Software Project Management (CI6113)
Title: Reviewing the Past Research Papers on Risk Management
Risk Management is nowadays the important research topic in the many critical business areas and industrial areas. Project teams do not achieve their projects goals of reducing cost and gaining much profit without assessing risks and managing risks. This term paper analyzes research papers done by many researches in the field of the Risk Management within 2000 and 2007 and describes the results of the analysis of those research papers. Our goal of this paper is to inference and to justify the trend of the Risk management in research areas and business areas. There are many topics in the Risk Management such as Risk Analysis, Risk Assessment, Risk Control and others. This paper’s analysis path is starting from the project risk identification and end with the risk control topic. This paper provides the results what the gaps between researches are. Furthermore, this paper learns briefly what the problems and trends before year 2000 are.
This paper examines the results of the past research papers published from 2000 through 2007. We focus on Risk Management and their related topics. In addition, we also examine the trends of the Risk Management within this period. We analyze which topic had been researched most in a particular year and which methods were used in that year. This paper learns publications issued by year by year and group them in each year. In addition, we analyze the topics which are relating to the specified topic. We found trends of the research in a year while we were learning them. According to the past results came from publications, we can make sense of mind for future of the Risk Management. This paper examines the situation which can become in future according to the study.
Many project managers and strategic management are concerning about risks in long term strategic basic. So, we need to learn the risks. Risk is the uncertainty in the life cycle of the project. In 2003, Webster’s New Explorer College Dictionary defines the risk as “the possibility of danger and sufferance of harm or injury”. Risk cannot be seen without any emphasize upon it. In addition, risks can also give hopes to the successful project. So, if risks which cannot be seen before could be found and assessed then the proposed project will be successful. But risks found and assessed can never be avoided. It can be reduced by using the some techniques or adjustments. Some risks can be ignored without any executing. Risk may terrify to some persons related to the project because if it could not be uncovered, the team may incompetent in managing the project.
According to the problems, risk management was critical issue of the project management. Researchers were doing researches to reduce and manage the risks which can be encountered in a project. People in the business areas were also finding the ways how to ignore the encountered risks. Some are finding how to control the risks. In addition, they were finding what risks can violate the project management unless they did not control the risks encountered. A risk which encounters in a year is not the same as the problem in another year.
Because of the nature of project which depends on the World’s business. As changing the nature of the business, the nature of the risks is becoming change. Furthermore, research area is also changing according to the nature of the risk. So, the research trend for a year may not same as the trend of another year. To learn the research trend turmoil, we need to learn publications issued from 2000 through 2007. The next section will explain the importance of our paper.
Situation of the paper
There are many researches for the project management. Past research (Timothy & Warrren, 2002) had done a research for the whole project management. It covered research published in English from 1960 through 1999. This paper covered within the period of 2000 and 2007 learned the topics of the risk management. We separated the research areas according to the Project Management Body of Knowledge (PMBOK). These are Risk Identification and Assessment, Risk Qualification, Risk Response Development and Risk Control.
Objectives of the paper
The objective of this paper is to learn the trend of the Risk Management in past research publication. We restricted the period to be learned for each topic. This paper is intended to learn that how the risks emerged during the project time, is handled using which tools and methods. This paper intended to find the gaps between researches in each year and whole period of year 2000 and 2007.
The paper learned only risk management out of topics of project management for the period. So, the other topics can be learned like our paper. These are Communication, Cost, Procurement, Human Resource, Outsourcing, Integration, Quality, Scope and Time Management.
In this era, many companies conduct a great portion of their jobs in project form. Traditionally projects were mainly found in the construction industry and sections of the military, but the competitiveness of the markets of today with fast-changing technology encourages almost all companies to adopt project management (Burke 2003).
Project management is the application of knowledge, skill, tools and techniques to project activities to meet project requirement. Project management is accomplished through the use of the processes such as: initiating, planning, executing, controlling, and closing (PMBOK guide 2000).
Because of global economical pressures, turbulence in the corporate environment and market forces leading to the increasing demands and tougher competition projects have to be implemented at lesser time, cost and with better functionalities. This causes growing demands on the management’s ability to forecast and react to unforeseeable events- risks.
Risk is an abstract concept whose measurement is very difficult (Raftery, 1994). The Oxford Advanced Learner’s Dictionary – 5th Edition defines risk as “The possibility or chance of meeting danger, suffering loss or injury”. The British Standard BS 4778 defines risk as “A combination of the probability, or frequency, of occurrence of a defined hazard and the magnitude of the consequences of the occurrence”. Risk may be expressed in a mathematical form as follows:
Risk = (Probability of the occurrence of a defined event) x (Consequences of the occurrence of that event)
Therefore, risk management is nowadays a critical factor to successful project management.
Overview of Risk Management
Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives. (Schwalbe, 2006)
Risk management has been practiced informally by everyone, with or without conscious of it, since the dawn of time. Modern risk management, which had become a widely accepted management function during the period from 1955-1964 (Snider, 1991) has its roots in insurance to which it has been closely aligned for more than three centuries (Ibid). The story of risk management has not all been positive and supports the argument that it is currently ineffective at managing surprise. In the 1960’s project management was under heavy criticism for project failures due to technical uncertainty, contact strategy, community opposition and project environmental impacts (Morris, 1997). A project manager may still today argue that the last two are external project factors and outside the immediate project environment under their control (Ibid) and it may be often assumed that these will be passed up the line to higher management levels (Chapman & Ward, 1997).
