In the past year, the world witnessed major turbulence in the global economy. Many companies restructured themselves, some merged with others, filed for bankruptcy, acquired another company, and some implemented drastic layoffs. This resulted in a decrease in the resources available to all departments and a subsequent increase in business risks. Additionally, the U.S. economy has shrunk sharply since last autumn, with a real gross domestic product (GDP) having dropped at an annual rate of more than 6 percent in the fourth quarter of 2008 and the first quarter of 2009. One of the enormous costs of this economic downturn is the loss of 6 million payroll jobs over the past 15 months (Bernanke, 2009).
Another issue facing companies is globalization. The globalization of companies introduces many challenges. To meet these challenges, companies are required to become more innovative and introduce new ideas. The need to change is forcing corporations to organize their projects and their systems. Many companies depend on their own resources or external resources to meet their objectives and be better prepared for changes in their surrounding environment.
Moreover, corporations are facing new and different types of risks every day because of the changes in the world environment. These changing environments might introduce new risk or raise existing risks to the corporations. The source of risks can be differentiated between those that are internal or external. This risky environment, if not managed appropriately, might negatively affect the existence and possible future conditions of corporations. Chapter 1 Introduction 1 A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT)
With recent headcount reductions, IT Projects are faced with many challenges and risks and new projects are conducted with fewer resources available. A 2009 report by CHAOS stated that there is an overall decrease in the IT project success rate. , As a result, managing risks properly in IT projects is extremely critical for project success and risk management (RM) might need renewal to improve project performance and have project management activities perform more effectively.
Process-Based Life Cycle Assessment
The term "life cycle assessment" and the first approach to conduct LCA was officially agreed at the first Society for Toxicology and Chemistry (SETAC) conference involving 54 of the practitioners in the field held in Vermont, USA in 1990. The first approach of conducting LCA was termed as process-based LCA referring to itemizing the inputs (materials and energy resources) and the outputs (emissions and wastes to the environment) along the phases of producing a product or a service. The important challenge addressed in this workshop was how to link the measurable or estimated input and output processes of industrial systems to the resulting environmental impacts which is widely unknown (SETAC, 1991). The first technical framework for conducting Process-based LCA was developed at the above conference. It included three distinct phases to address the above challenge. The description of the three phases is as follows:
The inventory phase: provide a detailed description of the inputs of energy and raw materials into the system and the outputs of solids, liquids and gaseous wastes from the system.
The interpretation phase: provide inventory results that are linked to identifiable environmental problems.
The improvement phase: provide the system modifications in some way in an attempt to reduce the environmental impacts.
In 1992, at the Leiden workshop, this triangle was modified as shown in Fig. 2. introducing the goal definition, scoping and impact assessment explicitly into the framework.
.
Introduction to Risk Management
Risk is an event that might cause obstruction to project progress and can have negative results on the deliverables. Risk is the possibility of something going wrong as a consequence of a threat or a vulnerability and can have a major impact on the operation (Mees, 2007). RM involves a number of managerial processes that companies utilize as a necessity in managing and controlling risks in a wide variety of projects. The purpose of RM is to identify all potential risks and opportunities, and construct a comprehensive Risk Response Plan to minimize the risks to an acceptable level. Additionally, RM consists of a series of iterative processes that assists a project team in the comprehension and management of risks (Bandyopadhyay, Myktyn, & Myktyn, 1999).
The term RM is used in a broad variety of disciplines, which combines concepts and techniques from different fields such as economics, statistics, decision theory and information technology (Mees, 2007). For example, RM provides control and documents practical decisions and actions based upon the monitoring of what is going wrong. RM identifies those factors and resources that are important or critical to project success and considers what the relevant risks are. RM also considers the approach to be taken to address and minimize these risks (Bruckner, List, & Schiefer, 2001). RM is described as a systematic and iterative process of identifying, analyzing, and responding to project risks in order to reduce the potential negative events and maximizing the positive events in terms of consequences and probabilities (Kasap D. & Kaymak, 2007).
