Exploration of the Project Risk Management Framework for Information Technology Companies

Authors

  • Isnen Hadi Al Ghozali Universitas Budi Luhur https://orcid.org/0000-0001-8155-6438
  • Samidi Samidi Universitas Budi Luhur
  • Andy Rio Handoko Universitas Budi Luhur

DOI:

https://doi.org/10.31154/cogito.v9i2.517.266-279

Keywords:

Risk Management, Project Management, Project Risk Framework, Listing Company, Project Risk Framework

Abstract

 Based on CHAOS 2020: Beyond Infinity Overview, reported by the Standish Group, only 31% of  IT projects were successfully implemented, while 50% of projects were challenged and 19% of projects failed. Many project managers less awareness about SRM and have a partial understanding of risk. The purpose of this study is to develop a project risk management framework for listing companies in the information technology sector. The sample for this study is 35 annual reports of technology companies listed on IDX. This study identified 122 types of project risks from 33 companies' annual reports. This study uses an exploratory study approach. The proposed framework includes three stages, namely the root cause, risk assessment, and performance stages. At the root cause stage, the identification of risks from elements of the business environment becomes the basis for measuring risk treatment. In the next stage, the identified risk treatment is measured through identify, analysis, and verification activities with the support of communication, documentation, and evaluation. The measurement results are classified into three major dimensions, namely cost, time, and quality. The final stage of the framework is in the form of residual performance risk and a risk mitigation action plan.

References

L. Sarigiannidis and P. D. Chatzoglou, “Software Development Project Risk Management: A New Conceptual Framework,” JSEA, vol. 04, no. 05, pp. 293–305, 2011, doi: 10.4236/jsea.2011.45032.

N. Takagi and J. Varajão, “Integration of success management into project management guides and methodologies - position paper,” Procedia Computer Science, vol. 164, pp. 366–372, 2019, doi: 10.1016/j.procs.2019.12.195.

M. E. Barghoth, A. Salah, and M. A. Ismail, “A Comprehensive Software Project Management Framework,” JCC, vol. 08, no. 03, pp. 86–102, 2020, doi: 10.4236/jcc.2020.83009.

A. I. La Paz and R. I. López, “Recommendation method for customized IT project management,” Procedia Computer Science, vol. 219, pp. 1938–1945, 2023, doi: 10.1016/j.procs.2023.01.493.

H. Portman, “CHAOS 2020: Beyond Infinity,” Standish Group, Massachusetts 02109, US, Jan. 2021. [Online]. Available: https://hennyportman.files.wordpress.com/2021/01/project-success-qrc-standish-group-chaos-report-2020.pdf

M. Welde and I. Bukkestein, “Over time or on time? A study of delays in large government projects,” Procedia Computer Science, vol. 196, pp. 772–781, 2022, doi: 10.1016/j.procs.2021.12.075.

W. S. Wan Husin, Y. Yahya, N. F. Mohd Azmi, N. N. Amir Sjarif, S. Chuprat, and A. Azmi, “Risk Management Framework for Distributed Software Team: A Case Study of Telecommunication Company,” Procedia Computer Science, vol. 161, pp. 178–186, 2019, doi: 10.1016/j.procs.2019.11.113.

F. Bekius and S. L. Gomes, “A framework to design game theory-based interventions for strategic analysis of real-world problems with stakeholders,” European Journal of Operational Research, vol. 309, no. 2, pp. 925–938, Sep. 2023, doi: 10.1016/j.ejor.2023.01.046.

S. Chaouch, A. Mejri, and S. A. Ghannouchi, “A framework for risk management in Scrum development process,” Procedia Computer Science, vol. 164, pp. 187–192, 2019, doi: 10.1016/j.procs.2019.12.171.

P. V. Kukhareva et al., “Evaluation in Life Cycle of Information Technology (ELICIT) framework: Supporting the innovation life cycle from business case assessment to summative evaluation,” Journal of Biomedical Informatics, vol. 127, p. 104014, Mar. 2022, doi: 10.1016/j.jbi.2022.104014.

