The 4 Types of Risk faced by IT Project Managers
Risk has and always will be a part of project work and every project must address it. In our research we’ve found that an overwhelming number of project failures also had poor risk management. However, in IT projects, it appears that risk is larger, less predictable, more varied and ubiquitous. Also risk is magnified by the complexities in modern businesses and the every increasing demand to move faster and do more with less.
Risk management is an important aspect of IT project management. In a recent book by risk management expert Russell Walker (“Winning with Risk Management”), several case studies are presented along with the history of and recommendations for improved risk management. Project managers need to address risks and uncertainties from the earliest stages of project initiation in order to keep control of their projects.
So, what is risk? In this article we look at 4 different categories of risk:
• Finite, and/or
Explicit project risks are those that are known to the project manager. For instance, s/he may know that a weather event may impact the delivery of equipment. While it may be difficult to calculate the direct cost of the delay to the project, the late delivery is still an explicit risk because it is known in advance.
Conversely, implicit risks often cannot be separated from broader business decisions. It is extremely difficult to calculate the potential cost to the project of an implicit risk because the event might be quite complex or based upon a series of linked (contingency) events. However, many implicit risks are readily accepted as a “cost of doing business.” An implicit risk in IT projects, for example, involves workforce retention. The project manager will assume that the programmers and technologists will be available for the life of the project despite the implicit risk of employees leaving the company or severe illness striking a key staff member.
Finite risks are those that are limited in nature. Normally, the limitation is tied to a level of investment. For example, bank loans are finite risks as the amount of loss is limited by the loan amount. In IT project management, finite risks involve items such as software licenses with periodic renewals. The maximum amount of the investment is limited to the annual renewal fee.
Finally, projects need to be especially wary of introducing persistent risks. Technology allows data on customers to be readily accessible for the firm’s marketing purposes yet also exposes a vulnerability of network security. IT projects can inadvertently build persistent risks into a project by allowing impacts over a long period of time which could damage a brand’s reputation or a firm’s ability to gain operating authority.
Project management normally dictates planning, executing, and monitoring and controlling the project iteratively throughout the life of a project. Risk management is often considered an activity within the execution phase. However, continuously identifying and classifying risks (explicit, implicit, finite, or persistent) throughout the life of a project can help to resolve issues before they grow too large. Risk identification allows projects to achieve competitive advantage in both cost and schedule aspects.
IT project management faces multiple challenges in getting the technical product and the market right. An added complexity for project managers is the attention required to effectively manage project risks throughout the life cycle of the project. For more information on project management and risk management, please contact us.