Improvement to RM may be beneficial by allowing the organization to become more knowledgeable, and thereby facilitate faster response to changing environment risks. A RM system should be based on a secure platform for storing, processing and transmitting organization information. Moreover, a number of authors have found that RM needs to be changed to enhance the alignment of risk with the organization's strategy, improve risk response judgments and minimize process shocks and losses.
Scope of Dissertation
This section will outline the scope of the study in terms of the following aspects: -Review the background literature on KM and the framework. -Review the background of RM and applications. -Analyze RM applied in IT projects. -Identify the need for integrating KM with RM. -Attempt to link certain KM processes with RM processes.
The Standish Group's 2004 "CHAOS" study updated and incorporated data from several thousand software development projects and reveals that only 28 percent of IT projects were completed on time and on budget, down from a previous high of 34 percent. Another 18 percent (up from 15%) were canceled before completion of the development cycle and the remaining 51 percent were completed over-budget, behind schedule, and contained fewer functions than originally specified. Remarkably, CHAOS Summary 2009 results showed a marked decrease in the project success rates, with only 32% of all projects succeeding, which are delivered on time, on budget, with required features and functions.
Chapter 2 - Literature Review
Risk Management in IT Projects
In a study by Standish Group, CHAOS Summary 2009, Jim Johnson, Standish Group CIO (2009) claims that "This year's results show a marked decrease in project success rates, with 32% of all projects succeeding, which are delivered on time, on budget, with required features and functions". He stated "44% were challenged which are late, over budget, and/or with less than the required features and functions, and 24% failed, which are canceled prior to completion or delivered and never used." Also, "These numbers represent a downtick in the success rates from the previous study, as well as a significant increase in the number of failures". Moreover, they are a low point in the last five study periods. This year's results represent the highest failure rate in over a decade" (Johnson, 2009).
According to Doughty (2005) high failures in delivery of IT projects continues to occur in the UK. These problems are not unique to Government, but when public sectors' projects are not delivered on time, citizens lose out both as taxpayers and as customers because additional expenditures are required to rectify problems Chapter 3 Focal Theory and Applications 61 A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) and the achievement of anticipated benefits is deferred. These shortcomings can be widespread and have many adverse impacts. The impacts are on citizens, the ability to manage Information Systems, financial management, business development and achievement of anticipated benefits.
In fact, RM is a distinct discipline, which integrates knowledge from a variety of other business fields. It is a discipline where varieties of methodologies are brought to stand on a specific problem. RM is very important and integral part of any business and well recognized by the project management institutions (Del Cano & Cruz, 2002).
In terms of IT projects, risks can vary, whether it is a software development project, security project, outsourcing project, or specific programming task. Boehm & Bose (1994) claim that any project involves several classes of participants (customer, development, user, and maintainer), each with own satisfaction criteria. For customers and developers budget overruns and schedule slips are unsatisfactory. For users' products with the incorrect functionality, user-interface shortfalls, performance deficit, or reliability deficit are unacceptable. Also, for software maintenance personnel poor-quality software is intolerable (Boehm & Bose, 1994).
IT projects are known for their high failure rate. In-depth interviews with IT professionals from leading firms in Western Australia were undertaken to determine how IT risks were managed in their projects. The respondents ranked 27 IT risks in terms of likelihood and consequences to identify the most important risks (Baccarini, Salm, & Love, 2004). The top 5 ranking risks, were personnel shortfalls; unreasonable project schedule and budget; unrealistic expectations; incomplete requirements; and diminished window of opportunity due to late delivery of software. Furthermore, the respondents overwhelmingly applied the treatment strategy of risk reduction to manage these risks. Additionally, these strategies were primarily project management processes, rather than technical processes. Therefore, this demonstrates that project management is a RM strategy. In particular, managing software developers' expectations is a specific risk treatment that helps to manage several key IT risks (Baccarini, et al., 2004).
