a study on the impact of dimensions of risk …€¦ · a study on the impact of dimensions of risk...

http://www.iaeme.com/IJM/index.asp 754 [email protected]

International Journal of Management (IJM) Volume 11, Issue 9, September 2020, pp. 754-769, Article ID: IJM_11_09_071

Available online at http://www.iaeme.com/IJM/issues.asp?JType=IJM&VType=11&IType=9

ISSN Print: 0976-6502 and ISSN Online: 0976-6510

DOI: 10.34218/IJM.11.9.2020.071

© IAEME Publication Scopus Indexed

A STUDY ON THE IMPACT OF DIMENSIONS

OF RISK MANAGEMENT ON RISK

MANAGEMENT PRACTICES IN IT PROJECTS

IN THE UAE

Venugopal Karuthedath Vijayan

Research Scholar, Banasthali Vidyapith, Newai, Rajasthan, India

Dr. Neelam Sharma

Associate Professor, Banasthali Vidyapith, Newai, Rajasthan, India

ABSTRACT

A study on the impact of dimensions of risk management such as project

complexity, project planning and control, project team and organizational

environment on risk management practices of IT firms that develop and manage

projects in the UAE

The IT sector has been growing at a rapid rate in a country like UAE due to the

impetus and incentives offered by the rulers with a view to transform the country as a

hub of knowledge management center. Opportunities for various projects are

identified by the government and offered to private as well as public sector

undertakings to trigger off the momentum of diversification. Many information

technology companies exist in the country and the sector has been growing as a major

provider of employment opportunities to qualified job seekers across the world. From

various studies, it has been found that the projects handled by many companies fail to

give proper attention to the risk management aspect and the failure of many projects

in the form of time overrun, higher cost and failure to fulfill customer requirements

can be attributed to the absence of proper care given to various dimensions of risk

management as well as various aspects of risk management practice. Hence, the study

focuses on the relationship between certain primary dimensions of risk management

and its impact on risk management practices such as risk identification, risk analysis,

risk response planning and risk response monitoring and controlling. The study

reveals a very strong positive correlation between two major aspects of risk

management in projects which are risk dimensions and risk management practice.

Key words: Emergency Provisions, Proclamation, Fundamental Rights, Suspension,

Judicial Review, Individual Liberty.

A Study on the Impact of Dimensions of Risk Management on Risk Management Practices in it Projects in

the UAE


Cite this Article: Venugopal Karuthedath Vijayan and Neelam Sharma, A Study on

the Impact of Dimensions of Risk Management on Risk Management Practices in it

Projects in the UAE, International Journal of Management, 11(9), 2020, pp. 754-769.

http://www.iaeme.com/IJM/issues.asp?JType=IJM&VType=11&IType=9

1. INTRODUCTION

An analysis of the published studies on risk management and its impact on success of IT

projects reveals that critical success factors (CSF) for implementing risk management has not

been given in-depth attention and it can be found out to be an under-researched area

(Uluocak, 2013). It is a well known fact that the information technology (IT) projects are

found to be more complex and more unpredictable than projects in areas such as engineering

and construction (Ewusi-Mensah, 1997; Kapur, 1999; Rodriquez-Repiso, Setchi, & Salmeron,

2007). Over the past few decades, attempts have been made by researchers and experts to

address the issues such as time lag and project delay, cost spillover and over budget,

scheduling problems as well as customer delivery and customer satisfaction (PMI, 2012;

Mahaney & Lederer, 2006; Tadayon, Jaafar and Nasri, 2012).

From a broader perspective, it can be stated that a project becomes successful when it has

achieved its objectives and it is often measured in terms of specific project results (Lim and

Mohamed, 1999). Hence, a project and its success should be evaluated from the point of view

of its completion and stakeholder‘s satisfaction and from the point of view of its completion,

the operational aspects of a project should be given vital importance. This implies that the

success of a project can be defined in terms of the completion of its activity at budgeted cost,

within the specified allocated timeframe at benchmarked technical performance which is

acceptable to the customers (Hawk, 2006). Hence, it is worthwhile to analyze the impact of

dimensions of risk management on risk management practices in IT projects, which can

provide deeper insights into the preliminary precautions that need to be taken to avoid pitfalls

in project risk management in IT projects.

2. PROJECT AND PROJECT MANAGEMENT

A project can be defined as a unique process comprising of a set of coordinated and controlled

activities with specific commencement and conclusion dates and is undertaken to achieve

certain objectives within the constraints of cost, time and resources (BS ISO 10006, 2010).

Alternatively, a project can be thought of as a temporary endeavor undertaken by a firm with

a view to produce a distinctive product, service, event or outcome (PMBOK Guide, 2018). In

short it can be stated that a project is the application of focused activities to generate

deliverables, but it should be kept in mind the fact that project deliverables are only a means

to an end and hence, the real effort in performing a project is to attain given outcomes that

should provide specific measurable benefits (PM2

Methodology Guide, 2018). The project

Management is the application of knowledge, tools, skills and techniques on activities related

to project with the objective of achieving pre-determined goals. It is a management process

that comprises of planning the activities, translate into actions, measure the progress and

achievement and ultimately the performance as per the pre-determined objectives and targets

(CBP, 2005).

3. RISK AND RISK MANAGEMENT

Regarding the term ‗risk‘ there exists consensus among researchers and experts that the

essence of the concept of risk lies in the probability of an event which is adverse and the

magnitude of its consequences is negative (Rayner and Cantor, 1987). In other words, in any

Venugopal Karuthedath Vijayan and Neelam Sharma


definite situation, an unexpected adverse outcome may or may not arise and the causative

elements skew towards the possibilities of diverse outcomes (Graham and Rhomberg, 1996).

