Dec 31 2009

Risks to Results

Agencies know they must do risk assessments for all IT projects; learn how to identify and avoid possible potholes so your project stays on track.

The push is on at all levels of government to improve the way agencies approve and manage projects. While the term “project management” may not sound sexy, the government’s failure to properly plan and execute projects — from the simple to the very complex — presents a huge financial liability for taxpayers and a challenge to each agency trying to fulfill its mission.

In our 2002 report Creating a Performance-based E-Government, the Performance Institute raised serious concerns with the way the government was launching and managing its information technology projects. When considering expenditures for all forms of IT, the government spends about $65 billion annually. Much of this spending occurs within myriad projects — most of which are supposed to be planned and measured using guidelines and standards issued by the Office of Management and Budget. Nevertheless, the report demonstrated that more than half of IT projects examined failed to provide clear goals or measures for project success and adequate management plans.

Fortunately, since 2003, OMB has aggressively promoted improved project planning and management oversight — at one point putting half the IT projects it received in one year on a high-risk list. OMB also issued new standards requiring project management training and certification, as well as requiring the use of earned value management, which enhances the government’s ability to manage projects effectively.

Figuring Risk

A chief ingredient of effective project management is risk assessment. Before launching a project, agencies should consider what kinds of risks a project poses and how to manage it to reduce risks that could lead to failure. Risk assessment should uncover problems that can be dealt with up front, rather than in the form of an unforeseen crisis midway through the project. Essentially, agencies can break risk assessments into four categories: mission, customers, finances and politics.

Conducting an initial risk assessment that calculates the likely fallout related to these four categories will let agencies flag what might have originally seemed a simple project, but is in fact a complex one. That won’t kill a project; such an assessment instead will let the agency identify the risks and complications — and mitigate them — at or before the approval phase. It also means decision-makers can make truly informed decisions on whether to pull the trigger on a project before they are forced to pull the plug later on a failing project that has consumed considerable taxpayer dollars and might embarrass the government.

Mission Risk

Projects should have a clear linkage to the outcomes of the enterprise. That’s why the first risk in project management is approving a project that will have little or no impact on the government’s mission.
Project management is seen as easier in the private sector because the outcome of all projects is the same: make a profit. Projects must either increase sales or reduce operating costs. In contrast, government agencies’ outcomes are to solve social problems, which are often difficult to measure.

But there are factors to consider and measure. I often ask government managers a simple question: “If you did not do this project, how would you know? What specific service to the taxpayer would be affected and how?” Answering these questions should help government managers plan a project to avoid mission failure.

Customer Risk

Failure to properly identify customers and their needs and requirements is another reason why projects fail. Government traditionally has a hard time defining who
its customers are — let alone soberly defining project requirements to fulfill their needs. Whether a project serves an internal customer (other government
managers) or an external customer (taxpayers), the project plan should clearly document customer needs up front and the plans to fulfill them.

Financial Risk

Federal projects often span several years and cover multiple appropriations cycles. Each new budget could mean a shift in funding, adding uncertainty into the project’s life cycle. Managers must be prepared for the possibility that appropriators will adjust funding levels that could substantially alter the project’s course.

In addition, some projects often span multiple agencies but share one funding stream, creating a pass-the-hat scenario. Managers might be put in the situation of having to go back and forth to make sure funds are properly distributed, hoping that monies are not held up by one agency’s administrative process.

Assessing risk then must account for how an agency would continue to achieve results in light of funding changes.

Political Risk

Project managers need to incorporate the political landscape facing their agencies. Political risk has several facets. Small, but influential, special interests can push illogical requirements into a project, stalemating the process. Vocal minorities are often able to lobby for inclusion of project elements that are unaligned with — or flat out obstruct — the overall agency mission. When everyone has their finger in the pot and there is no end to the list of special interests in sight, projects often get convoluted, and the result is mismanagement. It’s necessary to map out and incorporate these factors at the project launch to avoid detours and disasters later on.

Legislative requirements can also hamstring or reroute a project. Lawmakers sometimes apply report language or statutory language that complicates how an agency carries out a project. Good project plans identify any existing or potential legislative hurdles and set response scenarios to them.

Understanding, mitigating and managing project risks during the concept and initiation phases are essential to project success. OMB standards are a good start — as are the new requirements to train and certify government managers in the art and science of effective project management, but ultimately project managers must do the hard work of identifying and quantifying the risks for their particular IT projects.