May 29, 2018 at 10:08Risk management on IT projects: what has changed in recent years
The risk management dilemma is very simple: either you are safe and put all the threats into the budget of the project, which will grow to heaven, or you will miss some of the risks and then get a chance to screw up beautifully.
In the first case, the company and your bonus will not profit, and in the second, something more terrible will happen. But the second case is Russian roulette, maybe it’s lucky. In practice, risk management is always a delicate balance between “reasonable” and “sufficient”.
Therefore, let's talk a little more about some of the project risks that have increased in recent years. Some of them are not new. Some in the realities of the current IT market have acquired new forms, colors and monstrous features.
There was a need to launch larger-scale integration and product projects in order to get a tangible competitive advantage in the market. Since the basic “building blocks” of the projects have already been written, we are talking about large-scale implementations, where the main thing is not the code itself, but performance indicators.
Previously, CIO engaged in the automation of the company's business processes and ensuring the stable operation of its zoo systems. Now the automation phase of classic business functions is drawing to a close: ERP, CRM, BI and other business management tools have already been digitized. Just having automation is no longer a competitive advantage. More important is Time-to-value, Time-to-market, ROE, continuity and cybersecurity. The speed of launching the product on the market, ensuring uninterrupted access to services and their security is the main focus right now.
IT is not becoming the service unit, but the core of the business. Any large-scale IT project now affects many processes, and accordingly, requires the participation of an increasing number of services and top managers. That is why the role of CIO and its division has grown over the past years. The requirements for IT literacy of technical unit employees have also grown.
Now it is impossible to successfully implement the project without understanding the industry specifics and nuances in the customer’s business processes, that is, the work of integrators has become more complicated. The service model of work comes to the fore. A large sale more and more takes shape almost like a cooperation contract, but still without revenue sharing, although such examples exist in my practice. Projects are increasingly starting to outgrow the “start and end” model and are turning into a continuous process of development of previously implemented projects. The integrator begins to be perceived as a partner, ready to share responsibility not only for the successful implementation of the project, but also for the business result for which it started.
As an example, I can cite projects on photo and video recording of traffic violations when the project is implemented at the expense of the contractor, and the contractor receives profit on the project from the proceeds generated by the fixation system itself in the form of fines! That is, he built the system poorly or missed with the calculation of the return on invested funds - get a loss in the project.
Now the phase of automation of the channels of interaction between companies and the surrounding business environment has begun: customers, partners, regulators, and so on. In fact, business is opening itself up in the cyberspace of a new digital market - it is creating a digital ecosystem around itself. This task is new to the market and carries with it a standard set of risks - financial, investment, operational.
This is mainly due to the lack of accumulated experience and developed standards, guaranteed mechanisms for protecting processes and data in cyberspace.
From the point of view of CIO, the integration of IT and the core business of the company continues, respectively, and the growing influence of the IT service on the company's risk management system.
What does this mean in terms of changing the work of the CIO and its subordinates? From the point of view of team leaders?
Now KPI CIO can not be limited to indicators of continuity and cost of ownership of IT. As a key element of any modern company, business performance comes to the forefront of IT departments! CIO and his team need to dive even deeper into the details of the organization’s business, go beyond IT competencies and even lose them, since most of the IT resources begin to be delivered through the service model. The increased responsibility for the result of the implementation of strategic initiatives makes us pay special attention to risk management in projects. Some of them become an insurmountable barrier for the project team on the path to successful implementation.
In a short period of time, you need to have time to make a “minimally viable product” for it to become productive, otherwise competitors will do the same. All other improvements later, in the process of testing user hypotheses. It is important to stake out the clearing first. This circumstance forces customers and project teams to change the familiar classic implementation models, creating new problems and risks.
The real challenge for the project team is managing the requirements and expectations of the customer. What is the main difficulty here? Projects are increasingly starting with a minimum set of requirements that are continuously updated and supplemented during the entire project. It often happens that by the end of a project the set of requirements is absolutely “perpendicular” to what was at the start. I have repeatedly observed how the customer only in the middle of the project, and sometimes towards the end, finally (!) Realized what he really wanted.
