INTERNATIONAL JOURNAL OF
PROJECT MANAGEMENT International Journal of Project Management 23 (2005) 591–599 www.elsevier.com/locate/ijproman
Intervening conditions on the management of project risk: Dealing with uncertainty in information technology projects E. Kutsch a, M. Hall
b,*
a
b
University of Surrey, School of Management, Guildford, Surrey GU2 7XH, United Kingdom University of Bristol, Department of Management, Lewis Wing, Wills Memorial Building, Queens Road, Bristol BS8 1RJ, United Kingdom Received 18 June 2004; received in revised form 27 July 2004; accepted 10 June 2005
Abstract A review of the outcome of many information technology (IT) projects reveals that they fail to meet the pre-specified project objectives of scope, time and budget. Despite well-established project risk management processes, project managers perceive their application as ineffective to manage risk. This failure may well be attributed to the inadequate application of those risk management processes. The purpose of this research was to investigate how project managers responsible for the management of risk in IT projects actually managed risk and to relate this back to established project risk management processes. In undertaking this investigation, we were seeking to understand the ways in which the project managersÕ approaches and behaviours, when considering risk in IT projects, differed from what might be expected. Results show that because of environment-related and decision maker-related conditions, project managers tend to deny, avoid, ignore and delay dealing with risk, with the consequence of those actions having an adverse influence on their perceived effectiveness of risk management and the project outcomes. If project risk management, and its underlying processes are not to be discredited, the behaviour of project managers when confronted by uncertainty should be considered and actions need to be taken to discourage project managersÕ irrational actions. Ó 2005 Elsevier Ltd and IPMA. All rights reserved. Keywords: Risk management; Expected utility theory; Irrationality; Stakeholder behaviour
1. Introduction Projects may be considered to have failed when expected scope, cost and time targets are not met, expected benefits are not realised, or a stakeholder is dissatisfied with an aspect of the process or outcome. In particular, IT projects (the provision of a service to implement systems and solutions, including a variety of hardware and software products [1]) have a high rate of failure [2,3]. In one study, it was found that a third of all software projects were terminated before completion while more than 50% of the projects cost approximately double the estimate [2]. According to *
Corresponding author. Tel.: +44 117 954 5699. E-mail address:
[email protected] (M. Hall).
0263-7863/$30.00 Ó 2005 Elsevier Ltd and IPMA. All rights reserved. doi:10.1016/j.ijproman.2005.06.009
practitioners surveyed [2], IT project failure was most commonly attributed to lack of top management involvement, a weak business case and inadequate risk management. The highest ranked factor for project failure was risk management. The Project Management Institute [4] defined risk management in a project environment as the systematic process of identifying, analysing, and responding to uncertainty as project-related events or conditions which are not definitely known with the potential of adverse consequences on a project objective. Despite well established and accepted project risk management processes being available, including PMI 2000, Prince 2 or PRAM, project managers commonly perceive these as not effective for managing project uncertainties [2,5]. In the area of decision making under uncertainty, expected utility theory (EUT) has
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
2. Background The dominant paradigm underlying project risk processes such as defined by the Project Management Institute [4] and CCTA [9] is the expected utility theorem [10,5]. Expected utility is ‘‘a weighted average of the utilities of all the possible outcomes that could flow from a particular decision, where higher-probability outcomes count more than lower-probability outcomes in calculating the average’’ [11, p. 21]; the utility of decisionmaking choices are weighted by their probabilities and outcomes [7,12,11]. In order to understand this, one might consider the following simplified example, as displayed in Fig. 1. A project manager facing risk in a project has the choice to apply project risk management to mitigate project risk or may choose not to manage it. According to Fig. 1, four scenarios may unfold: 1. project manager proactively executes risk mitigation actions and risks materialise; 2. project manager proactively executes risk mitigation actions and risks do not materialise; 3. project manager does not proactively executes risk mitigation actions and risks materialise; 4. project manager does not proactively executes risk mitigation actions and risks do not materialise.
