Concept of Risk and Risk Management
In this particular study of literature review, the concept of risk and risk management in Information Technology Projects has been evaluated. Precisely, by identifying the term risk and risk management, the theoretical, as well as applied aspects of the topic, have been illustrated in the paper. Furthermore, review of the literature associated with the concept has been described following the themes, trends and perspective. Evidently, the study also evaluates the strengths and weaknesses of the previous literature assessing the strategic concept of risk management in IT projects (Hydari, 2015). Moreover, the study involves a different set of strategies utilised in the risk management proceedings in modern day project management. In addition, the literature review study has pointed out the ways to identify, assess, and control risk factors affecting IT projects. To finish, the overall effect of the risk management technique and some of the considerable gaps in literature have been distinctively identified to conclude the implications of the findings.
Definition of Risk and Risk Management in IT project
Project risk can be identified as an uncertain event or a particular circumstance that, if it hits the project proceeding, may an adverse effect on the project objectives and deliverables. Meanwhile, project risk is the definite possibility of loss or failure. According to Smith and Merrit (2002), there are three major aspects to be related to risk i.e. uncertainty, loss, and time. Evidently, based on the concept of the authors, a project manager has the responsibility to evaluate as many uncertainties as possible associated with an IT project. Also, risk in the project has come with some losses to be precise that must be determined. Moreover, the time factor must be considered in assessing risk as there may come a time where the risk potentiality can no longer exist (Sisco, 2011).
In terms of risk management, Pennock and Haimas (2001) evaluated that the entire concept of risk management can be segmented in six steps, three each for risk analysis and risk management. During risk assessment, identifying the risks, the possibility of risk, and the consequences of the risks must be analysed. Alternatively, in risk management section, the available options, cost-benefit analysis of the options, the impact of the options on the futuristic decision-making must be determined.
The objectives of Risk Management
Apparently, identifying the objectives of risk management can be said to be mandatory to influence the overall risk management process. According to Kendrick (2003), the benefits of using risk management plan have been illustrated. First of all, by undertaking project risk management, modern day leaders can improve the chances of success achieving the maximum number of objectives. Furthermore, risk management reduces the cost of IT projects and controls the chaos during the project. Evidently, the risk management enables high-level of project priority by involving the stakeholders. Finally, risk management demonstrates the risks attached to the project work leading to set the backup resources suitable for achieving project objectives (Kerzner, 2003).
Review of Literature Associated with the Concept
Different Strategies
During IT Project management, there are several different strategic interventions to be considered in risk management. Precisely, Kendrick (2003) identified that risk management should be based on project-related risks. Invariably, project management related risk management may lead to failure of the risk management plan. According to the author, risk management must include a credible plan that can consistently meet the objectives of the project minimising the range of negative possibilities and outcomes.
Doernemann (2002) builds up risk management and analysis strategies that include six-step model approach including risk management planning, risk identification, qualitative risk analysis, quantitative risk analysis, risk response planning, and risk monitoring and control. By following each of the identified steps, a project manager must take the decision to execute the planning of risk management. Also, determining the risk will be a crucial factor. Evidently, both the qualitative risk analysis and quantitative risk analysis will be essential to evaluate risks attached to the IT project. Furthermore, risk response planning will involve the options to improve the opportunities reducing the threats. Lastly, tracking the risks and monitoring the proceedings will perfectly execute the risk management plan.
How to Identify Risks
In the contemporary risk mitigation plan, a number of methods can be applied to identify the risk. First of all, information gathering techniques such as brainstorming, Delphi technique, and SWOT analysis can be evident. On the other hand, checklist analysis can be considered as one of the most important methods for risk identification (Botchkarev and Finnigan, 2015). At the same point of time, assumptions analysis will be imperative to measure the risks in the form of inaccuracy, incompleteness, and changeability of assumptions related to the IT project. Furthermore, risk diagramming techniques such as system flow charts and influence diagram can be effective to identify the risks as well as the causes of risks (Smith and Merritt, 2002).
How to Assess or Evaluate Risks
There are different techniques or ways to assess and evaluate the risks that may occur during the course of project and measure their impacts over the performance of the project. According to Ennouri (2013), there are two different methods of risk assessment or evaluation namely qualitative risk analysis and quantitative risk analysis. According to Rabechini Junior and Monteiro de Carvalho (2013), the qualitative risk analysis technique is used to express the risks in a descriptive way in place of using any sort of economic variables. The qualitative approach is based on the assumption that there are certain losses or threats that cannot be expressed in terms of financial figures and adequate information is not possible to be obtained (Rose, 2014). The techniques that are used under the qualitative risk analysis method include scenario analysis, questionnaires and fuzzy metrics.
