Whenever the word risk comes to mind, it makes a negative image, and we think that the accomplishment of our objective would be adversely affected due to the occurrence of a sudden event. Numerous sources like the threat of project failure, credit risk, accidents, legal liabilities and ups and downs in the financial markets are the factors about which a person thinks whenever he/she is going to work on any project. Basic objective of risk management is to make sure that uncertainty does not divert the attempt from business goals. Identifying the potential risks and coming up with the ideas through which you can coup those risks to make your venture a success is risk management.
Risk can be defined as a situation ending up in negative consequences. As by nature of projects, risks are always there thus managing them is essential, to realise the project smoothly. Risk management is the science of identifying, analysing and managing risks through a project life. If followed properly it provides significant improvements to the outcome of the project from selecting a project to work phase to the completion stage (Talet, Zin, & Hourari, 2014).
Information system projects are developed to implement expanding the range of equipment, run applications, provide services, and basic technologies with a purpose to operate, manage, them and to make well informed, timely decisions and functions in an organisation. Inherent vulnerability and expectations to deliver, the information system projects may lead to failure. Thus risk management is an integral component for the successful completion and smooth running of the projects (Sicotte & Bourgault, 2008).
Information system projects are vulnerable to reduction in resource. Aided by the complexity of technical aspects, interdependencies of systems, system interferences, lifecycle management, miscommunication and misunderstanding between the people involved in the project, sudden or inherent malfunctionings in parts or systems required for the project, advances in the technology can make it difficult to manage a project. These uncertainties and shortcomings in human resource and systems and time frame force the project managers to maximise the available resources to ensure the delivery on time without overshooting the allocated budget.
Information Systems at heart of core business facilitate timely and more accurate management decisions with enhanced ability to foresee, respond to and react to the increasing demand of the marketplace. Vibrant and responsive business strategy centres on an up to date, aggressive, flawless, and efficient utilization of information technology (Bakker, Boonstra, & Wortmann, 2010).
Project risk involves the probability of an event occurring which is likely to affect the project objectives in a negative way measured regarding the likelihood and the magnitude of consequences. Thus managing risk must be at the centre of a project and practised for successful delivery. Risk management in IT projects may be divided into five steps which include: establishing context, risk identification, risk analysis, risk treatment, monitoring, review, communication, and consultation to minimize future events. Risk assessment enables us to establish criteria to evaluate the threats and vulnerabilities which leads to risk mitigation were where the determined risks are eliminated or minimized by planning measures and controlling the outcomes. Finally, risk reassessment evaluates the remaining risk after mitigation steps have been taken to determine the appropriateness of the steps taken and check their viability before the final go (Đurković & Raković, 2009).
In order to deal with risk, strategies are developed to respond to unlikely consequences, which include avoiding or not undertaking the activities that may increase likelihood of an event, reducing the probability of a risk event or reducing the impacts of the event, transfer of risk partly or completely to another party, and retention of risk. Failure to recognize risks specific to a project, recognition that different type of projects involves a different type of risks (Bakker, Boonstra, & Wortmann, 2010).
In IT setting risk may vary in severity, consequence, magnitude, and nature. Thus it is important to identify major risks and understand them and come up with ways for reduction. Conventional sources of risks in IT projects may be many at all the steps from project conception, planning, implementation, and running. Thus the goal of risk management is to perform by properly safeguarding informatics and systems, that process, store or transfer information (Sommerville, 2006).
The IT project may include software development, communicating or implementing a security infrastructure, outsourcing, etc. which are more likely to fail than another type of projects. The risks in the sector are divided into subcategories which include technological risk, financial risk, information risk, security risk, human risk, business process risk, external risk, management risk (Đurković & Raković, 2009).
At the start of a project the project awarded to the contractor may not be skilled enough to carry out the project, litigations in intellectual property rights, friction between the contractor and client, harmful market completion, redundance of the software, human weaknesses, such as personal shortfalls, below par skill of the staff, non supportive political and economic cicrcumstances, addition of unrelated requirments to the final product, application of the software not performing the purposed task, inadequate production system performance, incomplete requirements, poor user interface, management activites and control in the form of unreasonable project scheduling, repeated changes in requirement from the client side, poor leadership, going out of track from the proposed objective by individuals working on the project and more than realistic expectations on behalf of the marketing team, and reduced opportunity due to overshotting of completion time. Though risk are myriad and look cumbersome to follow and deal with in the course of the project. Nevertheless, prioritising and ranking most common and worst help manage the risks effectively without causing an extra burden (Sommerville, 2006).
