Formation of an approach to the risk management of it project Текст научной статьи по специальности «Экономика и бизнес»

UDC 330.46:519.866

FORMATION OF AN APPROACH TO THE RISK MANAGEMENT OF IT PROJECT

© 2016 TKACHENKO M. A.

UDC 330.46:519.866

Tkachenko M. A. Formation of an Approach to the Risk Management of IT Project

The article is concerned with the formation of an approach to the risk management of IT project, which would combine the advantages of the concept of frontend management with the common risk-management tools. On analyzing the current status of research in the field of the risk management of IT project, it was found that using advantages of the concept of front-end management requires to develop an adaptive mechanism for both information processing and decision-making. In this regard, an approach, which is based on adaptive model of the risk management of IT project, has been proposed. The model involves using information from the knowledge base, which is being updated in line with changes in the project. Also, in order to identify causal relations between interactions of elements of the project environment and the success of its implementation, as well as to analyze the current status of the project, a block diagram of the project risks has been designed. The designed diagram can be used within the concept of front-end management. Keywords: risk management, IT project, front-end management, adaptive model, knowledge base, block diagram of risks. Fig.: 3. Bibl.: 16.

Tkachenko Mykola A. - Postgraduate Student, Department of Information Management, Kyiv National Economic University named after V. Hetman (54/1 Pe-remohy Ave, Kyiv, 03680, Ukraine) E-mail: tkachenko@rurik.com.ua

УДК 330.46:519.866 Ткаченко М. А. Формування nidxody до управлшня ризиками 1Т-проекту

Метою cmammi е формування nidxody до управлшня ризиками 1Т-про-екту, який поеднуе переваги концепци буферного управлшня i3 загаль-ноприйнятим iнструментар'км ризик-менеджменту. За результатами аналзу сучасного стану дотджень у сферi управлшня ризиками 1Т-проекту було встановлено, що використання переваг концепцИ буферного управлшня потребуе розроблення адаптивного мехашзму оброблення iнфoрмацii та прийняття ршень. У зв'язку з цим було за-пропоновано пiдxiд, який (рунтуеться на адаптивнш модел'> управлшня ризиками 1Т-проекту. Модель передбачае використання iнфoрмацii з бази знань, яка оновлюеться в'дпов'дно до змш у проектi. Також, з метою виявлення причинно-натдкових зв'язмв мiж взаемоЫею еле-мент'в середовища проекту та устшшстю його виконання, а також з метою анал'ву поточного стану проекту, було розроблено структур-ну схему ризит проекту. Розроблена схема може використовуватися в межах концепци буферного управлшня.

Ключов'! слова: управлшня ризиками, 1Т-проект, буферне управлшня, адаптивна модель, база знань, структурна схема ризиш Рис.: 3. Ббл.: 16.

Ткаченко Микола Анатолшович - астрант, кафедра iнфoрмацiйнo-го менеджменту, Ки/вський нацональний екoнoмiчний утверситет iм. В. Гетьмана (пр. Перемоги, 54/1, Кив, 03680, Украша) E-mail: tkachenko@rurik.com.ua

УДК 330.46:519.866 Ткаченко Н. А. Формирование подхода к управлению рисками ИТ-проекта

Целью статьи является формирование подхода к управлению рисками ИТ-проекта, который сочетает преимущества концепции буферного управления с общепринятым инструментарием риск-менеджмента. По результатам анализа современного состояния исследований в области управления рисками ИТ-проекта было установлено, что использование преимуществ концепции буферного управления требует разработки адаптивного механизма обработки информации и принятия решений. В связи с этим был предложен подход, основанный на адаптивной модели управления рисками ИТ-проекта. Модель предусматривает использование информации из базы знаний, которая обновляется в соответствии с изменениями в проекте. Также, с целью выявления причинно-следственных связей между взаимодействием элементов среды проекта и успешностью его выполнения, а также с целью анализа текущего состояния проекта, была разработана структурная схема рисков проекта. Разработанная схема может использоваться в рамках концепции буферного управления. Ключевые слова: управление рисками, ИТ-проект, буферное управление, адаптивная модель, база знаний, структурная схема рисков. Рис.: 3. Библ.: 16.

