JBLN
JBLN
(2008),"Risk management in a multi-project environment: An approach to manage portfolio risks", International Journal of
Quality & Reliability Management, Vol. 25 Iss 1 pp. 60-71 <a href="https://doi.org/10.1108/02656710810843586">https://
doi.org/10.1108/02656710810843586</a>
(2007),"Managing risk in software development projects: a case study", Industrial Management & Data Systems, Vol. 107
Iss 2 pp. 284-303 <a href="https://doi.org/10.1108/02635570710723859">https://doi.org/10.1108/02635570710723859</a>
Access to this document was granted through an Emerald subscription provided by emerald-srm:534948 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please visit
www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics
(COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.
(Cooper, 1993; Yoon et al., 1994). This technical solution (Boehm, 1989; Jones,
lack of experience can extend to hardware, 1993).
operating systems, database management .
Incomplete requirements. Insufficient
systems, and other software (Fuerst and information has been obtained in the
Cheney, 1982; Nelson and Cheney, 1987). analysis phase, resulting in construction of
(4) Political circumstances: a solution that does not meet project
.
Corporate culture not supportive. Corporate objectives (Shand, 1993; Engming and
culture may be project adverse owing to Hsieh, 1994).
other hidden agendas, factions within the .
Inappropriate user interface. The software
company, organisational culture under user interface selected or developed fails to
continuous change or threat of change, and meet user requirements (Jones, 1993;
other internal priorities. This results in King, 1994).
weak management support for the project (6) Management activities and controls:
and consequential failure of not meeting .
Unreasonable project schedule and budget. The
objectives (Leitheiser and Wetherbe, 1986; project is unable to realise its objectives
Engming and Hsieh, 1994; Irani and Love, owing to unrealistic restrictions placed on
2001). the projects budget, schedule, quality or
.
Lack of executive support. Project is level of performance (King, 1994; Krasner,
disrupted from achieving its objectives
1998). A project failing to meet its
owing to management playing politics
Downloaded by VIT University At 19:44 13 February 2019 (PT)
(1) Project management processes. These describe, qualitative questions (risk treatment strategies).
organise and complete the work of the project.
All but two respondents allowed the interviews to
The project management processes are
be taped. All taped interviews were fully
applicable to most projects and include the
transcribed. The questionnaire was pre-tested on
management of scope, cost, time, quality, risk
two project managers, who had over 30 years of
communications, human resources, and
collective experience in IT projects, and minor
procurement.
amendments made. Following the transcription of
(2) Product processes. These are the technical
all responses, each qualitative question was
processes that specify and create the project’s
analysed and responses were sorted into themes.
product and vary with the nature of the
project, e.g. construction, information This process is a valid way of drawing conclusions
systems, events, and new product from the data collected (Miles and Huberman,
development. Technical management requires 1993). The research instrument used in the
a detailed understanding of the technical interviews contained the following sections:
processes of the product, and involves the
.
Demographic information. This was
provision of expert assistance to the technical background and experience of respondents.
team and the detailed quality assurance of the
.
Rating risks. A list of 27 risks, derived from the
technical deliverables. literature, was provided to the respondents who
were asked to rate each risk in terms of
The range of risk described previously can affect likelihood (high/medium/low) and
either of these processes. consequence (high/medium/low). These
responses were converted into numeric values
to allow ranking of risks. The values allocated
were: probability values: high ¼ 3,
Research methodology
medium ¼ 2, low ¼ 1; consequence values:
The research sample selected for the study high ¼ 5; medium ¼ 3; low ¼ 1. The non-
consisted of IT professionals from the State of linear values for consequences reflect
Western Australia, and was derived from a organisations’ typical desire to avoid high-
combination of purposive and snowball sampling. impact risks (PMI, 2000). Research shows that
Purposive sampling allows the researcher to select the severity of the potential consequences of a
suitable respondents who have the knowledge of risk produces a greater concern than its
the research topic so that it would be of most probability in evaluating the overall level of risk
benefit to the study exercise (Sarantakos, 1998). (Kahneman and Tversky, 1982). For example,
Snowball sampling begins with asking a few a low-probability/high-consequence risk is
respondents to recommend others who would be typically considered as being higher than a
able to add value to the research and are high-probability/low-consequence risk. The
subsequently interviewed (Sarantakos, 1998). score for each risk was calculated as follows:
This allows the best respondents to be selected ((probability*consequence*percentage value
based on their knowledge of the topic, their of respondents selecting this combination).
