Many companies outsource (subcontract) a majority of their work to stay competitive in today’s global environment. As a result, a serious risk arises associated with obtaining accurate and audible proposals from subcontractors for inclusion into the proposal to their customer. Continue reading
Risk Management is a process by which uncertain events (risks) that may affect a project are identified, analysed, planned for, monitored (controlled) and, in the event that they are realised, dealt with.
However despite the conventional wisdom that Risk Management will prevent project failure from a cost, time, quality perspective or whatever other criteria has been established for successful delivery, projects continue to fail.
Much has been written about the use of the terms “risks” and “opportunities” with respect to the process that PMI refers to as “Manage Risk.” A recent thread on the subject of the terms on LinkedIn has drawn over 100 responses debating their meaning and usage, dissecting them in detail and resolving little. For the purposes of this post, let’s agree to refer to outcomes of planned project activities as uncertainties.
Different levels of management are appropriate for different projects. The hard part is knowing how much is enough. Many project managers believe that the amount of management effort, and type and scale of management techniques, is a function of project size, duration, cost, or complexity. While this is partly true, the real issue is, “How important is it to achieve the project objectives?”
Internal auditors play a valuable role in ensuring that IT investments are well-managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders. Internal auditors need to take a risk-based approach in planning their many activities on IT project audits. With limited audit resources, auditors must focus on the highest-risk project areas, while adding value to the organization. Audit best practices suggest internal auditors should be involved throughout a project’s life cycle — not just in post-implementation assessments.