What Makes a Great Team Member? This is so true! Our project management team, and some other people I know fit this description pe...
The Myth about IT Risk Assessment
Share This -
RISK is by far another misused term
after ROI in IT. It is often used to describe "the probability of
the unknown" - maybe I am giving too much credit to the ones who use
it! It is also used to make IT decisions most ambiguous. Lastly, it
is a great CYA term - "what is the RISK of this decision?" - was
never sure what people mean by these statements.
Anyways, let us define RISK in more
real-life terms. RISK is the probability of an unknown event that may
lead to a LOSS (a non-deterministic behavior or Stochastic process). It
is driven by two factors - unknown outcome of a decision - attributed to lack
of Information , and randomness of the assumptions used in making a decision -
attributed to lack of Statistical rigor in evaluating assumptions used in a
decision. We can minimize RISK by minimizing these two factors that drive
RISK
IT decisions are mostly centered on
investments in new technology and/or in new talent. These are usually to
address new business automation needs to accelerate the speed to do
business. In this context there are basically two factors that define the
value of the business opportunity:
The "expected" cash-flow
arising from the new business opportunity
The
"risk" associated with the business opportunity arising from:
The
impact of "chance" in the decision or randomness in
decision-making
The
impact of the "unknown" in the decision - or the impact of
"Information Asymmetry" (lack of information) on the decision
Hence, the problem centers around
identifying the "unknowns" in the decision so that appropriate steps
may be taken to "mitigate" their occurrence because
"randomness" cannot be foreseen or mitigated. Rest is up to the
"Marketing Einsteins" to forecast the expected cash-flow from the
business opportunity. The pursuit to "attempt to know the
unknowns" is an oxymoron. The question is how should
executives make the decision in the "right" way rather than how to make
the "right decision".
Enter
IT Finance...
The traditional way to ascertain the
value of the IT decision would be to do a Discounted Cash Flow on the current
state and compare it against the "expected future state" and then do
a NPV (Net Present Value) of the expected net savings to demonstrate the value
of the decision. If the NPV is a "large positive number" then
it is a good proposition. Subsequently "expected future state"
is compared to the "expected revenue forecasts" made by the Marketing
Einsteins to demonstrate that it is a great opportunity and they must
immediately embark upon it to make the "expected" millions...
A
few things are ignored in this type of a valuation - the company's cost of
capital is treated as "constant" over the period of the valuation,
the expected cash flow is "expected" and the assumptions are all held
constant over the duration of the valuation. Once the project is
undertaken, new nuances are discovered and the "loss" portion of the
project starts creeping in. Managers are blamed, Vendors are chastised, a
few senior heads roll and the project is ultimately scrapped ... the death of a
"potential" value-creation opportunity. Sometimes proof-of-concepts
are initiated, however very rarely is the outcome taken to re-calibrate the
"expected future state" of the project.
However...
IT Capital projects can be broken into small investments each consisting of a
"proof-of-concept" or "try-out" phases where the
assumptions may be re-visited to re-calibrate the expected future state.
In other words, these "proof of concepts" serve as the opportunity to
mitigate the Information Asymmetry of the decision leading to reducing that
portion of the Risk and re-calibrating the "expected future state" at
a lower level of Risk. They also provide an opportunity to re-visit the
entire Capital Expenditure decision.Using
simple simulation models and with the use of simple real-options concepts the
executives may be able to re-visit their decision at periodic intervals to
ensure whether the project is still a "positive return" investment.
In
a nutshell...
Remove the Information Asymmetry by giving importance to "proof of
concepts" and gathering the data to revisit the financial impact of the
project. This reduces the Risk (I can now define Risk as the Standard Deviation
of the Net Present Value or the Strategic Value of the project) and provides
transparency to IT finance to advise the IT executive to make the right
decision at the right time.
Sumitro Sarkar has 20 years of experience in technology consulting
and product strategy. He has served in management and leadership
positions in big- five management consulting firms, financial
information services and technology product companies. His areas of
interest are redefining technology value propositions, resolving
bleeding-edge technology myths, using technology to change the rules of
business. He holds holds an MBA from the Johnson
Graduate School of Management at Cornell University. He also holds a BA in Economics and Mathematics (with honors) and
an MBA from Delhi, India. He also He also writes the “Is IT Worth It” blog.
Comment on this article
Only registered users can write comments. Please login or register.
