Abstract
Background: Knowledge-based risk processes are turning into a major aspect inside establishments because they can limit the likelihood and effect of information technology (IT) project threats and catch opportunities amid the life cycle of an IT project.
Objectives: The objective of the article is to propose a model that describes the amalgamation of knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) and knowledge-based risk repositories to support risk identification.
Method: This article adopts a quantitative research approach using surveys, with questionnaires composed from 135 employees in 10 IT companies in Jordan. The researchers employed smart partial least squares analysis to examine all of the hypotheses.
Results: The results propose that the adoption of knowledge-based risk capture and knowledge-based risk discovery has a positive impact on risk identification, which is mediated by knowledge-based risk repositories.
Conclusion: Knowledge-based risk processes and knowledge-based risk repositories are generally utilised as a part of IT projects to effectively and successfully support risk identification.
Introduction
In the present profoundly aggressive and quickly changing worldwide economy, the world is seeing real turbulence. Many companies have restructured themselves, merged, applied for bankruptcy, bought other companies or applied radical layoffs. These acts have resulted in decreasing available resources to all departments and increasing risks (Alhawari et al. 2012). In response, organisations have begun to focus on and implement a broader diversity of risk identification methods. Further, Holsapple and Joshi (2002) note that for establishments to have a long-lasting competitive gain, companies must be knowledge driven. Knowledge management (KM) processes must be a strategic supply for establishments. Knowledge management can have a large effect on decreasing organisations’ risks (Karadsheh et al. 2008).
Moreover, enterprises are confronted with new and distinctive sorts of risks consistently, because of changes to the worldwide environment. These progressions may introduce new or increase current risks to companies. The source of risks incorporates both inside and outside environments. Unsafe situations, if not overseen properly, can contrarily influence the presence and fate of enterprises.
The administration of risks in projects is a developing area of interest. It has been determined that risk management (RM) can lead to a range of benefits for both projects and organisations (Aloini, Dulmin & Mininno 2012). It delivers direction for decision-making concerning different choices for a project, increases assurance in the accomplishment of a project and decreases the risk of unforeseen measures, which might introduce postponements and additional expenditures.
Moreover, our own personal and professional lives encompass risks; possible issues can happen, and most assignments require convoluted procedures or procedures (Alhawari et al. 2012). It has been noted that risks and RM influence the achievement of IT projects, according to the current project management literature (Didraga 2013). Knowledge about RM is becoming vital to successfully dealing with difficulties in projects. Risk management is an imperative part of the project management process, and it is expected to implicitly work in favour of project achievement (Didraga 2013). From this perspective, it has been stated that for organisations to manage knowledge effectively, it is critical to record various actions and take into account project experiences as a basis for the success of possible projects. The transfer of knowledge gained through projects is one of the most important tasks because it helps organisations to be successful in future projects (Sadaba et al. 2014).
Recently, it was stated that risk examination should not only be conducted at the start of the project but also that the risk should be updated occasionally if the project is long or if important changes take place (Sadaba et al. 2014).
Knowledge-based risk processes identify the occurrence of risks and take actions in advance. Knowledge-based risk processes include two processes, knowledge-based risk capture and knowledge-based risk discovery. Risk capture and discovery in a project should be conducted in a way that closely considers the progress and characteristics of the individual project. To do so, it is important to take a stance from which one can purposely capture and discover risks that have to be taken or are advantageous while avoiding unnecessary or disadvantageous risks.
Consequently, to accomplish a task or process effectively, it appears important to have reasonable and correct knowledge to make the proper choices and reactions amid the execution. Risk management is the identification, assessment and prioritisation of risks followed by the coordinated and economical application of resources to reduce, monitor and control the possible impact of unfortunate events or to maximise the realisation of opportunities (Lee 2014). In another study, RM could be employed to increase the success level of new product development projects because of their highly complex nature (Porananond & Thawesaengskulthai 2014). Recently, it was observed that since 2000, the publication of papers on risk ranking and analysis has increased, especially about multicriteria decision-making techniques (Denas 2015).