M. Cai, C. Bao, and Q. Meng, “Overview of risk aggregation approach in different risk scenarios,” Procedia Computer Science, vol. 214, pp. 1353–1360, 2022, doi: 10.1016/j.procs.2022.11.316.

A. Aggarwal, K. S. Dhindsa, and P. K. Suri, “An Empirical Evaluation of Assorted Risk Management Models and Frameworks in Software Development:,” International Journal of Applied Evolutionary Computation, vol. 11, no. 1, pp. 52–62, Jan. 2020, doi: 10.4018/IJAEC.2020010104.

S. Chi et al., “Semi-supervised learning to improve generalizability of risk prediction models,” Journal of Biomedical Informatics, vol. 92, p. 103117, Apr. 2019, doi: 10.1016/j.jbi.2019.103117.

F. Da, C. Peng, H. Wang, and T. Li, “A risk detection framework of Chinese high-tech firms using wide & deep learning model based on text disclosure,” Procedia Computer Science, vol. 199, pp. 262–268, 2022, doi: 10.1016/j.procs.2022.01.032.

J. Zhong, J. Lv, and Y. Zhang, “Customized Production Project Risk Management with Analytic Hierarchy Process,” JSS, vol. 07, no. 01, pp. 85–95, 2019, doi: 10.4236/jss.2019.71008.

L. Domingues and P. Ribeiro, “Project Management Maturity Models: Proposal of a Framework for Models Comparison,” Procedia Computer Science, vol. 219, pp. 2011–2018, 2023, doi: 10.1016/j.procs.2023.01.502.

M. Elkhatib, A. Al Hosani, I. Al Hosani, and K. Albuflasa, “Agile Project Management and Project Risks Improvements: Pros and Cons,” ME, vol. 13, no. 09, pp. 1157–1176, 2022, doi: 10.4236/me.2022.139061.

P. Loft, Y. He, I. Yevseyeva, and I. Wagner, “CAESAR8: An agile enterprise architecture approach to managing information security risks,” Computers & Security, vol. 122, p. 102877, Nov. 2022, doi: 10.1016/j.cose.2022.102877.

S. Beecham, T. Clear, R. Lal, and J. Noll, “Do scaling agile frameworks address global software development risks? An empirical study,” Journal of Systems and Software, vol. 171, p. 110823, Jan. 2021, doi: 10.1016/j.jss.2020.110823.

J. Wan and Z. Wang, “Case Study on E-Business V Corp. Software Project Risk Management with Interpretive Structural Modeling,” Open Journal of Social Sciences, vol. 3, no. 4, pp. 1–7, Mar. 2015, doi: 10.4236/jss.2015.34001.

J. Wan and L. Liang, “Risk Management of IT Service Management Project Implementation with Killer Assumptions,” Technology and Investment, vol. 3, no. 1, pp. 48–55, Feb. 2012, doi: 10.4236/ti.2012.31007.

L. Ika, J. Couillard, and S. Garon, “Coping with Project Complexity: The Complexity Based Project Management Framework,” PM World Journal, vol. X, no. V, pp. 1–22, 2021.

L. H. Sendstad, M. Chronopoulos, and V. Hagspiel, “Optimal Risk Adoption and Capacity Investment in Technological Innovations,” IEEE Trans. Eng. Manage., vol. 70, no. 2, pp. 576–589, Feb. 2023, doi: 10.1109/TEM.2021.3056142.

M. Mrad, K. S. Al-Gahtani, R. Hulchafo, N. Souayah, and K. Bamatraf, “Risk Assessment for Discrete Stochastic Time-Cost-Quality Trade-Off Problem Using Simulation-Based Integer Linear Programming Approach,” IEEE Access, vol. 7, pp. 32453–32463, 2019, doi: 10.1109/ACCESS.2019.2903229.

J. Wan, Y. Cao, and J. Hou, “Case Study on H Corp. Software Project Risk Management with ISM,” Technology and Investment, vol. 4, no. 3, pp. 145–152, Jul. 2013, doi: 10.4236/ti.2013.43017.

P. Ávila et al., “Framework for a risk assessment model to apply in Virtual / Collaborative Enterprises,” Procedia Computer Science, vol. 181, pp. 612–618, 2021, doi: 10.1016/j.procs.2021.01.208.