An uncertain event or condition, if occurs, will have negative or positive effect on a project‘s

objective (PMBOK Guide, 2018) and these uncertainties are termed as risk. Hence, the risks

concept should consider both the factors while defining it and the entire staff members

involved in a project or business venture should have a holistic view of the concept of risk

(Andrian, 2007). To achieve the objectives of a project and to complete is successfully, the

risk should be managed effectively and efficiently (Edwards and Bowen, 2005) as it can be

stated that every human endeavor involves risks and hence, it should be managed properly

(Wilder and Davis, 1998). So risk management is an imperative necessity for the successful

achievement of objectives of a project. Project risk management can be defined as the art and

science of identification, analysis and responding to the uncertainties that emerges during the

life period of a project in such a way as to achieve the project objectives by satisfying all the

stakeholders (Schwalbe, 2016). So management of risk is the way by which the risks are

contained by an organization through the application of management principles such as

planning, organizing, controlling and directing all the activities to successfully achieve the

project objectives (Moeller, 2007). The researchers on risk management have given deeper

insights into four areas of risk management such as risk identification, risk assessment,

response planning and risk monitoring (Del Cano & Cruz, 2002).

4. RISK MANAGEMENT IN IT PROJECTS

Despite the fact that the technological aspects of information technology has been growing

due to the advancement of technological innovations, the failure of IT projects have been

found to be quite high, both in advanced countries as well as in developing countries of the

world (Tchankova, 2002). In a study conducted by Standish Group (CHAOS, 2014), it was

found that nearly 90% of the projects were completed late, 66% were considered to be

deemed failures due to the inability to achieve its goals, and approximately 30% of the

projects were scrapped. Out of the total sample of 7400 IT projects, only 10% were completed

successfully which indirectly imply that the customer satisfaction level was only 10% which

is a meager figure as compared to the amount of cost, time and resources utilized (Rashad &

Kaizer, 2011). It can also be found that one of the consistent reasons influencing the project

failures in IT field are various types of risks associated with planning and implementing the

projects with the presumption that the project is on its track (Jiang, Klein and Chen 2006;

Willcocks and Graeser, 2001). Failure in identifying the risk and effectively managing it

during the life cycle of the project imposes high level of uncertainty in these projects which

finally contributes to the project failure (Baccarini et al., 2004) and hence, a prudent risk

management system is an unavoidable part of an IT project for its successful delivery (Gobeli

et al., 1998; Willcocks and Graeser, 2001; Jiang and Klein, 2001; Hartman and Ashraffi,

2002).

5. LIMITATIONS OF CONVENTIONAL RISK MANAGEMENT

SYSTEM

The transformation that engulfs the industrial scenario such as the convergence of industry,

technological disruption, instantaneous access to information by the pubic etc. has magnified

the potentiality of the sources of uncertainties across all the industries around the world

(WEF, 2019). These changes have complicated the process of risk management now. From

the standpoint of operational feasibility, we can classify the conventional risk management

approaches as either ―accountant‖ or ―assurance‖. The ―accountant‖ approach gives focus to

comprehensive risk screening, risk evaluation and risk reporting which is incorporated in


the UAE


ERM (Enterprise Risk Management). The major weakness of this approach is that it is

difficult to assure the nature of high level reported risk. The assurance is complicated by

extensive level of documentation and reporting of the data pertaining to risk but fails to

provide information for decision making process in risk management. So VBRM (value based

risk management) system is developed which exposes the weaknesses of the accountant and

assurance system by focusing on four main areas such as maintenance of strategic alignment,

focus on vulnerabilities, facilitation of decision making and build a dynamic work culture

(Little, 2016). In VBRM, various dimensions of risk management and its impact on risk

management practices are given importance as these factors are very important in maintaining

strategic alignment, decision making and successful implementation of a project.

6. LITERATURE REVIEW

Expansion of business across the world and development of various sectors and subsectors of

economic activities and various projects have been undertaken to achieve the objectives of

different stakeholders, it has been recognized that project risk management is very important

in project management now (Raz et al., 2002, Ibbs and Kwak, 2000, Zwikael and Globerson,

2006, Zwikael and Sadeh, 2007). One of the pioneering articles that emphasized the

importance of risk management was contributed by Ibbs and Kwak (2000) intended for

project managers operating in telecommunications, manufacturing of high-tech products,

information technology and construction engineering. Regarding the nature of risks,

conceptual aspects, dimensions of risk and risk management practice and project success, the

research works of Widerman (1992), Bernstein (1997) and De Meyer et al (2002) are

outstanding. The practical aspects of project risk management along with various tools of

project risk management is contributed by PMI (2018) which forms the basis of modern risk

management practices across the world among the professionals and professional bodies.

When the IT sector is considered, the body or research examining risk in IT projects dates

back to 40 years with Boehm (1973), Brooks (1974), Alter and Ginzberg (1978), McFarlan

(1981) and Zmud (1980) who can be considered as the early contributors in the field of

project risk management. But their findings and recommendations were not given much

attention by organizations that operated in the field of information technology ((Pfleeger,

2000; Addison and Vallabh, 2002; Kutsch and Hall, 2005; Taylor, 2005; Bannerman, 2008;

de Bakker et al., 2010) partially due to the lack of interest among the project managers and

partially due to the failure in making a proper assessment of project risk dimensions and its

relationship with project management practices and it can be found that both the risk

dimensions and risk management practices draw on decision making models based on

probability and expected utility (Charette, 1996; Pender, 2001; Ward and Chapman, 2003;

Kutsch and Hall, 2005). If can be found that the researchers on risk management have given

priority to process models that offers risk management prescriptions (Boehm, 1991; Fairley,

1994; Charette, 1996; Heemstra and Kusters, 1996; Powell and Klein, 1996; Keil et al., 1998;

Barki et al., 2001; Simister, 2004), by giving detailed attention to the changes that occurs on

the four major processes such as risk identification, risk assessment, risk response planning,

and monitoring. But this traditional approach failed to consider various risk management

dimensions and its impact on various related processes as they believed in continuous

learning process and adaptability to unforeseen changing situations whenever unpredictable

and uncertain situations arises (Pich et al., 2002; Sommer and Loch, 2004). But due to

changes in the business scenario, the projects have become more and more complex

(Baccarini, 1996; Chang & Christensen, 1999; Hillson & Simon, 2007; Philbin, 2008; Vidal

et al., 2011; Williams, 1999) and the degree of failure in projects increased which exposed the

failure of the traditional system of project risk management (Atkinson, 1999; Flyvbjerg et al.,



