A Reassessment of Risk Management in Software Projects

In software projects, risk management has long been recognized as the junior partner to project management in improving performance outcomes. This chapter reassesses fundamental aspects of software project risk management to highlight what we currently know from empirical research and uncover opportunities for improvement. The chapter considers evidence of the relationship between risk management and project performance; the adoption of risk management in practice, and barriers and enablers to risk management in practice. It then introduces six risk management perspectives and their related schools of thought as a basis for framing future research opportunities. It concludes with a consideration of implications for future research.

[1]  F. Michael Dedolph,et al.  The neglected management activity: Software risk management , 2003, Bell Labs Technical Journal.

[2]  Rainer Seidel,et al.  A project contingency framework based on uncertainty and its consequences , 2010 .

[3]  Suzanne Rivard,et al.  A behavioral model of software project risk management , 2012 .

[4]  Rob J. Kusters,et al.  Dealing with risk: a practical approach , 1996, J. Inf. Technol..

[5]  Gary Klein,et al.  Risks to different aspects of system success , 1999, Inf. Manag..

[6]  Amrit Tiwana,et al.  The one-minute risk assessment tool , 2004, CACM.

[7]  Franco Caron,et al.  Project Risk Analysis and Management , 2013 .

[8]  T. Addison,et al.  Controlling software project risks: an empirical study of methods used by experienced project managers , 2002 .

[9]  Wynne W. Chin,et al.  Some considerations for articles introducing new and/or novel quantitative methods to IS researchers , 2012, Eur. J. Inf. Syst..

[10]  Paul L. Bannerman,et al.  Defining project success: A multi-level framework , 2008 .

[11]  Sun-Jen Huang,et al.  An empirical analysis of risk components and performance on software projects , 2007, J. Syst. Softw..

[12]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[13]  Y. Kwak,et al.  Project risk management: lessons learned from software development environment , 2004 .

[14]  M. Ehrgott,et al.  Dealing with Uncertainties in MCDA , 2016 .

[15]  Christoph H. Loch,et al.  Managing the Unknown: A New Approach to Managing High Uncertainty and Risk in Projects , 2006 .

[16]  Mark Keil,et al.  How Software Project Risk Affects Project Performance: An Investigation of the Dimensions of Risk and an Exploratory Model , 2004, Decis. Sci..

[17]  J. March,et al.  Managerial perspectives on risk and risk taking , 1987 .

[18]  Christoph H. Loch,et al.  Selectionism and Learning in Projects with Complexity and Unforeseeable Uncertainty , 2004, Manag. Sci..

[19]  Edward G. Anderson,et al.  Putting It Together: How to Succeed in Distributed Product Development , 2011 .

[20]  Mark Keil,et al.  Software project risks and their effect on outcomes , 2004, CACM.

[21]  Neal M. Kingston,et al.  Test development strategies. , 2013 .

[22]  Peter W. G. Morris,et al.  The Wiley Guide to Managing Projects , 2004 .

[23]  Gary Klein,et al.  Software development risks to project effectiveness , 2000, J. Syst. Softw..

[24]  Suzanne Rivard,et al.  Toward an Assessment of Software Development Risk , 1993, J. Manag. Inf. Syst..

[25]  James J. Jiang,et al.  A Measure of Software Development Risk , 2002 .

[26]  John F. McGrew,et al.  The effectiveness of risk management: measuring what didn’t happen , 2000 .

[27]  Paul L. Bannerman,et al.  Risk and risk management in software projects: A reassessment , 2008, J. Syst. Softw..

[28]  J. Barney,et al.  Resource-Based Theory: Creating and Sustaining Competitive Advantage , 2007 .

[29]  Hans J. Thamhain,et al.  Managing Risks in Complex Projects , 2013 .

[30]  Jeffrey K. Pinto,et al.  An Overview of Behavioral Issues in Project Management , 2007 .

[31]  Kalle Lyytinen,et al.  Strategies for Heading Off is Project Failure , 2000, Inf. Syst. Manag..

[32]  L. Willcocks,et al.  Beyond the It Productivity Paradox , 1999 .

[33]  Jianwen Chen,et al.  Dealing with Uncertainty: A Survey of Theories and Practices , 2013, IEEE Transactions on Knowledge and Data Engineering.

[34]  Paul L. Bannerman,et al.  Barriers to Project Performance , 2013, 2013 46th Hawaii International Conference on System Sciences.

[35]  Suzanne Rivard,et al.  The information technology outsourcing risk: a transaction cost and agency theory-based perspective , 2003, J. Inf. Technol..

[36]  Hongliang Zhang,et al.  Two Schools of Risk Analysis: A Review of past Research on Project Risk , 2011 .

[37]  David Johannes Wüpper,et al.  An empirical analysis , 2015 .

[38]  N. Pimlott Managing uncertainty. , 2007, Canadian family physician Medecin de famille canadien.

[39]  Kim R. Fowler Dealing with Risk , 2015 .

[40]  Leon J. Osterweil,et al.  Search based risk mitigation planning in project portfolio management , 2013, ICSSP 2013.

