When to manage risks in IS projects: An exploratory analysis of longitudinal risk reports

Document Type

Conference Proceeding

Publication Date



Association for Information Systems


Research attributes the mixed performance of IS projects to a poor understanding of risks and thus limited capabilities to manage such risks. In line with others, we argue that the poor understanding of risks is partly due to the fact, that current research almost exclusively concentrates on which risks are important in IS projects. In contrast to this static view, we focus on the temporal aspect of project risks, i.e., we explore when risks become more or less important during a project. In doing so, we analyze an archive of risk reports of completed enterprise software projects. Project managers regularly issued the risk reports to communicate the status of the particular project. Our findings are as follows: First, risk exposure and thus the perceived importance of risk types does vary over project phases. Second, the volatility of risk exposure varies over risk types and project phases. Third, risks of various origin exhibit synchronous changes in risk exposure over time. From a research perspective, these findings substantiate the need for a temporal perspective on IS project risks. Thus, we suggest augmenting the predominant static view on project risks to help project managers in focusing their scarce resources. From a practical perspective, we highlight the benefits of regularly performing risk management throughout projects and constantly analyzing the project portfolio. In sum, we provide a first time, descriptive and exploratory view on variations in project risk assessments over time.


10. Internationale Konferenz Wirtschaftsinformatik