RISK TRANSFER

Risk transfer

Chapter 1: Introduction

Information technology (IT) is one of the fastest growing industries in developed countries (Hartman and Ashrafi, 2002). IT projects can implement a rapidly expanding range of equipment, applications, services, and basic technologies that provide information to support the operation, management, analysis and decision-making functions within an organisation.

Projects are unique undertakings which involve a degree of uncertainty and are inherently risky (Chapman, 1998; Conroy and Soltan, 1998; Mak et al., 1998; PMI, 2000; Czuchry and Yasin, 2003). Risk in projects can be defined as the chance of an event occurring that is likely to have a negative impact on project objectives and is measured in terms of likelihood and consequence (Wideman, 1992; Carter et al., 1993; Chapman, 1998). Risk management is an essential practice in achieving the successful delivery of IT projects (Tuman, 1993; Remenyi, 1999).

Problem Statement

Projects fail due to lack of attention to individual project risks, aggregate risk of portfolio of projects and the recognition that different types of projects require different types of management. Yet, IT risk management is either not undertaken at all or is very poorly performed by many, if not most organisations (Remenyi, 1999). A reason for this is that focusing on potential problems may be viewed as being negative. However, management often wants to instil a positive attitude towards the implementation of IT, as it is often viewed as “flagship” for change and subsequent process improvement within organizations.

Aims and Objectives

The aims and objectives of this proposed study are:

identification of risk, where all the potential risks affecting a project are identified;

estimation of risk, where the identified risks are assessed and their importance, likelihood, severity and impact are determined; and

analysis and evaluation of risk, where the acceptability of the risk is determined and the actions that can be taken to make the risk more acceptable are evaluated.

Background of the Study

Risk analysis proposes to deal analytically with the problems involving uncertainty by identifying, evaluating and monitoring potential risks supporting alternative scenarios if the needs arise. It is argued that managers rarely use formal risk analysis when making important decisions and that risk management is ad hocand dependent on the particular skills, experience and risk-orientation of individual key project participants (Abdel-Hamid, 1989). This may be due to management's inability to conceive risk from a decision theory perspective. Intuitively there would be a link between risk management strategy and organisational behaviour, with organisations being described as either proactive or reactive in their approaches to risk. Systematicproceduralisation of risk analysis has been advocated; of note being the nine-stage project risk analysis and management (PRAM): define, focus, identify, structure, ownership, estimate, evaluate, plan and manage. Similarly, it has been argued that for analytical systematicapproaches. Risk assessment and risk monitoring are identified as critical during the implementation stage of software introduction. Managers acknowledged that whilst risk was apparent and growing in their domain of responsibility, they were not confident in their ability to manage risk.

Risk identification is invariably associated with inductive-quantitative techniques, intuitive and deductive appraisal with scenario ...