Maguire (2002) claims that the risk issues in reference to software development process were not viewed as an essential subject of discussion. On the other hand, most organizations hope to implement systems successfully while still assuming their regular business processes. Yet, new systems are not implemented in a timely manner and many authors concur that the first step in developing a business continuation plan is to carry out a risk assessment. Examples of risks associated with software development are (Maguire, 2002):
Implementing an earlier or unused platform: failure to deal with known and unknown bugs
Multi-tasking potential: inability to handle user numbers and response times.
Changes to the development team by having several project managers. 4. Lack of thorough examination and testing in a live environment
Lack of analysis in business areas.
Failure to satisfy the system requirements of the different software developers
Consultancy support: numerous providers of consultancy with disparate aims and objectives
System substitution - lack of contingency planning
Availability of qualified staff.
Furthermore, Sommerville (2006) points out that there are three categories of risks:
1) Project Risk: These risks affect the project schedule or resources.
2) Product Risks: These risks affect the quality or performance of the software being developed.
3) Business Risks: These risks affect the organization developing the software.
Furthermore, the author defines six types of risks that can arise in software engineering:
Technology Risk: These risks are derived from hardware or software technologies applied during the development of s system.
Organizational Risks: These types of risks resulted from the organizational environment where software is being developed.
Tools Risks: Risks which resulted from using Computer Aided Software Engineering CASE tools and other supported application software to assist in developing software.
People Risks are associated with individuals in the development team.
Requirements Risks are derived from changes to the customer requirements and the process of managing the requirement changes.
Estimation Risks: These risks are derived from the management estimates of the system characteristics and the resources required building the system.
Another study by Addison & Vallabh (2002) explain that software project risks are considered to be an issue that need to be addressed and thereafter controlled. The authors list the most common risks encountered regularly during the software projects:
Unclear or misunderstood scope/objectives.
Unrealistic schedules and budgets.
Lack of senior management commitment to the project.
Failure to gain user involvement.
Inadequate knowledge/skills by project personnel.
Lack of effective project management methodology.
Misunderstanding the requirements.
Often developers and analysts think of additional capabilities or changes, resulting in unsatisfied user and unnecessary costs.
Developing the wrong software functions.
Subcontracting resulting in a short fall in externally developed components.
Introduction of new technology that has not been used successfully at other companies.
The failure to manage end user expectations.
By examining the literature reviews, IT projects can range from software development, outsourcing, communications and implementing a new security infrastructure. Also, these IT project risks might have a particular management in a different project. Risks are resulting from many factors involved in the projects. Each factor will depend on the type and purpose of the project. In the next section, the researcher will examine the RM in IT projects.
Role of Risk Management in IT Projects
This section will explore the role of RM in different types of IT projects. Roy (2004) points out that software development projects are particularly demanding for risk analysis. They include a wide variety of risk factors across a number of different software developer's predetermined perspectives. RM for software projects is intended to minimize the chances of unanticipated events, or more purposely to keep all possible outcomes under firm management control (Roy, 2004). Moreover, RM must be an integrated part of the project management framework if it is to be effective. Furthermore, RM is concerned with making judgments about how risk events are to be treated, valued, compared and combined (Roy, 2004). The propose of RM is to develop a detailed analysis of the organization and project domains to develop a complete set of risk factors and to ensure they are appropriately organized to reflect all the software developers and the various risk perspectives that are required (Roy, 2004).
P. Higuera & Y. Haimes (1996) state that the goal of Software Engineering Institute (SEI) Risk Program is to enable engineers, managers, and other decision makers to identify, sufficiently early, the risks associated with software acquisition, development, integration, and deployment so that appropriate management and mitigation strategies can be developed on a timely basis. Since time is critical, the goal is to act early before the source of risk develops into a major crisis. According to P. Higuera & Y. Haimes (1996) the purpose is to be responsive in risk mitigation and control rather than be proactive in risk prevention and control. Risk Mitigation and Control is the goal of well defined RM. The value of RM methodology and tools is to buy smarter, manage more effectively and identify opportunities for continuous improvement. Benefits Chapter 3 Focal Theory and Applications 66 A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) achieved with RM are the ability to gain information, manage databases more efficiently, improve industry and review and evaluate progress.
