Academy of Strategic Management Journal (Print ISSN: 1544-1458; Online ISSN: 1939-6104)

Research Article: 2019 Vol: 18 Issue: 4

Strategic Risks Management in Implementation of IT Projects

Yuliia ?. Makarenko, Oles Honchar Dnipro National University

Svitlana ?. Tereshchenko, Sumy National Agrarian University

Natalya G. Metelenko, Zaporizhzhya National University

Inna H. Mykolenko, Poltava State Agrarian Academy

Alina S. Oliinyk, Poltava State Agrarian Academy


The following aspects of the application of mathematical methods and models in the risk management of IT projects, such as the need to take account of time and money reserves in the event of adverse events, the possibility of periodic risk control and prompt response to them through the constant communication between the project stakeholders, ensuring timely execution of IT, as well as taking into account the characteristic features of different software development methodologies are analyzed and determined. According to the results of the analysis of methodological approaches to software development, it has been established that the combination of the principles of the CCPM and Scrum methodologies makes it possible to form reserves in an explicit form and to establish effective communication between the interested parties of the IT project. In addition, the application of knowledge-based methods and models increases the effectiveness of the information provision of the decision-making process on risk management of the IT project.


Risk Management, IT Project, Effective Communication, Knowledge Management, Knowledge Base, Expert System.

JEL Classifications

M5, Q2


Unclear initial customer requirements, constant changes related to intangible outputs, high levels of complexity from the point of view of the use of intellectual and technological resources, and hence uncertainty due to lack of information for decision-making on project management, are typical for IT projects. In addition, as numerous studies show, when implementing IT projects, the planned timetable is often violated, the budget is exceeded, and a functional is developed that does not meet the requirements of users. A high level of uncertainty increases the risk of failure to achieve the planned results and jeopardizes the successful implementation of the project.

Thus, an effective prerequisite for the proper execution of IT projects is risk management. In the context of project management, risk is associated with events that have certain implications for the project. Accordingly, risk management includes processes that maximize the probability of achieving project goals through active management of threats (risks that can negatively affect the project) and opportunities (risks that can affect it positively). These processes involve the use of certain methods and models of risk management, the choice of which depends on the peculiarities of the IT project implementation.

Review of Previous Studies

Projects in the field of information technology and management have features that are inherent in any other types of projects. According to the results of the analysis (Kerzner, 2019 & 2017) it is possible to highlight such project features as the focus on achieving a specific goal, coordinated implementation of interrelated actions, the existence of time constraints, and availability of resource constraints, uniqueness, and high level of uncertainty about the end results. The characteristics of the projects outlined above are also the basis for its classification (Meredith et al., 2017). In the scientific literature (Hilorme et al., 2019) there is a large number of methodological approaches to the classification of projects, on the basis of which such criteria, as a class, type, duration, scale and level of complexity of the project are selected (Makedon et al., 2019).

The IT project management is aimed at obtaining an intangible result, which requires the maximum detail of the requirements for the project result with its further refinement and adjustment (Kliem & Ludin, 2019). In addition to issues specific to conventional projects, IT leadership should address unique technology issues related to hardware, operating system, databases, etc. (Rasnacis & Berzisa, 2017). Additional responsibility for the executor is also imposed by the fact that error information in the IT project is spreading rapidly among users (Silvius et al., 2017).

According to the results of the analysis of publications on the use of knowledge management techniques in project management, including project risk management, it can be concluded that the effectiveness of these methods is confirmed by statistical data, and the importance of its application is emphasized by many scholars and standards (Drobyazko et al., 2019). At the same time, in our opinion, the problem of choosing and using methods and models in knowledge management, taking into account the peculiarities of IT projects and the methodologies used in software development, is not sufficiently investigated (Perevozova et al., 2019).


Generally, commonly used methods defined by ISO/IEC 31010:2009 and PMBOK 5 (Project Management Body of Knowledge) (Varajão et al., 2017) standards can be used within the framework of IT risk management. However, the choice of methods and models for risk management depends on the features of the project, in the first place its life cycle and the corresponding methodology used in software development.

In the framework of the improvement of cascading (linear) methodologies at the end of the 20th century, the CCPM methodology (Critical ?hain Project Management), was developed, the key principles of which are to improve the efficiency of using free time and risk management based on project buffers. At the same time, from the beginning of the XXI century, so-called agile methodologies have been developed to maximize customer satisfaction and risk management by continuously refining the requirements and increasing the functionality of a software product within short cycles (sprints). Many methods and models that help reduce the overall level of uncertainty in the execution of projects, including in the field of information technology, have been proposed within such areas of research as knowledge management.

