Project Risk Management

Abstract
With the increased growth of competition among software firms, the companies
focus on the risks to remain competitive in the market. They should deliver high-
quality products, services or software with minimal cost and fewer timelines. Risk
management is the most common practice employed by information technology
organizations to improve their project success rate. Due to the growth and
advancement of technology, there are many risks in every project. The project risk
could be an employee moving to another firm, stealing Data and wrong
commitments. Furthermore, the risk may arise from human error, technological fault,
improper planning and the lack of a proper risk management plan to deliver
successful projects. Hence, the risk management framework could improve the
product quality, enhance the quality parameters and increase the project success
rate.
Keywords: Software, risk management, project success, product quality, services &
products, etc.

Introduction
Project risk management is the set of activities or processes implemented to manage
the potential risk in the projects that would negatively affect the project success and
organizations. The unexpected risk affects every aspect of the company revenue
and may damage its reputation. Hence, any risk is probable (Willumsen 2019) that
may arise unexpectedly in any project. Eradicated risk factors may reduce losses in
any company. Project risk management works for any projects across industries.
Therefore, the different types of projects would require the approach to risk
management.

Literature Survey
1.0 Project Risk Management
Project risk management is identifying, analysing and responding to the various risks
throughout the project lifecycle. These days Risk management is applied to different
fields that focus on
understanding the potential
problems. The problems
identified may affect the
project success and
performance. Therefore,
risk management is a
process in delivering the
project successfully. For
any project, the Devised risk management framework (Babenko 2019) could identify
potential threats.
Figure 1: Generic Risk Management Process (Gachie 2017)
Based on risk identification, risk assessment, risk response planning and the final
step is risk monitoring. The generic risk management process includes initiation,
identification, risk assessment, response planning, implementation, review and post-
project risk.
The different project uses different approaches or model concerning the type of risks.
The multiple model approach is discussed below in detail.

1.0 Risk Management for Industry 4.0

Tupa 2017 proposed the framework design for implementing risk management in the
industry 4.0 concept. New risk occurs when new approaches, frameworks, complex
IT infrastructure are involved with the IT project management. The research provides
valuable insight and solutions to implement the risk management systems based on
the requirements proposed for Industry 4.0. The risk management framework design
proposed here includes Risk Identification, design of the framework and then
integrate the performance and the risk management.
2.1 RM framework
The proposed design framework ensures all security policies must be added in risk
management aspects to the integrated corporate policy. The risk analysis is
regarded as the significant process or steps for the framework (Tupa 2017). The
Framework shows the risk catalogue that could be divided into sections based on
technical risk, processes risk, planning risk and so on.

Figure 2: The Process of Implementation of the designed framework (Tupa

2017)
2.2 Factors impacting on companies
The factors that impact all the processes leading to new risk may include humans,
objects, systems, value creation, networks are concerning new changing conditions.
The research concludes the adoption of Key Risk Indicators for risk management for
performance measurement of projects. The limitation is that a more suitable
framework is required for the large volume of data generated from the ICT systems
from the manufacturing systems. So, future work must focus on analyzing more data
from ICT systems that would impact industry 4.0.

2.0 Risk Management for DAD projects

Shrivastava 2017 developed the risk management framework for managing the risk
in Distributed Agile Development projects. The author also describes the causes and
the methods applied for managing the risk. Software companies undertake the DAD
approach for the benefits of cost and time. The DAD framework is to be highly
challenging because of the distributed and contradicting nature of Agile.
3.1 Risk Management framework
The risk would be identified and classified based on various aspects of DAD project
and how often they are used in project are noted in the risk framework. The ranked
risks based on categories, the risk causes and the approaches considered to
manage the risk are included in the framework. The framework for DAD projects was
evaluated based on risk area rankings like Group awareness, the external
stakeholder collaboration, the SDLC, project management and the technology setup
by the companies.
3.2 Risk areas concerning DAD and RM practices
Risk concerning area of DAD RM practices
projects
Communication for collaboration  Fostering team collaboration and
conducting face to face
interaction, web conferencing,
etc.
 Sharing project status and issues
using scrum masters.
 Improving communication skills
through training team members,
distributed meetings, regular
interaction with customer, etc.
Software engineering practices  Requirements gathering and
resolving issues by frequent
communication.
 Integration of modules. Usage of
tools, discussing design issues
with the architectural board,
distributed team management.
Team organization  Minimizing the distributed team
dependencies
  Enhancing trust among team
members through swapping team
members between location and
teams.
 Providing an appropriate tool for
team communication and the use
of good quality-based tools.

