Risk Management Solutions

According to Capers Jones in a 2004 study of projects of 10,000 function points or greater, i.e., greater than about 1,000 programs or roughly 1 million lines of C or COBOL code,

“Of the 250 projects analyzed, about 25 were deemed successful in that they achieved their schedule, cost, and quality objectives. About 50 had delays or overruns below 35 percent, while about 175 experienced major delays and overruns, or were terminated without completion. The projects included systems software, information systems, outsourced projects, and defense applications. This distribution of results shows that large system development is a very hazardous undertaking. Indeed, some of the failing projects were examined by the author while working as an expert witness in breach of contract litigation involving the failed projects.”

It is notable that projects using agile project management methodologies were not included in the study, “… because such methods are seldom if ever utilized on applications larger than about 1,000 function points.”

Risk Management Capabilities

  • Assessment
  • Risk mitigation strategies
  • Risk mitigation tactics
  • Risk mitigation implementation and oversight
  • Services procurement and vendor management

We help you understand the choices in front of you in plain business terms, but we are ready to dive as deep into technical issues as any client or vendor staff member cares to go.  Our risk management services address the full range of technical risk, project management risk, procurement risk, and vendor management risk.


Our risk management strategy starts with a clear-headed assessment of risks, costs and benefits, from which we lay out the alternatives to our clients.  We avoid the “rose-color glasses” assessment of many technicians, and take a hard look at what is being proposed by services vendors, aided by our years of experience working for several vendors.

Risk Mitigation Strategies:

There are frequently several ways in which a legacy code library and existing data models can be leveraged to reduce cost, delivery time and risk simultaneously, yet still deliver exactly the end result desired.In all cases, a risk based approach to the project architecture with assessment and mitigation strategies can be a very inexpensive insurance policy against downside risks, and will usually save many times its cost over the duration of the project.

Mitigation Tactics:

We have multiple tactical approaches, of which some or all may be applicable to your project:

  • Risk based project architectures
    • A range of project design strategies from low to high risk
    • The more risk averse the client, the more conservative the project architecture we recommend
  • Regression testing, both automated and manual, provides an important key to controlling costs and maintaining schedules
  • Test coverage analysis measures the thoroughness of testing
  • Agile project management principle of “deliver early and often” can be extended to large projects

Evolving the current application into the desired final state in a controlled, step by step fashion breaks a large project into several smaller, more easily controlled projects. This is also the secret behind agile programming and agile project management methodologies.

Though counter-intuitive, the actual experience is that this approach takes less time and costs less, mostly because it enables quick and inexpensive regression testing.  Expensive errors are caught early when they are cheap to fix instead of late in the project when they are expensive to fix and can significantly impact schedules.

Risk Mitigation Implementation and Oversight:

ProjectManagementOversightThe best risk management and mitigation plan in the world is only as good as its implementation.  IT people are, in general, not trained in risk management.  If anything, IT people are inveterate optimists, as they probably have to be to deal with anything as frustrating as a computer for their working life.

We provide both implementation guidance and, in particular, regular oversight of the actual implementation and project progress.  We look for problems before they develop into disasters and cost overruns, based on our experience in both well run and poorly run legacy modernization projects.

Services Procurement and Vendor Management:

ProcurementServices11When you are buying a specialized service from small, specialized vendors, you may benefit from the experience of someone who has done this many times before – and from both sides of the table.  We know what is really important but doesn’t seem so, and, conversely, what seems important but isn’t.

Once the vendor has been thoroughly evaluated, you are well advised to audit his work thoroughly in the early stages to compare the actual efforts to the representations made before contract signing.  Then, if things are proceeding well, gradually withdraw the oversight to a minimal level, but still include sufficient review to to ensure the project is not going off the rails each time a payment due.