Ткаченко Николай Анатольевич - аспирант, кафедра информационного менеджмента, Киевский национальный экономический университет им. В. Гетьмана (пр. Победы, 54/1, Киев, 03680, Украина) E-mail: tkachenko@rurik.com.ua

One of the crucial success factors of any project is its fulfilment within the shortest possible terms. This has always been especially relevant for information technology projects. Considering rapid qualitative and quan-titate development of hardware and software, competitiveness of an IT project may be substantially affected by the time of a product release. Delays during the implementation of the project may result in reduction of an economic effect from embedding the software or bringing the product to market.

Fulfilling the project on time depends primarily on effective planning of tasks and risk management. Nowadays project managers widely use such traditional planning methods as Program (Project) Evaluation and Review Technique (PERT) and Critical Path Method (CPM). However, recently, these methods have been noticeably criticized concerning limitations of their use and in respect to emergence

of new methods of drawing up a schedule and tracking progress of the project. The criticism is based on the statistics of projects that failed to meet their due dates [1]. Herewith, the new methods suggest approaches to increasing the probability of their successful implementation.

Among the latter, Critical Chain Method (CCM) should be marked out. The latest version of the Guide to the Project Management Body of Knowledge (PMBOK) [2] defines CCM along with CPM as one of the most well-known project planning methods disregarding a comparatively short term of existence. Critical Chain Method as opposed to Critical Path Method considers resource constraints and, according to its advocates, provides capability to effectively use positive deviations (early tasks completion) in the project. At the same time, CCM is strongly criticized for oversimplification and weak scientific justification.

Б1ЗНЕС1НФОРМ № 3 '2016

www.business-inform.net

It should be mentioned that the use of either method can directly affect project risk management processes, especially concerning risks related to meeting due dates. The tools and priorities of project risk management may depend on the chosen project planning method. This situation conditions further search for directions of improving approaches to IT project risk management.

Formalized methods of tracing and managing the project's progress were developed at the beginning of the XX century and have been widely used since then. Gantt's chart developed in 1910 was the first method of this kind. Later, at the end of 1950's, DuPont corporation developed CCM and almost at the same time PERT got well-known. Some time after, at the beginning of 1960's Monte Carlo statistical modelling was applied to PERT. In 1997 Eliyahu Goldratt proposed a new approach to project scheduling management in his book "The critical chain" [3].

The method is based on criticism, rethinking of constraints and directions of eliminating the disadvantages of Critical Path Method. According to CPM, the tasks on the critical path (critical tasks), have zero completion time reserves and, in case the duration of these tasks changes, the due dates of the project change as well. In this connection, the critical tasks require careful control during the execution of the project, in particular, timely identification of problems and risks. At the same time, notwithstanding the advantages of the method in terms of identification of priorities in the project, the results of the publications analysis [4-7] testify to the presence of the following problems, connected with the use of CPM:

1) CPM doesn't consider resource constraints, which leads to multitasking in the project. Planning the project within CPM may cause a situation, when one resource (employee) is assigned to execution of several tasks simultaneously. Under such circumstances, schedule overruns are quite probable.

2) CPM encourages the "inflation" of the schedule. When drawing up the schedule and carrying out control over the project, traditional project planning models are based on tasks comprising time reserves and having clearly defined due dates. In this connection, the performers may attempt to take into account all factors of uncertainty planning the tasks' durations. According to CPM critics, clearly determined dates and time reserves may result in occurrence of negative behaviour of performers in the project.

3) CPM gives the participants a false sense of certainty about successful fulfilment of the project. Under conditions of high uncertainty (which is particularly relevant for IT projects), estimates of organizations using CPM based on thorough task planning and risk analysis may turn out to be inadequate.

4) CPM increases amounts of work-in-progress. Traditionally project planning is based on the assumption that all the tasks should start as soon as possible. A mode like this, on the one hand, gives the performers more time for executing the tasks. On the other hand, this may increase amounts of work-in-progress and, respectively, the level of resources load as well as result in negative features of the performers' behaviour.

According to PMBOK, Critical Chain Method is "a schedule method that allows the project team to place buffers on any project schedule path to account for limited resources and project uncertainties" [2]. Within CCM, the longest sequence of tasks in the project with consideration for their interconnection is identified. A critical chain is conventionally regarded as the longest chain of works taking into account the sequence of tasks and resource constraints. A chain like this confines the overall project's duration and may be considered as a system constraint. If availability of resources is not a constraint, the critical chain corresponds with the critical path as a particular case.