Results and Discussion

In IT projects where intensive human resources are used, the appointment of one performer to several parallel tasks is quite common. Taking into account the possible loss of time with constant transitions from one task to another and a high degree of uncertainty regarding the interim and final results of the project, this could lead to significant delays in the IT project implementation and adversely affect the reliability of the evaluation of its targets. This, in turn, complicates the determination of the amount of additional time or funds to cover unforeseen losses.

For IT projects, reserve creation is extremely relevant in the initial planning of work in such projects; it is difficult to estimate the duration of tasks. At the same time, the most difficult problem when creating a reserve is to evaluate the potential consequences of the risks implementation. Also, when determining the amount of contingency reserve, the accuracy of the initial evaluation of the duration and cost of tasks is important.

Modeling an IT project as a chain of tasks with a clearly defined sequence and pre-estimated duration can be accomplished using the Monte Carlo method and the Markov chains. Inputs for modeling can be historical data and expert estimates of factors of the external and internal environment of the project, output - the project's target indicators, such as deadlines, budget and volume of the functional, or the likelihood of its achievement. However, as noted above, the high level of reliability of the evaluation of the duration of tasks can be offset by the high degree of uncertainty inherent in IT projects, which will result in inadequate modeling results.

It should be noted that over the past 20 years, a large number of specific risk management methodologies have been developed for IT projects, among which Risk IT and SEI-CRM can be identified. The methodologies generally duplicate the risk management tool described in PMBOK 5. The risk management of an IT project under SEI-CRM involves phases such as detection, risk analysis, risk management planning, risk tracking and control. Risk analysis involves evaluating risk indicators, probability of its occurrence and exposure, as well as risk classification.

The purpose of the Risk IT methodology is to adapt the provisions of the common risk management standards (in particular ISO 31000) to the specific approaches used in the IT field. According to Risk IT, the risk management process includes three components: risk management, risk response and risk evaluation. At the same time, in comparison with PMBOK, SEI-CRM and Risk-IT in some aspects the specificity of IT projects more fully is taken into account. The Risk IT methodology focuses on financial risks for business related to the introduction of information technology and investment analysis. SEI-CRM provides a detailed breakdown of risk management functions between project participants (development team, technical managers, project manager, quality control team, risk management support team) (Table 1).

Table 1 Distribution of it Risk Management Functions According to SEI-CRM
IT project participants Risk management functions
Project team Identification of new risks, assessment of probability and impact, risk classification, recommending measures, risk tracking and developing a response plan, support in prioritizing risks
Technical managers Integration of information from the project team, ensuring the accuracy of risk evaluation and classification, prioritizing risks, reviewing the recommendations on risk response, reporting to the project manager, implementing risk management decisions, developing a plan of activities, establishing communication with the project manager
Project manager authorization of resources for risk management, integration of information from technical managers, prioritization of risks, decision-making on risk management, distribution of powers of risk management, assessment of the effectiveness of risk management measures
Quality control team coordination of risk detection and analysis activities, updating of risks, periodic reporting to the project manager regarding the status of risks
Risk management support team Identification of risk elements and assessment of its potential negative effects, analysis and evaluation of critical processes in the project, analysis and implementation of risk management results from other projects, policy and reserves formation, support to the project manager in the most critical tasks

Therefore, when applying the methods and models in risk management of IT projects within SEI-CRM and Risk-IT, it is appropriate to take into account the distribution of risk functions between the project participants, as well as the potential impact of the project results on the client’s business.

Based on the results of the analysis of methodological approaches to risk management in the field of information technology, it has been established that the existing project management methodologies focus on particular aspects of achieving project objectives. The CCPM methodology involves focusing the main risk management efforts on the timely implementation of the project, Scrum-to get the operating functionality as quickly as possible, Risk-IT - to obtain an economic effect for the client's business of the project. At the same time, a project that went beyond budget and graphics may well meet the needs of users and customers. This is due to the fact that stakeholders in the project may have different ideas about the importance of performance criteria, and changes in the requirements or objectives of the project may create additional risks.