To manage the risk, there are no hard and fast rule. It can be managed by taking various approaches with equal success. Thus it is at the discretion of the managers who undertake the risk management to favour one method over other taken into account the material, human and financial efforts required.
To reduce the risk of inadequate third-party risks, the contractor can be screened before selection, and after selection monitoring their performance in addition to retaining the right to remove unfit contractors minimises the risk on this issue. Engaging in consultative management, thoroughly communicating the contract conditions, and considering personal attributes before embarking on the project with a contractor can reduce the threat of friction between the client and contractor and litigation risk. To avoid the risk of diminishing opportunity due to late development and delivery of software sound project planning and timely implementation is important, ensuring appropriate provision of resources, and keeping the management on board and managing expectations of various stakeholders this could be achieved. To counter competitors’ risk of capturing the market, managers can come up with plans such as developing customer relationship, keeping and market barriers to a minimum, success at the launch of the product can be made certain. To avoid redundancy of the product, sound business requirements must be taken into account by taking into confidence major stakeholders of the project. To overcome the risk of personal shortfalls, the project manager must plan for resources, keep contingency options open and obtain services from external parties. To avoid mid-route changes on behalf of the client, the requirements and expectations must be properly communicated and addressed. One of the major risks in IT sector is the fitness of the developed application, to ensure the project not lead to failure, development of clear requirements definitions in essential, in addition to reviewing the work in groups. Sometimes the absence of single point accountability makes the stakeholders lacklustre, roles and responsibilities of the involved staff must be described clearly. To tackle the risk of poor leadership, care must be taken in the selection of managers. Conducting group reviews, developing requirement definitions plainly can prevent the risk of developing unwanted software functionalities. Similarly, the risk of over-specification of the product can be minimized by monitoring and review development to baseline design, sticking strongly to required definitions and objectives (Talet, Zin, & Hourari, 2014).
The most useful suggestions to minimize the risk are ones that are easy to implement in a changing and challenging environment, the suggestions to make sure project does not end in failure, or late completion of project, giving authority to a vibrant manager with effective communication skills, in addition to clear communication of the client needs to make sure no mid-route changes have to be made can be very handy and useful for any organization including the one I am currently associated with. The combination of above suggestions can make sure timely completion of projects with minimum setbacks (which cannot be avoided completely) during an action.
No work place is an ideal place, so according to my observations, some of the suggestions given above for risk reductions cannot be implemented in my organization, these include clearing scope definition with the stakeholders due to diverse background and extensive scope of work performed in the workplace; daily monitoring of the project to make sure it is on track is not a viable option yet it could be done on a weekly basis by the team leaders, and last but not least managing the expectations of the stakeholders is not a feasible option due to ever changing nature of the IT market.
Identification of potential risk and coming up with appropriate actions to minimise them is a challenging task in the IT sector. Originating from personal shortcomings to cost, quality, group project, and from tens of other sources further complicate the process of managing risk. The concept of risk management which helps identify and prioritise risks of various magnitudes and levels, help us to minimise and control the factors which may lead to project failure. Risk identification, reduction, and proper communication is a way to ensure the successful and timely completion of projects with the planned outcomes. In this regard forming a checklist and referring to it throughout the lifecycle of the project could help us implement the risk management tool properly and effectively.
Bakker, K., Boonstra, A., & Wortmann, H. (2010). How risk management influences IT project success. IRNOP IX Conference. Berlin.
Đurković, O., & Raković, L. (2009). Risks in Information Systems Development Projects. Management Information Systems, 4, 013-019.
Sicotte, H., & Bourgault, M. (2008). Dimensions of uncertainty and their moderating effect on new product development project performance. R&D Management, 38(5), 468-79.
Sommerville, I. (2006). Software Engineering. (8th, Ed.) UK: Addison-Wesley.
Talet, A. N., Zin, R. M., & Hourari, M. (2014). Risk Management and Information Technology Projects. International Journal of Digital Information and Wireless Communications, 4(1), 1-9.