Project outcomes – how to support success with effective risk management

Sword GRC Blog

Project outcomes – how to support success with effective risk management

Addressing a diverse audience – one that collectively included those involved in corporate improvement projects, infrastructure and modernization programs, R&D and deconstruction projects in mining and nuclear decommissioning – Sword GRC VP of Operations North Americas, David Emanuel and Solution Consultants, Karl Magnuson and Mike Balut explored why projects fail and perhaps more importantly, the proactive risk management best practice that can help achieve more successful project results.

Here are some of the key takeaways from their ‘Why Projects Fail’ webinar:


KM: The Project Management Institute offers a helpful definition: ‘A project is a temporary endeavor, undertaken to create a unique product, service or result’. A project is temporary, in that it has a defined beginning and end in time, and therefore defined scope and resources. And a project is unique in that it is not a routine operation, but a specific set of operations designed to accomplish a singular goal.


KM: The declaration of project failure can come from many sources, with the most common being the people expecting to benefit, the people who worked on the project and/or the people who are funding the project. Typically, failure is based on one or more of the following criteria: the project, product or outcome either didn’t work as expected; it cost more than expected; took longer to complete than expected, or resulted in personal or environmental harm.

All projects have multiple stakeholders and the measure of success or failure is based on the perceptions of each of the stakeholders – investors, project planning and execution teams and the people who would benefit from the project once complete.

While these are used as criteria of failure, they are often the result of other problems over the course of the project, such as quality issues, poor project planning or oversight, or other risk factors.


  • Underestimation of complexity
  • Underestimation of project duration and budget
  • Changes in requirements
  • Dismissal of advice from experts
  • Scope creep


MB: A survey of IT projects* revealed that 430 out of 813 federally funded IT projects were either poorly planned, poorly performing, or both. We have found that many IT projects across the globe have similar problems. In a joint study conducted by McKinsey & Company and the University of Oxford in which 5400 IT projects, all of which were over $15m were considered, on average the projects ran 45% over budget. That’s $6.7m dollars over budget, per project. Worse still, those projects only delivered 56% of the expected benefits. 918 of the 5400 projects – nearly one in every five – failed so badly that they threatened the very existence of the company.

In Western Europe, a study by Logica Management Consulting and the Economist Intelligence Unit looked at 380 senior executives and found that roughly 35% had abandoned a major project in the last three years.

KM: It certainly does sound like projects designed to reduce costs and improve business processes need more attention to requirements and to technological capabilities or system testing processes.

MB: There are other factors in play too. In some cases, it’s not simply a matter of not wanting to invest money and in some cases, it is a case of not wanting to, particularly when the project’s end goal is to reduce costs. In some cases, it comes down to the motivations of people involved.

KM: Let’s review a number of key drivers that can lead to a project not working as expected, to cost overruns and personal harm. Among these are underestimation of complexity; underestimation of project duration and budget; failure to identify concerns in a timely manner; a lack of willingness to acknowledge concerns; leaving quality inspections to the end of a project and not learning from past project experiences. We need to consider how the causes can be compounded by motivations of stakeholders and decisions made in the alignment of those stakeholder interests.

Could project failures be avoidable with better risk management?

MB: Over the years I’ve had multiple executives tell me that their project failures weren’t surprises – that most of them could have been avoided with more proactive risk management and knowledge gained from lessons learned in past projects, both failures and successes. That’s why traditionally, experienced project managers can be so valuable to organizations.

MB: Let’s consider some of the principles:

Underestimation – of project complexity, duration, budget and requirement changes. This usually occurs when not looking closely at the assumptions made when preparing estimates and not considering the risks that could affect those estimates. We recommend to be sure to document the assumptions related to each area of the estimate, noting risks that could push the estimate higher, as well as opportunities that could reduce that overall cost. It’s important to start this exercise early when building the initial business case for undertaking the project and carrying that process forward through all project stages.

Make sure the assumptions, risk and opportunities are identified during the estimate stage and that they remain visible to all stakeholders, including the end users of the project, the suppliers and contractors and any relevant regulatory entities.

Some changes to requirements can lead to new risks and other changes can be a way of mitigating risks, so anticipate possible areas of requirement changes based on similar types projects from the past and document them in some kind of knowledge base as risks and opportunities, referencing all project stakeholders who will be affected.

It’s also good to make requirements visible in context with the plan of project activities, and any risks or opportunities associated with the requirement. Look beyond just cost and schedule impacts. Use the risk and opportunity to communicate the potential benefits in each relevant impact category – resources, technical performance, quality, customer satisfaction, supply and availability.

Lessons and concerns – timely communication of concerns, lack of willingness to acknowledge concerns, leaving quality inspections to the end of the project and not learning from past project experiences.

As a side note, we at Sword GRC believe that the right tools in your technology ‘toolbelt’ can help you to achieve these goals more effectively and more quickly.

Active Risk Manager can help you:

  • Set the expectation that it’s everyone’s responsibility among all stakeholder groups within the project to identify risks and opportunities
  • Provide streamlined and accessible data collection to support this, enabling everyone to play a role in the risk management process
  • Providing a simple to use, ‘light touch’ data entry interface
  • By tracking all similar projects’ successes, failures, risks and opportunities – including incidents and other notable project outcomes – within a single database
  • By giving risks and opportunities raised the appropriate level of consideration, including escalation or transfer, if necessary, as soon as possible
  • Use techniques such as Bow Tie analysis to identify and analyse risks’ individual and related causes and consequences
  • Apply quantitative impact ratings and statistical analysis techniques to help drive objective decision-making about the treatment strategy and resource prioritization for risk mitigation and opportunity pursuit
  • Gain valuable insights for risk-based decision making
  • Documents lessons learned as they occur

Motivations – project motivations of select stakeholders and decisions made in the alignment with those stakeholder interests, as they can not necessarily be in the best interest of the end users of the project deliverable.

KM: Motivations might well be the most critical driver of project failure and the most difficult to identify and address. For any project where the objective is the reduction of resources, we want to identify risks related to that reduced level of resource from a business process perspective, as well as from the perspective of stakeholders who are relying on that process.

We want to ensure that there are communication channels and risk processes that can expose decisions that are likely to cause harm. We need to be persistent with this.


MB: The 2012 London Olympics was recognized as a success from many perspectives. Financially, a key objective was that there should be a long-term return on investment from the venues that were built from the games.

Key points:

  • A rigorous culture of planning, testing and analysis, over and over
  • Risk management deployed throughout all project phases
  • Keen focus on the health and wellbeing of workers, athletes and spectators

Risk analysis covered all areas possible, for instance construction workers got a free health-check before commencing work on the project. This led to the identification of people with health and nutrition risk factors which were mitigated with free breakfasts at the start of each construction day.

In fact, testing for the London Olympics 2012 has been characterized as ‘The most comprehensive pre-games testing in history. It included staff, venues, spectator simulations, transportation scenarios and even scoring and results systems.

KM: This project really is a great example of how risk management can underpin success.

Learn more about attaining successful project outcomes. The full ‘Why Projects Fail’ webinar is available to view, free of charge, on demand.

See how Sword GRC’s best-in-class risk management software can support projects throughout your organization.

*US Government Accountancy Office