In order to minimize the impact of uncertainty factors on the project and inefficient use of time reserves, within CCM, it is proposed to reduce the tasks duration estimates and exclude time reserves from them. After that, there performed the aggregation of the time reserves in the form of a buffer, which should ensure that the tasks are completed on time and eliminate inefficient use of safety time caused by multitasking and negative aspects of the performers' behaviour.

In terms of risk management, the key process of CCM is buffer management. Within CCM, buffers are used not only to protect the due dates, they also provide an assessment of the state of the project's implementation. If the tasks take more time than scheduled, the buffer is consumed. In case the task is finished early, the buffer is replenished respectively. Thus, the data concerning the buffer consumption related to the level of the critical chain tasks completion can be used to identify risks and take measures. The buffer consumption is visualized with a corresponding diagram (Fig. 1).

The diagram is conventionally divided into three zones: the green, yellow and red one. If the buffer penetration trend is in the green zone, this means that deviations occur within the statistical error and taking measures concerning their elimination is unnecessary. If the trend gets to the yellow zone, this is a signal for preparing a plan of actions regarding elimination of the deviations. In case the trend line gets to the red zone, taking measures is necessary.

The tasks at the execution of which the trend gets to the red zone are of the highest priority. Thresholds corresponding to the boundaries of the mentioned zones are used to identify the expediency of taking measures concerning mitigation of risks' impact. Moreover, when drawing up a risk response plan, buffer management can provide input data to determine the nature of such response.

As a whole, CCM suggests numerous ways of solving problems inherent to traditional project planning. However, nowadays, in scientific and practical circles there is lack of consensus regarding the assumptions comprising the method. The publication analysis [9-11] testifies to the presence of a series of unsolved problems related to the use of Critical Chain Method.

1) While the introduction of buffers is regarded in whole as a positive step, nowadays there is no scientific base to determine the buffer size. At the same time, there also arise questions concerning the use of the buffer penetration indicator within the buffer management concept considering that the priority of the task may be affected by different factors.

BI3HECIHQOPM № 3 '2016

www.business-inform.net

T3

01

£ 3 -Q c

o c o

3 T3

% of duration consumed

Fig. 1. Buffer penetration diagram [8]

2) It is a problematic issue not only in terms of the justification of time percentage extracted to the buffer, but also concerning individual estimates of task duration made by performers. The process of estimating the duration of tasks is problematic because the performers' estimates may vary depending on personal qualities, work experience, load, level of performers' involvement in the process of estimation and other factors.

3) For a certain number of tasks along with the increase of quantity of the successive relations, the likelihood of occurrence of delays increases. Thus, along with the increase of the number of interconnected tasks, the buffer size also increases, which may result in the violation of the project's due dates.

The latest publications related to CCM are mainly dedicated to development of the empirical base for comparative analysis of traditional and new approaches to project planning as well as to improvement of project buffer formation methods. Thus, based on the results of the research [12], it was identified that CCM is more appropriate compared to PERT in terms of a project plan reliability. In the article [13], the project buffer formation approach considering such parameters as novelty of tasks, complexity, novelty of resources, availability and reliability of resources based on the project's activities is proposed. In the scientific paper [14] it is suggested to determine the size of buffer on the basis of methods of fuzzy logic.

At the same time, less attention is paid to the buffer management concept that can be used as a component of project risk management tools. Taking advantages of the buffer management concept for effective project risk management requires developing an adaptive mechanism of data processing as well as decision-making criteria. In addition, within the practical use of provisions of the concept, integrating buffer management with the risk management domain according to common standards is relevant.

The aim of this article is forming an approach to IT project risk management, which combines advantages of the buffer management concept and conventional risk management tools.

BI3HECIHQÜPM № 3 '2016

www.business-inform.net

Due to their intangible results and using rapidly changing technologies, IT projects are characterized by a high level of uncertainty concerning due dates. The basic difference between CPM and CCM is that CPM envisages consideration of all uncertainty factors in the estimates of tasks' duration while, within CCM, it is proposed to extract an equal percentage of time from the duration estimates to form the project buffer for compensating the consequences of uncertainty.

