Outline Risk Identifying risks to your project Change Managing change for your project
ChangeRisk Change opens up risks.Not changing opens up risks. Managing risks requires change.Not managing risks causes change.
Thinking about risk Risk cannot be avoided. All projects, information systems, and organizations have risks. What's a systems analyst to do? Identify risks. – What are the sources of risk? – What are the targets of risk? – What is the severity of each risk? Prepare for each risk. – Monitor the environment for risk. – Plan for the foreseeable risks. Manage the consequences of risks if they occur. – Your response depends on the target and severity, and how much avoiding or mitigating the effects is worth in time, money, effort.
Sources of Risk Internal risks come from within the team or organization – people, e.g., manager, team members – tasks and structure, e.g., management, resources, methods, planning, internal competition – others? External risks come from outside the team or organization – client, e.g., poor communication, lack of approval from decision makers, changes in priorities, changes in requirements – environment, e.g., vendor problems, competition, technology changes, changes in regulations – others?
Target of Risk Personnel: e.g., someone is re-assigned, takes a new job, has a family problem Budget: usually budget cuts, although re- allocation from one part of a project to another could also be a risk. (Could being given more money be a risk?) Priority: another project could become more important to yours, reducing attention or resources. Credibility: stakeholders lack trust in the project, or what team claims it will deliver. Other targets?
Severity of Risk (2) The more likely a risk is to occur, the more important it is to plan for it and/or manage it. The higher the cost or damage if the risk occurs, the more resources you should put to plan for it, manage it, and/or respond to it. In other words, an event that is highly likely and would significantly damage your project needs more attention than a highly unlikely event that would have minimal effects on your project.
Risks at Different Project Stages Brown, S., Chervany, N. & Reinicke, B. (2007). What matters when introducing new information technology. Communications of the ACM, 50(9), analyzed types of problems, and where in the course of a project they occurred. – Initiation – identifying problems and opportunities, similar to problem definition – Adoption – commitment to doing the project, gathering resources – Adaptation – design, development, installation, deployment. Includes modification of processes and routines – Acceptance – users begin to use the system – Routinization – users use the system on a regular basis – Infusion – organization benefits from the new system
Types of Risk Brown et al. (2007) Commitment – organization must dedicate sufficient resources to the project. Requires backing from top management; having a champion helps Knowledge – project staff and management must have sufficient knowledge and skills to do the project; includes IT, business, political Communication within and between stakeholder groups – includes communications across boundaries (e.g., IT and business), with users, with management, within the team Planning – strategic planning, project planning and management Infrastructure – having appropriate hardware, software, communications, other infrastructure for both the project, and for use of the new system.
Brown, Chervany & Reinicke (2007), CACM, p. 95
Risk Payoff Matrix LOWHIGH 31 LOW42 PAYOFF RISK
Reasons for Contemporary System Failures from Table 1, Lorenzi & Riley (2000) Communication – e.g., failure to effectively prepare staff for the new system Culture – e.g., Hostile culture within IS organization Underestimation of complexity – e.g., Missed deadlines and cost overruns Scope creep – e.g., failure to define and maintain original success criteria Organizational – e.g., staff turnover, or no clear vision for the change Technology – e.g., lure of the leading (bleeding) edge Training – e.g., inadequate or poor- quality training Leadership issues – e.g., leader’s time over- committed, or leader’s political skills weak
What affects success of change? Regan, E.A. & O’Connor, B.N. (1994) End-User Information Systems: Perspectives for Managers and Information Systems Professionals. New York: Macmillan. Employees’ readiness, capacity, visualization Individual differences Environmental uncertainty Organizational structure Distribution of power, changes to power Risk and perceived risk Available resources Experience and perceived experience of change agents
Risk Assessment: A Tale of Two Systems Sicotte et al. (2006) compare the implementation of 2 systems: one was considered a success, one was considered a failure. Both systems started with the same risk profile, but the risk management strategies differed. Sicotte et al. point out the importance of a)identifying sources of risk at the project outset, b)monitoring risk throughout the project, and c)responding to changes
Figure 1. Sicotte et al.( 2006)
Lewin’s Three Phases of Change Lewin, K. (1947). Frontiers of Group Dynamics, Human Relations,1, Unfreeze – create readiness for change in system users 2.Change – as users use the new system, they observe of benefits and learn new work patterns & skills; adoption of the system starts 3.Refreeze – new behaviors become habits; the system becomes “normal” procedure But also consider Agile approaches, where the team delivers changes every 2 weeks. There is no freeze cycle.
Project Risks and Change Strategies Part 1: Identify sources of risk to your project, including – project completion – system adoption – system effectiveness Compare/contrast your risks with those of another project Brainstorm ways of managing these risks Part 2: Discuss your client’s readiness for change, based on Lewin's 3 Phase model Compare/contrast with those of another project Brainstorm ways of preparing your client for change, and making the change successful.