IT项目风险管理模式研究

在对风险管理的五个核心子过程和两个附加子过程研究的基础上,结合IT项目的特点和IT项目风险管理所处的阶段的分析,介绍了“P2I2=成功风险管理”的方程式,提出了由风险管理指南(G)、P/T过程模型(P)、风险状态图(S)组成的GPS风险管理框架。     

软件项目风险评估实践

论文旨在说明软件风险评估在软件项目管理中所起的重要作用以及软件风险评估的具体方法。结合笔者的实践经验,从风险管理引出风险评估,并详细描述了风险识别、风险分析以及确定风险优先级的步骤和方法。     

Reconciling user and project manager perceptions of IT project risk: a Delphi study1

Abstract. In an increasingly dynamic business environment characterized by fast cycle times, shifting markets and unstable technology, a business organization’s survival hinges on its ability to align IT capabilities with business goals. To facilitate the successful introduction of new IT applications, issues of project risk must be addressed, and the expectations of multiple stakeholders must be managed appropriately. To the extent that users and developers may harbour different perceptions regarding project risk, areas of conflict may arise. By understanding the differences in how users and project managers perceive the risks, insights can be gained that may help to ensure the successful delivery of systems. Prior research has focused on the project manager’s perspective of IT project risk. This paper explores the issue of IT project risk from the user perspective and compares it with risk perceptions of project managers. A Delphi study reveals that these two stakeholder groups have different perceptions of risk factors. Through comparison with a previous study on project manager risk perceptions, zones of concordance and discordance that must be reconciled are identified.     

Comparing senior executive and project manager perceptions of IT project risk: a Chinese Delphi study

The success rate for information technology (IT) projects continues to be low. With an increasing number of IT projects in developing countries such as China, it is important to understand the risks they are experiencing on IT projects. To date, there has been little research documenting Asian perceptions of IT project risk. In this research, we examine the risks identified by Chinese senior executives (SEs) and project managers (PMs), and compare these two groups. The importance of top management support in IT projects is well documented. Prior research has shown that from the perspective of IT PMs, lack of support from SEs is the number one risk in IT projects. Surprisingly, senior executives' perceptions towards IT project risk have never been systematically examined. One reason why lack of support from senior executives continues to represent a major risk may be that senior executives themselves do not realize the critical role that they can play in helping to deliver successful projects. In this study, we use the Delphi method to compare the risk perceptions of senior executives and project managers. By comparing risk factors selected by each group, zones of concordance and discordance are identified. In terms of perceived importance ascribed to risk factors, PMs tend to focus on lower‐level risks with particular emphasis on risks associated with requirements and user involvement, whereas SEs tend to focus on higher‐level risks such as those risks involving politics, organization structure, process, and culture. Finally, approaches for dealing with risk factors that are seen as important by both SEs and PMs are provided.     

Model-based qualitative risk assessment for availability of IT infrastructures

For today’s organisations, having a reliable information system is crucial to safeguard enterprise revenues (think of on-line banking, reservations for e-tickets etc.). Such a system must often offer high guarantees in terms of its availability; in other words, to guarantee business continuity, IT systems can afford very little downtime. Unfortunately, making an assessment of IT availability risks is difficult: incidents affecting the availability of a marginal component of the system may propagate in unexpected ways to other more essential components that functionally depend on them. General-purpose risk assessment (RA) methods do not provide technical solutions to deal with this problem. In this paper we present the qualitative time dependency (QualTD) model and technique, which is meant to be employed together with standard RA methods for the qualitative assessment of availability risks based on the propagation of availability incidents in an IT architecture. The QualTD model is based on our previous quantitative time dependency (TD) model (Zambon et al. in BDIM ’07: Second IEEE/IFIP international workshop on business-driven IT management. IEEE Computer Society Press, pp 75–83, 2007), but provides more flexible modelling capabilities for the target of assessment. Furthermore, the previous model required quantitative data which is often too costly to acquire, whereas QualTD applies only qualitative scales, making it more applicable to industrial practice. We validate our model and technique in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results with respect to the goals of the stakeholders of the system. We also perform a review of the most popular standard RA methods and discuss which type of method can be combined with our technique.     

