Abstract
In software projects, risk management has long been recognized as the junior partner to project management in improving performance outcomes. This chapter reassesses fundamental aspects of software project risk management to highlight what we currently know from empirical research and uncover opportunities for improvement. The chapter considers evidence of the relationship between risk management and project performance; the adoption of risk management in practice, and barriers and enablers to risk management in practice. It then introduces six risk management perspectives and their related schools of thought as a basis for framing future research opportunities. It concludes with a consideration of implications for future research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Addison T, Vallabh S (2002) Controlling software project risks: an empirical study of methods used by experienced project managers. In: Proceedings of the South African institute of computer scientists and information technologists. ACM, New York, pp 128–140
Ahn J-H, Skudlark A (2002) Managing risk in a new telecommunications service development process through a scenario planning approach. J Inf Technol 17:103–118
Alter S, Ginzberg M (1978) Managing uncertainty in MIS implementation. Sloan Manage Rev 20:23–31
Bahli B, Rivard S (2003) The information technology outsourcing risk: a transaction cost and agency theory-based perspective. J Inf Technol 18:211–221
Bannerman PL (2008a) Toward an integrated framework of software project threats. In: Proceedings of the 19th Australian software engineering conference. IEEE, Perth, pp 139–148
Bannerman PL (2008b) Defining project success: a multi-level framework. In: Proceedings of the project management institute research conference. PMI, Warsaw, pp 1–14
Bannerman PL (2008c) Risk and risk management in software projects: a reassessment. J Syst Softw 81:2118–2133
Bannerman PL (2012) Why good project management is not enough: liabilities of incumbency and newness. In: Proceedings of the project management institute (PMI) research and education conference. PMI, Limerick, pp 1–21
Bannerman PL (2013) Barriers to project performance. In: Proceedings of the Hawaii international conference on system sciences. IEEE, Maui, pp 4324–4333
Barki H, Rivard S, Talbot J (1993) Toward an assessment of software development risk. J Manage Inf Syst 10:203–225
Barney JB, Clark DN (2007) Resource-based theory: creating and sustaining competitive advantage. Oxford University Press, Oxford
Boehm BW (1991) Software risk management: principles and practices. IEEE Softw 8:32–41
Boehm BW, Ross R (1989) Theory-W software project management: principles and examples. IEEE Trans Softw Eng 15:902–916
Borison A, Hamm G (2010) How to manage risk (after risk management has failed)? MIT Sloan Manage Rev 52:51–57
Carr M, Konda S, Monarch I, Ulrich F, Walker C (1993) Taxonomy-based risk identification. Carnegie Mellon, Software Engineering Institute, Technical Report, CMU/SEI-93-TR-6
Chittister C, Haimes Y (1993) Risk associated with software development: a holistic framework for assessment and management. IEEE Trans Syst Man Cybern 23:710–723
CMMI (2010) CMMI for Development. Version 1.3: improving processes for better products and services (CMMI-DEV, V1.3). Carnegie Mellon, Software Engineering Institute, CMU/SEI-2010-TR-033
Cule P, Schmidt R, Lyytinen K, Keil M (2000) Strategies for heading off project failure. Inf Syst Manag 17:65–73
Davenport TH, Harris JG, Morison R (2010) Analytics at work: smarter decisions, better results. Harvard Business Press, Boston
de Bakker K, Boonstra A, Wortmann H (2012) Risk managements’ communicative effects influencing IT project success. Int J Proj Manag 30:444–457
Dedolph FM (2003) The neglected management activity: software risk management. Bell Labs Tech J 8:91–95
Gemmer A (1997) Risk management: moving beyond process. Computer 30:33–43
Han W-M, Huang S-J (2007) An empirical analysis of risk components and performance on software projects. J Syst Softw 80:42–50
Heemstra FJ, Kusters RJ (1996) Dealing with risk: a practical approach. J Inf Technol 11:333–346
Houston DX, Mackulak GT, Collofello JS (2001) Stochastic simulation of risk factor potential effects for software development risk management. J Syst Soft 59:1247–1257
Howell D, Windahl C, Seidel R (2010) A project contingency framework based on uncertainty and its consequences. Int J Proj Manag 28:256–264
Ibbs CW, Kwak YH (2000) Assessing project management maturity. Proj Manag J 31:32–43
ISO 31000 (2009) 31000:2009 risk management: principles and guidelines. International Organization for Standardization
Jaafari A (2001) Management of risks, uncertainties and opportunities on projects: time for a fundamental shift. Int J Proj Manag 19:89–101
Jiang J, Klein G (1999) Risks to different aspects of system success. Inf Manag 36:263–272
Jiang J, Klein G (2000) Software development risks to project effectiveness. J Syst Softw 52:3–10
Jiang J, Klein G, Discenza R (2001) Information systems success as impacted by risks and development strategies. IEEE Trans Eng Manag 48:46–55
Jiang J, Klein G, Ellis TS (2002) A measure of software development risk. Proj Manag J 33:30–41
Johnson J, Boucher KD, Connors Y, Robinson J (2001) Project management: the criteria for success. Softw Mag 21:S3–S11
Keil M, Cule PE, Lyytinen K, Schmidt RC (1998) A framework for identifying software project risks. Commun ACM 41:76–83
Krivkovich A, Levy C (2013) Managing the people side of risk. McKinsey & Co., New York, pp 1–6
Kutsch E, Hall M (2009) The rational choice of not applying project risk management in information technology projects. Proj Manag J 40:72–81
Kutsch E, Denyer D, Hall M, Lee-Kelley E (2012) Does risk matter? Disengagement from risk management practices in information systems projects. Eur J Inf Syst 21:1–13