A. Aggarwal, K. S. Dhindsa, and P. K. Suri, “A Pragmatic Assessment of Approaches and Paradigms in Software Risk Management Frameworks:,” International Journal of Natural Computing Research, vol. 9, no. 1, pp. 13–26, Jan. 2020, doi: 10.4018/IJNCR.2020010102.

K. B. Bagshaw, “NEW PERT and CPM in Project Management with Practical Examples,” AJOR, vol. 11, no. 04, pp. 215–226, 2021, doi: 10.4236/ajor.2021.114013.

R. S. Ybañez, L. A. Bautista, and A. R. De La Cruz, “Virtual Project Management (VPM) in Project Execution,” AJIBM, vol. 12, no. 12, pp. 1867–1912, 2022, doi: 10.4236/ajibm.2022.1212102.

M. A. Fikri, F. A. Putra, Y. Suryanto, and K. Ramli, “Risk Assessment Using NIST SP 800-30 Revision 1 and ISO 27005 Combination Technique in Profit-Based Organization: Case Study of ZZZ Information System Application in ABC Agency,” Procedia Computer Science, vol. 161, pp. 1206–1215, 2019, doi: 10.1016/j.procs.2019.11.234.

Z. I. Saleh, H. Refai, and A. Mashhour, “Proposed Framework for Security Risk Assessment,” JIS, vol. 02, no. 02, pp. 85–90, 2011, doi: 10.4236/jis.2011.22008.

L. Pekkinen and K. Aaltonen, “Risk Management in Project Networks: An Information Processing View,” Technology and Investment, vol. 6, no. 1, pp. 52–62, Jan. 2015, doi: 10.4236/ti.2015.61005.

S.-C. Cha and K.-H. Yeh, “A Data-Driven Security Risk Assessment Scheme for Personal Data Protection,” IEEE Access, vol. 6, pp. 50510–50517, 2018, doi: 10.1109/ACCESS.2018.2868726.

B. Khan, R. Naseem, I. Alam, I. Khan, H. Alasmary, and T. Rahman, “Analysis of Tree-Family Machine Learning Techniques for Risk Prediction in Software Requirements,” IEEE Access, vol. 10, pp. 98220–98231, 2022, doi: 10.1109/ACCESS.2022.3206382.

A. Ovsyannikova and J. Domashova, “Identification of public procurement contracts with a high risk of non-performance based on neural networks,” Procedia Computer Science, vol. 169, pp. 795–799, 2020, doi: 10.1016/j.procs.2020.02.161.

G. Petneházi, “Quantile convolutional neural networks for Value at Risk forecasting,” Machine Learning with Applications, vol. 6, p. 100096, Dec. 2021, doi: 10.1016/j.mlwa.2021.100096.

V. Polishchuk, Y. Mlavets, I. Rozora, and O. Tymoshenko, “A hybrid model of risk assessment of the functioning of information modules of critical infrastructure objects,” Procedia Computer Science, vol. 219, pp. 76–83, 2023, doi: 10.1016/j.procs.2023.01.266.

H. Mismar, A. Shamayleh, and A. Qazi, “Prioritizing Risks in Last Mile Delivery: A Bayesian Belief Network Approach,” IEEE Access, vol. 10, pp. 118551–118562, 2022, doi: 10.1109/ACCESS.2022.3220626.

N. Kim, H. Oh, and J. K. Choi, “A privacy scoring framework: Automation of privacy compliance and risk evaluation with standard indicators,” Journal of King Saud University - Computer and Information Sciences, vol. 35, no. 1, pp. 514–525, Jan. 2023, doi: 10.1016/j.jksuci.2022.12.019.

G. Ammad, U. Iqbal Janjua, T. M. Madni, M. F. Cheema, and A. R. Shahid, “An Empirical Study to Investigate the Impact of Communication Issues in GSD in Pakistan’s IT Industry,” IEEE Access, vol. 7, pp. 171648–171672, 2019, doi: 10.1109/ACCESS.2019.2953008.

