Why Your IT Project May be Riskier Than You Think

Why Your IT Project May Be Riskier Than You Think-Harvard, Business Review,

(Bent Flyvberg, Oxford University's Said Business School and Alexander Budzier, McKinsey).


Knowsys Group Executive Summary and Response,  

Mary-Ann Massad, CEO, Knowsys Group   

  • 67% of companies failed to terminate unsuccessful projects
  • 61% of managers reported major conflicts between project and line organizations
  • 34% of companies undertook projects that were not aligned with corporate strategy
  • 32% of companies performed redundant work because of un-harmonized projects

    Source: The Art of Project Portfolio Management, by Sascha Meskendahl, Daniel Jonas, Alexander Kock, and Has Georg Gemunden (HBR, Sept. 1, 2011).

In this article, HBR authors studied 1471 IT projects, comparing budgets and estimated benefits. Most incurred high expenses: $167 Million to $33 Billion. The average cost/time overrun was 27%. One out of six projects was a classic black swan with a cost overrun of 200% and schedule overrun of 70%. There are a disproportionate number of black swans. (HBR, Sept 1, 2011 Bent Flyvberg, Oxford University's Said Business School and Alexander Budzier, McKinsey).


Those companies in the most precarious financial/operational states are obviously more at risk from an IT project gone awry. The authors from the HBR article propose a stress test for executives to take before taking on any major technological investment. These stress tests involve two questions, the first being: is the company strong enough to absorb the risk associated with a budget overage of 400% or more if only 25-50% of the projected benefits are realized? The second question is: can the company absorb the risk associated with 15% of medium-sized projects exceeding cost estimates by 200%? (HBR, Sept 1, 2011 Bent Flyvberg, Oxford University's Said Business School and Alexander Budzier, McKinsey).


The other key recommendation that the authors make is for companies to utilize "reference class forecasting," a method based on the Nobel Prize-winning work of Kahneman and Tversky. This method has become mandatory for large public projects in the UK and Denmark.  


One word came to mind, over and over again, as I read this article: GOVERNANCE. Where was the governance when the Levi Strauss Program went from $5M to $6M to $10M to $190M in costs? Public companies spend millions to become SOX compliant and yet "Black Swans" such as this, Kmart and the Hong Kong Airport occur every day in organizations, both large and small. Real governance means leadership. Real governance means courage - the courage to tell the truth even when it will not be well-received. Too many "well-run" organizations operate under a culture of fear and "group-think". This is why all projects, not simply those that are IT related, have the ability to bring an organization to its knees, effectively crippling it. We have to work on building organizational cultures that welcome honesty, embrace diverse opinions, and praise integrative thinking. 


For example, many IT projects are funded based on qualitative benefits or on quantitative benefits with certain assumptions (if we reach 'X' sales volume next year, this IT project will increase our profitability or customer-reach).


IT projects and/or programs should be funded and overseen in the same manner as any investment. Is it good for the company's bottom-line? Does it have more benefits than risks? Will it enhance long-term growth, profitability, and innovation? What are the rules of dis-engagement and dis-investment-so that we know how to cut our losses before our losses cut us to pieces? These questions are often given lip service in many organizations or are based upon individual business unit "heroics" vs. systemic financial and operational controls.  


So what does Knowsys recommend to mitigate these overwhelming risks?

Actionable Governance characterized by:

  1. Gating focused on risk mitigation
  2. Clearly defined accountability
  3. Checks and Balances
  4. Contribution and Reward
  5. Integrated Program and Portfolio Management


Gating Focused on Risk Mitigation


Gating, if used effectively, can be a powerful risk mitigation tool. Each gate corresponds to key phases and deliverables/milestones of the project lifecycle. The key principle here is that at each phase there is a check point to determine if the project is aligned with the project's objectives and benefits. A decision point occurs at each gate allowing for project dis-engagement as well as progression. Each gate is overseen by a steering committee empowered to make decisions about the life or death of the project. In many organizations these gates are considered a mere technicality given that, in general, if a project is funded, it will be allowed to continue, regardless of if it still sensible to do so or not.


Clearly Defined Accountability


Most organizations assign the responsibility of Executive Sponsor, Program/Project Sponsor, and Program Manager as key executives responsible for the success of a key program/project. Depending on the cultural values of the organization, it can be very unclear as to who is responsible for tabling and acting upon the truth. The "truth" means communicating risks that could be or are derailing the program/project or worse, posing operational or financial risk to the organization as a whole.


