Please use this identifier to cite or link to this item:
Title: A risk management methodology with risk dependencies
Authors: Kwan, Tak-wah
Keywords: Hong Kong Polytechnic University -- Dissertations
Information technology -- Security measures
Risk management
Project management
Issue Date: 2010
Publisher: The Hong Kong Polytechnic University
Abstract: Due to the dynamic changes of business environments and the advancements of technologies, information technology (IT) projects are facing lots of challenges, and there is a need of applying systematic approaches to deal with the risks to ensure the project's success. A common characteristic of current risk management approaches is that they consider risks as independent events. In fact, risks are not always independent. As current practices do not clearly manage dependencies between risks, project managers may inappropriately estimate risks and thereby leave risk effectively unmanaged. We believe that explicitly identifying and managing risk dependencies would be important in both initial and ongoing risk analysis and prioritization, and help to develop better risk management strategies and make more effective risk planning decisions. This research formally models the risk dependency and proposes a management methodology to address risk dependencies. The essence of this effort is that we propose methods to re-estimate each identified risk by taking account of risk dependency effects, and we enhance a set of risk management practices to manage the re-estimated risk (named Posterior Risk). As the risk dependency effects can either increase (i.e. non-favorable effect) or reduce (i.e. favorable effect) the probabilities of those affected risks, we further propose a set of novel practices to evaluate, react, monitor and control the risk dependencies. In addition, we develop a set of metrics to measure the risk levels from both project and program perspectives with due considerations of the dependencies between risks. From the case studies of three IT projects, we confirm that risk dependencies do exist in projects and programs, and can be identified and systematically managed. We also observed that, as project teams needed to deal with risk dependency issues, communications between projects were improved, and there were synergetic effects in managing risks and risk dependencies among projects.
Description: xiii, 115 leaves : ill. ; 30 cm.
PolyU Library Call No.: [THS] LG51 .H577P COMP 2010 Kwan
Rights: All rights reserved.
Appears in Collections:Thesis

Files in This Item:
File Description SizeFormat 
b23430199_link.htmFor PolyU Users 162 BHTMLView/Open
b23430199_ir.pdfFor All Users (Non-printable)1.64 MBAdobe PDFView/Open
Show full item record
PIRA download icon_1.1View/Download Contents

Page view(s)

Last Week
Last month
Citations as of Oct 21, 2018


Citations as of Oct 21, 2018

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.