What Happened to Risk Management?

Government Executive published a nice article called On Top Of IT in the 1 February issue that dealt with the need for strong contract management in IT programs and projects. However, I was a bit surprised after reading the article that neither the words “risk” nor “risk management” were used at all in the article, although their fingerprints were all over the piece.

The contract is the primary IT project risk management vehicle â€" it defines by the choices made (and not made) how much risk is acceptable by both parties to the agreement. In essence, a contract is the cornerstone risk analysis and management document, setting out the objectives, assumptions, constraints, risk thresholds, etc., that define what is and is not acceptable performance, and remedies in the case of failure.

If you look at the examples of poor contracting mentioned in the article, i.e., the Coast Guard's Deepwater and FBI’s Virtual Case File project, effective rather than pro forma "tick in the box" risk management was sorely missing in both of these cases.

If you want to stay on top of IT contracts and contractors, you better have a clear understanding of the risks involved, and who is best able to manage them effectively.