Expected Utility Theory Probability
No risk mitigation action G + (Q x A)
Risk materialises
O
Risk does not materialise
A
Risk materialises
G
Risk does not materialise
A+ G
-P
Risk mitigation action PxA
Utility
1
Choice
P
-Q
been the dominant normative and descriptive model. However, research has shown that conditions in project risk management deviate from the claims according to this theorem. Kahneman and Tversky [6], for example, established in their research that the procedure of ‘‘framing’’ violates the EUT model. Elsewhere (e.g. [8,9]) it was revealed that psychological factors play an important part in decision making under uncertainty but are not adequately captured by EUT. Although much work has been done to date examining the response of individuals to risk in various settings, such as in the oil industry or in education, little research has been carried out to ascertain the impact of intervening conditions on the management of risk by project managers, their impact on the project outcome and the perceived effectiveness of risk management systems and processes in the context of project management. The purpose of this research was to investigate how intervening conditions deviated from those one might presume under expected utility theory, how they influenced actions taken by project managers and how project managersÕ perceptions of the effectiveness of project risk management ultimately contribute to project success and/or failure in the delivery of IT projects. The goal was to better understand how, under conditions of uncertainty, the application of risk management techniques by project managers might be improved.
1
592
Q
Fig. 1. Expected utility theory.
The probability of avoiding risks in a project through the execution of risk response actions is P and without risk actions Q, with P larger than Q and 1 Q larger than 1 P. The utility if avoiding risks (relative to the cost of materialised risk) is A and the utility of no actions (relative to the cost of those actions) is G while A is assumed to be greater than G. The utility of scenario 1 is the worst and, therefore, set at 0. The utility of scenarios 1 and 3 depends on the cost of uncertainty materialising and adversely affecting the project outcome. In contrast, the utility of scenarios 1 and 2 depends on the cost to execute actions, the commitment of ‘‘scarce’’ project resources such as time and money. Therefore, the decision by the project manager to take actions or not depends on the utility of avoiding uncertainty (benefit) while committing resources (cost) and the relative magnitude of the objective or subjective probabilities. Expected utility has been generally accepted in risk literature as a model of rational choice for taking risky decisions [13] and is considered to be a very robust framework for decision making under conditions of uncertainty [14]. Rationality can be defined as ‘‘agreeable to reason; not absurd, preposterous, extravagant, foolish, fanciful, or the like; intelligent, sensible’’ [15]. According to EUT, rational actions of risk actors (individuals who influence and/or own the risk process) can be defined as follows [13, p. 43]:
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
rational actors can choose between different possible actions. Actions may differ in kind and scale; rational actors assign (objective or subjective) probabilities to various outcomes; rational actors can order possible actions according to their preferences; rational actors try to choose an action, which is optimal according to their preferences. An important aspect of EUT is the assumption of a state of perfect knowledge for risk actors [13]. Complete certainty implies [16, p.129]: a clear and unambiguous identification of the problem, its constituent elements and its causes; perfect information about all the relevant variables in terms of both quantity and quality; a well-developed model of the problem which incorporates all the variables likely to influence the decision outcome and a perfect understanding of the manner and scale of interaction; an exhaustive list of all possible solutions; an unambiguous statement of the objectives which is specific, quantifiable and internally consistent; perfect knowledge of the future consequences of each possible solution and their implications for the project; the availability of all the resources and sufficiency of reliability in all the structures and systems necessary for the successful implementation of the chosen solution; the presence of perfectly rational and experienced decision-makers with unlimited analytical and cognitive abilities. For the purposes of clarity, we have assumed that the project manager is the main risk actor. However, project management literature suggests that various stakeholders, which may include individuals and organisations, may be directly or indirectly involved in the process of managing risk. While recognising the involvement of these stakeholders, the focus for our research was on the project manager as the main risk actor, although the contributions of other risk actors were relevant to some aspects of the research, as will become apparent. In the context of project risk management, the preferences of project managers should only relate to the active mitigation of that risk with adverse consequences on project objectives of time, cost and quality [4,9,17]. However, although this describes how managers should make decisions when undertaking risk management, evidence shows that their actions often deviate from EUT (e.g. [18,14,19,20]. Deviation from EUT may derive from, for example [21, p. 251]: the uncertainty associated with taking any given action and whether or not negative outcomes will result;
593
cognitive and emotional overload that results from awareness of risk in many (of not most) behaviours; the complex and varied dynamics associated with performing any given behaviour.
