- How does this proposed project help the organization achieve its objectives? Why should we invest in this? An IT project should either add value or reduce risk.
- Is the project’s objective measurable? If it isn’t, how will you know that the project is done and/or successful?
- Who was involved with creating the proposed solution? Did the project team involve the right people to truly create a solution?
- Is this project dependent on any other projects? What risks are associated with this dependency and how will the team manage them? Sometimes a hidden dependency can doom a project before it has even started.
- Did finance review the money side? Do they approve of the project?
- What are the risks associated with this project? Any project carries with it some degree of risk. Did the project team formally consider all of the risks and come up with mitigating controls in alignment with the organization’s risk appetite?
- What if this project fails? This key question should be part of the above-mentioned risk management plan. Should this project fail, will the firm be none-the-worse-for-wear, worse off, better off, or some combination thereof?
- Who reviewed the technical aspects of the proposal for issues like standardization, capacity and database design? Did they approve? The goal is to avoid surprises, such as finding out that a project in one area requires resources that are constrained in another.
- Who reviewed the process aspects? Did they approve? For a successful outcome, any project must assess the impacts not just on technology, but also on people and processes. Can the organization support any changes?
- Who reviewed the human, or HR, aspects? Did they approve? Again, successful projects rely on people, processes and technology. Can the people support the project? Do they have the right skills? Will there be a political impediment?
- Who reviewed the project plan? At the heart of all this is sound project management. A formal plan should exist following a methodology approved by the organization.
- Who reviewed the IT security aspects? All too often, security is brought in at the end of the project. IT security should be involved from the start to identify any risks that need to be addressed.
- Did the sponsor and stakeholders formally approve the project? For the sake of accountability, require that the project sponsor and stakeholders sign off on the project. This is to ensure that the objectives, requirements, risks and expenses are clearly understood. This is done to avoid the useless blame-game that happens when problems arise. It also will send a clear message that proper planning, communication and demonstrable results are mandatory.
Learning to Ask IT the Right Questions
by George Spafford
Subject: IT Questions