Risk in Information Technology Project Portfolio Management

Article excerpt

ABSTRACT

This study synthesizes previous research on risks in various reference disciplines into integrated typology of risk factors and offers unique propositions for IT project portfolio management. The paper examines and synthesizes research in strategic information systems planning, IT governance, IT project management, financial portfolio management, and product development. The synthesis resulted in an emergent typology of five categories of risk of relevance to the IT project portfolio manager and 13 unique propositions establishing the relationship between specific risk factors and the overall portfolio risk levels. This typology offers a way to analyze portfolio risks through generic categories, simplifying the assessment portfolio risk in the portfolio management process. Both CIOs and portfolio managers could find this research beneficial in their assessment of portfolio risk, portfolio health, and the project selection and review process.

1. INTRODUCTION

As the growth of information technology (IT) projects ballooned over the decades, the corresponding growth in the scope and breadth of these projects has frustrated executives in the management of their investments. Translating strategic goals into successful projects would help ensure that IT investments resulted in increased business performance. Research into business-IT alignment answered some of the questions about how to translate IT investments in business to business performance (Bergeron, Raymond, and Rivard 2004; Bruce 1998; Burn and Szeto 2000). Now executives are implementing organizational structures that support strategic alignment, IT governance, and project selection and prioritization. This structure, IT project portfolio management, bridges the gap between project management and strategic management. Its function is to analyze strategic objectives and organization competencies in order to structure information systems for the corporation to communicate and store information effectively and efficiently. Traditionally, Strategic Information System Planning (SISP) performed this function, which at best involved a periodic review of project selection to ensure proper strategic alignment.

IT portfolio management consists of two functions. The first is the planning of new projects and migration to new systems. The planning phase may begin with SISP, which is "the process of identifying which computer based applications that will assist an organization in executing its business plans and realizing its business goals" (Lederer and Sethi 1988). Once identified, a portfolio of projects should be chartered to satisfy gaps in strategic objectives and information needs.

The second function of IT portfolio management is the re-assessment on-going projects and systems to determine if they are still meeting their objectives within the constraints provided, budgetary or otherwise. Project management needs a comprehensive examination from the portfolio level (Kearns 2004). As the size and complexity of IT departments increase, so does the size and complexity of the projects they undertake. It takes a portfolio level analysis to determine the progress and relevance of these projects.

Portfolio management, ideally designed, incorporates a continuous process of alignment. Elements of IS Governance are used to ensure that policy, control and reporting are consistent across the IT organization (Rau 2004).

To understand better how the management of a portfolio should proceed, an assessment of risk is required. Risk is the measure of probability and magnitude of an unwanted event happening. In risk management, identification of risks helps managers prevent and/or mitigate the effects of those risks. At the portfolio level, managers need to identify what unwanted events can affect the success of the projects in that portfolio. By preventing or mitigating the effects of risks, managers increase the health of the portfolio. …