Mohamed Ahmed Salem Hasan Alzaabi, Ali Khatibi, S. M. Ferdous Azam, Jacquline Tham


In this research, strategic risk management of IT projects towards a precise definition of the role of top management has been investigated and conceptualized. The study contributes to the body of knowledge in the area of strategic management in IT projects as there is a shortage of literatures in the area. The study shapes on known theories towards the formation of unknown theories which can serve as grounds for future researches in the area of strategic management of IT projects. The population of the research includes all IT professionals and senior management officials of institutions in UAE with a dedicated IT department and the sample size was determined as 384 respondents, and finally collected 371 altogether. Through a careful analysis of findings, results revealed significant and positive predictive effects of both strategic planning processes and strategic risk integration on IT project environment.


Article visualizations:

Hit counter



IT Project environment, strategic risk management, risk assessment, strategic planning process, strategic risk integration

Full Text:



Abdel-Hamid, T.K. & Madnick, S.E. (1991). Software Project Dynamics: An Integrated Approach. Prentice-Hall, Englewood Cliffs, NJ.

Abdel-Hamid, T.K. (1989). The dynamics of software project staffing: a systems dynamics based simulation approach. IEEE Transactions in Software Engineering, 15; 109-19.

Acharyya M. (2010). The role of operational risk and strategic risk in the enterprise risk management framework of financial services firms. International Journal of Services Sciences, 3(1); 79–102.

AIRMIC, Alarm & IRM (2010). A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000. Available at [Accessed on 1st June 2016]

Akkermans, H. & van Helden, K. (2002). Vicious and virtuous cycles in ERP implementation: a case study of interrelations between critical success factors. European Journal of Information Systems, 11(1); 35-46.

Alhawari, S., Karadsheh, L., Nehari Talet, A. & Mansour, E. (2012). Knowledge-based risk management framework for information technology project. International Journal of Information Management, 32(1); 50-65.

Arena M, Arnaboldi M. & Azzone, G. (2010). The organizational dynamics of enterprise risk management. Accounting, Organizations and Society, 35(22); 659–675.

Baccarinni, D. Salm, G. & Love, P.E.D. (2004). Management of risk in information technology projects. Industrial Management & Data Systems, 104(4); 286-295.

Bakker, K., Boonstra, A. and Wortmann, H. (2009). How risk management influences IT project success. Proceedings IRNOP IX Conference. Berlin, Germany, October 2010.

Bandyopadhyay, K., Myktyn, P., & Myktyn, K. (1999). A framework for integrated risk management in information technology. Management Decision, 35(5); 437-444.

Bannerman, P.L. (2008). Risk and risk management in software projects: a reassessment. The Journal of Systems and Software, 81; 2118-33.

Barki, H. & Hartwick, J. (1989). Rethinking the concept of user involvement. MIS Quarterly, 13(1); 43-63.

Baronas, A.M.K. & Louis, M.R. (1988). Restoring a sense of control during implementation: how user involvement leads to system acceptance. MIS Quarterly, 12(1); 111-23.

Barry, M.L. & Uys, L. (2011). An investigation into the status of project management in South Africa. South African Journal of Industrial Engineering, 22(1); 29-44.

Barton, S.L. (1998). Diversification Strategy and Systematic Risk: Another Look. Academy of Management Journal, 31;166-174.

Beck, T., Levine, R. & Loayza N. (2000). Finance and the Sources of Growth. Journal of Finance and Economics, 58; 261-300.

Besner, C. & Hobbs, B. (2006). The project management tools and techniques: the portrait of current professional practice. Project Management Journal, 37(3); 37-48.

Besner, C. & Hobbs, B. (2012). The paradox of risk management; a project management practice perspective. International Journal of Managing Projects in Business, 5(2), 230 – 247.

Bettis, R.A. (1981). Performance Differences in Related and Unrelated Diversified Firms. Strategic Management Journal, 2; 379-393.

Blaikie, N. (2000). Designing Social Research (1st edition). Cambridge: Polity Press.

Boehm, B., & Bose, P. (1994). A collaborative spiral software process model based on theory ‘W’. In 3rd International Conference on the Software Process (ICSP94), New York.