3. Methodology While EUT describes a ÔrationalÕ approach to the understanding and management of risk, either as threat or opportunity [23] the concern of this paper was the Ôlived realityÕ of project managers involved in IT projects and how this impacted upon the orderly pursuit of a management of risk predicated on EUT. In this sense, it encompassed a decision making process that dealt with uncertainty, encompassing as it does, risk management, but also including the broader processes of decision making in risky and uncertain project environments [23]. Essentially, the concern was with behaviour and activities that interrupted (or intervened with) the process of risk management predicted by EUT. Beyond this, the concern was to develop an understanding of how and why these behaviours occurred, what their effect tended to be, and what implications these effects might hold. Research has previously been conducted into behaviour when managing risk in disciplines such as in psychology and general management [6,21,24]. However, this paper focuses upon intervening conditions and their effect on risk management in the context of IT projects. As the objective was to develop an understanding of how these conditions arose, an exploratory research approach using semi-structured interviews was adopted. This involved an iterative process of proposing and checking for patterns, both during the interviews and in subsequent analysis, in order to develop insights into behaviours and approaches adopted by IT project managers in practice. During analysis, the approach was one of seeking and evaluating similarities and differences between the cases or groups of cases, each interview representing a specific case. This entailed selecting categories, categorising each case and looking for similarities and differences both within groups and between groups. In this study, categories included the overestimation of risk compared with its underestimation; high-perceived risk as opposed to low-perceived risk; success of a project compared with failure of a project. The approach taken was to examine the findings and create categories. The literature was then revisited to establish whether the issue had previously been addressed elsewhere.
594
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
Table 1 Characteristics of the interviewees and their projects Interviewee ref.
Organisation
Position
Approx. project volume (£m)
Duration (months)
Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee Interviewee
Company Company Company Company Company Company Company Company Company Company Company Company Company Company Company Company Company Company
IT IT IT IT IT IT IT IT IT IT IT IT IT IT IT IT IT IT
15 n.a. n.a. 10 0.08 18 1 30–40 3 n.a. 10 150 1–2 40 100 1000 30 8
36 18 1 2 0.25 12 12 18 14 18 18 48 1 6 6 120 n.a. 36
1 2 3 9 4 5 6 7 10 11 12 13 14 15 16 17 18 19
A B C C D E F G H I J J J J J J J K
project manager consultant project manager project manager project manager project manager project manager project manager project manager project manager project manager project manager project manager project manager project manager project manager project manager project manager
n.a., this information was unavailable or undisclosed.
In total, 19 IT project managers and consultants were interviewed from eleven separate companies (Table 1). The interviews were semi-structured in nature, including questions such as: Why were risks overlooked? Why did risks that were expected to materialise not, in fact, materialise? Were any project risk management stages ineffective? If so, why? In selecting the sample, the aim was to acquire data from a range of IT projects, large and small, complex and less-complex. This was reflected in the sample. Another feature of the sampling approach was to achieve data saturation [25]. In this sense, we identified categories and themes arising from the interview, until no new categories emerged. The project managers either discussed projects they were currently involved with, or ones on which they had recently been working. The projects were of a wide variety of values and timescales. The interviews were each of between one and two hours duration. The interviews were then transcribed and analysed.