The main objectives of risk management include (Yee et al., 2001):
- To enable decision-making to be more systematic and less subjective.
- To provide an improved understanding of the risks facing a project by identifying risks and response scenarios.
- To assist in deciding which risks require urgent attention and which can be addressed later.
- To force management to realize that there are many possible outcomes for a project, and appropriate measures should be planned for any adverse consequences.
Flanagan and Norman (1993) proposed a risk management framework as shown in Fig.3.1 which depicts the elements of the risk management system – risk identification, risk classification, risk analysis, risk attitude and risk response.
Figure 2.1 Risk management Framework (Source: Flanagan & Norman, 1993)
According to (PMBOK, PMI 2000) and (Schwalbe 2006), Project Risk Management has following processes
- Risk Management Planning
- Risk Identification
- Qualitative Risk Analysis
- Quantitative Risk Analysis
- Risk Response Planning
- Risk Monitoring and Control
The following Fig.3.2 depicts how risk management processes involved in each of the project management process
|Risk Identification||Risk Identification||Risk Response Control|
|Risk Response Development|
Fig 2.2 Risk Management Processes in each Project Management Process (Source: Dan Brandon, 2006)
Risk management will not eradicate all the risks. It will enable decision to be made explicitly which will reduce the potential effect of certain risks. It will also assist in rational, defensible decisions regarding the allocation of risk among the parties to the project.
Risk analysis is not a substitute for professional judgments and experience. On the other hand, it helps professionals to make use of the full extent of their experience and knowledge by liberating them from the necessity of making simplifying assumptions in order to produce deterministic plans and forecasts. Risk analysis is supplement to, not a substitute for professional judgments.
Recent Approaches to Risk Management
Project risk management is a topic of major current interest. It is being actively addressed by many government agencies and most of the professional project management associations around the world, and many relevant standards are extant or being developed. Some examples from the many approaches in use include: (Cooper D., Grey S., Raymond G., Walker P., 2005)
- • Project Management Institute (PMI), USA (2003), Project Management Body of Knowledge, Chapter 11 on risk management;
- • Association for Project Management, UK (1997), PRAM Guide;
- • AS/NZS 4360 (2004), Risk Management, Standards Association of Australia;
- • IEC 62198 (2001), Project Risk Management—Application Guidelines;
- • Office of Government Commerce (OGC), UK (2002), Management of Risk; and
- • Treasury Board of Canada (2001), Integrated Risk Management Framework
We fill the research gap in risk management field from year 2000 to 2007.
We conduct a quantitative bibliographic study on pass papers published from year 2000 to 2007. We collected papers and journals from electronic databases– ACM, IEEE and ProQuest. Our objective of this paper is to find the current research trend on Risk Management by analyzing and categorizing those research papers.
Project Risk Management Research
It is the process of finding what current researchers are emphasizing in. It includes defining the current works on project management, particularly on Risk Management articles and papers. Then make generalized conclusion based on collected and analyzed works. This conclusion or judgment is made based on project risk management processes– risk management planning, risk identification, qualitative risk analysis, quantitative risk analysis, risk response planning, risk monitoring and control (PMBOK 2000, Schwalbe 2006).
Sources of data
We collected articles and papers published in years 2000 to 2007 from these databases which are known to be rich information about project management.
ACM Digital Library
ACM digital library includes magazines, journals, transactions, publications by affiliated Organizations, SIG news letters, Conference Proceeding Series. ACM digital library provides service for individual, universities, libraries and corporations.
We find that risk management is one of the research fields in many businesses and industries. ACM includes diversity of business and industrial processes which enables us to inference the future trend in different fields.
To support our conclusion and get strong analytical results, we also collect articles and papers from IEEE explore which has more technical articles and papers than ACM digital library. It includes 1,682,970 online documents to be referenced.
Another supporting database which we extracted articles and papers is ProQuest. That includes ABI/INFORM databases, dissertation and theses, etc. Data analysis from that database will be icy on our research cake
Data selection from the databases
We conduct full text search in above databases using author, title, keywords based on year. Then tasks are separated among us based on years and combined later. Papers and articles are found based on the following criteria: Keywords: Risk Management, Risk Identification, Risk Analysis, Risk Transfer, Risk Control, Risk Response
Years: 2000 to 2007
Output format and research data representation
Output format will be as the following:
|Researchers||Title||Database||Risk Category||Year||Business Category||Sub Category||Method|
The papers and articles are attached in the appendix B.
We classified each paper into specific risk management processes (PMBOK 2000, Schwalbe 2006). We also analyzed which business category that each paper falls into and which specific method do they use in conducting the specified risk management Process.
To get the consistent taxonomy in risk management, we identified the papers and articles into the categories guided by (PMBOK 2000, Schwalbe 2006). They are:
Risk Management Planning: This is how businesses and industries plan and handle for risk.
Risk Identification: This is how businesses and industries emphasize on identification of risk throughout their organizational processes.
Risk Analysis: This involves how organizations conduct quantitative and qualitative risk analysis based on sampling and probability/impact matrixes.
Risk Response Planning: This shows how organizations develop risk response strategies like how to avoid, how to have tolerance, how to mitigate risk, how to transfer risk etc.
