Information Risk Assessments

Based on risk management best practices


Executive sponsors of large-scale IT projects often don’t have visibility into the risks of their IT projects. Even some highly competent IT project managers and technical resources don’t have the background and tools to quantify business risks stemming from technical projects.

Sometimes, the only gauge executive sponsors have of their project’s health is a spreadsheet with hundreds of technical items categorized as High, Medium, or Low risk, without any indication as to what the business impact is.

Based on risk management best practices, EPI-USE Labs has developed a methodology to assess IT projects’ technical and business risks, identify the areas with the biggest potential business impact, and provide a roadmap to a healthy go-live. Most importantly, we’ve developed tools to communicate this information in a highly graphical, easy-to-digest format.

A two-hour executive walk-through following our assessments gives executive teams a firm understanding of the primary issues and clear visibility into the true state of their projects.

Are you a Champion?

The Project Management Institute (PMI) categorizes companies as “Champions” or as “Underperformers" based on their organisational performance. A company that completes 80% or more of its projects on time, on budget, and in line with project goals, is considered a Champion, whereas an organisation which completes 60% or less of its projects to the same criteria is categorized as an Underperformer. A key differentiator for increasing IT project success is how companies manage project risk, whether this is through early identification of risks, proactive planning, or risk remediation.

Contact us to find out more


The Project Management Institute (PMI)

Assessment of inherent risk

An inherent risk assessment allows us to recommend specific controls for the most risky areas of a project at the outset. It can also serve as a counterpoint to evaluate the risk benefit analysis of potential projects, and to provide context to the results of lower-level, per-module risk assessments. Our approach can quickly deliver a relatively accurate indication of inherent project risk. Results of the assessment are typically depicted in the form of a ‘radar chart’, in which the outer edges indicate the highest level of risk.


Assessment of inherent risk

Above: Assessment ‘radar chart’ - outer edges indicate the highest level of risk.  

Project Risk Assessments

Irrespective of the merit of a project at the outset or the degree of early-stage planning, failure can occur as a result of inadequate planning, or a lack of risk and readiness analysis, prior to go-live. Planning is especially necessary in the case of large, complex projects to ensure a successful outcome, or to trigger a postponement if that is the sensible course of action. We’ve often seen that project teams involved in all the intricate technical details can’t see the forest for the trees and benefit greatly from an external evaluation to put risks in perspective.

Our methodology comprises phases for planning, fieldwork, evaluation and reporting staffed by risk management and subject matter experts, relevant to the type of project.

The typical outcomes of an assessment are an independent:

  • Detailed, module-level risk assessment
  • Determination of top-10 risks
  • Analysis of actions to mitigate the aforementioned risks
  • Timeline of ‘health check’ milestones to confirm efficacy of risk-mitigation actions
  • Quantification of process-based and technical systems benefits at planned go-live date
  • Determination of the postponement of system elements and associated benefits, so as to reduce the risk of successfully going live.

Project Risk Assessments

The above graphic shows the current risk of one project area (red down), measured against technical and business dimensions and the risk potential if mitigations are put in place (green area).