A risk assessment is an intensive and well defined process in which a team of three to four evaluators examine large-scale governmental IT projects and assess their risks.
40 experienced project managers from across the government and several private companies take turns three days at a time and do the risk assessments along with members of the Danish Council for IT projects.
The corps members contribute with their knowledge and expertise and provide project owners with recommendations on how to handle risks in their project. But the members also benefit from the task themselves.
What is a risk assessment?
A risk assessment is a thorough analysis of the large-scale governmental IT projects. Focus is upon business, organization, governance, end-users and the technical solution.
It takes 10 days from an IT project is submitted till the risk assessment is complete.
A risk assessment always results in a letter with specific recommendations on the management of risks.
Malene L. Hansen, senior consultant at the National Police, has been a member of the corps for a year. She believes that the way the corps works provides great value:
"It's very rewarding to be part of a team whose members have different backgrounds, skills and competencies. The overall risk assessment hence becomes more nuanced than if the assessment was carried out as a one-man job."
The work in the corps has also increased Malene's attention on the projects in her own organization:
"I'm reminded of how important it is to conduct internal reviews of our own projects."
Like the Danish Council of IT projects, the assessment corps has members from both private and public sector, ensuring a valuable variety in the experience and contribution to the risk assessment.
Jens Gadgaard, senior consultant at Nykredit has also been a member of the corps for a year and has among others assessed the risks of projects from the Ministry of Finance. He points out that of course the primary purpose of the risk assessment is to provide value to the organisation behind the project but that he, like Malene, can use the experience in his own organization:
"At the same time, it provides me with great value to be part of the team behind the risk assessment. It's inspiring for me as a private sector employee to gain insight into the way in which governmental authorities operate their IT projects. I get many new ideas and perspectives."
The assessment corps has existed since 2011 when it became mandatory to have large-scale IT projects risk assessed by the Council. This is an unconventional form of co-operation across the government, and the spirit of the corps is characterized by a very high willingness to contribute and constructively share experience and knowledge. Head of the cross-governmental project office, Morten Ellegaard, therefore appreciates the corps’ contributions:
"We invite project managers, who by their own experience know the type of risks that are associated with implementing large-scale IT projects. They contribute in this way to minimize risks and professionalise the work with large IT projects across the state. I think that is a great strength in our model. That their participation at the same time develops their own skills and competencies makes it even better, and perhaps we should consider whether we can extend the model to other areas too."