Chapter 3 Approach/Methodology
In this chapter, the research process model and research strategy are elaborated as well as the research methodology. The research strategy is based on interviewing 10 experts in the field of KM and RM. The researcher has taken into account the different research philosophies, research approaches and methods needed to conduct research in the research domain, such as to conceptualize the research domain of discourse and the solution, and also to verify these models in terms of the research goals and objectives and validate the research hypothesis.
Research philosophies are described providing the context for choosing the appropriate methods and techniques of the research methodology including the description of the approach, purpose, strategy and data collection. Figure 20 illustrates the research process methodology flowchart adapted from Steenkamp & McCord (2007), in which the flow of research tasks, and the decisions made during a research project are illustrated. This model was used to guide the research processes supported by specific research methods during the research project.
Research Conceptualization
This conceptual framework was created based on an in-depth study of KM and RM. The researcher examined profoundly different KM literature reviews in background, processes and applications as well as RM in terms of background, processes and application. Due to huge background of both KM and RM, the researcher started examining the possibility of linking KM and RM together. One of the links between the KM and RM can be the processes. Then, the researcher studied in-depth several literature reviews related to processes for both KM and RM to understand its input, process and output. Every process is a collection of structured activities and tasks to produce a specific service or product; therefore, RM might be impacted by external factors such as KM, which is a subject in its own right.
The analysis of major processes of KM and RM provided a possibility of finding a link between them. Next, the author created a meta-model containing class diagrams illustrating the major components of KM and RM. Using this class diagram, the author identified the relationships between KM and RM.
The following tools and techniques have been used on this research project: Microsoft Visio, WinWord and PowerPoint for the creation of the different models listed above. The purpose of the models is to provide a visual description of the major elements of KM and RM processes interacting with each other.
Demonstration of Concept
To demonstrate the conceptual solution to the research problem, the KBRM (RiskManIT) framework and supporting methodology were applied. This application of the conceptual solution demonstrated the conceptual framework and methodology developed in this dissertation to implement knowledge-based tools and techniques during the RM process execution.
Chapter 4 Analysis and Final Proposal
This chapter provides an elaborate description of the proposed framework for the integration of KM and RM of IT projects. The researcher realizes the importance of KM in every aspect of private life and business based on the author's previous research in KM and practical experience in business. Furthermore, risks surround us in our personal and professional lives and RM identifies potential problems that might happen. Moreover, most tasks require many complicated steps, processes or procedures to accomplish. Therefore, to execute a task or process successfully, it is essential to have the appropriate and right knowledge, allowing us to make the right decisions and responses called for during the task execution.
Tasks, processes or procedures are executed to achieve some goals and objectives and it is important to achieve them with minimum loss. In this research, it is argued that knowledge is indeed needed and must be integrated carefully with RM to ensure correct execution. To obtain the integration of KM with the RM processes, the relationship between knowledge and risk has been examined to produce an integrated framework.
Software projects have several risks that require KM involvement. Murthi (2002) lists the possible software risks as:
Requirements: Unclear or uncertain requirements introduce large risks. This is the most common type of risk and is probably responsible for most failed or delayed projects.
Technology: At some point in development (usually late in the cycle), the team discovers that the technology cannot satisfy system requirements. For example, team members could assume that the database they use is not easily corrupted, but when they actually build the system, they found that it has bugs that can cause it to become corrupted frequently.
Resources: When a project does not get the required people, money, facilities, or equipment, the shortfalls degrade both schedule and morale. Identifying an alternative resource can help. For example, another team might be willing to share some of its server capacity until the new server arrives.
Skills. These risks arise if, for instance, the team is unfamiliar with the technology or business process. Providing training and bringing in consultants with the missing skills, who can mentor the team, will help mitigate this risk.
