INFT3100 Project Management


A literature review paper should be created based on your research regarding a current topic or concept in project management.

The literature review should include:

The topic should be addressed from both the theoretical as well as the applied sides.

Critically analyze the latest literature (year 2000>).

Identify the key themes, trends, perspectives and/or controversies

Identify the strengths and the weaknesses of the literature

Identify any knowledge gaps where possible

A well-written conclusion should be provided that addresses the key implications of the findings with respect to Project Management and your chosen topic.



The concept of risk management and risk in Information Technology Projects was evaluated through this literature review.

This paper demonstrates both the theoretical and practical aspects of the topic by identifying risk and managing risk.

A review of literature related to the concept was also described, focusing on the themes, trends, and perspectives.

This study examines the strengths and limitations of existing literature to evaluate the strategic concept of IT project risk management (Hydari (2015)).

Furthermore, the study focuses on a different set strategies used in modern-day project management.

Additionally, the literature review revealed the methods to identify, assess and control risks that affect IT projects.

Final thoughts can be drawn from the results by concluding that the overall impact of risk management and the significant gaps in literature were clearly identified.


Project risk can be defined as an unpredictable event or a specific circumstance that may have an adverse effect on project outcomes and deliverables.

Project risk refers to the certainty of loss or failure.

Smith and Merrit(2002) state that there are three main aspects of risk.

Time, uncertainty, and loss are all aspects that can be considered risk.

Based on the authors’ idea, a project manager is responsible for evaluating all uncertainties that may be associated with an IT-related project.

The project may also have some risks that need to be determined.

The time factor should also be taken into consideration when assessing risk. There may come a day where the risk is no longer possible (Sisco 2011).

Pennock & Haimas (2001) argued that risk management can be divided into six steps. Three are for risk analysis and three are for management.

Risk assessment is the process of identifying and analysing the risks.

In risk management, alternatively, one must determine the cost-benefit analysis, available options, and impact on futuristic decision-making.

The Objectives of Risk management

It can be said that identifying the goals of risk management is mandatory in order to influence overall risk management.

Kendrick (2003) has demonstrated the benefits of a risk management plan.

Leaders can improve their chances of success in achieving the highest number of goals by implementing project risk management.

Risk management can also lower the cost of IT projects, and it helps to manage the chaos that occurs during a project.

By involving all stakeholders, risk management can enable high-level project priority.

The last step in risk management is to identify the risks involved in project work, and to establish the resources that can be used to meet project objectives (Kerzner (2003)).

The Strategy for Risk Management

Different Strategies

Risk management is a complex area of IT Project Management. There are several strategic approaches that can be used to mitigate risks.

Kendrick (2003, p. 3) stated that risk management should be based upon project-related hazards.

The failure to manage risk can be caused by poor project management.

According to the author, risk management must include an objective plan that can be consistently met the objectives of the project and minimize the potential for negative outcomes.

Doernemann (2002) develops risk management strategies and analysis strategies. This includes six-step models that include risk identification, qualitative and quantitative risk analyses, risk response planning, risk monitoring, control and risk monitoring.

The project manager must ensure that each step is followed before he or she can make the decision to implement risk management planning.

The risk assessment is also crucial.

Both the qualitative and quantitative risks analysis are essential in evaluating the IT project’s risks.

The risk response planning includes the ability to reduce the risks and increase the chances.

Finally, the plan can be executed by monitoring and tracking the risks.

How to identify risk

A variety of methods are available to identify the risk in the modern risk mitigation plan.

First, there are information gathering methods such as brainstorming and the Delphi technique. Second, SWOT analysis is possible.

Checklist analysis can be regarded as one of most important methods to identify risk (Botchkarev, Finnigan 2015).

It is important to perform assumptions analysis to identify risks related to inaccuracy, incompleteness, or changeability in assumptions.

In order to determine the causes and risks, you can use risk diagramming tools such as influence diagrams or system flow charts (Smith and Merritt (2002)).

