Analyse, Enhance and Reiterate Risk Management Strategies, Implemented in Information Technology Project Management, amidst COVID-19

The global perspective of human life drastically changed after the spread of COVID-19. The world reduced itself, to a digital cocoon. Education, work, commerce, shopping, industry, sales - all walks of life, transformed mostly into a digital mode. The IT (Information Technology) and ITES (IT Enabled services) saw a tremendous transformation in the operational aspects. ‘WFH (Work from Home)’ enabled the resources to work from their preferred locations. These factors increased the risk of data management and data security. The security of the network and the personal devices used to handle the sensitive and confidential data aggregated the risk factors in project management. The significant challenges faced by the IT sector project management were (1)Global Travel restrictions (2) Forecast of Global Recession in near future and resultant minimization of budget allocated to new projects (3)Negative growth Impact from multiple domains, resulting in reduction of new projects and reducing the scope for existing ones (4) Initial adaptation glitches due to the quantum leap in the digital channels (5)Manage constant fluctuating attitudes and anxieties of employees on personal aspects, job security, drastic change in work environment(6) Unprecedented and unpredictable exorbitant influence of macro environment in the routine enterprise activities. The chances of non-availability of critical resource due to health issues, the network issues faced in the remote locations, the unpredictable exposure of data - all these were contributing elements that increased the risk management complexity. In future, many IT companies have decided to operate mainly in the WFH mode as the operational expenses are drastically reduced. The implementation of efficient and effective risk management strategies become crucial considering the long-term implementation of ‘not from office’ operating model. The trust of the multinational clients, commitment of meeting the deadlines, maintaining the confidentiality and sensitivity of data, protecting the unintended intrusion from the digital malicious practices - all are the additional significant risks and challenges, as the probability for the occurrence of these events have increased exponentially due to the latest work arrangements. This paper attempts to evaluate the current risk mitigation strategies and analyse the gaps in the current system. The aim is to effectively manage the upcoming threats and risks in the long-term implementation of the current working


Introduction
The regulations and lockdowns were imposed across the world from March 2020 in a bid to stem the spread of novel coronavirus.There was no dearth of predictions about the impact this slamming of the breaks would have on the way IT sector strategize, implement, control and improve. This was an unprecedented time when the IT sector project management has to handle unexpected challenges in the area of Risk Management. This provided a unique opportunity to formulate innovative strategies, that will have long-term implications in the IT sector.
As per the studies conducted by the public health sector the four major potential scenarios for the evolution of the crisis were1)Rapid rate of outbreak and Remission-The initial outbreaks and remissions were unpredictable as the correct medical treatment methodologies not were formulated on practical trials.2)Flattened curve-The gradual lift of lockdowns, flattened the curve and aided in keeping the number of cases at moderate level.3)Cyclic outbreaks-The uncooperative elements resulted in cyclical outbreaks. The zones were demarcated into different colour zones based on the number of cases reported in each area4)Prolonged waves-The non-compliance of many factors has led to uncontrolled transmissions. The time frame of each wave of impact prolonged for a considerable duration(* image cited from https://www.accenture.com) The global players in IT sector had to shut down their offices during 'lockdown' declared by the Government. However, the operations or day-to-day tasks had to be carried out uninterrupted. The time to formulate new project management strategies and to implement them in the live environment was very short. This drastic shift in the mode of operation from a strictly monitored office setup to a remote working arrangement, increased the risk management challenges to many folds.The primary goal of the organizations was to be able to get ahead of events, and react strategically and skilfully. The initial challenge was to design an immediate and strategic portfolio of action, that helps to minimize false optimism, improves the turn-around speed and helps to establish a pragmatic operating model.The budget allocated by various IT firms were cut short to a considerable proportion which resulted in either discarding the pipeline projects or shifting the project initiation dates. Theworkforce was impacted as well. The salary cuts, layoffs, shutting down of start-ups all were the resultant after effects.