Boehm, B.W. (1989). Software Risk Management. IEEE, Computer Society Press, Washington, DC.

Brandas, C., Didraga, O. & Bibu, N. (2012). Study on risk approaches in software development projects. Journal of Informatica Economica, 16(3¬);148-157.

Bruckner, M., List, B. & Schiefer, J., (2001). Risk Management for Data Warehouse Systems. Data Warehousing and Knowledge, 2114(Lecture Notes in Computer Science); 219-229.

Bureau of Indian Standards (2011). Risk Management — Principles and Guidelines. Manak Bhavan, New Delhi.

Cardeal, N. & Antonio, N. (2012). Valuable, rare, inimitable resources and organization (VRIO) resources or valuable, rare, inimitable resources (VRI) capabilities: What leads to competitive advantage? African Journal of Business Management, 6(37);10159-10170.

Carson, D., Gilmore, A., Perry, C. & Gronhaug, K., (2001). Qualitative Marketing Research. Sage Publications, London, UK.

Cervone, H.F. (2006). Project risk management. OCLC Systems & Services: International digital library perspectives, 22(4); 256 - 262

Chatterjee, S. & M. Lubatkin (1990. Corporate Mergers, Stockholder Diversification, and Changes in Systematic Risk. Strategic Management Journal, 11; 255-268.

Christiansen, U. (2014). Mixed Risk Management Practices: Insights from Management Accounting and What It Means for Strategic Risk Management. In T. J. Andersen (ed.), Contemporary Challenges in Risk Management. Palgrave Macmillan, a division of Macmillan Publishers Limited.

Clancy, T. (1995). Chaos – IT development projects. Available at: [accessed 24 August 2000]. In Baccarinni, D. Salm, G. & Love, P. E. D. (2004). Management of risk in information technology projects. Industrial Management & Data Systems, 104(4); 286-295.

Clarke C.J., Varma, S. (1999). Strategic risk management: The new competitive edge. Long Range Planning, 32(4); 414–424.

Collins, J. & Ruefli, T.W. (1992). Strategic Risk: An Ordinal Approach. Management Science, 38(12); 1707-1731.

Collis, J. & Hussey, R. (2003). Business Research: A Practical Guide for Undergraduate and Postgraduate Students. Palgrave Macmillan, Houndmills, Basingstoke, Hampshire.

Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2009). Strengthening enterprise risk management for strategic advantage. USA: COSO.

Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2009). Strengthening Enterprise Risk Management for Strategic Advantage.

Cooper, K.G. (1993). The rework cycle: benchmarking for the project manager. Project Management Journal, 24(1); 17-22.

Creswell, J.W. (2009). Research Design: Qualitative and Quantitative Approaches. U.S.A.: Sage Publications.

Crotty, M. (1998). The foundations of social research: Meaning and Perspective in the Research Process. California: Sage Publications

Cule, P., Schmidt, R., Lyyttnen, K. & Keil, M. (2000). Strategies for Leading off is Project Failure. Information Systems Management, 14(2); 68-73.

Cunningham, M. (1999). It’s all about the business. Inform, 13(3), 83.

Dafikpaku, E. (2011). The strategic implications of enterprise risk management: A framework. 2011 Enterprise Risk Management Symposium. Chicago, IL: Society of Actuaries

Damodaran, A. (2008). Strategic risk taking, a framework for risk management. New Jersey: Wharton School Publishing.

Dancey, C.P. & Reidy, J. (2008). Statistics Without Maths for Psychology: Using SPSS for Windows (4th edn). Harlow: Prentice Hall.

Davis, G.B. & Olson, M.H. (1984). Management Information Systems, Conceptual Foundations, Structure, and Development, 2nd ed. McGraw-Hill, New York, NY.

Department of Education, Training and Employment (2012). Enterprise Risk Management Framework 2012–2016: Strengthening our commitment to risk management. Brisbane, QLD: Queensland Government.

Dey, P.K., Kinch, J, & Ogumlana, S.O. (2007). Managing risk in software development projects: a case study. Industrial Management & Data Systems, 107(2); 284 - 303

Drake, J.R. & Byrd, T.A. (2006). Risk in information technology project portfolio management. Journal of Information Technology Theory and Application, 8(3); 1-11.