Ultimately the Program/Project manager should be made clearly accountable for tabling the "truth" as early as possible. Once the cat is out of the bag, either the Program Sponsor or the Executive sponsor should be accountable for pulling the plug based on well-defined criteria or rules of disengagement as we shall call them.


Checks and Balances


Another risk mitigation strategy is the concept of independent verification and validation (IV&V) of, as we call it in the systems integration industry. Although this approach is used extensively in the defense and aeronautical sectors, it is almost unseen in most medium to large businesses, which is surprising.

The concept is simple. Bring in a third party whose role and responsibility is to act as an independent view of the "truth" as it concerns a large program portfolio or project. The independent third party verifies and validates the key strategies, decisions, and deliverables of a large program or project. They have no vested interested in anything except a positive outcome for the company as a result of that particular investment. Either the IV&V team reviews the program on a monthly, bi-monthly, or quarterly basis and/or they sit at the table during each gate to ensure that the program is good to go to the next level of funding/milestones.


Contribution and Reward


Insanity is defined as doing the same thing over and over and expecting different results. In this vein, many organizations do not tie the performance of an individual, team, or business unit's contribution with rewards. It's quite simple to say that anyone who manages a project that goes over-budget will be fired. However, does this address the root cause of the program/project failure or does it perpetuate the behaviour? If we want to become innovation leaders, we need to encourage our employees to take risks that are measured and controlled. More importantly, we need to create a culture that learns from mistakes and passes the knowledge on to others who, in the future, will undertake similar roles.

Rewarding individuals and teams for knowledge management and continuous improvement is as important as it is to reward them for implementing a project on time and on budget. Rewarding knowledge management is akin to investing in a "success annuity". Rewarding successful program/project management (including pulling the plug on the project), links a desired behaviour with the immediate reinforcement of it.  


Integrated Program and Portfolio Management


The skill and discipline of managing large IT projects as investments, much the way you would an investment portfolio is still new to many organizations. The ability to look at many investments using an integrated approach is predicated upon having well-defined processes for resource management and allocation, financial management and reporting, risk/dependency assessment, management, and mitigation, and finally an investment process that is aligned to strategic objectives and investments at the macro-level.

The other hindrance to integrated program and portfolio management is the proper use and application of enterprise-wide portfolio management tools such as Planview and Clarity from CA. Often times, organizations buy these tools thinking they can automate their portfolio management deficiencies without doing the process definition, standardization, and organizational change management to ensure absorption by the key stakeholders who will be using these tools.


Finally, benefits realization is an area that very few organizations focus upon. It is one thing to do a business case to ensure funding for a project. It is quite another to do the post-project/program analysis to confirm that the benefits forecasted were actually achieved. It is often simply assumed that the project, if implemented on-time and on-budget, achieved all of the objectives that were set out in the business case.


This important analysis, if done properly, can be captured in the organizational memory banks as well as through the formal knowledge capture in some kind of knowledge management/investment repository. When this knowledge is captured formally, it will enable new programs to have a historical view of similar initiatives, what they were able to achieve and what obstacles they encountered to fully-leveraging their potential.




A bigger question occurs to me and probably many other executives after reading this HBR article.


How can we possibly raise our global profile as a centre of excellence for innovation, when we have poor governance and stewardship in corporations and public sector organizations across North America? Mismanaged IT projects are a microcosm of the global economic chaos we are experiencing. Many western countries are facing economic catastrophe due to their inability to manage risks central to their economic survival. There are no well-established rules for investment dis-engagement, and limited focus on proactive governance resulting in an early warning system, which could alert economies of potential melt-downs before they occur. After all, you wouldn't want to live in a low-lying area that is prone to monsoons and tsunamis without implementing an early warning system - why would you do so with an economy or a program that controls the fate of a country or a company?




Mary-Ann Massad, CEO

Knowsys Group



What's New

Read All »
  • Why Your IT Project May be Riskier Than You Think Why Your IT Projec... Read more »

  • Conference Board of Canada & Director's College Present 8 Questions Every Board Should ask about IT            &n... Read more »

  • Knowsys Group and BCS team-up to Protect Clients from Software License Audits and Operational Risk   Media Contact: Wesley Hutchins C... Read more »

Our Blog

Read All »