Journal of Information Technology

, Volume 27, Issue 1, pp 17–34 | Cite as

Information technology project risk management: bridging the gap between research and practice

  • Hazel Taylor
  • Edward Artman
  • Jill Palzkill Woelfer
Research Article
First Online:

Abstract

The gap between research and practice is strikingly evident in the area of information technology (IT) project risk management. In spite of extensive research for over 30 years into IT project risk factors resulting in normative guidance on IT project risk management, adoption of these risk management methods in practice is inconsistent. Managing risk in IT projects remains a key challenge for many organizations. We discuss barriers to the application of normative prescriptions, such as assessments of probability and impact of risk, and suggest a contingency approach, which addresses the uncertainties, complexities, and ambiguities of IT projects and enables early identification of high-risk projects. Specifically, in a case study, we examine how the project management office (PMO) at one organization has bridged the gap between research and practice, developing a contingency-based risk assessment process well founded on research knowledge of project dimensions related to project performance, while also being practical in its implementation. The PMO's risk assessment process, and the risk spider chart that is the primary tool in this assessment, has proven to be effective for surfacing inherent risk at the early stages of IT projects, thereby enabling the recommendation of appropriate management strategies. The PMO's project risk assessment process is a model for other organizations striving to engage in effective and collaborative practices in order to improve project outcomes. The case illustrates the importance of considering the practical constraints of the context of application in order to transform research findings into practices that promote attainment of desired outcomes.

Keywords

IT project risk management contingency approach project uncertainty risk spider chart project dimensions research transfer 
This is a preview of subscription content, log in to check access.

Notes

Acknowledgements

We would like to thank the City of Seattle, Department of Information Technology Project Management Center of Excellence for their help and support in the development of this paper.