Easterby-Smith, M., Thorpe, R. Jackson, P. & Lowe, A. (2008). Management Research (3rd Edn.). London, U.K: Sage Publications

Engming, L. & Hsieh, C.T. (1994). Seven deadly risk factors of software development projects. Journal of Systems Management, 36(6); 38-42.

Fowler, J.J. & Horan, P. (2007). Are information systems’ success and failure factors related? An explanatory study. Journal of Organisational and End User Computing, 19(2); 1-22.

Frigo, M. L. & Anderson, R. J. (2009). Strategic Risk Assessment: A first step for improving risk management and governance. Strategic Risk Management, December; 25-33.

Frigo, M.L. & Anderson, R. J. (2011). What is strategic risk management? Strategic Management, April; 21-61.

Fuerst, W.L. & Cheney, P.H. (1982). Factors affecting the perceived utilization of computer-based decision support systems in the oil industry. Decision Sciences, 13(3); 443-69.

Ginzberg, M.J. (1981). Early diagnosis of MIS implementation failure: promising results and unanswered questions. Management Science, 27(3); 349-78.

Glass, R.L. (1998). Software Runaways. Prentice-Hall and Yourdon Press, Englewood Cliffs, NJ.

Gliem, J.A. & Gliem, R.R. (2003). Calculating, Interpreting, and Reporting Cronbach’s Alpha Reliability Coefficient for Likert-Type Scales. Proceedings of the 2003 Midwest Research to Practice Conference in Adult, Continuing, and Community Education, pp. 82-88

Gorecki, J. (2015). Information Technology in Project Management. Studies & Proceedings Polish Association for Knowledge Management, 77; 15-26

Guba, E. & Lincoln, Y. (1994). Competing Paradigms in Qualitative Research. In N.K. Denzin & Y.S. Lincoln (Eds.). Handbook of Qualitative Research. London: Sage Publication, pp. 105–117.

Gulf News (2015). UAE IT market to touch Dh22b by 2019 — Dubai Chamber. [Accessed June 01, 2016] Available at:

Hartman, F. & Ashrafi, R.A. (2002). Project management in the information systems and information technologies industries. Project Management Journal, 33(3); 4-14.

Heskett, J. (2007). What Is Management’s Role in Innovation? Working Knowledge: The Thinking That Leads. Harvard Business School. Available at: [Accessed on 1st June 2016]

Hollis, M. & Smith, S. (1990). Explaining and Understanding International Relations. Oxford: Clarendon Press.

Hong Kong Monetary Authority (2007). Supervisory Policy Manual: Strategic Risk Management (SR-1). [Accessed June 01. 2016:] Available at:

Huang, S.J. & Han, W.M. (2008). Exploring the relationship between software projects and duration and risk exposure: a cluster analysis. Journal of Information and Management, 45(3), 175-182.

Hubbard, D. (2009). The Failure of Risk Management: Why it’s Broken and How to fix it. John Wiley and Sons, NJ.

Hurdle, G.J. (1974). Leverage, Risk, Market Structure and Profitability. Review of Economics and Statistics, 56; 478-489.

Hussey, J. & Hussey, R. (1997). Business research: a practical guide for undergraduate and postgraduate students. Basingstoke: Macmillan.

Irani, Z. and Love, P.E.D. (2001). The propagation of technology management taxonomies for evaluating information systems. Journal of Management Information Systems, 17(3); 161-77.

Jankowicz, A.D. (2005). Business Research Projects (4th edn). London: Thomson Learning.

Javini, B. & Rwenlamila, P.M.D (2016). Risk management in IT projects – a case of the South African public sector. International Journal of Managing Projects in Business, 9(2); 389 – 413.

Jiang, J.J. and Klein, G. (2001). Software project risks and development focus. Project Management Journal, 32(1); 3-9.

Jones, C. (1993). Assessment and Control of Software Risks. Prentice-Hall, Englewood Cliffs, NJ.

Jordan, S., Jørgensen, L. & Mitterhofer, H. (2013). Performing risk and the project: Risk maps as mediating instruments. Management Accounting Research, 24(2); 156–174.