Risk Monitoring and Control: This involves how organizations monitor the identified risks, new risks through out the execution of the projects.
Business and industrial categories are identified as follow:
- Information Technology
- Internet Business
- Information Security
- Software development
- Organizational Process
- Pure General Research
We also found that information technology risk management plays a great role in modern businesses and industries because of wider usage of internet and web technologies.
Our analyzed data will be represented in pie chart, bar chart and line chart by comparing different categories, different risk manage processes, different years etc.
Data Collection and Analysis
We used digital databases web site – ACM, IEEE and ProQuest for scholar paper and articles and the existing search engines – google and yahoo. But we are not unable to get some papers from the search engines. So, we used these to get only information which papers are located in which databases. Using information returned from the search engines, we search the desired papers in the databases. The following chart, Fig 1 shows the state of the materials found in the three sources – ACM, IEEE and ProQuest.
Figure 1 Distribution of papers
There are 113 papers found in those databases. We summarized the papers found in the three sources. We categorized by the papers by using PMBOK guide. We provided the Risk Analysis, Risk Assessment, Risk Control, Risk Response and Risk Identification. The following diagrams show the results.
We learned that ACM database has more papers related to the risk management as in Fig 2. Other two databases have papers. But some papers are general for risk management. So, we discarded the papers and then we collected the more specified papers which are related to the above titles. We prepared the results with some charts as shown in below figures.
Figure 2 Research papers found in ACM database by category
Figure 3 Research papers found in IEEE database by category
Figure 4 Research papers found in ProQuest database by category
The above figures, Fig 2, Fig 3, Fig 4 show that the papers found in the ACM, IEEE, ProQuest database are shown by categories. Risk analysis is mostly conducted by majority of researchers. It was conducted mostly in year 2005 and 2006. Risk assessment and risk response research areas are fewer than other risk management process areas. Research for risk response is very rare, not fairly distributed and found in certain year.
The trends of the risk analysis for the year 2000-2007 are shown in graph, Fig 5. We learned that IT project management was highest in recent 7 years.
Figure 5 Trends in different business and industries within year 2000-2007
- Information Technology
We learned that there are varieties of IT projects. We categorized it as follow.
- Software Development
- Information Security
- Internet Business
When we categorized these topics, we found that some fields are ambiguous to group them. Some fields are software performance testing and fields emerged after the development phase. We grouped these fields were in the Software Development part. We grouped Networking security and other Internet security fields into the Information Security part. We formed a group for the Internet Banking as a E-Banking. In the Disaster group, we put the some disasters in the Disaster parts.
These disasters sometime can be seen when processing some tasks in IT such as software error, hardware crash, and wrong information usages. We collected the potential security risks and group them into the Information Security group. Internet Business can be confused with E-Commerce and E-Banking. We intended the Internet Business to group the fields of the some businesses which are using Internet and make transactions via internet such as Online Registration.
We found that Software Development risk analysis is most famous. In 2006, Software Development trend is the more than year 2005 and 2007. But year 2007 is not ended. So we can’t make any decision for that year.
Figure 6 Risk management processes in different information technology fields
Internet Business is the second thing to be learned. But Information security is down in 2006. Internet Business is coming up.
Construction group has the fields of which are architectural fields and construction works. We learned that in 2000 and 2001, there are some interests upon that field. In 2001, the construction field can be seen as a hottest field.
We grouped the some fields in to Education group that fields are Education fields, learning methods in Education. The research related with the Education can be seen in the year 2004 only.
Finance group is wide. We formed the Finance group for some fields that are Cost Estimation, Accounting, Management Accounting and Banking. The finance is most famous in 2004. In the subsequence year, trend for the finance is running down to bottom.
We collected the data for the healthcare. But it is difficult to collect for the healthcare. We learned that in 2005, healthcare was appropriate level. But later, we cannot see it until 2007.
In 2002 and 2005, marketing was in regular level. In 2003 and 2006, it was high up to 2. So, we learned that marketing was the regular level.
In the organization group, we combine the Oil Field, NASA, and some other organization-oriented fields. There are some researches for the organization in every year. There are some researches in the organization group within 2002 and 2006.
Terrorism was the new emerging fields after 9/11 problem. But later, we were not available for that field later years. This group is an exception for the risk management. But it is one thing to be considered later.
Maritime was the individual fields. We did not combine any fields to that group. This category can be seen in only 2001.
Insurance is the same as the Maritime. We learned that that group is only one field. We learned that the field was in the 2004 and 2005. But Insurance can become an interesting topic in future.
In General group, we combine other fields such as some theory approves and lecture views.
Before conclusion section, we intended to present the findings as summary of data collection and analysis. Risk management is the sub-set of Project management. In academic field, risk management researches are becoming increasingly. According to our analysis, risk management researches related to Information Technology are highest topic of the research filed. But one of our exceptional cases is that we need to learn many research papers from many databases. We studied only three databases and 113 research papers. If we learned more papers, we can get more perfect result. In this paper, we categorized only 11 fields. It is general for the risk management. To get the better result, we also need to categorize the exact fields out of many fields. We can also categorize the risk management fields more according to the PMBOK guide.
