If this type of risk analysis is good enough for Aspinall, it ought to be good enough for CIOs, especially now that they're working in an economic environment looming as ominously over their businesses as Soufriere Hills looms over Montserrat. For the most part, though, CIOs have not adopted statistical analysis tools to analyze and mitigate risk for software project management.

This is why they should.

Risky Business

Experts will tell you that statistical risk analysis is as essential to real portfolio management as a processor is to a computer. Without it, portfolio management is simply a way to organize the view of projects that will almost certainly fail. CIOs who are serious about portfolio management need to be serious about statistical risk management.

"If you don't succeed with risk management, you won't succeed with project portfolio management," says Raytheon CIO Rebecca Rhoads, who credits risk management with lowering her project failure rate and helping Raytheon IT achieve its cost-performance targets. Rhoads is ahead of the curve, but despite her engineering background, she has yet to apply the kind of sophisticated statistical analysis that Aspinall uses for his volcano.

Robert Sanchez, senior vice president and CIO of Ryder, credits risk analysis with bringing order to his company's decision-making process for projects. He would welcome statistical analysis, but he's not there yet. "Have we really embraced it completely and understood it in all of its detail?" Sanchez asks rhetorically. "No, we haven't. But we will."