An iterative approach usually helps here - dividing into small sprints and deep customer involvement in the implementation process. And the greater this uncertainty, the closer the interaction should be. To create the necessary conditions for effective collaboration, we often drop key people from Technoserv to the customer’s site. This significantly improves communication, reduces reaction time, creates the necessary conditions for the integration of project teams, and, accordingly, reduces the amount of work "in the basket."
About expectations - a separate story. On the one hand, it’s hard to manage the expectations of a customer who does not yet clearly understand what he wants to get at the end of the project. On the other hand, as I wrote earlier, projects are increasingly affecting almost all functional units of the customer. And each of them is a source of requirements and a participant in the coordination of the final result. KPIs of these units are different, which means that a conflict of interest cannot be avoided! If you can’t find a compromise and make friends of the conflicting parties, you are guaranteed open sabotage by individual participants.
In one of our major projects, the problem of sabotage, in coordination with the IT curator, had to be included in the registry of key risks and submitted to the customer’s steering committee. There was another project when we built a loan conveyor for one large bank from the top 10. The customer’s working group included IT, risk managers, security professionals, product experts, lawyers, etc. Each of them solved their tasks, fought for their KPIs, and in order to solve many key issues, they had to connect the bank’s top officials. Fortunately, the project was initiated by the first person of the bank and he was very interested in it. Largely due to this, the system was able to be implemented as soon as possible. We probably would have done the project anyway, only it would have taken many times more time.
The trust of tops in the project manager is usually based on two things: the professionalism of PM and quick team victories. If trust has not appeared in a short time, then it can be extremely difficult to restore it later. For PMa and the team it is important to understand not only the industry specifics of the customer, his problems, but also to know the KPI of each key participant in this project. If you contribute to their achievement - you are well done, allies are provided for you.
The world is becoming digital, so the need for IT professionals has increased dramatically in recent years. We need people who are already trained and do the job with good quality and predictable results. There is no time for buildup, and customers no longer want to experiment on themselves. Increasingly, customers are looking for ready-made teams with ready-made ideas and business cases confirmed in practice. The qualification requirements of such teams are quite high, and there are not many of them on the market when it comes to innovative solutions. The outdated classical model of training is simply not able to cover the growing resource demand - you probably see this for yourself if you conduct interviews, for example, in development teams. The market is experiencing a huge shortage of highly qualified personnel.
Moreover, the risks are caused not only by the deficit itself, but also by the fact that, in response to the growing demand, the market was filled with low-skilled surrogate teams that gained knowledge on an accelerated basis and were characterized by a lack of sufficient practical experience. Recognizing them in the hustle and bustle of the project can be difficult, because at the front they usually have professional people.
From the point of view of implementation, the situation is as follows: it is good if you have enough resources necessary for the implementation of the project. It’s bad when you have to look for a partner and work with an unfamiliar team.
At such moments, two important things usually save:
Modern IT transformation projects involve not only the digitization of the existing business processes of the company, but also a global review of the functioning of the entire organization - reaching a fundamentally new level of work. Everything changes as soon as the market moves from massive enthusiasm for new technologies to attempts at real implementations. Many customers are simply not ready to make global changes to their business model. As a result, everything is limited to superficial optimization of bulky and inefficient business processes that have taken shape over many years. We converted the as-is processes to digital and continue to work as we did before, not noticing the obvious opportunities to increase efficiency. The main reasons are inertia of thinking and fear of change. And the older the company, the brighter they appear.
In one of the consulting projects, in an interview, a customer representative spoke about the business processes in which he is involved. To my question, what exactly does your unit coordinate in this chain? What is the importance of your participation? The customer could not clearly articulate, saying that since they implemented it this way, it means it is important and necessary!
Oddly enough, but often the very essence, the goal of the project becomes an insurmountable barrier to its implementation. And if the company’s tops are not adherents of global change, only a small part of such projects will survive to “combat” operation. Proven in practice!
