The next step is to implement the risk mitigation plan, which is when the countermeasures are put into place. The two primary goals when implementing a risk mitigation plan are:
Any project will have unknowns and surprises, and this is especially true for complex countermeasures. However, advance planning will reduce these unknowns to a minimum. Without adequate planning, the project may go overbudget or be frequently delayed.
Either problem could cause management to change its mind on the value of the countermeasure. If it costs too much or takes too long to implement, management will question the value of the countermeasure.
In the example of the addition of the web farm and failover cluster presented earlier in the chapter, after they are implemented, they will decrease outages and increase availability of the website. These are examples of complex countermeasures.
If all the costs to implement the plan have been identified, the project will go smoothly, but, if some of the costs were not identified, the project will have problems. These problems could appear in any of the following areas:
Any of these additional costs could easily bust the budget. If the cost of the countermeasure exceeds the allocated budget, management could decide to pull the plug on the countermeasure. Moreover, each time an additional cost is identified, the CBA needs to be reevaluated because the original decision to implement the countermeasure was based on the original costs. As the costs go up, the value of the countermeasure goes down.
An important consideration for any project is the schedule. Tasks should be planned to ensure they occur in a specific order, which means that, if any task is delayed, other tasks may also be delayed, and these delays may affect the actual implementation date.
One of the tools that can be used for staying on schedule is a milestone chart. FIGURE 11-5 shows a sample milestone chart for the web server upgrade discussed in this chapter. Project managers typically use project management software that automates the creation of these charts.
When using project management software, the milestone dates and the length of any specific tasks can be entered. The software then allows for the displaying of the data in multiple formats.
For example, FIGURE 11-6 shows the same project in a Gantt chart format. Once the data has been entered into the project management software, showing the data in an alternate format is relatively easy. Often, changing the format requires only a few clicks of the mouse.
Some tasks are dependent on each other. For example, new equipment bays need to be installed before power can be run to the bays, and the timing of the training is important. If training is provided too early, it won’t be fresh when the technicians need to install the equipment, whereas, if it’s provided too late, they may need to install the equipment without the training or the project schedule could slip.
A critical path chart shows dependencies, as shown in FIGURE 11-7. If any of the items in the critical path slip, the entire project will be delayed. Managers must pay close attention to critical path items to ensure the project stays on schedule.
For example, milestones 2 and 5 are not on the critical path. The purchase of the servers and hardware and the addition of air-conditioning to the room can be delayed. Of course, they can’t be delayed indefinitely. When it’s time to install and configure the servers, these milestones must be met. However, managers can give milestones 2 and 5 less attention early in the project as they focus on critical path milestones.
The tools used aren’t as important as realizing that they are available. For simple projects, the schedule may simply be sketched out on a napkin, but larger projects would benefit from the more sophisticated project management tools that are available.