A Risk Management Methodology for Project Risk Dependencies

Tak Wah Kwan; Hareton K.N. Leung

doi:10.1109/TSE.2010.108

Publication
2011
Issue No. 5 - September/October
Abstract - A Risk Management Methodology for Project Risk Dependencies

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Tak Wah Kwan Articles by Hareton K.N. Leung

A Risk Management Methodology for Project Risk Dependencies

September/October 2011 (vol. 37 no. 5)

pp. 635-648

	ASCII Text	x
	Tak Wah Kwan, Hareton K.N. Leung, "A Risk Management Methodology for Project Risk Dependencies," IEEE Transactions on Software Engineering, vol. 37, no. 5, pp. 635-648, September/October, 2011.

	BibTex	x
	@article{ 10.1109/TSE.2010.108, author = {Tak Wah Kwan and Hareton K.N. Leung}, title = {A Risk Management Methodology for Project Risk Dependencies}, journal ={IEEE Transactions on Software Engineering}, volume = {37}, number = {5}, issn = {0098-5589}, year = {2011}, pages = {635-648}, doi = {http://doi.ieeecomputersociety.org/10.1109/TSE.2010.108}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Software Engineering TI - A Risk Management Methodology for Project Risk Dependencies IS - 5 SN - 0098-5589 SP635 EP648 EPD - 635-648 A1 - Tak Wah Kwan, A1 - Hareton K.N. Leung, PY - 2011 KW - Project risk management KW - risk dependencies KW - risk assessment KW - metrics. VL - 37 JA - IEEE Transactions on Software Engineering ER -

Tak Wah Kwan, The Hong Kong Polytechnic University, Hong Kong

Hareton K.N. Leung, The Hong Kong Polytechnic University, Hong Kong

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSE.2010.108

Project risks are not always independent, yet current risk management practices do not clearly manage dependencies between risks. If dependencies can be explicitly identified and analyzed, project managers will be able to develop better risk management strategies and make more effective risk planning decisions. This paper proposes a management methodology to address risk dependency issues. Through the study of three IT projects, we confirm that risk dependencies do exist in projects and can be identified and systematically managed. We also observed that, as project teams needed to deal with risk dependency issues, communications between projects were improved, and there were synergetic effects in managing risks and risk dependencies among projects.

[1] B. Lientz and K. Rea, Breakthrough Technology Project Management. Academic Press, 2001.
[2] S. Sherer, "Managing Risk beyond the Control of IS Managers: The Role of Business Management," Proc. 37th Hawaii Int'l Conf. System and Sciences, 2004.
[3] T. Kwan and H. Leung, "Improving Risk Management Practices for IT Projects," Proc. IASTED Int'l Conf. Advances in Computer Science and Technology, 2007.
[4] P. Garvey, Probability Methods for Cost Uncertainty Analysis—A Systems Engineering Perspective. Marcel Dekker, 2000.
[5] B.W. Boehm, Software Risk Management. IEEE CS Press, 1989.
[6] B.E. White, "Enterprise Opportunity and Risk," Proc. INCOSE 2006 Symp., July 2006.
[7] COSO (Committee of Sponsoring Organisations of the Treadway Commission), Enterprise Risk Management: Integrated Framework, www.coso.orgpublications.htm, 2004.
[8] K. Kähkönen, "Integration of Risk and Opportunity Thinking in Projects," Proc. Fourth European Project Management Conf. June 2001.
[9] Project Management Inst., A Guide to the Project Management Body of Knowledge (PMBOK Guide), fourth ed. Project Management Inst., 2008.
[10] R.N. Charette, Software Engineering Risk Analysis and Management. McGraw-Hill, 1989.
[11] A. Dorofee, J. Walker, C. Alberts, R. Higuera, T. Murray, and R. Williams, Continuous Risk Management Guidebook. Software Eng. Inst., Carnegie Mellon Univ., 1996.
[12] R. Van Scoy, Software Development Risk: Opportunity, Not Problem. Software Eng. Inst., Carnegie Mellon Univ., 1992.
[13] R. Williams, J. Walker, and A. Dorofee, "Putting Risk Management into Practice," IEEE Software, vol. 14, no. 3, pp. 75-82, May 1997.
[14] Software Eng. Inst., CMMI for Development, Version 1.2, Carnegie Mellon Software Eng. Inst., Aug. 2006.
[15] Am. Systems Corporation, Risk Management Process and Implementation. Am. Systems Corp., Chantilly, Va., 2003.
[16] D. Hillson, "Extending the Risk Process to Manage Opportunities," Proc. Fourth European Project Management Conf., June 2001.
[17] D. Lock, The Essentials of Project Management, third ed. Gower Publishing, 2007.
[18] A. Bouti and A. Kadi, "A State-of-the-Art Review of FMEA/FMECA," Int'l J. Reliability, Quality and Safety Eng., vol. 1, pp. 515-543, 1994.
[19] IT Governance Inst., IT Assurance Guide Using COBIT, The IT Governance Inst., 2007.
[20] IEC61025, Fault Tree Analysis (FTA), second ed. Int'l Electrotechnical Commission, 2006.
[21] T. Aven, Reliability and Risk Analysis, first ed. Elsevier Applied Science, 1992.
[22] IEC60300-3-9, Dependability Management—Part 3: Application Guide —Section 9: Risk Analysis of Technological Systems Event Tree Analysis (ETA), first ed., Int'l Electrotechnical Commission, 1995.
[23] D. Nielsen, The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis, Danish Atomic Energy Commission, RISO-M-1374, 1971.
[24] Application of Markov Techniques, IEC61165, second ed., Int'l Electrotechnical Commission, 2006.
[25] J. Pearl, Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, 1998.
[26] N. Fenton and M. Neil, Combining Evidence in Risk Analysis Using Bayesian Networks, Agena White Paper, W0704/01, v01.01, 2004.
[27] E. Navarro, P. Letelier, D. Reolid, and I. Ramos, "Configurable Satisfiability Propagation for Goal Models Using Dynamic Compilation Techniques," Advances in Information Systems Development: New Methods and Practice for the Networked Society, pp. 167-179, Springer, 2007.
[28] P. Giorgini, J. Mylopoulos, E. Nicchiarelli, and R. Sebastiani, "Formal Reasoning Techniques for Goal Models," J. Data Semantics, vol. 1, pp. 1-20, 2003.
[29] Y. Asnar and P. Giorgini, "Modelling Risk and Identifying Countermeasure in Organizations," Proc. First Int'l Workshop Critical Information Infrastructures Security, 2006.
[30] T. Kwan and H. Leung, "Estimating Project Risk Dependencies," Proc. 13th IASTED Int'l Conf. Software Eng. and Applications, 2009.
[31] T. Kwan and H. Leung, "An Enhanced Risk Taxonomy for Information Technology Projects," Proc. IASTED Int'l Conf. Software Eng. and Applications, 2005.
[32] B. Boehm, "Software Risk Management: Principles and Practices," IEEE Software, vol. 8, no. 1, pp. 32-41, Jan. 1991.
[33] R. Ferguson, "A Project Risk Metric," CrossTalk, The J. Defense Software Eng., vol. 17, no. 4, pp. 12-15, Apr. 2004.

Index Terms:

Project risk management, risk dependencies, risk assessment, metrics.

Citation:

Tak Wah Kwan, Hareton K.N. Leung, "A Risk Management Methodology for Project Risk Dependencies," IEEE Transactions on Software Engineering, vol. 37, no. 5, pp. 635-648, Sept.-Oct. 2011, doi:10.1109/TSE.2010.108

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.