Risk Management Process for IT Project Management - Literature review Example

Risk Management--- IT Project Management Student’s Name Instructor Institution Course Date Table of Contents 1.0.Introduction 2 2.0.Sources of Risks in IT Projects 3 3.0.Risk Management Process for IT Project Management 4 3.1.Risk Assessment 5 3.2.Risk Mitigation 6 3.3.Reassessment of Residual Risks 6 4.0.IT Project Risk Management---Riskit RM Cycle 7 5.0.Conclusion 8 Risk Management--- IT Project Management 1.0. Introduction Information technology projects management are not free from risks which over time, if not well managed, will threaten the overall project life-cycle. From this perspective, there is need for a comprehensive understanding of risk management from the perspective of IT project management. Fahad Al-Azemi et al. (2014) note that the fundamental requirements for IT project management is an understanding of process and procedures needed in risk management. Nevertheless, there is need to assess risks from different perspectives other than the financial aspect so that risk managers will be able to embrace risks with a more holistic view, rather than merely focusing on the technical and financial matters. Risk management therefore, encompass a situation where there is critical management of any arising risks to IT projects so that potential problems are identified and prevented from escalating into bigger issues. The main focus of this paper entails risk management specifically to IT projects. It assesses the aspect of risk management from the perspective of IT project management. In order to conceptualise the thesis statement, the paper deciphers information on knowledge management on risk management in IT projects implementation processes. 2.0. Sources of Risks in IT Projects An understanding into ways of managing risks must first identity sources of risks that will need management. An examination of literatures on risk management---IT project management shows that sources of IT projects risks range from development of software, outsourcing, communications and implementation of a new security infrastructure. Anecdotes of field research and surveys have categorized sources of IT projects risks into technological, security, information, financial and risks associated with people (Ayob, 2013; Kendrick, 2015). For instance, Kendrick noted that some projects are exposed to security and technological risks because managers and organisations do not encourage response to changing business specific needs or failing to exploit the IT project specific technological opportunities before their competitors implement such changes. In some cases, researchers have noted instances where companies or organisations continue to implement projects assuming their regular systems. This action in turn generates technological and financial risks to the projects identified (Galliers et al. 2014). Taking a case of recent risks in projects, Hu et al. (2013) realized that sources of risks in IT are human-based. That is, managers fail to develop business continuum plan that help understand specific sources of risks. 3.0. Risk Management Process for IT Project Management Risk management entails permanent cycle process that engages different activities for creating, monitoring and making sure that there is continual improvement of the firms IT project. Furthermore, in IT, one of the most critical aspect to consider while doing risk management is the accomplishment by succinctly securing the informatics system that can process, store or transmit information. According to Relich and Muszyński (2014) this process entails enabling management process to make critical but well-informed risk management decisions which justify the expenditures that have been found to be part of an IT budget. While this remains to be pertinent, risk management entails different process that should be understood from evidence-based researches. The process involves four main activities, which need to be permanently put and developed for any project: i. Designing the management of system: this process should involve identification of business needs, assessing the chances and likelihood and the effects of the risks, no limited to a consideration on the implementation of a security policy. According to Ranger et al. (2013), this stage of risk management should entail selection of the adequate countermeasures that directly deals with IT project risks or already existing risks. ii. Implementation of the management system: according to research conducted by Marle et al. (2013), this stage entails the application of control measures as well as work procedures, collection of the needed resources, allocation of the collected resources, setting the responsibilities and conducting training and awareness of the project to be managed. iii. Monitoring, reviewing and reassessing the management of IT systems: this stage entails critical evaluation and examination of effectiveness of controls and working procedures, particularly of project changes, of previous risk incidences and reports regarding occurrences of risks and steps that were taken to mitigate such risks. iv. The improvement and updating of the IT management system: this has been considered by studies as the last step in IT risk management. It involves making corrections on the identified risks and dysfunctions, or in some cases, the process of eliminating the risk causing or unsuitable decisions about the project. This is the stage where risk management process may decide to apply new control measures according to specific needs of the project. The four variables if combined, generate three distinct risk management processes as outlined below: 3.1. Risk Assessment Marle et al. (2013) define IT project risk assessment as a procedure that entails establishment of certain criterion under which the process of evaluation of risks take place (for most IT projects this criteria may be procedures regarding the already identified threats as well as vulnerabilities and different levels of threats associated with the same). This is the stage that risk management team will be concerned with proceedings linked with impacts and chances of identified risks affecting the project, assessment of risks and procedures to mitigate the risks and procedures required for selecting the most suitable measures that help in the mitigation or elimination of the identified risks. 