How to Do Decision Tree Analysis

The other major risk analysis methodology applicable to IT project portfolio management is decision tree analysis. Where Monte Carlo excels at shaping what happens when many risks are in play at once (such as launching an ERP project), a decision tree proves most useful at mapping either-or situations and the sequential risks that follow each decision (for example, either I build a new factory or retrofit an old one). Each choice is a branch with an attached probability, derived the same way all risks are derived--through brainstorming and research. Each branch leads to other branches, which are the risks that result from choosing the original branch.

The key to analyzing decision trees is knowing that the probabilities compound. This is why Waste Management's Rogers likes them. Decision trees often show that good risk decisions are counterintuitive, if you follow the branches. "I'll give some outlandish choice, like rewiring your office or building a new one," Rogers says. "Everyone thinks they know which is less risky, but you watch the risks compound over time and guess what, it's not nearly as risky as you think to build a new office in certain situations."

Decision trees are also powerful presentation tools for executives, as long as you don't drop an entire tree on the CEO. They can be unwieldy. They branch out quickly with thousands of potential paths. ACIO must keep them under control. To demonstrate the path of certain decisions, limit the branches to only the most important risks, and simply leave out remote risks.

Final Analysis

Risk analysis takes some getting used to. Anyone not steeped in this world may misinterpret the results of any given analysis. For example, if you say there's a 90 percent chance it will rain tomorrow, and the day ends up being sunny, your analysis still may have been perfect. There was, after all, a one in 10 chance the sun would shine, and indeed it did.

The hardest part of risk, especially for CIOs, is that it doesn't provide concrete answers. Risk analysis will not tell you which project to do. It will tell you which ones fall into a certain level of risk and payoff. Provide the same IT portfolio and the same risk analysis to Rogers of Waste Management and Lynn Caddell, CIO of Yellow Freight, and they will most likely choose a different set of projects to pursue.