In this article, it is contended that knowledge is certainly required and should be coordinated precisely with RM processes to guarantee precise execution. To incorporate KM with RM process, the connection amongst knowledge and risks has been analysed to create a coordinated framework.
Additionally, based on a study by Shaw (2005), KM as a tool can clearly enhance RM operation with respect to data and information controlling, risk-knowledge distribution, investigation alliance and recording. Risk management is a discipline that businesses can no longer afford to overlook. Recently, the weaknesses and strengths of software risk assessment tools were assessed (Sharif, Basri & Ali 2014). Some weaknesses were shared amongst most tools, for example the risk prioritisation process was either not available or inadequate and risk identification techniques were not applied. Generic risk was described as the exposure to an uncertain situation that can have an effect that deviates from what is expected (Desai 2015). From this perspective, to improve risk identification, we tested the relation between knowledge-based risk processes and knowledge-based risk repositories. The objective of organisations is to consider knowledge-based risk repositories to enhance the efficiency of risk identification by considering knowledge-based risk processes. The purpose is to get the most complete, comprehensive and appropriate knowledge about risks to be able to respond quickly to the environment surrounding the organisation.
In tending to the issue, this study will centre around the difficulties experienced when executing risk identification. The absence of knowledge-based risk process (knowledge-based risk capture and knowledge-based risk discovery) reinforcement for risk identification has caused numerous project disappointments in the past. The goal is to suggest a theoretical framework of knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) that integrates knowledge-based risk repositories and risk identification. Unfortunately, many organisations have lost sight of competitive advantages as an effective way to grow and compete with domestic and global competitors. Organisations must minimise risks by appropriately managing knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) and knowledge-based risk repositories.
While numerous studies related to models of knowledge-based risk processes, knowledge-based risk repositories and risk identification have been conducted, there is a definite lack of academic efforts addressing the issue of the relationship between knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery), knowledge-based risk repositories and risk identification in developing countries. This investigation tries to add to this territory by tending to one of the concerns related to knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery), knowledge-based risk repositories and risk identification and by providing an effective model for risk identification.
This study examines the relationship between knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) and knowledge-based risk repositories and their influence on risk identification. The hypothetical and observational ramifications of the proposed model delineate the critical nature of this investigation.
Literature review
Knowledge-based risk processes
Knowledge management and the associated risks require noteworthy consideration inside within the mainstream of twenty-first century organisations. Knowledge RM is an emerging field that suggests a solution to the problems connected with conventional RM methods. Individuals who do not know enough about the risk will not anticipate the consequences of a complex environment (Massingham 2010). An organisation cannot deal with its perils successfully if it cannot deal with its knowledge. Numerous projects have failed because of an absence of information amongst the project team or an absence of learning sharing while the project is ongoing (Neef 2005). Project let-down can be a result of acquiring suitable knowledge at an unsuitable time (Fuller, Valacich & George 2010). Without knowledge management as an instrument to link risks amongst members of the project crew, RM might suffer from ineptness and inadequacies (Schwalbe 2014).
Project risk management
Existing studies have recognised project RM and adopted KM to manage project risks. As an example, the notion of KM was introduced to the development of risk project management in the article by Tah and Carr (2001), presenting projects utilising the common dialect of a progressive risk breakdown and dealing with the risk repository considering database innovation. Furthermore, Serpella et al. (2014) noted that one of the major roles assumed by the project manager is the management of project risks. Risk management in the creation of projects is full of deficiencies that affect its efficiency as a project management goal and, in the end, the project’s performance.
Moreover, the assumptions on which RM in project management methodologies is based are often incorrect for IT projects (Didraga 2013). Still, specific RM actions are frequently applied to IT projects. A gathering of project RM processes and subsidiary approaches has been suggested in the past, prompting the need to comprehend under what circumstances each of them ought to be utilised and to enhance the risk knowledge procedure to arrive at the predictable outcome (Cagliano, Grimaldi & Rafele 2015).