If you look at the reports of leading analytical agencies, you will see that only 15% of modern innovative IT projects are considered successful! Why it happens?
Increasingly, projects on the client side are initiated under the influence of marketing pressure from the vendors, as well as in pursuit of the notorious competitors who have already introduced themselves something new and rushed to notify the market about this in countless press releases. At all conferences and forums we hear: “BigData - must have”, “blockchain - our everything”, “IOT - to every home” and much more ...
Without the required IT maturity and experience in implementing such solutions, customers often start a project either with high expectations or without proper goal setting. As a result, we observe the following picture: the BigData customer introduced it and uses it to obtain simple analytics, which can be obtained in cheaper ways. Or he gets high-quality multifaceted analytics, but does not understand at all how to use it in his work. He understands how to use it, but internal processes and IT do not allow this. As a result, the customer is disappointed in both the solution and the performer. Well, who else do we blame?
Awareness comes to the market through trial and error, products go through the so-called self-identification: the terms acquire their true meaning, more user experience and successful implementations appear. To understand how this works, just look at the Hartner Hip-Cycles and see what is now at the peak of "advertising hype." Here is one of them for 2017.
Take, for example, BigData and look at the chart (marked with a red dot). Only now, after almost a decade since the advent of the first products and solutions that relate exclusively and directly to the problem of processing big data, this technology has passed its “bottom of disappointment” and is starting to “reach the plateau of productivity”. With other technologies, everything is almost the same.
The often voiced problem is clearly visible on transitions to the cloud: for example, my colleague’s material about what myths are involved in this , but the exploitation history of how the old architecture is transferred to the new platform without understanding its essence .
Usually, this term refers to the legal aspects of interaction with regulatory authorities. The legal framework is a separate headache in the way of modern “digital” projects, especially for the public sector. The fact is that many SNIPs, GOSTs, regulations and decrees, according to which the regulatory authorities are working now, were written “under the king of peas” when there were no such technologies either. A large number of them are currently simply not applicable. This is really a serious problem that the state itself is aware of. And this is taken into account in the Digital Economy program, which was approved by the Russian government last year. There was a case in my practice when virtualization did not fit into the security requirements for a large state-owned bank: the standards by which the design was carried out were written “for iron” many years ago. Then the customer had to turn to regulators, one of which was FSTEC, to finalize the regulatory framework and requirements for the protection of virtual environments. As you know, it was not fast at all! Other technologies are now experiencing similar problems.
Whatever these standards may be - engineering, payment, and others - you have to figure it out yourself, attracting the right specialists like a lawyer. Why myself, because the most important skill of PMA is to understand how the project can be implemented. Most often, your consultants will find a million reasons "why this is not possible", and not one opportunity "as possible."
A prime example is PCI DSS certification .
Or another example - the definition of what personal data is for you .
Let's remember how the budgeting process for most customers occurs (we remember the state representatives separately and in bright colors). The budget is formed at the beginning of the year, is protected on the Criminal Code (or in other instances) and is often not even reviewed. When we move on to implementation, the main dilemma will arise - which payment scheme to choose. The “fix scope - fix price” working scheme, it is also called “Fixed Fee”, does not suit the performer very much, because the requirements are fuzzy, the variability is large, and the budget is fixed. There are huge risks to miss the budget.
The Time & Material scheme is often not even acceptable to the customer. On the one hand, it is impossible to talk about financial planning if you do not know the cost of implementation (procedural restrictions inside), and on the other hand, the customer often does not have enough experience to “chop off” such a scheme. And if there is no experience, and even trust in the contractor, it is almost impossible to convince the customer of its use. For the public sector, this scheme is generally a disaster: overspending is bad, undevelopment is doubly bad. I remember a funny project for one of the state services for the development and modernization of their main information system. The customer decided to contract under the T & M scheme. This was his first experience. He pledged money to the budget for the whole year, formed the main directions of development. Further, the contract assumed that individual orders would go to the contractor in the form of private TK, preliminary estimated and paid according to the T & M model. First of all, the customer fixed the accumulated bugs - it didn’t take much time and, accordingly, the budget. And then ... the ideas are over! Local employees simply did not know where to further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! First of all, the customer fixed the accumulated bugs - it didn’t take much time and, accordingly, the budget. And then ... the ideas are over! Local employees simply did not know where to further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! First of all, the customer fixed the accumulated bugs - it didn’t take much time and, accordingly, the budget. And then ... the ideas are over! Local employees simply did not know where to further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! where should they further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! where should they further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! mastering too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! mastering too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme!
