Since August 2005, OMB has maintained a list of IT projects considered “high-risk”. As OMB notes on its Information Policy site,

“Projects on the High Risk List are not necessarily “at risk,” but are those requiring special attention from the highest level of agency management. While these programs may be performing well, they are determined to be high risk due to different factors such as the high cost of the project or the level of importance the project plays in the overall mission of the agency or other organization.”

This list was published publicly yesterday for the first time. Here are some interesting things I noticed on a cursory review:

• Grants management features prominently, including:
• Education’s G5
• Energy’s EE State Grants Administration
• NIH’s Electronic Research Administration (eRA)
• DHS’s eMerge2, which was recently cancelled outright
• Labor’s E‑Grants
• Grants.gov is mentioned under multiple agency’s reports, including HHS (naturally, because they’re the lead!), DOJ, NASA, and SBA
• Lines of Business — Financial Management, Geospatial, and Grants Management — are all mentioned multiple times

These initiatives all require special scrutiny from agency management and, for the most part, I think they’re getting it. Whether they are getting all the funding they need to overcome their risks is a whole ‘nother question, and not necessarily a valid one. Money alone can’t overcome agency resistance, entrenched politics, or ambivalent management and it’s often these factors that pay the most dividends. In addition, there is the question of scope reasonableness. A project that is simply too large, unwieldy, or unclear on its scope and objectives will need to be rethought — as is happening with DHS’s eMerge2 program.

While risk management is très à la mode these days it’s really encouraging to see OMB compiling and watching projects based around their associated risks.