References

  1. Addison, T. and Vallabh, S. (2002). Controlling Software Project Risks – An Empirical Study of Methods Used by Experienced Project Managers, in Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT) (Port Elizabeth, South Africa, 16–18 September).Google Scholar
  2. Alter, S. and Ginzberg, M. (1978). Managing Uncertainty in MIS Implementation, Sloan Management Review 20 (1): 23–31.Google Scholar
  3. Association for Project Management. (2006). APM Body of Knowledge, 5th edn, London: Association for Project Management.Google Scholar
  4. Bannerman, P.L. (2008). Risk and Risk Management in Software Projects: A reassessment, Journal of Systems and Software 81 (12): 2118–2133.CrossRefGoogle Scholar
  5. Barki, H., Rivard, S. and Talbot, J. (1993). Toward an Assessment of Software Development Risk, Journal of Management Information Systems 10 (2): 203–225.CrossRefGoogle Scholar
  6. Barki, H., Rivard, S. and Talbot, J. (2001). An Integrative Contingency Model of Software Project Risk Management, Journal of Management Information Systems 17 (4): 37–69.Google Scholar
  7. Benbasat, I. and Zmud, R.W. (1999). Empirical Research in Information Systems: The practice of relevance, MIS Quarterly 23 (1): 3–16.CrossRefGoogle Scholar
  8. Boehm, B.W. (1973). Software and its Impact: A quantitative assessment, Datamation 19 (5): 48–59.Google Scholar
  9. Boehm, B.W. (1983). Seven Basic Principles of Software Engineering, Journal of Systems and Software 3 (1): 3–24.CrossRefGoogle Scholar
  10. Boehm, B.W. (1991). Software Risk Management: Principles and practices, IEEE Software 8 (1): 32–41.CrossRefGoogle Scholar
  11. Boehm, B.W. and Turner, R. (2004). Balancing Agility and Discipline: A guide for the perplexed, Boston: Addison-Wesley.Google Scholar
  12. Brooks Jr., F.P. (1974). Mythical Man-Month, Datamation 20 (12): 44–52.Google Scholar
  13. Charette, R.N. (1996). The Mechanics of Managing IT Risk, Journal of Information Technology 11 (4): 373–378.CrossRefGoogle Scholar
  14. Creswell, J.W. (2008). Educational Research: Planning, conducting and evaluating quantitative and qualitative research, 3rd edn, Upper Saddle River, NJ: Pearson Merrill Prentice Hall.Google Scholar
  15. de Bakker, K., Boonstra, A. and Wortmann, H. (2010). Does Risk Management Contribute to IT Project Success? A Meta-Analysis of Empirical Evidence, International Journal of Project Management 28 (5): 493–503.CrossRefGoogle Scholar
  16. Desforges, C. (2000). Putting Educational Research to Use Through Knowledge Transformation, Keynote lecture presented at the Further Education Research Conference (Coventry, England, 12 December).Google Scholar
  17. Fairley, R. (1994). Risk Management for Software Projects, IEEE Software 11 (3): 57–67.CrossRefGoogle Scholar
  18. Heemstra, F.J. and Kusters, R.J. (1996). Dealing with Risk: A practical approach, Journal of Information Technology 11 (4): 333–346.CrossRefGoogle Scholar
  19. Herbsleb, J., Zubrow, D., Goldenson, D., Hayes, W. and Paulk, M. (1997). Software Quality and the Capability Maturity Model, Communications of the ACM 40 (6): 30–40.CrossRefGoogle Scholar
  20. Howell, D., Windahl, C. and Seidel, R. (2010). A Project Contingency Framework Based on Uncertainty and its Consequences, International Journal of Project Management 28 (3): 256–264.CrossRefGoogle Scholar
  21. Jiang, J.J., Klein, G. and Discenza, R. (2002). Pre-Project Partnering Impact on an Information System Project, Project Team and Project Manager, European Journal of Information Systems 11 (2): 86–97.CrossRefGoogle Scholar
  22. Jiang, J.J., Klein, G., Hwang, H.-G., Huang, J. and Hung, S.Y. (2004). An Exploration of the Relationship Between Software Development Process Maturity and Project Performance, Information & Management 41 (3): 29–288.CrossRefGoogle Scholar
  23. Keil, M., Cule, P., Lyytinen, K. and Schmidt, R. (1998). A Framework for Identifying Software Project Risks, Communications of the ACM 41 (11): 76–83.CrossRefGoogle Scholar
  24. Kutsch, E. and Hall, M. (2005). Intervening Conditions on the Management of Project Risk: Dealing with uncertainty in information technology projects, International Journal of Project Management 23 (8): 591–599.CrossRefGoogle Scholar
  25. Levina, N. and Vaast, E. (2005). The Emergence of Boundary Spanning Competence in Practice: Implications for implementation and use of information systems, MIS Quarterly 29 (2): 335–363.Google Scholar
  26. March, J.G. and Shapira, Z. (1987). Managerial Perspectives on Risk and Risk Taking, Management Science 33 (11): 1404–1418.CrossRefGoogle Scholar