Conclusion and recommendation
Business organization and industries suffer from lost and harm because of poor handling in risk management. They have been enduring the agonizing outcomes of failure in the form of unusual delays in project completion, with cost surpassing the budgeted cost and sometimes failed to meet quality standards and functional requirements. Competition among rivals makes the companies to deliver projects in less time and cost with better functionality.
Risk management is a predefined and structured approach for identifying and analyzing potential risks associated with a project so that effective risk treatment can be done at the lowest cost. It is not impossible to eliminate all risk and costly to overdo risk management, but it is also unwise to think of eliminating risk. There will be, sometimes, positive risks those will lead to profit if properly analyzed and identified.
Our term paper provides an analysis on papers and articles and conduct bibliographic study by particular risk management process and business category. Risk management researches are mostly done in mission critical environments and risky projects. As internet booms, information security and e-business issues are associated with a lot of risks. We found that majority of research papers are related to information technology in last decade. Risk in credit portfolio management, supply chain, pricing and insurance fields are also researched as they are related to financial lost and harm.
Though risk management can offer significant benefits to a project in order to reduce nasty surprises and identify and act upon opportunities, it is, however, not a ‘panacea’ for the problems and surprises which befall many projects and should not be seen as the ‘silver bullet of project management’ (Pavyer, 2004) as Murphy’s Law is the governing law of project management: if something can go wrong, will go wrong.
As we collected from three databases, mainly from ACM, our result can be a little affected by other finding and papers. Results will be slightly different as we go though several databases. Even thought we titled to 2007, we believe that other findings and papers will come out during this year. But based on our analysis, some inferences and emerging trends can be seen.
As people and management are aware of the importance of risk management processes, it would be more affective and appropriate to put more emphasis on formal and or informal education and training to further enhance their awareness of risk management. Formal education could be graduate studies in financial project management, software project management and construction project management etc. Informal education and training could be in the form of career development programs or workshops within organization or organized by academic institutions or professional seminars.
Each organization should have own risk management plan, risk response plan, and human risk factors plan. Risk management team should be formed according to project manager’s guidelines and organizational goals. Project manager must aware of current risk management trends and technological trends for long term strategic planning. Researchers on risk management should cooperate and conduct on research areas which have been done less like autonomous agent systems, spacecraft systems, information security management.
Appendix A. Reference
Burke, R. (2003). “Product Management.” Biddles Ltd, Guildford.
Brandon, D. (2006) “Project Management for Modern Information Systems” IRM Press
Cooper D., Grey S., Raymond G., Walker P., (2005) Managing Risk in Large Projects and Complex Procurements.
Chapman, R. J., and Ward, S. (1997). “Project Risk Management Processes, Techniques and Insights” John Wiley & Sons, Chichester, UK.
Flanagan, R., and Norman, G. (1993). Risk Management and Construction, Blackwell, Oxford, UK.
Pavyer, E. (2004). “Evaluating Project Risk.” Strategic Risk Management, Auguest 2004, 24-25
Project management institute (2000). “A Gide to Project Management Body of Knowledge” Project management institute, 6
Raftery, J. (1994). Risk Analysis in Project Management, E & FN SPON, London, UK.
Snider, H. W. (1991). “Risk Management: A Retrospective View.” Risk Management April, 47-54
Schwalbe, K. (2006). “Information Technology Project Management.” Thomson Course Technology, 425
