Q&A: Evaluating Risk for Project Success
How enterprises and software developers can evaluate and manage risk to ensure project success.
Every project faces risks, but it’s the project manager’s job to evaluate and avoid them. What do you need to conduct effective risk management, and what’s the payoff? To learn more about risk management for software developers and enterprise IT teams, we spoke to Randy Heffernan, vice president at Palisade (www.palisade.com), a company that develops the risk and decision analysis software programs @RISK and the DecisionTools Suite.
Enterprise Systems: I presume that any industry would evaluate risk before embarking on a project. What are some challenges that are unique to the software industry?
Randy Heffernan: The software industry is fortunate to not have a lot of manufacturing costs, but the timelines in this industry are lightning fast. Technology becomes out of date almost as soon as it is released, and it is particularly susceptible to copycat competitors who seek to replicate functionality at a lower price. With software, there can be an element of buyer’s remorse if the customer buys the cheap copy, not realizing that the functionality was not exactly as robust as touted.
Another risk that software companies face is casual copying, or, more harshly, piracy. Most people don’t buy software in order to illegally copy and sell it, which is the traditional piracy model. However, many people buy it with the intention of using it on multiple computers for multiple people, without fully understanding the limitations on the license they purchased for the price they paid. This casual copying can be costly for software companies, so steps must be taken to prevent it. Unfortunately, these steps (such as locking software to a particular computer) can sometimes be inconvenient to customers, despite the fact that such security measures are commonplace.
Is conducting extensive risk analysis and management a standard practice within the software industry? If not, why not?
It may be less common in the software industry due to lower R&D costs as compared to pharmaceuticals or oil and gas exploration. As the landscape becomes more competitive, the technology advances are much faster, and as the risk of having your product illegally distributed is increasing, this seems to be changing.
What kind of resources do companies need to invest in to ensure the success of the projects?
One resource is the use of proper tools. Companies cannot perform adequate risk analysis without any tools designed for the purpose. Excel is a tremendously flexible modeling tool, but can’t do risk analysis alone. Oracle and SAP are powerful back-office database tools but no substitute for proper risk analysis. It’s one thing to have “analytical” software tools in the office and quite another to handle the uncertainties companies face.
It’s possible to spend hundreds of thousands or millions on very specific risk analysis tools that are geared toward narrow applications. These might be useful for a particular problem, but usually lack flexibility to be used in other areas. A more efficient approach is generally to use tools that can enhance existing modeling environments everyone is familiar with, such as Microsoft Excel. @RISK from Palisade Corporation (the company I work for) is one example. @RISK adds Monte Carlo simulation and a host of other functionality to existing Excel spreadsheets, enabling them to account for uncertainty and simulate the future. The result of an @RISK analysis is the knowledge of what could happen and how likely it is to happen – insight that is tremendously useful to any decision maker, regardless of industry.
Can you discuss some of the downfalls of not conducting risk analysis or share any examples of projects gone awry due to lack of investment in risk analysis software? Are there any published studies or surveys that quantify the costs involved in not conducting such analysis?
The downfalls of not conducting risk analysis are significant. Not to oversimplify, but our current financial crisis had roots in improper or nonexistent risk analysis. Simply stated, risks were ignored for the sake of short-term profitability. Failing to conduct risk analysis means ignoring what could happen, which can cause companies to forego planning (and thus be surprised when the unexpected inevitably strikes).
Fiona Lamb-MacMillan, now with Palantir Economic Solutions, co-authored a paper in the journal of the Society of Petroleum engineers about exploration companies and their use of risk analysis techniques. The paper showed a strong correlation between financial performance and the use of quantitative risk methods. In another paper, she also demonstrated financial improvements that occurred just after companies adopted more quantitative risk methods and tools.
What are some of the benefits of risk management and analysis?
There are many benefits. For example:
- You can identify pitfalls and uncover opportunities you didn’t know existed.
- You can identify drivers of your risk; that is, understand which risk factors are the most important and have the biggest impact on your bottom line. This lets you target specific variables so you don’t waste resources on low-impact or extremely unlikely events.
- You can improve your credibility, making your case more persuasively to upper management, corporate, investment banks or other stakeholders when you need money or want to advance a project.
- You can get buy-in from those on your team or those with whom you will interact when implementing a project.
- Most important, you can make better-informed decisions -- the best possible decisions given the information at hand.
You mentioned Monte Carlo simulation. What is it and what role does it play in risk assessment and management?
In a nutshell, Monte Carlo simulation is a technique that tells you not only all possible outcomes that might occur but how likely each will occur.
More specifically, it is a computerized mathematical technique that allows people to account for risk in quantitative analysis and decision-making. The technique is used by professionals in such widely disparate fields as finance, project management, energy, manufacturing, engineering, research and development, insurance, oil & gas, transportation, and the environment.
Monte Carlo simulation furnishes the decision-maker with a range of possible outcomes and the probabilities they will occur for any choice of action. It shows the extreme possibilities -- the outcomes of “going for broke” and for the most conservative decision, along with all possible consequences for middle-of-the-road decisions.
It works by substituting ranges for values for uncertain inputs in a model, then sampling from those ranges over and over to record new outcomes each time. This is the simulation itself, and the result is a range -- or distribution -- of possible outcomes and associated probabilities.
It is a highly flexible tool used extensively in risk management to gain insight into what could happen so that resources can be allocated more effectively, better strategies designed, mitigation plans developed, and better decisions made.
This page on our Web site provides more information: http://www.palisade.com/risk/monte_carlo_simulation.asp
Tell us about Palisade and how it helps companies manage risk.
Founded in 1984, Palisade Corporation is maker of the risk and decision analysis software @RISK and the DecisionTools Suite. Through these tools, Palisade helps companies analyze, manage, and plan for risk. This is important in order to make contingency plans and create strategies to minimize risk, but the real benefit of Palisade software is that it enables companies to make better decisions. By helping decision-makers understand the uncertainties they face, Palisade tools provide insight that you can’t get with traditional modeling or analysis. That’s why we have over 90 percent of the Fortune 500 using our tools. Our clients include companies in diverse industries, such as Unilever, Fluor, PricewaterhouseCoopers, and Merck.
Palisade has developed a depth of expertise in Monte Carlo simulation and other complementary analyses that is really unparalleled. We are fortunate to have a stable team of core developers and technical experts that have been with us since the 1980s, giving us a foundation of knowledge that is almost unheard of among software companies.
In addition to the tools themselves, Palisade offers comprehensive training, consulting, and modeling services. In this way we can teach professionals how to apply not just the software but the principles of quantitative decision making to real-world problems.
References
The white papers Mr. Heffernan refers to were, respectively: The Application of Probabilistic and Quantitative Methods to Asset Management Decision Making by G.S. Simpson, F. E. Lamb, J. H. Finch, and N. C. Dinnie, Society of Petroleum Engineers, 2000, and Taking Calculated Risks by F. E. Lamb, et. al., Oilfield Review, 2000.