Skip to main content


Risk and risk management in software projects: A reassessment


Paul Bannerman



Controlling risk in software projects is considered to be a major contributor to project success. This paper reconsiders the status of risk and risk management in the literature and practice. The analysis is supported by a study of risk practices in government agencies in an Australian State, contributing to a gap in research in the public sector. It is found that risk is narrowly conceived in research, and risk management is under-performed in practice. The findings challenge some conventional conceptions of risk management and project management. For example, it was found that software projects do not conform to a uniform structure, as assumed in much of the literature. This introduces variations in the risk and project management challenges they face. Findings also suggest that formal project management is neither necessary nor sufficient for project success. It is concluded that risk management research lags the needs of practice, and risk management as practiced lags the prescriptions of research. Implications and directions for future research and practice are discussed.

BibTeX Entry

    author           = {Bannerman, Paul},
    number           = {12},
    month            = dec,
    volume           = {81},
    year             = {2008},
    keywords         = {software projects, risk management, project management, threat management},
    title            = {Risk and Risk Management in Software Projects: A Reassessment},
    pages            = {2118--2133}


Served by Apache on Linux on seL4.