4. Findings In the analysis of the interviews, a fourfold typology emerged, describing behaviours and activities that project managers were either aware of, or were implied by their comments, which intervened, or interrupted the rational and orderly management of risk during IT projects. We called these Ôintervening conditionsÕ, drawing on Strauss and CorbinÕs [26, p.103] definition: ‘‘Inter-
vening conditions are the broad and general conditions bearing upon action. . . [they]. . .. either facilitate or constrain action’’. These are summarised in Table 2 and subsequently discussed in detail, drawing on indicative quotations from the interviews in order to illustrate particular points. 4.1. Denial of uncertainty The first condition that emerged related to risk as an ÔobjectÕ of ÔaweÕ; an ÔobjectÕ to be ÔfearedÕ by those involved in projects. It seemed that project managers were unwilling to expose their customers to risks because those risks might have created anxiety and doubts among the stakeholders about the competency of the service provider: ‘‘We presented ourselves in such a way that we would seem as reasonable and competent as possible. And problems and risks donÕt go down so well. We wanted to come across as people who could get the project under way and complete it. The first aim was to win the tender, no matter what the cost. . . I didnÕt want to be the doomsayer in the euphoric preliminary phase. . . Problems were kept to a minimum, simply in order to come across as a competent provider.’’ (Interviewee 5) The refusal to admit that risks existed, or their concealment, in order to avoid exposing stakeholders to an object perceived as a ‘‘dread’’ and, consequently, threat to the viability of the project, was categorised as denial of uncertainty. This can be defined as a refusal by project managers to expose other project stakeholders to negative discomforting risk related information. The underlying condition of denial was the refusal of project managers to believe in uncertainties with
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
595
Table 2 Overview of behaviours intervening in project risk management process Intervening condition
Definition
Description
Denial of uncertainty
The refusal by risk actors to reveal to other stakeholders risk related information that may hold negative or discomforting connotations
Avoidance of uncertainty
Lack of attention to risk related information due to insufficient trust or belief in the efficacy of that information
Delay of uncertainty
Failure to consider or resolve risk due to apathy, lack of interest or general approach to project management The complete lack of awareness of risk related information by stakeholders
Risk as a ‘‘taboo’’ Denial of uncertainty in order not to expose stakeholders to something perceived as negative Denial of uncertainty in order not to jeopardise long-term relationships with stakeholders Denial of uncertainty in order not to be perceived as a ‘‘doomsayer’’ Denial of uncertainty in order to present the project as being ‘‘certain’’ and ‘‘certainly’’ successful for stakeholders Distrust in risk estimates Avoidance of uncertainty because of mistrust between risk actors Avoidance of uncertainty because of conflicting confidence levels about risk estimates between stakeholders Avoidance of uncertainty because of conflicting perceptions of stakeholders about the legitimacy or ability of others to manage certain risks Different risk management preference Delay of uncertainty because of different expectations of stakeholders about how to manage risk (active or reactive) Unawareness of threats Ignorance of uncertainty because of the unwillingness to spend (more) resources on the scanning of the environment Ignorance of uncertainty because of the inability to scan and interpret the environment because of factors such as complexity and dynamics
Ignorance of uncertainty
possible adverse consequences on the project outcome, rooted in the desire not to expose themselves or other stakeholders to something that was perceived as ‘‘worrisome’’. This attitude to risk has been described as one of treating it as ÔtabooÕ. ‘‘Taboo matters are literally what people must not know or even inquire about. Taboos function as guardians of purity and safety through socially enforced sanctioned rules of (ir)relevance’’ [27, p. 8]. In another instance, ‘‘His words to me [were] ÔYouÕre the project manager, a professional project manager, you must have seen this problem happening before nowÕ. I had no choice but to say ÔYes David, I did see it happening before now, but there were very good reasons why I chose not to escalate to you about that at a different timeÕ.’’ (Interviewee 9) In this particular case, the risk was not actively managed because it was seen that in mentioning the very subject of risk, the customer would become aware of it and this awareness would jeopardise the relationship between the customer and the project management team. The relationship between the understanding of and perception of risk appeared to lead to cautiousness among project managers in developing more understanding about specific risks and their implications for their particular projects. Another interviewee elaborated on this issue:
‘‘The question is how specific you want to go. Pulling out a generic risk is fine and people can see the red flag go up but unless an absolute showstopper sat right in my arena of operations then I would not necessarily think it was my case to raise it. Informally I would say it to the project risk assessor: Ôyou need to talk to so and so because I think they have an issueÕ.’’ (Interviewee 13) In summary, it was found that, project managers responsible for the management of risk acted to reduce anxiety and consternation among customers and other stakeholders by not confronting them with uncertainties and risks; in other words, they concealed or denied the presence of risk and uncertainty. This behaviour was either purposeful (they would make a decision not to mention specific, project-related risks) or unconscious (they did not dwell on the presence of risk, thereby not having to mention it as an issue). Schneidermann [28, p. 22] hypothesised that, because of the ‘‘fear of the unknown’’ risk actors tend to be unwilling to manage risks. The finding here seemed to suggest that their unwillingness related to the temptation to give people the answers they wanted to hear; and the answer is certainty or a safe and predictable world [29]. Because risk actors may perceive risk (management) to be a gloomy and negative affair [30], they may downgrade their own perception of risk to a desired external accepted level [31] that can be engaged through risk management.