Integration: Most applications must integrate with other applications. Miscommunication and misunderstandings cause systems to miss sharing accepted interfaces; hence they do not functional correctly together as expected. Communication is the key to reducing this risk.
Therefore, KM contributes to better requirements analysis, communication and sharing of skills, which may result in more efficient project progress. Rodriguez-Montes & Edwards (2008) indicate that effective RM process modeling cannot be achieved without the assistant of a well established KM process model. Therefore, a well defined, designed and integrated KM and RM framework is essential to improve decision-making in IT projects (Rodriguez-Montes & Edwards, 2008). The goal of RM is to be more efficient in order to get Chapter 5 Conceptualization of KBRM for IT Projects A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) better solutions for risk issues and to extend the experience, results, and solutions to more problems. RM also promotes the use of technology in an improved manner by having the organization use an integral risk information system
Barquin (2006) claims that RM must be considered as part of a KM environment. If you look at "risk" as a knowledge domain, then many of the KM practices are clearly applicable. Henry Kissinger once said "an issue ignored is a crisis invited." Therefore, RM solutions are crucial to avert these potential crises and managing risks within the context of a KM framework will give the agency a robust programmatic base.
Moreover, new management methods have surfaced to deal with changes and a several authors recognize KM and RM views as very significant in competitiveness and strategy (Dalkir, 2005), (Dickinson, 2001). Risk Management and Knowledge Management must be viewed holistically. Based on a study by Shaw (2005), KM as a discipline can add positively to RM implementation in reference to data and information management, risk-knowledge sharing, analysis consolidation and reporting. Furthermore, RM is a discipline that organizations can no longer afford to ignore. KM must site right at the heart of the RM strategy, if companies are serious about both mitigating the effects of the threats their operations encounter and seizing the opportunities that are passed their way (Scott, 2002).
There are several inspiring reasons for a KM driven approach to RM. A company cannot manage its risks effectively if it cannot manage its knowledge (Neef, 2005). RM is a highly critical and important process for successful project execution and is a knowledge-intensive area. The success of implementing RM Chapter 5 Conceptualization of KBRM for IT Projects A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) depends mainly on the amount, access and quality of knowledge, which applies to a wide variety of projects. A proactive RM process depends in the capability of the corporation to utilize knowledge of its own employees regarding risk alleviation and enables the project team members to receive accurate and timely information about potential risks that might occur (Neef, 2005). Also, G. Dickinson (2001) presents knowledge as a means to decrease the risk; therefore modeling risk knowledge is one of the pieces of knowledge management to be employed. Risk-knowledge donates to control, business strategy and underwriting processes because these activities depend on human actions and risk knowledge transfer has value in those processes.
The lack of documentation on the success or failure of past projects is one reason for inefficient RM utilization or non-utilization in software development projects. Besides RM knowledge, the past experience analysis is fundamental to helping project managers in the planning and controlling of risks. Risk Response Planning can be enriched by using knowledge and experience acquired by the various managers while working on the several organization projects. Therefore, it is necessary that risk knowledge be captured and stored throughout the project's development, to enable the future utilization of risk knowledge (Farias, et al., 2003).
The study by Rodriguez-Montes & Edwards (2008), presents the concept of Risk Knowledge Management (RIKMAN) as the application of KM processes to support Enterprise RM. To get this support it is necessary to use an Enterprise Risk Knowledge Management System (ERKMAS) where the risk modeling process is a component. A Risk Response Planning requires organization experience, as it is strongly centered on the experience and knowledge acquired from former projects. Risk planning can be enriched by using knowledge and experience acquired by the various managers while working on the various Chapter 5 Conceptualization of KBRM for IT Projects A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) organization projects. It is also necessary for risk knowledge to be packaged and stored throughout project development, in order to use it in future (Boffoli, Cimitile, Persico, & Tammaro, 2005).
