Skip to main content


Risk implications of systems & software project organisation structures


Paul Bannerman



Risk management is a function that is common to systems and software engineering and integration projects, offering the potential to significantly contribute to delivery outcomes. However, prior research indicates that while awareness of the importance of risk management is widespread, theoretical support and application in practice remain underdeveloped. This presentation reports on new research that highlights a source of risk that has received little attention in the literature or practice; namely, the structuring of systems and software work within the context of major organisational stakeholders.

Current research has tended to focus on systems and software processes, ignoring how these activities are structured other than to assume they are organised as a ‘project’, according to best practice. The research reported in this presentation suggests this may be a false and ‘risky’ assumption. Indeed, the structuring of systems and software projects may introduce additional deeply embedded risks that have been previously undetected and left uncontrolled. In addition to highlighting these risks, this research is important because, in relating to projects, it impacts almost all systems and software endeavours.

Specifically, three central propositions are discussed: 1. Projects are not uniformly structure 2. Project structure matters 3. Governance can mediate structures and mitigate structure-related risks

Prior research by the author encountered unexpected findings relating to the organization of systems and software projects. It was found that organisations do not use a uniform project structure as assumed in best practice bodies of knowledge. Rather four distinct forms were identified: pure project; operational activity; hybrid form; and breakthrough event. Each has different risk implications. Risk profiles were developed for each form, resulting in a set of twenty one project structure-related risk factors. The factors are illustrated with case examples.

A complication in managing these risks, however, is that structure-related risks are often invisible within projects or cannot be effectively controlled within a project when they arise between structural entities involved in the project. Being external to the project itself, project governance is ideally positioned to mediate (bridge) different structural entities in a project (such as the project itself, the parent organisation and any influencing organisations such as client organisations and providers) and oversee the mitigation of structure-related risks to improve overall project outcomes. Case examples are provided to illustrate structure-related issues in software projects and the role that project governance might play.

Without such a mechanism to manage structure-related risks, we will continue to build deeply embedded risks into software projects before they actually start. Implications for research and practice are discussed as well as directions for future research. This research extends our understanding of risk and can help improve outcomes in systems and software activities.

BibTeX Entry

    booktitle        = {Improving Systems and Software Engineeering Conference (ISSEC)},
    author           = {Bannerman, Paul},
    month            = aug,
    year             = {2009},
    title            = {Risk Implications of Systems \& Software Project Organisation Structures},
    address          = {Canberra, Australia}


Served by Apache on Linux on seL4.