2003; Mulcahy, 2003; Raz et al., 2002; Sharma et al., 2011). The failure can be attributed to

various pitfalls and lack of diligence in perceiving causal relationship between early

indications or incidents in project management which makes later results ambiguous and

highly complex (Williams, Klakegg, Walker, Aderson, & Magnussen, 2012). In order to

resolve the problems, the modern enterprise risk management (ERM) approach is developed

(Allayannis & Weston, 2001; Andersen, 2008; Liebenberg & Hoyt, 2003; Teoh, 2009) and its

application is acclaimed as highly successful in the field of information technology projects

(Moeller, 2007; Loosemore, Raftery, Reilly & Higgon; 2006) where risk management culture,

risk management plan, risk identification, risk analysis and risk treatment is given priority

(IIRM, 2016).

7. BACKGROUND OF THE STUDY

After the formation of UAE in the year 1971, the country has become a model of economic

growth in the entire Middle East by combining planning through direction and free price

mechanism, which has placed the country as one of the leading economies in the entire GCC

countries (Government.ae, 2019). By adopting various business friendly policies and

developing world class infrastructure, the country has been successful in attracting foreign

direct investment (FDI) in various segments of economic activities for the last three decades.

The country is ranked with high scoring rating for technological development in all the

spheres of life (WEF, 2016). According to Global Information Technology Report (WEF,

2012), the country leads in the Middle East and MENA region in leveraging ICT for

constructive diversification of the economy and thereby develop sustainable competitive

advantage (WEF, 2016). Since the government provides 100% repatriation of capital and

profits and corporate tax exemptions for IT companies, the demand for IT projects and

products have been surging at a rapid rate both in the private sector as well as in the

government sector. The total IT market for UAE has grown from USD.15.8 billion in 2013 to

more than USD.17.72 billion in 2016, thus recording a CAGR of more than 3% per annum

during this period. It is expected to grow to reach a figure of USD.25 billion by 2020 (Knight

Frank, 2019). The various sub-sectors of IT such as cloud computing, cyber-security, internet

of things (IoT), blockchain strategy, artificial intelligence (AI) etc is expected to gain strong

momentum of growth in future.

8. RESEARCH PROBLEM

A well-articulated, structured and scientific approach is needed in risk management in IT

projects globally as well as locally, as it can be found from the literature on risk management

that nearly more than 66 reasons are identified as the causes of failure of IT projects globally

(Emam and Koru, 2008). Since the IT projects are viable combination of technical project

management and set of vivid decisions, the project managers and stakeholders confront

various pressures and challenges from other functional areas of an organization such as

finance, marketing, production, operations etc., during the course of planning, developing and

implementing the projects. Due to the constraints imposed by time, cost, resources and

conflicting goals of various stakeholders, many IT project managers are forced to take

decisions without giving ample attention to various dimensions of risk and its impact on risk

management practices in the projects. Hence, the research problem is to address the impact of

dimensions of project risk such as degree of complexity, planning and control, project team

and organizational environment on risk management practice such as risk identification, risk

analysis, risk response planning and risk response monitoring and controlling.


the UAE


9. RESEARCH OBJECTIVES

The major objectives of this research work are:

To examine various dimensions of risk management practice such as the degree of

complexity of the projects, planning and control, project team and organizational

environment on risk management practice of IT firms in the UAE.

To investigate the degree of influence of these dimensions on risk management

practice such as risk identification, risk analysis, risk response planning and risk

response monitoring and controlling.

10. RESEARCH HYPOTHESIS

Based on the objective postulated above, the following hypotheses are developed as a prelude

to the study of the impact of the variables.

H01: The dimensions of risk management practice such as complexity of the projects,

planning and control system, project team development and the environment of the

organization are not important in project risk management in IT projects

Ha1: The dimensions of risk management practice such as complexity of the projects,

planning and control system, project team and the organizational environment are important

in project risk management in IT projects

H02: The dimensions of risk management do not influence the risk management practices

such as risk identification, risk analysis, risk response planning and risk response monitoring

and controlling in IT projects in the UAE.

Ha2: The dimensions of risk management influence risk management practices such as risk

identification, risk analysis, risk response planning and risk response monitoring and

controlling in IT projects in the UAE.

11. CONCEPTUAL FRAMEWORK

The conceptual framework of the entire project is furnished in figure 1.

Figure 1

The framework of the study is developed on the assumption that the dimensions of project

risk influence the risk management practices followed by the firms in IT sector in the UAE.

The major dimensions considered in the study are project complexity, project planning and



control, project team development and the organizational environment. These dimensions of

project risk influence risk management practices such as risk identification, risk analysis, risk

response planning, risk response monitoring and controlling.

The degree of complexity of the project is measured by considering duration of the

project, degree of technological complexity, project variety, project interdependency,

elements of context and the level of financial investment. Within the literature, there is ample

evidence to prove that a project is infested with wide array of complexity in the form of

overestimation of results, underestimation of costs, wrong perception of client‘s requirements,

misalignment with competing objectives of the stakeholders, insufficiency of managerial

capabilities, lack of proper technology infrastructure etc. (Hass, 2009; Flyvbjerg, Bruzeluis,

& Rothengatter, 2010; Cooke-Davies, Crawford, Patton, Stevens & Williams, 2011). The

second element considered under the dimensions of project risk is planning and control. The

element of planning and control is measured in terms of the scope of the project, team

structure and assignment of tasks, adaptability contingency during planning and controlling

stage, effective communication, budgeting, plan deadlines and corrective contingency during

the stage (Robert & Nathalie, 2019). The third element in the dimensions of project risk is the

formation of a project team that consists of cross sectional representation of members from

different departments and activities. Team formation is crucial for the success of any projects

in any field of activities and hence, this activity needs high level of scrutiny, knowledge and

experience. The formation of project team is measured in terms of factors such as setting

goals and objectives, team leadership, fixation of team roles and responsibilities during the

development stage, developing trust and values within the team and development of proper

channels of communication within the team as well as outside the team (Katzenbach and

Smith, 2006). The fourth dimension in the study is the organizational environment which has

been given much attention by experts and researchers in the study of latest development in

project management such as Enterprise Risk Management (ERM). The organizational

environmental factors such as organizational culture and climate influence the risk

management practice and hence, factors such as support of various departments,

organizational structure and hierarchy, stakeholders concern and involvement, organizational

culture and the number of decision makers involved are considered in measuring the

organizational environment (Kimbrough and Componation, 2009).

