I want to talk about risk in IT projects.
I don't feel we do a good enough job assessing risk and constantly staying on top of it.
Why?
IT Project Managers are under enormous pressure to deliver so looking only at the sunny day scenarios gives them a sense of optimism. Dates are then promised based on this scenario and everything is done to make that date. Risks are ignored, hoping they'll go away. Turning a blind eye is easier and then throwing your hands in the air is the final resort when the realization hits that there's no way you're going to make that date.
The nature of risk is that it's neither good nor bad. It just is. And it always exists. Hence it needs to be managed. Ignoring risk imperils projects, plain & simple. Another aspect of risk and more important, is that it constantly changes. Staffing changes can occur -> Risk occurs. A project can move from the requirements stage to the design change -> Risk occurs. In fact, every single day a new risk can reveal itself. Therefore, it is important to be constantly assessing for risk.
In simple terms, managing risk basically means staying on top of your project. You just can't do all your planning, baselining, draw your Gantt charts and say "GO!". After you put the ball in motion you have to watch where it goes constantly and re-adjust yourself, and your team (Tennis analogy anyone?)
So the first piece is to constantly monitor risk. That part requires vigilance for the duration of the project. You can do this via using checklists, talking to people, going to training, asking questions, etc. The 2nd and most often-neglected piece is to mitigate the risk. Identifying risks is not enough. Sometimes a risk makes itself apparent to you and everyone else and if it actually does occur, people tend to throw their hands in the air and complain and the project fails to move forward until it gets escalated. Someone from high on up chimes in and then the project starts to move again.
This is bad. Your boss or boss's boss shouldn't be managing your project.
The key is to assess the risk earlier and have a mitigating plan in place to deal with the risk. That way, if the risk actually does occur, you can follow the plan. Remember: to fail to plan is to plan to fail.
I find that there's not a lot of mitigation planning going on. Risks are usually left unattended. I've done this personally. I hadn't even realized I was doing this until some recent experiences have burned me.
Mitigation of risks is an extra step after identifying the risk and requires further research and thought. You need to reach out to others for help to see what can be done, who can act as backup, etc. It all seems like extra work beyond the actual work needed to get the project done. Perhaps this is why it is neglected. But it is absolutely crucial to do.
Overworked and juggling too many projects? That is a risk. Some projects need a dedicated Project Manager to see them through. Identify that as a risk and tell your boss or PMO. If they are made aware of it, they can remedy it.
More later...
No comments:
Post a Comment