Escolar Documentos
Profissional Documentos
Cultura Documentos
Warren
McFarlan
Despite business’s more than 20 years of experience with information systems
(IS), disasters in that area still occur with surprising regularity. According to this
author, managers, both general and IS, can avert many of these fiascoes by
assessing the risks—singly and as a portfolio—in advance of implementation.
Also he notes that difficult projects require different management approaches.
The chief determinants of risk are the size and structure of the project and the
company’s experience with the technology involved. Companies can use a
series of questions to assess risk and to build a risk profile that will help them
choose the best management tools for projects of differing risk.
Stories from the Stage 1 and Stage 2 days of the late 1960s and early
1970s?1No! All these events took place in 1980 in Fortune “500” companies (I
could have selected equally dramatic examples from overseas). In a fashion
almost embarrassing to relate, the day of the big disaster on a major
information systems (IS) project has not passed. Given business’s more than 20
years of IS experience, the question is “Why?”
The typical project feasibility study covers exhaustively such topics as financial
benefits, qualitative benefits, implementation costs, target milestones and
Page 1 of 15 pages
completion dates, and necessary staffing levels. In precise, crisp terms, the
developers of these estimates provide voluminous supporting documentation.
Only rarely, however, do they deal frankly with the risk of slippage in time, cost
overrun, technical shortfall, or outright failure. Rather, they deny the existence
of such possibilities by ignoring them. They assume the appropriate human skills,
controls, and so on, that will ensure success.
1. Project size. The larger it is in dollar expense, staffing levels, elapsed time, and
number of departments affected by the project, the greater the risk.
Multimillion-dollar projects obviously carry more risk than $50,000 projects and
also, in general, affect the company more if the risk is realized. A related
concern is the size of the project relative to the normal size of a systems
development group’s projects. The implicit risk is usually lower on a $1 million
project of a department whose average undertaking costs $2—$3 million than
on a $250,000 project of a department that has never ventured a project
costing more than $50,000.
Page 2 of 15 pages
has a slight risk for a leading-edge, large systems development group may
have a very high risk for a smaller, less technically advanced group. Yet the
latter group can reduce risk through purchase of outside skills for an
undertaking involving technology that is in general commercial use.
3. Project structure. In some projects, the very nature of the task defines
completely, from the moment of conceptualization, the outputs. I classify such
schemes as highly structured. They carry much less risk than those whose
outputs are more subject to the manager’s judgment and hence are
vulnerable to change. The outputs of these projects are fixed and not subject
to change during the life of the project.
Quite the opposite was true in the personnel information project I mentioned
at the beginning, which was a low-structure project. In that situation, the users
could not reach a consensus on what the outputs should be, and these
decisions shifted almost weekly, crippling progress.
Assessing Risk
Page 3 of 15 pages
Exhibit I Effect of degree of structure on project risk
A legitimate concern is how to ensure that different people viewing the same
project will come to the same rough assessment of its risks. While the best way
to assess this is still uncertain, several companies have made significant
progress in addressing the problem.
Page 4 of 15 pages
Exhibit II Risk assessment questionnaire sample from a total of 54
questions Source: This questionnaire is adapted from the Dallas Tire case, no.
9-180-006 (Boston, Mass.: HBS Case Services, 1980).
This company developed the questions after carefully analyzing its experience
with successful and unsuccessful projects. I include some of them as an
example of how to bridge concepts and practice. No analytic framework lies
behind these questions, and they may not be appropriate for all companies;
Page 5 of 15 pages
however, they represent a good starting point and several other large
companies have used them.
Both the project leader and the key user answer these questions. Differences
in the answers are then reconciled. (Obviously, the questionnaire provides
data that are no better than the quality of thinking that goes into the answers.)
These questions not only highlight the risks but also suggest alternative ways of
conceiving of and managing the project. If the initial aggregate risk score
seems high, analysis of the answers may suggest ways of lessening the risk
through reduced scope, lower-level technology, multiple phases, and so on.
Thus managers should not consider risk as a static descriptor; rather, its
presence should encourage better approaches to project management.
Numbers 5 and 6 under the section on structure are particularly good
examples of questions that could trigger changes.
The higher the score, the higher must be the level of approval. Only the
executive committee in this company approves very risky projects. Such an
approach ensures that top managers are aware of significant hazards and are
making appropriate risk strategic-benefit trade-offs. Managers should ask
questions such as the following:
Can the affected parts of the organization survive if the project fails?
