Risk Management in Information Systems Projects: It Can Be Risky Not To Do It

Risk Management in Information Systems Projects: It Can Be Risky Not To Do It

João Varajão, António Amaral
DOI: 10.4018/IJPMPA.20210101.oa
Article PDF Download
Open access articles are freely available for download


Information technologies (IT) and information systems (IS) are the backbone of any developed business, and organizations without them cannot compete. In recent decades, many best practices standards, and guides have been made available to project managers and organizations aimed to improve project management. Unfortunately, IS projects continue to show a poor track record, and problems related to project management performance persists. Risk management has a vital role in this context since it can increase the likelihood and impact of positive events, and decrease the likelihood and impact of adverse events in the project. This article presents the results of an international web-based survey, studying if risk management processes are being implemented consistently in IS project management. The obtained results show low levels of risk management processes implementation and reinforce the idea that “it can be risky not to do risk management,” demanding more research in this area.
Article Preview


All IS projects are risky since they are unique undertakings with varying degrees of complexity that aim to deliver benefits (PMI, 2017). In discussing risk management, it is necessary to consider two main aspects. The first is about understanding and defining the notions of uncertainty and risk. Knight and Frank (2012) make a distinction between measurable uncertainty (which can be considered risk) and non-measurable uncertainty. One can assume that risks are related to events that are either perceived or perceptible and the likelihood of which can be estimated (Hofman and Grela, 2018).

A general dictionary definition states that risk is “the possibility of loss or injury.” This definition highlights the negativity (“loss or injury”) often associated with risk and points out that uncertainty (“possibility”) is involved (Schwalbe, 2018). On the one hand, following PMI (2017) definition, a risk is “an uncertain event or condition that, if it occurs, has a significant positive or negative effect on at least one objective.” This means that, in a project, we can have negative risks, but also positive risks (thus having a positive effect on meeting project objectives). IPMA (2015) distinguishes risks (negative effects) from opportunities (positive effects), stating that they should always be viewed considering their relation to and consequences for realizing the objectives of the project.

Complete Article List

Search this Journal:
Volume 11: 1 Issue (2024): Forthcoming, Available for Pre-Order
Volume 10: 2 Issues (2022): 1 Released, 1 Forthcoming
Volume 9: 2 Issues (2021)
Volume 8: 2 Issues (2020)
View Complete Journal Contents Listing