Table 1: Risk area and risk management practices

4.0 Risk management for Information Technology Projects

Pimchangthong 2017 Explored the risk management practices that would greatly
benefit the success of the projects. The organizational factors along with the risk
management exercises affect the project achievement. The features that affect
projects are the kind of company and the workforce sizes. Furthermore, the process
and products performance are considered for IT project success. The result
concluded that the differences in the organization types have significantly affected
the project success concerning product performances and other aspects.

4.2 Risk management best practices as metamodel

El Yamami 2017 described the PMI’s Risk Management Model that optimizes the
investment and risk to minimize the possibility of failure. The critical success factor to
any organization project is regardless of the organization size. The risk management
process includes planning risk management, identifying the risks, performing the
qualitative risk analysis, performing a quantitative risk analysis, planning the risk
responses, monitoring and controlling the risk

4.3 ISO 31000

The ISO board generated the guidelines for managing the risk process by focusing
on the risk assessment. The risk management framework or guidelines from ISO
31000 involves communication and consultation. The establishment of context, the
risk assessment, identification, analysis, evaluation, treatment, monitoring and
review process.

4.4 PMI’s Risk Management Standard

The PMIs standards would ensure that the requirements are already defined in the
PMIs risk management domain. They involve:
1. Risk strategy and planning: quantifies risk tolerance to assess risk
threshold, develop risk strategy with a risk management plan.
2. Stakeholder engagement: Assess risk tolerance, prioritizing the project risk
and promoting risk ownership.
3. Risk process facilitation: Risk identification, evaluation, prioritization and
final response.
 4. Risk monitoring and reporting: Creation of risk reports with the help of risk-
related metrics.
5. Performing specialized risk analysis: Evaluate the risks and estimate the
risk of the project. This exposure helps the stakeholder in the decision-making
process.

Conclusion
From the review of various papers, the conclusion is risk management varies from
project to project. The risk management framework would require more detailed
strategies and detailed planning for any risk in large and small-scale projects. But for
smaller projects it is enough with simple steps with identification, setting priority and
mitigating it. But overall, every risk management framework adopted by every project
would have to identify the risk to the process. Then analyse, prioritize, respond and
monitor the risk. Depending on the large or small project additional categories could
be added further to the risk management process. Therefore, the process of risk
management in a project increases stability with respect to business operation,
protects from any unexpected events, improves performance and finally guarantees
the project success.

References
 Babenko, Vitalina, Liudmila Lomovskykh, Alvina Oriekhova, Liubov
Korchynska, Marharyta Krutko, and Yelizaveta Koniaieva. 2019. “Features of
methods and models in risk management of IT projects.” Periodicals of
Engineering and Natural Sciences (PEN) 629-636.
 El Yamami, Abir, Souad Ahriz, Khalifa Mansouri, Mohammed Qbadou, and E.
Illoussamen. 2017. “Representing IT projects risk management best practices
as a metamodel.” Engineering, Technology & Applied Science Research
2062-2067.
 Gachie, Wanjiru. 2017. “Project risk management: A review of an institutional
project life cycle.” Risk Governance and Control: Financial Markets &
Institutions 163-173.
 Pimchangthong, Daranee, and Veera Boonjing. 2017. “Effects of risk
management practice on the success of IT project.” Procedia Engineering
579-586.
 Shrivastava, Suprika Vasudeva, and Urvashi Rathod. 2017. “A risk
management framework for distributed agile projects.” Information and
software technology 1-15.
 Tupa, Jiri, Jan Simota, and Frantisek Steiner. 2017. “Aspects of risk
management implementation for Industry 4.0.” Procedia manufacturing 1223-
1230.
 Willumsen, Pelle, Josef Oehmen, Verena Stingl, and Joana Geraldi. 2019.
“Value creation through project risk management.” International Journal of
Project Management 731-749.