Managing Critical Projects - How to Avoid Failure
When it comes to enterprise IT projects, many executives and business managers believe it pays to be a pessimist. Even the best CIOs can have a critical project run away from them, damaging the business. Many major IT projects miss their time lines and cost estimates (and lack promised functionalities) - but not seriously. Some projects, however, go very wrong, with major cost overruns with little or nothing to show for it. Structuring the management of projects to detect, correct, or kill runaway projects early is essential to project risk management. CIOs should implement risk-mitigation strategies to manage these potential cost and business risks.
A common refrain in runaway software projects is that the senior-most IT officer did not know things were going very wrong until it was too late. A less-common tune is that, apparently, neither did the CFO nor the enterprise's operation executives.
Engineers do not design, build, and then test a bridge by driving trucks across to see if it falls down. Software should not be built or installed until all the technical risks are identified and solved. This is a design-test-build approach that I insist upon for large or risky projects.
Communicate, Communicate, Communicate - Independently
Enterprise management needs to insist on having a operational manger assigned to every critical. If the operational and financial management do not have access to reliable data project status they can be blindsided. They need to know effort expended, contract spending, and software and hardware license and maintenance costs, and if they are not able to compare these costs to forecasts (thereby seeing the burn rate), then they do not have the controls they needs.
Be Prepared to Kill the Project - do not throw good money away
A surprising number of project failures occur during implementation. Not all risks can be identified before the build phase, even in the design-test-build model.
The implementation of a new system almost always means changing the way people work. Regardless of the suitability of the business process embedded in the software, many projects fail during implementation because the process can't be adopted.
The CIO's Risk Responsibilities
Costs and complications can grow very quickly when a project gets in trouble during the implementation stage. The CIO needs to ask IT managers and the business leaders to explain their risk-mitigation strategies. What happens if the new system doesn't work correctly? Can the business fall back on the old system? Can features be turned off that might be problematic for the business or customers? Can the new system be implemented by location or function? Insisting on a plan to keep the business running should things go wrong can avoid a larger disaster.
The key is structuring projects to eliminate all the known risks, and the secret to that is engaging business leadership to get as many independent views on the project as possible. And then you have to listen to what they're telling you.
Janco has created a number of policies that embrace all of these issues.
The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.
We have just completed a major update of most of the individual polices and almost all of the electronic forms.
- CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
- Google Glass Policy (Includes Google Glass Access and Use Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy(Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Patch Management Policy
- Outsourcing and Cloud Based File Sharing Policy
- Physical and Virtual Server Security Policy
- Record Management, Retention, and Destruction Policy
- Safety Progam
- Sensitive Information Policy(HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with KPI Metrics
- Social Networking Policy(includes electronic form)
- Technology Acquisition Policy
- Telecommuting Policy(includes 6 electronic forms to effectively manage work at home staff)
- Text Messaging Sensitive and Confidential Information (includes electronic form)
- Travel, Electronic Meeting, and Off-Site Meeting Policy
- Wearable Device Policy
- IT Infrastructure Electronic Forms