Critical Success Factor analysis for DoD risk management: CSF-more than making a list - CSF - Program Management

Program Manager, May-June, 2002 by James Dr. Dobbins

DR. JAMES "JIM" DOBBINS

In the September-October 2001 a of Program Manager, I provided a short description of the Critical Success Factor process model. On p.49 of that article, I reference a statement from Navy Rear Adm. John A. Gauss, San Diego Space and Naval Warfare Systems Command Program Executive Officer (PEO). Speaking on the applicability of the CSF analysis, Gauss said, in part:

"...it [CSF analysis] is one of the first and most Important steps to take in order to build a successful risk management program."

In this article, I will address this one aspect of CSF analysis--its use in risk management.

Every Risk is a Future Event

We are all familiar with typical risk management processes. The fundamental notion is that we identify risks, we assess their probability of occurrence, and we assess the consequence of occurrence. Then we put a risk management plan in place that is designed to eliminate, or alleviate the impact of, the serious risk events. Every risk is necessarily a future event, and only when the risk event actually happens is the risk transformed into a problem. The better we are at identifying risks and understanding the underlying basis of our risks, the better we can manage the risks. Our objective is to eliminate as many as possible of the serious risks.

One of the struggles we always have in risk management is assessment of the probability of a risk event. Almost always, some level of guesswork is involved, and that implies we have a certain level of confidence in our assessment of probability. The better we become at eliminating the guess factor, the more confidence we can have in our assessment, and the more confidence we can have in the correctness of the investments we make in terms of labor and technology in executing our risk management plans.

Given this, we will now look at how we can apply CSF analysis to the risk management process.

Foundation for CSF Analysis

As a starting point, let us recap the definition of a Critical Success Factor, for in the definition we can see almost intuitively how CSF analysis relates directly to risk management. In his March-April 1979 seed paper, published in Harvard Business Review, in which he introduced Critical Success Factor theory, John Rockart defined Critical Success Factors as:

A) "The limited number of areas in which results, if they are satisfactory, will ensure successful competitive performance for the organization. They are the few key areas where things must go right for the business to flourish. If results In these areas are not adequate, the organization's efforts for the period will be less than desired."

B) "Areas of activity that should receive constant and careful attention from main agement."

Unless the CSF are stated in the form of an activity, applying the CSF to a given program presents many problems. Critical Success Factors are activities, not goals. They are therefore activities, all of which are critical to overall success. They are the things to which the program manager must give personal attention. Failure to accomplish the CSF successfully will be a major deterrent to overall program success. Activities can be tracked and measured. By doing so, we can determine if the CSF are being accomplished successfully.

A fundamental premise of CSF theory is that if an activity is identified as critical to program success--and the program manager's time is focused on this activity, and program resources are expended to execute, evaluate, and measure this activity--the program is at reduced risk. Conversely, if an activity being given significant attention by a program manager is in fact not critical to program success--and precious program manager activity and attention is thereby being drawn away from items that actually are critical to success, and therefore do require program manager attention--the program is at increased risk.

Critical in CS? analysis is understanding the constraints upon which each CSF depends, for it is from understanding the constraints that both the CSF and the measures for each CSF are derived. It is also in understanding the constraints that much of the guesswork in risk assessment is alleviated. Additionally, changes in the constraints signal a manager when changes to the set of CSF are occurring. By applying the CSF analysis process, the manager learns how to think in terms of CSF; and once the process is learned it can be repeatedly applied to the current program when necessary, or can be applied for any subsequent assignment the manager undertakes.

The acquisition management strategy, which is inherently a risk management process, must be focused on the correct issues or the system will have a high probability of failure to achieve the program goals for cost, schedule, and performance. All three of these target goals, which are present for every program, are goals which are achieved, or not, depending on the success of the program manager in properly addressing the program risks.

The majority of the prior research done on CSF focused exclusively on CSF identification and did not investigate the three interrelated areas: