Risk Management Planning
Risk management planning requires the project team to assess the possible risks the may negatively or positively affect the project. A negative risk may be a malfunction in the Digital Transformation such as implement a new Information System based on poor integration with another system. A positive risk can also be seen an an opportunity such as the possibility of integrating separate systems for better data sharing. Risk management planning (RMP) also identifies the likelihood or probability of such risks occurring and finally identifies solutions to minimise the occurrence of the risk or solve the risk if it occurs.
Risk management is a key planning best practice that can support project managements achievement of the triple constraint: time, cost, scope. Even is the IS project progress smoothly, unforeseen risks can occur therefore project mangers must monitor risks on an ongoing basis over the life of the project. A risk breakdown structure can be used, allowing the IS project manager to identify risks, assess their probability of occurrence and impact. Other techniques can be used such as brainstorming, the Delphi technique and a SWOT analysis. Risks can then be added to the risk register document can circulated to relevant stakeholders/managers.
Where possible, project managers should deploy the 5 risk mitigation responses which are avoidance, acceptance, transference, mitigation, and escalation. Contingency plans can be created in the planning phase to mitigate the impact or risks. Senior management should be involved in risk planning and may be required to support implementation of contingency plans. For example, increasing a projects staffing budget to bring on an additional developer to ensure the new IS is delivered on time but above budget to meet share holder/investor expectations.
Project risk management has several phases:
Risk Management Plan
The risk management plan provides a summary of the possible risks over a project and should be shared with stakeholders.
In the plan, risks are documented, contingency plans are described, team roles are assigned, cost estimates and budgets are prepared and a work breakdown schedule is given. Additionally, the risk is discussed, its underlying cause is identified, the probability of occurrence is stated and any other relevant information is provided to assist the organisation in minimising the negative impact of the risks. Below are kep elements in a risk management plan.
Sources of Risk
Market risk:
The IS project may be developing a new digital product/service for the market. If delayed or malfunctioning it can lead to several reputational damages, lower revenues, a decreased share price and loss of competitive position.
Financial risk:
IS projects can be significant and extremely costly. The organisation must perform a financial assessment to assess the return on investment and viability of new IS projects. Net Present Value, ROI, payback estimates should be performed. Additionally, many black swan projects are known to significantly exceed time or budget constraints which can put additional financial pressures on a business particularly if it is funding the project via debit or external investment which is to be repaid.
Technology risk:
IS projects may face technology risk as technology can be complex and very fast moving. This is experienced on time consuming multi-year projects for the civil service as market technology may evolve before the project is completed. Even if leading edge technology is incorporated in the planning phase, it may be commonly adopted upon IS delivery. IS may also have integration risks with other systems in the organisation which can be costly. For example, a digital marketing dept may struggle to align all data from multiple sources such as Hubspot automation tools, Salesforce CRM, Mailchimp database and Wordpress website.
People risk:
IS project also face risks from staff and users who may resist the new IS as they feel it disrupts their work or they may fear job displacement due to automation etc. Users may withhold key information in the requirements gathering phase or in implementation. It is key for the organisation to implement a robust communications and change management campaign to reduce resistance and improve new IS adoption. Additional, users should be adequately trained in the new systems working so they can effectively use it.
Structure/process risk:
Digital transformation is not about technology, it is also about new processes for the organisation. If the organisation fails to adapt their existing processes to work with the new IS, this can have negative consequences. Process mapping and user journey mapping are common practices required in the project design phases to mitigate such risks.
Examples of Information System project risks: