top of page

Apply Risk Management to IT Transformation

(A Change Management Article)

Over my career journey, I have had the opportunity to coach project, program, product, and organization leaders regarding risk. Traditionally the dimensions of risk are cast in a discussion of cautiousness. However the truth, long recognized but seldom realized is risk is both negative and positive, and can be applied to organizational change management.

General Risk Management

Traditional project management recognizes the triple constraint: scope, time, and cost. PMI recognizes six constraints: scope, schedule, budget, resources, quality, risk. Prince2 recognizes six: scope, time, resources, quality, benefits, and risk. Other models add customer satisfaction. However, what is notable in most current models, risk is given its own billing as a project constraint. Yet I still see leaders ignore risk, or if included, only focus on the negative. Even more mature organizations practice risk management only for the technical aspects of a project.

To help explain the different risk responses, consider stretching a traffic analogy. If you knew that at 8am, there was a high likelihood you would be in a traffic accident at a specific intersection where you would meet someone new, how would you address it?

Threat Responses

A good leader proactively plans to minimize threats to their projects, portfolio, or organization.

  • AVOID: Eliminate the threat. Choose a different route to work and avoid the intersection where the accident was likely.

  • MITIGATE: Reduce the threat. Choose a different time; leave early for work. Drive the off-road truck you have parked in your garage to reduce the impact and gain the additional protection and stability of the larger vehicle.

  • TRANSFER: Transfer the threat. Hire someone who specializes in defensive driving to drive you to work. Their additional skill and insurance are contracted to get you to work safely.

Opportunity Responses

Great leaders prepare to realize the benefits of opportunities.

  • EXPLOIT: Cause the risk to occur. Imagine the person you were being introduced to was your soul-mate. Your decision might then become to aim for the accident.

  • ENHANCE: Increase the probability. Arrive early and wait for the other vehicle to enter the intersection before causing the accident.

  • SHARE: Share the benefit. If the introduction is of value, contact the other party, and offer to meet them for coffee rather than be in the accident.

Neutral Response

And sometimes, the preventative action is not worth the investment.

  • ACCEPT: Take no advance action. Do you have On-star, AAA, backup coverage at work? Develop contingency plans to be executed should the accident occur.

Application to Change Management

Now consider that the discussion above was not strictly related to project management, but rather IT transformation. And while many IT leaders are traditionally unskilled at organizational change, they are skilled to some degree with risk management.

  • Avoid: As part of the organizational change planning process, are there risks to general adoption that should be avoided… specific actions that would harm your efforts. In an organizational change initiative, these are often items that undermine trust.

  • Mitigate: Consider negative employee impacts (both real and perceived), and plan to minimize those impacts. Reduce the impact of naysayers on the organization.

  • Transfer: Consider hiring help. As IT leaders we have great skills surrounding the application of technology to meet business needs. But often our teams are not skilled in organizational change or transition management.

  • Exploit: Identify those positive aspects of the change and ensure they occur. Don’t limit your thinking to just the technical results, but identify the positive employee impacts as well.

  • Enhance: Increase the probability that early adopters are successful, to increase the momentum of the flywheel.

  • Share: Share the success with the organization, both in terms of engagement to build the plan, and recognition and rewards for milestone achievements.

  • Accept: Recognize that in any change there are those who will be slow to adapt or who will reject the change. Have contingency plans in place, and be transparent. Transparency helps build trust and the momentum of change.

By simply applying the principles of risk management to the organizational change aspect of your next transformation, you can more properly inculcate the change into your organization.

© 2018 Barry Robbins, Silver Bear Solutions

Contact The Author

Barry Robbins is an IT Executive with a strong record of success in transforming IT organizations by envisioning, developing, and implementing IT business solutions.


bottom of page