Risk management practices have been recognised as a critical aspect of the success of IT development projects (Taylor 2007), and risks have been classified as arising from business or operational aspects. The foreseen risks during the implementation of operations are primarily watched for (Dey 2010). However, there should be an optimal balance without ignoring any trait at any phase of the project, because operational risks affect explicit work activities whereas business risks affect the project as a whole.
Relationship between knowledge-based risk and risk identification
Recently, the project RM process was broken down into five steps: identify, assess (estimate and evaluate), plan, implement and communicate (Tomanek & Juricek 2015). In another study, three essential KM philosophies related to RM were stated: business emphasis, responsibility and functioning backing (Caldwell 2008). The three KM philosophies can be applied to knowledge RM to create risk intelligence. Business emphasis includes five steps: (1) start with important business risks, (2) rank the business risks based on their significance to the business plan, (3) classify information sources for the high-risk business areas, (4) recognise at-risk information sources by establishing what information is important to the business process and (5) create risk-mitigation plans. Moreover, the use of KM in RM requires on the one hand, the identification and improvement of knowledge processes and, on the other hand, the identification of the essential knowledge that a knowledge worker needs, predominantly the risk modelling knowledge (Rodriguez & Edwards 2008). It has also been stated that software risk assessment is the process of identifying, analysing and prioritising risks that affect the project (Sharif et al. 2014). To prevent or reduce the influence of a risk, a necessary step is to identify the risk factors that can cause fatal effects to the project. Therefore, the risk identification process discovers what conceivable risks may influence the project and reports their attributes (Project Management Institute [PMI] 2013). Causes of risk and potential results should be recognised before they can be alleviated (Kayis et al. 2007). Therefore, the knowledge-based risk capture (KBRC) process discovers risks from lessons learned, preceding reports, in additional to comparable occurrences and pertinent articles, categorising them as unambiguous knowledge. In terms of tacit knowledge, this procedure shows that the main role in capturing risks from persons depends on their skills.
The results of the capturing process are stored in an explicit format that includes a list of all the recognised risks, which must be made available to involved workers. In addition, throughout this phase the past and present RM circumstances and risk state information are captured. This assists in making a project risk outline that covers all the individual risk outlines and risk situations (‘Systems and software engineering – Life cycle processes – risk management’, 2006).
Moreover, based on the project context, the risks inherent in an organisation, product and process are ascertained using the risk identification module. The analysis of the risk identification module utilises expert systems technology, where the rules are formulated using the captured knowledge. In addition to classifying possible risks, the rules contained in this module will determine the intensities of risks (Lee 2014). Project risk identification includes the review of project data from any source of information that allows for the recognition of a potential risk problem (Mousavi, Hashemi & Mojtahedi 2014). This information includes risk identification techniques and key project documents, such as questionnaires, checklists, brainstorming, expert judgement, cost analysis, scope definitions and any other relevant documentation about the project and its purpose.
The final output of the risk identification process is comprised of full documentation, which includes the IT project, the environment surrounding the IT project and project objects. The result is an IT risk project profile (Alhawari et al. 2012). Additionally, in the risk identification process, knowledge discovery supports the identification of new risks linked with a specific project or organisation (Alhawari et al. 2012). Controlling risks suitably requires classifying the basis of all risk, which might contain diverse samples, such as scientific content, environment connections, restrictions, and procedure and implementation methods (Cornford 1998).
Finally, each process within RM increases the likelihood of fruitful execution. A company that incorporates RM into a management system can achieve better results and make more rational strategic decisions (Dimitrijevic & Dakic 2014).
