Information System Project Management: Risk

people using laptop
  1. What does the level of “uncertainty” have to do with risk? If a risk, no longer has a level of uncertainty, is it still a risk – why or why not?

The level of uncertainty significantly impacts risk with information systems project management. Risk, defined as an event that can have a positive or negative impact on project objectives, pertains to something that can occur thought the lifecycle of the project (Fuller, Valacich, George, Schneider, 2019). The uncertainty of the risk is what leads to the necessity of planning for that risk to occur. When a risk has a high level of uncertainty, the possible ramifications of that risk are unknown, as it probably hasn’t happened before (or hasn’t been researched enough). If a risk has a very low level of uncertainty, the risk could have already happened before; this would classify it as an issue. When it comes to project management, a risk’s chance of occurrence controls the possible consequences of the risk, as well as how to control or utilize its positive or adverse effects.

  • Although risk can have both negative and positive consequences, why do you think many project teams tend to focus on negative risks?

While it is true that a risk can have positive and negative effects, the negative effects are what directly hinder a project’s success. While the learning opportunity presented when a risk occurs can indeed strengthen future project’s, something such as a security risk due to an update on a system which communicates with the system that a project is working on can cause an abundance of issues, potentially even bringing the project to a halt. The positive consequences of a risk should be utilized to their full potential; however, the planning for such an event should be primarily focused on what can go wrong when the risk occurs, not what we can learn from it or how we can use it to better our current project deliverables and stay on schedule.

  • What is “risk management,” and why is it important in the project environment?

Risk management is the method of identifying, characterizing, planning, and mitigating the numerous risks we may encounter during a project. As with any project, whether information systems-related or not, things can and will go wrong. Similar to managing budgets and schedules, ensuring that there are backup reserves of both time and funds, risk management plans for the worst, then ensures it can recover from the event. Without proper risk management and documentation, even a well-oiled project can go off the rails, promoting project managers and team leaders to inappropriately react to unexpected occurrences instead of adapting to them, using pre-built risk management strategies.


Fuller, M. A., Valacich, J. S., George, J. F., & Schneider, C. (2019). Information Systems Project Management: A Process Approach, Edition 2.0. Prospect Press, Inc.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s