In a research conducted by Sallmann (2007), the existing RM services didn't take advantage of KM. Introduction of KM concepts would provide competitive advantage against the changing risk environment. One way corporate risk managers in industry could improve their capabilities and services is by applying a new knowledge-based approach. Sallmann (2007) indicates that KM is a keystone component which is identified as missing in the current state of major risk analysis trends. Sallmann (2007) outlines the RM processes as: risk identification, risk assessment, risk analysis, risk handling and risk monitoring. This author based his findings on intensive literature reviews and identified a wide range of risk identification tools such as inspection analysis, document analysis, organizational analysis, interviews, checklists and technical analysis methods. In risk analysis processes, lessons learned and best practices can be used to elicit knowledge. Risk handling applies the relevant lessons learned and best practices captured in the risk analysis process. In risk monitoring, the reapplying of the knowledge-based RM process ensures the success of the RM role. Finally, knowledge gathered throughout the process is collected and stored in the form of new lessons learned and best practices, which can be reapplied in other projects (Sallmann, 2007) .
Several authors have mentioned the risks encountered during IT projects and how KM might play an important role in enhancing the execution of RM. Most authors recognized how well integrated KM and RM models are crucial to improve IT projects executions. However, none of the authors defined a clear and comprehensive framework to demonstrate how to integrate the KM and RM processes together. The next paragraphs will be focused on finding the links between KM processes and RM processes. Figure 1 illustrates a context diagram for the KBRM integration.
Figure 1 Context Diagram for the Proposed Knowledge-Based Risk Integrated Framework
Figure 1 contains two sections, the technology represented by the repository environment and the process section represented by KM and RM environment. It also portrays knowledge essentials as components that contain the foundation for utilizing knowledge and the practices and techniques options used to employ, capture and share knowledge throughout KM processes.
Figure 2 Use Case Context Diagram for the Proposed KBRM Framework
Figure 22 illustrates the interaction of employees with the proposed KBRM framework using Use Case tools. Chapter 5 Conceptualization of KBRM for IT Projects A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) Figure 22 Use Case Context Diagram for the Proposed KBRM Framework
Figure 23 Meta-Model for the Proposed KBRM Framework
Figure 23 is a UML class diagram of the meta model of the proposed KBRM framework. The purpose of the UML diagram is the modeling of the important components of the proposed KBRM framework and their relationships using a graphic notation, and is instantiated after adoption by a client. Chapter 5 Conceptualization of KBRM for IT Projects A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) Figure 23 Meta-Model for the Proposed KBRM Framework
The important components of the proposed KBRM framework in abstract format are described in the following sections to assist in the understanding of the KBRM framework.
The role of Knowledge-Based Risk Capture (KBRC) is to capture the right knowledge whether tacit or explicit and use both internal and external sources based on requests, which are submitted to the requester. The knowledge capture enables obtaining the appropriate information based on previous experiences and encounters. Knowledge capture must be submitted to the RM process at the right time and the information must be from the right person. This establishes a well defined and relevant identified risk and determines the scope of the project. The purpose of KBRC is to save the project team time and money by not having Chapter 5 Conceptualization of KBRM for IT Projects A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) to searching for information from previous projects. The result is a well-defined project risk profile.
Knowledge-Based Risk Discovery (KBRD) utilizes data mining tools to discover new risks that are associated with a particular project. This process also analyzes existing data from the previous projects and discovers any relation or trends for the existing project. The result of this process is in identifying the most relevant risks to the current project and thereby save the team time and money.
The purpose of Knowledge-Based Risk Examination (KBREx) is to inspect the list of risks collected in the previous process and provide only the confirmed list according to the IT project's objectives and goals.