Kwak YH, Stoddard J (2004) Project risk management: lessons learned from software development environment. Technovation 24:915–920
Kwan TW, Leung HKN (2011) A risk management methodology for project risk dependencies. IEEE Trans Softw Eng 37:635–648
Levitt B, March JG (1988) Organizational learning. Annu Rev Sociol 14:319–340
Li Y, Chen J, Feng L (2012) Dealing with uncertainty: a survey of theories and practices. IEEE Trans Knowl Data Eng 99:1–20
Lim W-K, Sia SK, Yeow A (2011) Managing risks in a failing IT project: a social constructionist view. J Assoc Inf Syst 12:414–440
Loch CH, De Meyer A, Pich MT (2006) Managing the unknown: a new approach to managing high uncertainty and risk in projects. Wiley, Hoboken
Lyytinen K, Mathiassen L, Ropponen J (1998) Attention shaping and software risk: a categorical analysis of four classical risk management approaches. Inf Syst Res 9:233–255
March JG, Shapira Z (1987) Managerial perspective on risk and risk taking. Manag Sci 33:1404–1418
McFarlan FW (1981) Portfolio approach to information systems. Harv Bus Rev 59:142–150
Moeini M, Rivard S (2012) A behavioral model of software project risk management. In: Proceedings of the JAIS theory development workshop. Sprouts: Working Papers on Information Systems 12(10)
Na K-S, Li X, Simpson JT, Li X, Singh T, Kim K-Y (2007) Software development risk and performance measurement: evidence in Korea. J Syst Softw 80:596–605
Nyfjord J, Kajko-Mattsson M (2008a) Software risk management: practice contra standard models. In: Proceedings of the 2nd international conference on research challenges in information science, Marrakech. IEEE, New York, pp 65–70
Nyfjord J, Kajko-Mattsson M (2008b) Integrating risk management with software development: state of practice. In: Proceedings of the international conference on engineers and computer scientists, vol I. IMECS, Hong Kong, pp 878–884
McGrew JF, Bilotta JG (2000) The effectiveness of risk management: measuring what didn’t happen. Manag Decis 38:293–300
Pender S (2001) Managing incomplete knowledge: why risk management is not sufficient. Int J Proj Manag 19:79–87
Pich MT, Loch CH, de Meyer A (2002) On uncertainty, ambiguity, and complexity in project management. Manag Sci 48:1008–1023
PMBOK (2013) A guide to the project management body of knowledge (PMBOK guide). Project Management Institute, Newtown Square
PRAM (2010) Project risk analysis and management guide. Association for Project Management, Princes Risborough
PRINCE2 (2009) Managing successful projects with PRINCE2. The Stationery Office, London
Pritchard CL (2005) Risk management: concepts and guidance. ESI International, Arlington
Raz T, Shenhar AJ, Dvir D (2002) Risk management, project success, and technological uncertainty. R&D Manag 32:101–109
Ropponen J (1999) Risk assessment and management practices in software development. In: Willcocks LP, Lester S (eds) Beyond the IT productivity paradox. Wiley, Chichester, pp 247–266
Ropponen J, Lyytinen K (1997) Can software risk management improve system development: an exploratory study. Eur J Inf Syst 6:41–50
Ropponen J, Lyytinen K (2000) Components of software development risk: how to address them? A project manager survey. IEEE Trans Softw Eng 26:98–112
Schmidt R, Lyytinen K, Keil M, Cule P (2001) Identifying software project risks: an international delphi study. J Manag Inf Syst 17:5–36
Shenhar AJ, Dvir D (2004) How projects differ, and what to do about it. In: Morris PWG, Pinto JK (eds) The Wiley guide to managing projects. Wiley, Hoboken, pp 1265–1286
Slevin DP, Pinto JK (2004) An overview of behavioral issues in project management. In: Morris PWG, Pinto JK (eds) The Wiley guide to managing projects. Wiley, Hoboken, pp 67–85
Sommer SC, Loch CH (2004) Selectionism and learning in projects with complexity and unforeseeable uncertainty. Manag Sci 50:1334–1347
Sumner M (2000) Risk factors in enterprise-wide/ERP projects. J Inf Technol 15:317–327
Taylor H, Artman E, Woelfer JP (2012) Information technology project risk management: bridging the gap between research and practice. J Inf Technol 27:17–34
Thamhain H (2013) Managing risks in complex projects. Proj Manag J 44:20–35
Tiwana A, Keil M (2004) The one-minute risk assessment tool. Commun ACM 47:73–77
Wallace L, Keil M (2004) Software project risks and their effect on outcomes. Commun ACM 47:68–73
Wallace L, Keil M, Rai A (2004a) Understanding software project risk: a cluster analysis. Inf Manag 42:115–125
Wallace L, Keil M, Rai A (2004b) How software project risk affects project performance: an investigation of the dimensions of risk and an exploratory model. Decis Sci 35:289–321
Xiao J, Osterweil LJ, Chen J, Wang Q, Li M (2013) Search based risk mitigation planning in project portfolio management. In: Proceedings of the international conference on software and systems process. ACM, San Francisco, pp 146–155
Zhang H (2011) Two schools of risk analysis: a review of past research on project risk. Proj Manag J 42:5–18
Acknowledgements
NICTA research is funded by the Australian Government via the Department of Broadband, Communications & Digital Economy and the Australian Research Council through the ICT Centre of Excellence program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Bannerman, P.L. (2015). A Reassessment of Risk Management in Software Projects. In: Schwindt, C., Zimmermann, J. (eds) Handbook on Project Management and Scheduling Vol. 2. International Handbooks on Information Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-05915-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-05915-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05914-3
Online ISBN: 978-3-319-05915-0
eBook Packages: Business and EconomicsBusiness and Management (R0)