Managing risk in information technology projects

There are several studies on managing risks in information technology (IT) projects. Most of the studies identify and prioritise risks through empirical research in order to suggest mitigating measures. Although they are important to clients for future projects, these studies fail to provide any framework for risk management from IT developers' perspective. Although a few studies introduced a framework of risk management in IT projects, most of them are presented from clients' perspectives and very little effort has been made to integrate this with the project management cycle. As IT developers absorb a considerable amount of risk, an integrated framework for managing risks in IT projects from developers' perspective is needed in order to ensure success in IT projects. The main objective of the paper is to develop a risk management framework for IT projects from the developers' perspective. This study uses a combined qualitative and quantitative technique with the active involvement of stakeholders in order to identify, analyse and respond to risks. The entire methodology has been explained using a case study on an information technology project in a public sector organisation in Barbados.

Managing risk in a large rural electrification programme in India

Rural electrification projects and programmes in many countries have suffered from design, planning, implementation and operational flaws as a result of ineffective project planning and lack of systematic project risk analysis. This paper presents a hierarchical risk-management framework for effectively managing large-scale development projects. The proposed framework first identifies, with the involvement of stakeholders, the risk factors for a rural electrification programme at three different levels (national, state and site). Subsequently it develops a qualitative risk prioritising scheme through probability and severity mapping and provides mitigating measures for most vulnerable risks. The study concludes that the hierarchical risk-management approach provides an effective framework for managing large-scale rural electrification programmes. © IAIA 2007.

Managing risk in software development projects:a case study

Purpose - The main objective of the paper is to develop a risk management framework for software development projects from developers' perspective. Design/methodology/approach - This study uses a combined qualitative and quantitative technique with the active involvement of stakeholders in order to identify, analyze and respond to risks. The entire methodology has been explained using a case study on software development project in a public sector organization in Barbados. Findings - Analytical approach to managing risk in software development ensures effective delivery of projects to clients. Research limitations/implications - The proposed risk management framework has been applied to a single case. Practical implications - Software development projects are characterized by technical complexity, market and financial uncertainties and competent manpower availability. Therefore, successful project accomplishment depends on addressing those issues throughout the project phases. Effective risk management ensures the success of projects. Originality/value - There are several studies on managing risks in software development and information technology (IT) projects. Most of the studies identify and prioritize risks through empirical research in order to suggest mitigating measures. Although they are important to clients for future projects, these studies fail to provide any framework for risk management from software developers' perspective. Although a few studies introduced framework of risk management in software development, most of them are presented from clients' perspectives and very little effort has been made to integrate this with the software development cycle. As software developers absorb considerable amount of risks, an integrated framework for managing risks in software development from developers' perspective is needed. © Emerald Group Publishing Limited.

Risk based decision support system for effective implementation of projects

Conventional project management techniques are not always sufficient to ensure time, cost and quality achievement of large-scale construction projects due to complexity in planning, design and implementation processes. The main reasons for project non-achievement are changes in scope and design, changes in government policies and regulations, unforeseen inflation, underestimation and improper estimation. Projects that are exposed to such an uncertain environment can be effectively managed with the application of risk management throughout the project's life cycle. However, the effectiveness of risk management depends on the technique through which the effects of risk factors are analysed/quantified. This study proposes the Analytic Hierarchy Process (AHP), a multiple attribute decision making technique, as a tool for risk analysis because it can handle subjective as well as objective factors in a decision model that are conflicting in nature. This provides a decision support system (DSS) to project management for making the right decision at the right time for ensuring project success in line with organisation policy, project objectives and a competitive business environment. The whole methodology is explained through a case application of a cross-country petroleum pipeline project in India and its effectiveness in project management is demonstrated.

The UK's Prudential borrowing framework:a retrograde step in managing risk?

The contemporary understanding of public sector risk management entails a broadening of the traditional bureaucratic approach to risk beyond the boundaries of purely financial risks. However, evidence suggests that in reality public sector risk management does not always match the rhetoric. This paper focuses on the apparent inadequacy of any risk framework in the current Prudential Borrowing Framework (PBF) guidance in relation to that which was developed under Public Private Partnerships and Private Finance Initiative (PFI). Our analysis shows that the PBF and its associated indicators for local authorities adopt a narrow financial approach and fail to account for the full range of potential risks associated with capital projects. The PBF does not provide a framework for local authorities to consider long-term risk and fails to encourage understanding of the generic nature of risk. The introduction of the PBF appears to represent a retrograde step from PPP/PFI as regards risk and risk management.

Knowledge management: a review of the field and of OR's contribution

This paper examines the field of knowledge management (KM) and identifies the role of operational research (OR) in key milestones and in KM's future. With the presence of the OR Society journal Knowledge Management Research and Practice and with the INFORMS journal Organization Science, OR may be assumed to have an explicit and a leading role in KM. Unfortunately, the origins and the evidence of recent research efforts do not fully support this assumption. We argue that while OR has been inside many of the milestones there is no explicit recognition of its role and while OR research on KM has considerably increased in the last 5 years, it still forms a rather modest explicit contribution to KM research. Nevertheless, the depth of OR's experience in decision-making models and decision support systems, soft systems with hard systems and in risk management suggests that OR is uniquely placed to lead future KM developments. We suggest that a limiting aspect of whether OR will be seen to have a significant profile will be the extent to which developments are recognized as being informed by OR.

