Evaluating the Impact of Risks in the Implementation of it Projects in Federal Institutes of Education, Science and Technology of Brazil at the Light of Brazilian Experience

Evaluating the Impact of Risks in the Implementation of it Projects in Federal Institutes of Education, Science and Technology of Brazil at the Light of Brazilian Experience

Daniel Cândido De Oliveira

Program in Computational Modeling & Systems Federal University of Tocantins

Palmas TO, Brazil

Jadson Viera de Oliveira

Program in Computational Modeling & Systems Federal University of Tocantins

Palmas TO, Brazil

Selma Regina Oliveira Martins

Program in Computational Modeling & Systems Federal University of Tocantins

Palmas TO, Brazil

Abstract: This paper aims to assess the impact of risks on project management of informational technology at the light of the implementation of the datacenters in Federal Institutes of Science, Education, and Technology of Brazil. For this, a survey was developed from the specialized literature, in which the main risks and their impacts were extracted in project management. Then, in order to confirm the state of the art, an exploratory case study in the Federal Institutes that had implanted and concluded datacenters was done. The data was collected through an array of trial in which experts issued their opinions about the main impacts caused by the risks in the implementation of an IT project. The data was satisfactory, validating the proposal.

Keywords: IT Project Management, Risk, Datacenters Impact

1. INTRODUCTION

   Today, informational technology has become essential to the growth of organizations, adding value to the proposed activity of each organization [7] [9], according to this, its necessary to consider that the success of these projects rely heavily on good management, ranging from financial to marketing aspects. Literature on the management of IT projects is a widely discussed issue, given that the effective control of any project is of great importance, as informational technology evolves rapidly and, as this growth occurs, bigger is the impact on the management strategies and operational changes that are essential to the implementation of the project [2]. It is commonly presented in various clippings theoretical models to manage projects, such as PMBOK, ITIL, COBIT, CMMI, among others, each in its own way, has the same goal, which is nothing but to infer best practices for project management [7] [11]. Each of these framework

   previously cited presents, among others, a concern in common, which is determining the impact that the project may cause to the organization, thus it is necessary evaluation of the risks surrounding these projects.

   The risk of the project is an uncertain event or condition that, if it occurs, it shall have a positive or negative effect over at least one goal of the project, with time, costs, scope, or quality [6]. The management of risks, not a simple action, but a complex process that normally causes impacts on great scales, once it permeates the entire organization. Risks management is firstly important to decide whether a IT project must or not be executed [11], aim to reduce the risks by increasing the chance of success for the mentioned projects [1], decreasing the disturbance and consequently reducing the negative impacts, if they occur.

   The risk management process involving a IT project is considered relevant by both professional and academic environment. The risks associated to informational technology are often not technological [5] and the process of risk assessment of IT projects are conducted by humans [4][10], by interviews and meetings with stakeholders, often the amount of considered variables is such that the process becomes a task that consumes a lot of time and resources and, consequently, leads to errors of judgment. The success of the implementation of a project can be raised as it is possible to identify the main uncertainty at each stage of the development process, such as planning strategies to deal with the range of possible outcomes "(Alter and Ginzberg, 1978 apud [3]).

   This paper aims to be an useful tool to aid in decision making and risk management. For this end, it focuses on the Federal Education, Science, and Technology of Brazil and

   shows, in this context, an assessment of the impacts of risks in implementing IT projects. For this, it presents a theoretical approach that justifies the research, and presents expert opinion, with technical and scientific knowledge, where data regarding the experiences of similar implementations are ascertained from the judgment matrix, through the suitable statistical treatment. Therefore, at the end of this article it will be possible to compare the state of the art and the state of practice, thus assisting in the management of risk in this context and making decisions.

2. METHODOLOGY

   In this section we present the conceptual model (Figure

   1) and presents the hypotheses to be verified in the course of work.

   Figure 1: Conceptual Model

   In fact, the risk is not a problem, but a possibility that something may happen in the future, as well as the effect the project. The effects may be negative, for example, with increased costs, or positive, for example, when the delay of the arrival schedule provides a new more efficient and less costly technology. The risk can not be eliminated, it is part of any project, not all risks are known and their existence can provide learning and development of new solutions. From literature were found variables that make up the conceptual model of this study, just as its hypothesis.

   Independent variables: people, process, technological resources, and organizational planning.

   Dependent variables: informational technology projects will be evaluated as dependent variables, in particular, a practical evaluation of the implementation of Datacenters under the Federal Institutes of Technology. The hypothesis for the research is presented as following.

   Research Hypothesis: Project risks might cause greater or lesser impacts to the organization. The method for validating the conceptual model is presented below.