The dimensions mentioned above influence the risk management practice by its impact on

risk identification, risk analysis, risk response planning and risk response monitoring and

controlling. The factors considered in risk identification are gathering information, usage of

risk identification techniques, documentation of risk, documentation of risk identification

process, assessment of effectiveness of the process and the final output of risk identification

(Chapman and Ward, 2008). The various factors considered under risk analysis are those

factors such as scope of the project, resource risk, risk categorization, risk scheduling,

assessing risk probability and updating project documents (Sumner, 2000). The elements

considered under risk response planning are strategies for negative risks and threats, strategies

for positive risks and opportunities, contingent response strategies, tools used for risk

response planning, maintenance of project risk register and project documentation. The

various factors that are considered in measuring the risk response monitoring and controlling

are variables such as project management plan, risk register maintenance, usage of risk

assessment tools and techniques, timely work performance information, monitoring negative

and positive risk and project document updation.


the UAE


12. RESEARCH METHODOLOGY

The research methodology applied in the study is based on research onion model (Saunders,

Lewis and Thomhil, 2007). Since the study involves collection of quantitative data and its

analysis related to various IT projects in connection with the application of risk management,

the epistemological philosophy is used by applying positivism and interpretism. The research

approach used is deductive by developing hypothesis associated with the dimensions of risk

management and its impact on risk management practices applied by various IT companies in

the UAE.

12.1. Population and Sample

The total population comprises of active IT firms that operates in the country for the last 10

years and the staff members working in these companies. The total active firms considered are

404 that primarily operate in the emirates of Dubai and Abu Dhabi (Dubai Chamber of

Commerce, 2017). Out of 404 firms, a sample of 50 companies is selected and sample staff

strength of 250 is considered in the study. The sample is restricted to management staff with

lesser representation of lower level staff members as the study is primarily concerned with the

risk management practices applied by the companies while performing activities related to the

management of the projects. The sampling method adopted is stratified random sampling as

the study classifies the sample of 50 organizations based on their size and the total projects

handled. Then the sample of 250 staff is selected on the basis of the strata prepared by

considering the turnover, number of projects handled and total number of staff engaged in

project related activities. Finally, the 250 staff members are further stratified based on their

position and level in the organizational structure.

12.2. Data Collection

The primary data for this study is collected from 250 respondents which are the samples of

employees and staff working in various IT projects of 50 leading IT companies in the UAE,

by administering a closed ended questionnaire that consists of 48 questions developed in

relation to dimensions of project risk and risk management practice. The rating scale used in

the questionnaire is five point Likert Scale by grading the options into Strongly Disagree (1),

Disagree (2), Neutral (3), Agree (4) and Strongly Agree (5). The questionnaire is validated by

face validity and content validity. In few cases wherever it was difficult to obtain data through

questionnaire, interview was conducted to obtain the data. Since the primary data is

insufficient to arrive at a valid conclusion on the topic under study, sufficient data and

information was obtained from secondary sources such as the database of the firms, studies

and reports published in professional journals and magazines, various publications of the

project management organizations like PMI, APM, PMITS etc.

12.3. Data Analysis

The collected data is analyzed by applying statistical techniques and tools such as descriptive

statistics and interferential statistics. In this study, two major set of descriptive statistics are

used which are averages and measures of dispersion such as standard deviation and variance.

Another set of tools used are inferential statistics to derive judgmental conclusion on

population based on samples. The major inferential statistics applied is Pearson‘s Correlation

Coefficient.

12.4. Validity and Reliability Check

For checking reliability and validity, Cronbach‘s Alpha value of 0.700 is considered in the

study to benchmark it with the internationally accepted standard (Streiner, 2003).



Table 2 Cronbach‘s Alpha Values of the variables

Sl.

No. Dimensions of Project Risk

Cronbach’s

Alpha

Cronbach’s

Alpha Based on

Standardized

Items

No of

Items

1 Degree of Complexity 0.827 0.820 6

2 Planning and Control 0.911 0.910 6

3 Project Team 0.789 0.780 6

4 Organizational Environment 0.855 0.855 6

Sl.

No. Dimensions of Risk Management Practice

1 Risk Identification 0.953 0.950 6

2 Risk Analysis 0.698 0.695 6

3 Risk Response Planning 0.715 0.715 6

4 Risk Response Monitoring and Controlling 0.706 0.705 6

The analysis of data collected in relation to various dimensions of project risk by

administering a questionnaire that consists of 24 questions (6 questions on each dimension)

provides a value above the threshold level of 0.700 for each dimension. In the case of

dimensions of risk management practice, the Cronbach‘s Alpha values are above 0.700 for all

the items except the item of risk analysis that gives a value of 0.698. Since values less than

0.700 has been accepted in studies related to human behavior and related areas (Field, 2009),

the figure is taken as a valid figure for assessing the reliability and validity of the data

collected based on the questionnaires.

The various elements in the dimensions of project risk influence the risk management

practice adopted by the IT companies in project management in UAE. The factors such as

degree of complexity of the project, planning and control activities undertaken, formation of a

effective project team and the organizational environment play a crucial role in developing

effective risk management practices such as risk identification, risk analysis, risk response

planning and risk response monitoring and controlling. The mean score and the standard

deviation of data pertaining to dimensions of project risk and risk management practices

collected from 242 respondents who responded to the questionnaire out of 250 target samples,

is furnished in table 3.