  27. Marcus, M.L. (1997). The Qualitative Difference in Information Systems Research and Practice, in A. Lee, J. Liebenau and J.I. DeGross (eds.) Information Systems and Qualitative Research, London: Chapman & Hall, pp. 11–27.CrossRefGoogle Scholar
  28. Markides, C. (2011). Crossing the Chasm: How to convert relevant research into managerially useful research, Journal of Applied Behavioral Science 47 (1): 121–134.CrossRefGoogle Scholar
  29. Martin, N.L., Pearson, J.M. and Furumo, K. (2007). IS Project Management: Size, practices and the project management office, Journal of Computer Information Systems 47 (4): 52–60.Google Scholar
  30. Mathiassen, L. (2002). Collaborative Practice Research, Information Technology & People 15 (4): 321–345.CrossRefGoogle Scholar
  31. McFarlan, F.W. (1981). Portfolio Approach to Information Systems, Harvard Business Review 59 (5): 142–150.Google Scholar
  32. Miles, B.M. and Huberman, A.M. (1994). Qualitative Data Analysis: An expanded sourcebook, 2nd edn, London: Sage.Google Scholar
  33. Moynihan, T. (1997). How Experienced Project Managers Assess Risk, IEEE Software 14 (3): 35–41.CrossRefGoogle Scholar
  34. Nutley, S., Walter, I. and Davies, H.T.O. (2003). From Knowing to Doing: A framework for understanding the evidence-into-practice agenda, Evaluation 9 (2): 125–148.CrossRefGoogle Scholar
  35. Pablo, A.L. (1999). Managerial Risk Interpretations: Does industry make a difference? Journal of Managerial Psychology 14 (2): 92–107.CrossRefGoogle Scholar
  36. Patton, M.Q. (2002). Qualitative Research & Evaluation Methods, 3rd edn, Thousand Oaks, CA: Sage.Google Scholar
  37. Pender, S. (2001). Managing Incomplete Knowledge: Why risk management is not sufficient, International Journal of Project Management 19 (2): 79–87.CrossRefGoogle Scholar
  38. Pennington, R. and Tuttle, B. (2007). The Effects of Information Overload on Software Project Risk Assessment, Decision Sciences 38 (3): 489–526.CrossRefGoogle Scholar
  39. Pfleeger, S.L. (2000). Risky Business: What we have yet to learn about risk management, Journal of Systems and Software 53 (3): 265–273.CrossRefGoogle Scholar
  40. Pich, M.T., Loch, C.H. and De Meyer, A. (2002). On Uncertainty, Ambiguity, and Complexity in Project Management, Management Science 48 (8): 1008–1023.CrossRefGoogle Scholar
  41. Pohlmann, T. (2003). How Companies Govern their IT Spending, Cambridge, MA: Forrester Research.Google Scholar
  42. Powell, P.L. and Klein, J.H. (1996). Risk Management for Information Systems Development, Journal of Information Technology 11 (4): 309–319.CrossRefGoogle Scholar
  43. Project Management Institute. (2004). A Guide to the Project Management Body of Knowledge (PMBOK Guide), 3rd edn, Newton Square, PA: Project Management Institute.Google Scholar
  44. Rasche, A. and Behnam, M. (2009). As if it were Relevant: A systems theoretical perspective on the relation between science and practice, Journal of Management Inquiry 18 (3): 243–255.Google Scholar
  45. Raz, T., Shenhar, A. and Dvir, D. (2002). Risk Management, Project Success, and Technological Uncertainty, R & D Management 32 (2): 101–109.CrossRefGoogle Scholar
  46. Reynolds, P. and Yetton, P. (2007). Building Theory from Practice: Opportunities in IS Project Management, in AMCIS 2007 Proceedings. Paper 428, http://aisnet.org/amcis2007/428.
  47. Sambamurthy, V. and Zmud, R.W. (1999). Arrangements for Information Technology Governance: A theory of multiple contingencies, MIS Quarterly 23 (2): 261–290.CrossRefGoogle Scholar
  48. Sauer, C., Gemino, A. and Reich, B.H. (2007). The Impact of Size and Volatility on IT Project Performance, Communications of the ACM 50 (11): 79–84.CrossRefGoogle Scholar
  49. Schmidt, R., Lyytinen, K., Keil, M. and Cule, P. (2001). Identifying Software Project Risks: An international Delphi study, Journal of Management Information Systems 17 (4): 5–36.Google Scholar
  50. Shenhar, A.J. (2001). One Size Does Not Fit All Projects: Exploring classical contingency domains, Management Science 47 (3): 394–414.CrossRefGoogle Scholar
  51. Shenhar, A.J., Dvir, D., Levy, O. and Maltz, A.C. (2001). Project Success: A multidimensional strategic concept, Long Range Planning 34 (6): 699–725.CrossRefGoogle Scholar
  52. Simister, S.J. (2004). Qualitative and Quantitative Risk Management, in P.W.G. Morris and J.K. Pinto (eds.) The Wiley Guide to Managing Projects, Hokoben: John Wiley & Sons, pp. 30–47.Google Scholar
  53. Sommer, S.C. and Loch, C.H. (2004). Selectionism and Learning in Projects with Complexity and Unforeseeable Uncertainty, Management Science 50 (10): 1334–1347.CrossRefGoogle Scholar
