30 June 2015 | Updated on 22 August 2022

Time to add risk management to IT projects

IT projects are still failing with depressing regularity – in the past year the Ministry of Justice gave up on a failed £56m IT project while the BBC’s high profile IT project failure cost £98.4m. IT...

Dennis Sheehan, MAPM, MCMI Senior Training Consultant at ILX Group

IT projects are still failing with depressing regularity – in the past year the Ministry of Justice gave up on a failed £56m IT project while the BBC’s high profile IT project failure cost £98.4m. IT projects are continuing to fail for the same reasons they always have –poorly defined requirements, lack of stakeholder engagement, changes in staffing and technology. The fact is, these issues – that have been identified over and over again – would have been spotted at an early stage and could have been handled far more effectively if mature risk management practices had been in place. The need for a risk management approach to IT projects is pressing.

The Royal Academy of Engineering and the BCS has drawn up a definitive list of ‘Challenges of Complex IT Projects’. They found that too often there is no clear link between the project and the organisation’s strategic priorities, including basics such as how the organisation would measure the success of a project. Another issue is the absence of clear senior leadership, combined with failure to engage with stakeholders to understand their needs and their perceptions of risk. There is more – lack of training, knowledge and formal risk tools and techniques are also big challenges.

How will risk management address all these challenges? Start by insisting that objectives are documented and mapped to support organisational goals. That shiny new hardware refresh is not going to happen unless it is part of the wider organisational plan. With the objectives in place, the next step is to look pragmatically at the risks. The usual interpretation of ‘risk’ is as a negative threat – what if a key person leaves or a competitor develops the product first? In fact, risks may also be positive such as opportunities to improve a product or service during development in response to new tech.

IT projects can be long and complex but there is help out there for organisations crying out for a way of ensuring IT projects will progress with a full understanding of the risks. The M_o_R Guidance for Practitioners, derived from the ISO31000 guidance on risk offers advice and practical techniques to help develop a best practice approach to risk management. It provides a complete list of generic risk management roles and responsibilities that can be tailored to suit the project size and complexity. With risk management as the beating heart of IT projects, CIOs will be in a much better place to bring in projects painlessly, on time and on budget.

To find out more about Risk Management click here.