Table 3 Descriptive Statistics on dimensions of project risk and risk management practice

Dimensions of Project Risk

Sl. No. Particulars Mean

Standard

Deviation Nos.

1 Degree of Complexity 4.27 0. 542 242

2 Planning and Control 4.01 0.489 242

3 Project Team 4.21 0.396 242

4 Organizational Environment 3.99 0.449 242

Aggregate Mean 4.12 0.423

Risk Management Practice

1 Risk Identification 3.67 0.557 242

2 Risk Analysis 4.00 0.428 242

3 Risk Response Planning 4.11 0.512 242

4 Risk Response Monitoring and Controlling 4.36 0.547 242

Aggregate Mean 4.04 0.511


the UAE


The closeness of the mean values indicates consistency in the opinion of the respondents.

The high values of the mean shows high level of agreement on rating among the respondents

related the questions asked. Since the mean values are 4.12 and 4.04 for dimensions of

project risk and risk management practice respectively, it can be stated that there is unanimity

among the respondents on the fact that the dimensions chosen are valid and these dimensions

influence the efficiency of risk management practice followed by the IT firms in the UAE.

The standard deviation value shows the dispersion of the values and the level of variability of

the values from the mean. The standard deviation values are low which enable us to conclude

that there is low variability in the opinion of the respondents and hence, it can be concluded

that the values can be considered as an acceptable scale for measuring dimensions of project

risk and risk management practices.

The objective, hypothesis formulation and the conceptual framework proposed is to

explore the relationship between dimensions of project risk and risk management practice.

The entire study is conceptualized on the basis of this relationship and the data is collected

with a view to obtain the relationship between these variables. In order to assess the impact of

dimensions of project risk on risk management practices, Pearsons Coefficient of Correlation

values are derived for each component to ascertain the relationship between these variables.

These values are furnished in table 4.

Table 4 Correlation values of dimensions of project risk and project risk management practices

Dimensions of Project Risk

Project Risk Management Practices

Risk

Identification

Risk

Analysis

Risk

Response

Planning

Risk

Response

Monitoring

and

Controlling

1 Project Complexity 0.854 0.883 0.792 0.773

2 Planning & Control 0.775 0.659 0.668 0.633

3 Project Team 0.706 0.927 0.378 0.388

4 Organizational Environment 0.668 0.592 0.412 0.391

The table 4 shows that there exists strong positive correlation between project complexity

and the project management practices such as risk identification, risk analysis, risk response

planning and risk response monitoring and controlling. This implies that when project

complexity is high, risk identification, risk analysis, risk response planning and risk response

monitoring and controlling becomes difficult and complex. The project planning and control

also is strongly correlated to the various elements of project management practice. The risk

identification becomes easy and effective when there is proper planning and control in project

risk management. Effective planning and control will make risk analysis, risk response

planning and risk response monitoring and controlling more easier. In the case of relationship

between project team effectiveness and project management practices, the correlation is

strong and positive for risk identification and risk analysis, which implies that a strong project

team will help an organization to identify and analyze the risk effectively. But the correlation

of project team with risk response, planning and control is very weak which shows that the

team is given relatively lesser importance in risk response, planning and control in IT firms in

the UAE. As far as organizational environment is considered, the table shows strong

correlation with risk identification and risk analysis which implies that the organizational

culture and climate influence these variables. In the case of risk response, planning and

controlling, the role of organizational climate is relatively weak. From the analysis, it is

obvious that the project managers enable the team and staff to involve in the project during

the early stages of risk identification and risk analysis but fails to give priority to these



variables during the course of risk response planning and risk response monitoring and

controlling.

13. FINDINGS OF THE STUDY

A detailed analysis of the relationship between dimensions of project risk and risk

management practices in IT firms in the UAE reveals the following information.

The dimensions of project risk such as complexity of project, project planning and

control, project team work and organizational environment play a major role in influencing

the project management practices followed by firms in the UAE. From the study, it is found

that these variables are crucial in a project as the final success of a project depends upon the

analysis and assessment of the project risk dimensions and the managers and project team

should have skill and ability to ascertain the appropriate dimensions of risk even during the

initial stages of development of a project. When the dimensions of project risk were analyzed

against risk identification, risk analysis, risk response planning and risk response monitoring

and controlling, it could be found that positive correlation exists between these factors and the

correlation values are relatively strong and positive in almost all the cases except few

variables. From the study, it is clear that when the complexity of a project is high, risk

identification, risk analysis, risk response planning, monitoring and controlling is difficult.

The planning and control measured in terms of scope of the project, structuring of the team,

allocation of tasks, adaptability contingency during planning stage, communication

effectiveness, budgeting and corrective contingency influence the risk identification process,

risk analysis, risk response planning and risk response monitoring and controlling. If these

factors are properly assimilated and structured, it will make risk management practice more

effective and efficient in generating desired outcome. The development of a proper project

team can make project identification easier through its influence on factors such as setting

goals and objectives, development of team leadership, assignment of team roles and

responsibilities, development of trust and values and effective communication system. So

development of a project team is vital for the success of proper identification of risk, risk

analysis, risk response monitoring and controlling. This factor is given lesser attention by

many companies under study. One of the major reasons for the failure of projects is the lack

of understanding among the team members and improper selection of members of the team. It

is found that the team opinion is not given due consideration by many IT companies in UAE.

