Risk e-Views Vol 17 March 2012 – Risk Leadership: Driving IT to Drive Business Success

Have you ever wondered why humanity could put a man on the moon in 1969, yet we can’t get even half of our IT projects delivered on time, within budget and delivering at least most of the promised benefits? Did we have “a can do/must do attitude” with the moon mission and do we have a “it’s complex so don’t expect too much” attitude in IT? Does the IT industry accept mediocrity far too easily?

Whether you accept the claim that mediocrity prevails in IT, the reality is organisations are not effectively managing the uncertainty around their investments in IT. That is, they are not effectively managing risk.

The key drivers of uncertainty, and hence failure, of IT projects include unrealistic time frames and budgets, scope change by the customer and of course complexity. These drivers are well documented across numerous studies of IT failure and the failure to manage risk is often highlighted. The problem is that failing to manage risk is actually failing to manage the uncertainty created by these other drivers, so management of risk should be seen as a fundamental aspect to any IT project. The typical IT Risk methodology is often a box ticking exercise, focussing on project delivery risks (eg timeframes, budgets and sponsor support) and only identifies risks known to the project team.

As a Risk Leader, you need to pull your IT project teams out of this mediocrity and box ticking approach by introducing new rigour into your IT Risk methodology using these three steps:


1. Improve engagement with the project team on risk assessment to comprehensively identify the most critical risks and introduce independent risk assessments of major projects. Don’t let the project manager simply write down what the project team already knows;

2. Develop a better understanding of risk appetite and the risk profile for a project for more informed decision-making by project boards or steering committees;

3. Focus on project benefits (eg alignment with needs, usability and maintainability), not just project delivery risks (eg timeframes, budgets and sponsor support).


As a Risk Leader, you must lead your IT project boards and project teams towards understanding that Risk Management is not about putting a hand-brake on business, it is about driving business success.