An investigation of risk management methodology use on information technology projects

The use of risk management methodologies on IT projects is very important, but very little is understood about what drives this use. A review of the literature identified a range of potential drivers of this use, with the notion of use itself being resolved into two types: organizational level adoption and project level adoption and usage. A categorisation scheme based on the source of the driver was also developed.Research questions regarding the adoption of the risk management methodology (RMM) at the organizational level and the adoption and usage of the RMM at the project level were investigated via an interpretive qualitative case study of a financial services organization. Data was collected from semi-structured interviews and corporate documents and analysed using Qualitative Data Analysis.Two drivers, Management Initiative to Improve IT and Management Initiative to Standardise Practices were found to influence the organizational level adoption of RMM within the case-study organization. EUT proved useful in providing a rationale for IT management to adopt the IT Operating Model (and hence the risk management methodology) it could not however capture the circumstances in which the decision to adoption took place, for which Wastell?s (2007) notion of ?methodology as a response to organizational crisis? proved useful.Seven drivers were found to influence the adoption and usage of the RMM on IT projects within the case-study organization, with Project Manager Experience and Perceived Project Riskiness being the most influential and working together to ensure the ?right? level of usage given the risks inherent in a project, with the other drivers interacting to set the ?minimum? level to which the RMM must be used.In regard to the project level usage of the RMM, again EUT provide a sound economic argument on which the operation of the drivers could be explained, but as with the organizational level adoption, could not provide an insight nature of that operation. A contingency theory perspective did however provide an explanation of why the primary drivers interact in the way they do, as well explaining why higher risks projects require additional use of the methodology.In addition to the two types of use foreshadowed in the literature, a third type, adaptation of the methodology was found. Three drivers, Management Initiative to Improve IT, Project Community Norms, and Europa Regulatory Environment, were found to influence the adaptation of the Europa?s IT project risk management methodology. The role of Communities of Practice proved useful in explaining the adaptation of methodology.This study contributes to the body of knowledge by improving the understanding of what drives the use of risk management methodologies on IT project and providing a detailed exposition of the organization?s risk management practices.