the timelines for delivering the project. Other times, failing to adopt a risk management approach makes it possible to make an error or omit some issues in the problem definition thus the resulting software product will not sufficiently satisfy the needs of the users.
Examples of risk management failures in IT Projects
A good example of a failed IT project happened in 2005 when Virtual case project that was owned by Federal Bureau of Investigation in the United States failed to take off. It did not meet the requirements of the FBI, and the organization ended up losing $ 170 Million in the process despite the project having been operational for five years. FBI had outsourced a private company to overhaul legacy systems that it had been using for its operation. The contracted company had no capacity to deliver according to the needs FBI and with no documentation of what the company had already performed, the project objectives were not met by the time a decision was reached to close the project. This gives an example of an IT project that was unsuccessful for failure to manage risks efficiently. If the project managers at virtual case had sufficiently implemented a risk management approach and followed it, the error could have been averted. These failures show how costly failing to adhere and responding to risks can be costly to clients’ business environment as well as the reputation of the company (Rabechini and Marly 1).
Conclusion
IT projects, especially those dealing with optimization of key business processes, need to be under tight configurations, within budget, timelines and better yet they must reflect the need of the business in which they are designed for. Software development environment has also become complex, often with project team members working remotely and yet they must deliver complex software systems. Migrating between legacy systems and /to custom software systems also contributes significantly to increase of risks with an IT project environment. Therefore, this has made the risk management process a critical part in managing critical aspects of current IT projects.
Risk management practices have methods, processes, and tools that are used in managing risks within a project. In IT projects, risk management provides a disciplined environment that is conducive to proactive decision making as regards to continuously assessing risks with IT projects, determining what risks are more important to deal with first and in implementing strategies that will be used in dealing with the risks (DIDRAGA 87). Researchers agree that in IT project management, there is a need for a cultural shift from crisis management to a more proactive decision-making approach that is suitable in avoiding errors in software development before they arise. Project teams will be required to anticipate risks in all the phases of IT projects and manage them accordingly, thereby successfully delivering software products that satisfy the needs of a customer within limited budgets, strict timelines and narrow scopes. To avoid adverse effects of poor mental decisions when making developing project plans, project managers need to ensure that they implement a well-defined decision as well as a risk analysis model. This will greatly reduce the impacts of risks to the operation of business when the software product has been delivered.
Works Cited
DIDRAGA, Otniel. "The Role and the Effects of Risk Management in IT Projects Success." Informatica Economica 17.1/2013 (2013): 86-98. Print.
Govan, Paul, and Ivan Damnjanovic. "The Resource-Based View on Project Risk Management." Journal of Construction Engineering and Management (2016): 02-08. Print.
Kutsch, Elmar, and Mark Hall. "Deliberate ignorance in project risk management." International Journal of Project Management 28.3 (2010): 245-255. Print.
Rabechini Junior, Roque, and Marly Monteiro de Carvalho. "Understanding the Impact of Project Risk Management on Project Performance: An Empirical Study." Journal of Technology Management & Innovation 8 (2013): 01-15. Print.