In an international survey of e-commerce and e-business IT projects by Cutter Consortium, it was found that, on average, e-project schedules slipped by 33%.

In a climate growing less and less friendly, this is a strong warning of project cost over-runs or of an even worse alternative – a compromise in functionality that antagonises the public and that operations staff find difficult to maintain.

The consequences are dire. A project of 11 months (an average duration for IT projects in the e-business arena) would be delivered nearly four months late. It is therefore not surprising that deadlines of some of the more complex – and public – projects are missed.

A good example is Citibank, which failed to meet its own deadline for the launch of a one-stop internet service for customers with multiple online accounts.

But despite the fall in value of tech stocks and accompanying decrease in confidence of internet or online businesses, full risks and opportunities are not properly examined or managed at the start of such large and high-profile projects.

This is demonstrated by the fact that Citibank, Virgin and Egg have all delayed launches for similar types of e-service.

The service in question is that of account aggregation, in which users of several internet accounts will be able to see all their details on the same page and the probable reason for the delays is legal.

After so much time, money and credibility have been spent on the projects, there are now concerns that the process itself is illegal.

In the current climate, any technology project is likely to be initiated as a result of a strong business imperative. A business that doesn't take any risks is unlikely to stay afloat for long.

In high profile e-projects, such processes should be undertaken in a consistent manner and on a regular basis. They should be inclusive of internal and external risks and, when done, should be able to influence public announcements, external communications and formal deadlines as well as internal processes. They should be an automatic part of a governance structure that would prevent other internal and external risks at the same time. While the examples here are from banking, the message is clear to any sector.

Structured risk management involves identifying, managing and re-assessing all major risks on a regular basis. Organisations that do not undertake such processes are likely to suffer embarrassment, unnecessary expenditure or worse – all to the advantage of their competitors.

  • See Legal Focus page 27 for more on account aggregation.