Page 6 of 15 pages
strategies. For example, in an industry that is data processing intensive, or
where computers are an important part of product structure (such as banking
and insurance), managers should be concerned when there are no high-risk
projects. In such a case, the company may be leaving a product or service
gap for competition to step into. On the other hand, a portfolio loaded with
high-risk projects suggests that the company may be vulnerable to operational
disruptions when projects are not completed as planned.
Page 7 of 15 pages
In summary, it is both possible and useful to talk about project risk during the
feasibility study stage. The discussion of risk can be helpful both for those
working on the individual project and for the department as a whole. Not only
can this systematic analysis reduce the number of failures, but, equally
important, its power as a communication link helps IS managers and senior
executives reach agreement on the risks to be taken in line with corporate
goals.
Contingency Approach
Now the organization faces the difficult problem of project operation. Much of
the literature and conventional wisdom about project management suggest
that there is a single right way of doing it. A similar theme holds that managers
should apply uniformly to all such ventures an appropriate cluster of tools,
project management methods, and organizational linkages.
Page 8 of 15 pages
Exhibit IV Tools of project management
Page 9 of 15 pages
High structure—low technology
Projects that are highly structured and that present familiar technical problems
are not only the lowest-risk projects but are also the easiest to manage (see
Exhibit I). They are also the least common. High structure implies that the
outputs are very well defined by the nature of the task, and the possibility of
the users changing their minds as to what these outputs should be is essentially
nonexistent. Consequently, the leaders do not have to develop extensive
administrative processes in order to get a diverse group of users both to agree
to a design structure and to keep to that structure. External integration devices
such as inclusion of analysts in user departments, heavy representation of users
on the design team, and formal approval by users of design specifications are
cumbersome and unnecessary for this type of undertaking. Other integrating
devices, such as training users in how to operate the system, remain important.
The system’s concept and design, however, are stable. At the same time, since
the technology involved is familiar to the company, the project can proceed
with a high percentage of persons having only average technical
backgrounds and experience. The leader does not need strong IS skills. This
type of project readily gives opportunity to the department’s junior managers,
who can gain experience that may lead to more ambitious tasks in the future.
Project life cycle planning concepts, with their focus on defining tasks and
budgeting resources against them, force the team to develop a thorough and
detailed plan (exposing areas of soft thinking in the process). Such projects are
likely to meet the resulting milestone dates and keep within the target budget.
Moreover, the usual control techniques for measuring progress against dates
and budgets provide very reliable data for spotting discrepancies and building
a desirable tension into the design team to work harder to avoid slippage.
These projects, vastly more complex than the first kind, involve some significant
modifications from the practice outlined in project management handbooks.
A good example of this type is the conversion of systems from one computer
manufacturer to another with no enhancements (which is, of course, easier
said than done). Another example of this kind of project is the conversion of a
set of manual procedures onto a minicomputer with the objective only of
doing the same functions more quickly.
Page 10 of 15 pages
The normal mechanisms for liaison with users are not crucial here (though they
are in the next type of project), because the outputs are so well defined by the
nature of the undertaking that both the development of specifications and
the need to deal with systems changes from users are sharply lower. Liaison
with users is nevertheless important for two reasons: (1) to ensure coordination
on any changes in input-output or other manual procedure changes
necessary for project success and (2) to deal with any systems restructuring
that must follow from shortcomings in the project’s technology.
Such technological shortcomings were also the main difficulty in the financial
institution I described at the start of this article. In such a case, where system
performance is much poorer than expected, user involvement is important
both to prevent demoralization and to help implement either an alternative
approach (less ambitious in design) or a mutual agreement to end the project.
The skills that lead to success in this type of project, however, are the same as
for effective administration involving any kind of technical complexity. The
leader needs this experience (preferably, but not necessarily, in an IS
environment) as well as administrative experience, unless the project is not very
large. The leader must also be effective in relating to technicians. From talking
to the project team at various times, the ideal manager will anticipate
difficulties before the technicians understand that they have a problem. In
dealing with larger projects in this category, the manager’s ability to establish
and maintain teamwork through meetings, a record of all key design decisions,
and subproject conferences is vital.
