A risk management methodology with risk dependencies

Pao Yue-kong Library Electronic Theses Database

A risk management methodology with risk dependencies


Author: Kwan, Tak-wah
Title: A risk management methodology with risk dependencies
Degree: Ph.D.
Year: 2010
Subject: Hong Kong Polytechnic University -- Dissertations
Information technology -- Security measures
Risk management
Project management
Department: Dept. of Computing
Pages: xiii, 115 leaves : ill. ; 30 cm.
InnoPac Record: http://library.polyu.edu.hk/record=b2343019
URI: http://theses.lib.polyu.edu.hk/handle/200/5337
Abstract: Due to the dynamic changes of business environments and the advancements of technologies, information technology (IT) projects are facing lots of challenges, and there is a need of applying systematic approaches to deal with the risks to ensure the project's success. A common characteristic of current risk management approaches is that they consider risks as independent events. In fact, risks are not always independent. As current practices do not clearly manage dependencies between risks, project managers may inappropriately estimate risks and thereby leave risk effectively unmanaged. We believe that explicitly identifying and managing risk dependencies would be important in both initial and ongoing risk analysis and prioritization, and help to develop better risk management strategies and make more effective risk planning decisions. This research formally models the risk dependency and proposes a management methodology to address risk dependencies. The essence of this effort is that we propose methods to re-estimate each identified risk by taking account of risk dependency effects, and we enhance a set of risk management practices to manage the re-estimated risk (named Posterior Risk). As the risk dependency effects can either increase (i.e. non-favorable effect) or reduce (i.e. favorable effect) the probabilities of those affected risks, we further propose a set of novel practices to evaluate, react, monitor and control the risk dependencies. In addition, we develop a set of metrics to measure the risk levels from both project and program perspectives with due considerations of the dependencies between risks. From the case studies of three IT projects, we confirm that risk dependencies do exist in projects and programs, and can be identified and systematically managed. We also observed that, as project teams needed to deal with risk dependency issues, communications between projects were improved, and there were synergetic effects in managing risks and risk dependencies among projects.

Files in this item

Files Size Format
b23430199.pdf 1.671Mb PDF
Copyright Undertaking
As a bona fide Library user, I declare that:
  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.


Quick Search


More Information