The rapid development of innovative technologies opens up new horizons in business development and gaining competitive advantages. At the same time, it creates new risks and threats both for the implementation itself and for the further work of the customer. For example, every year the issue of information security is becoming ever more acute, and at absolutely all levels. And the whole difficulty lies in the fact that all the same modern BigData technologies, artificial intelligence, etc. are used to search for vulnerabilities and cyberattacks - but this is a conversation for a whole separate article.
There are many other risks that can unexpectedly put an end to your project. Previously, they were not so relevant for us. Recently, these risks are often generated by the geopolitical situation in the world. These are currency risks (when the dollar rate rose sharply and iron became “gold”), and the imposition of sanctions, when suddenly in the middle of the project the vendor informed you that he could not bring the necessary equipment, and now you are forced to buy what is available from a supplier, at a price 2 times more expensive ...
If it’s interesting, then I can tell you about each area - where are the pitfalls that we and my colleagues have run into more than once.
In the first case, the company and your bonus will not profit, and in the second, something more terrible will happen. But the second case is Russian roulette, maybe it’s lucky. In practice, risk management is always a delicate balance between “reasonable” and “sufficient”.
Therefore, let's talk a little more about some of the project risks that have increased in recent years. Some of them are not new. Some in the realities of the current IT market have acquired new forms, colors and monstrous features.
What has changed over the past 10 years in IT projects?
There was a need to launch larger-scale integration and product projects in order to get a tangible competitive advantage in the market. Since the basic “building blocks” of the projects have already been written, we are talking about large-scale implementations, where the main thing is not the code itself, but performance indicators.
Previously, CIO engaged in the automation of the company's business processes and ensuring the stable operation of its zoo systems. Now the automation phase of classic business functions is drawing to a close: ERP, CRM, BI and other business management tools have already been digitized. Just having automation is no longer a competitive advantage. More important is Time-to-value, Time-to-market, ROE, continuity and cybersecurity. The speed of launching the product on the market, ensuring uninterrupted access to services and their security is the main focus right now.
IT is not becoming the service unit, but the core of the business. Any large-scale IT project now affects many processes, and accordingly, requires the participation of an increasing number of services and top managers. That is why the role of CIO and its division has grown over the past years. The requirements for IT literacy of technical unit employees have also grown.
Now it is impossible to successfully implement the project without understanding the industry specifics and nuances in the customer’s business processes, that is, the work of integrators has become more complicated. The service model of work comes to the fore. A large sale more and more takes shape almost like a cooperation contract, but still without revenue sharing, although such examples exist in my practice. Projects are increasingly starting to outgrow the “start and end” model and are turning into a continuous process of development of previously implemented projects. The integrator begins to be perceived as a partner, ready to share responsibility not only for the successful implementation of the project, but also for the business result for which it started.
As an example, I can cite projects on photo and video recording of traffic violations when the project is implemented at the expense of the contractor, and the contractor receives profit on the project from the proceeds generated by the fixation system itself in the form of fines! That is, he built the system poorly or missed with the calculation of the return on invested funds - get a loss in the project.
Now the phase of automation of the channels of interaction between companies and the surrounding business environment has begun: customers, partners, regulators, and so on. In fact, business is opening itself up in the cyberspace of a new digital market - it is creating a digital ecosystem around itself. This task is new to the market and carries with it a standard set of risks - financial, investment, operational.