596
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
4.2. Avoidance of uncertainty The second condition effecting behaviour in project risk management derived from conflicting risk estimates. In one case, where the customer was presented with a risk estimate, he strongly objected to the risks being legitimate. The project manager said: ‘‘The client did not accept the risks, or rather the risk analysis, wherever it concerned him. So when we had a risk that required the client to play an active role, which would have meant investing money or resources, he opposed the prevention of that risk. He said it wasnÕt necessary, the project could run without it.’’ (Interviewee 1) These conflicting perceptions about the legitimacy of risk between the provider and customer can be described as avoidance of uncertainty and can lead to the danger of the risks not being effectively managed. The lack of consensus between perceptions of risk among those involved was found elsewhere to relate to the disbelief or lack of faith in the message (risk) or the source of the message (person who manages the risk) [32]; it is a question of trust. Differing perceptions of risk, influencing their treatment, arose elsewhere. In this case, the project team failed to come to an unambiguous and trustworthy estimation about risks. Hence, they chose not to manage them. ‘‘This was a problem, though it wasnÕt really possible to assess the risks. We couldnÕt come to any opinion.’’ (Interviewee 5) However, in cases where consensuses about risk estimates were found, some risks were managed and others were avoided. ‘‘We looked for risks that were easily identifiable, but didnÕt actually have serious consequences for the project. The project was not really at threat from these risks.’’ (Interviewee 1) Risks were avoided in this project, because the project manager focused on ‘‘easily’’ assessable risks in order to achieve consensus within the project team. Another interviewee noted how risks were avoided in his project: ‘‘They were internal risks. But they should not have been deleted. They should have been managed internally, not just excluded or even ignored. They did not go even in the internal risk register.’’ (Interviewee 7) In this case, the sales department and senior management perceived those risk estimates produced by the project manager as something unrealistic. Therefore, the project managerÕs risk estimates were regarded as being Ônon-legitimateÕ; that is to say they were perceived as not worth being mitigated.