Modeling in the risk management of an IT project should take into account the possibility of periodic risk control and rapid response to them by means of constant communication between project stakeholders, as well as analyzing information and accumulating knowledge about risks. Due to the fact that the customer and users, as a rule, are not specialists in the development and implementation of information technologies, their requirements cannot be clearly delineated at the beginning of the project (Hilorme et al., 2019). In addition, the performer, in turn, may have difficulties in defining the specifics of the customer's business and the choice of technologies to meet the requirements, which causes a high degree of uncertainty regarding technical solutions. Taking into account the need for effective information provision of the decision-making process on risk management of the IT project, the actual task is to apply methods and models based on the analysis of participants' experience.

Information provision of risk management processes requires obtaining and using up-to-date information or knowledge about events and processes (for example, identifying errors in the code and ways to fix them) that may affect the achievement of project objectives. This is especially important for IT projects, the implementation of which involves the active use of knowledge due to the high degree of complexity.


Therefore, when selecting the methods for IT project risks management, it is recommended that the interests of such stakeholders as the customer (created value for the organization, implementation of the requirements), the end users (adequacy of needs and ease of use) and the project implementer (timely execution, budget compliance, implementation of desired quality level, gained experience).

Modern scientific research in the field of IT project risk management is aimed at creating integrated approaches that combine the advantages of various methodologies. Such efforts are reflected in the relevant systems and models. In this regard, it is advisable to separately analyze the existing systems and models in order to take into account the risk management features of IT projects and methodologies used in software development.


Consequently, existing standards for project management and risk management offer a large number of risk management methods and models, the choice of which depends on the methodology of project management and available information for decision-making. According to the results of analysis of project management methodologies in terms of taking into account the peculiarities of IT project risk management, the following conclusions can be drawn.

The PMBOK 5 standard provides an exhaustive list of processes, procedures and methods for project risk management that can be applied including in IT projects; in scientific and practical sources for risk evaluation of IT projects, tools such as probability/impact matrices, the Monte Carlo method and the Markov chain are widely used.

A combination of methodological approaches to risk management CCPM and Scrum enable the formation of reserves in an explicit form and establish effective communication between the stakeholders of the IT project. Variation in the duration of the tasks contributes to quantitative risk evaluation and, accordingly, modeling with Monte Carlo methods and Markov chains.

The effectiveness of knowledge management techniques in project management is confirmed by data from sectorial studies, and the importance of its application is emphasized by many scientists and standards. At the same time, it is not sufficiently investigated to select and use methods and models in knowledge management, taking into account the peculiarities of IT projects and methodologies used in software development. In this regard, the actual task is to adapt the methods and models of knowledge management to the peculiarities of IT project risk.


  1. Drobyazko, S., Hryhoruk, I., Pavlova, H., Volchanska, L., & Sergiychuk, S. (2019). Entrepreneurship innovation model for telecommunications enterprises.
  2. Hilorme, T., Shurpenkova, R., Kundrya-Vysotska, O., Sarakhman, O., & Lyzunova, O. (2019). Model of energy saving forecasting in entrepreneurship. Journal of Entrepreneurship Education.
  3. Hilorme, T., Zamazii, O., Judina, O., Korolenko, R., & Melnikova, Yu. (2019). Formation of risk mitigating strategies for the implementation of projects of energy saving technologies. Academy of Strategic Management Journal. 18(3).
  4. Kerzner, H. (2017). Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons.
  5. Kerzner, H. (2019). Using the project management maturity model: strategic planning for project management. Wiley..
  6. Kliem, R.L., & Ludin, I.S. (2019). Reducing project risk. Routledge.
  7. Makedon, V. Drobyazko, S., Shevtsova, H., Maslosh, O., & Kasatkina, M. (2019). Providing security for the development of high-technology organizations.
  8. Meredith, J.R., Mantel Jr, S.J., & Shafer, S.M. (2017). Project management: a managerial approach. John Wiley & Sons.
  9. Perevozova, I., Savchenko, M., Shkurenko, O., Obelnytska, K., & Hrechanyk, N. (2019). Formation of entrepreneurship model by innovation activity of industrial enterprises. Journal of Entrepreneurship Education, 22, 1-6.
  10. Rasnacis, A., & Berzisa, S. (2017). Method for adaptation and implementation of agile project management methodology. Procedia Computer Science, 104, 43-50.
  11. Silvius, A.G., Kampinga, M., Paniagua, S., & Mooi, H. (2017). Considering sustainability in project management decision making; An investigation using Q-methodology. International Journal of Project Management, 35(6), 1133-1150.
  12. Varajão, J., Colomo-Palacios, R., & Silva, H. (2017). ISO 21500: 2012 and PMBoK 5 processes in information systems project management. Computer Standards & Interfaces, 50, 216-222.
Get the App