Proceedings of the IE 2013 International Conference www.conferenceie.ase.ro
A MULTI-CRITERIAL DECISION SUPPORT SYSTEM FOR IT PROJECTS RISK MANAGEMENT Claudiu BRANDAS West University of Timisoara
[email protected] Otniel DIDRAGA West University of Timisoara
[email protected]
Abstract. IT projects are exposed to various risk factors that have a significant impact on project deliverables and outcome of the project. Risk manifestation occurs throughout the cycle of design, development and maintenance of the IT project. Most times these risks may negatively affect the financial stability of the projects, the schedule and quality of the implementation of the project requirements. Theory and practice of IT project management classifies risks into several criteria such as: users, project requirements, project complexity, project planning and control, team, and organizational environment in which the project takes place. To ensure effective risk management of IT projects, project managers need to formalize the identification and monitoring of the risk factors. Thus, we considered appropriate to develop a tool to provide support for IT managers in project risk management. Through this support tool, IT managers can make decisions in real time regarding the occurrence and manifestation of risk factors so that the risk impact would be minimized by appropriate control measures. In this paper we present a multi-criteria Decision Support System to assist project managers in IT project risk management in the planning and execution phases of projects. Keywords: Risks, Project Management, IT Projects, Decision Support Systems, Risk Management JEL classification: M15, L86, D81
1. Introduction IT projects are complex structures of organized activities and resources (human, material, financial and informational resources), based on the methodologies and frameworks for the development and implementation of Information Systems. The diversity and complexity of using these resources in an IT project results in the manifestation of risk factors [1], [2]. These factors significantly influence the planning, execution and completion of IT projects. In this context, IT projects require rigorous managers capable to perform efficient risk management. In theory and practice of IT project management, risks are discussed from two perspectives: risk identification and analysis of the relationship between threats and risks. Risks are classified into several categories (criteria) depending on the factors and risks generating areas: user, project requirements, project complexity, project planning and control, team and organizational environment in which the project takes place. According to an empirical study conducted by Wallace in 2004, there are 6 dimensions of risks in software projects [3]: user risks, project requirements risks, project complexity risks, project planning and control risks, team risks and organizational environment risks.
425
Proceedings of the IE 2013 International Conference www.conferenceie.ase.ro According to Huang and Han [4], project managers can adopt attitudes, skills and practices regarding the risk areas identified in real time within an IT project. To ensure an effective risk management in IT project, it is necessary to formalize the recording and monitoring of the risk factors. In existing literature, there are two points of view regarding risk management. The first one [5], [6], [7] believes it is necessary for the project managers to use a framework in a form of a risk checklist. The other [8], [9], states that it is necessary for the project managers to create certain patterns for software risks that are affected by the project characteristics in order to develop appropriate risk management strategies. Considering the six dimensions of the risk, the decision is multi-criterial for IT project managers. In this context, we consider appropriate to apply a multi-criteria decision analysis to assist IT managers for the selection of the best alternative in IT project risk management. For an effective risk management we considered appropriate to develop a tool to provide support for IT managers in project risk management. The tool assists managers in making real time decisions regarding the occurrence and manifestation of risk factors so that their impact would be minimized by appropriate control measures. In this paper we present a multi-criterial Decision Support System to assist project managers in IT project risk management in the planning and execution phases of projects. The system is based on the risk dimensions identified by Wallace [1] and Huang [2]. These dimensions are considered as decision criteria in the risk areas of IT projects. 2. Research Methodology Research problems We propose a multi-criterial Decision Support System to assist project managers in IT project risk management in the planning and execution phases of projects. Research design The research is quantitative based on experimental development, testing and validating the proposed prototype. Risk modeling was performed on six criteria with a qualitative approach based on the scoring method and Risk Breakdown Matrix (RBM). Risk assessment for each dimension was achieved by summing up the values of the risks elements of each risk dimension (1). Quantifying the risk elements of each dimension was achieved by the multiplying the probability of the risks and their potential impact (2). Risk values for each dimension (criterion) were associated with a set of alternatives that managers can follow (3). The probability of occurrence level and the impact level were quantified on a scale from 1 to 3 (4). = ∑
(1)
,
Ri – Risk value for the “i”; Ri,j – Risk value for the “j” element of the “i” dimension; =∑
,
∗
,
(2)
Pj,k – “k” risk’s probability of occurrence for the “j” element; Pj,k – “k” risk’s potential impact for the “j” element;
426
Proceedings of the IE 2013 International Conference www.conferenceie.ase.ro { Ri } → {Ai,k}
(3)
Aj,k – “k” alternative for the risk of the “i” dimension; {Low, Medium, High} → {1, 2, 3}
(4)
The sample consists of five projects of software development and three projects of software (ERP) implementation. The system was developed using Yii framework [10] based on PHP and MySQL technologies, and distributed on the Apache Web Server. Serve 3. Results and Discussions Next, we describe the system functions and the results obtained by processing data entered on an IT project. The obtained system has the following functions: • Defining the questionnaires base for assessing risks in the six dimensions. dimensions. • Defining the risk assessment model. • Defining the rules for analysis and interpretation of risk values. • Interface to answer the questionnaire (Figure 1 and Figure 2) for the two types of activities: planning and execution. • The report generator.
