Evaluation of Risk Management Implementation in IT Projects Using ISO 31000 in an ICT Solutions Company

Abstract

Digital transformation in Indonesia is growing rapidly, so many companies require the services of ICT Solutions companies. However, there are not a few IT project risks at PT X that have a high probability of occurrence and impact. PT X is one of the ICT Solution companies in Indonesia. In line with these problems, various studies say that the success of IT projects requires adequate project planning and risk management. The purpose of this study is to evaluate the risk management implementation of information technology projects at PT. X which is an information technology service provider company refers to risk management standards based on ISO 31000:2018. The method used in this research is descriptive qualitative analysis with a case study approach, through interview data collection techniques and document analysis. The results showed that the implementation of the risk management process at PT X had not fulfilled all risk management processes according to ISO 31000:2018. In addition, there are eleven potential risks that must be prioritized. Therefore, we recommend improving aspects of risk management through establishing a policy for implementing project risk management, creating integrated risk management documents, and improving risk evaluation analysis, for the sustainability of the company.