As Project Managers, we sooner or later learn the significance of managing risks in a project. We get good at identifying risks that impact project goals and figuring out mitigation/contingency actions. We plan these mitigation actions diligently and make sure that those are done. However, sometimes, we fall into a trap that I call the ‘Mirage of Mitigation’. Let me illustrate from my personal experience.

Many years ago, I was leading a project to develop a marketing application for a retail bank on a mainframe. One of the requirements was that a cross-selling message be displayed on the PC front-end when a customer does a withdrawal or deposit transaction in a branch. The message would prompt the teller to promote a product to the customer based on his/her relationship profile. That sounds fairly simple, doesn’t it?

Right at the beginning, I realised that the project team did not understand the 50,000-line COBOL back-end code running on the mainframe that processed bank transactions for their deposit accounts. We sought inputs and time from the team that supported the transaction processing (TP) application but there were delays in getting their support and that would impact the project timeline. Risk was identified with a mitigation action to get COBOL-experts to read the code and proceed with the impact analysis. An analysis note was sent to the team that supported the TP application for review. With this review feedback and a lot of code-reading, the project team made the changes and got them tested by the user acceptance test team. The team was happy to have met the deadline despite the challenges.

Disaster struck, when the changes went into production. There were calls from every branch saying that account closing request was throwing up random and ridiculously high closing balances on the screen. To cut the long story short, changes were rolled back and I was humbled by multiple post-mortems at various levels of the organization. We did not have the insight to understand that account closing invoked an implicit withdrawal transaction which we had not quite factored into our changes. Under some conditions, account closing failed due to the code changes!

In hindsight, I think I had suffered from the Mirage of Mitigation. Team had worked hard and some sharp developers had spent weeks on the TP code changes, did peer review and multiple rounds of testing.  The intensity of the mitigation action and the ‘apparent’ success dulled our senses. We were so thrilled by the ride and drunk with ego that we forgot that mitigation action does not eradicate the risk. We lost focus.

While risk management theory would suggest various solutions to avoid such mishaps, I feel that we need to be more ‘mindful’ – pay attention where it is due and become aware when our attention is wavering. Such awareness could be the best tool in a project manager’s armoury to see through the mirage of mitigation!