  54. Stake, R.E. (2000). Case Studies, in N.K. Denzin and Y.S. Lincoln (eds.) Handbook of Qualitative Research, Thousand Oaks, CA: Sage, pp. 435–454.Google Scholar
  55. Standish Group. (2001). Extreme CHAOS, West Yarmouth, MA: Standish Group International.Google Scholar
  56. Standish Group. (2005). Chaos Rising, West Yarmouth, MA: Standish Group International.Google Scholar
  57. Straub, D.W. and Ang, S. (2011). Rigor and Relevance in IS Research: Redefining the debate and a call for future research, MIS Quarterly 35 (1): iii–xi.Google Scholar
  58. Subramanian, G.H., Jiang, J.J. and Klein, G. (2007). Software Quality and IS Project Performance Improvements from Software Development Process Maturity and IS Implementation Strategies, Journal of Systems and Software 80 (4): 616–627.CrossRefGoogle Scholar
  59. Sumner, M. (2000). Risk Factors in Enterprise-Wide/ERP Projects, Journal of Information Technology 15 (4): 317–327.CrossRefGoogle Scholar
  60. Susman, G.I. and Evered, R.D. (1978). An Assessment of the Scientific Merits of Action Research, Administrative Science Quarterly 23 (4): 582–603.CrossRefGoogle Scholar
  61. Sussman, S.W. and Guinan, P.J. (1999). Antidotes for High Complexity and Ambiguity in Software Development, Information & Management 36 (1): 23–35.CrossRefGoogle Scholar
  62. Taylor, H. (2005). Congruence Between Risk Management Theory and Practice in Hong Kong Vendor-Driven IT Projects, International Journal of Project Management 23 (6): 437–444.CrossRefGoogle Scholar
  63. Taylor, H. (2006a). Critical Risks in Outsourced IT Projects: The intractable and the unforeseen, Communications of the ACM 49 (11): 74–79.CrossRefGoogle Scholar
  64. Taylor, H. (2006b). Risk Management and Problem Resolution Strategies for IT Projects: Prescription and practice, Project Management Journal 37 (5): 49–63.Google Scholar
  65. Taylor, H. (2007). An Examination of Decision-Making in IS Projects from Rational and Naturalistic Perspectives, in ICIS 2007 Proceedings. Paper 30, http://aisle.aisnet.org/icis2007/30.
  66. Tufte, E.R. (2001). The Visual Display of Quantitative Information, Cheshire, CT: Graphics Press.Google Scholar
  67. Van de Ven, A.H. (2007). Engaged Scholarship: A guide for organizational and social research, Oxford, UK: Oxford University Press.Google Scholar
  68. Voetsch, R.J., Cioffi, D.F. and Anbari, F.T. (2004). Project Risk Management Practices and their Association with Reported Project Success, Paper presented at the IRNOP VI Conference, 25–27 August, Turku, Finland.Google Scholar
  69. Wallace, L. and Keil, M. (2004). Software Project Risks and their Effect on Outcomes, Communications of the ACM 47 (4): 68–73.CrossRefGoogle Scholar
  70. Wallace, L., Keil, M. and Rai, A. (2004). How Software Project Risk Affects Project Performance: An investigation of the dimensions of risk and an exploratory model, Decision Sciences 35 (2): 289–321.CrossRefGoogle Scholar
  71. Walsham, G. (2006). Doing Interpretive Research, European Journal of Information Systems 15 (3): 320–330.CrossRefGoogle Scholar
  72. Ward, S. and Chapman, C. (2003). Transforming Project Risk Management into Project Uncertainty Management, International Journal of Project Management 21 (2): 97–105.CrossRefGoogle Scholar
  73. Wolcott, H.F. (1994). Transforming Qualitative Data: Description, analysis, and interpretation, Thousand Oaks, CA: Sage.Google Scholar
  74. Worren, N., Moore, K. and Elliott, R. (2002). When Theories Become Tools: Toward a framework for pragmatic validity, Human Relations 55 (10): 1227–1250.CrossRefGoogle Scholar
  75. Wysocki, R.K. (2001). Building Effective Project Teams, New York: John Wiley & Sons.Google Scholar
  76. Wysocki, R.K., Beck Jr., R. and Crane, D.B. (2000). Effective Project Management, 2nd edn, New York: John Wiley & Sons.Google Scholar
  77. Yin, R.K. (2009). Case Study Research: Design and methods, 4th edn, Thousand Oaks, CA: Sage.Google Scholar
  78. Zmud, R.W. (1980). Management of Large Software Development Efforts, MIS Quarterly 4 (2): 45–55.CrossRefGoogle Scholar
  79. Zmud, R.W. (1998). Conducting and Publishing Practice-Driven Research, Paper presented at the IFIP Working Groups 8.2 and 8.6 Joint Working Conference on Information Systems: Current issues and future changes, 10–13 December, Helsinki, Finland.Google Scholar

Copyright information

© Association for Information Technology Trust 2011

Authors and Affiliations

  • Hazel Taylor
    • 1
  • Edward Artman
    • 2
  • Jill Palzkill Woelfer
    • 1
  1. 1.Information School, University of WashingtonSeattleUSA
  2. 2.Department of Information TechnologySeattleUSA

Personalised recommendations