RISK is by far another misused term after ROI in IT. It is often used to describe "the probability of the unknown" - maybe I am giving too much credit to the ones who use it! It is also used to make IT decisions most ambiguous. Lastly, it is a great CYA term - "what is the RISK of this decision?" - was never sure what people mean by these statements.
Anyways, let us define RISK in more real-life terms. RISK is the probability of an unknown event that may lead to a LOSS (a non-deterministic behavior or Stochastic process). It is driven by two factors - unknown outcome of a decision - attributed to lack of Information , and randomness of the assumptions used in making a decision - attributed to lack of Statistical rigor in evaluating assumptions used in a decision. We can minimize RISK by minimizing these two factors that drive RISK
IT decisions are mostly centered around investments in new technology and/or in new talent. These are usually to address new business automation needs to accelerate the speed to do business. In this context there are basically two factors that define the value of the business opportunity:
- The "expected" cash-flow arising from the new business opportunity
- The "risk" associated with the business opportunity arising from:
- The impact of "chance" in the decision or randomness in decision-making
- The impact of the "unknown" in the decision - or the impact of "Information Asymmetry" (lack of information) on the decision
Hence, the problem centers around identifying the "unknowns" in the decision so that appropriate steps may be taken to "mitigate" their occurrence because "randomness" cannot be foreseen or mitigated. Rest is up to the "Marketing Einsteins" to forecast the expected cash-flow from the business opportunity. The pursuit to "attempt to know the unknowns" is an oxymoron. The question is how should executives make the decision in the "right" way rather than how to make the "right decision".
Enter IT Finance...
The traditional way to ascertain the value of the IT decision would be to do a Discounted Cash Flow on the current state and compare it against the "expected future state" and then do a NPV (Net Present Value) of the expected net savings to demonstrate the value of the decision. If the NPV is a "large positive number" then it is a good proposition. Subsequently "expected future state" is compared to the "expected revenue forecasts" made by the Marketing Einsteins to demonstrate that it is a great opportunity and they must immediately embark upon it to make the "expected" millions...
A few things are ignored in this type of a valuation - the company's cost of capital is treated as "constant" over the period of the valuation, the expected cash flow is "expected" and the assumptions are all held constant over the duration of the valuation. Once the project is undertaken, new nuances are discovered and the "loss" portion of the project starts creeping in. Managers are blamed, Vendors are chastised, a few senior heads roll and the project is ultimately scrapped ... the death of a "potential" value-creation opportunity. Sometimes proof of concepts are initiated, however very rarely is the outcome taken to re-calibrate the "expected future state" of the project.
However...
IT Capital projects can be broken into small investments each consisting of a "proof-of-concept" or "try-out" phases where the assumptions may be re-visited to re-calibrate the expected future state. In other words, these "proof of concepts" serve as the opportunity to mitigate the Information Asymmetry of the decision leading to reducing that portion of the Risk and re-calibrating the "expected future state" at a lower level of Risk. Using simple simulation models and with the use of simple real-options concept the executives may be able to re-visit their decision at periodic intervals to ensure whether the project is still a "positive return" investment.
In a nutshell...
Remove the Information Asymmetry by giving importance to "proof of concepts" and gathering the data to revisit the financial impact of the project. This reduces the Risk (I can now define Risk as the Standard Deviation of the Net Present Value or the Strategic Value of the project) and provides transparency to IT finance to advise the IT executive to make the right decision at the right time.
Comments