Theoretical Background
Innovative and successful risk management strategies are formulated and implemented in the IT sector by various Project Management Consultants. Risk mitigation ratios were effective and controlled for most of the scenarios. However, the recent outbreaks of COVID-19 drastically altered the scenario.
Covid-19 is a contemporary issue and hence the studies are still in progress. However, the article mainly depended on web references. The secondary data is mostly obtained by web searches and studies conducted by various trust worthy sources. The reports by McKinsey & Company and Economic times are also taken as reference to validate the authenticity of the research. Various IT firms have done their internal research on how to tackle the risk management scenarios in the current situation. A comparative analysis of the internal studies of the big giants in the IT sector is done so as to obtain a holistic picture.
PMKOK, the bible of project management, has the traditional experimented pre-defined processes for Risk Management. However, the additional digital data volumes, data security and drastic work environment shift created additional risk management challenges that required continuous improvement and alterations.
In the paper by Power, M. [14], a detail study of the financial implications of the COVID-19 is provided. The fiscal policy measures global banks are also studied in detail. The data related to monetary policies and central bank spending to fight against COVID-19 is also included in this paper.
In the paper by Aven, Terje [7], the basics of risk management is analysed and explained. Risk is defined as potential for realisation of unwanted, negative consequences of an event. Risk management is the mitigation of negative consequences of an activity and associated uncertainties. It is explained as the triplet (si, pi, ci), where siis the ithscenario, piis the probability of that scenario, and ciis the consequence of the ith scenario,(i =1, 2,…..N).

Methodology
This is a descriptive study to analyse, identify risk management strategies during the pandemic, recognize inherent challenges and evaluate the scenario with specific cases in accordance with the new norms. The study aims to suggest an elevated risk management framework adaptable to the new business environment in Information Technology Project Management.

New Challenges Triggered by the Sudden on-set of Covid-19
The project management and risk mitigation strategies had to be revamped and re-strategized to address the new challenges that was put forth by the sudden onset of the pandemic. The major factors that contributed to the need for additional risk management strategies were

Global Travel Restrictions
The initial periods saw the complete travel restrictions. The later stages saw limited restrictions based on countries and the health scenarios. The pipeline deals which were about to be finalized, were suspended as the leadership couldn't meet.The funds were delayed by the crisis-hit clients. As per experts, the pressure on pricing lead to lower deal wins and renewals

Impact on Multiple Domains
IT sector is interdependent on various other sectors for the projects. According to analysts, the related domains that had a knock down impact were travel & tourism, hospitality, airlines, retail, oil & gas, financial services and manufacturing sector.These had a huge impact on IT sector as well.

Forecast of Global Recession
The forecast and expectations of global recession in near future resulted in minimization of budget allocated to new projects. Various new projects which were in pipeline were discarded or rescheduled to a future date. A large number of start-up organizations were under the pressure of turbulence.

Initial Adaptation Glitches
Due to the quantum leap in the digital channels,the initial adaptation of the new technology faced a lot of glitches and challenges. IT Companies adapted various strategies to ensure the digital security. TCS came up with Secure Borderless Workspaces™ (SBWS™) model that allows TCS associates to work from home with minimal support from colleagues working from office.

The Human Aspects
To manage constant fluctuating attitudes and anxieties of employees on personal aspects, job security, drastic change in work environment all were challenges. The forecast of recession resulted in layoffs, which resulted in ambiguity among the employees. The new environment of work, a home environment where the employees had to multitask added to the risk management challenges.

The Influence of Macro Environment
Unprecedented and unpredictable exorbitant influence of macro environment in the routine enterprise activities increased the risk management challenges to many folds. The international travel restrictions, the lockdowns declared by governments of various countries, the uncertainty about the global recessions all were the contributing factors.

Analysis of Impact of COVID-19 on various realms of Project Management
Various parameters of project management were deeply impacted by the new business operation models and social scenarios. The significantly impacted segments are technology, business strategy, workforce and finance.

Impact on Technology and Operations
A new range of technology challenges like additional business continuity risks, fluctuations in volume of data to be handled, decision-making happening real time, productivity of the workforce, additional security risks due to new work arrangements, requirement of immediate response of leaders to the systems resilience issue all were the impact of covid-19 on technology.

Impact on Business Strategy
The renewed uncertainty about the pandemic, set the assumptions companies used to shape scenarios and usual strategic course of actions in question. The strategic changes involved adjusting those assumptions, re-evaluating the scenarios and strengthening the capability to predict and respond to the ad-hoc risks.The uncertainties gave the opportunity for organizations to accelerate the pivot to digital commerce, by expansion of existing offerings and creation of new lines of business services.

