Chapter 11 • IT Project Management 423Recent research also suggests that all IT projects
experience fluctuations in momentum, both positive and
negative. IT project managers who take steps to proac-
tively stabilize or counteract negative spirals in momen-
tum are therefore more likely to lead projects to a
successful completion (Nelson and Jansen, 2009).
Good communications among the project team mem-
bers are also critical for task coordination and integration.
The mechanisms here include both formal activities (e.g.,
weekly meetings of team leaders) and informal (e.g., e-mail
communications and in-the-hall progress reporting).
Recently researchers (Kappelman et al., 2006) have provid-
ed evidence that potential project failures can be avoided if
project managers and team members pay attention to “early
warning signs” of people-related and process-related issues
and then take appropriate actions to mitigate these risks.
Some of the people-related early warning signs are:
- Inadequate business stakeholder involvement or par-
ticipation in the project - Subject matter experts (SMEs) in the business are
overscheduled
Some process-related signs are:
- A lack of documentation of the success criteria for
the project (e.g., budget, timeline, high-level system
requirements) as well as the expected future benefits
(the business case) - Team members have been re-assigned to a higher
priority project
Managing Project Risks
All projects carry some risks, and one of the goals of proj-
ect management is to reduce the risk of failing to achieve
the project’s objectives. Standard risk management prac-
tices include: identification and classification of project
risks, planning how to avoid them, and establishing plans
to otherwise detect, mitigate, and recover from problems if
they occur (see the summary in Figure 11.10). The extent of
risk exposure for approved projects can vary widely across
projects as well as across organizations. The culture of an
organization can lead some managers to take a more defen-
sive approach overall, while managers in a different organ-
ization might purposely pursue high-risk projects because
of the potential for higher competitive rewards.
Risk identification should be undertaken at the pro-
ject’s outset, based on experience with similar projects. A
common risk management approach is to develop a list of
risk factors and then to weight them according to their
potential impact. Identified risks are typically classified on
several dimensions, including the nature and cause, the
likelihood of occurrence, and the potential consequences.
Risks can be due to a variety of causes, including charac-
teristics of the project itself (i.e., project size, availability
of business experts, newness of the technologies to be uti-
lized), as well as characteristics of the external environ-
ment (i.e., competitive risk for not completing a project,
extraordinary economic events).
The risk assessment for a given project is then used
for decisions about project staffing or technical platform
alternatives that lower the total risks, beginning with the
planning stage. A potentially serious risk should be
addressed by detailed plans and dedicated tasks. Some
examples of common strategies for resource decisions are
shown in Figure 11.11. For example, an exchange strategy
could result in subcontracting with vendors, and a reduc-
tion strategy could result in allocating the “best and
brightest” to a project team to minimize the potential forRisk Identification and
AssessmentElicit, identify, and classify major project and process risks and determine the impact,
probability, and time frame of occurrence
Risk Planning Use assessment information to make decisions and actions to implement them (present
and future)
Risk Avoidance Avoid a specific risk when possible, by eliminating its causes (e.g., change the design,
change requirements, change technologies)
Risk Monitoring Develop processes for monitoring the risk indicators and detecting occurrences. Change
the initial assessments (impact, probability, time frame) as relevant.
Risk Mitigation or Acceptance Take steps to limit the probability of occurrence and limit the impact of a risk, OR formally
plan for its occurrence (such as shifting the management of a risk to a 3rd-party).
Risk Management, Tracking
and ControlContinue to track and control for deviations from the planned risk actions and re-assess
the risks and the effectiveness of the monitoring process.FIGURE 11.10 Risk Management Tasks [Based on Mohtashami et al., 2006; Brewer and Dittman, 2010]