Boston, MA – December 1, 2020 – UpperEdge, an independent third-party advisory company that empowers organizations to get the most value from their IT supplier relationships, details how the risk management processes proposed and implemented by most of the large SI’s are seriously flawed and likely increase (not minimize) the client’s risk profile.
“Every SI request for proposal asks a question regarding the vendor’s risk management practices. Almost every vendor responds in exactly the same fashion, providing a method to collect risks, evaluate them using a risk matrix, and then plan mitigation strategies based upon the placement on this matrix,” said John Belden, Project Execution Advisory Services Practice Leader at UpperEdge.
”But there are flaws in these risk management practices. During the execution of these processes, the flaws are enhanced by the pressures created during the project. These fail points, in all likelihood, increase rather than decrease the potential for project failures,” Belden added.
The five flaws are:
1. Risks are not considered upfront as part of the contracting and RFP process.
There is a tendency to underestimate the complexity and risks involved. As a result, vendors who come in with well-designed processes specifically to mitigate these risks are considered “heavy” in their proposals, so they often will counter with proposals that minimize the possibility of these risks.
2. Fixed-price contracts create biases to focus on cost and only schedule risk.
There is a tendency of many to mistakenly assume that fixed price contracts mitigate all risks to the client. On the contrary, they can have an impact of amplifying the risks associated with operational continuity and the ability to obtain benefits.
3. Failure to mitigate risks is money in the SI’s pocket.
While the vendors will almost never admit to this, all SI’s understand that failure on behalf of the client to adequately address their own execution risks will likely lead to profitable change orders.
4. Vendor’s capacity to assess and mitigate risks is suppressed by budget.
To properly execute a well-managed risk management process takes time and resources. When project timelines get tight and budgets become squeezed, the risk management process is viewed as simply overhead with capacity that can be repurposed to project delivery.
5. Vendor’s recommended approach can produce the wrong results.
Almost all vendors propose to use the standard risk matrix as an integral part of the risk management process, but:
- Risks that are identified with high potential consequences and low probabilities are typically given a lower priority to mitigate, thereby raising the possibilities of catastrophic failures.
- The risk management processes focus on the execution of the plan itself vs. the attainment of the expected outcome. This tends to leave significant risks unidentified and ultimately untreated.
- The methods do not readily account for risks or events that can occur more than once nor take into consideration the correlation of various risk factors.
ABOUT UPPEREDGE
UpperEdge maximizes the value its clients receive from their key IT supplier relationships by helping them develop and execute fact-based sourcing, negotiation, and program execution strategies. Visit www.upperedge.com for more information.
