What are controls?

Controls are structured data. They shall be devised to report a specific situation that could influence the output. Therefore reducing the project’s opportunities

For their intrinsic nature, they shall be based on an unbiased communication system that collects the information necessary for evaluating the results of the spent efforts on a specific task.
In the previous post, they were presented as tools to be set up for risks’ mitigation. The hinted solution was about finding a common strategy. One of my favorites quotes from SunTzu is about the best battle is won without fighting. The knowledge of the matter gives enough strength for making profitable alliances. However, due to the complex structure of project’s stakeholders it is not an easy task to sell an idea that fits to everyone.
Two major winning points can be offered:

1. Increase the success’ opportunity through the reduction of uncertainties.
2. Reduce the workload leaving more room for “real” communications.

Finding the right key

The goal is to improve the communication. In theory, this would have no enemies. The implementation of an automatic system for collecting data could be easily built using well designed scripts (e.g. Ant) based on Unit test’s concept (e.g. either for java, php or msdn). This solution will supply a steady flow of information about the quality of produced code. However, everyone has his/her own caveats for implementing any solution based on transparency. This is particularly easy to spot it in the developers, who could resent it as a mean to put pressure on them. The quantity and quality of the produced code is not the only source of risk.

Moreover, this system needs to be fed by data elicited by business analyst from domain experts and users. Hence, the workflow’ complexity will increase.
This is the core of the topic. The costs of implementing controls shall be balanced by the reduction of the risks.

Conclusion

Financial aspects (efforts’ costs) are not the only one to be considered. At stake there is the collaboration of all stakeholders. Risk management needs a holistic approach. Everyone shall be involved in spotting potential weakness. All this kind of information shall be collected in the right occasions, then filtered and made intelligible to the senior management.