This is mainly due to the lack of accumulated experience and developed standards, guaranteed mechanisms for protecting processes and data in cyberspace.
From the point of view of CIO, the integration of IT and the core business of the company continues, respectively, and the growing influence of the IT service on the company's risk management system.
What does this mean in terms of changing the work of the CIO and its subordinates? From the point of view of team leaders?
Now KPI CIO can not be limited to indicators of continuity and cost of ownership of IT. As a key element of any modern company, business performance comes to the forefront of IT departments! CIO and his team need to dive even deeper into the details of the organization’s business, go beyond IT competencies and even lose them, since most of the IT resources begin to be delivered through the service model. The increased responsibility for the result of the implementation of strategic initiatives makes us pay special attention to risk management in projects. Some of them become an insurmountable barrier for the project team on the path to successful implementation.
... Project implementation deadlines are decreasing, and the pace is growing
In a short period of time, you need to have time to make a “minimally viable product” for it to become productive, otherwise competitors will do the same. All other improvements later, in the process of testing user hypotheses. It is important to stake out the clearing first. This circumstance forces customers and project teams to change the familiar classic implementation models, creating new problems and risks.
The real challenge for the project team is managing the requirements and expectations of the customer. What is the main difficulty here? Projects are increasingly starting with a minimum set of requirements that are continuously updated and supplemented during the entire project. It often happens that by the end of a project the set of requirements is absolutely “perpendicular” to what was at the start. I have repeatedly observed how the customer only in the middle of the project, and sometimes towards the end, finally (!) Realized what he really wanted.
An iterative approach usually helps here - dividing into small sprints and deep customer involvement in the implementation process. And the greater this uncertainty, the closer the interaction should be. To create the necessary conditions for effective collaboration, we often drop key people from Technoserv to the customer’s site. This significantly improves communication, reduces reaction time, creates the necessary conditions for the integration of project teams, and, accordingly, reduces the amount of work "in the basket."
About expectations - a separate story. On the one hand, it’s hard to manage the expectations of a customer who does not yet clearly understand what he wants to get at the end of the project. On the other hand, as I wrote earlier, projects are increasingly affecting almost all functional units of the customer. And each of them is a source of requirements and a participant in the coordination of the final result. KPIs of these units are different, which means that a conflict of interest cannot be avoided! If you can’t find a compromise and make friends of the conflicting parties, you are guaranteed open sabotage by individual participants.
In one of our major projects, the problem of sabotage, in coordination with the IT curator, had to be included in the registry of key risks and submitted to the customer’s steering committee. There was another project when we built a loan conveyor for one large bank from the top 10. The customer’s working group included IT, risk managers, security professionals, product experts, lawyers, etc. Each of them solved their tasks, fought for their KPIs, and in order to solve many key issues, they had to connect the bank’s top officials. Fortunately, the project was initiated by the first person of the bank and he was very interested in it. Largely due to this, the system was able to be implemented as soon as possible. We probably would have done the project anyway, only it would have taken many times more time.
The trust of tops in the project manager is usually based on two things: the professionalism of PM and quick team victories. If trust has not appeared in a short time, then it can be extremely difficult to restore it later. For PMa and the team it is important to understand not only the industry specifics of the customer, his problems, but also to know the KPI of each key participant in this project. If you contribute to their achievement - you are well done, allies are provided for you.
Personnel as a basic risk
The world is becoming digital, so the need for IT professionals has increased dramatically in recent years. We need people who are already trained and do the job with good quality and predictable results. There is no time for buildup, and customers no longer want to experiment on themselves. Increasingly, customers are looking for ready-made teams with ready-made ideas and business cases confirmed in practice. The qualification requirements of such teams are quite high, and there are not many of them on the market when it comes to innovative solutions. The outdated classical model of training is simply not able to cover the growing resource demand - you probably see this for yourself if you conduct interviews, for example, in development teams. The market is experiencing a huge shortage of highly qualified personnel.
