Question

What are the main risks that IT projects deal with during their life cycle? bring an example from real world.

Answer 1

The project manager and project team have one shared goal: to carry out the work of the project for the purpose of meeting the project’s objectives. Every project has a beginning, a middle period during which activities move the project toward completion, and an ending. A standard project typically has the following four major phases such as initiation, planning, implementation, and closure. Taken together, these phases represent the path a project takes from the beginning to its end and are generally referred to as the project “life cycle.”

Initiation Phase

During the first of these phases, the initiation phase, the project objective or need is identified; this can be a business problem or opportunity. An appropriate response to the need is documented in a business case with recommended solution options. A feasibility study is conducted to investigate whether each option addresses the project objective and a final recommended solution is determined.

Once the recommended solution is approved, a project is initiated to deliver the approved solution and a project manager is appointed. The major deliverables and the participating work groups are identified, and the project team begins to take shape. Approval is then sought by the project manager to move onto the detailed planning phase.

Planning Phase

The next phase, the planning phase, is where the project solution is further developed in as much detail as possible and the steps necessary to meet the project’s objective are planned. In this step, the team identifies all of the work to be done. The project’s tasks and resource requirements are identified, along with the strategy for producing them. This is also referred to as “scope management.” A project plan is created outlining the activities, tasks, dependencies, and timeframes. The project manager coordinates the preparation of a project budget by providing cost estimates for the labour, equipment, and materials costs. The budget is used to monitor and control cost expenditures during project implementation.

Once the project team has identified the work, prepared the schedule, and estimated the costs, the three fundamental components of the planning process are complete. This is an excellent time to identify and try to deal with anything that might pose a threat to the successful completion of the project. This is called risk management. In risk management, “high-threat” potential problems are identified along with the action that is to be taken on each high-threat potential problem, either to reduce the probability that the problem will occur or to reduce the impact on the project if it does occur. This is also a good time to identify all project stakeholders and establish a communication plan describing the information needed and the delivery method to be used to keep the stakeholders informed.

Finally, you will want to document a quality plan, providing quality targets, assurance, and control measures, along with an acceptance plan, listing the criteria to be met to gain customer acceptance. At this point, the project would have been planned in detail and is ready to be executed.

Implementation Phase

During the third phase, the implementation phase, the project plan is put into motion and the work of the project is performed. It is important to maintain control and communicate as needed during implementation. Progress is continuously monitored and appropriate adjustments are made and recorded as variances from the original plan. In any project, a project manager spends most of the time in this step. During project implementation, people are carrying out the tasks, and progress information is being reported through regular team meetings. The project manager uses this information to maintain control over the direction of the project by comparing the progress reports with the project plan to measure the performance of the project activities and take corrective action as needed. The first course of action should always be to bring the project back on course i.e. to return it to the original plan. If that cannot happen, the team should record variations from the original plan and record and publish modifications to the plan. Throughout this step, project sponsors and other key stakeholders should be kept informed of the project’s status according to the agreed-on frequency and format of communication. The plan should be updated and published on a regular basis.

Status reports should always emphasize the anticipated end point in terms of cost, schedule, and quality of deliverables. Each project deliverable produced should be reviewed for quality and measured against the acceptance criteria. Once all of the deliverables have been produced and the customer has accepted the final solution, the project is ready for closure.

Closing Phase

During the final closure, or completion phase, the emphasis is on releasing the final deliverables to the customer, handing over project documentation to the business, terminating supplier contracts, releasing project resources, and communicating the closure of the project to all stakeholders. The last remaining step is to conduct lessons-learned studies to examine what went well and what didn’t. Through this type of analysis, the wisdom of experience is transferred back to the project organization, which will help future project teams.

Risk management is a systematic, proactive approach towards all possible risks, and taking measures to manage them. Risk management is a process where you identify the risks, and develop a strategy to manage them.

Managing risks on projects is a process that includes risk assessment and a mitigation strategy for those risks. Risk assessment includes both the identification of potential risk and the evaluation of the potential impact of the risk. A risk mitigation plan is designed to eliminate or minimize the impact of the risk events and the occurrences that have a negative impact on the project. Identifying risk is both a creative and a disciplined process. The creative process includes brainstorming sessions where the team is asked to create a list of everything that could go wrong.

Correlation between the project lifecycle and risk management process

Each stage of the lifecycle should have all possible risks to be identified and measured in terms of their impact on the particular stage of the project lifecycle. Second, the risk mitigation plan for each stage of the project lifecycle should be elaborated and implemented respectively to the implementation of the project and progress of its lifecycle. Third, the contingency plan should be developed for each stage of the project lifecycle to ensure that the project management team will come prepared to confront risks and introduce reserves and extra funding and other resources to deal with risks, if the prepared risk mitigation plan fails. Finally, the project management team should elaborate the general risk mitigation plan along with the contingency plan that will help to plan the risk management for the entire project lifecycle.