Elsewhere, differences in perception of the legitimacy of risk estimates occurred along the supply chain, between subcontractors and prime contractors. In some instances, this led to those risks being left unmanaged. One interviewee explained why he thought this was the case: ‘‘[Our] partner has a much wider scope than we have. They are looking at other issues which are much more critical to them in the bigger picture and our issues although they are extremely important for us are not perceived as being important to [them].’’ (Interviewee 10) It was found that lack of trust in estimates of risk was indicative of a more general lack of trust between individuals within their own project team, with customers and with subcontractors. One project manager even suggested that the risk management process was used to deliberately deceive other parties: ‘‘A lack of trust means that some of the risk, which might have been identified by various parties on the project, would not necessarily be given much weight, even if they were raised to project management. If there is a lack of trust then risks get tainted to peopleÕs belief that there are hidden agendas behind that.’’ (Interviewee 13)
4.3. Delay of uncertainty In some instances, it was revealed that there was a tendency for the project managers to simply fail to actively manage certain risks, even where those risks were not regarded as a threat or ÔtabooÕ and where there was consensus on what constituted a risk and how it should be measured. It manifested itself as an apathy to risk management, relying instead on trouble-shooting problems if and when they arose. For example, one interviewee noticed how a project culture encouraged this approach: ‘‘In this particular environment, it was one that was used to Ôflying by the seat of its pantsÕ and managing issues and crises as they arrived rather than actually taking the time and stand back and look ahead and say ÔWhat can we do to prevent that?Õ. If their focus and culture is one of fire fighting and crisis management, the step to take pre-emptive action to prevent a risk or to reduce a risk is never going to be at the top of their personal priority list.’’ (Interviewee 14) Elsewhere, the client did not regard the management of risk to be particularly important as it felt the project manager would simply deal with any problems that arose due to their brand exposure: ‘‘My general feeling, it does come down to the brand. Fundamentally our name is on that piece of hardware which is deployed on the end customerÕs desk. They will
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
see our brand name every day so the brand name is very important and something we want to protect so from that point of view there is that association that we have internally and is very strong for us. Form the customerÕs point of view I suspect that there, they may be aware of this, they may be using that to a certain degree in that way that we will be very protective, that we will always jump in to save the situation, so there may be a certain degree of abuse going on there.’’ (Interviewee 9) Thus, the customer delayed any active risk mitigation that may have entailed costs and relied on the supplier, who was contractually obliged to react to any occurring problems. The behaviour noted in these cases can be described as delay of uncertainty by stakeholders in projects. Delay of uncertainty occurs when decision makers choose to wait until uncertainty resolves itself [33]. While this suggests a purposeful decision to Ôwait and seeÕ, the interviews illustrated that, in some cases it was not a decision to be reactive to risk but, rather something that could be characterised as ÔinattentionÕ: ‘‘The manager was a ÔtechieÕ person. He loved technology. If it had been technology driven, then I thought we would not have the issues that we had but because it was a commercial project, for him, the technology was standard and mundane. He had no interest at all in proactive risk management.’’ (Interviewee 9) Elsewhere, risk management was treated as a ÔboxtickingÕ exercise, suggesting that risk management was held in low regard as an activity. Risk management was treated as an administrative task rather than a management task: ‘‘I do not think there was a huge driver. I think this might have been a reason why the project risk assessment team might not have been really that well regarded. They were interested in finding the risk, the solutions were not really something that they were too bothered with. Their attitude was, find the risk, rate the risk but then feed that back into senior management and programme board and let them come up with a solution.’’ (Interviewee 13) and elsewhere: ‘‘It becomes an administrative process and as long people feel there is a risk register somewhere and lip service is being paid to it on a reasonably frequent basis, then they are managing risk.’’ (Interviewee 17) In summary mitigating activities in response to identified risks were delayed or deferred because reactive risk management was the preferred mode of operation or there was a lack of interest, or an inattention, in exercising active risk management. The reasons may be politically or culturally driven: project managers may not pay attention to active risk management and in other cases