Knowledge-Based Risk Sharing (KBRS) allows employees to engage in RM activities by organizing, categorizing and monitoring risks as they relate to each business process. In fact, knowledge sharing across functions enables employees to develop a big picture view of the company and identify the enterprise risks that span the organization and the interrelationships of those risks ("The New Age of Innovation: Managing Global Networks to Unlock Customer-Created Value in Your Company," 2008). The importance of this process is to have the team share their tacit and explicit knowledge on risks encountered in preceding work and their experience. The team can also share their thoughts by analyzing previous projects in a joint team environment, result in an enhanced risk analysis and planning process.. The purpose of KBRS is to communicate explicit or tacit knowledge of risks effectively across the project team. This sharing prompts learning from previous experiences, which helps to identify any triggers for risks in the current project. Chapter 5 Conceptualization of KBRM for IT Projects A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT)
The Knowledge-Based Risk Evaluation (KBRE) assesses the progress of the risk execution and monitoring by capturing any new encountered experiences or lessons learned. This process will help in enriching the KM repository by collecting and storing of additional information, so it can be used in future projects.
Knowledge-Based Risk Repository (KBRR) is considered as the heart of the Knowledge-Based Risk conceptual framework. This repository contains all experiences, case studies, lessons learned and best practices. The KBRR can be used by the team to formulate their risk mitigation, analysis and planning. Moreover, KBRR can be used to indentify subject matter experts related to the project. Data updating and modification of risk processes and related information of the knowledge-based database can be updated and modified by the KBRR. Furthermore, KBRR can provide a real-time notification during the project execution of potential risks, and this can result in detecting risks that might otherwise be overlooked by the team, preventing a loss of time and money. KBRR also supports education and training based on previous project experiences to enhance the experience of employees and expand their knowledge.
The purpose of Knowledge-Based Risk Education (KBREdu) is to provide training and education to enhance the team's knowledge for future encountered situations that closely match a previous experience. Training and education help teams to be prepared for risks that might occur on future projects and may assist in the avoidance of mistakes. This may result in saving time and money on future IT projects.
The Proposed KBRM Process Framework for IT Projects (RiskManIT)
The proposed KBRM framework illustrates the integration of some KM processes with RM processes to enhance risk identification, analysis, risk response planning, execution and monitoring by capturing and utilizing the appropriate and relevant risks based on organization goals and objectives. The purpose is to develop a road map for organizations to implement this conceptual framework for IT projects.
This section is adapted from the research publication: Karadsheh, L.; Alhawari, S.; El-Nathy, N.; Hadi, W.; (2008). "Incorporating Knowledge Management and Risk Management as a Single Process" which was accepted for the Proceeding of the GBDI Tenth International Conference, Las Vegas, October (2008).
Figure 25 illustrates an enhanced KBRM framework, called RiskManIT, which differs from the published framework mentioned in the previous paragraph. It contains additionally the Knowledge Application and Education component to provide a portal to access the latest information from the Knowledge-Based Risk Repository (KBRR) and provides for updating the knowledge relevant to risks residing in the repository. The Knowledge Essentials was also added to the framework. The Knowledge-based Risk Capture (KBRC), Knowledge-Based Risk Discovery (KBRD), Knowledge-Based Risk Examination (KBREx), Knowledge-Based Risk Sharing (KBRS), Knowledge-Based Risk Evaluation (KBRE), Knowledge-Based Risk Repository (KBRR) and Knowledge-Based Risk
A Framework For Integrating Knowledge Management With Risk Management For Information Technology Projects (RiskManIT) Education (KBREdu) are illustrated in relation to RM processes shown in Figure 25.
Knowledge-Based Risk Capture Process
In this conceptual framework, the Knowledge Capture process focuses on capturing both explicit and tacit knowledge, which exists within people and artifacts inside and outside the organization (Becerra-Fernandez, et al., 2004). Its main components are the internalization and the externalization processes (Nonaka & Takeuchi, 2004). Externalization engages in converting tacit knowledge into explicit knowledge such as concepts, visual and words (Nonaka & Takeuchi, 2004). Internalization involves converting of explicit knowledge into tacit knowledge, which represents the learning concept.
Knowledge Capture relies on several mechanisms to support the elicitation of both tacit and explicit knowledge (Becerra-Fernandez, et al., 2004). The mechanism is the source of capturing explicit and tacit knowledge through different means. The mechanisms for externalization are models, prototypes, best practices and lessons taught (Becerra-Fernandez, et al., 2004). Consequently, the mechanism for internalization is learning by doing, on-the-job training, learning-by-observation and face-to-face meetings. Finally, any organization must create mindful efforts to detect, investigate and classify relevant knowledge to capture it (Parikh, 2001). Figure 27 illustrates the activities, input and output associated with the KBRC process.
