Business Accent

Managing risk in e-commerce projects

Identifying, analysing and tracking risks while implementing e-commerce projects will help keep things under control, says Binoj Koshy.

Technology has moved from Object Oriented Programming (OOP) to Web Services programming, complicating the abstractness of project management. Standardisation, as in the case of Web services is the need of the hour, viz. Simple Object Access Protocol (SOAP)-enabled applications, Hyper Text Transfer Protocol (HTTP) communicability, Universal Business Language (UBL) initiatives etc, thus increasing the vulnerability of basic concepts in distribution designs. This again contributes to the risk factor in e-commerce projects.

Hardware concepts have evolved in terms of technology. This is evident from the evolution of hot swappable to Redundant Array of Independent (or inexpensive) Disks (RAID) to clustering to load balancing, to hot stand-by to disaster recovery sites increasing the redundancy factor. The evaluation of all this has made project management more vulnerable.

Risk in e-commerce

We are aware that e-commerce is not a fad; it is here to stay. E-commerce of one sort or another has been with us for well over a decade, i.e. in its incipient form of electronic funds transfer and electronic data interchange.

Today, it is an organisation’s ability to understand and manage the full spectrum of risk which further bifurcates the boundary between success and failure, more so when all government and private organisations depend, to a large extent, on information technology.

Criticality criteria of e-commerce: The criticality criteria of e-commerce are protection of customer interest, total up-time (obviating down-time), security of payment gateway, credentials during log-in and log-out, protecting the financial position from damage to reputation, setting standards of corporate governance, keeping a record of accountability and avoiding data degradation. Also included are critical appliances partnership and contracts, enhanced credibility, external evaluations and audit, 360-degree management enhancement, business continuity, real-time decision-making, social responsibility, customer decision-making, loop inducting, motivation and need recovery, information search, alternative evaluation, purchase decision and outcomes (ease/purchase/performance/feedback/execution), repeat purchase and brand loyalty need to be addressed.

Risks in e-commerce projects: While risk may be part of business processes, if a business never changes, odds are that the business will not prosper. Companies that do well are the ones which have learned to assess risk and manage it. A project’s survey managers learn how to assess and manage risk. One of the riskiest areas in business has been the development of technology projects, given the imperatives of space, effort, cost and time.

E-commerce projects are risk-prone mainly due to complexity and integration challenges. Business service exchanges, sharing of database, registry and repository have perpetuated risks. Cost over-runs, choosing the wrong solution, implementation problems etc, are also risk factors in e-commerce projects. However, by using risk management procedures, companies learn to balance their risks with desired outcomes, hence making projects successful.

Risk management in e-commerce: Risk is a problem waiting to happen and the goal of risk management is to make this inherently risky process of applications development successful and consistent. A risk management approach is crucial to success in e-commerce; the need is for proactive risk mitigation both in planning and in development. In the development of a new technical system or project, there is a constant need to minimise uncertainty and errors, which accompany an unprecedented endeavour.

A project manager can never manage risks to the point of eliminating them altogether. Only proven methods of risk management and strategic plans can be used to draw up and identify or monitor, and thus, mitigate risks.

Phasing of projects: A common risk is to try to attempt to run a monolithic e-business project, which is based on immediate and complete turnkey movement. Instead of training to go from no e-business into integrating everything, one can think of implementation in a phased manner. It is often seen that the risk factor is less in a phased project. Many consultants advocate the phasing of a project. By doing this, every process participation is more clearly focussed. The first phase should deliver a clear, concise goal within a short time frame and be of high business value.

Throwing some light on the dependency factor, we see that different parts of the system escalate exponentially in the course of the project. The customer usually learns a lot about e-business in the first phase, enabling smoother secondary phases.

Broad guidelines

A framework to assess, manage and plan risk involves identification, analysis, envisaging consequences, planning, tracking and control.

The broad guidelines may or may not follow a sequential pattern as given above. However, the individual components are explained below.

• Identify risk: Risk is assessed at all the stages of a project; it can be attributed to factors such as non-executive support or users’ resistance to change. In such a case, the project team should be proactive and not reactive, as the risk may reach a threshold and might be uncontrollable.
• Analyse risk: The way to go about it is to analyse, prioritise and communicate risk so that the project team and the user are aware, and an alternative or contingency can be implemented.
• Envisage consequences: It is easier said than done, it is here that most project leaders or even team members forget about this factor. Forethought and perceptual thinking will help in evaluating the future of a particular risk factor.
• Plan for risk: All the three factors mentioned above obviate the requirement of planning, which can be classified into immediate, urgent and essential based on the degree of risk—high, medium and low respectively.
• Track risk: We generally tend to ignore the importance of tracking risk, documentation is also another tool that helps in tracking.
• Controlling risk: Risk management works hand-in-hand with project management processes, controlling risk is not at all difficult if a systematic approach is taken with sequential preparation and plans.

The most important aspect to mention in risk management is that, it is not done once, but requires scheduled periods along the way to ensure that there is a constant re-evaluation of the risk. Risk management needs to be an ongoing process to be successful. If you don’t keep up the pressure, the risks will always win. Hence, it is a ‘go-go’ situation and not a ‘no-no’, ‘no-go’ or a ‘slow-go’ situation.

Albeit abstract, but vital and broadly defined at this stage is the need to allow for an open array of options. This is very important. There is a need to classify and re-configure the classification of risk management in e-commerce projects. Most consultants suggest an agile risk management strategy along with a risk management organisation/nucleus. On the basis of identified risks, one can classify risks into technical risks (more of direct concern) and business-related risks (direct/indirect concern).

From another perspective, we see managing risk in e-commerce and projects under two holistic heads, ‘physical aspects’ and ‘psychological aspects

Physical aspects: The physical aspects include risk management planning, plan verification, risk forethought, scope of risk management organisation, risk identification, qualitative and quantitative analysis, proposal planning and monitoring and control.

Psychological aspects: The psychological aspects are as follows: -

• Impulsive decisions: Impulse-driven decisions during the course of the project will increase risk in e-commerce projects.
• Result psychosis: The need to attain results is influential in the decision-making process during the course of planning, development and implementation.
• Zero error syndrome: Project managers tend to lose faith in their subordinates or fear that the assigned task may not be accomplished with the desired quality or time frame. Further, the project manager may end up accumulating risk in the course of the project.

Risk assessment

Risk management can be simplified as risk assessment plus risk mitigation. Risk assessment is as important as mitigation. What we do is take the risks that are discovered in step one and give them a designation of high, medium or low risk. Further one needs to think and quantify about each risk’s possible overall impact.

Project management is a continuous process; hence laxity in risk management will culminate in losses. We can coin a term Daily Loss Expectancy(DLE) that can be evaluated on a day-to-day basis. This helps in quantifying losses in terms of mis-management of risks.

Daily Loss Expectancy (DLE) = Likelihood of failure(L)/failure mitigation possibility (M)

-Both the variables are quantified in percentage.
-DLE ranges between 1 and 9.
-The ideal value of DLE is 1.
-If 3>=DLE>1, then DLE is low.
-If 6>=DLE>3, then DLE is medium.
-If 9>=DLE>6, then DLE is high.
-If DLE<1, then the evaluation is not realistic.

Selecting the right people will reduce risk manageability issues. The ability of selecting the most suitable project manager is a major factor that affects management of risk in e-commerce projects, mitigating risk calls for unconventional ways of planning and execution.

The author is Assistant General Manager (EDP), Canteen Stores Department. He can be reached at agmedp@csdindia.com