[41]  Aaron J. Shenhar,et al.  How Projects Differ, And What to Do About It , 2007 .

[42]  A. Shenhar,et al.  Risk Management, Project Success, and Technological Uncertainty , 2002 .

[43]  Paul L. Bannerman,et al.  Why Good Project Management Is Not Enough: Liabilities of Incumbency and Newness , 2012 .

[44]  Kalle Lyytinen,et al.  Components of Software Development Risk: How to Address Them? A Project Manager Survey , 2000, IEEE Trans. Software Eng..

[45]  Xiaotong Li,et al.  Software development risk and project performance measurement: Evidence in Korea , 2007, J. Syst. Softw..

[46]  L. Lave Risk Assessment and Management , 2013, Advances in Risk Analysis.

[47]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[48]  Hans Wortmann,et al.  Risk managements' communicative effects influencing IT project success , 2012 .

[49]  Kalle Lyytinen,et al.  Attention Shaping and Software Risk - A Categorical Analysis of Four Classical Risk Management Approaches , 1998, Inf. Syst. Res..

[50]  Paul L. Bannerman Toward An Integrated Framework of Software Project Threats , 2008, Australian Software Engineering Conference.

[51]  E. Kutsch,et al.  The Rational Choice of Not Applying Project Risk Management in Information Technology Projects , 2009 .

[52]  Sia Siew Kien,et al.  Managing Risks in a Failing IT Project: A Social Constructionist View , 2011, J. Assoc. Inf. Syst..

[53]  Axelos Managing Successful Projects with PRINCE2 , 2009 .

[54]  Mira Kajko-Mattsson,et al.  Software risk management: practice contra standard models , 2008, 2008 Second International Conference on Research Challenges in Information Science.

[55]  Gary Klein,et al.  Information system success as impacted by risks and development strategies , 2001, IEEE Trans. Engineering Management.

[56]  N. Pletneva COMMENTARY ON THE INTERNATIONAL STANDARD ISO 31000–2009 “RISK MANAGEMENT. PRINCIPLES AND GUIDELINES” , 2014 .

[57]  Ali Jaafari,et al.  Management of risks, uncertainties and opportunities on projects: time for a fundamental shift , 2001 .

[58]  Hareton K. N. Leung,et al.  A Risk Management Methodology for Project Risk Dependencies , 2011, IEEE Transactions on Software Engineering.

[59]  KeilMark,et al.  Identifying Software Project Risks , 2001 .

[60]  F. W. McFarlan,et al.  Portfolio approach to information systems , 1989 .

[61]  Y. Kwak,et al.  Assessing Project Management Maturity , 2000 .

[62]  David Raffo,et al.  Proceedings of the International Conference on Software and Systems Process , 2016, ICSE 2016.

[63]  Jae-Hyeon Ahn,et al.  Managing risk in a new telecommunications service development process through a scenario planning approach , 2002, J. Inf. Technol..

[64]  Christoph H. Loch,et al.  On Uncertainty, Ambiguity, and Complexity in Project Management , 2002, Manag. Sci..

[65]  J. March,et al.  Organizational Learning , 2008 .

[66]  Kalle Lyytinen,et al.  A framework for identifying software project risks , 1998, CACM.

[67]  Art Gemmer,et al.  Risk Management: Moving Beyond Process , 1997, Computer.

[68]  Thomas H. Davenport,et al.  Analytics at Work: Smarter Decisions, Better Results , 2010 .

[69]  Steven Pender,et al.  Managing incomplete knowledge: Why risk management is not sufficient , 2001 .

[70]  Mary Sumner,et al.  Risk factors in enterprise-wide/ERP projects , 2000, J. Inf. Technol..

[71]  J Ropponen,et al.  Can software risk management improve system development: an exploratory study , 1997 .

[72]  Jill Palzkill Woelfer,et al.  Information technology project risk management: bridging the gap between research and practice , 2012, J. Inf. Technol..

[73]  Barry W. Boehm,et al.  Theory-W Software Project Management: Principles and Examples , 1989, IEEE Trans. Software Eng..

[74]  Carl L. Pritchard,et al.  Risk Management: Concepts and Guidance , 2001 .

[75]  Mark Keil,et al.  Understanding software project risk: a cluster analysis , 2004, Inf. Manag..

[76]  Kalle Lyytinen,et al.  Identifying Software Project Risks: An International Delphi Study , 2001, J. Manag. Inf. Syst..

[77]  Elmar Kutsch,et al.  Does risk matter? Disengagement from risk management practices in information systems projects , 2013, Eur. J. Inf. Syst..

[78]  Mira Kajko-Mattsson,et al.  Integrating risk management with software development : State of practice , 2008, IMECS 2008.

[79]  Yacov Y. Haimes,et al.  Risk associated with software development: a holistic framework for assessment and management , 1993, IEEE Trans. Syst. Man Cybern..

[80]  Gerald T. Mackulak,et al.  Stochastic simulation of risk factor potential effects for software development risk management , 2001, J. Syst. Softw..