Risk Management in IT Projects

Risk Management in IT Projects

Risk Management in IT Projects

All major IT-based software projects come with some degree of risk. The question, then, that needs to be answered is: In what way should executives step up and confront these issues before they become a major concern?

While many of these projects may have a tendency to go a bit beyond their bounds, marginally overstepping cost projections and deadlines, there is also the potential for such projects to become much larger problems, consuming vast amounts of time and money with little to no return on investment. This is where it is necessary for risk management to be able to forecast such issues, so that you can either correct the problem or terminate the project entirely. Perhaps the best way of managing such problems is through the implementation of risk-mitigation strategies.

One of the most frequent factors in IT projects that become problematic, are IT officers who simply failed to realize the severity of an issue until the project had spiraled out of control. This can be a simple matter of lacking the essential project management knowledge, such as issues of foresight, strategy and planning, to be able to properly oversee and orchestrate a project with the necessary degree of efficiency. Fortunately, this is an easy enough problem to correct given a set of simple guidelines for these managers to follow.

No intelligent engineer would ever use a sink-or-swim method for testing anything they built, as this is a sure way to meet with disaster. Similarly, this method should never be used in the development of IT projects wherein the resulting failure could bring about serious compliance risks and losses to the organization.

Instead, implement a simple structure to help coordinate and guide your efforts, following a “design, test, build” guideline that should always be used in larger, riskier projects. This means that, rather than charging headlong into a project and then rushing the resulting product into use, you must first take the time to carefully plan and design each step of a project, taking into account all possible issues and risks, and adjusting for them before developing the product. This will easily reduce the number of errors that turn up in the finished product.

Also, before a completed project is put into use, it should be carefully tested, modified where needed, and tested again, repeating this process until all potential risks have been repaired. While this may take time and money, it is a far lesser evil than the time and cost it will take to repair these issues in the future, once the project has proven itself inefficient and/or detrimental to the organization.

Another key factor not to be overlooked in effective project development is communication. This cannot be stressed enough. In order for any project to be carried out successfully, all those employees working on the project must be in constant communication with one another, sharing ideas and information, problems, and concerns. This allows for a pooling of information that will help guide the overall progress of a project, streamlining its development and testing in order to ensure a successful outcome.


About the Author

Scott Cox is a writer for Conselium Executive Search.

