Two things spring to mind about conducting a risk assessment as soon as possible. First, transparency is key to finding risks early. People afraid to address issues are likely to pooh-pooh legitimate concerns. Second, enterprise risk management (ERM) offers quite a bit of guidance. My friend Bob Charette contributed a chapter to my second book, The Next Wave of Technologies: Opportunities in Chaos, on ERM since any type of major IT change in an organization is fraught with risks.
There's way too much on ERM for me to attempt to do it justice here. Suffice it to say there are significant limitations to surveys and "roundtable" meetings. Risks need to be assessed systematically and throughout the project's entire lifecycle.
This was first published in December 2009