Risk Assessment | Business Intelligence Roadmap: The Complete Project Lifecycle for Decision-Support Applications

Risks are factors or conditions that may jeopardize a project. Risks should be assessed for the following six major variables :

The technology used for implementing the project
The complexity of the capabilities and processes to be implemented
The integration of various components and of data
The organization and its financial and moral support
The project team staff's skills, attitudes, and commitment levels
The financial investment in terms of ROI

Table 1.1 depicts a basic risk assessment matrix for these six variables, using the colors of a traffic light to indicate the severity of the risk:

Green = low risk ”go ahead with the project

Yellow = medium risk ”caution, proceed slowly

Red = high risk ”stop, reevaluate before proceeding

Each organization should develop its own appropriate variables and risk conditions for analyzing the risks most likely to impact its BI project. In developing that detailed risk assessment matrix for your organization, expand on the questions listed below.

Technology risk

- How mature are the selected technologies within the marketplace ?

- How mature are the selected technologies within the organization?

- How many different technologies will co-exist?

- Do we have incompatible operating systems?

- Do we have incompatible database management systems (DBMSs)?

Table 1.1. Basic Risk Assessment Matrix

	Level of Risk
Variable	Green (Low)	Yellow (Medium)	Red (High)
Technology	Experienced with mature technology	Minimal experience with technology	New technology, little experience
Complexity	Simple, minimal workflow impact	Moderate, some workflow impact	Mission critical, will require extensive reengineering
Integration	Stand-alone, no integration	Limited integration required	Extensive integration required
Organization	Solid internal support	Supportive to a large extent	Little internal support
Project team	Business experience, business-driven, talented, great attitude	Some business experience, business-driven, talented, fair attitude	No business experience, only technology-driven, limited talent, bad attitude
Financial Investment	Possible ROI within a very short time	Possible ROI within a moderate time frame	Possible ROI after a few years

Complexity risk

- How complex is the overall IT environment?

- How complex is the BI application itself?

- How extensively will workflow have to change? Will it have to be completely reengineered?

- How many sites will be supported?

- What is the degree of distribution of data, processes, and controls?
Integration risk

- How many interfaces will the BI application have?

- Are there external interfaces?

- How much source data redundancy exists?

- Can the primary keys from various data sources be matched?

- Do we have incompatible standards? No standards?

- Do we have "orphan" records as a result of referential integrity problems?
Organization risk

- How much risk will business management tolerate ?

- How much risk will IT management tolerate?

- How much financial and moral support can we expect when the project encounters hurdles?
Project team risk

- How much experience does the team have with successful implementations of BI applications?

- How broadly based is that experience?

- How well balanced is the team?

- How is team morale ?

- How likely is it that we may lose one or more team members ?

- Do our team members' skills cover all the basic disciplines?

- Will the business representative be an active player?

- How strong is the project manager?
Financial investment risk

- How fast can ROI be expected?

- How likely is it that the costs will outweigh the benefits?

- Can financial risk be mitigated by using only proven technologies?

The combination of high complexity and greater integration often results in a higher risk of failure to the organization.

Expand each of these risk categories with organization-specific detailed variables and detailed conditions for each of the three severity rankings (low, medium, high). Table 1.2 shows an example of a detailed risk assessment matrix taken from a case study.

The managers for the organization in this case study listed the detailed risk variables. Then for each variable, they described the conditions for each of the three risk severity rankings. For example, in the category for business workflow support:

Low risk = Supports business workflow seamlessly
Medium risk = Requires some manual intervention
High risk = Requires significant manual intervention

Table 1.2. Case Study: A Detailed Risk Assessment Matrix

	Level of Risk
Variable	Green (Low)	Yellow (Medium)	Red (High)
Project requirements: ad hoc reporting	Supports every critical ad hoc reporting requirement	Supports most critical ad hoc reporting requirements	Fails to support critical ad hoc reporting requirements
Project requirements: AS/400	Supports every key business requirement	Supports most key business requirements	Fails to support key business requirements
Business workflow support	Supports business workflow seamlessly	Requires some manual intervention	Requires significant manual intervention
Architecture evaluation	Well-architected application	Existence of some architectural issues	Poorly architected application
Extensibility into subsequent releases	Fully extensible into subsequent releases	Extensible for most requirements	Not extensible into subsequent releases
Logical data model: completeness	All information requirements met	Most information requirements documented	Significantly mis-sing information requirements
Logical data model: extensibility	Fully extensible	Some extensibility issues	Not extensible
Meta data (business and technical)	Complete and easily maintainable	Incomplete or not easily maintainable	Not incorporated
Physical data model: completeness	Complete and tuned	Complete but not tuned	Incomplete, cannot be evaluated
Physical data model: extensibility for new product types	Fully extensible for new product types	Limited product type extensibility	Incomplete, cannot be evaluated
Physical data model: source system feeds	Acceptable design support for source systems	Performance or timing concerns	Incomplete, cannot be evaluate
Interfaces (external and internal)	Supports external and internal interfaces	Limited support for external and internal interfaces	Poor support for external and internal interfaces
Analysis dimensions and measures: adding new product lines	Easy to add	Can be added, but requires significant cube reconstruction	Cannot be evaluated at the current time
Analysis dimensions and measures: adding new tools for data analysis	Proposed cubes and set of dimensions sufficient to support the business analysts	Proposed cubes and set of dimensions provide minimum sufficiency	Proposed cubes and set of dimensions insufficient
Use of meta data repository	Fully developed	Limited meta data support	No meta data support
Loading of the BI target databases	Load procedures established and perform well	Load procedures poorly documented or perform poorly	Load procedures not developed, cannot be evaluated
Physical database issues	Effective and efficient physical database design	Minor issues with physical database design	Physical database design incomplete, cannot be evaluated
Performance issues	Conforms to stated performance requirements	Some performance issues	Cannot be evaluated at this time
Systems management issues: maintenance	Support procedures well established and documented	Limited support documentation	No support procedures
Support issues	Backup and disaster recovery procedures developed and installed	Backup and disaster recovery procedures developed but not installed	No thought given to backup and disaster recovery procedures
Security implementation	Satisfies application needs and is easy to maintain	Difficult to maintain	Security design incomplete, cannot be evaluated

The managers then selected the applicable risk severity ranking for each variable by highlighting the description that most accurately portrayed the condition of their BI project using the colors green, yellow, and red. Out of 21 variables, they rated only two variables low risk, six variables medium risk, and thirteen variables high risk. The managers decided that the overall risk for this BI project was high.

Having a realistic assessment of the severity of potential risks will help the project team create realistic estimates and expectations for the BI project. Conversely, unidentified and unmanaged risks can result in project failure or even jeopardize the entire BI initiative.