Research model and hypothesis development
The researchers had to decide the first on the conceptualisation, which is essential to the definition of the constructs and what they represent. The research model of this article includes four constructs, which can be dependent, mediated or independent constructs. These constructs are based on the proposed model of the impact of knowledge-based risk processes on knowledge-based risk repositories and risk identification. To organise the hypothetical research model, several hypotheses were formulated that could be examined; the goal was to test for a direct and indirect connection between concepts.
The purpose of providing guidelines for the selection of a risk identification process is to select the most relevant aspects characterising the project. Therefore, the theoretical contribution of this article is the proposed model, which explains the main process related to knowledge-based risk processes, knowledge-based risk repositories and their effect on risk identification.
The modern scientific method is a combination of empirical and theoretical research. This article focuses on an empirical approach using surveys to test predictions of the theory and to support or disprove it. In contrast, previously published papers are only theoretical.
One of the biggest challenges to actual project RM is the suitable identification of risks. Projects often have a diversity of indications, circumstances and actions that specify the occurrence of a risk. Additionally, one of the greatest essential results of the risk identification process is the improvement of risk prototypes. Knowledge-based risk capture and knowledge-based risk discovery support risk identification; the lack of documentation on the success or failure of past experiences is one of the main reasons for inefficient risk identification A knowledge-based risk repository can be linked to knowledge-based risk capture and knowledge-based risk discovery to support earlier discovery of risks for a specific project.
Tying in with a previous study, we suggest a model in this article to highlight the causal relationships between two knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) and knowledge-based risk repositories to effectively support risk identification. In this article, knowledge-based risk repositories show a mediating role in the relationship between knowledge-based risk processes and risk identification. The research model is presented in Figure 1.
 |
FIGURE 1: Model of the impact of knowledge-based risk process on knowledge-based risk repository and risk identification. |
|
Construct measurements
Figure 1 includes four constructs (knowledge-based risk capture, knowledge-based risk discovery, knowledge-based risk repositories and risk identification). As stated, risk identification has become the number one emphasis within project environments. This illustration will be explained thoroughly in this section.
The scales used to measure the research constructs were drawn from the existing literature review on knowledge-based risk processes, knowledge-based risk repositories and risk identification. Table 3 shows the research constructs and items. The constructs are described as follows. In knowledge-based risk capture, the construct is described as grabbing both the explicit and tacit knowledge within persons and artefacts (Becerra-Fernandez, Gonzalez & Sabherwal 2004). Its main mechanisms are externalisation and internalisation. Externalisation involves changing tacit knowledge into explicit knowledge through numerous tools, such as models, best practices and educations (Becerra-Fernandez et al. 2004). Four items were used to measure this construct; see Table 3.
In knowledge-based risk discovery, the construct is described as the growth of fresh tacit or explicit knowledge from the fusion of previous knowledge (Becerra-Fernandez et al. 2004). Knowledge-based risk discovery creates by determining organisational knowledge connected to IT projects or any extra kind of project through the distribution of tacit knowledge. Four items were used to measure this construct; see Table 3.
In knowledge-based risk repositories, the construct is described as valuable knowledge for risk breakdown appropriate to an extensive diversity of forthcoming projects (Karadsheh et al. 2008). Moreover, knowledge-based risk repositories deliver support for knowledge safety RM personalisation. A personalisation strategy can be valuable for discovering who sees what. Four items were used to measure this construct (see Table 3).
In risk identification, the construct is described as the procedure of defining the potential risks that might affect a project and recording their features (PMB 2004). Bases of risk and likely consequences need to be recognised before they can be acted upon (Kayis et al. 2007). Four items were used to measure this construct; see Table 3.
There are many major advantages to testing and studying the relationships of these key constructs. Several previous studies have investigated RM and knowledge management theoretically (Alhawari et al. 2012; Becerra-Fernandez et al. 2004; Caldwell 2008; Karadsheh et al. 2008; Massingham 2010). In addition, there is a lack of research investigating and testing the appropriateness of risk identification concerning knowledge-based risk processes and knowledge-based risk repositories. This research addresses the absence of studies linking knowledge-based risk processes, knowledge-based risk repositories and risk identification.
