A Multi-Criterial Decision Support System For It Projects Risk Management

Proceedings of the IE 2013 International Conference
www.conferenceie.ase.ro

425

A MULTI-CRITERIAL DECISION SUPPORT SYSTEM FOR IT
PROJECTS RISK MANAGEMENT

Claudiu BRANDAS
West University of Timisoara
claudiu.brandas@feaa.uvt.ro
Otniel DIDRAGA
West University of Timisoara
otniel.didraga@feaa.uvt.ro

Abstract. IT projects are exposed to various risk factors that have a significant impact on
project deliverables and outcome of the project. Risk manifestation occurs throughout the
cycle of design, development and maintenance of the IT project. Most times these risks may
negatively affect the financial stability of the projects, the schedule and quality of the
implementation of the project requirements. Theory and practice of IT project management
classifies risks into several criteria such as: users, project requirements, project complexity,
project planning and control, team, and organizational environment in which the project
takes place. To ensure effective risk management of IT projects, project managers need to
formalize the identification and monitoring of the risk factors. Thus, we considered
appropriate to develop a tool to provide support for IT managers in project risk management.
Through this support tool, IT managers can make decisions in real time regarding the
occurrence and manifestation of risk factors so that the risk impact would be minimized by
appropriate control measures. In this paper we present a multi-criteria Decision Support
System to assist project managers in IT project risk management in the planning and
execution phases of projects.

Keywords: Risks, Project Management, IT Projects, Decision Support Systems, Risk
Management
JEL classification: M15, L86, D81

1. Introduction

IT projects are complex structures of organized activities and resources (human, material,
financial and informational resources), based on the methodologies and frameworks for the
development and implementation of Information Systems. The diversity and complexity of
using these resources in an IT project results in the manifestation of risk factors [1], [2].
These factors significantly influence the planning, execution and completion of IT projects.
In this context, IT projects require rigorous managers capable to perform efficient risk
management. In theory and practice of IT project management, risks are discussed from two
perspectives: risk identification and analysis of the relationship between threats and risks.
Risks are classified into several categories (criteria) depending on the factors and risks
generating areas: user, project requirements, project complexity, project planning and control,
team and organizational environment in which the project takes place.
According to an empirical study conducted by Wallace in 2004, there are 6 dimensions of
risks in software projects [3]: user risks, project requirements risks, project complexity risks,
project planning and control risks, team risks and organizational environment risks.

426

According to Huang and Han [4], project managers can adopt attitudes, skills and practices
regarding the risk areas identified in real time within an IT project.
To ensure an effective risk management in IT project, it is necessary to formalize the
recording and monitoring of the risk factors.
In existing literature, there are two points of view regarding risk management. The first one
[5], [6], [7] believes it is necessary for the project managers to use a framework in a form of a
risk checklist. The other [8], [9], states that it is necessary for the project managers to create
certain patterns for software risks that are affected by the project characteristics in order to
develop appropriate risk management strategies.
Considering the six dimensions of the risk, the decision is multi-criterial for IT project
managers. In this context, we consider appropriate to apply a multi-criteria decision analysis
to assist IT managers for the selection of the best alternative in IT project risk management.
For an effective risk management we considered appropriate to develop a tool to provide
support for IT managers in project risk management. The tool assists managers in making
real time decisions regarding the occurrence and manifestation of risk factors so that their
impact would be minimized by appropriate control measures.
In this paper we present a multi-criterial Decision Support System to assist project managers
in IT project risk management in the planning and execution phases of projects.
The system is based on the risk dimensions identified by Wallace [1] and Huang [2]. These
dimensions are considered as decision criteria in the risk areas of IT projects.

2. Research Methodology

Research problems
We propose a multi-criterial Decision Support System to assist project managers in IT project
risk management in the planning and execution phases of projects.
Research design
The research is quantitative based on experimental development, testing and validating the
proposed prototype.
Risk modeling was performed on six criteria with a qualitative approach based on the scoring
method and Risk Breakdown Matrix (RBM). Risk assessment for each dimension was
achieved by summing up the values of the risks elements of each risk dimension (1).
Quantifying the risk elements of each dimension was achieved by the multiplying the
probability of the risks and their potential impact (2). Risk values for each dimension
(criterion) were associated with a set of alternatives that managers can follow (3). The
probability of occurrence level and the impact level were quantified on a scale from 1 to 3
(4).

R
= R
,]
(1)

R
i
Risk value for the i;
R
i,j
Risk value for the j element of the i dimension;

R
]
= P
],k
I
],k
(2)

P
j,k
k risks probability of occurrence for the j element;
P
j,k
k risks potential impact for the j element;


A
j,k
k alternative for the risk of the i

{Low, Medium, High}

The sample consists of five projects of software development and three projects of software
(ERP) implementation.
The system was developed using Yii framework
technologies, and distributed on the Apache Web Serve

3. Results and Discussions

Next, we describe the system functions and the results obtained by processing data entered on
an IT project. The obtained system has the following functions:
Defining the questionnaires base for assessing risks in the six di
Defining the risk assessment model.
Defining the rules for analysis and interpretation of risk values.
Interface to answer the questionnaire (Figure 1 and Figure 2) for the two types of
activities: planning and execution.
The report generator.

Figure 1.

In figure 1, we present the risk estimation form for the project planning phase. On the upper
side, there is important information about the project (project ID, project title, project
manager, client and industry). The risks are listed by their category: user risks, requirements
risks, project complexity risks, planning and control risks, project team risks and
organizational environment risks. The first estimation column refers to whether the risk
applicable or not in the planning phase. The second column refers to the probability of
427

{ R
i
} {A
i,k
} (3)
k alternative for the risk of the i dimension;
{Low, Medium, High} {1, 2, 3} (4)
The system was developed using Yii framework [10] based on PHP and MySQL
technologies, and distributed on the Apache Web Server.
an IT project. The obtained system has the following functions:
Defining the questionnaires base for assessing risks in the six dimensions.
Defining the risk assessment model.
Defining the rules for analysis and interpretation of risk values.
activities: planning and execution.
The report generator.
Figure 1. Risk estimation form - project planning phase
nt and industry). The risks are listed by their category: user risks, requirements
organizational environment risks. The first estimation column refers to whether the risk
based on PHP and MySQL
mensions.


nt and industry). The risks are listed by their category: user risks, requirements
organizational environment risks. The first estimation column refers to whether the risk is

occurrence of the certain risk. The third column refers to the impact of the possible
manifestation of the risk.
In figure 2, we present the risk estimation form for
similar to the previous one and it also has three columns for risk value estimation: risk
applicability, risk probability of occurrence and risk impact.
In figure 3, we present the project risk matrix report. The r
in the risk estimation for the planning and execution phase.

Figure 2

In figure 4, we present the risk value graph for the current project. It is correlated with the
values in the project risk matrix report. We observe that the value of the project complexity
risk is the highest in the planning phase, while in the execution phase, the
requirements is higher.
428

, we present the risk estimation form for the project execution phase. The form is
applicability, risk probability of occurrence and risk impact.
In figure 3, we present the project risk matrix report. The report sums up the values recorded
in the risk estimation for the planning and execution phase.
Figure 2. Risk estimation form - project execution phase
Figure 3. Project risk matrix report
, we present the risk value graph for the current project. It is correlated with the
risk is the highest in the planning phase, while in the execution phase, the value of the project
the project execution phase. The form is
eport sums up the values recorded

, we present the risk value graph for the current project. It is correlated with the
value of the project

429

Figure 4. Risk value graph

Depending on the outcome of the risk assessment on the six dimensions, IT project managers
can take action to minimize the impact of risks on project elements. The generated reports
regarding the magnitude of the risk on the six criteria provide a set of alternatives to
managers for decision making and necessary actions to ensure IT project success.

4. Conclusions

IT project risk management is an area of great interest in current research. The number of IT
projects has grown exponentially in recent years. In the same time, the risks associated with
these projects have had a significant impact on their success. Through our research, we have
shown that the risk management approach is multi-criterial in IT project management. We
also emphasized the need for a tool to assist IT managers in risk management in the planning
and execution stages. We focused on these steps in order to be proactive and preventive, but
also, reactive in choosing the risk management strategy. Thus, the impact of risk is identified
in the early stages of the development projects, and managers can react quickly and
efficiently. The most important result of this research is the development of a multi-criteria
DSS to assist IT managers in risk management in the planning and execution phases of IT
projects.
Through this work we have added valuable results in the practice and theory of risk
management in IT projects.
As future research directions we intend to integrate the analysis and centralized monitoring of
project risk groups according to managers, industry and customer. We will also redesign the
system based on an ontological approach of risk in IT projects.

References

[1] C. Brandas, O. Didraga and N. Bibu, Study on Risk Approaches in Software
Development Projects, Informatica Economic Journal, vol. 16, no. 3, pp. 148-157, 2012.

[2] O. Didraga, IT Project Risk Management Tools and Techniques Applied in Romanian IT
Companies, Journal of Applied Business Information Systems, vol. 2, no. 3, pp. 51-58,
2012.

[3] L. Wallace, M. Keil and A. Rai, Understanding software project risk: a cluster analysis,
Information & Management, vol. 42, no. 1, pp. 115125, 2004.


430

[4] S.-J. Huang and W.-M. Han, Exploring the relationship between software project
duration and risk exposure: A cluster analysis, Information & Management vol. 45, no.1,
pp. 175182, 2008.

[5] T. Addison, E-commerce project development risks: Evidence from a Delphi survey,
International Journal of Information Management, vol. 23, no. 1, pp. 2540, 2003.

[6] D. Aloini et al., Risk management in ERP project introduction: review of the literature,
Information & Management, vol. 44, no. 6, pp. 547567, 2007.

[7] M. Keil, et al., A framework for identifying software project risks, Communications of
the ACM, vol. 41, no. 11, pp. 7683, 1998.

[8] J.J. Jiang and G. Klein, Software development risks to project effectiveness, The
Journal of Systems and Software, vol. 52, no. 1, pp. 310, 2000.

[9] S.R. Nidumolu, Standardization, requirements uncertainty and software project
performance, Information & Management, vol. 31, no. 3, pp. 135150, 1996.

[10] ***, Yii Framework, http://www.yiiframework.com/

A Multi-Criterial Decision Support System For It Projects Risk Management

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

A Multi-Criterial Decision Support System For It Projects Risk Management

Caricato da

Copyright:

Formati disponibili

Proceedings of the IE 2013 International Conference

Potrebbero piacerti anche