Common IT Project Risk Examples

Every IT project is different but the risk scenarios are strikingly similar. Here are some very common IT project risk examples:

For most IT projects, we can define following real life risk examples:

• New, unproven technologies
• User and functional requirements
• Application and system architecture
• Performance
• Organizational

New, unproven technologies. The majority of software projects entail the use of new technologies. Ever-changing tools, techniques, protocols, standards, and development systems increase the probability that technology risks will arise in virtually any substantial software engineering effort. Training and knowledge are of critical importance, and the improper use of new technology most often leads directly to project failure.

User and functional requirements. Software requirements capture all user needs with respect to the software system features, functions, and quality of service. Too often, the process of requirements definition is lengthy, tedious, and complex. Moreover, requirements usually change with discovery, prototyping, and integration activities. Change in elemental requirements will likely propagate throughout the entire project, and modifications to user requirements might not translate to functional requirements. These disruptions often lead to one or more critical failures of a poorly-planned software development project.

Application and system architecture. Taking the wrong direction with a platform, component, or architecture can have disastrous consequences. As with the technological risks, it is vital that the team includes experts who understand the architecture and have the capability to make sound design choices.

Performance. It’s important to ensure that any risk management plan encompasses user and partner expectations on performance. Consideration must be given to benchmarks and threshold testing throughout the project to ensure that the work products are moving in the right direction.

Organizational. Organizational problems may have adverse effects on project outcomes. Project management must plan for efficient execution of the project, and find a balance between the needs of the development team and the expectations of the customers. Of course, adequate staffing includes choosing team members with skill sets that are a good match with the project.

The other main risks in IT projects are as follows

Mid-project change in scope. Changes in scope are frequent in IT projects and to some extent they are quite logical, no matter how detailed your specification is, there are always suggestions that come after you have started the implementation. The problem starts, when these suggestions demand radical changes. This is especially unpleasant when you are in the middle of the project and actually the choices you have are either to reject the changes, or to trash most of what you have done up to here and go back to implement the new requests. Such change requests can turn any schedule upside down.

Going behind schedule due to unforeseen complications. Even if there are no mid-project changes in scope, unforeseen technical complications can also turn the project upside down.

The other major risk factors are Project Size, Project Structure and Experience with technology with which these projects will be implemented. All these three factors must be perfectly planned out for successful project end delivery

Risk Management Plan

After cataloging all of the risks according to type, the software development project manager should craft a risk management plan. As part of a larger, comprehensive project plan, the risk management plan outlines the response that will be taken for each risk if it materializes.

It is important to identify risks to your IT systems and data, to reduce or manage those risks, and to develop a response plan in the event of an IT crisis. Business owners have legal obligations in relation to privacy, electronic transactions, and staff training that influence IT risk management strategies.

IT risks include hardware and software failure, human error, spam, viruses and malicious attacks, as well as natural disasters such as fires, cyclones or floods.

You can manage IT risks by completing a business risk assessment. Having a business continuity plan can help your business recover from an IT incident

Monitor and Mitigate

To be effective, software risk monitoring has to be integral with most project activities. Essentially, this means frequent checking during project meetings and critical events.

Monitoring includes:

• Publish project status reports and include risk management issues
• Revise risk plans according to any major changes in project schedule
• Review and reprioritize risks, eliminating those with lowest probability
• Brainstorm on potentially new risks after changes to project schedule or scope

Steps to IT Risk Management

• Identify the Risk: You can’t prepare for risk without first figuring out, to the best of your ability, where and when it might arise.
• Analyze the Risk: Once you’ve identified risk, you then must analyze it and discern if it’s big, small or minimal in its impact.
• Evaluate and Rank the Risk: Once we evaluate the impact of risks and prioritize them, we can begin to develop strategies to control them.
• Respond to the Risk: After all this, if the risk becomes an actual issue, then we’re no longer in the theoretical realm. It’s time for action.
• Monitor & Review the Risk: Once you act, you must track and review the progress on mitigating the risk.

IT Risk Management Strategies

Strategies are a way to provide a structured approach to identify, access and manage risks. They provide a process to regularly update and review the assessment based on changes.

• Apply Safeguards: This is an avoidance strategy, where the company decides to avoid risk at all costs and focuses a great deal of resources to that end.
• Transfer the Risk: This is a transference strategy, when the company transfers the risk to another entity.
• Reduce the Impact: This is a mitigation strategy, where the company works to reduce the impact of the risk through methodology, teams or whatever resources are at its disposal.
• Accept the Risk: This is an acceptance strategy, where you know there is risk and accept that, so when and if it occurs you can deal with it then and there.

Best Practices for IT Risk Management

Before ending, Jennifer offered these three best practices when managing risk in IT.

1. Evaluate Early & Often: There’s no better time to start on the risk management process than now, so begin early. Remember it is a process and so it will continue throughout the project.
2. Involve Stakeholders: A great resource that is often overlooked are the project stakeholders, who have a unique perspective and can provide insight into areas where risk might arise.
3. Get Signoffs: At every stage of your risk management, get people to sign-off on the strategy, which includes the stakeholders.