Figure 1. Risk estimation form - project planning phase
In figure 1, we present the risk estimation form for the project planning phase. On the upper side, there is important information about the project (project ID, project title, project manager, client nt and industry). The risks are listed by their category: user risks, requirements risks, project complexity risks, planning and control risks, project team risks and organizational environment risks. The first estimation column refers to whether the risk is applicable or not in the planning phase. The second column refers to the probability of 427
Proceedings of the IE 2013 International Conference www.conferenceie.ase.ro occurrence of the certain risk. The third column refers to the impact of the possible manifestation of the risk. In figure 2,, we present the risk estimation form for the project execution phase. The form is similar to the previous one and it also has three columns for risk value estimation: risk applicability, risk probability of occurrence and risk impact. In figure 3, we present the project risk matrix report. The report report sums up the values recorded in the risk estimation for the planning and execution phase.
Figure 2. 2 Risk estimation form - project execution phase
Figure 3. Project risk matrix report
In figure 4,, we present the risk value graph for the current project. It is correlated with the values in the project risk matrix report. We observe that the value of the project complexity risk is the highest in the planning phase, while in the execution phase, the value of the project requirements is higher.
428
Proceedings of the IE 2013 International Conference www.conferenceie.ase.ro
Figure 4. Risk value graph
Depending on the outcome of the risk assessment on the six dimensions, IT project managers can take action to minimize the impact of risks on project elements. The generated reports regarding the magnitude of the risk on the six criteria provide a set of alternatives to managers for decision making and necessary actions to ensure IT project success. 4. Conclusions IT project risk management is an area of great interest in current research. The number of IT projects has grown exponentially in recent years. In the same time, the risks associated with these projects have had a significant impact on their success. Through our research, we have shown that the risk management approach is multi-criterial in IT project management. We also emphasized the need for a tool to assist IT managers in risk management in the planning and execution stages. We focused on these steps in order to be proactive and preventive, but also, reactive in choosing the risk management strategy. Thus, the impact of risk is identified in the early stages of the development projects, and managers can react quickly and efficiently. The most important result of this research is the development of a multi-criteria DSS to assist IT managers in risk management in the planning and execution phases of IT projects. Through this work we have added valuable results in the practice and theory of risk management in IT projects. As future research directions we intend to integrate the analysis and centralized monitoring of project risk groups according to managers, industry and customer. We will also redesign the system based on an ontological approach of risk in IT projects. References [1] C. Brandas, O. Didraga and N. Bibu, “Study on Risk Approaches in Software Development Projects”, Informatica Economică Journal, vol. 16, no. 3, pp. 148-157, 2012. [2] O. Didraga, “IT Project Risk Management Tools and Techniques Applied in Romanian IT Companies”, Journal of Applied Business Information Systems, vol. 2, no. 3, pp. 51-58, 2012. [3] L. Wallace, M. Keil and A. Rai, “Understanding software project risk: a cluster analysis”, Information & Management, vol. 42, no. 1, pp. 115–125, 2004.
429
Proceedings of the IE 2013 International Conference www.conferenceie.ase.ro [4] S.-J. Huang and W.-M. Han, “Exploring the relationship between software project duration and risk exposure: A cluster analysis”, Information & Management vol. 45, no.1, pp. 175–182, 2008. [5] T. Addison, “E-commerce project development risks: Evidence from a Delphi survey”, International Journal of Information Management, vol. 23, no. 1, pp. 25–40, 2003. [6] D. Aloini et al., “Risk management in ERP project introduction: review of the literature”, Information & Management, vol. 44, no. 6, pp. 547–567, 2007. [7] M. Keil, et al., “A framework for identifying software project risks”, Communications of the ACM, vol. 41, no. 11, pp. 76–83, 1998. [8] J.J. Jiang and G. Klein, “Software development risks to project effectiveness”, The Journal of Systems and Software, vol. 52, no. 1, pp. 3–10, 2000. [9] S.R. Nidumolu, “Standardization, requirements uncertainty and software project performance, Information & Management, vol. 31, no. 3, pp. 135–150, 1996. [10] ***, Yii Framework, http://www.yiiframework.com/
430
