Managing risk when implementing a CRM project – the dos and don’ts
Risk – it’s a fact of everyday life in any sized business and certainly something the SMBs we work with think about a lot. There are all sorts of risks – from key colleagues leaving your business and customers deserting you to regulatory transgressions or even legal problems. And much more besides.
Here, we set out the specific risks that can crop up when a small or medium-sized business (SMB) executes a technology project. We use the specific example of the implementation of a Customer Relationship Management (CRM) system but the lessons you’ll learn here will stand you in good stead for any significant technology project.
In almost every example of risk, a goal should be to either eliminate, limit or mitigate against the banana skins that could limit the ROI on your CRM project, stop your business succeeding or, in the worst case, stop it continuing to trade. This what risk management is all about and It’s one of the most important things a business can do.
Risk management provides the required focus to manage and mitigate risks before they occur. Regardless of project methodology, managing risks is key to project success and any initial risks anticipated that could undermine the success of the project should be highlighted. When assessing risks, it is prudent to consider proximity, probability, impact, and probability to identify, prioritise and implement the required actions.
I.T. project risks typically fall into one of the four following categories:
- Solution design – e.g. alignment with any business process, operational or system elements
- Organisational / human factors – e.g. change of project sponsor or other key stakeholder, resource availability, changing priorities, and support etc.
- Strategic / commercial – e.g. alignment with strategic direction, contractual, budget, contractor resource etc.
- Other – e.g. economic, political, environmental, legal, compliance or regulatory issues
By working through these categories, organisations are provided with a robust format and approach for identifying, discussing and giving the required focus to aid the mitigation of these risks. In addition to risks, any assumptions made in scoping and preparing the project’s benefits case, key success factors and plan should be agreed.
Risks can impact Time, Cost, Quality and Scope aspects of project deliverables and these should be identified and measured. By measuring risk impact and probability, it is possible to score risks and identify those that are high risk to prioritise during mitigation planning.
By identifying and assessing any risks associated with the project, the appropriate management of risks can be put in place. With a robust risk management plan in place, a risk matrix of ‘scored’ risks with owners assigned and risk response identified can be created.
- Prevention – put in place a plan to remove the risk
- Reduction – put in place a plan to control it, to reduce the likelihood it will happen
- Transference – transfer the risk to a 3rd party – e.g., Insurance or service provider
- Acceptance – tolerate the risk – nothing can be done at a reasonable cost to mitigate
- Contingency – have a plan in place to deal with the risk, should it occur
All risks should be documented, managed and reviewed throughout a project. A Risk or ‘RAID’ log (Risks, Actions, Issues and Decisions) should be utilised to enable central coordination of the project.
Maintained during the project, the RAID log is utilised to check progress on existing items and record any new items, ensuring owners and completion dates are assigned as appropriate. A Risk log will aid project progress and measurables to realise success.
Ensure risk management plans are in place, ahead of time and communicated clearly to ensure risks are minimised or mitigated against during a project.
Keep risk messaging positive, check understanding (resist assumption), assign accountability / responsibilities and implement reporting requirements to both measure and communicate impact.
Follow up on actions taken to mitigate the effects of the risk and review the risk log on a regular basis throughout the project. Upon completion of the project, many learnings can be gained from reviewing risks and actions taken to prepare for similar risks that may occur. This enables an organization to have contingency plans in place to continually optimise projects.