The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2011 vol.37)
pp: 635-648
Tak Wah Kwan , The Hong Kong Polytechnic University, Hong Kong
Hareton K.N. Leung , The Hong Kong Polytechnic University, Hong Kong
Project risks are not always independent, yet current risk management practices do not clearly manage dependencies between risks. If dependencies can be explicitly identified and analyzed, project managers will be able to develop better risk management strategies and make more effective risk planning decisions. This paper proposes a management methodology to address risk dependency issues. Through the study of three IT projects, we confirm that risk dependencies do exist in projects and can be identified and systematically managed. We also observed that, as project teams needed to deal with risk dependency issues, communications between projects were improved, and there were synergetic effects in managing risks and risk dependencies among projects.
Project risk management, risk dependencies, risk assessment, metrics.
Tak Wah Kwan, Hareton K.N. Leung, "A Risk Management Methodology for Project Risk Dependencies", IEEE Transactions on Software Engineering, vol.37, no. 5, pp. 635-648, September/October 2011, doi:10.1109/TSE.2010.108
[1] B. Lientz and K. Rea, Breakthrough Technology Project Management. Academic Press, 2001.
[2] S. Sherer, "Managing Risk beyond the Control of IS Managers: The Role of Business Management," Proc. 37th Hawaii Int'l Conf. System and Sciences, 2004.
[3] T. Kwan and H. Leung, "Improving Risk Management Practices for IT Projects," Proc. IASTED Int'l Conf. Advances in Computer Science and Technology, 2007.
[4] P. Garvey, Probability Methods for Cost Uncertainty Analysis—A Systems Engineering Perspective. Marcel Dekker, 2000.
[5] B.W. Boehm, Software Risk Management. IEEE CS Press, 1989.
[6] B.E. White, "Enterprise Opportunity and Risk," Proc. INCOSE 2006 Symp., July 2006.
[7] COSO (Committee of Sponsoring Organisations of the Treadway Commission), Enterprise Risk Management: Integrated Framework, www.coso.orgpublications.htm, 2004.
[8] K. Kähkönen, "Integration of Risk and Opportunity Thinking in Projects," Proc. Fourth European Project Management Conf. June 2001.
[9] Project Management Inst., A Guide to the Project Management Body of Knowledge (PMBOK Guide), fourth ed. Project Management Inst., 2008.
[10] R.N. Charette, Software Engineering Risk Analysis and Management. McGraw-Hill, 1989.
[11] A. Dorofee, J. Walker, C. Alberts, R. Higuera, T. Murray, and R. Williams, Continuous Risk Management Guidebook. Software Eng. Inst., Carnegie Mellon Univ., 1996.
[12] R. Van Scoy, Software Development Risk: Opportunity, Not Problem. Software Eng. Inst., Carnegie Mellon Univ., 1992.
[13] R. Williams, J. Walker, and A. Dorofee, "Putting Risk Management into Practice," IEEE Software, vol. 14, no. 3, pp. 75-82, May 1997.
[14] Software Eng. Inst., CMMI for Development, Version 1.2, Carnegie Mellon Software Eng. Inst., Aug. 2006.
[15] Am. Systems Corporation, Risk Management Process and Implementation. Am. Systems Corp., Chantilly, Va., 2003.
[16] D. Hillson, "Extending the Risk Process to Manage Opportunities," Proc. Fourth European Project Management Conf., June 2001.
[17] D. Lock, The Essentials of Project Management, third ed. Gower Publishing, 2007.
[18] A. Bouti and A. Kadi, "A State-of-the-Art Review of FMEA/FMECA," Int'l J. Reliability, Quality and Safety Eng., vol. 1, pp. 515-543, 1994.
[19] IT Governance Inst., IT Assurance Guide Using COBIT, The IT Governance Inst., 2007.
[20] IEC61025, Fault Tree Analysis (FTA), second ed. Int'l Electrotechnical Commission, 2006.
[21] T. Aven, Reliability and Risk Analysis, first ed. Elsevier Applied Science, 1992.
[22] IEC60300-3-9, Dependability Management—Part 3: Application Guide —Section 9: Risk Analysis of Technological Systems Event Tree Analysis (ETA), first ed., Int'l Electrotechnical Commission, 1995.
[23] D. Nielsen, The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis, Danish Atomic Energy Commission, RISO-M-1374, 1971.
[24] Application of Markov Techniques, IEC61165, second ed., Int'l Electrotechnical Commission, 2006.
[25] J. Pearl, Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, 1998.
[26] N. Fenton and M. Neil, Combining Evidence in Risk Analysis Using Bayesian Networks, Agena White Paper, W0704/01, v01.01, 2004.
[27] E. Navarro, P. Letelier, D. Reolid, and I. Ramos, "Configurable Satisfiability Propagation for Goal Models Using Dynamic Compilation Techniques," Advances in Information Systems Development: New Methods and Practice for the Networked Society, pp. 167-179, Springer, 2007.
[28] P. Giorgini, J. Mylopoulos, E. Nicchiarelli, and R. Sebastiani, "Formal Reasoning Techniques for Goal Models," J. Data Semantics, vol. 1, pp. 1-20, 2003.
[29] Y. Asnar and P. Giorgini, "Modelling Risk and Identifying Countermeasure in Organizations," Proc. First Int'l Workshop Critical Information Infrastructures Security, 2006.
[30] T. Kwan and H. Leung, "Estimating Project Risk Dependencies," Proc. 13th IASTED Int'l Conf. Software Eng. and Applications, 2009.
[31] T. Kwan and H. Leung, "An Enhanced Risk Taxonomy for Information Technology Projects," Proc. IASTED Int'l Conf. Software Eng. and Applications, 2005.
[32] B. Boehm, "Software Risk Management: Principles and Practices," IEEE Software, vol. 8, no. 1, pp. 32-41, Jan. 1991.
[33] R. Ferguson, "A Project Risk Metric," CrossTalk, The J. Defense Software Eng., vol. 17, no. 4, pp. 12-15, Apr. 2004.
19 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool