Risk Mitigation

By Graham Jones

“Risk concerns the deviation of one or more results of one or more future events from their expected value. Technically, the value of those results may be positive or negative. However, general usage tends to focus only on potential harm that may arise from a future event, which may accrue either from incurring a cost (‘downside risk’) or by failing to attain some benefit (‘upside risk’)”.  We are exposed to “risks” and exercise “risk mitigation” every day of our lives albeit most of the time without it being uppermost in our minds. We employ “risk mitigation” to protect our physical, mental, emotional and financial health, in other words the lower 3 levels of Maslow’s hierarchy of needs. Life is a complex “project” and without some kind of plan and maintenance attention it will definitely fail to come in “on time, on budget and at the desired quality”.

Like it or not our lives are anchored around financial stability and material expectations have risen dramatically. The luxuries of the past have become the “apparent” necessities of today with the attendant pressures to successfully compete. If we are astute we employ ongoing education and varied work experience as a strategy to compete. We cannot remain “static” in an increasingly “dynamic” world and expect to maintain or advance either our financial or career goals. This is never more true than in IT  where the pace of change is, if anything, accelerating. As individuals it is difficult to picture exactly what employment challenges might exist in  5 to 10 years time. What I do know is that it is smart to do what you can to hedge against potential unemployment or stalling of your career. In other words, it is prudent to employ career “risk mitigation”. Check out the blogs on SWOT Analysis for some help on self-assessment and The Future of IT:BAIT for what the industry will expect in the way of skills in the future, both by Stephen Ibaraki.

As individuals “risk” has two sides. We can be exposed to risk and also be the creators of risk for others. What about “risk” in the workplace and to the general public? The general public has a reasonable expectation that companies and their employees will exercise good practice in carrying out their work. We can only hope that individuals see the importance as part of protecting their careers and companies in terms of protecting the business. Regrettably this isn’t always the case. Personal gain at the expense of others can be a temptation to cut corners and thus take “risk”. When “risk” is out of control we have “incidents” or “events”. “Incidents” occur when a unique combination of circumstances come together. It may only ever occur once or multiple times. Typically if one element is missing then we have a “near miss”. Life is full of “near misses”, both good and bad, many of which pass us by without our knowledge. It is the personal or collective “knowledge” and “insight” that we gain from the analysis of “incidents” and “near misses” that we call “experience”. Fail to learn and we are doomed to repeat a “poor” experience! Technical knowledge combined with experience forms the basis of a “Body of Knowledge”, “standards”, “guidelines” and  “procedures” which are an essential component of a practical “professional framework”. Unfortunately despite the existence of the best “current” material we still have “incidents”. Why? The answer is very simple “because of people”! The competency and behaviour of people is always the hardest to predict and control, and thus is always problematic in risk mitigation.

So what does all of this have to do with “Professional Certification”? Quite simply we must have the best educated and trained people and for them to have ready access to the best materials if we are to effectively mitigate “risk”. But do we need something like IP3P or possibly a range of recognized professional certifications in IT to manage “risk”? Many would argue not. They cannot “picture” their working environment changing to that extent. However, there is a very important component that I have not yet touched upon and that is “ethical behaviour”, ie. an obligation to follow and uphold “best practice”. Most people would be affronted by the suggestion that they may not behave in an “ethical” manner at all times but they may not have faced circumstances where that might be tested. Can we all say with absolute certainty that we would not be “tempted” to take risks for personal gain or to accede to applied or implied pressure from above in a company or turn a blind eye when we see others doing such? In many “incidents” it is very likely that there was at least implied pressure from above. Who is going to readily risk their jobs by boldly saying “I won’t do it. It is too risky!”.  It isn’t that simple! I have been there and it felt most uncomfortable but I stood my ground. It certainly didn’t make me universally popular! You either believe in the principles of Professional conduct or you don’t. You can’t pick and choose to suit yourself which is why there has to be provision within a Professionalism framework to censure when people transgress. Ethical behaviour by all involved from the top down should be expected but regrettably isn’t always there. Those in the highest authority are “playing with our lives”, witness the recent financial institutions debacle. It is easy for those of us who have spent most of our careers as “Professionals” in some industry to say “come on in the water is fine” but Professional status rightly implies “responsibility with accountability” which unfortunately can also bring legal “liability” which definitely doesn’t make some people feel totally comfortable.

At the recent World Computing Congress [WCC] in Brisbane, Stephen Ibaraki [IP3 Senior Vice-President Strategic Relations] hosted a panel discussion on “IT Professional Certification – what does industry want and why?”. There was a question from the audience along the lines of “when do you see corporations using IP3P as part of their hiring policy and internal professional development?”. There has to be a clear incentive or value proposition for both business and the individual. What happened with Project Management [PM] and the Project Management Professional [PMP] certification might be instructive. Project failures are all too common. It is by no means unique to the IT industry but the record there is certainly less than stellar. Some more enlightened companies started to advertize PM job vacancies with “PMP desired”. Why the change? It isn’t as if they were particularly narrowing their hiring options but they might just gain by incorporating recognized expertise into the organization.  Isn’t this about “risk mitigation” as part of the hiring process for a company. Each new fairly senior employee is a big investment with the aim of a certain ROI? Eventually “desired” moved to “required”, certainly for the more senior positions, when the benefits started to become obvious. The Project Management Institute [PMI] was formed in 1962 but it is only over approximately the past 15 years that the membership and the number of people studying for the PMP has climbed rapidly. Individuals are now practicing career “risk mitigation” because it has become essential to have the PMP for a successful PM career! So now we have a symbiosis where both companies and individuals benefit, and ultimately society in turn. The overall “standard” has been raised, and must continue to be raised, and that has to be an important part of the aims of “Professionalism”.

We may have raised the PM standard with the PMP but we also need the best “tools” to bring about a positive result and the most important tool is “people”. Why would we not want the people “tool” also to be the best possible? My hope is that when companies see the same picture wrt to Professionalism in IT  that we will begin to see the same symbiotic tipping point. The “task” is to get the more insightful and open-minded decision makers on board by showing them the business benefits. Eventually companies will encourage and assist their employees to pursue Professional status for 2 reasons, as has happened with the PMP. Firstly, to improve the company’s “intellectual capital” as judged against a recognized standard, and thus their effectiveness as a business, and secondly because it can be great marketing to say that you have X “Professionals” on staff once a wider knowledge exists about what that means.

Whilst “Professionalism” plays an important role in “risk mitigation” for the individual, business and the general public it would be a gross misrepresentation to see it entirely that way. “Professionalism” is just as much about Esteem and Self Actualization, the top 2 levels of Maslow’s hierarchy of needs. I have certainly realized that over my career and it makes you look at things differently. There is pride in your chosen Profession, you work to “educate” others in the widest sense, you are respected, you strive to improve the standards by which the Profession is judged and with luck you may make a contribution that leaves some kind of lasting legacy. The more people who feel and behave that way the better it will be for all.

 

1 Vote

0 Comments

Add Comment


    • >:o
    • :-[
    • :'(
    • :-(
    • :-D
    • :-*
    • :-)
    • :P
    • :\
    • 8-)
    • ;-)



    Click to get a new image.

    You can subscribe to the IT Professionalism Debate blogs through an RSS feed.

    Poll

    Do you feel professionalism in IT is important?

    Member Login