People, technology, processes and risk knowledge sharing

The present global economic crisis creates doubts about the good use of accumulated experience and knowledge in managing risk in financial services. Typically, risk management practice does not use knowledge management (KM) to improve and to develop new answers to the threats. A key reason is that it is not clear how to break down the “organizational silos” view of risk management (RM) that is commonly taken. As a result, there has been relatively little work on finding the relationships between RM and KM. We have been doing research for the last couple of years on the identification of relationships between these two disciplines. At ECKM 2007 we presented a general review of the literature(s) and some hypotheses for starting research on KM and its relationship to the perceived value of enterprise risk management. This article presents findings based on our preliminary analyses, concentrating on those factors affecting the perceived quality of risk knowledge sharing. These come from a questionnaire survey of RM employees in organisations in the financial services sector, which yielded 121 responses. We have included five explanatory variables for the perceived quality of risk knowledge sharing. These comprised two variables relating to people (organizational capacity for work coordination and perceived quality of communication among groups), one relating to process (perceived quality of risk control) and two related to technology (web channel functionality and RM information system functionality). Our findings so far are that four of these five variables have a significant positive association with the perceived quality of risk knowledge sharing: contrary to expectations, web channel functionality did not have a significant association. Indeed, in some of our exploratory regression studies its coefficient (although not significant) was negative. In stepwise regression, the variable organizational capacity for work coordination accounted for by far the largest part of the variation in the dependent variable perceived quality of risk knowledge sharing. The “people” variables thus appear to have the greatest influence on the perceived quality of risk knowledge sharing, even in a sector that relies heavily on technology and on quantitative approaches to decision making. We have also found similar results with the dependent variable perceived value of Enterprise Risk Management (ERM) implementation.

Assessing risk in dynamic situations:lessons from fire service operations

Fire Service personnel face risk on a daily basis, frequently working in extremely hazardous conditions—and the severity of the danger faced can fluctuate rapidly. The Fire Service has therefore become extremely experienced at managing dynamic risks. The aim of this article is to review techniques used in the UK fire service to attenuate the effects of risk and to discuss these with respect to organisations which experience dynamic risk in other fields—even if in less dramatic conditions.

Quality risk in global supply network

Purpose - The rise of recent product recalls reveals that manufacturing firms are particularly vulnerable to product quality and safety where goods and materials have been sourced globally. The purpose of this paper is to explore the issues of quality and safety problems in global supply networks, and introduce a supply chain risk management (SCRM) framework to reduce the quality risk. Design/methodology/approach - A conceptual SCRM framework for mitigating quality risk is developed. In addition, four SCRM treatment practices are proposed by consolidating the empirical literature in the operations management and supply chain management areas. The general feasibility was discussed based on literature. Findings - The research has identified the root causes of the recent product recalls and a series of product harm scandals ranging from automobiles to unsafe toys. Supply chains are extended by outsourcing and stretched by globalization, which greatly increase the complexity of supply networks and decrease the visibility in risk and operation processes. Originality/value - The paper identifies four SCRM practices, and proposes two distinct antecedents that can prompt the effectiveness of SCRM. © 2011 Emerald Group Publishing Limited. All rights reserved.

Bottom-up risk regulation? How nanotechnology risk knowledge gaps challenge federal and state environmental agencies

Nanotechnologies have been called the "Next Industrial Revolution." At the same time, scientists are raising concerns about the potential health and environmental risks related to the nano-sized materials used in nanotechnologies. Analyses suggest that current U.S. federal regulatory structures are not likely to adequately address these risks in a proactive manner. Given these trends, the premise of this paper is that state and local-level agencies will likely deal with many "end-of-pipe" issues as nanomaterials enter environmental media without prior toxicity testing, federal standards, or emissions controls. In this paper we (1) briefly describe potential environmental risks and benefits related to emerging nanotechnologies; (2) outline the capacities of the Toxic Substances Control Act, the Clean Air Act, the Clean Water Act, and the Resources Conservation and Recovery Act to address potential nanotechnology risks, and how risk data gaps challenge these regulations; (3) outline some of the key data gaps that challenge state-level regulatory capacities to address nanotechnologies' potential risks, using Wisconsin as a case study; and (4) discuss advantages and disadvantages of state versus federal approaches to nanotechnology risk regulation. In summary, we suggest some ways government agencies can be better prepared to address nanotechnology risk knowledge gaps and risk management.

