Risk and error in IS/IT projects: going beyond process

The purpose of this paper is to examine the effectiveness of qualitative project risk management processes as used in IS/IT projects. Risk management is widely identified as one of the key processes within project management, and previous empirical evidence, combined with high levels of project failure, has questioned whether the prevailing approaches to managing project risks are indeed effective. The research problem of investigating the extent to which project managers over- and underestimate risks and the causes for misestimating risks was empirically investigated in the context of IT/IS projects within organisations such as computer service providers (CSPs). The results from studying IS/IT projects show that managers consistently both over- and underestimate risk and that even when a risk is identified, there are behavioural modifiers that intervene in the effective management of these risks.