An increasing number of organizations are taking on large-scale change programs. Sometimes these are driven because their industry sector is being redefined against them; in other cases as a result of waves of M&A; in still others as fundamental change is needed to retain competitiveness. What is interesting, however, is how few IT organizations in these companies catch on that these mandates are not about building and selling a business case. Rather, the approval to proceed stems from demonstrating solid risk management.

Programs are composed of multiple projects, carried out over a long period of time (half a decade is not uncommon) and which collectively are designed to produce a substantial (and, hopefully, enduring) return. Often, at the beginning, the steps to be taken between the vision of the end state and the first projects are not at all clear. As a result, the traditional business case centred “return on investment” decision making process is inappropriate. The economic profile of the program as a whole can, at best, be indicative only.

Instead, senior executives (and increasingly it is either the Governing Board for IT or the Executive Committee of the company that makes these decisions) want to know that the risks are being evaluated and managed. Program managers, therefore, in fleshing out the requirements that make up the program charter to be approved, spend significant time on the various forms of risk the program entails. By comparison, the economic profile is of the quality of a back-of-the-envelope estimate. Indeed, in many cases, external factors have mandated action that will occur regardless of economic factors: the program will have been borne out of events.

Just because a program is mandated, however, program managers must ensure that the business leadership engages on key issues. Accendor sees, again and again, business leaders who resist dealing with key definitions that will make or break the program. “What is a premier customer?” “How do we manage a service?” “How many cycles are we planning for this product segment?” — these are typical questions that have different answers in different parts of the organization, and must be resolved prior to serious work being undertaken.

As a result, the largest pool of risk is often found in the reluctance of the business to take these issues on. The program manager, however, must ensure that it does. Only that way is there hope of a positive outcome.

Enterprises (in many cases) have spent the past 6-8 years in fear of “megaprojects”. Program-level changes have brought them back to considering long running changes once again. Ensure that the business leadership deals with the right issues: be willing not to accept their approval to proceed, if necessary, to manage the risks properly. The loss of initiative a second wave of megaproject fear might bring could well be the end of the enterprise itself, this time.