This research tries to link knowledge-based risk processes and knowledge-based risk repositories to investigate whether there is an impact on risk identification. Additionally, this research tests hypotheses and clarifies the nature of convinced relations. It finds the alterations amongst collections or the independence of two or added elements in a situation (Zikmund et al. 2013). This article is explanatory in nature because its goal is to examine hypotheses of the influence of independent elements on a dependent element. It also clarifies the nature of certain relationships between different elements; to this end, the researchers presented seven hypotheses, which define all relationships in the study model.
Conceptually, knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery), knowledge-based risk repositories and risk identification have been widely embraced by businesses. Many organisations have initiated models to improve risk identification. The researchers introduced seven hypotheses describing all relations in the research model. The research hypotheses are as follows:
Firstly, we discuss the direct effects of knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) and risk identification in H1. The two sub-hypotheses are as follows:
H1.1: Knowledge-based risk capture has a positive impact on risk identification at α ≤ 0.05.
H1.2: Knowledge-based risk discovery has a positive impact on risk identification at α ≤ 0.05.
Secondly, we discuss the direct effects of knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) and knowledge-based risk repositories in H2, with the following two sub-hypotheses:
H2.1: Knowledge-based risk capture has a positive impact on knowledge-based risk repositories at α ≤ 0.05.
H2.2: Knowledge-based risk discovery has a positive impact on knowledge-based risk repositories at α ≤ 0.05.
Thirdly, we test the direct relation between knowledge-based risk repositories and risk identification in H3:
H3: Knowledge-based risk repository has a positive impact on risk identification at α ≤ 0.05.
Finally, an important aspect of knowledge-based risk processes is the indirect effects of knowledge-based risk processes mediated by knowledge-based risk repositories. The relationships between knowledge-based risk processes, knowledge-based risk repositories and risk identification are dealt with in H4. The underlying assumption is that knowledge-based risk processes will improve risk identification through the mediation of knowledge-based risk repositories. It is hypothesised that the impact of knowledge-based risk capture and knowledge-based risk discovery on risk identification is mediated by knowledge-based risk repositories. H4 is tested based on two sub-hypotheses:
H4.1: Knowledge-based risk repositories positively mediate the relation between knowledge-based risk capture and risk identification at α ≤ 0.05.
H4.2: Knowledge-based risk repositories positively mediate the relation between knowledge-based risk discovery and risk identification at α ≤ 0.05.
Research methodology
A quantitative research method using survey data was used to investigate how the Jordanian IT sector addresses knowledge-based risk processes and knowledge-based risk repositories in improving risk identification. The survey method essentially entails collecting numerical data to explain a particular phenomenon, and specific questions are well suited to be answered using quantitative methods. Moreover, stratified random sampling is nominated from the management level of 10 IT companies in this article.
Sample size
The targeted populations of this study (sample) are 10 IT companies out of 194 IT companies listed by the Jordanian Information and Communication Technology (ICT) Ministry. These ten companies were selected mainly based on the following criteria: out of the 194 companies registered, the ten selected companies employed more than 20 employees working in the fields of software and hardware, systems analysis and RM.
With the above selection criteria for the research population, the total number of employees working in the selected ten companies was approximately 250 employees. As per the chosen organisations in the research population, this article was based on 135 questionnaires. Table 1 shows a summary of the sample size.
Data analysis and result
Sample characteristics
The research sample in this article contains 105 males (77.8%) and 30 females (22.2%). The biggest cluster of staff (45 individuals or 33.3%) specified that their ages ranged between 31 and 35 years. The smallest cluster (18 individuals or 13.3%) of staff was less than 25 years. Furthermore, the biggest cluster of staff (49 individuals or 36.3%) specified that their area of specialisation was systems analysis. The smallest cluster showed a specialisation other than hardware and software, systems analysis and RM (17 individuals or 12.6%). Lastly, the biggest cluster of staff (69 individuals or 51.1%) specified that their years of experience ranged from 7 to 13 years. The smallest cluster of staff (4 individuals or 3%) specified that they had less than 1 year of experience. The demographic information is described in Table 2.