Occurrence of deviations when using CPM may condition the necessity to reschedule and cause the violation of the project's due dates. However, when using CCM, it is quite probable that the formed buffer will not last to absorb the deviations, which also may cause the violation of the project's due dates. To address the issue of uncertainty in both cases alternatives abstracting either from possible changes during the project implementation (CPM) or from opportunities to forecast task durations accurately (CCM) are proposed. At the same time, uncertainty remains at the planning level or is estimated quite roughly.

If we regard uncertainty according to the provisions of the international standard ISO 31000:2009, it can be defined as a "state of deficiency of information related to understanding or knowledge of an event, its consequence, or likelihood" [15]. In this respect, reducing the level of uncertainty is directly connected with the availability of knowledge of the project and its components. Thus, knowledge of the expected duration of one or other task, experience of the performer, internal and external factors, which may affect the duration of work etc., can increase the accuracy of estimating the time for execution of the tasks as well as facilitate developing adequate measures to respond occurrence of deviations. Thereby, the level of uncertainty is reduced due to gradual risk investigation.

In order to investigate risk in terms of its analysis and development of counter risk measures, it is proposed to use the structural scheme of project risks (Fig. 2).

According to the scheme adduced in Fig. 2, risk sources are specific elements of project environment Ei (the project team, contractors, customers, technological provision, current legislation, government regulatory policy, etc.). The

O

LJJ

CQ

O ^

O m x

Q_

O

e

<

S

u

Project environment elements

E1 ■ ■

happenstance conflict scarce resources subjective factors

UNCERTAINTY (lack of sufficient information)

Fig. 2. Structural scheme of project risks [16]

interaction of the elements forms project implementation conditions expressed by specific circumstances C¡ . Within the project environment, specific events becoming apparent by changes in current conditions (Cx ^ C/) or emergence of new ones (Ci+ x) occur. Any event may have consequences that will affect achieving the project's objectives (O¡) either positively or negatively. Risk is, according to the scheme, the effect of uncertainty on objectives, expressed by a subjective estimate of specific events occurrence probability and consequences.

The proposed scheme allows identifying cause and effect relations between the interactions of project environment elements and the successfulness of project implementation. Moreover, in order to analyze the current state of project execution, the scheme can be used within the buffer management concept. The lowest level of risks, namely, initial circumstances of project implementation (C0), under which deviations take place within natural boundaries, should correspond to the "green" diagram zone. Under such conditions, intervening in the course of the project is inexpedient.

The buffer penetration trend may transfer to the "yellow" zone in case circumstances negatively affecting the project's objectives occur or change. At the same time, the condition of realization of risks corresponding to the aforementioned circumstances is the one not directly threatening the project's objectives but requiring planning measures concerning their elimination. This is particularly relevant closer to the project completion when the buffer is problematically replenished with time from tasks finished before the due time.

The penetration trend falling into the red zone means that there is negative impact of the circumstances on the project's due dates which can't be compensated by continuing the implementation of the project according to the current plan. A situation like this testifies to the fact that the risk not eliminated on the "yellow" level requires taking measures.

Corresponding the buffer management and structural scheme of risks contributes to better understanding of processes as well as cause and effect relations, probability and consequences of events in the project. At the same time, the issue of establishing thresholds for the trend's transition from one zone to another and possibility of extracting a larger number of zones remains problematic. We propose to address this issue by measuring the impact of deviations on the project's objectives using information available in the knowledge base. The effective use of knowledge substantially depends on its organization. According to this, it is proposed to use the adaptive IT project risk management model (Fig. 3).

According to the scheme adduced in Figure 3, the members of the project fill the knowledge base and utilize information about the nature of tasks and their place in the project to analyze risks and develop counter risk measures. While implementing the project on the basis of information comprising data concerning the deviations of project implementation indices (amounts of performed work, terms, costs etc.) from the planned level, the project team makes decisions concerning the expediency of taking counter risk measures. In case the measures are taken, their effectiveness can be tracked during the monitoring of risks and, if necessary, extra measures may be taken.

Determining the laws of distribution of tasks' duration, revealing the reasons of delays (both external and external), classifying risk sources and assessing their impact on the successfulness of the project can contribute to improvement of effectiveness of counter risk measures. At the same time, the main advantage of the model is updating the knowledge base constantly, which allows reducing the level of uncertainty in the project.