The risk response planning ensures that the identified risks are properly addressed and when

the risk events cannot be resolved through various techniques of risk response, the only option

is to accept it for which project teams‘ involvement is crucial as it needs to develop a

contingency plan (PMBOK, 2000). But poor correlation between the variables mentioned

forces us to presume that the teamwork is not visible in risk response planning. When we

consider the role of team in risk response and monitoring, it can be found that the correlation

value is very weak and this findings contradicts the common belief that team role is crucial in

project planning, risk management and risk response monitoring and controlling (Lewis,

2004). So we can conclude that the role of team in risk response and monitoring is negligible

in IT industry in the UAE. The organizational environment factors influence risk

identification through organizational culture, organizational climate, organizational structure

and hierarchy, stakeholders concern and involvement and the involvement of number of

decision makers. But this factor is given relatively lesser importance by companies in UAE as

many of the companies have not considered the importance of organizational culture in

developing a risk management culture.


the UAE


14. CONCLUSION

The study on the importance and impact of various dimensions of risk such as project

complexity, project planning and control, project team development and organizational

environment on project management practices has been done with the objective to find out the

efficacy of information technology projects handled and managed by leading companies in

the UAE. Since project failures are common due to various factors, the study attempts to

analyze the dimensions of project risk management and its relationship with the project risk

management practices followed by these firms. From the study, it is revealed that even though

organizational factors are given due importance during risk identification and risk analysis, it

is given lesser importance in risk response planning, monitoring and controlling.

REFERENCES

[1] Addison, T. and Vallabh, S. (2002). Controlling Software Project Risks – An Empirical Study

of Methods Used by Experienced Project Managers, in Proceedings of the Annual Conference

of the South African Institute of Computer Scientists and Information Technologists

(SAICSIT) (Port Elizabeth, South Africa, 16–18 September)

[2] Adrian J. S. (2007): The Upside: The Seven Strategies for Turning Big Threats into Growth

Breakthroughs, New York, NY: Random House. 2007: 108.

[3] Allayannis, G., & Weston, J. P. (2001). The Use of Foreign Currency Derivatives and Firm

Market Value. Review of Financial Studies, 14(1), 243–276.

https://doi.org/10.1093/rfs/14.1.243

[4] Alter, S. and Ginzberg, M. (1978). Managing Uncertainty in MIS Implementation, Sloan

Management Review 20(1): 23–31.

[5] Andersen, T. J. (2008). The Performance Relationship of Effective Risk Management:

Exploring the Firm-Specific Investment Rationale. Long Range Planning, 41(2), 155–176.

https://doi.org/http://dx.doi.org/10.1016/j.lrp.2008.01.002

[6] Atkinson, R. (1999). Project management: cost, time and quality, two best guesses and a

phenomenon, its time to accept other success criteria. International Journal of Project

Management, 17(6), 337-342.

[7] Baccarini, D. (1996). The concept of project complexity - A review. International Journal of

Project Management, 14(4), 201-204.

[8] Baccarini, David, Salm, Geoff, and Love, Peter. (2004), ―Management of risks in information

technology projects.‖ Industrial Management and Data Systems, Wembley. 104, 3-4, 286.

[9] Bannerman, P.L. (2008). Risk and Risk Management in Software Projects: A reassessment,

Journal of Systems and Software 81(12): 2118–2133.

[10] Barki, H., Rivard, S. and Talbot, J. (2001). An Integrative Contingency Model of Software

Project Risk Management, Journal of Management Information Systems 17(4): 37–69.

[11] Bernstein, P.L. (1998), Desafio aos deuses: a fascinante história do risco. Campus, Rio de

Janeiro.

[12] Boehm, B.W. (1973). Software and its Impact: A quantitative assessment, Datamation 19(5):

48–59. Boehm, B.W. (1983). Seven Basic Principles of Software Engineering, Journal of

Systems and Software 3(1): 3–24.

[13] Boehm, B.W. (1991). Software Risk Management: Principles and practices, IEEE Software

8(1): 32–41

[14] Brooks Jr., F.P. (1974). Mythical Man-Month, Datamation 20(12): 44–52.



[15] CBP (2005): Measure of Project Management Performance and Value, Comprehensive List of

Measures, Retrieved from https://www.pmsolutions. com/audio.

[16] Chang, C. K., & Christensen, M. (1999). A net practice for software project management.

IEEE Software, November/ December 1999, 80-88.

[17] CHAOS (2014): The Standish Group Report, Project Smart, Retrieved from

https://www.projectsmart.co.uk/white-papers/chaos-report.pdf

[18] Chapman, C and Ward, S (2008): Project Risk Management: Processes, Techniques and

Insights, 2nd ed, John Wiley.

[19] Charette, R.N. (1996). The Mechanics of Managing IT Risk, Journal of Information

Technology 11(4): 373–378.

[20] Cooke-Davies, T., Crawford, L., Patton, J. R., Stevens, C. & Williams, T. M. (2011). Aspects

of complexity: Managing projects in a complex world. Newtown Square, PA: Project

Management Institute.

[21] de Bakker, K., Boonstra, A. and Wortmann, H. (2010). Does Risk Management Contribute to

IT Project Success? A Meta-Analysis of Empirical Evidence, International Journal of Project

Management 28(5): 493–503

[22] Del Cano, D., & Cruz, P (2002): "Integrated Methodology for Project Risk Management,"

Journal of Construction Engineering and Management, vol. 128, no. 6, pp. 473- 485, 2002.

[23] Dubai Chamber of Commerce (2017): Doing business in UAE,

https://www.dubaichamber.com/resources/e-library

[24] Edwards, P J, and Bowen, P A (2005). Risk Management in Project Organisations. Oxford:

Butterworth-Heinemann.

[25] Emam, K. E., Koru, A. G. (2008) 'A Replicated Survey of IT Software Project Failures', IEEE

Software, 25(5), pp. 84-90.

[26] Ewusi-Mensah, K. (1997). Critical issues in abandoned information systems development

projects: What is it about IS projects that make susceptible to cancellations? Communications

of the ACM, 40(9), 74–80.

[27] Fairley, R. (1994). Risk Management for Software Projects, IEEE Software 11(3): 57–67.