Strategies Utilized in Risk Management Proceeding
Alternatively, there are several risks that can be measured in terms of rate of occurrence and the level of impacts of the event. Quantitative analysis is conducted using statistical data using the previous information regarding the occurrence of certain threats and losses (Ward, 2014). However, the quantitative risk analysis has certain drawbacks such as it is based on historic data and future uncertainties can differ in terms of impact and chances of occurrence. Hence, Ennouri (2013) proposed that there is a need of proper assessment and evaluation of the identified risk using a mixed analysis technique that can be helpful to identify the maximum impact of uncertainties.
How to Reduce Risks
Previously, Wideman (2002) identified seven primary responses to identified risks. The ways of managing risks explained by him include no action, avoiding, reducing, sharing, transferring, retaining and handling the risk using a combination of different techniques. Later on, in the year 2007, Dorfman explained that all techniques to manage the risk fall under four major categories (4 T’s) named as tolerate the risk, threat the risk, terminate the risk and transfer the risk. On the other hand, Sisco (2011) presented five techniques of risk management named as risk avoidance, risk reduction, risk transfer, risk deferral and risk retention. Hence, it can be seen that the concept or techniques to reduce the risks have almost remained same according to the various theories of different authors. Hence, the risk reducing techniques is one of the strength of the risk management literature in project management.
Literature Gap
It is quite difficult to measure the effects of risk analysis and management due to the lack of information and research in the areas of the impact of risk analysis and management (Sisco, 2011). Risk management is high based on historic data and information that makes it difficult for the project managers to forecast the uncertainties and the level of its impact over the project (Wysocki, 2014). The literature fails to provide adequate theory to check the validity and reliability of the data. Hence, the lack of adequate information along with trial and error technique of risk mitigation becomes a major challenge for the IT project team to analyse and manage the risk effectively.
Conclusion
By considering the above review, it is clear that different authors have presented separate views over the concept of risk analysis and management in IT projects. Additionally, the literature shows that communication is the key to a successful risk management planning. However, the theories of risk management help the project management team to identify the uncertainties on the basis of historic data and information that becomes a major drawback of the risk management literature. Conclusively, it is important for the project management team to understand the theoretical concepts and its limitations while applying the risk management techniques in live projects.
References
Botchkarev, A. and Finnigan, P. (2015). Complexity in the Context of Information Systems Project Management. Organisational Project Management, 2(1), p.15.
Doernemann H. (2002), ‘Tool-Based Risk Management Made Practical’, Joint IEEE International Requirements Engineering Conference (RE’02), p. 192
Dorfman, M. (2007). Introduction to risk management and insurance. 6th ed. Prentice Hall.
Ennouri, W. (2013). Risks management: New literature review. Polish Journal of Management Studies, pp.288-297.
Hydari, H. (2015). The Rules of Project Risk Management: Implementation Guidelines for Major Projects. Project Management Journal, 46(4), pp.e4-e4.
Kendrick T. (2003) Identifying and Managing Project Risk: Essential Tools for Failure Proofing Your Project. AMACOM
Kerzner, H. (2003). Project management workbook to accompany Project management: a systems approach to planning, scheduling and controlling. 8th ed. Hoboken: J. Wiley.
Pennock M. and Haimes Y. (2001). ‘Principles and Guidelines for Project Risk Management’ Systems Engineering, 5(2), 89-108
Rabechini Junior, R. and Monteiro de Carvalho, M. (2013). Understanding the Impact of Project Risk Management on Project Performance: An Empirical Study. Journal of Technology Management & Innovation, 8, pp.64-78.
Rose, K. (2014). Personal Effectiveness in Project Management: Tools, Tips & Strategies to Improve your Decision-making, Motivation, Confidence, Risk-taking, Achievement and Sustainability. Project Management Journal, 45(2), pp.e1-e1.
Sisco, M. (2011). IT project management. Columbia, Tenn: MDE Enterprises.
Smith, P. and Merritt, G. (2002). Proactive risk management. New York: Productivity Press.
Ward, S. (2014). Practical Risk-Management: An Executive Guide to Avoiding Surprises and Losses. Risk Management, 6(3), pp.71-72.
Wideman, R. (2002). Risk Management: A guide to Managing Project Risks & Opportunities. Project Management Institute.
Wysocki, R. (2014). Project management process improvement. Boston: Artech House.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