In our opinion, it is expedient to identify the possibilities of applying the proposed approached to the activities of Ukrainian IT organizations considering the nature of the project (technologies used, the novelty of tasks, expected results) and the level of the organization's maturity (effec-

BI3HECIHQOPM № 3 '2016

www.business-inform.net

Knowledge base

- Technologies characteristics

- Tasks characteristics

- Risks characteristics

- Statistics on tasks fulfilment and buffers depletion

Data for decision-making

Project participants

- Management

- Performers

- Customers Contractors

Risk management >1

input

input

Fig. 3. Adaptive IT project risk management model

Source: designed by the author.

tiveness of management processes). This, in turn, requires developing a comprehensive classification by numerous characteristics as well as criteria of assessing an organization's maturity level.

CONCLUSIONS

Nowadays, there exists a series of problems concerning implementation of new project planning methods also providing tools for risk management. In this respect, there has been proposed the adaptive IT project risk management model according to which project members utilize constantly updated information from the knowledge base to analyze risks and make decisions on taking counter risk measures.

In context of responding to risk occurrence and developing respective measures, it is proposed to use the structure scheme of project risks that allows discovering cause and effect relations between the interaction of the project environment and the project's successfulness. Moreover, in order to analyze the current state of the project's implementation, the scheme can be used within the buffer management concept.

In our opinion, it is expedient to identify the possibilities of applying the proposed approach to the activities of Ukrainian IT organizations considering the nature of the project and the level of the organization's maturity. This, in turn, requires developing a comprehensive classification by numerous characteristics as well as criteria of assessing an organization's maturity level. Prospects of the further research lie in developing a risk indices system for the project's time and budget dimensions, integrating the buffer management concept with the risk management domain within PMBOK, elaborating a mathematical apparatus for the IT project risk management model as well as investigating knowledge management practices in order to organize the project's knowledge base. ■

LITERATURE

1. CHAOS MANIFESTO 2013 // Versionone [Electronic resource]. - Mode of access : http://www.versionone.com/assets/ img/files/CHAOSManifesto2013.pdf

2. A Guide to the Project Management Body of Knowledge (PMBOK-Guide). Fifth Edition. An American National Standard (BSR/ PMI 99-001-2013). - Project Management Institute, Inc. 2013 -616 p.

3. Goldratt, E. M. Critical Chain / Eliyahu M. Goldratt. - Great Barrington : The North river press-publishing corporation, 1997. -246 p.

4. Critical Path Method and Critical Chain Project Management // The project management hut [Electronic resource]. - Mode of access : http://www.pmhut.com/critical-path-method-and-criti-cal-chain-project-management

5. Dilmaghani, F. Critical Chain Project Management (CCPM) at Bosch Security Systems (CCTV) : Master of Science Thesis / F. Dilmaghani. - University of Twente, 2008.

6. Fertalj, K. A. Is Critical Chain Project Management Really a Novel Technique? / Fertalj K. A. et al. // CECIIS-2008. - 2008.

7. Лич Л. Вовремя и в рамках бюджета: управление проектами по методу критической цепи / Лоуренс Лич / Пер. с англ. -М. : Альпина Паблишерз, 2010. - 354 с.

S. Speed up project delivery using Critical Chain // The Kanban Way [Electronic resource]. - Mode of access : http://www. kanbanway.com/speed-up-project-delivery-using-critical-chain#. VdrP4_ntmko

9. Herroelen, W. On the merits and pitfalls of critical chain scheduling / Herroelen, W., Leus, R. // Journal of operations management. - 2001. - Vol. 19. - No. 5. - P. 559-577.

10. Raz, T. A Critical Look at Critical Chain Management / T. Raz, R. Barnes, D. Dvir // Project Management Journal. - 2003. -P. 24-32.

11. Stratton, R. Critical chain project management theory and practice / R. Stratton // Journal of Project Management and Systems Engineering. - 2009. - Vol. 21. - No. 4. - P. 149-173.

12. Huang, C. L. A comparative study of the critical chain and PERT planning methods: no bad human behaviors involved / Huang, C. L. et al. // International Journal of Academic Research in Business and Social Sciences. - 2012. - Vol. 2. - №. 8. - P. 379-394.

