A proposed project risk management framework in the information technology environment / Herbert James van Antwerp

Information Technology (IT) projects that resulted from the accelerated technologicalpace of change, will enable a path of growth and long term return on investment(ROI) for organisations. However, embarking on such large scale investments leavelittle opportunity to turn back, and sound project management principles will berequired to effectively manage unforeseen issues during the project life cycle, and ifthese fail, the organisations will be constantly functioning in crisis mode.The absence of risk control and risk management can be destructive towards overallbusiness performance. Management skills are therefore of paramount importance toreduce direct cost of projects and to handle increased challenges derived fromimprovements on existing IT infrastructures. The need for a robust risk managementframework exists although many industry standard methodologies are available toassist management in the ongoing task of project delivery.The main objective of the study was to propose a general reference framework thatdescribes an optimal project risk management process plan for IT projects fromvarious industry types in South Africa. The literature study focused on identifying keyfactors and components within the project risk management academic field. Thisframework can also be useful to organisations in developing and expanding existingproject risk management processes to facilitate the preparation and practicalimplementation in order to give assurance to stakeholders that all potentiallymomentous risks are identified and properly managed.Shareholders require transparency and high standards of corporate governance thatmust therefore function in an environment that cultivate open communicationchannels. Shareholder value will be delivered by means of information that is appliedthrough effective knowledge management initiatives and constantly monitored bymeasurable strategic objectives.The second part of the study entails an empirical investigation that identified the [1]general project management issues within organisations; [2] perceptions on riskmanagement practices; [3] key factors within project risk management; [4] and methodologies/frameworks that are applied in practice. The results indicated that itsimply will not suffice with only managing some stages of a project cycle. Informationaudits form an integral part in maximising Information Systems (IS) that must bealigned with the overall organisational strategy. Strategy, performance andsustainability are inseparable assets of any organisation. IT governance perceived byorganisations as important, can improve its competitive value with effective riskpractises like risk methodology and data management. Knowledge management willlead management towards better competitive positions as well as increasing theoverall organisational performance levels. Risks identified must be well documented,and the implementation of risk support systems will enable business management toanticipate future conditions and plan ahead.Management tools like Prince2 and PMBOK can guide the project managementprocess. None of them, however, ensure project success and the project team mustdecide on the combination of each tool to implement according to individualorganisational needs.The study further indicated that an organisation must cultivate an opencommunication channel for identifying and escalating risk and issues. Riskmanagement can be seen as a scientific soul mate to project management withcommunication lying at the heart of effective risk management. Effectivecommunication will establish critical links between shareholders' needs; informationdistribution; performance reporting; and management of issues towardsshareholders.Governance, as the binding glue for organisations, has been one of the fastestgrowing elements of risk management. Performance measurement is paramount toIT governance and must be set and monitored by measurable objectives. COBIT as acomprehensive framework for IT management, promotes an excellent referencemodel to advance IT governance. King III, as non-legislated code towards JSESecurities Exchange, states that a company should have a risk assessmentframework in place to enable management to pro-actively and continuously addressrisks. Basel II has reached the plateau but its effectiveness purely rests on the management of financial institutions to extend beyond the regulation alone. VariousISO standards can be used in conjunction with these management tools like the ISO31000 risk management standard to guide management in the effectiveimplementation of risk practices.The empirical research indicated that knowledge management will lead organisationstowards better competitive positions as well as increasing the organisation's overallperformance levels. It further indicated that IT governance can improve anorganisation's competitive value with effective risk management practices.The study revealed that top management involvement is vital with each IT projectintervention along with the required sponsor support. Project risk management is notonly the project teams' responsibility, but the organisation as a whole. The strategy ofan organisation must cultivate an open communication channel within projects;clearly assign roles and accountability; enforce a repository support system tomonitor and evaluate risks; and to drive risk awareness throughout the organisation.