Effective risk management is the difference between disaster and disruption

Risk – both in terms of identification and management – remains one of the biggest challenges facing corporate South Africa in 2011; not least of all because the King 3 report on governance positions risk as a cornerstone of corporate governance and holds the board of directors directly accountable.

Risk means different things to different businesses. For some, potential risks border on the bizarre: if you’re building a seaside nuclear plant it could mean a tsunami breaching a sea wall considered impenetrable; and, if you operate an airline, it could mean a volcano in a far off land spewing ash into the air, which grounds your airplanes.

While risk is inherently unpredictable, if you have an IT project underway there are at two key risks – with a potentially catastrophic impact – that are easily identified and relatively easily managed: key personnel and data risks. Imagine if something happened to the individual in whose head the project’s code resides and there is no copy of the code? Or if the main server was stolen, or the building burnt down, and there was no back up?

A good project manager is part risk identifier/part risk manager and effective risk management calls for diligence and discipline.

Managing key personnel risk is integral to an IT project’s success and a few simple precautions can make sure that the project stays on track if fate trips up one of the key players.

Dissemination of knowledge should take place from day one and continue throughout the project. Technical people are notoriously protective of their turf, wielding their power through acronyms and ‘technospeak’; and, let’s face it, computer ‘geeks’ generally prefer to interact with their keyboards rather than their colleagues. One of the project manager’s most important roles is to get the information out of the heads of the various role players and into a format where it is easily accessible to all. It is critical that the project’s design is thoroughly documented from start to finish.

It is also important that the project’s code is checked into a computer code repository like Microsoft’s Visual SourceSafe at the end of each and every work day. It is the responsibility of the project manager to ensure that the codes are checked in nightly before shut down and – with every single procedure thoroughly documented – disciplinary action must ensue if procedures are not followed.

Key to the management of data risk is a well documented disaster recovery strategy. Simple, but effective ‘rules’ – like nightly backups to a tape device, with the tapes stored off site – can mean the difference between disruption and disaster. If budget allows the back up to be done electronically, it should be to a site that is situated on different Telkom and Eskom grids.

There may be little that the PM can do to protect key personnel and data from the fickle finger of fate, but a proactive PM, who takes an effective approach to risk, can ensure that the entire project is not derailed when something goes wrong and, sooner or later, it will.

© Tony McManus, McManus Consulting.