Kaltoff H. (2005). Practice of calculation: Economic representations and risk management. Theory, Culture & Society, 22(2), 69–97.

Kaplan, R.S. & Mikes, A. (2012). Managing Risks: A New Framework. Harvard Business Review, 90(6); 48-60.

Keil, M., Cule, P., Lyytinen, K. & Schimidt, R. (1998). A framework for identifying software project risks. Communication of the ACM, 41(11); 76-83.

Kendrick, T. (2004). Strategic risk: am I doing ok? Corporate Governance: The international journal of business in society, 4(4); 69 – 77.

King, J. (1994). Sketchy plans, politics stall software development. Computer World, 29(24), 81.

Kinnear, P.R. & Gray, C.D. (2007). SPSS 15 Made Simple. Hove: Psychology Press.

Knight. H. (1921). Risk, Uncertainty and Profit. Available at: [Accessed on 1st June 2016]

Koopman, P. (2010). Risk areas in embedded software industry projects. In Marwedel, P., Jackson, J. and Ricks, K.G. (Eds), Proceedings of the 2010 Workshop on Embedded Systems Education, Scottsdale, pp.1-8.

Kozminski, A.K. & Piotrowski, W. (2000). Zarzadzanie. Teoria I Praktyka. Wydawnictwo Naukowe PWN, Warsaw.

Krasner, H. (1998). Looking over the legal edge of unsuccessful software projects. Cutter IT Journal, 11(3); 11-22.

Kutsch, E. & Hall, M. (2009). The rational choice of not applying project risk management in information technology projects. Project Management Journal, 40(3); 72-81.

Kwak, Y.H. & Stoddard, R. (2004). Project risk management: lessons learned from software development environment. Technovation, 24(11), 915-920.

La Pietra, L., Calligaris, L., Molendini, L., Quattrin, R. & Brusaferro, S. (2005). Medical errors and clinical risk management: state of the art. Acta Otorhinolaryngologica Italica, 25(6); 339–346.

Lee, R.M. (1993). Doing Research on Sensitive Topic. London, U.K: Sage Publication

Leitheiser, R.L. & Wetherbe, J.C. (1986). Service support levels: an organized approach to end-user computing. MIS Quarterly, 10(3); 337-9.

Levine. E. (2000). Defining Risks. CA Magazine, 133(3); 45-46.

Maguire, S. & Hardy, C. (2013). Organizing processes and the construction of risk: A discursive approach. Academy of Management Journal, 56(1); 231–255.

Maish, A.M. (1979). A user’s behaviour toward his MIS. MIS Quarterly, 3(1); 39-42.

Marsh, D. & Furlong, P. (2002). A Skin Not a Sweater: Ontology and Epistemology in Political Science. In D. Marsh & G. Stoker (Eds.), Theory and Methods in Political Science (2nd edition), Chapter 1, pp. 17-11.

McAfee, A. (2006). Mastering the Three Worlds of Information Technology. Harvard Business Review, 84(11); 141-149,

Mikes A. (2009). Risk management and calculative cultures. Management Accounting Research, 20(1); 18–40.

Miller K.D., Waller H.G. (2003). Scenarios, real options and integrated risk management. Long Range Planning, 36; 93–107.

Mishra, A. Das, S. & Murray, J. (2015). Managing Risks in Federal Government Information Technology Projects: Does Process Maturity Matter? Production & Operations Management, 24(3); 365-368

Montgomery, C.A. & Singh, H. (1984). Diversification Strategy and Systematic Risk. Strategic Management Journal, 5; 181-191.

Moynihan, T. (2007). How experienced project managers assess risk. IEEE Software, 3(3); 35-41.

Mullen, R.L. (1996a). Information system’s contribution to Value Based Management from the Top. Proceedings of the 1996 Information Resource Management Conference, Washington D.C, pp. 415

Mullen, R.L. (1996b). The evolution of the Other “I” in Information Technology: Impact on Strategic Management. Proceedings of the 1996 Information Resource Management Conference, Washington D.C, pp. 416-417

Nazımoglu, O. & Ozsen, Y. (2010). Analysis of risk dynamics in information technology service delivery. Journal of Enterprise Information Management, 23(3); 350 – 364.

