A risk framework for web-based application development
Of the 13 themes identified there were five that were rated particularly highly and I have detailed some of their component risks below. Additionally the main risks identified are summarised as a table here.
1) Internal team / agency
The highest rated risk identified in the framework is ‘lack of internal communication between team members’. This risk is internal to the organisations and may reflect the uncommunicative silos that creative, technical and other disciplines can find themselves inhabiting. Communication has been raised by only one of the three IT frameworks, yet is flagged regularly by practitioners such as Kendrick (2003) as being critical within projects. ‘Lack of accountability’ by different disciplines within project teams is also critical. This resonates with points raised by Steele and Carter (2001) who suggest web projects are unique because of the very different motivations and personalities of the parties involved. Two items cover ‘novelty’ – both with ways of working and with the project type being new to the organisation. Issues with new ways of working are not addressed in any of the existing IT frameworks; this links in to observations from researchers like Rodriguez (2002) and Reifer (2002) who comment on the high rate of change and short time-scales of web projects. Finally there was’ agency over-committing’. As Reifer observes, the rate of change is so high in the web industry, combined with strong competition for contracts that inevitably leads to over-commitments to clients. None of the IT frameworks rate this as an issue, however in the modern competitive market place and bearing in mind the high level of IT project failures it may be an unfortunate omission.
2. The Client
Three risks raised refer to the client’s web knowledge and experience. Whilst a certain lack of technical knowledge from the client is identified in all aforementioned IT frameworks, the issue of the client’s lack of understanding of the impact of their requirements is covered only by Moynihan. Two items considering the clients’ push for new functionality and change were identified repeatedly by web project managers, yet only Carr identifies the same issue for IT projects
3) Requirement and Specification
This covers risk items such as ‘many unknowns’ and ‘insufficient initial budget to deliver what the client wants’ and were only covered by one of the IT frameworks. ‘Technical scope is too ambitious / optimistic’ was however a universal issue, though researchers like Rodriguez still suggest that this is a greater issue for web projects due to the range of technologies used.
There is a large degree of overlap here between the web and IT risk frameworks, including ‘Integration of many technologies’, and ‘Unfamiliar tools / technologies’. The web framework identifies compliance and policy as problematic whereas it is not covered by the IT frameworks; this may be partly down to the global and customer-facing nature of the web, though equally it may indicate a need to review the IT frameworks against the current regulatory environments.
5) Project timing
The final items relate to unrealistic launch dates, and to allocating insufficient time to tasks during planning. These risks are covered by only one of the IT frameworks. Once again attention is drawn to Rodriguez, who states that that time to market and product life cycles are much more pronounced in the case of web applications.
Relative inexperience was not seen by web project managers as a risk, yet their average age of 32 was at least ten years younger than Moynihan’s IT project managers. Anecdotal evidence suggests that web project managers are often younger and, critically, more inexperienced than in traditional IT delivery. The project managers sampled also didn’t feel that training is an issue, yet only half have formal Project Management qualifications e.g. PRINCE2, ISEB etc., and only a third have academic qualifications covering relevant topics.
So are risks in web-based projects different from ‘traditional’ IT? My own conclusion is that the agencies sampled are in need of a different perspective due to their creative and marketing roots, as well as the demands of their clients. However many of the truths and learning from IT and project management are still valid and must be acknowledged in any context, such as the common technical heritage. Equally there are a number of risks identified here which have little or no overlap with the quoted IT frameworks, such as requirements uncertainty and volatility, organisational issues and internal staff accountability and communication. I see a case for some of these points to be considered for updated risk frameworks to help us understand and manage risk identification in web-based projects for the benefit of organisations and their clients.
The main risks identified above are summarised as a table here