3. METHOD FOR VALIDATION FOR MODELING

   This article proposes a model to present clearly the variables involved and the relationship thereof. At first it was created a survey that was extracted from the specialized literature, data for building the conceptual model as well as the main risks and their impact on management of IT projects. Then, in order to validate the model, an exploratory case study was done about the Federal Institutes, in particular those who had been held for implemented and completed Datacenters projects. For the case study experts were consulted in the respective projects and data was collected through an array of judgment, where such specialists might send their opinions concerning the main impacts caused by risks in the deployment of a IT project. The initial step was to seek the light of the literature on risk management projects, in particular, applied to

   informational technology projects. For such bases as IEEE, ScienceDirect and ACM Digital Library.A from the literature, the main risks of projects involving information technology were consulted, and they were treated by being grouped into the following investigated categories: people, processes, resources technological, organizational and project.

   Once the goal of this article is to verify the impact of the risks at the light of Brazilian experience in Federal Institutes, the second step was to conduct a survey through which data was collected with professionals involved in the mentioned institutes. Professionals were contacted through a mailing list involves prfessionals from the Brazilian federal information technology institutes, from these professionals, in which fifteen of them responded. Data were extracted from a matrix of judgment, in which the experts with scientific and technical knowledge about the object of study, answered questions by assigning values of greater or lesser impact of risks presented to them. As the universe of experts had different profiles, responses were validated taking into account both the level of greater or lesser participation of experts in specific datacenter projects in the institute to which it is loaded, as well as the professional in question was directly involved in project management and in implementing the same. The results are presented below and they show the relation between the results pointed by the research at the light of literature and the views expressed by experts presented based on the conceptual model previously presented.

4. APPLICATION AND ANALYSIS

   In order to achieve the proposed objective and thus solve the research problem, it was shown in the literature the main risks that can impact the management of IT projects [1][2][3][4][5][7][8][9][10][11]. Due to the amount and observed similarity between them, they were grouped into five categories as shown in the following Table 1:

   TABLE 1. RISKS TO THE IT PROJECTS

   	A: People	B: Processes	C: Technologica l Resources	D: Planning	E: Organizational
   1	People	Processes	Unsuitable	Project	The view of
   	involved	of the	technology or	without	the managers
   	with lack	project	badly	clear	disagrees with
   	of	not	dimensioned.	goals.	the need of
   	experien	connected			the project.
   	ce and/or	to the
   	qualificat	business
   	ion.	project.
   2	Vague	Inappropr	Not	Unsuitab	Management
   	definitio	iate order	previewed	le	takes
   	n of the	of the	maintenance.	motivati	decisions
   	responsi	implemen		on for	without the
   	bilities	tation		the	right technical
   	for	process.		project.	basis.
   	involved
   	people.
   3	External		Dependence	Changes	Insufficient

   	organizat ions (like suppliers ) do not provide adequate training.		on Technologies of external organizations .	of goals during the project.	budget.
   4			Technologies with low scalability.	Wrong analysis of requirem ents.
   5				Wrong analysis or inaccurat e estimate of deadline s
   6				Immatur e impleme ntation of the Project.

   Figure 2: Graphic evaluation of the impacts of hazards. 1. No impact; 2. Low impact; 3. Average impact; 4. High impact; 5. Highest impact.

   Still, the same evaluation methodology was applied to the responses grouped by categories submitted. The Figure 3 below shows the result of this analysis:

   Once this data collection was done and considering the proposed methodology to search the importance of these risks in practice, such risks were presented in shape of a judgment matrix for specialists of several Federal Institutes, which validated or not each risk and pointed the impact they can cause to the risk management of IT. To which the answers were consistent and relevant for this work, the questionnaire that was submitted contained two control issues, the first checked whether the institute in which the respondent had deployed datacenter was packed, as this was the reference design for evaluating impact. The second measured the respondent's participation in the implanted datacenter design. This research had a positive return of experts and fifteen responses were received. However, considering the issues of control and validation factors, responses of respondents from institutions were discarded, where there was no implanted datacenter, as well as the responses from those that declared not having, or having had little participation in the project of datacenter implementation. It means that, for a consistent and relevant result to the survey, only the responses of the interviewed people who had participation as managers of the project, or active participation as a team were considered, in a total of five responses. For best viewing, a plot was constructed based on previously presented in Table 1. To assign a final value was considered the mean of the responses and, where we were struggling a final answer, was also considered a fashion among the answers. The result is presented in the following Figure 2:

   Figure 3: Impact assessment by risk groups. 1. No impact; 2. Low impact;

   3. Average impact; 4. High impact; 5. Highest impact.

   The results show that the risks ascertained in theoretical survey actually match with actual risk, since the answers given by experts attribute considerable weight for the same. Yet, when comparing the data collected through theoretical framework and the answers given by experts, based on their experience with projects in the area and in the specific context, can attest to the hypothesis presented: Project risks causing greater or lesser impact on the organization . In general, the risks presented were considered to have a high degree of impact on the organization, except in the category planning that was considered medium impact, as well as any risk presented was considered zero impact.

