1. Running Toward Risk

Running away from risk is a no-win proposition. Sometimes, you come across a project that looks positively risk-free. In the past, you may have looked at such an endeavor as a slam dunk and thanked your lucky stars to be given an easy project for a change. We’ve had the same reaction. What dummies we were. Projects with no real risks are losers. They are almost always devoid of benefit; that’s why they weren’t done years ago. Save yourself some time and energy and apply it to something worthwhile:

Risks and benefits always go hand in hand. The reason that a project is full of risk is that it leads you into uncharted waters. It stretches your capability, which means that if you pull it off successfully, it’s going to drive your competition batty. The ultimate coup is to stretch your own capability to a point beyond the competition’s ability to respond. This is what gives you competitive advantage and helps you build a distinct brand in the market.

1. Companies were moving applications and databases from the old mainframe-and-terminal mode to client/server mode.

2. Companies were transforming themselves to interact directly with their customers and suppliers in new and previously unimagined ways: via the Internet and through integrated supply chains, auction mechanisms, and disintermediated transactions.

Unfortunately, there were lots of companies that dedicated themselves substantially to the first of these and ignored the second. Once you’ve done one client/server conversion, the rest are easy and mechanical. You could do them in your sleep. In fact, if you spent most of the nineties doing client/server conversions, you were asleep. You missed the action.

A case in point is Merrill Lynch. It looked long and hard at the so-called trend of on-line trading . . . and decided to ignore it. It crossed its fingers in the hope that the era of the full-service brokerage (with fat fees and brokers who could keep you endlessly on hold) would come back, that direct trading would be only a passing fad. What a forlorn hope. Today, the full-service brokerage is as much a thing of the past as the full-service gas station. And today, Merrill Lynch offers its customers on-line trading at a reduced fee. But it took the company nearly a decade to catch on. Merrill Lynch was the latest of the Late Adopters.

The Early Adopters were Fidelity, Schwab, and E-Trade. E-Trade and its look-alikes were new companies, created to exploit the change. So, if on-line trading had turned out to be only a passing fad, E-Trade would have gone belly-up with no loss beyond the capital the company had raised explicitly to put at risk. Fidelity and Schwab, on the other hand, were well-established companies with a lot to lose. In this sense, they were not so different from Merrill Lynch. But Fidelity and Schwab were willing to take the risks.

The IT people at Fidelity and Schwab had to be aware of the risks of the new venture. Here is our two-minute brainstorm list of the risks that would have been easily apparent to Fidelity and Schwab when they began to take on Web trading in the early nineties:

• Building the system is completely beyond our capability; we’ll have to learn protocols, languages, and approaches like HTML, Java, PERL, CGI, server-side logic, verification, secure Web pages, and many new technologies that we can’t even name today.

• Supporting the system is completely beyond our present capability; we’ll have to set up user help desks, audit trails, monitoring software, tutorials for use of the system—things that we’ve never done before.

• The security risks of on-line trading are truly daunting; we will be attacked by hackers and crackers, by organized crime, and by our own customers and employees.

• We may not be able to acquire the experience and talent we need to do any of this.

• We may find that the business we do via the Web is just what we would have done with the same customers at higher fees if we hadn’t built the Web trading system.

• We may find that people try on-line trading and then go back to telephone trading, leaving us with a busted investment.

• We may ease our existing customers into this new mode and then lose them to competitors that cater to these newly savvy traders.

Undoubtedly, Merrill Lynch was aware of the same risks. But Fidelity and Schwab decided to run directly toward those risks, while Merrill Lynch chose to run away from them. The result was that Fidelity and Schwab grew aggressively in the nineties while Merrill Lynch struggled to stay even.

In this period of turmoil, a willingness to run risks is utterly essential. It matters a hell of a lot more than efficiency. Efficiency will make you, at best, an attractive takeover candidate—probably for a less-efficient competitor that has stolen a march on you through greater risk-taking.

New competitors in Charette’s perverse escalator world get to enter their escalators halfway up. Falling behind, then, guarantees that new competition will enter above you.

At the top of each escalator is a lever that will allow you to control the speed of not just your escalator, but of everyone else’s as well. If you’re the first to reach the lever, that shows that you’re a better climber than your competitors. So, you can speed up all the stairs so that you can stay even but your competitors cannot.

It’s the risks that you take that speed up the stairs for everyone else. Not taking them just assures that your world will come to be shaped and dominated by someone else. This is an era in which risk-taking is rewarded, leaving companies that run away from risk as plunder to be divided up by the others.

Now, nobody is so stupid as to ignore all risk. When people do this dumb thing, ignoring risk, they do it selectively. The way it typically works is, they take elaborate care to list and analyze and monitor all the minor risks (the ones they can hope to counteract through managerial action) and only ignore the really ugly ones.

TDM:    As a member of the Airlie Council, a Department of Defense (DoD) advisory group overseeing government software acquisition practices, I sometimes sit in on risk management briefings. I was particularly interested to see how one project that I’d been following from afar would deal with what I viewed as a truly daunting risk. Because it was building software to replace a Y2K non-compliant system, late delivery would be a real disaster. And I had heard that the code to be delivered was nearly six times larger than anything the contractor had ever been able to build in the time allocated for the project. The daunting risk was that the project would be late and leave the organization with no workable alternatives.

When the project manager produced a list of his key risks, I was surprised to find that not one of them had to do with schedule. In fact, the major risk in his estimate was “PC performance,” the fear that the current configuration would not have enough horsepower. “But hey, don’t worry about that one,” he told us. “We have a plan for that, a beefed-up configuration.” I quickly came to understand that if he didn’t have a plan for how to counteract a risk, then he ignored it.

This is hardly a formula for sensible risk management. If you’re going to run toward risk instead of away from it, you need to keep both eyes open and firmly focused on what’s ahead.

• What exactly is a risk and what does it mean to manage it? (Chapter 2)

• What are the consequences of unmanaged risk? (Chapter 3)

• Why bother to invest in a different approach? (Chapter 4)

• What problems do I incur by doing risk management? (Part II)

• How do I go about it? (Part III)

• How do I achieve a balance of risk and opportunity? (Part IV)

• How do I know whether or not I have succeeded? (Part V)