Risk Management in IT Projects
By Yahya Alsemaiyen on Sunday, May 17 2009, 23:23 - Business and Software - Permalink
Managing projects in dynamically moving or challenging environments is a time and resource consuming task. Applying any change in an application could lead into unexpected results that add more cost than the planned one. There are many unwanted results and situations around any project that could be caused by expected and unexpected causes. Such results and situations are called “risks”; they can be managed and eliminated by following number of rules from the early beginning of the project.
The first rule is to make risk management part of the project. It should never be ignored or it won’t be possible to overcome the risk when it happens. After that, all risks associated with the project should be identified from two sources: people source which includes team members and other experts with this kind of project, and paper source which starts from project plan, business case, specialized websites and resource planning. The whole project should be explored to identify any area of uncertainty. When combining number of identifying methods, more risks will be identified and less unexpected risks might be faced.
Project managers should communicate with people around them to reduce the possibility of experiencing a risk that someone else knew about. Also, risk communication should include project sponsors and stakeholders to reduce the surprise effect. At this point, it should be clear that who owns what (ownership). In case of an issue, it should be clear who is responsible and who should pay for it. This will attract the attention from the higher management as payment is included.
Risks should be prioritized to associate the suitable response with each risk. Project manager should look for any show-stopper in his project and arrange for. Priority might be according to the impact and the frequency of occurrences. Risks can be reviewed periodically and re-prioritized accordingly but without driving the project into missy state with too many rearrangements. After that, each risk must go into analysis state with a comprehensive study of its causes and effects. This is critical to help the management organize the proper response and decrease the circumstances that increase the likelihood. It should be specified how each area of uncertainty may affect the performance of the project. Note that the assessment should not consume effort that is equivalent or more than the effort required to resolve the risk if it happens.
Now, taking the control over the risks comes after the assessment done before. The previous steps help in planning mitigate the risks by: avoiding the risk, minimizing the risk, or accepting the risk. Each response is associated with the type of risk, its impact and the available efforts to overcome. Also, we should not forget that all plans should be documented. At this stage, a comprehensive archive should be created to include all registrations about risks. For each risk, maintain a log to monitor and view the progress. It is a good communication tool for everyone to know what is going on. A typical log should include at least risk description and ownership information.
At the end, it is essential to keep tracking risks and associated tasks as it is a day-to-day job of the project manager. Tracking the risks include integrating the risks with tasks, identifying the risks and generating suitable responses.
Project managers should communicate with people around them to reduce the possibility of experiencing a risk that someone else knew about. Also, risk communication should include project sponsors and stakeholders to reduce the surprise effect. At this point, it should be clear that who owns what (ownership). In case of an issue, it should be clear who is responsible and who should pay for it. This will attract the attention from the higher management as payment is included.
Risks should be prioritized to associate the suitable response with each risk. Project manager should look for any show-stopper in his project and arrange for. Priority might be according to the impact and the frequency of occurrences. Risks can be reviewed periodically and re-prioritized accordingly but without driving the project into missy state with too many rearrangements. After that, each risk must go into analysis state with a comprehensive study of its causes and effects. This is critical to help the management organize the proper response and decrease the circumstances that increase the likelihood. It should be specified how each area of uncertainty may affect the performance of the project. Note that the assessment should not consume effort that is equivalent or more than the effort required to resolve the risk if it happens.
Now, taking the control over the risks comes after the assessment done before. The previous steps help in planning mitigate the risks by: avoiding the risk, minimizing the risk, or accepting the risk. Each response is associated with the type of risk, its impact and the available efforts to overcome. Also, we should not forget that all plans should be documented. At this stage, a comprehensive archive should be created to include all registrations about risks. For each risk, maintain a log to monitor and view the progress. It is a good communication tool for everyone to know what is going on. A typical log should include at least risk description and ownership information.
At the end, it is essential to keep tracking risks and associated tasks as it is a day-to-day job of the project manager. Tracking the risks include integrating the risks with tasks, identifying the risks and generating suitable responses.