5 tips to manage risk in mega IT projects

Carrying out a large-scale IT project carries significant risks but also great rewards such as a more efficient organization. Since risk is an inherent part of such "monolithic" undertaking, experts urge companies to bear in mind a number of factors for better risk management, emphasizing staged rollouts or interlinked smaller projects as well as full involvement and support of key users.

In 2008, Levi Strauss & Co.'s global enterprise resource planning (ERP) rollout--which started in 2003 to connect its global network of various legacy systems into a single one--ran into technical issues during the implementation stage in the United States. Shipping at the jeans apparel company was interrupted for about a week, which impacted sales and resulted in its net income for that quarter plummeting 98 percent year-on-year. The company's CIO also departed following the disaster.

Pranabesh Nath, industry manager for Asia-Pacific ICT practice at Frost & Sullivan, acknowledged that large-scale IT projects are inherently risky ventures--there are "literally a million things that could go wrong" if the project isn't managed properly.

"However the rewards are also as great. It can mean a greatly improved and highly efficient organization as compared to [when it was stuck] with a legacy system," he told ZDNet Asia in an e-mail interview.

Hence, a well-thought out or "staged rollout is often the most balanced way" to minimize risk and reap maximum rewards, he said.

Roy Illsley, Ovum principal analyst for IT solutions, concurred, adding that rather than view the undertaking as "one big monolithic IT project", organizations should break it down and plan it as a series of interlinked smaller projects. This allows for strategic direction to be decided, but also enables flexibility in how, and when, the projects are delivered, he explained in an e-mail.

According to Illsley, one of critical risks that companies should note whenever carrying out a large-scale IT project, especially long-term multi-year ones, is the extended time between deliverables--meaning that any change that happens, either due to lack of preparation or external circumstances, impacts the timing schedule, creating delays, for instance.

Here are the five tips shared by Nath and Illsley on how to better manage risk when implementing mega IT projects--defined as those with budgets of US$10 million dollars and above.

1. Get full involvement and support--and hence access to resources
"Having executive support is one thing, but getting access to business resources, for testing for example, is just as important", Illsley pointed out. "To succeed, financial links need to be established and full-time staff allocated."

This will only happen if the all users or the entire organization believe the IT project is theirs and hence have commitment to the project, he noted.

Nath also emphasized the importance of user involvement in any large IT project implementation. "If key users are not involved right from the beginning, the whole project may turn out to be an expensive white elephant, not being utilized because it doesn't serve the purpose of the users, or it does things in a different way than expected," he explained.

He added that the success--or failure--of the entire project depends on the attitudes, values and beliefs of the key users and their active participation. Yet many organizations fail to recognize this critical first step of listening to the key users as well as understanding their behavior and accustomed way of doing things--which may mean difficultly in changing old habits, he said.

"A [C-level executive] may face an uphill struggle if he doesn't take into account the wishes of the users and fails to convince them of the new processes that aren't in the legacy system."

2. Do exhaustive planning, including an exit plan
"Planning is extremely important", Nath reiterated, elaborating that there should be exhaustive planning and thorough execution at every stage of implementation.

The necessity comes from how challenges or obstacles may arise at any one point during implementation, so it is crucial to anticipate these as much as possible, saving the company unnecessary headache and ensure the system delivers the right results from the beginning, he explained.

While this tip sounds simple enough, Nath noted that it can actually be a bit difficult to do as it requires strict adherence to a very defined and structured plan.

Illsley added that companies should make an exit plan--an "obvious" step. According to him, many companies have contingency plans to deal with changes in technology, vendor or the market, but very few have an actual "complete alternative solution ready to go". While this type of "plan B" can be very costly, it provides good resiliency, so that should the project slow or hit trouble, there is already a "second option available to hit the ground running".

3. Do a risk analysis based on cost and value
Illsley noted that managers often do risk assessments, but not many apply business cost and value to that. Doing this step also helps managers identify any holes to generate contingency as well as exit plans, he pointed out.

For example, if a bank wants to roll out an IT project, its managers should look at what would the cost be to the organization if a problem took the bank offline for a month. They should be asking how many customers will leave the bank and the cost of losing these clients, he said.

4. Keep delivery phases no longer than six months
The problem with too many large--and often multi-year--IT projects is that if the implementation becomes less important, the sunken costs mean the project still continues to a point where they are deliverables, Illsley pointed out.

This can be averted if each delivery phase is kept at a maximum of six months, which means a project can be stopped much faster "without much loss of face or financial cost".

However, he admitted that it is a challenge to design a project in such a modular way because it increases the initial cost and lengthens the time period. Due to these reasons, not many companies take this approach.

5. Think outside the box, or get outside help
Just because other companies facing similar problems have solved it by implementing a new IT system "doesn't mean yours needs to do the same", Nath pointed out.

Since every IT system is unique and changes from time to time according to the needs of the individual organization, the solutions also won't be exactly the same. "There may be creative ways of solving existing issues which might not require a large scale IT overhaul," he said.

Deciding whether and how to carry out a new IT project also depends if the company is trying to plan for the long term or is looking at a short-term fix, he added. "[Taking this into account] can save the company millions, and reduce most of the risks drastically."

Nath also suggested companies consider hiring an external consultant. "Many times a fresh pair of objective eyes can highlight issues and challenges that may be invisible to experts within the organization.

"Furthermore, an independent consultant can bring skills in areas such as change management that may be lacking within the organization itself," he explained.