Yee, C. W., Chan, P., and Hu, G. (2001). Construction Insurance and Risk Management- A Practical Guide for Construction Professionals, The Singapore Contractors Association Ltd., Singapore.
- Appendix B. List of papers
|Researchers||Title||Database||Risk Category||Year||Business Category||Sub Category|
|Steven L. Cornford, Martin S. Feather,John C. Kelly, Timothy W. Larson, Burton Sigal,James D. Kiper||Design and Development Assessment||ACM||Risk Assessment||2000||IT|
|Mary Sumner||Enterprise Wide Information Management Systems Projects||ACM||Risk Identification||2000||IT|
|Norman Fenton & Martin Nell||Software Metrics: Roadmap||ACM||Risk Assessment||2000||IT|
|Osamu Mizuno, Tohru Kikuno,Yasunari Takagi, Keishi Sakamoto||Characterization of Risky Projects based on Project Managers’ Evaluation||ACM||Risk Identification||2000||IT|
|Jahyun Goo,Rajiv Kishore, H.Raghav Rao||A CONTENT-ANALYTIC LONGITUDINAL STUDY OF THE DRIVERS FOR INFORMATION TECHNOLOGY AND SYSTEMS OUTSOURCING||ACM||Risk Response||2000||IT|
|Paul Glasserman,Philip Heidelberger||VARIANCE REDUCTION TECHNIQUES FOR VALUE-AT-RISK WITH HEAVY-TAILED RISK FACTORS||ACM||Risk Analysis||2000||Finance|
|Mukul Gupta,Alok R. Chaturvedi,Shailendra Mehta, Lorenzo Valeri||THE EXPERIMENTAL ANALYSIS OF INFORMATION SECURITY MANAGEMENT ISSUES FOR ONLINE FINANCIAL SERVICES||ACM||Risk Response||2000||Finance||Banking|
|Dennis M Thompson.||Transferability of knowledge-based cost engineering skills and techniques||PROQUEST||Risk Assessment||2000||General|
|Allan D Chasey, Ann M Schexnayder.||Constructability: The key to reducing investment risk||PROQUEST||Risk Assessment||2000||Construction|
|Lorenzo Valeri, Ellen McDermott, Dan Geer||Information Security is Information Risk Management||ACM||Risk Analysis||2001||IT|
|STEVE GODDARD, SHERRI K. HARMS, STEPHEN E. REICHENBACH, TSEGAYE TADESSE, AND WILLIAM J. WALTMAN||GEOSPATIAL DECISION SUPPORT FOR DROUGHT RISK MANAGEMENT||ACM||2002||IT||Disaster|
|William Lewis, Jr., Richard T. Watson, and Ann Pickren||An Empirical Assessment of IT Disaster Risk||ACM||Risk Assessment||2003||IT||Disaster|
|Merrick, van Dorp, Mazzuchi, and Harrald||MODELING RISK IN THE DYNAMIC ENVIRONMENT OF MARITIME TRANSPORTATION||ACM||Risk Analysis||2001||Maritime|
|Brenda McCabe, Donald Ford||USING BELIEF NETWORKS TO ASSESS RISK||ACM||Risk Analysis||2001||construction|
|Deepak Bajaj.||Corporate risk assessment in the construction industry: An Australian perspective||PROQUEST||Risk Assessment||2001||Construction|
|Talal Abi-Karam||Manageing risk in design-build||PROQUEST||Risk Analysis||2001||Construction|
|Deepak Bajaj.||Risk response and contingency strategies among contractors in Sydney, Australia||PROQUEST||Risk Analysis||2001||Construction|
|Huaiqing Wang, John Mylopoulos, and Stephen Liao||INTELLIGENT AGENTS and Financial Risk Monitoring Systems||ACM||Risk Monitor||2002||Finance|
|Jeremy Staum||SIMULATION IN FINANCIAL ENGINEERING||ACM||Risk Analysis||2002||Finance|
|Mehdi Aboulfadl,Ritesh Pradhan||A SPOT PRICING FRAMEWORK TO ENABLE PRICING AND RISK MANAGEMENT OF INTER-DOMAIN ASSURED BANDWIDTH SERVICES||ACM||Risk Analysis||2002||Finance|
|Eduardo Saliby, Flavio Pacheco||AN EMPIRICAL EVALUATION OF SAMPLING METHODS IN RISK ANALYSIS SIMULATION: QUASI-MONTE CARLO, DESCRIPTIVE SAMPLING, AND LATIN HYPERCUBE SAMPLING||ACM||Risk Analysis||2002||Finance|
|Syed A. Saleem||Ethical Hacking as a risk management technique||ACM||Risk Analysis||2006||IT||Disaster|
|Ioannis V. Koskosas,Ray J. Paul||The Interrelationship and Effect of Culture and Risk Communication in Setting Internet Banking Security Goals||ACM||Risk Assessment||2004||IT||E-Banking|
|Mitsuaki Nakasumi, Faculty of Economics||Credit Risk Management System on e-Commerce: Case Based Reasoning approach||ACM||2003||IT||E-Commernce|
|Masamitsu Moriyama, Kentaro Takemoto, Takio Shimosakon||Risk Management for Electronic Commerce between Japan and China||ACM||Risk Control||2004||IT||E-Commernce|
|Yanping WANG,Feng ZHAO||Electronic Commerce Project Character and Risk Factor Analyses||ACM||Risk Identification||2005||IT||E-Commernce|
|KESHNEE PADAYACHEE||An Interpretive Study of Software Risk Management Perspectives||ACM||Risk Analysis||2002||IT|
|Peggy Fung, Lam-for Kwok, Dennis Longley||Electronic Information Security Documentation||ACM||Risk Assessment||2002||IT||Information Security|
|Peggy Fung, Lam-for Kwok, Dennis Longley||Electronic Information Security Documentation||ACM||Risk Analysis||2002||IT||Information Security|