597
project managers may adopt reactive risk management as their preferred risk management method. Similarly, it may concern an attitude to project management in general, which treats it in a procedural manner, this influencing responses to risk management. 4.4. Ignorance of uncertainty The fourth issue that emerged from the interviews can be labelled ignorance of uncertainty. Ignorance of uncertainty can be seen as a lack of awareness of risk-related information on the part of project managers and other stakeholders, which could include incomplete knowledge. Ritchie and Marshall [16, p. 117] noted that ‘‘large uncertainties, and even ignorance, dominate areas of risk to the extent that the very lack of knowledge is unsuspected’’. From the interviews, this phenomena appeared to be widespread, either being implied or overtly mentioned by several of the interviewees. For example: ‘‘To a very great extent, with exception of the actual business-related risks, we were able to assess all the technical risks, but were not always able to assess other, non-technical risks.’’ (Interviewee 4) ‘‘Because we did not even know about it. We did not even think about it that it would be wrong and in fact that the only reason we knew that it was there was when they started producing their invoices.’’ (Interviewee 15) Explanations for ignorance of risk are varied. A number of writers (e.g. [34,35]) suggest that this ignorance may have its cause in organisational contexts of complexity and dynamism. Freudenberg [36] related ignorance of uncertainty to the failure of risk managers to foresee interactions and interdependencies. In the context of project management, a project manager may face difficulties in forecasting how each component of a project task may influence others (complexity) and the likelihood that it will remain stable over the time (dynamism). One interview illustrates this point well: ‘‘. . . if one went wrong there is a geometric effect because another piece of software that was dependent on it was also delayed which then had a knock-on effect. We did not get down to the level of understanding of all the interactions between all those components.’’ (Interviewee 18). As the project progressed and components of the project such as the amount of IT systems in the project changed, the lack of understanding about the complexity and dynamics of the project caused a sudden disruption. Other cases illustrated that project managers sometimes also set their own constraints and boundaries influenced by their Ôcomfort zoneÕ. Margolis [37, p. 35] has argued: ‘‘experts in general learn to concentrate on what is critical in their experience with the domain at
598
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
hand and ignore anything else.’’ Thus, it would appear that ignorance of risk arises for two reasons. Firstly, project teams are unable to predict risk because of contextual conditions such as complexity and dynamics. Secondly, they are unwilling to look for risks outside their defined scope of project management skills.
ÔboringÕ was not rational in this sense. That said, from some perspectives, such actions or inactions might be considered rational. It might be rational, in some circumstance, to keep the client ÔhappyÕ rather than allow the client to become upset or nervous of risk if that means the project will proceed.
5. Conclusions
References
A series of behaviours and conditions were identified during the research that tended to lead to activity and decisions that deviated from, or intervened within, the risk management process described using expected utility theory. In pursuing risk management using the approach derived from EUT, risk managers and other project stakeholders could expect the benefits of improved certainty in the outcomes of the project with the additional benefits of improved budget setting and reductions in political and financial tension arising from surprises. However, they failed to avail themselves of these benefits because other issues became paramount – what might be called ‘‘barriers to preventative action’’ [21, p. 234]. These barriers have been called intervening conditions [26] and have been found to manifest themselves as conditions of denial, avoidance, delay and ignorance of uncertainty. In some instances, they were purposeful: the result of commercial positioning or a lack of interest in certain risky aspects of projects. In other instances, they were unconscious behaviours rooted in approaches driven by culture: a fear of revealing bad news or a tendency to tick boxes and follow procedures. Freudenberg [36, p. 249] argued:
[1] Howard J. Computer services: 2001 Market Report, Key Note Ltd.; 2001. [2] Whittaker B. What went wrong? Unsuccessful information technology projects. Inform Manage Comp Secur 1999;7(1):23–9. [3] McGrew JF, Bilotta JG. The effectiveness of risk management: measuring what didnÕt happen. Manage Decis 2000;38(4):293–300. [4] Project Management Institute. PMI 2000: a guide to the project management body of knowledge. Pennsylvania: Project Management Institute; 2000. [5] Pender S. Managing incomplete knowledge: why risk management is not sufficient? Int J Project Manage 2001;19:79–87. [6] Kahneman D, Tversky A. Prospect theory: an analysis of decision under risk. Econometrica 1979;47(2):263–91. [7] Sitkin SB, Weingart LR. Determinants of risky decision-making behaviour: A test of the mediating role of risk perceptions and propensity. Acad Manage J 1995;38(6):1573–92. [8] Pablo AL. Reconciling predictions of decision making under risk. J Manage Psychol 1997;12(1):4–20. [9] CCTA. An introduction to managing project risk. Norwich: CCTA – The Government Centre for Information Systems; 1995. [10] Ekenberg L, Boman M, Linnerooth-Bayer J. General risk constraints. J Risk Res 2001;4(1):31–47. [11] Borge D. The book of risk. New York: Wiley; 2001. [12] Arrow KJ. Behaviour under uncertainty and its implications for policy. Foundations of utility and risk theory with applications. In: Stigum BP, Wenstop F, editors. Dordrecht: D Reidel Publishing Company; 1983. p. 19–32. [13] Jaeger CC, Renn O, Rosa EA, Wehler T. Risk, certainty, and rational action. London: Earthscan; 2001. [14] Einhorn HJ, Hogarth RM. Decision making under ambiguity. J Bus 1986;59(4):225–50. [15] Simon H. Rationality as process and as product of thought. Am Econ Assoc 1978;68(2):1–16. [16] Ritchie B, Marshall D. Business risk management. London: Chapman & Hall; 1993. [17] BSI. Project management – Part 3: guide to the management of business related project risk. London: British Standards Institution; 2000. [18] Cooke S, Slack N. Making management decisions. Hemel Hempstead: Prentice-Hall International; 1984. [19] Bourgeois LJ, Eisenhardt KM. Strategic decision processes in high velocity environments: four cases in the microcomputer industry. Manage Sci 1988;34(7):816–34. [20] Neumann PJ, Politser PE. Risk and optimality. In: Yates FJ, editor. Risk-taking behaviour. West Sussex: Wiley; 1992. p. 27–47. [21] Adler NE, Kegeles SM, Genevro JL. Risk taking and health. In: Yates FJ, editor. Risk-taking behaviour. West Sussex: Wiley; 1992. p. 231–55. [23] Ward S, Chapman C. Transforming project risk management into project uncertainty management. Int J Project Manage 2003;21:97–105. [24] Holt R. Risk management: The talking cure. Organization 2004;11(2):251–70.
‘‘Instead, the problem is that a variety of factors that are far more subtle – unseen, unfelt, and yet unfortunate in their consequences – exert an influence that could scarcely be more disturbing even if they were based on deliberate malice.’’ As can be seen from the indicative quotations from the interviews, in many cases the project managers were aware of the conditions (although they lacked a typology with which to describe them). They were also aware of the negative consequences for the projects they were trying to deliver. In some instances, the intervening conditions were beyond the control of the project managers interviewed; they were initiated by a supplier or the customer. In other instances, the interviewees were aware that the condition was the consequence of their own behaviour. They understood how risk management should operate, even where they were unaware of EUT as a theory of action. They were aware that ÔrationalÕ decision making, in the sense that rationality is understood in EUT, was required and that concealing information or ignoring risks that were ÔuncomfortableÕ or
E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599 [25] Bryman A, Bell E. Business research methods. Oxford: Oxford University Press; 2003. [26] Strauss A, Corbin J. Basics of qualitative research. London: Sage; 1990. [27] Smithson M. Ignorance and uncertainty. New York: Springer; 1989. [28] Schneiderman MA. The uncertain risks we run: hazardous materials. In: Schwing RC, Albers WA, editors. Societal risk assessment. New York: Plenum Press; 1980. p. 19–37. [29] Fischhoff B, Lichtenstein S, Slovic P, Derby SL, Keeney RL. Acceptable risk. Cambridge: Cambridge University Press; 1981. [30] Raftery J. Risk analysis in project management. London: Chapman & Hall; 1994. [31] Machlis GE, Rosa EA. Desired risk: broadening the social amplification of risk framework. Risk Anal 1990;10(1):161–8.
599
[32] Poortinga W, Pidgeon NF. Exploring the dimensionality of trust in risk regulation. Risk Anal 2003;23(5):961–72. [33] Bobbitt HR, Ford JD. Decision-maker choice as a determinant of organizational structure. Acad Manage Rev 1980;5(1):13–23. [34] Palmer TB, Wiseman RM. Decoupling risk taking from income stream uncertainty: A holistic model of risk. Strat Manage J 1999;20:1037–62. [35] Jaafari A. Management of risks, uncertainties and opportunities on projects: time for a fundamental shift. Int J Project Manage 2001;19:89–101. [36] Freudenberg WR. Heuristics, biases, and the not-so-general public: Expertise and error in the assessment of risk. In: Krimsky S, Golding D, editors. Social theories of risk. Westport: Praeger Publishers; 1992. p. 229–49. [37] Margolis H. Dealing with risk. London: The University of Chicago Press; 2003.