3.2. Risk Mitigation As far as IT projects and project management are concerned, risk mitigations refers to the process of determining the maximum or optimal measures and steps taken in attempting to mitigate or eliminate risks that have been identified in the project. According to Ranger et al. (2013), risk mitigation in IT projects means implementation of the optimized selected measures, but in accordance with project’s laid down plan, and controlling the rightfulness of the process of implementation. 3.3. Reassessment of Residual Risks Unlike risk assessment and mitigation processes, reassessment of residual risks means elaborative process of evaluating the remaining risks after the process of risk mitigations have taken place. This process is done step by step to ensure there is determination of whether the process can be acceptable level or whether additional measures are needed to implement the risk management process further. The main aim of this stage is to eliminate or reduce the remaining residual risks before the organization concerned can perform the intended work appropriately. 4.0. IT Project Risk Management---Riskit RM Cycle The completeness of risk management in IT projects however, need inclusions of different risk management models have been proposed by different scholars. In order to integrate the thesis statement with specific risks in IT projects, this study adopts Riskit Risk Management Cycle as an approach necessary in evaluating steps that any IT project can take in the mitigation of different risks. Figure 1: IT Project Risk Management---Riskit RM Cycle Source: Riskit RM Cycle (as cited in Kranz et al. 2013) Figure 1 above provides alternative procedures that can be used in the management of risk. The model divides the process of management into different parts with the first part being Identification of Risk. According the model, managers should focus on a number of technological content and executions of the project so that specific risks can be identified. The second aspect according to the figure above is Analysis of Risk. The process entails the impacts or consequences of the possible risks. This will need the concerned risk managers to rank or score the effects of risks based on their magnitude or impacts on the projects. The model further suggests Risk Control as the third step for managers undertaking risk management for IT project management. As managers concerned with different IT projects, this stage will entail making decisions on the best suitable or cost effective steps that the project needs so that the identified risks can be mitigated. If well implemented, Talet and Mat-Zin (2014) found that risk reduction, risk avoidance, and risk transfer are likely to be made. The fourth step according to the model is Monitoring of Risk. The step of risk monitoring will provide systematic review of the firm or company’s ability to deal with incidents that are likely to result in project or business interruptions and implementation of risk identification. The last step of the model according to the figure is Control and Evaluation measures for the identified risks. The intention of this part is to help risk managers take measures that can minimize the chances and severity of different risks linked to IT projects. In summary, Riskit Risk Management Cycle adds to the knowledge of process that can be followed in the implementation of IT project risks. Just like the study had pointed out, the model also insists on requirement-driven processes where risks are listed in accordance with the impacts they have on projects. 5.0. Conclusion This study notes that IT projects are still susceptible for their failure rate therefore a comprehensive approach in dealing with risks remains to be a priority among project managers. Through critical evaluation of processes and stages that managers can take in mitigating different risks associated with different projects, we conclude that methods for management of risks are multifaceted and as a result choice on a given method to be applied depends entirely on the specific criteria of a given project and risks such criteria intend to manage or mitigate. As along as the best method is chosen and such work towards the intended risks, this study will remain siginigicant in providing step-by-step guideline in understanding and managing risks associated with IT projects. References Fahad Al-Azemi, K., Bhamra, R., & Salman, A. F. (2014). Risk management framework for build, operate and transfer (BOT) projects in Kuwait. Journal of Civil Engineering and Management, 20(3), 415-433. Ayob, M. F. (2013). Strategies to enhance quality data input requirements of life cycle cost (LCC). Journal of Architecture, Planning and Construction Management, 3(2). Kendrick, T. (2015). Identifying and managing project risk: essential tools for failure-proofing your project. AMACOM Div American Mgmt Assn. Galliers, R. D., & Leidner, D. E. (2014). Strategic information management: challenges and strategies in managing information systems. Routledge. Hu, Y., Zhang, X., Ngai, E. W. T., Cai, R., & Liu, M. (2013). Software project risk analysis using Bayesian networks with causality constraints. Decision Support Systems, 56, 439-449. Relich, M., & Muszyński, W. (2014). The use of intelligent systems for planning and scheduling of product development projects. Procedia Computer Science, 35, 1586-1595. Ranger, N., Reeder, T., & Lowe, J. (2013). Addressing ‘deep’uncertainty over long-term climate in major infrastructure projects: four innovations of the Thames Estuary 2100 Project. EURO Journal on Decision Processes, 1(3-4), 233-262. Marle, F., Vidal, L. A., & Bocquet, J. C. (2013). Interactions-based risk clustering methodologies and algorithms for complex project management. International Journal of Production Economics, 142(2), 225-234. Kranz, M., Murmann, L., & Michahelles, F. (2013). Research in the large: Challenges for large-scale mobile application research-a case study about NFC adoption using gamification via an app store. International Journal of Mobile Human Computer Interaction (IJMHCI), 5(1), 45-61. Talet, A. N., Mat-Zin, R., & Houari, M. (2014). Risk Management and Information Technology Projects. International Journal of Digital Information and Wireless Communications (IJDIWC), 4(1), 1-9. Read More