[28] Field, A.P. (2013): Discovering Statistics using IBM SPSS Statistics: And Sex and Drugs and

Rock ‗n‘ Roll (4th Edition), Sage Publication, London

[29] Flyvbjerg, B., Bruzelius, N., & Rothengatter, W. (2003). Magaprojects and Risk - An anatomy

of ambition. Cambridge: Cambridge Unversity Press

[30] Flyvbjerg, B., Bruzeluis, N. & Rothengatter, W.(2010). Megaprojects and risk: An anatomy of

ambition. Cambridge, MA: Cambridge University Press.

[31] Gobeli, D.H., Koenig, H.F. and Bechinger, I. (1998), ―Managing conflict in software

development teams: a multilevel analysis‖, Journal of Product Innovation Management, Vol.

14 No. 4, pp. 323-34

[32] Graham, J.D & Rhomberg, L (1996): How Risks are Identified and Assessed, The Annals of

American Academy of Political and Social Sciences (London, ISBN 0-7619- 0298-8.

[33] Hartman, F. and Ashrafi, R.A. (2002), ―Project management in the information systems and

information technologies industries‖, Project Management Journal, Vol. 33 No. 3, pp. 4-14.

[34] Hass, K. (2009). Managing complex projects: A new model. Tysons Corner, VA:

Management Concepts Press.

[35] Hawk, D., 2006. Conditions of success: a platform for international construction development.

Construction management and economies, 24 (7), 735– 742.


the UAE


[36] Heemstra, F.J. and Kusters, R.J. (1996). Dealing with Risk: A practical approach, Journal of

Information Technology 11(4): 333–346.

[37] Hillson, D., & Simon, P. (2007). Practical Project Risk Management - The ATOM

Methodology. Vienna, Virginia: Management Concepts

[38] Ibbs, C.W. & Kwak, Y.H. (2000), Assessing project management maturity. Project

Management Journal, Vol. 31 No 1, pp. 32- 43.

[39] IIRM(2016): A Practical Guide to Enterprise Risk Management, Retrieved from

http://www.iirmglobal.com/

[40] ISO 10006 (2010): Quality management systems− Guidelines for quality management in

projects, 2010.

[41] Jiang, J.J. and Klein, G. (2001), ―Software project risks and development focus‖, Project

Management Journal, Vol. 32 No. 1, pp. 3-9.

[42] Jiang, J.J., Klein, G., Chen, H.G., (2006): The effects of user partnering and user nonsupport

on project performance. Journal of AIS 7 (2), 68–90

[43] Kapur, G. K. (1999). Why IT project management is so hard to grasp. Computerworld, 33(18),

32.

[44] Katzenbach, J. R. and D. K. Smith (2006): The wisdom of teams: Creating the high-

performance organization (Collins Business Essentials). New York: HarperCollins

[45] Keil, M., Cule, P., Lyytinen, K. and Schmidt, R. (1998). A Framework for Identifying

Software Project Risks, Communications of the ACM 41(11): 76–83.

[46] Kimbrough, R. L., & Componation, P. J. (2009): The relationship between organizational

culture and enterprise risk management. Engineering Management Journal, 21, 18-26.

[47] Koskela, L and Howel G (2002): ―The underlying theory of project management is obsolete,‖

in Proc. of the Project Management Institute Research Conference, 2002, pp. 293-302.

[48] Kutsch, E. and Hall, M. (2005). Intervening Conditions on the Management of Project Risk:

Dealing with uncertainty in information technology projects, International Journal of Project

Management 23(8): 591–599

[49] Liebenberg, A. P., & Hoyt, R. E. (2003). The Determinants of Enterprise Risk Management:

Evidence From the Appointment of Chief Risk Officers. Risk management and Insurance

Review, 6, 37–52.

[50] Lim, C.S. and Mohamed, M.Z., 1999. Criteria of project success: an exploratory re-

examination. International of project management, 17 (4), 243– 248.

[51] Lim, C.S. and Mohamed, M.Z., 1999. Criteria of project success: an exploratory re-

examination. International of project management, 17 (4), 243– 248.

[52] Little, A.D (2016): Why Risk Management is Failing, Retrieved from https://www.

adlittle.com/sites/default/files/viewpoints/ADL_Value_Based_Risk.pdf

[53] Loosemore, M. ., Raftery, J. ., Reilly, C. ., & Higgon, D. (2006). Risk Management in Projects

(2nd Editio). New York: Taylor & Francis.

[54] Mahaney, R. C., & Lederer, A. L. (2006). The effect of intrinsic and extrinsic rewards for

developers on information systems project success. Project Management Journal, 37(4), 42–

54.

[55] McFarlan, F.W. (1981). Portfolio Approach to Information Systems, Harvard Business

Review 59(5): 142–150.

[56] Meyer, A. De, Loch, C.H. & Pich, M.T. (2002): Managing Project Uncertainty: From

Variation to Chaos. MIT Sloan Management Review, Vol. 43 No 2, pp. 60+.



[57] Moeller, Robert R. (2007). COSO Enterprise Risk Management Framework. Establishing

effective governance, risk and compliance processes. New York: John Wiley & Sons

[58] Mulcahy, R. M. (2003). Risk Management - Tricks of the Trade for Project Managers. USA:

RMC Publications.

[59] Pender, S. (2001). Managing Incomplete Knowledge: Why risk management is not sufficient,

International Journal of Project Management 19(2): 79–87.

[60] Pfleeger, S.L. (2000). Risky Business: What we have yet to learn about risk management,

Journal of Systems and Software 53(3): 265–273.

[61] Philbin, S. (2008). Managing complex technology projects. Research and Technology

Management, March-April 2008(32-39).

[62] Pich, M.T., Loch, C.H. and De Meyer, A. (2002). On Uncertainty, Ambiguity, and

Complexity in Project Management, Management Science 48(8): 1008–1023.

[63] PM2 (2018): PM2 Project Management Methodology, European Commission, Practical

Project Risk Management, Retrieved from https://www.pm2alliance. eu/wp-

content/uploads/2019/05/PM%C2%B2-project-management.