How to assess and evaluate risks

There are many methods or techniques that can be used to assess and estimate the risks and their effects on project performance.

Ennouri (2013) identifies two methods for risk assessment and evaluation. They are qualitative risk analysis (or quantitative risk analysis).

Monteiro de Carvalho & Rabechini Junior (2013) say that qualitative risk analysis is used to describe the risks rather than using any economic variables.

The qualitative approach assumes there are losses or threats that can’t be expressed in terms financial numbers and it is impossible to get adequate information (Rose (2014).

These techniques include scenario analysis and fuzzy metrics.

There are other risks that can be quantified in terms both of their frequency and their impact.

Quantitative analysis employs statistical data to determine the probability of certain risks and losses occurring in the future (Ward 2014).

The downsides of quantitative risk analysis are that it relies on historical data. Future uncertainties could make the impact and likelihood of an event different.

Ennouri (2013) argued that it is important to properly assess and evaluate the identified risk using a mixed analytical technique. This will help identify the greatest impact of uncertainties.

How to reduce risks

Wideman, (2002) had previously identified seven primary ways to manage identified risks.

He explained seven ways to manage risk.

Dorfman later explained that all strategies to manage risk fall under the four T’s (tolerate the risk; threat the risk; terminate the risk; transfer the risk).

Sisco (2011) outlined five risk management techniques: risk avoidance (or risk reduction), risk transfer, risk deferral or risk retention.

According to different theories, the concepts or techniques for reducing risks almost remain the same.

Project management is a strong area of risk management literature.

Literature Gap

The lack of research and data in areas related to risk analysis/management makes it difficult to quantify the impacts of risk analysis/management (Sisco 2011).

Project managers are often faced with high levels of risk due to the lack of historical data.

Unfortunately, the literature does not offer sufficient theory to validate the validity and reliability.

Therefore, it is difficult for IT project teams to effectively analyse and manage risk because they lack adequate information.


After reviewing the review above, you can see that different authors have offered their own views about the subject of IT project management and risk analysis.

The literature also shows that communication is crucial to successful risk management planning.

Although the theories of risks management are useful for project managers, they also help them to spot the potential pitfalls in the literature.

The project management team must be able understand both the limitations and the theoretical concepts before they can apply the risk management techniques to live projects.

Refer to

Botchkarev A., and Finnigan P. (2015).

Complexity in Information Systems Project Management.

Organisational Project Management 2(1), p.15.

Doernemann H. (2002). ‘Tool-Based Management Made Practical’. Joint IEEE International Requirements Engineering Conference. (RE’02), p. 192.

Introduction to risk management, insurance.

Prentice Hall.

Risk management: A new literature review.

Polish Journal of Management Studies. pp.288-297.

The Rules of Project Risk Management. Implementation Guidelines for Major Projects.

Project Management Journal 46(4), pp.e4–e4.

Kendrick T., 2003. Identifying Project Risk and Managing It: Essential Tools to Failure Proof Your Project.

The Project Management Workbook is a companion to Project management: A systems approach to planning and scheduling.

Pennock M. and Haimes.

“Principles and Guidelines to Project Risk Management” Systems Engineering, 5(2): 89-108

An empirical study on the Effect of Project Risk Management on Project Performance.

Journal of Technology Management & Innovation 8: 64-78

Personal Effectiveness and Project Management: Tools, Strategies & Tips to Improve Your Decision-making Skills, Motivation, Confidence & Risk-taking, Achievement, Sustainability, and Success.

Project Management Journal 45(2), pp.e1–e1.

Project management in IT.

Merritt G. and Smith P.

New York Productivity Press

Practical Risk-Management: An Executive guide to Avoiding Surprises & Losses.

The Risk Management Guide: How to Manage Project Risks and Opportunities.

Project Management Institute.

Process improvement in project management.

Boston: Artech House.

Leave a Reply

Your email address will not be published.