A flexible cost function model with risk

In examining bank cost efficiency in banking inclusion of risk-taking of banks is very important. In this paper we depart from the standard modeling approach and view risk intimately related to the technology. Thus, instead of controlling for risk by viewing them as covariates in the standard cost function we argue that the technology differs with risk, thereby meaning that the parameters of the parametric cost function changes with risk in a fully flexible manner. This is accomplished by viewing the parameters of the cost function as nonparametric functions of risk. We also control for country-specific effects in a fully flexible manner by using them as arguments of the nonparametric functions along with the risk variable. The resulting cost function then becomes semiparametric. The standard parametric model becomes a special case of our semiparametric model. We use the above modeling approach for banks in the EU countries. Actually, European financial integration is seen as a stepping stone for the development of a competitive single EU market that promotes efficiency and increases consumer welfare, changing the risk profile of the European banks. Particularly, financial integration allows more risk diversification and permits banks to use more advanced risk management instruments and systems, however it has at the same time increased the probability of systematic risks. Financial integration has increased the risk of contagion and changed its nature and scope. Consequently the bank’s risk seems to be an important issue to be investigated.

Real options in multinational decision-making:managerial awareness and risk implications

This paper addresses the theme of real options decision-making in multinational corporations (MNCs) and stresses the role of real options attention and managerial learning in company performance. Using a sample of 278 large MNCs with categorised degrees of managerial real options awareness, we examine the risk implications of switching options in multinational operations, and explore the extent to which the real options logic can be classified as “best practice” in decision-making and risk management. Our results reveal that MNCs which have high managerial awareness about their real options are able to reduce their downside risk through multinationality, organisational slack and other firm characteristics. This finding does not apply fully to MNCs without evidence of such an awareness. Also, although real options awareness does not systematically guarantee lower downside risk from operations, supplementary results indicate that MNCs with evidence of significant investment in the acquisition of real options knowledge tend to outperform competitors that are unaware of their real options. This suggests that if real options are explored and exploited appropriately, real options decision-making can result into superior performance for MNCs in the long-term.

Development of a risk-oriented strategic sourcing (ROSS) framework for the construction and electronics manufacturing industries

Strategic sourcing has increased in importance in recent years, and now plays an important role in companies’ planning. The current volatility in supply markets means companies face multiple challenges involving lock-in situations, supplier bankruptcies or supply security issues. In addition, their exposure can increase due to natural disasters, as witnessed recently in the form of bird flu, volcanic ash and tsunamis. Therefore, the primary focus of this study is risk management in the context of strategic sourcing. The study presents a literature review on sourcing based on the 15 years from 1998–2012, and considers 131 academic articles. The literature describes strategic sourcing as a strategic, holistic process in managing supplier relationships, with a long-term focus on adding value to the company and realising competitive advantage. Few studies discovered the real risk impact and status of risk management in strategic sourcing, and evaluation across countries and industries was limited, with the construction sector particularly under-researched. This methodology is founded on a qualitative study of twenty cases across Ger-many and the United Kingdom from the construction sector and electronics manufacturing industries. While considering risk management in the context of strategic sourcing, the thesis takes into account six dimensions that cover trends in strategic sourcing, theoretical and practical sourcing models, risk management, supply and demand management, critical success factors and the strategic supplier evaluation. The study contributes in several ways. First, recent trends are traced and future needs identified across the research dimensions of countries, industries and companies. Second, it evaluates critical success factors in contemporary strategic sourcing. Third, it explores the application of theoretical and practical sourcing models in terms of effectiveness and sustainability. Fourth, based on the case study findings, a risk-oriented strategic sourcing framework and a model for strategic sourcing are developed. These are based on the validation of contemporary requirements and a critical evaluation of the existing situation. It contemplates the empirical findings and leads to a structured process to manage risk in strategic sourcing. The risk-oriented framework considers areas such as trends, corporate and sourcing strategy, critical success factors, strategic supplier selection criteria, risk assessment, reporting, strategy alignment and reporting. The proposed model highlights the essential dimensions in strategic sourcing and guides us to a new definition of strategic sourcing supported by this empirical study.

Understanding supply chain disruption risk with the aid of social networks and information flows analysis

Supply Chain Risk Management (SCRM) has become a popular area of research and study in recent years. This can be highlighted by the number of peer reviewed articles that have appeared in academic literature. This coupled with the realisation by companies that SCRM strategies are required to mitigate the risks that they face, makes for challenging research questions in the field of risk management. The challenge that companies face today is not only to identify the types of risks that they face, but also to assess the indicators of risk that face them. This will allow them to mitigate that risk before any disruption to the supply chain occurs. The use of social network theory can aid in the identification of disruption risk. This thesis proposes the combination of social networks, behavioural risk indicators and information management, to uniquely identify disruption risk. The propositions that were developed from the literature review and exploratory case study in the aerospace OEM, in this thesis are:- By improving information flows, through the use of social networks, we can identify supply chain disruption risk. - The management of information to identify supply chain disruption risk can be explored using push and pull concepts. The propositions were further explored through four focus group sessions, two within the OEM and two within an academic setting. The literature review conducted by the researcher did not find any studies that have evaluated supply chain disruption risk management in terms of social network analysis or information management studies. The evaluation of SCRM using these methods is thought to be a unique way of understanding the issues in SCRM that practitioners face today in the aerospace industry.