Risk Management in ITSM Projects

Risk Management in ITSM Projects

ITSM Projects are tough – Plan to succeed!

IT projects do not have a great track record of success relative to their promised goals and objectives. Various studies on IT project success published by the Standish Group, KPMG or Robbins-Gioia all conclude that the likelihood of IT projects delivering on their promised value proposition is no higher than 54%. This roughly 50/50 chance of success or failure has not done IT any favours in helping to build credibility with the business or our ability to deliver on promises made.

At Pink Elephant our experience shows us that IT Service Management (ITSM) projects fail at ever higher rates primarily due to their dependency on organisational and behavioural change. The actual tangible side of creating deliverables and configuring a service management tool is the easy part. The primary risk to ITIL® project success is the political ability to deploy the process and policy changes across the fragmented IT towers and technology silos. Without the ability to make real change happen the project returns almost no value and the money spent on process design and tools is a wasted investment. To avoid this trend we need more than our best intentions.

The following lessons learned from failed projects can help us open our minds to managing risks and planning to succeed rather than become yet another statistic:

  • An ITSM/ITIL project requires process implementation and significant cultural and behavioural change
  • Many organisations have pursued process implementation and/or change projects (ITIL or other) that have failed in achieving key objectives
  • Most failed process projects reveal clear, early warning signs that the project was at risk but these signs were missed, ignored or not managed
  • Risks must be identified and managed for the duration of the project and within the wider context of organisational and behavioural change

The objective of this blog is to move beyond typical Project Management risks that we are familiar with and to get to the heart of the issues that cause many ITIL project to fail.

ITSM Risk Management and ITSM Projects

Why Risk Management for ITSM projects? In this world there are four kinds of people:

  1. Those who make things happen
  2. Those who watch things happen
  3. Those who have things happen to them
  4. Those who wonder what happened

As you read this quote you can probably relate with each one of these scenarios from some point of your IT career. You have now been asked to lead or play a part in an ITSM project and you know that there are many risks that can derail the project and perhaps even your career. You have a choice to bury your head in the sand or to take some level of control over your destiny by actively identifying and managing the risks that will most assuredly place obstacles to success in your path.

The goal of this blog is to help you plan to succeed by being the person who makes things happen. Risk Management, as a project control, is not new to most people. If you have ever been part of any major IT project you will probably be familiar with the process of Risk Management where, as a project team, you are asked to participate in a brainstorming session where you offered your valued opinion about all the potential issues that could arise as part of the project.

The project manager having this initial source of information begins a process by which he or she continually manages the risk by the following simple but effective series of activities that represent the circular process of Risk Management.

A Risk Management process includes:

  1. Identifying risks that may occur throughout the program’s lifecycle (including post-deployment).
  2. Assessing / Ranking these risks to ascertain the probability of these risks occurring and the potential impact to the program if they do occur.
  3. Planning a mitigation strategy to deal with the higher impact, higher probability risks.
  4. Implementing the mitigation strategies and actions identified as necessary to project success.
  5. Managing / Communicating the risks throughout the improvement program and on-going operations to increase the chances for program success.

ITSM Risk ManagementReproduced under license from AXELOS. Based on Figure 4.1 Management of Risk: Guidance for Practitioners

The Unique Challenges Of ITSM Projects

While Risk Management as a process is understood by most people, the true issue is that classic project risk criteria focus primarily on the concepts of on time, on budget and with quality. Each of these key elements is vitally important to project success; however, what our experience has taught us is that if an ITSM project is on the road to failure these classic elements are likely to not be the most dangerous issues that need management.

Most ITSM projects fail due to people issues related to culture, organisational design, interdepartmental politics, lack of knowledge, soft stuff, etc. You have probably heard of the sacred three-legged stool mantra of service management: People, Process & Technology

This model is inherently flawed in that these legs are nowhere near balanced when it comes to effort/risk for ITSM projects. In reality, the saying should be People, People, People!

Process & Technology You can buy process! (In fact, we will sell you some) You can buy technology and tools! (You will have to go somewhere else for this one) But you cannot buy the hearts and loyalty of people. (Bribes don’t count – or last!)

So from this perspective, it is important to look at the Management of Risk Methodology which extends the concept of Risk Management beyond the classic project concerns the critical areas of Strategic and Operational Risk Management.

The M_o_R model is ideal for ITSM projects in that it focuses the risk identification process beyond the program and project risk to also consider strategic and operational risks, which from Pink’s experience represent the area of most common sources of project failure.

Reproduced under license from AXELOS.
Based on Figure 6.1 Management of Risk: Guidance for Practitioner

Based on this experience Pink Elephant has developed its PinkREADY ™ Change Readiness and Risk Identification methodology and toolset – a list and explanation of the 22 Critical Success Factors (CSFs) identified as critical for successful ITSM projects. The total absence or immaturity of any one of these 22 factors could potentially derail your ITSM project and cause your initiative to be yet another statistic.

This Blog is an Extract from a white paper” Managing Risks On ITSM Projects ITSM Projects Are Tough – PLAN TO SUCCEED!” By Troy DuMoulin VP, Research and Development Pink Elephant.

Related Articles


We have a number of exciting opportunities to join our growing team. If you are looking for a company where career-minded professionals can achieve success while bringing their best self and qualities to work each day, Pink Elephant may be the company for you!

Find your role.