Nehari Talet, A., Mat-Zin, R. & Houari, M. (2013). The challenges in Implementing Risk Management for Information Technology projects. The Society of Digital Information and Wireless Communications (SDIWC), ISBN: 978-0-9891305-2-3.

Nehari Talet, A., Mat-Zin, R. & Houari, M. (2014). Risk Management and Information Technology Projects. International Journal of Digital Information and Wireless Communications (IJDIWC), 4(1); 1-9.

Nelson, R. & Cheney, P. (1987). Training end-users: an exploratory study. MIS Quarterly, 11(3); 437-49.

Nulty, D.D. (2008). The adequacy of response rates to online and paper surveys: what can be done? Assessment & Evaluation in Higher Education, 33(3); 301–314.

Parvatiyar, A. & Sheth, N. (2001). Customer Relationship Management: Emerging Practice, Process, and Discipline. Journal of Economic and Social Research, 3(2); 1-34.

Paul Hopkin, (2018). Fundamentals of Risk Management: Understanding, evaluating and implementing effective risk management 5th edition.

Pati, N. & Daisy, M. S. (2005). Conceptualizing strategic issues in information technology outsourcing. Information Management & Computer Security, 13(4); 281 – 296.

Pawlak, M. (2007). Zarzadzanie Projektami. Wydawnictwo Naukowe PWN, Warsaw.

Pender, S. (2001). Managing incomplete knowledge: why risk management is not sufficient. International Journal of Project Management, 19(2), 79-87.

PMI (2008). A Guide to the Project Management Body of Knowledge (PMBOK Guide), 3rd and 4th ed. Project Management Institute, Newtown Square, PA.

Potter, J. (1996). Representing Reality: Discourse, Rhetoric and Social Construction. London: Sage Publication.

Power, M., Schyett, T., Soin, K. & Sahlin, K. (2009). Reputational risk as a logic of organizing in late modernity. Organization Studies, 30(2-3); 301–324.

Raz, T., Shenhar, A.J. & Dvir, D. (2002). Risk management, project success, and technological uncertainty. Research and Development Management, 32(2); 101-110.

Remenyi, D., Williams, B., Money, A., & Swartz, E. (1998). Doing research in business and management. London: Sage Publications

Richardson, G.L. (2010). Project Management Theory and Practice. Taylor and Francis Group, New York, NY.

Robson, C. (2002). Real World Research (2nd edn). Oxford: Blackwell.

Rocher S. (2011). “Re-Opening the black box”: The story of implementing a risk analysis method in a French local government. Financial Accountability & Management, 27(1); 62–83.

S & P Global Market Intelligence (2016). [Accessed on 1st June 2016].

Sarantakos, S. (1998), Social Research, 2nd ed., Macmillan, Melbourne.

Sauer, C. (1993). Why Information Systems Fail: A Case Study Approach, Henley-on-Thames: Alfred Waller.

Saunders, M., Lewis, P., & Thornhill, A. (2012). Research methods for business students (6th Edn.). Harlow: Pearson Education.

Schneider, M. & Levin, M. (1997). Making the Distinction: Risk Management, Risk Exposure. Risk Management, 44(8); 36-42.

Shand, R.M. (1993). User manuals as project management tools: part 1 – theoretical background. IEEE Transactions on Professional Communication, 37(2); 74-80.

Sicotte, H. & Bourgault, M. (2008). Dimensions of uncertainty and their moderating effect on new product development project performance. R & D Management, 38(5); 468-479.

Silverman, D. (2007). A Very Short, Fairly Interesting and Reasonably Cheap Book about Qualitative Research. London: Sage Publications.

Soin K. (2013). Risk and risk management in management accounting and control. Management Accounting Research, 24(2); 82–87.

Southern, S. (2009). Creating risk management strategies for IT security. Network Security, 13-14.

Standards Australia (1999). Risk Management, AS/NZS 3360:1999. Standards Australia, Strathfield.

Susser, B.S. (2012). How to effectively manage IT project risks. Journal of Management and Business Research. 2(2); 41-67.

Taylor, H., Artman, E. & Woelfer, J.P. (2008). Information technology project risk management: bridging the gap between research and practice. Journal of Information Technology, 27(1); 17-34.

