A risk framework for web-based application development
Recently one of our Project Managers returned from an initiation meeting with a large multinational company. As she had started to summarise the project risks the senior client cut her short abruptly, as this was “clearly for her as Project Manager to sort out”. She returned to the office frustrated, given that a number of the potential risks concerned that organisation’s poor record for supplying feedback on-time.
I’ve worked for over ten years in project management within large global web agencies and can say that situations like this are not unique, and that risk management is a contentious issue in web development projects. In our environment most projects are driven by the two main disciplines of ‘technology’ and ‘creative’; sometimes in harmony but sometimes at odds. The challenge for Project Managers is both adhering to good project processes (PRINCE2, PMBOK etc.) without stifling the creativity that marketing clients look for in digital agencies. When I conducted independent research for an MSc in Software Development I was interested whether web project managers in agencies should manage ‘just like IT projects’, for which documented models exist, or take a differing approach. Broadly my research asked three questions focusing on risk identification:
- Are there differences between risks facing technical web projects and ‘traditional’ IT projects?
- If so, are these new and unique, or a matter of degree?
- What would a risk framework for technical web projects contain?
As part of an MSc in Software Development I sampled 10 project managers working in UK interactive agencies on technical web projects for IT, FMCG, Government and Banking clients. I developed a loosely structured email questionnaire and used ‘critical incidence’ techniques (Flanagan, 1954) to get each to recall a completed complex technical project. Using content analysis of their feedback I developed a more specific questionnaire which was completed by a further 30 Project Managers. I analysed all data by comparing it to three established IT risk frameworks from Moynihan (1996), Barki (1993), and Carr (1993) to determine overlap and differences.