|Athanassios N. Avramidis||IMPORTANCE SAMPLING FOR MULTIMODAL FUNCTIONS AND APPLICATION TO PRICING EXOTIC OPTIONS||ACM||Risk Analysis||2002||Marketing|
|Carlos Magno C. Jacinto||DISCRETE EVENT SIMULATION FOR THE RISK OF DEVELOPMENT OF AN OIL FIELD||ACM||Risk Analysis||2002||Organization||Oil Field|
|Alan Weatherall, Frank Hailstones||Risk Identification and Analysis using a Group Support System (GSS).||IEEE||Risk Identification||2002||Organization|
|Alan Weatherall, Frank Hailstones||Risk Identification and Analysis using a Group Support System (GSS).||IEEE||Risk Analysis||2002||Organization|
|Mick Bauer||Practical Threat Analysis and Risk Management||ACM||Risk Analysis||2002|
|Paul Glasserman,Jingyi Li||IMPORTANCE SAMPLING FOR A MIXED POISSON MODEL OF PORTFOLIO CREDIT RISK||ACM||Risk Analysis||2003||Finance|
|Zhi Huang,Perwez Shahabuddin||RARE-EVENT, HEAVY-TAILED SIMULATIONS USING HAZARD FUNCTION TRANSFORMATIONS, WITH APPLICATIONS TO VALUE-AT-RISK||ACM||Risk Analysis||2003||Finance|
|Jeremy Staum, Samuel Ehrlichman, Vadim Lesnevski||WORK REDUCTION IN FINANCIAL SIMULATIONS||ACM||Risk Analysis||2003||Finance|
|William J. Morokoff||SIMULATION METHODS FOR RISK ANALYSIS OF COLLATERALIZED DEBT OBLIGATIONS||ACM||Risk Analysis||2003||Finance|
|Michele Amico,Zbigniew J. Pasek, Farshid Asl, Giovanni Perrone||A NEW METHODOLOGY TO EVALUATE THE REAL OPTIONS OF AN INVESTMENT USING BINOMIAL TREES AND MONTE CARLO SIMULATION||ACM||Risk Analysis||2003||Finance|
|John M. Mulvey,Hafize G. Erkan||RISK MANAGEMENT OF A P/C INSURANCE COMPANY, SCENARIO GENERATION, SIMULATION AND OPTIMIZATION||ACM||Risk Analysis||2003||Finance|
|ELMARIE BIERMAN,ELSABE CLOETE||Classification of Malicious Host Threats in Mobile Agent Computing||ACM||Risk Identification||2002||IT||Information Security|
|Mohamed Hamdi, Noureddine Boudriga||Algebraic Specification of Network Security Risk Management||ACM||Risk Analysis||2003||IT||Information Security|
|Lawrence A. Gordon, Martin P. Loeb, and Tashfeen Sohail||A Framework for Using Insurance For Cyber-Risk Management||ACM||Risk Analysis||2003||IT||Information Security|
|Scott Flinn,Steve Stoyles||Omnivore: Risk Management through Bidirectional Transparency||ACM||Risk Analysis||2004||IT||Information Security|
|ANITA VORSTER AND LES LABUSCHAGNE||ANITA VORSTER AND LES LABUSCHAGNE||ACM||Risk Analysis||2005||IT||Information Security|
|Janine L. Spears||The Effects of User Participation in Identifying Information Security Risk in Business Processes||ACM||Risk Analysis||2006||IT||Information Security|
|Vital Roy,Benoit A. Aubert||A Resource-Based Analysis of IT Sourcing||ACM||Risk Response||2002||IT||Internet Business|
|Jeremy Staum||EFFICIENT SIMULATIONS FOR OPTION PRICING||ACM||Risk Analysis||2003||Marketing|
|Tarja Joro, Paul Na||A SIMULATION-BASED CREDIT DEFAULT SWAP PRICING APPROACH UNDER JUMP-DIFFUSION||ACM||Risk Analysis||2003||Marketing|
|Azadeh Davoodi and Ankur Srivastava||Voltage Scheduling Under Unpredictabilities: A Risk Management Paradigm||ACM||Risk Control||2003||Organization|
|Melissa J. Dark||Assessing Student Performance Outcomes in an Information Security Risk Assessment, Service Learning Course||ACM||Risk Identification||2004||Education|
|Vadim Lesnevski,Barry L. Nelson,Jeremy Staum||SIMULATION OF COHERENT RISK MEASURES||ACM||Risk Analysis||2004||Finance|
|Mark Broadie,Özgür Kaya||EXACT SIMULATION OF OPTION GREEKS UNDER STOCHASTIC VOLATILITY AND JUMP DIFFUSION MODELS||ACM||Risk Analysis||2004||Finance|
|Zhi Huang, Perwez Shahabuddin||A UNIFIED APPROACH FOR FINITE-DIMENSIONAL, RARE-EVENT MONTE CARLO SIMULATION||ACM||Risk Analysis||2004||Finance|
|William J. Morokoff||TUTORIAL ON PORTFOLIO CREDIT RISK MANAGEMENT||ACM||Risk Analysis||2004||Finance|
|Menghui Cao, William J. Morokoff||PORTFOLIO CREDIT RISK ANALYSIS INVOLVING CDO TRANCHES||ACM||Risk Analysis||2004||Finance|
|Tarja Joro, Anne R. Niu, Paul Na||A SIMULATION-BASED FIRST-TO-DEFAULT (FTD) CREDIT DEFAULT SWAP (CDS) PRICING APPROACH UNDER JUMP-DIFFUSION||ACM||Risk Analysis||2004||Finance|
|William J. Morokoff||AN IMPORTANCE SAMPLING METHOD FOR PORTFOLIOS OF CREDIT RISKY ASSETS||ACM||Risk Analysis||2004||Finance|
|Yasuhiko Kitamura,Takuya Murao||Risk Management Methods for Speculative Actions||ACM||Risk Analysis||2004||General|
|Graham Lord||FADS AND FALLACIES IN ASSET LIABILITY MANAGEMENT FOR LIFE INSURANCE||ACM||Risk Analysis||2004||Insurance|