基于粗糙集与AHP理论的IT项目风险群决策

针对IT项目的风险管理与群决策过程中存在大量不确定、不完全信息等特征,在传统决策方法的基础上,将粗糙集方法与AHP理论相结合,提出了粗集IT项目风险群决策的基本步骤,并借助粗糙集的原理与方法,通过实例分析探讨了IT项目风险群决策中关于知识表达、属性约简、规则挖掘、方案排序等方法,尤其是引入属性动态权重、专家主观权重、客观权重的概念与计算方法,进而对整个决策排序算法进行了改进。     

贝叶斯网络在软件项目风险评估中的应用

在软件项目生存周期早期或创新型项目的研发过程中,可用的案例数据很少或很不完整,项目风险多由专家经验进行主观评估,给风险的客观度量带来了很大的困难。提出了一种基于贝叶斯网络的软件项目风险评估方法,不仅可度量风险影响程度的风险当量,还能度量出多种风险对某种风险后果的组合影响以及单个风险对整体后果的综合影响,从而增强了软件项目风险的预测和应变能力,为有效地降低风险发生概率、提高软件开发成功率提供了一种新的途径。     

RiskM: A multi-perspective modeling method for IT risk assessment

Stakeholder involvement and participation are widely recognized as being key success factors for IT risk assessment. A particular challenge facing current IT risk assessment methods is to provide accessible abstractions on matters of IT risk that attend to both managerial and technical perspectives of the stakeholders involved. In this paper, we investigate whether a conceptual modeling method can address essential requirements in the IT risk assessment domain, and which structural and procedural features such a method entails. The research follows a design research process in which we describe a research artifact, and evaluate it to assess whether it meets the intended goals. In the paper, we specify requirements and assumptions underlying the method construction, discuss the structural specification of the method and its design rationale, present a prototypical application scenario, and provide an initial method evaluation. The results indicate that multi-perspective modeling methods satisfy requirements specific to the IT risk assessment domain, and that such methods, in fact, provide abstractions on matters of IT risk accessible to both a technical and a managerial audience.     

一种新的软件项目风险智能评价方法

为了克服在无先验知识的情况下,人为选择评价指标的盲目性和确定指标权重的主观性,提出一种基于特征评判与最小二乘支持向量机的软件项目风险智能评价方法。该方法对各传统软件风险评价指标进行特征评判,并根据评判因子的大小选取敏感指标作为支持向量机的输入,实现对不同风险状态的自动识别。实证结果表明,该方法具有很强的鲁棒性,能够从大量的软件项目风险评价指标中筛选出有效的敏感特征,准确评价软件项目风险。     

Emerging expertise in process control

This paper presents a discussion of expertise in process control through a study of power production regulation in a French nuclear power plant. Cognitive research generally characterizes expert process control as the ability to foresee future process states, to select and time appropriate actions, to project their consequences. According to this view, expertise lies in the mental processes that prepare action by envisioning the evolution of events and planning the future course of action to deal with the events. The extensive and detailed in situ observations of expert operators engaged in power production regulation show that expert operators regulate power level through a series of progressively adjusted control actions that are neither extensively planned beforehand nor parametrized in any detail. The activity of power production regulation is understood as the creation of a balanced trade-off between multiple objectives and parameters. The findings of the study suggest that expertise lies also in the interactions between operators and process via the interface and that the balanced trade-off is constructed in the course of this interaction, and not beforehand.     

The Cochran-Weiss-Shanteau performance index as an indicator of upper limb risk assessment expertise

Ergonomists and many other professionals apply ergonomics principles to musculoskeletal health problems. This study examines whether there are differences when it comes to judgement expertise concerning upper limb disorders (ULDs) between ergonomists and those with less ergonomics training. The Cochran-Weiss-Shanteau (CWS) performance index combines judgement consistency with discrimination into one CWS index. Fifty-eight professionals working in the musculoskeletal health area, from four different professions, judged the likelihood of staff complaining of ULDs in a number of written work scenarios containing ULD risk factors. A student group (n = 148) taking an introductory ergonomics module was used as a reference. The ergonomists scored higher on the CWS index than all of the other groups, performing significantly better than all but the occupational health advisors. Performance improved with increased training level but not with experience. This study suggests that ergonomists are quantifiably different from other ergonomics advisors in their judgement performance in this context. Given the global cost of musculoskeletal disorders, assessing the expertise of those giving ergonomics advice for the management of musculoskeletal health is of great significance. This study presents a method for assessing judgement performance in ULD risk assessment, an important part of musculoskeletal health management.     