289
Management of risks in IT projects Industrial Management & Data Systems
David Baccarini, Geoff Salm and Peter E.D. Love Volume 104 · Number 4 · 2004 · 286-295
.
Risk treatment. Each respondent who rated a unreasonable schedule and budget. It is not
risk as medium or high for both likelihood and unexpected that unrealistic budget and
consequences was requested to describe schedule is ranked as the second highest risk,
suitable actions to manage the risk. as it reflects the perennial tension within
projects to balance the triple constraints.
A sample of 18 IT personnel was selected,
dominated by IT project managers. Each of the IT In Table I, it is worth noting that two other risks
project managers was invited to rank each of the were highly ranked by the literature and this
listed risks and offer treatment strategies. Opinions research: “continuous changes to requirements by
about risk in IT projects were also obtained. the client” and “poor production system
performance”. The project management
implications for managing these risks are:
.
Continuous changes to requirements by the client
Results and discussion – this requires change control process for
scope and quality management.
The sample had a mean of ten years’ work .
Poor production system performance – interestingly,
experience which implies that they had
considerable knowledge of the IT project the treatments for this risk are a combination of
management process. Key project risks and both project management and product processes.
treatment strategies ranked by respondents are For example, developing and implementing
presented and discussed below. testing can be viewed both as a technical process
Downloaded by VIT University At 19:44 13 February 2019 (PT)
there is one strongly favoured treatment, whereas technical processes that specify and create the
the remaining risks have two or more treatments project’s product and vary with the nature of the
with similar support. This indicates that there is project. Table III demonstrates that the majority of
not one solution for managing any particular risk treatment strategies are related to project
and the project manager must be aware of the management processes rather that product
possible need to implement two or more processes. This supports the observation that most
treatments for one risk. Table III categorises, for software problems are of a management,
the top ten ranked risk, the treatment strategy into organisational or behavioural nature, not technical
avoidance, reduction, transfer or acceptance and (Hartman and Ashrafi, 2002). The survey provides
indicates that risk: a valuable insight, in that it highlights the
.
reduction is the overwhelmingly favoured importance of project management as the key
treatment strategy, which supports the literature; solution to managing many project risks. In
.
acceptance was not proposed as a treatment particular, Table III also indicates that some
strategy, perhaps because it is typically used project management processes are risk treatments
for low risks; and for many high-ranked risks:
.
transfer was not proposed as a treatment .
scope/quality management – e.g. requirements
strategy. This may be because IT project definition, screen proposals;
managers are given direct responsibility to .
communication management – e.g. managing
manage the risk using in-house organisational expectations, vendor relationships, liaising
resources. with stakeholders; and
.
human resource management – e.g. plan for
There are two processes within a project; namely,
personnel resources, experienced project manager.
project management and product (PMI, 2000).