Moreover, the risks are caused not only by the deficit itself, but also by the fact that, in response to the growing demand, the market was filled with low-skilled surrogate teams that gained knowledge on an accelerated basis and were characterized by a lack of sufficient practical experience. Recognizing them in the hustle and bustle of the project can be difficult, because at the front they usually have professional people.
From the point of view of implementation, the situation is as follows: it is good if you have enough resources necessary for the implementation of the project. It’s bad when you have to look for a partner and work with an unfamiliar team.
At such moments, two important things usually save:
- A list of reliable, trusted partners in key scarce areas. Such contacts often help out when their resources are not enough for large-scale implementation. In the conditions of burning deadlines, this is always extremely useful and often without compromising the budget. It is worth noting here that such partners are not developed quickly, and the interaction is largely based on trust on both sides. The result obtained, as a rule, justifies the efforts put into it.
- The development of your team. That is, to constantly learn for yourself and teach your people. Conferences, hackathons, courses, and trainings - all this works great in a rapidly changing market. Lets be on the cutting edge of technology and motivate the team. Here we work closely with key vendors and partners.
Conservatism of the customer
Modern IT transformation projects involve not only the digitization of the existing business processes of the company, but also a global review of the functioning of the entire organization - reaching a fundamentally new level of work. Everything changes as soon as the market moves from massive enthusiasm for new technologies to attempts at real implementations. Many customers are simply not ready to make global changes to their business model. As a result, everything is limited to superficial optimization of bulky and inefficient business processes that have taken shape over many years. We converted the as-is processes to digital and continue to work as we did before, not noticing the obvious opportunities to increase efficiency. The main reasons are inertia of thinking and fear of change. And the older the company, the brighter they appear.
In one of the consulting projects, in an interview, a customer representative spoke about the business processes in which he is involved. To my question, what exactly does your unit coordinate in this chain? What is the importance of your participation? The customer could not clearly articulate, saying that since they implemented it this way, it means it is important and necessary!
Oddly enough, but often the very essence, the goal of the project becomes an insurmountable barrier to its implementation. And if the company’s tops are not adherents of global change, only a small part of such projects will survive to “combat” operation. Proven in practice!
Product Market Identification
If you look at the reports of leading analytical agencies, you will see that only 15% of modern innovative IT projects are considered successful! Why it happens?
Increasingly, projects on the client side are initiated under the influence of marketing pressure from the vendors, as well as in pursuit of the notorious competitors who have already introduced themselves something new and rushed to notify the market about this in countless press releases. At all conferences and forums we hear: “BigData - must have”, “blockchain - our everything”, “IOT - to every home” and much more ...
Without the required IT maturity and experience in implementing such solutions, customers often start a project either with high expectations or without proper goal setting. As a result, we observe the following picture: the BigData customer introduced it and uses it to obtain simple analytics, which can be obtained in cheaper ways. Or he gets high-quality multifaceted analytics, but does not understand at all how to use it in his work. He understands how to use it, but internal processes and IT do not allow this. As a result, the customer is disappointed in both the solution and the performer. Well, who else do we blame?
Awareness comes to the market through trial and error, products go through the so-called self-identification: the terms acquire their true meaning, more user experience and successful implementations appear. To understand how this works, just look at the Hartner Hip-Cycles and see what is now at the peak of "advertising hype." Here is one of them for 2017.
Take, for example, BigData and look at the chart (marked with a red dot). Only now, after almost a decade since the advent of the first products and solutions that relate exclusively and directly to the problem of processing big data, this technology has passed its “bottom of disappointment” and is starting to “reach the plateau of productivity”. With other technologies, everything is almost the same.
The often voiced problem is clearly visible on transitions to the cloud: for example, my colleague’s material about what myths are involved in this , but the exploitation history of how the old architecture is transferred to the new platform without understanding its essence .
