Formation of the system of integrated risk appetite management during it project implementation

Abstract

The object of research is the risk appetite of an IT project. It is important for the implementation of an IT project to determine the critical values of indicators important for the activity, which predetermines the need to define and manage risk appetite. Risk appetite management in the implementation of an IT project directly affects its successful implementation and requires theoretical and methodological foundations for its consideration in the project management system. By establishing risk appetite, the project manager determines how much risk s/he is willing to take in order to achieve the key goals of the project. The definitions of "risk appetite", "risk tolerance", "risk appetite" in the implementation of IT projects have been clarified. It is determined that risk appetite should be considered as an integral set of IT project risk, which affects the achievement of the set goals: completion of the project in time, volume and budget that have been agreed. Risk tolerance defines acceptable limits for individual operational risks of the project. This will allow project participants to understand the limits of their authority and responsibility in risk management. A survey of project managers was conducted on their understanding of risk appetite and its use in project management. As a result, the most significant risks and the most used indicators and methods for establishing the risk appetite of IT projects were identified. This made it possible to generalize the experience of establishing and using risk appetite in IT projects. Also, based on the results of the study, an integrated risk appetite management system for the implementation of an IT project is proposed. This will allow balancing the permissible risk limits and the desired goals of its implementation during the implementation of the IT project. At the same time, an important place is occupied by taking into account the interests of stakeholders and their vision of the results, taking into account the risks. The findings reported here could make it possible to systematize risk management of IT projects and determine it as part of a single integrated project management process