   Despite all the risks disclosed having had similar weights after statistical treatment, it is important to emphasize that the risk was considered the greatest impact was "inadequate or poorly sized technology," rather than as a risk term changes of goals. However, the literature is rife with risks of greatest concern in the planning, as there is an understanding that the same reduction in this step reduces the risks in the following steps. So even the experts recognizing these risks, there is a slight discrepancy

   regarding the importance attributed by the literature and the weights assigned by the experts. In this respect, this effect can be considered a reflection of management of IT projects with a lot more technological vision than the managerial point of view. To better investigate this point, fit new future work which will check such factors more specifically.

5. CONCLUSION AND IMPLICATIONS

This article aims to assess the impact of risks in the implementation of IT projects at light of the experience of the Brazilian Federal Education, Science and Technology. For that, a search of the main risks of IT projects in the light of the literature was conducted. The study examined whether the state of the art reflected the state of the practice through a survey of experts with technical and scientific knowledge of the area. For this, there was an exploratory study, seeking within the Federal Institutes, experts who could answer questions about the impacts of risks, based on the implementation of datacenter within the institutes. The data collected from the experts through trial matrix validated the presented proposal, once the risks were evaluated by experts who attributed values to their impacts. Thus, a positive answer came up as a hypothesis tested by this study, since experts have validated the risks posed by assigning value as each of these risks causing greater or lesser impact on the organization.

However, although the responses of experts agree with the risks posed from the theoretical framework, with the same survey revealed that there is a dissonance with respect to the weight of impacts. Experts gave more weight to issues of technological resources, while literature addresses with greater emphasis on planning issue, this may be a reflection of a characteristic management professionals, technicians more than being managerial. This work shows satisfactory results and can be used by management as a tool to aid decisions regarding the management of risks in IT projects, mainly for cases similar to the one presented, as known, the implementation of datacenter. Finally, for the presented dissonances, we suggest that future studies may present motivation on this misalignment between theory and practice in managing IT projects.

REFERENCES

1. Aris, SRS; Arshad, NH; Mohamed, A., 2008. Risk Management Practices in IT Outsourcing Projects.ITSim,. (Volume: 4). Available in: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4631922. Accessed in November 10, 2013.

2. Baccarini, D., Salm, G., Love, PED, 2004, Management of Risks in information technology projects, IndustrialManagement & Data Systems, Vol. 104 Iss 4 pp. 286-295. Available in: http://dx.doi.org/10.1108/02635570410530702 Accessed in August 16, 2014

3. Bakker, K., Boonstra, A., Wortmann, H., 2009 Does Risk Management Contribute to IT project success? A meta- analysisofempiricalevidence. Available in:http://www.sciencedirect.com/science/article/pii/S026378630900 0787. Accessed in: August 16, 2014.

4. Bartolini, C., Wickboldt, JA, Bianchin, LA, Lunardi, RC, Andreis, FG, Santos, RL, Lamb, LC, Sousa, ALR, Granville, LZ, Gaspary, LP 2010 Computer-Generated Comprehensive Risk Assessment for IT Project Management. Available at: http:

   //ieeexplore.ieee.org/stamp/stamp.jsp tp = & = arnumber 5488498.Acesso in: November 10, 2013.

5. Bobst, BJR (1988), How to Manage the Risks of Technology, Journal of Business Strategy, Vol. 9 Iss 6 pp. 4 – 7.Disponível in: http://dx.doi.org/10.1108/eb039262 Accessed August 16, 2014

6. PMBOK Guide Um Guia do Conjunto de Conhecimentos em Gerenciamento de Projetos. 3rd Edition. 2004. Available at: http://www.pm.am.gov.br/opms/members/tmp/pm6/pmbok/PMBOK 3rdPortuguese.pdf. Accessed in: November 10, 2013.

7. Guiling, L., Xiaojuan, Z. 2011 Research on the Risk Management of IT in Project.Disponível: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5882002. Accessed in: November 10, 2013.

8. Liu, S., Wang, L., 2013, Understanding the Risks of impact on performance in internal and outsourced information technology projects: The role of strategic importance. Available in http://www.sciencedirect.com/science/article/pii/S026378631400013 1 Accessed August 2014.

9. Tarouco, HH, Graeml, AR, 2010 2010 Governança de tecnologia da informação: um panorama da adoção de modelos de melhores práticas por empresas brasileiras usuárias. Available in: http://www.rausp.usp.br/busca/artigo.asp?num_artigo=1416. Acessoem: November 10, 2013.

10. Wan, J., Zhu, S., Wang, Y. 2008 Empirical analysis on risk factors of IT service management project implementation. Available at: http: //ieeexplore.ieee.org/stamp/stamp.jsp tp = & = 4681002 arnumber?. Accessed in: November 10, 2013.

11. Zheng, Q. Qingchen, S. 2008 riskmanagement in IT Project`s Establishment. School of Information Management & engineering.Disponível in:

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4603467. Accessed on: November 10, 2013.