Risk Identification
Risk Identification is studying a situation to realize what could go wrong in the product design and development project at any given point of time during the project. Sources of risk and potential consequences need to be identified, before they can be acted upon to mitigate risk (Ahmed, Kayis, & Amornsawadwatana, 2007).
Also, Risk Identification determines which risks might affect the project and documents their characteristics (Barati & Mohammadi, 2008). The purpose of Risk Identification is to identify a list of risks to which the IT project is exposed. The Risk Identification process is lengthy and creative. It relies on well trained, highly experienced human experts who are able to think creatively and imaginatively about the range and probability of future outcomes attached to a wide variety of events related to the project and its political and economic environment (Rezaie, Haghnevis, & Sajedi, 2007). Therefore, Knowledge Capture plays an important role in acquiring the knowledge of risk. As a result, the KBRC process captures all risks from previous reports, lessons learned, other similar incidents and relevant articles as explicit knowledge. In terms of tacit knowledge, this process plays a major role in capturing the knowledge of risks from people based on their experience and relies on problem solving expertise. The result of the captures is stored in the explicit form containing the list of identified risks and is accessible to involved personnel.
Also, during this stage the historical and current RM circumstance and risk state information are captured. This helps in enriching project risk profile, which contains the total of all the individual risk profiles and risk states ("Systems and software engineering -Life cycle processes - Risk management," 2006).
According to Project Management Institute (A Guide to the Project Management Body of Knowledge : PMBOK guide, 2004) Risk Identification is an iterative process because new risks may become known as the project progresses through its life cycle. The frequency of iterations and who participates in each cycle will vary from case to case. Therefore, utilizing KM Tools and Techniques continuously and iteratively is required to ensure accurate and complete set of identified risks is essential.
Conclusion
The main findings derived from the research presented in this dissertation are:
A review of normative literature described a more detail KM theoretical framework. The proposed KM framework was described.
Based on the review of normative literature performed in this research project a theoretical framework that describes the integration of KM and RM is lacking. Therefore, the proposed KBRM framework provides a valid process to describe the integration between KM and RM processes.
It is possible to formulate a methodology for integrating KM and RM processes, and show its application, as was done by demonstrating the concepts presented in this research project.
Having live and dynamic integrated knowledge and risk repository is essential to the organization to execute RM. Therefore, the integration of KM and RM processes can form a valid Knowledge Education has a positive impact on RM processes and employees.
The integration of KM and RM repository provides better training, education and awareness. Therefore, the integration of KM and RM can form a valid KBREdu.
Knowledge Essentials utilizing KM tools, techniques, technologies and culture provide positive impact on RM processes.
The integration of KM and RM processes improve the organization's ability to manage the mitigate risks in IT projects.
A structured methodology for applying the KBRM (RiskManIT) conceptual solution is described and this provides a clear way of applying the conceptual solution in an IT Projects.
In support of the hypothesis, the research validates the integration of KM in support of RM processes, when applied to IT projects, which improves the organization's ability to manage risk response planning by enhancing risk identification, analysis, and mitigation.
Conceptual model validation is defined as determining that the theories and assumptions underlying the conceptual model are correct, and that the model representation of the problem entity is "reasonable" for the intended purpose of the model (Shanks, Tansley, & Weber, 2003). The following Conceptual validation criteria have been presented to support the KBRM (RiskManIT) framework.
This research contributes to the understanding of the KM, RM and related processes. The research has succeeded in proposing a framework that enriches current research by offering specification, justification and validation of a set of interrelationships between important factors. Most importantly, this research describes an integration of KM and RM processes as the KBRM (RiskManIT) framework to improve RM. Moreover, the research described a structured methodology for applying the conceptual solution to enterprise IT project.
