Post Go-Live Review
To Gold, one of the most critical components in a risk management process is immediately following the launch of a project. "We look back at what went well and what didn't go well," says Gold. "Where did we miss the risk?" It's the continuous improvement aspect of the program.
Throughout the year, Gold and his team turn a lessons learned inventory from project post mortems into a checklist for every single project. "If issues show up often enough, they should become part of our risk management process," he says.
One lesson learned that Gold and his team rely on is looking at the percentage of time that someone is assigned to a project along with what else they are working on. "If I am assigned to four projects with 25 percent of my time allotted to each, the probability that I can do all of those on time, on budget, and high quality is very low," says Gold. "What are the odds that every project will demand my time without a collision? It's zero."
This means that whenever people are assigned to projects less than full time, Gold and his team include a proactive conflict analysis to understand what else that person is working on and the probability that there will be a collision.
To Gold, "The key point is that risk management is less about process and communication, and more about the depth and rigor of risk identification and remediation strategy at the outset of a project. Some people will just check the risk management box and then wonder what went wrong. After projects fail, you will then get a thesis on what went wrong, but that's after the event. How do we anticipate and plan for this before we start?"
It is more fun to go full-steam ahead with a project than stop to think about potential pitfalls, but when your business is more dependent than ever on good technology, a culture of risk management is your next horizon.
Sign up for CIO Asia eNewsletters.