Evaluating systems projects is never easy, but over the years I've learned that—more than any other factor—an accurate risk assessment contributes to project success.
When risk is addressed up front, the likelihood of a project meeting its goals increases dramatically. A preproject risk assessment is a structured process that identifies, evaluates and tries to control risk factors.
Start by imagining the worst that could happen in the project. Classify these risks in ways that are most relevant to your organization. Often the risks will fall into one of four categories: alignment, process, accountability or resources. Finally, figure out what you can do to decrease the number and likelihood of the risk factors.
Let's explore a few typical risks for a hypothetical Voice over Internet Protocol (VoIP) system implementation and how they might be addressed.
• Alignment: Not all project risks are related to technology. People and their behaviors can be risks as well.
Projects often fail because the potential impact is not understood or users are not aligned with project goals. Have you defined the project clearly so that everyone understands how it will affect their organization? How receptive are your people to the new VoIP system? They may feel threatened by the project. You need to identify and understand their concerns and then address them.
• Process: Have you identified what's wrong with your current process? Are there things that you need to improve before beginning the new project?
If your purchasing processes are subpar, for instance, you'll gain nothing by porting an inefficient process to a new technology. Spend the time initially to identify the strengths and weaknesses of your current processes before deploying the new technology.
• Accountability: The type of project will affect how you evaluate and distribute risk.
The risks associated with a desktop upgrade, for example, are different than those for installing a VoIP system. It's especially important in the case of high-risk, high-reward projects that you clearly assign responsibility for the work and then reward those responsible with increased compensation and bonuses when they meet preset milestones.
If you hire an outside vendor, use a risk-reward contract to clearly align the vendor's interests with your goals.
• Resources: You should also realistically weigh all factors tied to other things happening within your company.
Is the project at risk because extra people or expertise are needed? Are you budgeting enough? What can you do if the project goes over budget or falls off schedule? What is the impact to the company if you shift resources from one project to another? How long will it take to bring new team members up to speed?
To help you prioritize the risks and keep things in perspective, work up real cost estimates for each one. You can do this by multiplying the probability of the risk occurring by the cost if it did occur.
For example, in the case of our fictitious VoIP project, if there's a 25 percent chance that the procurement staff will be slow to embrace the new technology and we estimate that slow adoption will cost the company $100,000, then the real cost estimate for this risk is $25,000.
And finally, expect things to change. More often than not, some event or someone will change the scope or definition of the project, so be prepared to react quickly, re-evaluate risks and respond.
But regardless of how many times you have to adjust, being aware of your risks and taking steps to mitigate them will improve the project's chances for success and its probable return on investment.