The former describes, organises and completes the Managing the expectations of stakeholders is a
work of the project; while the latter relates to the critical risk management strategy which should be
291
Management of risks in IT projects Industrial Management & Data Systems
David Baccarini, Geoff Salm and Peter E.D. Love Volume 104 · Number 4 · 2004 · 286-295
292
Downloaded by VIT University At 19:44 13 February 2019 (PT)
Table III Top ten risks treatment and project management processes
Rank Risk Risk treatment strategies Percentage Treatment Project management (PMBOK)
1 Personnel shortfalls Plan for resources 40 Reduction Time/human resources
Procure external parties 39 Transfer Procurement
Plan contingency options 28 Reduction Risk
Change PM objectives 28 Reduction Integration/scope
2 Unreasonable project schedule and budget Make tradeoffs between cost, time and scope 72 Retention Integration/scope
Manage expectations 28 Reduction Quality/communication
3 Unrealistic expectations Screen proposals 33 Reduction Scope/quality
Management of risks in IT projects
293
Manage expectations 33 Reduction Quality/communication
Obtain management support 22 Reduction Human resources
6 Continuous changes to requirements by client Formal change management process 78 Reduction Scope/quality
Ensure key project documentation is signed off 33 Transfer Quality
Consult/educate user in change management practice 22 Reduction Communication
7 Poor production system performance Comprehensive testing in near production conditions 33 Reduction Quality/technical
Conduct proof of concept testing 33 Reduction Quality/technical
Development conducted in near production conditions 22 Reduction Quality/technical
8 Poor leadership Appoint an experienced project manager 33 Reduction Human resources
Committee selection process and operational guidelines 39 Reduction Human resources
Utilise communication and escalation hierarchy 33 Reduction Communication/human resources
Monitor leadership effectiveness 22 Retention Quality/human resources
9 Inadequate user documentation Clear requirements definition 39 Reduction Scope/quality
Build documentation throughout project life-cycle 33 Reduction Quality/technical
Assign a document writing specialist 28 Transfer Human resources
Industrial Management & Data Systems
Volume 104 · Number 4 · 2004 · 286-295
10 Lack of agreed user acceptance testing and sign-off criteria Consult/train the user in test design 40 Reduction Quality/communication
Management of risks in IT projects Industrial Management & Data Systems
David Baccarini, Geoff Salm and Peter E.D. Love Volume 104 · Number 4 · 2004 · 286-295
industries”, Project Management Journal, Vol. 33 No. 3, Standards Australia (1999), Risk Management, AS/NZS
pp. 4-14. 3360:1999, Standards Australia, Strathfield.
Hedelin, L. and Allwood, C.M. (2002), “IT and strategic decision- Thomsett, R. (1989), Third Wave Project Management – A
making”, Industrial Management & Data Systems, Vol. 102 Handbook for Managing Complex Information Systems for
No. 3, pp. 125-39. the 1990s, Yourdon Press, Englewood Cliffs, NJ.
Hoepleman, J.P., Mayer, R. and Wagner, J. (1997), Elsevier’s Thomsett, R. (1995), Project Pathology: Causes, Patterns and
Dictionary of Information Technology, Elsevier Science, Symptoms of Project Failure – Training Notes Project Risk
Amsterdam. Management, Thomsett Company, London.
Irani, Z. and Love, P.E.D. (2001), “The propagation of technology Thomsett, R. (2001), “Extreme project management”, Executive
management taxonomies for evaluating information Report Abstracts, Vol. 2 No. 2.
systems”, Journal of Management Information Systems, Tuman, J. (1993), “Project management decision-making and
Vol. 17 No. 3, pp. 161-77. risk management in a changing corporate environment”,
Jiang, J.J. and Klein, G. (2001), “Software project risks and Project Management Institute 24th Annual Seminar/
development focus”, Project Management Journal, Vol. 32 Symposium, Vancouver, 17-19 October, pp. 733-9.
No. 1, pp. 3-9. Turner, R.J. (1999), The Handbook of Project Based Management,
Jones, C. (1993), Assessment and Control of Software Risks, 2nd ed., McGraw-Hill, Cambridge.
Prentice-Hall, Englewood Cliffs, NJ. Wang, S. (2001), “Designing information systems for
Kahneman, D. and Tversky, A. (1982), “The psychology of e-commerce”, Industrial Management and Data Systems,
preferences”, Scientific American, January, pp. 160-73. Vol. 101 No. 6, pp. 304-15.