13. Slusarczyk, A. The New Approach for the Project Activities Classification and its Application in the Critical Chain Buffer Management Method / A. Slusarczyk, D. Kuchta // Studia Ekonom-iczne/Uniwersytet Ekonomiczny w Katowicach. - 2013. - Т. 137. -P. 141-162.

14. Jianbing, L. I. Fuzzy Optimization of Construction Engineering Project Schedule Based on Critical Chain Management [Electronic resource] / L. I. Jianbing et al. // TELKOMNIKA Indonesian Journal of Electrical Engineering official site. - Mode of access :

Б1ЗНЕС1НФОРМ № 3 '2016

www.business-inform.net

о

LU

m

о ^

о =п X

Q_

О ©

<

S

Ш

http://www.iaesjournal.com/online/index.php/TELKOMNIKA/ article/view/3591/1931

15. ISO 31CCC:2CC9 - Principles and Guidelines on Implementation. International Organization for Standardization, 2CC9.

16. Лазарева С. Ф. Управлшня ризиками IT-проекпв в сучасних умовах / С. Ф. Лазарева, М. А. Ткаченко // Формування ринкових вщносин в УкраТш. - 2C15. - № б. - С. 1б9-175.

Supervisor - Lazareva S. F., PhD (Economics), Associate Professor, Deputy Head of the Department of Information Management of the Kyiv National Economic University named after V. Hetman

REFERENCES

A Guide to the Project Management Body of Knowledge (PMBOK-Guide): An American National Standard (BSR/PMI 99-001-2C13). - Project Management Institute, Inc., 2C13.

"CHAOS MANIFESTO 2C13" Versionone. http://www.version-one.com/assets/img/files/CHAOSManifesto2C13.pdf

"Critical Path Method and Critical Chain Project Management" The project management hut. http://www.pmhut.com/ critical-path-method-and-critical-chain-project-management

Dilmaghani, F. Critical Chain Project Management (CCPM) at Bosch Security Systems (CCTV) : Master of Science Thesis: University of Twente, 2CCS.

Fertalj, K. A. et al. "Is Critical Chain Project Management Really a Novel Technique?" In CECIIS-2008, 2CCS.

Goldratt, E. M. Critical ChainGreat Barrington: The North river press-publishing corporation, 1997.

Herroelen, W., and Leus, R. "On the merits and pitfalls of critical chain scheduling". Journal of operations management, vol. 19, no. 5 (2CC1): 559-577.

Huang, C. L. et al. "A comparative study of the critical chain and PERT planning methods: no bad human behaviors involved". International Journal of Academic Research in Business and Social Sciences, vol. 2, no. 8 (2012): 379-394.

ISO 31000:2009 - Principles and Guidelines on Implementation. International Organization for Standardization, 2009.

Jianbing, L. I. et al. "Fuzzy Optimization of Construction Engineering Project Schedule Based on Critical Chain Management" TELKOMNIKA Indonesian Journal of Electrical Engineering official site. http://www.iaesjournal.com/online/index.php/TELKOMNIKA/ article/view/3591/1931

Lich, L. Vovremia i v ramkakh biudzheta: upravlenie proektami po metodu kriticheskoy tsepi [On time and on budget: project management for the critical chain method]. Moscow: Alpina Pablisherz, 2010.

Lazarieva, S. F., and Tkachenko, M. A. "Upravlinnia ryzykamy IT-proektiv v suchasnykh umovakh" [Risk management of IT projects in modern conditions]. Formuvannia rynkovykh vidnosyn v Ukraini, no. 6 (2015): 169-175.

Raz, T., Barnes, R., and Dvir, D. "A Critical Look at Critical Chain Management". Project Management Journal (2003): 24-32.

Slusarczyk, A., and Kuchta, D. "The New Approach for the Project Activities Classification and its Application in the Critical Chain Buffer Management Method". Studia Ekonomiczne/Uniwer-sytet Ekonomiczny wKatowicach, vol. 137 (2013): 141-162.

Stratton, R. "Critical chain project management theory and practice". Journal of Project Management and Systems Engineering, vol. 21, no. 4 (2009): 149-173.

"Speed up project delivery using Critical Chain" The Kanban Way. http://www.kanbanway.com/speed-up-project-delivery-us-ing-critical-chain#.VdrP4_ntmko

Б1ЗНЕС1НФОРМ № 3 '201б

www.business-inform.net