Project Risk Experience
From your experience working on either a small or large project, list and categorize three risks from the project. Was the response plan for the project adequate to mitigate these risks? Knowing what you know now, how would you respond to these risks differently?
Course Textbook(s) Lewis, T. G. (2020). Critical infrastructure protection in homeland security: Defending a networked nation (3rd ed.). Wiley. https://online.vitalsource.com/#/books/9781119614562
-
List and categorize three project risks,
-
Was the response plan adequate to mitigate these risks?,
-
How would you respond differently now?,
-
Include experience from a small or large project,
-
Reference Lewis (2020) or relevant concepts,
✅ Comprehensive General Response
Drawing from experience on an IT network upgrade project, several risks emerged that align with standard risk categories used in project management and critical infrastructure discussions (Lewis, 2020).
1️⃣ Risk Identification & Categorization
| Risk | Category | Description |
|---|---|---|
| Server hardware delivery delays | Supply Chain Risk | Vendors were late delivering core components, threatening timeline and dependencies |
| Misconfigured network settings during cutover | Operational/Technical Risk | Configuration errors caused short outages and work stoppages |
| Staff resistance to new technology | Human/Organizational Risk | Lack of training and change anxiety slowed implementation and adoption |
These risks reflect interconnected vulnerabilities similar to those seen in critical infrastructure protection where delays, human performance, and technology missteps can cascade into larger disruptions (Lewis, 2020).
2️⃣ Adequacy of Response Plans
| Risk | Original Response Plan | Adequacy |
|---|---|---|
| Supply chain delays | Reactive tracking only | ❌ Inadequate — delays caused critical schedule slip |
| Misconfiguration / errors | Backup configs and after-hours migration | ✅ Partially adequate — outages still occurred but minimized |
| Staff resistance | Quick-reference guides distributed | ❌ Insufficient — didn’t address fear or lack of skill |
Overall, the project relied too heavily on reactive measures instead of proactive planning.
3️⃣ What I Would Do Differently Now
| Risk | Improved Approach |
|---|---|
| Supply chain delays | Multiple vendor sourcing, contingency inventory, milestone-based procurement tracking |
| Misconfigurations | More testing in a fully simulated environment + phased rollout instead of a single cutover |
| Staff resistance | Hands-on training sessions, change champions within teams, early communication about benefits |
These changes reflect the risk mitigation mindset emphasized in homeland security and infrastructure protection—anticipate vulnerabilities before they impact critical functions (Lewis, 2020).
Key Takeaways
-
Even small IT projects mirror principles of critical infrastructure protection—redundancy, preparation, and human reliability are vital.
-
The best risk strategy combines:
✅ Preventive measures
✅ Strong communication
✅ Contingency plans -
Modern projects must assume unavoidable uncertainty and design resiliency into every phase.
Reference
Lewis, T. G. (2020). Critical infrastructure protection in homeland security: Defending a networked nation (3rd ed.). Wiley.