I. Riley, S. Jahan, A. Marshall, C. Walter, and R. F. Gamble, “Evaluating verification awareness as a method for assessing adaptation risk,” Future Generation Computer Systems, vol. 119, pp. 110–135, Jun. 2021, doi: 10.1016/j.future.2021.01.034.

R. Subramanian, S. Taterh, D. Singh, and H.-N. Lee, “Efficient Fine Tuned Trapezoidal Fuzzy-Based Model for Failure Mode Effect Analysis Risk Prioritization,” IEEE Access, vol. 10, pp. 50037–50046, 2022, doi: 10.1109/ACCESS.2022.3172513.

E. Masengesho, J. Wei, N. Umubyeyi, and R. Niyirora, “A Review on the Role of Risk Management (RM) and Value Engineering (VE) Tools for Project Successful Delivery,” WJET, vol. 09, no. 01, pp. 109–127, 2021, doi: 10.4236/wjet.2021.91009.

M. Tsiodra, S. Panda, M. Chronopoulos, and E. Panaousis, “Cyber Risk Assessment and Optimization: A Small Business Case Study,” IEEE Access, vol. 11, pp. 44467–44481, 2023, doi: 10.1109/ACCESS.2023.3272670.

G. Silvius and C. Marnewick, “Interlinking Sustainability in Organizational Strategy, Project Portfolio Management and Project Management A Conceptual Framework,” Procedia Computer Science, vol. 196, pp. 938–947, 2022, doi: 10.1016/j.procs.2021.12.095.

R.-P. V. D. Boom, “Financial Risk Management in Dutch SMEs: An Empirical Analysis,” JFRM, vol. 08, no. 02, pp. 55–72, 2019, doi: 10.4236/jfrm.2019.82005.

H. Berg, K. Holgeid, M. Jørgensen, and G. H. Volden, “Successful IT projects – A multiple case study of benefits management practices,” Procedia Computer Science, vol. 219, pp. 1847–1859, 2023, doi: 10.1016/j.procs.2023.01.482.

S. Shafiee, E. Sandrin, C. Forza, K. Kristjansdottir, A. Haug, and L. Hvam, “Framing business cases for the success of product configuration system projects,” Computers in Industry, vol. 146, p. 103839, Apr. 2023, doi: 10.1016/j.compind.2022.103839.

B. Hussein, A. Mallcott, and N. Mikhridinova, “Lessons learned from developing and applying self-assessment instruments for evaluating project management competences in two large organizations,” Procedia Computer Science, vol. 164, pp. 358–365, 2019, doi: 10.1016/j.procs.2019.12.194.

S. Shankar, “Risk and Rationality,” JFRM, vol. 08, no. 04, pp. 305–314, 2019, doi: 10.4236/jfrm.2019.84021.

K. Moriya, “The Effectiveness of a Project Manager for Risk Management in a Career Education Project,” Creative Education, vol. 5, no. 8, pp. 525–532, May 2014, doi: 10.4236/ce.2014.58062.

J. Doering, R. Kizys, A. A. Juan, À. Fitó, and O. Polat, “Metaheuristics for rich portfolio optimisation and risk management: Current state and future trends,” Operations Research Perspectives, vol. 6, p. 100121, 2019, doi: 10.1016/j.orp.2019.100121.

M. El Khatib, L. Nakand, S. Almarzooqi, and A. Almarzooqi, “E-Governance in Project Management: Impact and Risks of Implementation,” AJIBM, vol. 10, no. 12, pp. 1785–1811, 2020, doi: 10.4236/ajibm.2020.1012111.

B. Hussein, “The influence of project characteristics on project success factors. Insights from 21 real life project cases from Norway,” Procedia Computer Science, vol. 164, pp. 350–357, 2019, doi: 10.1016/j.procs.2019.12.193.

Downloads

Published

2023-12-29

How to Cite

Ghozali, I. H. A., Samidi, S., & Handoko, A. R. . (2023). Exploration of the Project Risk Management Framework for Information Technology Companies. CogITo Smart Journal, 9(2), 266–279. https://doi.org/10.31154/cogito.v9i2.517.266-279