This is our fifth article of seven in the series on Challenges in implementing IT Changes. This article covers the challenges with managing Project Risks.
Implementing IT changes within an organisation is a complex endeavour that requires careful planning, execution, and ongoing management. While these changes can drive innovation, enhance efficiency, and provide a competitive edge, they also come with significant challenges, particularly in the realm of risk management.
The Challenges can initially challenging and due to the understanding of Risk Management by the Project Team. I once had a Project Sponsor who asked during a Steering Group what the difference between a Risk and Issues was, I was at first taken aback and first wondered if he was testing me, but it became clear he did not know.
Today I do not make any assumptions, and it is clear in our documentation and introduction for all that a Risk is something that may happen and an Issue is something that has already happened, it saves all the embarrassment later.
So when we are running Projects, our Risk Register is configured with classifications and the following are some of the areas that come up on a regular basis:
Data Security – One of the most significant risks associated with IT changes is data security. New systems and technologies can introduce vulnerabilities that may be exploited by cybercriminals. Ensuring robust cybersecurity measures are in place during and after the implementation of IT changes is crucial to protect sensitive data.
We can’t run any IT Projects and Programmes without a representative from the IT Security Team to validate the activities of the Project, and/or assess the documentation to ensure we are not overstepping any of the organisation’s security policies. Today I make sure they are in the Project Kick Off and remain close to the Project as it progresses.
Compliance – Regulatory compliance is another critical aspect of risk management. Different industries have specific regulations governing data protection, privacy, and IT systems. Ensuring that new IT implementations comply with these regulations is essential to avoid legal and financial penalties.
We undertake a lot of our work with Financial Institutions globally and we have to be aware of the Regulatory environments our clients work in. Apart from ensuring we have completed out homework before we start to ensure we know which Regulations our client is required to comply to. I also make sure we engage with the Compliance Team/Officer and I do make a suggestion that the Compliance Manager sits on the Steering Group, as well as having regular updates on progress where it impacts Compliance.
Risk Management – Being able to effectively identify, register, track and manage risks is a fundamental requirement of an effective Project Manager. But it still amazes me how many Project Managers don’t even have a Risk Register, and I am sorry to say have no idea how to identify a risk, so managing one is out of the window.
When we created our Change and Project Management Framework, we ensured that we spent time on developing the process, tools and training material for our teams. All staff are trained on our processes before they are allowed to deliver one of our projects. We are proud of what we have developed over the years, to the point where even Risk Managers we engage with have asked whether they can have a copy of our Risk Register tool (unfortunately it’s our IP).
Business Continuity – IT changes can disrupt business operations, leading to potential downtime and loss of productivity. Risk management strategies must include plans for business continuity, ensuring that critical operations can continue even during the transition period.
A key deliverable within every project the Project Manager should include is the need to protect the operations o the business. Implementations must be planned and an Impact Assessment undertaken with the Project Team to identify what could go wrong and look to mitigate those identified ‘Risks’. I am proud to say that through our effective planning we look to mitigate the risk of business downtime during a project implementation period and wherever possible the original state is kept in situ whilst a new instance is built, tested and when readymade live.
Lessons Learned for improving Risk Management
Comprehensive Planning – Detailed planning is essential for mitigating risks. This includes conducting thorough risk assessments, impact assessments, developing a clear implementation roadmap, and setting realistic timelines and budgets.
The real value of bringing in a specialist IT Change specialist is the knowledge, skills and experience they bring to the table. I regularly explain to management who think their IT team can deliver a migration project, by explaining the route from here to the final solution is not a straight line. Developing the project early on, identifying where the challenges will be and providing the team with direction and leading with confidence through difficult patches to a successful conclusion is so important, especially when the whole business operations is at risk.
Once difficult question to ask yourself is if the business is down for ONE day as an outcome of a project not being successful, how much would this cost the business, and don’t forget the reputational impact? Few organisations can put a figure on that.
Employee Training and Engagement – Engaging employees and providing adequate training can help reduce resistance to change and ensure a smoother transition. Employees should be informed about the benefits of the new systems and trained to use them effectively.
So important when rolling out new systems is the Cultural Change Management, ensuring stakeholders are engaged and end users training on new systems before they go live. One has to ask why the importance of training end users is not seen as critical when rolling out new systems, too many times lip service is given to training, resulting in the business value of the investment not being recognised.
Continuous Monitoring – Once IT changes are implemented; continuous monitoring is necessary to identify and address any issues that arise. Regular audits, security assessments, and performance evaluations can help ensure the new systems are functioning as intended and mitigate any emerging risks.
I raise this as an early item for the project team, there is nothing more satisfying that seeing new systems be implemented and be successful, whether its being, faster, cheaper, or increased utilisation. Meeting what you set out to do for the Project Team, brings with it so much more that just the esteem and satisfaction of being successful.
I always quote to the technology teams ‘if you can’t Monitor then you cannot Manage’ during the early stages of the Project design to ensure the teams set up basic monitoring of systems before and after, to show the performance of the platforms implemented.
Implementing IT changes presents its own challenges, particularly those in the management of risks, but through careful planning, engagement, and continuous monitoring Project Managers can navigate these challenges successfully. By proactively addressing these risks, project teams can unlock the full potential of their IT investments and complete their project as planned, successfully.
Bushey is a specialist IT Change organisation, that has more than three decades of experience in the delivery of client projects globally.
Comments are closed