Crisis IT design implications for high risk systems: systems,control and information propositions

The systems view is presented as a complement to the more traditional scientific approach to help reduce and mitigate risk in high risk systems. Implications for this systemic approach are described, principally in the areas of control and information. Most generally, we investigate how high risk systems use information to maintain control, and how IT systems should be designed to support this activity. Two variations in the systems view – the objective and constructive – are distilled and compared, and for each, the implications for crisis IT systems design are discussed. The limitations of the two variations of the systems view are presented, as is a brief annotated bibliography for further reading about the systems view.     

IT infrastructure capabilities and IT project success: a development team perspective

In this research we investigate how IT infrastructure capabilities are related to IT project success from a development team perspective. We first conduct an extensive literature review and summarize the insights to suggest an IT infrastructure base model. Drawing upon several other bodies of literature, particularly the psychology literature, we then build upon the base model to propose an integrative research model for IT project success that considers both actual and perceived effects of IT infrastructure capabilities. This research model argues that (1) teamwork quality mediates the effect of technical and human IT infrastructure capabilities on IT project success, and (2) team perceptions of both IT infrastructure and team capabilities shape team perceived likelihood of project success, which subsequently affects team commitment that is crucial to IT project success. We also propose a direct-effect model that directly links all constructs to IT project success so that we can test the efficacy of our proposed research model by comparing all three models. We then collect empirical data (n = 91) through an online survey of CIO/CTOs and team leaders. All three models are evaluated and compared using the partial least squares method. The results show strong support for the proposed research model except for two IT infrastructure components. We discuss the practical and theoretical implications of the findings, and suggest several ways this research can be extended.     

Remember the human element in IT project management

The human element is one of the most important but frequently overlooked aspects of managing IT projects. IT managers too frequently view themselves as only technical managers, forgetting that human nature enters into technical situations. Various issues in leadership theory apply to managing IT professionals. I discuss various types of management styles, but the theme that always prevails is that no matter what type of style or combination of styles you choose, set reasonable expectations and strive to keep team members involved.     

Strategic alignment and value maximization for IT project portfolios

Managing project portfolios has been a challenge to many IT organizations due to the size and complexity of their initiatives that are often cross-functional, fast changing, and transformational in nature. A governance process on project solicitation, evaluation, and monitoring is thus essential to ensure the resulting portfolio creates tangible values, balances across priorities, and supports business objectives. An optimization model to streamline the decision processes for IT portfolios and programs is proposed. We consider project characteristics such as the extent of strategic alignment, expected benefit, development cost, and cross-project synergy to maximize the portfolio value. We also consider team proficiency and resource availability to determine a project portfolio that could be implemented within the overall development time. The multi-objective model identifies the optimal mix among project types and the solution procedure efficiently produces recommendations that are superior to those found with current empirical techniques. We also describe an evolutionary algorithm to find approximate solutions to the optimization model. Possible extensions on how the optimization procedure can go beyond projects to also streamline decisions such as the renewal or replacement of in-flight applications is discussed.     

关于信息项目后评价的思考与建议

随着信息技术项目的大规模建设和应用,如何客观、公正地评价其效果成为各方关注的焦点。信息项目后评价已成为项目闭环管理的最后1个环节,评价工作也逐步开展起来。当前评价的重点是项目目标实现程度、项目实施组织管理、应用效果、影响与持续性。虽然通用的项目后评价方法可以应用于信息项目,但操作难度较大。因此,应重视信息项目后评价方法的研究,在实践中探索信息项目后评价的关键要素和指标,形成完善的后评价方法。     

智能工厂工控系统安全风险评估

智能制造是中国制造业转型升级的必由之路,而基于智能制造理念建设的智能工厂,其最核心的支撑架构则是工业控制系统网络。由于工控网络的特殊性,在建设之初对安全风险的评估往往不足,导致其存在安全隐患。因此首先从智能工厂工控系统网络安全的发展现状入手,进而表达了对工控系统网络安全风险评估问题进行研究的必要性和迫切性,然后从风险评估的概念、评估的方法、评估的基本流程、评估的实施、风险值的计算和风险等级划分等方面对工控系统安全风险评估的策略做了一些探索性的总结。