Test of hypotheses
To investigate all hypotheses connected to the suggested model, we used partial least squares (PLS) as an analytical method for the following reasons.
Firstly, PLS software is mostly attractive when the aim of the study is explanation and clarification of alternation of important objective elements (e.g. knowledge-based risk processes) by several explanatory elements (e.g. risk identification).
Secondly, the top journals in management classify all practical presentations by the analysis of PLS software.
Thirdly, PLS software is a prediction-oriented, variance-based method that emphasises endogenous objective elements in the model and objects to maximise their clarified variance (i.e. their R2 value), and mediation properties (Hair 2014). Numerous authors have used PLS software to discover mediation and complete impacts (i.e. the sum of direct and indirect impacts between several elements). Furthermore, PLS applied mediation examination by bootstrapping (Hair 2014) is particularly valuable when conforming assumptions have been expressed (Sattler et al. 2010).
A last note of attention concerns the excellence of measurement modelling tools such as PLS software. Researchers of necessity attempt to make a very reliable measurement of the mediation element; otherwise, incorrect assumptions might be drawn (Henseler 2012). The research model was tested using the PLS method and used the software application SmartPLS 2.0. Partial least squares was chosen primarily because it can model latent constructs under non-normality and small to medium sample sizes (Hair 2014).
Steps of partial least squares
The PLS technique was used in this article using two stages (Anderson & Gerbing 1988). The first phase examined the content, convergent and discriminant validity of variables, while the second phase examined all hypotheses connected to the suggested model.
The reliability and validity of the model
The reliability and validity of the model should be assessed, specifically the factor loadings, Cronbach’s alpha, composite reliability (CR) and average variance extracted (AVE). The path loadings (factor analysis results) for the research model are depicted in Figure 2.
The reliability and validity of the model were tested using a structural equation modelling approach with PLS based on the suggested model in Figure 1.
Based on Table 3, the operationalisation of the construct refers to the translation process from the abstract meaning of the construct to tangible and measurable items. The identification of operationalisation is a critical issue that needs to be addressed. Subsequently, the operationalisation of each construct is discussed within the domain of statistical analysis. The operationalisation process of the model variables utilises a set of statistical techniques.
| TABLE 3: The reliability and validity of the model. |
Additionally, Cronbach’s alpha is applied to measure internal consistency (Hair et al. 2009). Note that the construct reliability can be accepted if the Cronbach’s alpha value for each construct is equal to or greater than 0.76. In addition, the reliability of constructs can be accepted if the Cronbach’s alpha value for each construct is equal to or greater than 0.60 (Saunders, Lewis & Thornhill 2015). As presented in Table 3, the Cronbach’s alpha values for all constructs ranged from 0.74 to 0.80. Thus, each item is internally consistent, externally consistent and accepted based on the orientation of Saunders et al. (2015).
Finally, CR and AVE analyses were applied to examine the convergent validity of all constructs in the suggested model. Fornell and Larcker (1981) recommended that the value of CR for all essential variables is bigger than 0.70, whereas the value of AVE essentials is bigger than 0.50 to accept convergent validity. As presented in Table 3, the AVE for all constructs of the suggested model is above 0.5; consequently, convergent validity can be accepted based on the orientation of Fornell and Larcker (1981). The CR values of all constructs of the suggested model exceed 0.7; accordingly, convergent validity can be accepted based on the orientation of Fornell and Larcker (1981).
R-squared test
The outcomes of the path quantity method for the suggested model use the R-squared value. See Table 4.
