Triggering Your Way to Risk Management Success!
Published in the Project Post-Gazette, January 2014
by Cheryl A. Wilson, PMP, PMI-RMP, CCEP
- What is project risk?
- Why not all uncertainty is project risk?
- What are causes and how to manage them?
- What is an issue?
This month we will dive into the topic of “what is a risk trigger?”
By now, nearly every American has heard about the tales of the roll out of the healthcare.gov web site in support of the Affordable Care Act in the USA. From the first reports, one out of five users was able to sign on to the site. Reports of poor performance and unavailable systems were reality for those of us that tried to use the website. Even when the project went from a normal project into a trouble project mode and the additional surge of technical resource were added, deadlines passed and the project success continued to be gloomy.
As a risk professional, what saddened me was the numerous reports that came out indicating the shrugged shoulders and comments that “things happen” with rollouts of large IT projects.
The PPG has reported on several occasions the statistics from the Standish Group of the percentages of failed projects. The 1995 study, indicated that only about 17% of IT projects could be considered “fully successful”, over 52% were “challenged” (they did not meet the project constraints of budget, time or quality) and 30% were “impaired or failed.”
More recently, ComputerWorld said that the Standish Group study examined 3,555 IT projects between 2003 and 2012 that had labor costs of at least $10 million and found that only 6.4% of them were successful.
So is IT failure the new norm in that we expect that most of our projects will fail?
Post-mortems report the same issues that most IT projects face:
- Poor project sponsorship support
- Confusing or changing requirements
- Inadequate skills or resources
- Poor design or inappropriate use of new technology
It is not the above IT issues that cause project failure because these are the same IT issues that have been documented for every IT project for years. It is the lack of a proactive risk management environment that is based on well defined deliverables, lessons learned from previous completed projects, and risk assessments completed prior to the project start with subject matter experts (SME) to determine mitigation strategies from the historical evidence.
A well-formed risk management environment is proactive and contains the following attributes:
- Risks are uncertain future events that if triggered into reality will cause a negative impact to the production of the project’s ‘fit-for-use’ deliverables.
- Risk causes are events or conditions that make the risk a negative impact to the deliverables, but they are not the risks themselves. Causes are events and conditions that fall within our normal daily project management prevue since we were able to identify them and know exactly how to reduce their impact on our project deliverables. It is important to remember not to confuse causes with the risk themselves (the effect).
- Managing the causes to your risks is a very proactive approach and yet many PM never identify the causes. Lessons learned from previous projects should have captured many of the causes of risks and will be critical information even at the start of your projects.
Another attribute of a proactive risk management environment is the identification of risk triggers. Risk triggers are the future events that turn a risk potential into a reality called an issue. Triggers are those events that if allowed to occur have a catalytic impact on the risks themselves. They cause the risk to transform from a potential energy state to a kinetic energy state where the now labeled an issue that is causing real time negative impact to the project’s deliverables. Triggers again are often mistaken for risks, but remember triggers are associated with the risk not the deliverable – only risks are associated with the deliverable.
As many IT projects face the same risk potentials, a proactive approach to identifying the causes of the risks, identifying the risk triggers and working with the SME from the start of the project can likely improve the organization’s project success rates.