Not Seeing Eye to Eye?

Cutter reports: individuals see risk management software as key to success, don't think their organizations would agree

Arlington, MAJuly 1, 2002In a recent study by Cutter Consortium, the importance of risk management software was measured on an individual level within organizations and compared with the their perception of the importance placed on risk management by their organizations. Not surprisingly, 90% reported thinking it was an importance issue for achieving success, while only 70% believe their organization agrees.

According to the study, 24% of respondents reported that they think their organization believes software risk management is very useful and effective, 46% think that it is somewhat useful or effective, 14% think that it is not very useful or effective, and 16% say that their organization has not yet made a determination about the usefulness of software risk management.

When the respondents were asked whether they, as individuals, see software risk management as being useful or effective, a more positive response was found: 53% believe that it is very useful or effective, 37% think that it is somewhat useful and effective, 4% think that it is not very useful or effective, and 6% haven't made up their minds yet.

Dr. Robert Charette, a Cutter Consortium Fellow and internationally-known risk expert directed the study. Says Charette, "This overriding personal belief in risk management is reinforced by the fact that 90% of our respondents state that managing IT risk is important or very important to them for achieving project success. This indicates that software risk management is seen as being useful and effective to individual members of our survey, but these individuals think that their organizations aren't as convinced of its utility."

Charette explored this perception gap a bit more by asking respondents whether their projects that use software risk management are more successful than those that don't."75% of our respondents believe that software risk management makes their projects more successful than those projects that don't use risk management. A more in-depth look proved that belonging to an organization that practices either formal or informal risk management doesn't seem to make any difference in these views. Yet, the organizational awareness or perception of the usefulness of software risk management, as we see, appears to need convincing," states Charette.

"There's a paradox," Charette explains, "The lower you are in the organization, the less you believe that the organization views risk management as important.  However, senior management does indeed believe that risk management is important in the organization. The problem here is communication.  The people in the lower part of the organization identify risk, but their perception is that upper management doesn't care about it.  The reality is that senior management does want these risks identified and communicated to them, and they also think risk management is very important. But they need to worry about more than just one project's risk, which sometimes makes it appear like they don't care."