Governing IT and project risk

Boards have been looking for credible advice for some time now on how to deal with IT risk [i]. The jury is still out – deliberating how much time should be spent governing IT and IT projects. Research released today may have tipped the balance towards more rather than less [ii].

Evidence gathered over a 10 year period has shown that IT project failures result in a 2% average drop in the share price. The fall is somewhat greater if it is a failure of a new project and less if it is an operating failure with a current system. Investors were shown to be quite well informed with larger falls when the failure was more severe and more again when there has been a history of failures.

So how much time should be spent governing IT projects? Today’s research suggests it is the amount justified to minimise the likelihood of a 2% fall in the share price, with particular focus on new projects and avoiding repeated failures. It is clearly not the minimal amount of time that Deloitte have identified as the practice with many boards, that in their words is “tantamount to negligence” [iii].

Boards approve around 40% of all projects [iv] and the minimum standard must be (a) at the time of funding to ask four of the six key questions recommended by Standards Australia [v] and (b) to address the remaining two questions by having mechanisms in place to monitor performance.

The guidelines (tabled below) are clearly more to do with good governance than rocket science. However, the statistics reported in the table also show that not one of the guidelines is addressed adequately more than 40% of the time[vi]. The best interpretation of these statistics is that less than 0.2% of projects are governed effectively. Surely we can do better.

Key governance criteria	% time effective
(1)   clarify what success looks like	40%
(2)   understand the scale of change required to realise the benefits	40%
(3)   confirm the sponsor is personally motivated to drive through the necessary change and accountable for the business benefits	5-13%
(4)   determine how to measure and reward success.	33-66%
(5)   have a culture to listen and resolve unexpected problems	???
(6)   monitor benefits realisation and intercede as necessary	0 – 13%

Note: The HB280 guidelines are usually a good starting point for most organisations. There will be times when more detailed help might be required and we have developed the 6Q Governance™ toolset to help institutionalise better practice. However, our approach is focused on the transfer of skills/competencies and not dependent on any tools.

---

[i] R.C. Young and E. Jordan, “Lifting the Game: Board views on e-commerce risk,” in IFIP TG8.6 the adoption and diffusion of IT in an environment of critical change, (Sydney: Pearson Publishing Service, 2002), pp. 102-113

[ii] Anandhi Bharadwaj, Mark Keil, and Magnus Mähring, “Effects of information technology failures on the market value of firms,” The Journal of Strategic Information Systems,  18 (2009), 66 – 79

[iii] Deloitte, What the Board Needs to Know About IT: Phase II Findings: Maximizing performance through IT strategy (Deloitte LLP,  2007)

[iv] KPMG, “Global IT Project Management Survey: How committed are you?.” 2005

[v] R. Young, HB 280-2006 Case Studies – How Boards and Senior Management Have Governed ICT Projects to Succeed (or Fail) (Sydney: Standards Australia,  2006)

[vi] References are available but not included to manage word length. Academic references have been cited over industry sources to increase rigour. Please contact the author for details.

Tags: corporate governance, IT Governance, Project Governance, value of governance

This entry was posted on Wednesday, August 19th, 2009 at 3:00 pm and is filed under Governing Programmes and Projects, Practice Areas. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.