Impact on Workforce
To stabilise the business models and reduce the financial constraints, IT sector radically and drastically altered the long-term development plans to adapt to the new normal, which resulted in reducing the work force in many sectors. Convenient arrangement had to me made at home to work uninterruptedly. The network quality, the security software available all accelerated the initial glitches. More over the sudden outbreak of the pandemic affected the stress and anxiety levels of the workforce.

Impact on Finance
The major financial impacts were attributed by factors such as scarcity of capital, low cash reserves and cash flow shortages. The financial strata -were strained and many IT sector start-ups faced the possibility of insolvency or bankruptcy alongside cash flow shortages.

Suggested Risk Management Frameworks
The major steps in Risk Management involves-1) Plan risk management 2) Identify risks 3) Perform Qualitative Risk Analysis 4) Perform Quantitative Risk Analysis 5) Plan Risk Responses 6) Control Risks. The chart depicts the establishment of risk assessment process by evaluating the organizational risk frame.These input factors to be considered for formulating the organizational risk assessment process are 1) Risk assumptions 2) Risk constraints 3) Risk Tolerance 4) Risk Prioritization. The process should establish a foundation for Risk Management. The methodology should be able to delineate boundaries for Risk based decisions. (image credit: https://www. sciencedirect.com) This framework shows the tactical and strategic decisions involved in Risk Mitigation process. The four major parameters taken into account are intent, capability, accountability and continual improvement. The five major steps in the framework are 1) Establish the content 2) Identify the risks 3) Analyse the risks 4)Evaluate the risks 5) Treat the risks. Communication, consulting, monitoring and review are the four major pillars in this framework (Image credit: http://broadleaf. com.au)

Risk Management Framework Developed for the Current Scenario by ENISA (European Union Agency for Cyber Security)
The entire Framework proposed by ENISA follows iterative model. Optional risk acceptance, risk communication, risk awareness consulting and Monitor and review is incorporated in both long term and short-term recurrence.
The foundation of the current scenario Risk Management framework is the Corporate Risk Management Strategy. For short term risks that require immediate action the framework suggests a risk treatment which involves 1) Identification of options 2) Development of action plan 3) Approval of Action plan 4) Implementation of action plan 5) Identification of residual risks. The long-term risk mitigation strategies use the following foundations1) Define the scope and framework for Risk management 2) Establishment of clear boundaries for Internal and External Environment 3) Formulation of Risk criteria. The effectiveness interface of the risk mitigation plans to the operational and product processes should be evaluated on a periodic basis for the successful implementation of this framework.(image_credit:https://www.enisa.europa.eu/topics/ threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-process)

Inferences
• IT sector budget and financial allocations experienced a negative slope • The dependant industries like airlines, hospitality, entertainment, energy had to suffer a budget decline • Bifurcated the market of IT suppliers notably.
• The well positioned players in the IT sector had clear cloud plays with software-as-a service models, pre-established work-from-home project management strategies and modern cloud native stacks. • Cybersecurity players stood out from the crowd • The IT companies which followed the legacy on-premises set-up were hardest-hit.
• The cloud platforms-Microsoft Azure, Amazon Web Services and Google Cloud experienced strong momentum • Microsoft teams, Zoom evolved as winners in the collaboration space • The IT services, consulting and outsourcing faced notable declines

Conclusion
The outbreak of the COVID-19 increased the challenges for Risk Management in the IT Project Management sector. The IT companies that followed the legacy on-premise set up had additional challenges. However, those who were pre-equipped with cloud strategies and work from home risk management strategies could easily manoeuvre this sudden epidemic outburst and the resultant changes in the work pattern. The risk mitigation strategies should be formulated in an iterative manner and should be meticulously implemented. There should be adequate risk assessment and identification frameworks that helps in the long-term implementations of risk mitigation strategies.
Risk communication and risk awareness consulting should be incorporated in every phase of the project management. Data security and confidentiality should be maintained with at-most significance. The channel for data handling should be adequately modified to handle the fluctuating data volumes, expecting a proportionate increase in the subsequent years. The risk management strategies should be formulatedanticipating the future risk analysis and management processes related to IT Project Management.