Project life cycle planning methods, such as PERT (program evaluation and
review technique) and critical path, identify tasks and suitable completion
dates. Their predictive value is much more limited here, however, than in the
preceding category. The team will not understand key elements of the
technology in advance, and seemingly minor bugs in such projects have a
curious way of becoming major financial drains.
Page 11 of 15 pages
vendor to redesign several chips. And formal control mechanisms have limits
in monitoring the progress of such projects.
In summary, technical leadership and internal integration are the keys in this
type of project, and external integration plays a distinctly secondary role.
Formal planning and control tools give more subjective than concrete
projections, and the great danger is that neither IS managers nor high-level
executives will recognize this. They may believe they have precise planning
and close control when, in fact, they have neither.
When these projects are intelligently managed, they have low risk. Over and
over, however, such projects fail because of inadequate direction. In this
respect they differ from the first type of project, where more ordinary
managerial skills could ensure success. The key to operating this kind of project
lies in an effective effort to involve the users.
Developing substantial user support for only one of the thousands of design
options and keeping the users committed to that design are critical. Essential
aspects of this process include the following:
An effort to break the project into a sequence of very small and discrete
subprojects.
Strong efforts to keep at least chief subproject time schedules below normal
managerial and staff turnover times in the user areas (since a consensus on
approach with the predecessor of a user manager is of dubious value).
Page 12 of 15 pages
include more and more detail of doubtful merit until the system collapsed. The
changing design made much of the programming obsolete. Tough,
pragmatic leadership from users in the design stage would have made all the
difference in the outcome.
The importance of user leadership increases once the design is final. Almost
inevitably, at that stage users will produce some version of “I have been
thinking…” Unless the desired changes are of critical strategic significance to
the user (a judgment best made by a responsible user-oriented project
manager), the requests must be diverted and postponed until they can be
considered in some formal change control process.
If the project is well integrated with other departments, the formal planning
tools will be very useful in structuring tasks and helping to remove any
remaining uncertainty. The target completion dates will be firm as long as the
systems target remains fixed. Similarly, the formal control devices afford clear
insight into progress to date, flagging both advances and slippages. If
integration with outside departments is weak, use of these tools will produce
an entirely unwarranted feeling of confidence.
In fact, in almost every respect management of this type of project differs from
the previous two. The key to success is close, aggressive management of
external integration, supplemented by formal planning and control tools.
Leadership must flow from the user rather than from the technical side.
Because these projects are complex and carry high risk, their leaders need
technical experience and knowledge of, and ability to communicate with,
users. The same intensive effort toward external integration described in the
previous class of projects is necessary here. Total commitment on the part of
users to a particular set of design specifications is critical, and again they must
agree to one out of the many thousands of options.
Page 13 of 15 pages
minicomputer systems designs, and they commonly lead either to significant
restructuring of the project or elimination of it altogether. Consequently, users
should be well represented at both the policy and the operations levels.
While formal planning and control tools can be useful here, at the early stages
they contribute little to reducing uncertainty and to highlighting problems. The
planning tools do allow the manager to structure the sequence of tasks.
Unfortunately, in this type of project new tasks crop up with monotonous
regularity, and tasks that appear simple and small suddenly become complex
and protracted. Time, cost, and resulting technical performance turn out to be
almost impossible to predict simultaneously. In the Apollo moon project, for
example, technical performance achievement was key, and cost and time
simply fell out. In the private sector, all too often this is an unacceptable
outcome.
Contingency Approach
Exhibit V shows the relative contribution that each of the four groups of project
management tools makes to ensure maximum control, given a project’s
inherent risk. It reveals that managers need quite different styles and
approaches to manage the different types of projects effectively. Although
the framework could be made more complex by including more dimensions,
that would only confirm this primary conclusion.
Page 14 of 15 pages
Exhibit V Relative contribution of tools to ensuring project success
The need to deal with the corporate culture within which both IS and project
management operate further complicates the problems. Use of formal project
planning and control tools is much more likely to produce successful results in
a highly formal environment than in one where the prevailing culture is more
personal and informal. Similarly, the selection and effective use of integrating
mechanisms is very much a function of the corporate culture.
The past decade has brought new challenges to IS project management, and
experience has indicated better ways to think about the management
process. My conclusions, then, are threefold:
1. Richard L. Nolan and Cyrus F. Gibson, “Managing the Four Stages of EDP
Growth,”
Page 15 of 15 pages