Question: What do the following all have in common?
- Earthquakes and tornadoes wipe out large parts of the civilization.
- Evil doers penetrate our civil defenses.
- Cars careen out of control resulting in a massive explosion.
Answer: They are all segments of movie trailers that act as previews of coming attractions to disaster feature films. You, as a movie goer, get to make the decision to accept the fact that you are going to witness death and destruction by attending the movie, or you can decide to avoid the movie and not witness such catastrophe. Think of program risk management the same way. An effective risk management practice provides you with a view of everything that could go wrong with your ERP program, and then further enables you to avoid or mitigate those risks. A poorly executed risk management program can become simply a “preview of coming attractions” unless the proper rigor is applied in risk management execution!
This is the last installment in our series on ERP implementation risk management. In the previous installments we put forward the potential value of program risk management and outlined four areas where risk management processes can go off track:
- Focusing the risk management effort on achieving on-time and on-budget delivery and ignoring benefit achievement and business continuity.
- Executive engagement models that fail to leverage the opportunities to synchronize the perceptions of risk.
- Failure to understand the inter-relationships between risks and establishing risk priorities.
In this final installment we will address the last and likely the most common reasons that project risk management programs fail: The lack of rigor. When you think about it, it makes perfect sense that rigor can be the Achilles’ heel of risk management. After all, there are very few defined deliverables, and there is some chance (although likely small), that if you don’t apply rigor, the outcome of your ERP program will still be successful. And quite frankly, who likes to talk about all the reasons your program could fail?
Rigor is by definition an execution with precision. So here is our checklist for examining the rigor of your risk management process:
- Has the risk assessment process been incorporated into the establishment of the contingency budget? In many cases, contingency has been set as a flat percentage of the budget. If this is the case, the question then becomes: has risk been reduced to the point that it matches the established level of contingency on the project.
- Do your project reporting practices allow for the earliest possible detection of when a risk event occurs? Risk management processes are not designed to eliminate all risks. They are designed to reduce the probability of risks. This means that some risk events are inevitable. In the event they do occur, you want to know as quickly as possible to allow for the most time to recover.
- Have you assessed risk from multiple points of view? Each risk event should have a probability that is derived from as many points of view as possible. Relying on an individual viewpoint is a risk in itself.
- Are the deliverables of your program aligned with your risk management plans? This is a great way to assure the execution of the mitigation activities. Thriving ERP implementation efforts live and breathe based upon the creation and tracking of deliverables. Incorporating your mitigation actions as a program deliverable will drive mitigation activities without a significant amount of additional management attention.
- Are you treating risks and issues differently? Issues are risks that have matured. Risks are about problems that could occur. Issues are problems that have occurred and need to be immediately addressed. While both are important, critical issues should carry a greater weight for your team leads, and critical risks should carry a greater weight for Program Sponsors and Executives.
- Are risks and issues the first thing discussed at status and governance reviews? If the majority of the time in status meetings is spent explaining the current state of the project and why things are not going as planned, then things are not likely going to get any better. Issues and risks are the first and foremost responsibilities steering committees and sponsorship teams. They should be the first point of discussion, not the last.
- Are you reassessing risks at regular intervals? In a previous blog (Don’t Let Your ERP Program Go Into ‘Thin Air”) we correlated the implementation of ERP with the assent of Mt Everest. A key takeaway from this blog was the importance of performing regular risk assessments before moving forward with major stages of the project. Taking time to assess the path you’re on and the risks involved in execution cultivates “buy-in” from the stakeholders and might just prevent a major catastrophe.
To conclude this series, let’s go back to the movie analogy with which we started this blog. Seeing a movie that doesn’t live up to the trailer can be a big disappointment. On the contrary, if you have a well run risk management process, then not incurring the disaster should be your expectation!