PROJECT MANAGEMENT RISKS IN IT PROJECTS

Project Management Risks In It Projects



Project Management Risks In It Projects

Introduction

Is risk management up to the task of improving outcomes in IT projects? If you believe some of the industry surveys on project success rates you could be excused for being unsure.

IT projects are high risk activities, generating variable performance outcomes (Charette, 2005). Industry surveys suggest that only about a quarter of IT projects succeed outright (that is, they complete as scheduled, budgeted and specified), and billions of dollars are lost annually through project failures or projects that do not deliver promised benefits ([Charette, 2005] and [Johnson, 2006]). Evidence suggests that this is a global issue (KPMG, 2005), impacting private and public sector organizations alike (Sauer and Cuthbertson, 2003).

The promise of risk management in commercial IT projects is that it can improve project outcomes (consideration of specialist domains such as safety-critical systems is not included in this study). According to the literature (Simister, 2004), risk management can lead to a range of project and organizational benefits including:

• identification of favorable alternative courses of action;

• increased confidence in achieving project objectives;

• improved chances of success;

• reduced surprises;

• more precise estimates (through reduced uncertainty);

• reduced duplication of effort (through team awareness of risk control actions).

Project -related risk management has attracted a steady stream of interest in the academic literature (Taylor, 2006), practice-based methods (e.g., CMMI and PRINCE2), and standards (e.g., PMBOK and AS/NZS 4360:2004). Industry survey data suggests that while there has been some improvement in project success rates, IT projects are still more likely to fail on some key performance criterion than succeed outright ([Johnson, 2006] and [Rubenstein, 2007]).

Why Are Risk And Risk Management Important?

Conceptually, from the organizational perspective, risk arises when organizations pursue opportunities in the face of uncertainty, constrained by capability and cost. The challenge is to find a position on each of these dimensions that, in combination, represents a risk profile that is appropriate to the initiative and acceptable to internal and external stakeholders. Consequently, risk and risk management are strategic and governance issues that usually involve a compromise: a risk -averse strategy can limit distinctive achievement; however, a risk -embracing strategy can increase project losses. Explicitly managing this balance is often under-played or overlooked in the pursuit of desired goals (Charette, 2005).

At the project level, IT projects have long been recognized as high- risk ventures prone to failure Boehm and Ross (1989) argue that there are two classes of IT project risk: generic risks common to all projects, and project -specific risks. Some of these risks are easy to identify and manage. Others are less obvious or it is more difficult to predict their likelihood and/or impact. This is complicated by multiple project dimensions including size, structure, complexity, composition, context, novelty, long planning and execution horizons, and volatile change. Therefore, risk management in IT projects is important to: help avoid disasters; avoid rework; focus and balance effort; and stimulate win-win situations. While not all risks have their source in IT ...