Five reasons projects fail - and what risk managers need do about them

When you look at or analyse a portfolio of projects, this often shows that many projects fail to meet deadlines as well as other targets.

One industry I was in contact with, have just had a good and prosperous year as “only” 53 per cent of their projects were more than 10 per cent over time and budget.

I could not help wondering how much value would be created for the involved companies if that figure was eg. 20 per cent or just 5 per cent.

Working with a range of different projects over several years, I have found five common reasons projects fail.

The bad news is that these are not new, yet they prevail to this day.

The good news is, that organisations can opt to leverage their risk management teams and rectify/improve on these without having to “bend over backwards” to improve performance.

1) The desired achievement is not defined

In many projects, the target is defined based on “do something”, rather than achieve something. A classic example is: “to install IT system X by Y within a budget of Z”.

Now, this may be a perfectly good idea, but unless you are an IT systems company, this is not a target in its own right.

There is a reason you want the IT system… and that reason may be the achievement, so your target will be something like: “we wish to reduce costs of process P by Qper cent by installing system X by Y at the cost of Z”.

2) Risk management is risk focused

Whatever actions are taken on managing risks are focused on managing risks – without any considerations as to how that may impact the overall project or business performance.

When that happens, some risks may appear very important, and a lot of effort and resources are spent on minimising these – despite the fact, that even if they materialise, they will not have any significant impact on project/business performance.

I have seen numerous times, that project deadlines were set and rigorously adhered to, in some cases by reducing scope/value of the project – and where the business impact of a delayed implementation was miniscule.

That said, I have also witnessed projects, where delivery on time was absolutely pivotal, and even 100 per cent budget overruns was accepted to avoid 10 weeks of delay.

3) Risks are not adequately identified

This goes for risks irrespective of whether their impact on project/ business performance is negative or positive – you may say it covers uncertainties, risks and opportunities alike.

The identification tends to be based on tunnel vision, not considering the “business system” of whatever the project addresses.

Some of these may be truly irrelevant to any one project – yet, use this as a check-list and be open-minded.

4) Distributions are skewed

When analysing/assessing each risk – qualitative assessments such as high/medium/low or minor/significant/catastrophic are often used. These are essentially useless as they do not help any decision making or handling.

Furthermore, most risks are traditionally quantified using a single point estimate. “If risk A materialises, it will have an impact of B” – well, yes or something less – or more likely, something more.

Single point estimates do have a ring of authenticity around them, but they are not much more valuable than a qualitative assessment.

The problem is, that if you assume a risk has an impact of 100, you inherently assume the distribution around this is bell-shaped whereby the average outcome will be 100, and also assume the likelihood of 50 is as high as that of 150.

Unfortunately, this is not true in real life, where impact distributions are skewed, and more look like this curve, where:

• The most likely value is smaller than the median (50/50 case).
• The average impact is higher than than the median
• The 10% worst case, which does happen from time to time, is much larger – often more than twice the most likely value

If you are in charge of managing a project, and just one risk materialises with an impact more than twice what you expected – you are suddenly unlikely to meet your target.

5) Performance exposure is not calculated

Traditional, and alas still common, risk management is showing/reporting their outcomes in terms of risk matrices or heatmaps which “count” the number of red/amber/green risks.

These are useless on a good day, and have been demonstrated to be dangerous on a bad day.

Even the best derived risk matric/heatmap will not tell you or management anything about whether or not you will meet your targets – which is probably the reason so few managers are truly interested in risk management. It does not help them in their decision making and management.

Risk management is NOT about managing risks, but ALL about enhancing performance and thereby meeting (or exceeding) targets.

This means, that we do need to take risks, but also, that this must be done intelligently. Please note, that this means we take mitigating actions as deliberate means to enhance expected project/business performance, not as a means to manage risks.