Keen, P.G.W. (1994), Every Manager’s Guide to Information Wideman, R.M. (1992), Project and Program Risk Management –
Technology: A Glossary of Key Terms and Concepts for A Guide to Managing Risks and Opportunities, Project
Today’s Business Leader, 2nd ed., Harvard Business School Management Institute, Pennsylvania, PA.
Press, Boston, MA.
Downloaded by VIT University At 19:44 13 February 2019 (PT)
295
This article has been cited by:
1. Darryl Carlton, Konrad Peszynski. Situational Incompetence: The Failure of Governance in the Management of Large Scale IT
Projects 224-244. [Crossref]
2. Juan Andrés González Correa, Sandra Liliana Sánchez Castañeda, Deisy Aydee Velandia Quintero, Germán Eduardo Giraldo.
2018. Identification and Analysis of Project Management Success Factors in Information Technology SMEs. International Journal
of Information Technology Project Management 9:4, 73-90. [Crossref]
3. GangulyKunal, Kunal Ganguly, RaiSiddharth Shankar, Siddharth Shankar Rai. 2018. Evaluating the key performance indicators
for supply chain information system implementation using IPA model. Benchmarking: An International Journal 25:6, 1844-1863.
[Abstract] [Full Text] [PDF]
4. RajagopalanJayaraman, Jayaraman Rajagopalan, SrivastavaPraveen Kumar, Praveen Kumar Srivastava. 2018. Introduction of a new
metric “Project Health Index” (PHI) to successfully manage IT projects. Journal of Organizational Change Management 31:2,
385-409. [Abstract] [Full Text] [PDF]
5. ShishodiaAnjali, Anjali Shishodia, DixitVijaya, Vijaya Dixit, VermaPriyanka, Priyanka Verma. 2018. Project risk analysis based
on project characteristics. Benchmarking: An International Journal 25:3, 893-918. [Abstract] [Full Text] [PDF]
6. Yinan Guo, Jianjiao Ji, Junhua Ji, Dunwei Gong, Jian Cheng, Xiaoning Shen. 2018. Firework-based software project scheduling
method considering the learning and forgetting effect. Soft Computing 37. . [Crossref]
7. Kunal Ganguly, R. K. Padhy. 2018. Analyzing the Risks in Supply Chain Information System Implementations. Information
Downloaded by VIT University At 19:44 13 February 2019 (PT)
31. Morteza Ghobakhloo, Sai Hong Tang. 2013. The role of owner/manager in adoption of electronic commerce in small businesses.
Journal of Small Business and Enterprise Development 20:4, 754-787. [Abstract] [Full Text] [PDF]
32. Paul L. Bannerman. Barriers to Project Performance 4324-4333. [Crossref]
33. J.M. Verner, L.M. Abdullah. 2012. Exploratory case study research: Outsourced project failure. Information and Software
Technology 54:8, 866-886. [Crossref]
34. Louay Karadsheh, Samer Alhawari, Amine Nehari Talet. 2012. The Support of Knowledge Process to Enhance Risk Analysis in
Jordanian Telecommunication Companies. Journal of Information & Knowledge Management 11:02, 1250013. [Crossref]
35. Davide Aloini, Riccardo Dulmin, Valeria Mininno. 2012. Risk assessment in ERP projects. Information Systems 37:3, 183-199.
