Takeaway: Some IT consultants overlook risk identification and management, especially on small engagements. Brad Egeland says this oversight could cost you future business.
I’ve run some projects as an internal PM and others as a consultant brought in to either lead a team or perform the work myself. The way you run engagements will differ somewhat based on your incoming status (employee vs. consultant) and the size of the effort (long-term software implementation vs. short-term consulting gig to implement new processes). There can also be differences in how you put together the upfront formal planning documents, and the way you formalize and document requirements.
One variable that remains constant regardless of whether you’re an internal or an external project lead is the task of risk identification and risk management. I’ll address the topic of risk below from a consultant’s perspective.
Step one: Identify risks
You’re coming in cold and don’t know the potential risks of the organizational infrastructure, procedures, and personnel. Be careful not to make assumptions before you have all of the facts; otherwise, you can wind up adding more risk.
Even if it’s a one-on-one engagement with the CIO or project sponsor, it’s critical that you run through a risk identification process during a detailed risk planning session. (The CIO is your best source of initial information.) The onus is on you to ask good questions, because you’re the expert on consulting engagements and can warn the client about the common pitfalls they might encounter. You’re coming in cold and don’t know the potential risks of the organizational infrastructure, procedures, and personnel. Be careful not to make assumptions before you have all of the facts; otherwise, you can wind up adding more risk.
Step two: Talk to SMEs and users
The next step is to meet with subject matter experts and end users (if these are different people) and any other personnel who will interact with the solution to a significant degree. These individuals can be good resources when you’re trying to identify potential risks.
Step three: Devise risk strategies
You need to work with the project sponsor, the SMEs, and users to determine and document the best strategy to mitigate or even avoid these risks if they arise. Even if you can’t formulate a detailed risk response to each item, it will still be helpful to identify a strategy to keep in mind as you continue to track these risks.
Step four: Manage risk and provide regular status updates
I’m a proponent of managing consulting engagements on an ongoing basis like you would on a formal long-term project. I encourage you to conduct weekly status meetings with the client, during which you should provide a revised task schedule and status report. Your risk list should be part of every weekly status report during.
We may not always conduct smaller consulting engagements with the same formality as we would $2 million dollar projects for Fortune 500 companies, but the need to identify and manage risks is still there. It’s worth the time and effort because mitigating even one risk could mean the difference between success and failure and might land you future business with the client.