Close this search box.

Share this Press Release

IT System Integrator Risk Mitigation Processes Often Have the Opposite Effect, Says UpperEdge

Boston, MA – December 1, 2020 – UpperEdge, an independent third-party advisory company that empowers organizations to get the most value from their IT supplier relationships, details how the risk management processes proposed and implemented by most of the large SI’s are seriously flawed and likely increase (not minimize) the client’s risk profile.

“Every SI request for proposal asks a question regarding the vendor’s risk management practices.  Almost every vendor responds in exactly the same fashion, providing a method to collect risks, evaluate them using a risk matrix, and then plan mitigation strategies based upon the placement on this matrix,” said John Belden, Project Execution Advisory Services Practice Leader at UpperEdge.

”But there are flaws in these risk management practices.  During the execution of these processes, the flaws are enhanced by the pressures created during the project.  These fail points, in all likelihood, increase rather than decrease the potential for project failures,” Belden added.

The five flaws are:

1. Risks are not considered upfront as part of the contracting and RFP process.

There is a tendency to underestimate the complexity and risks involved.  As a result, vendors who come in with well-designed processes specifically to mitigate these risks are considered “heavy” in their proposals, so they often will counter with proposals that minimize the possibility of these risks.

2. Fixed-price contracts create biases to focus on cost and only schedule risk.

There is a tendency of many to mistakenly assume that fixed price contracts mitigate all risks to the client.  On the contrary, they can have an impact of amplifying the risks associated with operational continuity and the ability to obtain benefits.

3. Failure to mitigate risks is money in the SI’s pocket.

While the vendors will almost never admit to this, all SI’s understand that failure on behalf of the client to adequately address their own execution risks will likely lead to profitable change orders.

4. Vendor’s capacity to assess and mitigate risks is suppressed by budget.

To properly execute a well-managed risk management process takes time and resources.  When project timelines get tight and budgets become squeezed, the risk management process is viewed as simply overhead with capacity that can be repurposed to project delivery.

5. Vendor’s recommended approach can produce the wrong results.

Almost all vendors propose to use the standard risk matrix as an integral part of the risk management process, but:

  • Risks that are identified with high potential consequences and low probabilities are typically given a lower priority to mitigate, thereby raising the possibilities of catastrophic failures.
  • The risk management processes focus on the execution of the plan itself vs. the attainment of the expected outcome.  This tends to leave significant risks unidentified and ultimately untreated.
  • The methods do not readily account for risks or events that can occur more than once nor take into consideration the correlation of various risk factors.

To gain deeper insight into these flaws and to recommend how to mitigate these risks, UpperEdge will present a live webinar entitled “Don’t Line the Pockets of Your System Integrator.”


Tuesday, December 8th, 2020 at 11 am EST


Relying on your SI to tell you how to mitigate risks can be an imperfect strategy that often does not have a happy ending. Protecting your organization against risks that may seem obvious is often not thoroughly covered in your contracts. This webinar will analyze:

  • Why risk management fails
  • Failure points and how to mitigate them
  • Operationalizing risk management
  • The most overlooked risks

Learn more and register for the complimentary webinar here.  Even if you can’t make the live webinar, you will be sent the webinar recording just by registering.


UpperEdge maximizes the value its clients receive from their key IT supplier relationships by helping them develop and execute fact-based sourcing, negotiation, and program execution strategies.  Visit for more information.