|Xiaoxia Jia ', Xizhao Zhou||The Risk Identification and Monitoring of Electronic Business||IEEE||Risk Identification||2005||IT||Internet Business|
|Xiaoxia Jia ', Xizhao Zhou||The Risk Identification and Monitoring of Electronic Business||IEEE||Risk Monitoring||2005||IT||Internet Business|
|Bernd Freimut, Susanne Hartkopf, Peter Kaiser, Jyrki Kontio, Werner Kobitzsch||An Industrial Case Study of Implementing Software Risk Management||ACM||Risk Analysis||2001||IT||Software Development|
|Marvin V. Zelkowitz, Ioana Rus||Understanding IV&V in a Safety Critical and Complex Evolutionary Environment: The NASA Space Shuttle Program1||IEEE||Risk Analysis||2001||IT||Software Development|
|Yanping Chen,Robert L. Probert,D. Paul Sims||Specification-based Regression Test Selec-tion with Risk Analysis||ACM||Risk Analysis||2002||IT||Software Development|
|Léa A. Deleris,Debra Elkins, M. Elisabeth Paté-Cornell||ANALYZING LOSSES FROM HAZARD EXPOSURE: A CONSERVATIVE PROBABILISTIC ESTIMATE USING SUPPLY CHAIN RISK SIMULATION||ACM||Risk Analysis||2004||Organization||Supply Chain|
|Darcie Durham, Melinda M. Gallo||Integration Risks for the nternational Space Station and Orbital Space lanel||IEEE||Risk Identification||2004||Organization||Space Agency|
|Gordon Woo||HOMELAND SECURITY GUEST ADDRESS MANAGING THE RISK OF TERRORISM?||ACM||Risk Analysis||2004||Terrorism|
|Gus Rodewald||Aligning Information Security Investments with a Firm's Risk Tolerance||ACM||Risk Analysis||2005||Finance|
|William J. Morokoff||SIMULATION ANALYSIS OF CORRELATION AND CREDIT MIGRATION MODELS FOR CREDIT PORTFOLIOS||ACM||Risk Analysis||2005||Finance|
|William J. Morokoff||SIMULATION OF RISK AND RETURN PROFILES FOR PORTFOLIOS OF CDO TRANCHES||ACM||Risk Analysis||2005||Finance|
|Achal Bassamboo,Sandeep Juneja||EXPECTED SHORTFALL IN CREDIT PORTFOLIOS WITH EXTREMAL DEPENDENCE||ACM||Risk Analysis||2005||Finance|
|Wanmo Kang,Perwez Shahabuddin||FAST SIMULATION FOR MULTIFACTOR PORTFOLIO CREDIT RISK IN THE t-COPULA MODEL||ACM||Risk Analysis||2005||Finance|
|Martin Lorenz, Jan D. Gehrke, Hagen Langer, and Ingo J. Timm,Joachim Hammer||Situationaware Risk Management in AutonomousAgents||ACM||Risk Identification||2005||General|
|Eunice Maytorena, Graham M. Winch, Jim Freeman, and Tom Kiely||The Influence of Experience and Information Search Styles on Project Risk Identification Performance||PROQUEST||Risk Identification||2005||General|
|Sara Albolino,Sebastiano Bagnara||Building a reporting and learning culture of medical failures in a healthcare system||ACM||Risk Identification, Risk Analysis||2005||Healthcare|
|Ian P. Leistikow, MD,Geert H. Blijham, MD PhD||System-based risk analysis in healthcare||ACM||Risk Analysis||2005||Healthcare|
|Rosalind L. Bennett, Daniel A. Nuxoll,Robert A. Jarrow||A LOSS DEFAULT SIMULATION MODEL OF THE FEDERAL BANK DEPOSIT INSURANCE FUNDS||ACM||Risk Analysis||2005||Insurance|
|TOM ADDISON,SEEMA VALLABH,KPMG||Controlling Software Project Risks – an Empirical Study of Methods used by Experienced Project Managers.||ACM||Risk Control||2002||IT||Software Development|
|Audun Jøsang, Daniel Bradley, Svein J. Knapskog||Belief-Based Risk Analysis||ACM||Risk Analysis||2003||IT||Software Development|
|Padmal Vitharana||RISKS AND CHALLENGES OF COMPONENT-BASED SOFTWARE DEVELOPMENT||ACM||Risk Assessment||2003||IT||Software Development|
|Don Gotterbarn and Tony Clear||Using SoDIS™ as a Risk Analysis Process: A Teaching Perspective||ACM||Risk Analysis||2003||IT||Software Development|
|Hazel Taylor||The Move to Outsourced IT Projects: Key Risks from the Provider Perspective||ACM||Risk Analysis||2005||IT|
|Jens Dibbern, Tim Goles||Information Systems Outsourcing: A Survey and Analysis of the Literature||ACM||Risk Response||2004||IT||Software Development|
|Linda Wallace and Mark Keil||SOFTWARE PROJECT RISKS AND THEIR EFFECT ON OUTCOMES||ACM||Risk Identification||2004||IT||Software Development|
|Hélio R. Costa, Hélio R. Costa, Guilherme H. Travassos||A Risk Based Economical Approach for Evaluating Software Project Portfolios||ACM||Risk Analysis||2005||IT||Software Development|
|Zaid Dwaikat, Francesco Parisi-Presicce||Risky Trust: Risk-Based Analysis of Software Systems||ACM||Risk Analysis||2005||IT||Software Development|
|Phillip G. Armour||Project Portfolios: Organizational Management of Risk||ACM||Risk Identification||2005||IT||Software Development|