[64] PMBOK Guide (2018): Project Management Guide, 2018, https://www.

engineeringmanagement. info/2018/08/pmbok-guide-sixth-edition-summarized-pdf.html

[65] Powell, P.L. and Klein, J.H. (1996). Risk Management for Information Systems Development,

Journal of Information Technology 11(4): 309–319

[66] Project Management Institute. (2008). A guide to the project management body of knowledge

(PMBOK® guide) (4th ed.). Newtown Square, PA: Project Management Institute.

[67] Project Management Institute. (2012). A guide to the project management body of knowledge

(PMBOK® guide) (4th ed.). Newtown Square, PA: Project Management Institute.

[68] BS6079-1 (2010): Project management, Part 1: Principles of guidelines for the management of

projects, BS6079-1:2010.

[69] Rashad, Y & Kaizer, B.R (2011): Poor Risk Management as one of the Major Reasons

Causing Failure of Project Management, Management and Services Science (MASS), China.

[70] Rayner, S., & Cantor, R. (1987). How fair is safe enough? The cultural approach to societal

technology choice. Risk Analysis, 7, 3-13.

[71] Raz, T., Shenhar, A. J., & Dvir, D. (2002). Risk management, project success and

technological uncertainty. R&D Management, 32(2), 101-109.

[72] Robert Pellerin & Nathalie Perrier (2019): A review of methods, techniques and tools for

project planning and control, International Journal of Production Research, 57:7, 2160-

2178, DOI: 10.1080/00207543.2018.1524168

[73] Rodriguez-Repiso, L., Setchi, R., & Salmeron, J. L. (2007). Modelling IT projects success:

Emerging methodologies reviewed. Technovation, 27(10), 582–594.

[74] Saunders, M., Lewis, P., & Thornhill, A. (2012). Research Methods for Business Students (6

ed.): Pearson.

[75] Schwalbe (2015): Project Risk Management, Cengage Learning, USA, ISBN10 1285452348,

ISBN13 9781285452340

[76] Sharma, A., Sengupta, S., & Gupta, A. (2011). Exploring risk dimensions in the Indian

software industry. Project Management Journal, 42(5), 78-91.

[77] Simister, S.J. (2004). Qualitative and Quantitative Risk Management, in P.W.G. Morris and

J.K. Pinto (eds.) The Wiley Guide to Managing Projects, Hokoben: John Wiley & Sons, pp.

30–47.


the UAE


[78] Sommer, S.C. and Loch, C.H. (2004). Selectionism and Learning in Projects with Complexity

and Unforeseeable Uncertainty, Management Science 50(10): 1334–1347

[79] Streiner, D. (2003): Starting at the beginning: an introduction to coefficient alpha and internal

consistency. Journal of personality assessment. 2003; 80:99-103.

[80] Sumner, M. (2000), ―Risk factors in enterprise-wide/ERP projects‖, Journal of Information

Technology, Vol. 15 No. 4, pp. 317-327

[81] Tadayon, M., Jaafar, M. and Nasri, E., 2012. An Assessment of Risk Identification in Large

Construction Projects in Iran. Journal of Construction in Developing Countries, 17(1), pp.57–

69

[82] Taylor, H. (2005). Congruence Between Risk Management Theory and Practice in Hong Kong

Vendor-Driven IT Projects, International Journal of Project Management 23(6): 437–444.

[83] Tchankova L (2002): ―Risk Identification – Basis Stage in Risk Management,‖ Vol.13, PP290

[84] Teoh, A. P. (2009). Enteprise Risk Management and Firm Performace: Role of Quality of

Internal Audit Function As Moderator. Universiti Sains Malaysia, Malaysia.

[85] Uluocak, B. (2013). Critical success factors (CSFs) affecting project performance in Turkish

IT sector. Paper presented at PMI® Global Congress 2013—EMEA, Istanbul, Turkey.

Newtown Square, PA: Project Management Institute.

[86] Vidal, L. A., Marl, F., & Bocquet, J. C. (2011). Measuring project complexity using the

Analytic Hierarchy Process. International Journal of Project Management, 29(6), 718-727.

[87] Ward, S. and Chapman, C. (2003). Transforming Project Risk Management into Project

Uncertainty Management, International Journal of Project Management 21(2): 97–105

[88] WEF (2012): The Global Information Technology Report, 2012, INSEAD, Retrieved from

https://www.darden.virginia.edu/sites/default/files/inline-files/Global_IT_Report_2012.pdf

[89] WEF (2019): The Global Risk Report, 2019, World Economic Forum, ISBN: 978-1-944835-

15-6, Retrieved from http://www3.weforum.org/docs/WEF _Global_Risks_Report_2019.pdf

[90] Widerman, R.M. (1992), Project and Program risk management: a guide to managing project

risks and opportunities. Project Management Institute, Newtown Square.

[91] Wilder, C. and B. Davis. (1998) False starts, strong finishes. Information Week (Nov. 30): 41-

53.

[92] Willcocks, L. and Graeser, J. (2001): Delivering IT and E-business value, Computer Weekly

Series, Butterworth and Heinemann, Oxford.

[93] Williams, T. M. (1999). The need for new paradigms for complex projects. International

Journal of Project Management, 17(5), 269-273.

[94] Williams, T. M., Klakegg, O. J., Walker, D. H. T., Aderson, B., & Magnussen, O. M. (2012).

Identifying and acting on early warning signs in complex projects. Project Management

Journal, 43(2), 37-53.

[95] Zmud, R.W (1980): Management of Large Software Development Efforts, MIS Quarterly,

4(2), pp 45-55

[96] Zwikael, O. & Globerson, S. (2006), From Critical Success Factors to Critical Success

Processes. International Journal of Production Research, Vol. 44 No 17, pp. 3433-3449.

[97] Zwikael, O. & Sadeh, A. (2007), Planning effort as an effective risk management tool. Journal

of Operations Management, Vol. 25 No 4, pp. 755-767.

a study on the impact of dimensions of risk …€¦ · a study on the impact of dimensions of risk...

Documents