A systems engineer and project management consultant, Payson Hall is a founding member of Catalysis Group, Inc. During his thirty-year profesisonal career, Payson has been a writer and featured speaker on topics of systems integration, project management, and risk management.
Noel Wurst: With "project failure" being an obvious potential result of poor risk management and analysis, why do you think companies have continued to fail to efficiently adress the need for risk management?
Payson Hall: Many organizations hesitate to candidly confront how difficult large software projects really are. System size and complexity, project duration, the number and ongoing evolution of external interfaces, diversity of end user populations, complexity of governance, the challenge of working with systems integration firms... all these factors push our capability to deal with uncertainty and risk to; and sometimes beyond; reasonable human limits. It doesn't have to be as dramatic as huge-smoking-crater-failure-and-cancellation.
If we define "large" projects as those that cost over $25M USD and last 18 months or more, I think most in the industry would say that the majority of those projects either finish significantly late, over budget, or with less functionality than originally anticipated - the majority of them! Large projects that finish on or ahead of schedule, under budget, delivering all promised functionality are the rare exception, not the rule.
But that's not the story many organizations tell themselves or their sponsors. If we can't admit there is a problem, then allocating resources to dealing with the problem is hard to justify. It seems to me we are slowly making progress on this front, but it is an ongoing challenge.
Noel Wurst: Your upcoming Better Software Conference East presentation mentions "Twelve Risks to Enterprise Software Projects" - this sounds like a lot! What's the best way to make sure that each of these risks are addressed and handled before beginning such a project?
Payson Hall: Large scale software development or implementation projects often begin with dozens of risks. Many of these can be addressed with effective planning, but before you and your team can effectively address risks, you must establish a cultural environment where it is ok to talk about them so they can be identified.
If you can get past the taboo about admitting that you don't have perfect information and that some project elements are beyond your control, a good team can often identify several alternatives to reduce the likelihood and impact of significant risks.
Noel Wurst: You've mentioned that a positive attitude is simply not enough and that "failure is not an option" cannot be an option. How do these two things each prohibit effective risk management.
Payson Hall: Some organizations have difficulty admitting that they can't completely control all of a project's variables. Others seem to believe that positive thinking will overcome all obstacles. Either approach results in difficulty openly discussing risk. Ironically, if risk can't be discussed - it is much harder to invest in prevention and remediation and the potential danger is much greater.
Imagine trying to teach someone to drive a car in a universe where you were not allowed to discuss ways that a car can fail and what might be done to prevent the failure or respond. You can't discuss how to fix a flat or potential causes and how to avoid them. You can't discuss how a car might behave if it blew a tire at freeway speeds. You can't mention the value of properly inflated tires or the wisdom of periodic tire inspection. The result will be a poorly prepared driver who is less safe and unprepared for situations that most of us know can occur.