[Crossref]
36. Petronnell Sehlola, Tiko Iyamu. 2012. Assessment of Risk on Information Technology Projects Through Moments of
Translation. International Journal of Actor-Network Theory and Technological Innovation 4:2, 32-43. [Crossref]
37. Veronica S. Moertini. 2012. Managing Risks at the Project Initiation Stage of Large IS Development for HEI: A Case Study in
Indonesia. The Electronic Journal of Information Systems in Developing Countries 51:1, 1-23. [Crossref]
38. Samer Alhawari, Louay Karadsheh, Amine Nehari Talet, Ebrahim Mansour. 2012. Knowledge-Based Risk Management
framework for Information Technology project. International Journal of Information Management 32:1, 50-65. [Crossref]
39. Arpita Sharma, Aayushi Gupta. 2012. Impact of organisational climate and demographics on project specific risks in context to
Indian software industry. International Journal of Project Management 30:2, 176-187. [Crossref]
40. Petronnell Sehlola, Tiko Iyamu. 2012. Assessment of Risk on Information Technology Projects Through Moments of
Translation. International Journal of Actor-Network Theory and Technological Innovation 4:3, 1-12. [Crossref]
41. Antonio Juarez Alencar, Erica Castilho Grão, Eber Assis Schmitz, Alexandre Luis Correa, Otavio H Figueiredo. 2012. Evaluating
the Efficiency in which Risk is Managed in a Portfolio of IT Projects: A Data Envelopment Analysis Approach. Journal of
Software 7:1. . [Crossref]
42. Veronica S. Moertini, Tety Yuliaty, Wisnu Rumono, Buddy S. Tjhia. 2012. The Academic MIS Model Used in Higher Education
to Resolve Typical Problems in Indonesia. International Journal of Information Systems in the Service Sector 4:1, 67-82. [Crossref]
43. Hussam Eldin I. Agha. Risk Management and Business Processes Reengineering, Success Drivers for ERP Projects 146-184.
[Crossref]
44. Morteza Ghobakhloo, Tang S.H.. 2011. Barriers to Electronic Commerce Adoption Among Small Businesses in Iran. Journal
of Electronic Commerce in Organizations 9:4, 48-89. [Crossref]
45. Jacques Sauve, Magno Queiroz, Antao Moura, Claudio Bartolini, Marianne Hickey. 2011. Prioritizing Information Technology
Service Investments under Uncertainty. IEEE Transactions on Network and Service Management 8:3, 259-273. [Crossref]
46. Kaizer Boikanyo Ratsiepe, Rashad Yazdanifard. Poor Risk Management as One of the Major Reasons Causing Failure of Project
Management 1-5. [Crossref]
47. R.D. Choudhari, D.K. Banwet, M.P. Gupta. 2011. Assessment of risk in e-governance projects: an application of product moment
correlation and cluster analysis techniques. Electronic Government, an International Journal 8:1, 85. [Crossref]
48. Karel de Bakker, Albert Boonstra, Hans Wortmann. 2010. Does risk management contribute to IT project success? A meta-
analysis of empirical evidence. International Journal of Project Management 28:5, 493-503. [Crossref]
49. Vishanth Weerakkody, Zahir Irani. 2010. A value and risk analysis of offshore outsourcing business models: an exploratory study.
International Journal of Production Research 48:2, 613-634. [Crossref]
50. Malgorzata Plaza, Ojelanki K. Ngwenyama, Katrin Rohlf. 2010. A comparative analysis of learning curves: Implications for new
technology implementation management. European Journal of Operational Research 200:2, 518-528. [Crossref]
51. Magno Queiroz, Antao Moura, Jacques Sauve, Claudio Bartolini, Marianne Hickey. A framework to support investment decisions
using multi-criteria and under uncertainty in IT service portfolio management 103-110. [Crossref]
52. Stacie Petter, Adriane B. Randolph. 2009. Developing Soft Skills to Manage User Expectations in IT Projects: Knowledge Reuse
among IT Project Managers. Project Management Journal 40:4, 45-59. [Crossref]
53. David C. Chou, Amy Y. Chou. 2009. Information systems outsourcing life cycle and risks analysis. Computer Standards &
Interfaces 31:5, 1036-1043. [Crossref]
54. Theodosios Tsiakis, Panagiotis Katsaros. Hands on Dependability Economics 117-121. [Crossref]
55. Mira Kajko-Mattsson, Jan Lundholm, Jonas Norrby. Insight into Risk Management in Five Software Organizations 321-326.
[Crossref]
56. Stacie Petter. 2008. Managing user expectations on software projects: Lessons from the trenches. International Journal of Project
Downloaded by VIT University At 19:44 13 February 2019 (PT)