Corporate IT is a risky business. That's not new, but it's truer now than ever before. Nothing is guaranteed. Uncertainty is inevitable. Technology, business conditions and strategic requirements change constantly. You can never know in advance whether you really understand what users and the business need or whether technology can deliver it. And, oh yes, there really are people gunning for you.
That's a high-risk environment by anyone's definition. And with the risks -- and the stakes -- so high, it's important to remember what your top priority has to be: staying sane.
What, you thought your top priority should be managing those risks, or minimizing them, or even making them go away? Those are important goals. But they have to be secondary. This isn't the risk-avoidance department. It's the IT department. This is where technology is put to use making the business more efficient and effective, remember?
If you forgot that for a moment, don't feel bad. Risk distorts our perceptions of reality. So do unavoidable uncertainty and adversarial politics. Threats and problems loom larger than they really should. Mundane matters like doing business and keeping the machines humming shrink from view.
But if you can't see clearly, you won't make sensible decisions. What you do won't be sane. And the results you get will show it.
And the bigger the budgets get, the more bet-the-business the projects are, the more likely it is that you'll slip into that trap -- and the more costly your mistakes will be.
You can't afford that kind of misstep these days. In the face of risk, you have to stay connected to the realities of IT and your business.
You have to stay sane.
How do you do that? You make plans. And measure performance. And maintain perspective.
Why make plans? Because plans keep you tied to reality. They force you to balance costs and benefits, risks and payback. They drag the dangers out in the open and stand them right next to the rewards you'll get for successfully executing the plans.
Sure, you should take risks into account in every plan you make. And as risks change, you should revisit your plans to make sure the risk/reward calculations you made are still in balance. But a good planning process helps to keep you from reacting just to risk -- and sliding out of reality.
Why measure performance? Because that's how you test your plans against reality. You have metrics. Now's the time to make sure they measure things you really need to know. You want projects whose success will silence your critics. You want operations that keep the business humming -- and keep risks to the business low. Measure to match those goals.
Don't make a few metrics the goal of your department, or you'll discover that misused metrics can distort your perceptions even more than risks can. But used properly, metrics, like plans, can keep you tied to reality.
Why maintain perspective? That is, why put extra effort into maintaining it? Because that's the first thing you'll lose as risks heat up. If you're constantly putting out fires -- or guarding against potential fires -- you can't see the context. That means you can't take care of business.
And your best tool for keeping the big picture in sharp focus is still the collection of people around you -- your bosses, your peers, your users, your IT people. You know which ones you can trust. Test your perceptions of risk with them. They'll help you spot which ones are overblown and which ones you're underestimating. They'll help you stay sane.
Yes, IT is risky. And those risks matter, because every serious IT risk is also a risk for your business. But if you let the risks capture too much of your attention, you won't be managing those risks. The risks will start to manage you.
And that's the riskiest business of all.