A proposed project risk management framework in the information technology environment
Van Antwerp, Herbert James
MetadataShow full item record
Information Technology (IT) projects that resulted from the accelerated technological pace of change, will enable a path of growth and long term return on investment (ROI) for organisations. However, embarking on such large scale investments leave little opportunity to turn back, and sound project management principles will be required to effectively manage unforeseen issues during the project life cycle, and if these fail, the organisations will be constantly functioning in crisis mode. The absence of risk control and risk management can be destructive towards overall business performance. Management skills are therefore of paramount importance to reduce direct cost of projects and to handle increased challenges derived from improvements on existing IT infrastructures. The need for a robust risk management framework exists although many industry standard methodologies are available to assist management in the ongoing task of project delivery. The main objective of the study was to propose a general reference framework that describes an optimal project risk management process plan for IT projects from various industry types in South Africa. The literature study focused on identifying key factors and components within the project risk management academic field. This framework can also be useful to organisations in developing and expanding existing project risk management processes to facilitate the preparation and practical implementation in order to give assurance to stakeholders that all potentially momentous risks are identified and properly managed. Shareholders require transparency and high standards of corporate governance that must therefore function in an environment that cultivate open communication channels. Shareholder value will be delivered by means of information that is applied through effective knowledge management initiatives and constantly monitored by measurable strategic objectives. The second part of the study entails an empirical investigation that identified the  general project management issues within organisations;  perceptions on risk management practices;  key factors within project risk management;  and methodologies/frameworks that are applied in practice. The results indicated that it simply will not suffice with only managing some stages of a project cycle. Information audits form an integral part in maximising Information Systems (IS) that must be aligned with the overall organisational strategy. Strategy, performance and sustainability are inseparable assets of any organisation. IT governance perceived by organisations as important, can improve its competitive value with effective risk practises like risk methodology and data management. Knowledge management will lead management towards better competitive positions as well as increasing the overall organisational performance levels. Risks identified must be well documented, and the implementation of risk support systems will enable business management to anticipate future conditions and plan ahead. Management tools like Prince2 and PMBOK can guide the project management process. None of them, however, ensure project success and the project team must decide on the combination of each tool to implement according to individual organisational needs. The study further indicated that an organisation must cultivate an open communication channel for identifying and escalating risk and issues. Risk management can be seen as a scientific soul mate to project management with communication lying at the heart of effective risk management. Effective communication will establish critical links between shareholders' needs; information distribution; performance reporting; and management of issues towards shareholders. Governance, as the binding glue for organisations, has been one of the fastest growing elements of risk management. Performance measurement is paramount to IT governance and must be set and monitored by measurable objectives. COBIT as a comprehensive framework for IT management, promotes an excellent reference model to advance IT governance. King III, as non-legislated code towards JSE Securities Exchange, states that a company should have a risk assessment framework in place to enable management to pro-actively and continuously address risks. Basel II has reached the plateau but its effectiveness purely rests on the management of financial institutions to extend beyond the regulation alone. Various ISO standards can be used in conjunction with these management tools like the ISO 31000 risk management standard to guide management in the effective implementation of risk practices. The empirical research indicated that knowledge management will lead organisations towards better competitive positions as well as increasing the organisation's overall performance levels. It further indicated that IT governance can improve an organisation's competitive value with effective risk management practices. The study revealed that top management involvement is vital with each IT project intervention along with the required sponsor support. Project risk management is not only the project teams' responsibility, but the organisation as a whole. The strategy of an organisation must cultivate an open communication channel within projects; clearly assign roles and accountability; enforce a repository support system to monitor and evaluate risks; and to drive risk awareness throughout the organisation.