Risk Management for IT in the Large

  • Denis Verhoef
  • Marcel Franckson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1626)


This paper presents a systematic approach to manage the risks within the acquisition of services and systems. The risk management approach is based upon situational factors which are root causes of risks. Strategy options for a service execution approach and a service control approach are offered to mitigate risks in large, complex and uncertain IT undertakings. The resulting service delivery strategy constitutes the preliminaries to plan a sequence of decision points for the acquisition.

The approach allows also to determine actions which attack the root causes of risks which is vital for the success of a risk management approach.

The approach may be used by customer organisations and by supplier organisations.


Risk Management Situational Factor Service Actor Decision Point Target Domain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    CEC DGIII and Eurogroup Consortium (July 1996), Euromethod Version 1, also available on the Web (
  2. 2.
    Ahituv N., Hadass M., Neuman S., (June 1984), A Flexible Approach to Information System Development, MIS QuarterlyGoogle Scholar
  3. 3.
    Alter S., Ginzberg M. (Fall 1978), Managing Uncertainty in MIS Implementation, Sloan Management Review, Fall 1978Google Scholar
  4. 4.
    Boehm B., (Jan 1991), Software Risk Management: Principles and Practices, IEEE SoftwareGoogle Scholar
  5. 5.
    Scarff F., Carty A., Charette R., (1993), Introduction to the Management of Risk, CCTA Library, HSMO Publication Center, London, ISBN 0 11 330648 2Google Scholar
  6. 6.
    Davis G.B., (1982), Strategies for Information Requirements Determination, IBM Systems Journal, Vol 21,No 1Google Scholar
  7. 7.
    Department of Defence USA (Dec 1992), Military Standard Software Development and Documentation (draft), MIL-STD-SDDGoogle Scholar
  8. 8.
    Franckson M. (1994), The Euromethod Deliverable Model and its contribution to the objectives of Euromethod, in: A.A. Verrijn-Stuart and T.W. Olle (eds.), Elsevier Science B.V. (North Holland), IFIP (Methods and Associated Tools for the Information Systems Life Cycle (A-55))Google Scholar
  9. 9.
    Gibson C.F., Singer C.J., Schnidmann A.A., Davenport T.H., (Jan 1984), Strategies for Making an Information System Fit your Organisation, Management ReviewGoogle Scholar
  10. 10.
    ISPL Consortium (March 1999), Risk Management and Delivery PlanningGoogle Scholar
  11. 11.
    CCTA (1997), Information Technology Infrastructure Library, CCTA Library, HSMO Publication Center, London, ISBN 0 11 330691 1 and othersGoogle Scholar
  12. 12.
    Kansala K., (June 1997), Integrating Risk Assessment with Cost Estimation, IEEE Software, Vol 14,N°3Google Scholar
  13. 13.
    Leavitts H., (1964), Applied Organisation Change in Industry: Structural, Technical and Human Approaches, New Perspectives in Organisational Research, John WileyGoogle Scholar
  14. 14.
    Mathiassen L., Stage J., (1992), The principle of limited reduction in software design, Information Technology and People, Northwind PublicationGoogle Scholar
  15. 15.
    MacFarlan W., (Jan 1982), Portfolio Approach to Information Systems, Journal of Systems ManagementGoogle Scholar
  16. 16.
    Moynihan T., (June 1997), How Experienced Project Managers Assess Risks, IEEE Software, Vol 14,N°3Google Scholar
  17. 17.
    Madachy R., (June 1997), Heuristic Risk Assessment Using Cost Factors, IEEE Software, Vol 14,N°3Google Scholar
  18. 18.
    Ropponen J., (May 1993), Risk Management in Information System Development, Licentiate thesis in Information SystemsGoogle Scholar
  19. 19.
    Saarinen T., (April 1992), Success of Information System Investments — Contingent strategies for development and a multi-dimensional approach for evaluation, Doctoral dissertation (draft)Google Scholar
  20. 20.
    Carr M., Konda S., Monarch I., Ulrich F., Walker C., (1993), Taxonomy-based Risk Identification, SEI Technical Report CMU/SEI-93-TR-6, Software Engineering Institute, Carnegie Mellon, Pittsburgh, PennsylvaniaGoogle Scholar
  21. 21.
    Higuera R., Dorofee A., Walker J., Williams R., (1994), Team Risk Management: A new Model for Customer-supplier Relationship, SEI Technical Report CMU/SEI-94-SR-005, Software Engineering Institute, Carnegie Mellon, Pittsburgh, PennsylvaniaGoogle Scholar
  22. 22.
    Williams R., Walker J., Dorofee A., (June 1997), Putting Risk Management into Practice, IEEE Software, Vol 14,N°3Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Denis Verhoef
    • 1
  • Marcel Franckson
    • 2
  1. 1.ID ResearchGoudaThe Netherlands
  2. 2.Sema GroupMontrougeFrance

Personalised recommendations