Thomsett, R. (1989). Third Wave Project Management – A Handbook for Managing Complex Information Systems for the 1990s. Yourdon Press, Englewood Cliffs, NJ.

Thomsett, R. (1995). Project Pathology: Causes, Patterns and Symptoms of Project Failure – Training Notes Project Risk Management. Thomsett Company, London.

Thomsett, R. (2001). Extreme project management. Executive Report Abstracts, 2(2).

Turner, R.J. (1999). The Handbook of Project Based Management, 2nd ed. McGraw-Hill, Cambridge.

Verbano, C. & Venturini, K. (2011). Development paths of risk management: Approaches, methods and fields of application. Journal of Risk Research, 14(5); 519–550.

Voetsch, R., Cioffi, D. & Anbari, F. (2004). Project risk management practices and their association with reported project success. Proceedings of 6th IRNOP Project Research Conference, Turku, Finland, pp. 680-97.

Wahlström, G. (2009). Risk management versus operational action: Basel II in a Swedish context. Management Accounting Research, 20(1); 53–68.

Wang, S. (2001). Designing information systems for e-commerce. Industrial Management and Data Systems, 101(6); 304-315.

Ward, S. and Chapman, C. (2003). Transforming project risk management into uncertainty management. International Journal of Project Management, 21(2); 97-105.

Wideman, R.M. (2000). First Principles of Project Management. AEW Services, Vancouver, BC Corporation.

Willcocks, L. & Graeser, J. (2001). Delivering IT and E-business Value, Computer Weekly Series. Oxford: Butterworth and Heinemann.

Willcocks, L. & Griffiths, C. (1997). Management and risk in major information technology projects. In Willcocks, L., Feeny, D. & Iseli, G. (Eds), Managing IT as a Strategic Resource, McGraw-Hill, Maidenhead.

Woods M. (2009). A contingency theory perspective on the risk management control system within Birmingham City Council. Management Accounting Research, 20(1); 69–81.

Yang, Y.H. (2001). Software quality management and ISO 9000 implementation. Industrial Management & Data Systems, 101(7); 329-38.

Yin, R.K. (2003). Case Study Research: Design and Methods. (3rd Edn.). Thousand Oaks, C.A: Sage Publications.

Yoon, Y., Guimaraes, T. & O-Neal, Q. (1994). Exploring the factors associated with expert systems success. MIS Quarterly, 19(1), 83-106.

Yourdon, E. (1996). Tools and processes for death march projects. Cutter IT Journal – Application Development Strategies, 8(12); 27-35.

Zhi, H. (1994). Risk management for overseas construction projects. International Journal of Project Management, 13(3); 231-237.


Copyright (c) 2020 Mohamed Ahmed Salem Hasan Alzaabi, Ali Khatibi, S. M. Ferdous Azam, Jacquline Tham

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

The research works published in this journal are free to be accessed. They can be shared (copied and redistributed in any medium or format) and\or adapted (remixed, transformed, and built upon the material for any purpose, commercially and\or not commercially) under the following terms: attribution (appropriate credit must be given indicating original authors, research work name and publication name mentioning if changes were made) and without adding additional restrictions (without restricting others from doing anything the actual license permits). Authors retain the full copyright of their published research works and cannot revoke these freedoms as long as the license terms are followed.

Copyright © 2015 - 2018. European Journal Of Social Sciences Studies (ISSN 2501-8590) is a registered trademark of Open Access Publishing Group. All rights reserved.

This journal is a serial publication uniquely identified by an International Standard Serial Number (ISSN) serial number certificate issued by Romanian National Library. All the research works are uniquely identified by a CrossRef DOI digital object identifier supplied by indexing and repository platforms. All the research works published on this journal are meeting the Open Access Publishing requirements and standards formulated by Budapest Open Access Initiative (2002), the Bethesda Statement on Open Access Publishing (2003) and  Berlin Declaration on Open Access to Knowledge in the Sciences and Humanities (2003) and can be freely accessed, shared, modified, distributed and used in educational, commercial and non-commercial purposes under a Creative Commons Attribution 4.0 International License. Copyrights of the published research works are retained by authors.


Hit counter