Regulation
Usually, this term refers to the legal aspects of interaction with regulatory authorities. The legal framework is a separate headache in the way of modern “digital” projects, especially for the public sector. The fact is that many SNIPs, GOSTs, regulations and decrees, according to which the regulatory authorities are working now, were written “under the king of peas” when there were no such technologies either. A large number of them are currently simply not applicable. This is really a serious problem that the state itself is aware of. And this is taken into account in the Digital Economy program, which was approved by the Russian government last year. There was a case in my practice when virtualization did not fit into the security requirements for a large state-owned bank: the standards by which the design was carried out were written “for iron” many years ago. Then the customer had to turn to regulators, one of which was FSTEC, to finalize the regulatory framework and requirements for the protection of virtual environments. As you know, it was not fast at all! Other technologies are now experiencing similar problems.
Whatever these standards may be - engineering, payment, and others - you have to figure it out yourself, attracting the right specialists like a lawyer. Why myself, because the most important skill of PMA is to understand how the project can be implemented. Most often, your consultants will find a million reasons "why this is not possible", and not one opportunity "as possible."
A prime example is PCI DSS certification .
Or another example - the definition of what personal data is for you .
Classic project budgeting
Let's remember how the budgeting process for most customers occurs (we remember the state representatives separately and in bright colors). The budget is formed at the beginning of the year, is protected on the Criminal Code (or in other instances) and is often not even reviewed. When we move on to implementation, the main dilemma will arise - which payment scheme to choose. The “fix scope - fix price” working scheme, it is also called “Fixed Fee”, does not suit the performer very much, because the requirements are fuzzy, the variability is large, and the budget is fixed. There are huge risks to miss the budget.
The Time & Material scheme is often not even acceptable to the customer. On the one hand, it is impossible to talk about financial planning if you do not know the cost of implementation (procedural restrictions inside), and on the other hand, the customer often does not have enough experience to “chop off” such a scheme. And if there is no experience, and even trust in the contractor, it is almost impossible to convince the customer of its use. For the public sector, this scheme is generally a disaster: overspending is bad, undevelopment is doubly bad. I remember a funny project for one of the state services for the development and modernization of their main information system. The customer decided to contract under the T & M scheme. This was his first experience. He pledged money to the budget for the whole year, formed the main directions of development. Further, the contract assumed that individual orders would go to the contractor in the form of private TK, preliminary estimated and paid according to the T & M model. First of all, the customer fixed the accumulated bugs - it didn’t take much time and, accordingly, the budget. And then ... the ideas are over! Local employees simply did not know where to further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! First of all, the customer fixed the accumulated bugs - it didn’t take much time and, accordingly, the budget. And then ... the ideas are over! Local employees simply did not know where to further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! First of all, the customer fixed the accumulated bugs - it didn’t take much time and, accordingly, the budget. And then ... the ideas are over! Local employees simply did not know where to further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! where should they further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! where should they further develop their own system. The project team was only able to help partially, because the task was relatively new, and the team was not adequately staffed by industry experts and analysts. Realizing that time is running out, and the money is "burning out", the customer began to generate tasks from the category of "not really needed, but suddenly come in handy." Dynamics has increased dramatically, development too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! mastering too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme! mastering too. But when the customer had really bright ideas at the end of the project, the project budget was already over! More than the customer did not apply such a scheme!
The future is not the same as before
The rapid development of innovative technologies opens up new horizons in business development and gaining competitive advantages. At the same time, it creates new risks and threats both for the implementation itself and for the further work of the customer. For example, every year the issue of information security is becoming ever more acute, and at absolutely all levels. And the whole difficulty lies in the fact that all the same modern BigData technologies, artificial intelligence, etc. are used to search for vulnerabilities and cyberattacks - but this is a conversation for a whole separate article.
There are many other risks that can unexpectedly put an end to your project. Previously, they were not so relevant for us. Recently, these risks are often generated by the geopolitical situation in the world. These are currency risks (when the dollar rate rose sharply and iron became “gold”), and the imposition of sanctions, when suddenly in the middle of the project the vendor informed you that he could not bring the necessary equipment, and now you are forced to buy what is available from a supplier, at a price 2 times more expensive ...
If it’s interesting, then I can tell you about each area - where are the pitfalls that we and my colleagues have run into more than once.