|Eduardo Saliby, Jaqueline T. M. Marins, Josete F. dos Santos||OUT-OF-THE-MONEY MONTE CARLO SIMULATION OPTION PRICING: THE JOINT USE OF IMPORTANCE SAMPLING AND DESCRIPTIVE SAMPLING||ACM||Risk Analysis||2005||Marketing|
|Nicolas Dulac, Nancy Leveson,David Zipkin, Stephen Friedenthal,Joel Cutcher-Gershenfeld, John Carroll,Betty Barrett||USING SYSTEM DYNAMICS FOR SAFETY AND RISK MANAGEMENT IN COMPLEX ENGINEERING SYSTEMS||ACM||Risk Analysis||2005||Organization||Space Agency|
|Léa A. Deleris, Feryal Erhun||RISK MANAGEMENT IN SUPPLY NETWORKS USING MONTE-CARLO SIMULATION||ACM||Risk Analysis||2005||Organization||Supply Chain|
|Douglas A. Bodner, William B. Rouse, Michael J. Pennock||USING SIMULATION TO ANALYZE R&D VALUE CREATION||ACM||Risk Analysis||2005||Organization||R & D|
|Ye Yang,Barry Boehm,Betsy Clark||Assessing COTS Integration Risk Using Cost Estimation Inputs||ACM||Risk Analysis||2006||Finance|
|Vadim Lesnevski, Barry L. Nelson, Jeremy Staum||AN ADAPTIVE PROCEDURE FOR ESTIMATING COHERENT RISK MEASURES BASED ON GENERALIZED SCENARIOS||IEEE||Risk Analysis||2006||Finance|
|Michael Gordy,Sandeep Juneja||EFFICIENT SIMULATION FOR RISK MEASUREMENT IN PORTFOLIO OF CDOS||IEEE||Risk Analysis||2006||Finance|
|Dalton F. Andrade,Pedro A. Barbetta,Paulo J. de Freitas Filho,Ney A. de Mello Zunino||USING COPULAS IN RISK ANALYSIS||IEEE||Risk Analysis||2006||General|
|Jamie L. Smith Shawn A. Bohner D. Scott McCrickard||Project Management for the 21st Century: Supporting Collaborative Design through Risk Analysis||ACM||Risk Analysis||2005||IT||Software Development|
|Peter Hearty,Norman Fenton and Martin Neil,Patrick Cates||Automated Population of Causal Models for Improved Software Risk Assessment||ACM||Risk Assessment||2005||IT||Software Development|
|John Burton,Fergal Mc Caffery,Ita Richardson||A Risk Management Capability Model for use in Medical Device Companies||ACM||Risk Analysis||2006||IT||Software Development|
|Blair Taylor,Shiva Azadegan||Threading Secure Coding Principles and Risk Analysis into the Undergraduate Computer Science and Information Systems Curriculum||ACM||Risk Identification, Risk Response||2006||IT||Software Development|
|Hazel Taylor||CRITICAL RISKS IN OUTSOURCED IT PROJECTS:THE INTRACTABLE AND THE UNFORESEEN||ACM||Risk Control||2006||IT||Software Development|
|Robert J. Walker, Reid Holmes, Ian Hedgeland, Puneet Kapur, Andrew Smith||A Lightweight Approach to Technical Risk Estimation via Probabilistic Impact Analysis||ACM||Risk Analysis||2006||IT||Software Development|
|John C. Beachboard,Alma Cole,Mike Mellor, Steven Hernandez,Kregg Aytes,Nelson Massad||A Tentative Proposal: Improving Information Assurance Risk Analysis Models for Small- and Medium-Sized Enterprises Through Adoption of an Open Development||ACM||Risk Analysis||2006||IT||Software Development|
|Paul Luo Li, James Herbsleb, Mary Shaw,Brian Robinson||Experiences and Results from Initiating Field Defect Prediction and Product Test Prioritization Efforts at ABB Inc.||ACM||Risk Analysis||2006||IT||Software Development|
|Mingshu Li, Meng Huang, Fengdi Shu, and Juan Li||A Risk-Driven Method for eXtreme Programming Release Planning||ACM||Risk Analysis||2006||IT||Software Development|
|Gang Zhao,Yakun Zhou,Pirooz Vakili||A NEW EFFICIENT SIMULATION STRATEGY FOR PRICING PATH-DEPENDENT OPTIONS||ACM||Risk Analysis||2006||Marketing|
|Achal Bassamboo,Sachin Jain||EFFICIENT IMPORTANCE SAMPLING FOR REDUCED FORM MODELS IN CREDIT RISK||IEEE||Risk Analysis||2006||Marketing|
|Matthias Heindl, Stefan Biffl||Risk Management with Enhanced Tracing of Requirements Rationale in Highly Distributed Projects||ACM||Risk Identification||2006||Organization||Communication|
|wade h. baker, loren paul rees, and peter s. tippett||NECESSARY MEASURES metric-driven information security risk assessment and decision making||ACM||Risk Assessment||2007||Finance|
|S¨oren Blom, Matthias Book, Volker Gruhn, Ralf Laue||Switch or Struggle: Risk Assessment for Late Integration of COTS Components||IEEE||Risk Assessment||2007||General|
|Stephen P. Masticola||A Simple Estimate of the Cost of Software Project Failures and the Breakeven Effectiveness of Project Risk Management||IEEE||Risk Analysis||2007||IT||Software Development|
|Martin Höst, Christin Lindholm||Different Conceptions in Software Project Risk Assessment||ACM||Risk Assessment||2007||IT||Software Development|