To read the full version of this content please select one of the options below:

Supporting decision making in risk management through an evidence‐based information systems project risk checklist

Lihong Zhou (Department of Information Studies, University of Sheffield, Sheffield, UK)
Ana Vasconcelos (Department of Information Studies, University of Sheffield, Sheffield, UK)
Miguel Nunes (Department of Information Studies, University of Sheffield, Sheffield, UK)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 6 June 2008

Abstract

Purpose

This paper aims to present a study of Information Systems project risk management aimed at identifying a risk ontology and checklist that will enable decision making and mitigation strategy planning in information system (IS) development in the public sector. This sector is an ideal research field in risk management practices, due to the visibility that failure of IS/IT projects has acquired as a consequence of the duty of accountability that characterises it.

Design/methodology/approach

The study is based on a qualitative approach anchored on a critical literature review, leading to the development of an analytical framework, followed by a thorough case‐study survey.

Findings

A project risk ontology was derived from the analysis of ten case‐studies in the UK, USA and New Zealand and was divided into five main categories: pre‐project, customer, project management, technological issues, and development methodology. The analysis found that a considerable number of risk factors are incurred before the start of the formal project and pre‐determine the future of the project and create predictable risks that can be avoided.

Research limitations/implications

This paper has focused on the pre‐implementation and implementation phases of IT/IS projects and further research into IS post‐implementation is required.

Originality/value

The proposed ontology is designed to fit in real life systems development cycles and is aimed at supporting risk assessment and control. The findings suggest that risk thinking should start early in the project and not, as many modern design and development methodologies propose, solely as part of the development process itself.

Keywords

Citation

Zhou, L., Vasconcelos, A. and Nunes, M. (2008), "Supporting decision making in risk management through an evidence‐based information systems project risk checklist", Information Management & Computer Security, Vol. 16 No. 2, pp. 166-186. https://doi.org/10.1108/09685220810879636

Publisher

:

Emerald Group Publishing Limited

Copyright © 2008, Emerald Group Publishing Limited