About the Author


Job description

Listing Info Summary: The Compliance Director is responsible for ensuring, under the direction of the Chief Compliance Officer (CCO), that NORCAL Group remains in compliance with all applicable legal and regulatory requirements, its Code of Conduct, and other internal policies, by overseeing the identification of such requirements and the design and implementation of an appropriate framework of internal processes, controls, and procedures company-wide to address such requirements. Monitors which compliance functions are best accomplished on a distributed basis within the business units. Partners with business unit leaders to develop, document, and update the processes for these distributed compliance functions in a manner designed to optimize both compliance and efficiency in terms of the required staff resources and tools. Maintains appropriate oversight over the efficacy of the distributed compliance functions. Implements all necessary actions to ensure achievement of the objectives of an effective compliance program. Essential Functions: Individual must be able to perform each essential duty satisfactorily. The essential functions listed below are representative of the knowledge, skill, and/or ability required with or without reasonable accommodation.
  • Manages day-to-day operation of the compliance program.
  • Identifies the laws and regulations applicable to the NORCAL Group of companies and develops/implements a system for receiving appropriate updates. Evaluates and selects appropriate software tools to facilitate same. Oversees appropriate internal dissemination of regulatory and legal compliance developments throughout NORCAL Group.
  • Determines appropriate ownership, either within Compliance or within the business/operations units for identified compliance needs and ensures that systems and processes are embedded within such units to ensure compliance. Works with business units to document required compliance processes, ensuring needed resources to administer processes are identified. Develops appropriate systems to track and report on required compliance activities, including evaluation and selection of appropriate software to track filing deadlines and issue reminders of upcoming filing requirements.
  • Facilitates role of Chief Compliance Officer as single point of contact company-wide for communication with regulators, manages NORCAL Group company relationships with various state insurance departments and other regulatory bureaus/entities, and coordinates mid-level regulatory contacts handled directly by the business units.
  • Periodically reviews and updates the Code of Conduct to ensure continuing appropriateness and relevance in providing guidance to management and employees.
  • Collaborates with other departments to direct compliance issues to appropriate existing channels for investigation and resolution.
  • Consults with legal staff as appropriate to resolve difficult legal compliance issues.
  • Responds to alleged violations of rules, regulations, policies, procedures, and Code of Conduct provisions by evaluating or recommending the initiation of investigative procedures. Develops and oversees a system for uniform handling of such violations.
  • Monitors, and as necessary, coordinates compliance activities of other departments to remain abreast of the status of all compliance activities and to identify trends.
  • Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future.
  • Institutes and maintains an effective compliance communication program for the organization, including promoting (a) the use of EthicsPoint, (b) a heightened awareness of the Code of Conduct, and (c) awareness and understanding of existing, new, and emerging compliance issues.
  • Works with the Human Resources Department and others as appropriate to develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers.
  • Supervises the activities of the Compliance unit in support of compliance activities for NORCAL Group.
  • Attends compliance organization seminars and conferences as appropriate and approved by CCO for purposes of remaining well informed concerning best practices and legal/regulatory developments relevant to the insurance industry.
  • Assists CCO with preparation for board/committee meetings.
  • Oversees the development and maintenance of an appropriate filing system in support of the foregoing.
Fiscal Responsibilities: Reviews and approves compliance staff expense reports consistent with company guidelines. Supervisory Responsibilities: Supervises compliance staff; Works with staff on professional development plans and opportunities; Interacts frequently with staff to provide feedback on performance; Consults with CCO and Human Resources as appropriate. Expenses: Employees must be able to pay for certain business expenses in advance. Examples include such items as airline tickets, rental cars, hotel deposits, seminar registrations, etc. Employees are eligible for reimbursement for such expenses through NORCALs Expense Reimbursement Policy. Required Driving: n/a Non-Essential Functions: n/a Physical/Environmental Working Conditions
  • General office environment is primarily sedentary work which requires the following physical activities: standing, sitting, walking, reaching, lifting, finger dexterity, grasping, repetitive motions, talking, hearing and visual acuity.
  • The employee must occasionally lift and/or move up to 10 pounds.
  • Exposure to LCD on a daily basis.
  • A moderate noise level is usual.
  • Minimum of 4-year college degree
  • JD
Experience Required
  • Minimum of 10 years experience as a compliance professional for a regulated financial services company, ideally an insurance company.
  • Expertise in HIPAA and state privacy laws is essential; familiarity with insurance holding company act, insurance regulatory requirements in general (especially relating to fraud plan/training requirements and consumer complaints), OFAC, and document retention requirements is ideal.
  • Some outside law firm and/or in-house legal experience is preferred.
Skills Required
  • Demonstrated leadership ability and ability to communicate effectively orally and in writing.
  • Familiarity with operational, financial, quality assurance, and human resources procedures and regulations.
  • Effective project management skills.
This description portrays in general terms the type and levels of work performed and is not intended to be all-inclusive or represent specific duties of any one individual. Nothing in this job description restricts managements right to assign or reassign duties and responsibilities to this job at any time.

About this company

The mission of NORCAL Mutual Insurance Company is to provide the policyholder-owners the highest quality medical professional liability insurance products and services at the lowest responsible cost while maintaining a financially sound company. The company was formed by physicians in 1975 to carry out this mission. NORCAL Mutual insures nearly 20,000 physicians and other healthcare professionals in solo practice, medical groups, hospitals, clinics and allied healthcare facilities in California, Alaska, Rhode Island, Texas and Illinois. Facilities coming soon are Pennsylvania, Delaware, Kansas and Missouri. As an active partner with organized medicine, NORCAL seeks to anticipate and influence changing industry and policyholder trends and to respond to those trends to the benefit of the policyholders. They are endorsed by 31 county medical societies and professional organizations. The Core Values * Underwriting to the standard of care * Clinically driven risk management services * Aggressive defense of non-meritorious claims and prompt, fair resolution of all meritorious claims * Sustained financial strength and stability * Physician and health care focus To apply, click here.