Based on Table 4, the R-squared assessment for the construct (i.e. risk identification) without mediation is 0.34, exceeding 25%, which specified a suitable and recognisable forecast level in an experimental paper (Gaur & Gaur 2006). In addition, the R-squared assessment for the construct (i.e. risk identification) through mediation is 0.41, exceeding 25%, suitable based on the orientation by Gaur and Gaur (2006). The measurement growth in the R-squared value is 7% (from 34% to 41%) once the knowledge-based risk repositories are applied as a mediation construct in the relation amongst knowledge-based risk processes and risk identification. Moreover, the most significant goal construct overall is risk identification, which displays an R-squared assessment exceeding 0.41 (i.e. the model explains overall risk identification by 41%). The high R-squared assessment confirms the suggested model’s predictive validity based on the orientation of Hair et al. (2009).
Hypothesis testing
We used a regular examination of the suggested model to offer a complete description of our outcomes and to examine all hypotheses by bootstrapping with smart PLS to find the T-value.
Firstly, it was necessary to find the T-value for knowledge-based risk processes on risk identification without the mediation of knowledge-based risk repositories. The T-value for the suggested model is shown in Figure 3. Based on Figure 3, the authors found the T-value by PLS to examine the effect of the hypotheses associated with knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) on risk identification without the mediation of knowledge-based risk repositories. Table 5 displays a summary of the outcome. Referring to Table 5, the T-value amongst knowledge-based risk capture and risk identification is 0.68 and does not exceed 1.65. Therefore, it is not significant at α ≤ 0.05. Furthermore, the value of beta is –0.06, which specifies that the modification of one part in knowledge-based risk capture will yield a modification of –0.06 in risk identification. These outcomes do not back hypothesis H1.1: knowledge-based risk capture has a positive impact on risk identification at α ≤ 0.05.
 |
FIGURE 3: Bootstrapping the T-value for knowledge-based risk processes on risk identification without mediation of knowledge-based risk repository. |
|
| TABLE 5: Test results for H1.1 and H1.2. |
Finally, referring to Table 5, the T-value is 1.5 amongst knowledge-based risk discovery and risk identification, which does not exceed 1.65. Therefore, it is not significant at α ≤ 0.05. Furthermore, the value of beta is –0.07, which specifies that the modification of one part of knowledge-based risk discovery will yield a modification of –0.07 in risk identification. These outcomes do not back hypothesis H1.2: knowledge-based risk discovery has a positive impact on risk identification at α ≤ 0.05.
Secondly, we need to find the T-value for knowledge-based risk processes on risk identification with the mediation of knowledge-based risk repositories. The T-value for the suggested model is represented in Figure 4.
 |
FIGURE 4: Bootstrapping (T-value) for knowledge-based risk processes on risk identification with mediation of knowledge-based risk repository. |
|
As shown in Figure 4, we found the T-value using smart PLS to examine all hypotheses associated with knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) and knowledge-based risk repositories. Table 6 displays a summary of the outcomes. Also, as shown in Figure 4, we used the T-value from smart PLS to examine the hypothesis associated with the knowledge-based risk repositories and risk identification. Table 6 shows a summary of the results.
| TABLE 6: Test results for H2.1, H2.2 and H3. |
Referring to Table 6, the T-value between knowledge-based risk capture and knowledge-based risk repositories is 2.7, exceeding 1.65. Therefore, it is significant at a α ≤ 0.05. Additionally, the value of beta is 0.24, which specifies that the modification of a single component in knowledge-based risk capture will cause a modification of 0.24 in knowledge-based risk repositories. These outcomes back hypothesis H2.1: knowledge-based risk capture has a positive impact on knowledge-based risk repositories at α ≤ 0.05.
Additionally, referring to Table 6, the T-value between knowledge-based risk discovery and knowledge-based risk repositories is 5.0, exceeding 1.65. Therefore, it is significant at α ≤ 0.05. Moreover, the value of beta is 0.42, which specifies that the modification of one part in knowledge-based risk discovery will cause an alteration of 0.42 in knowledge-based risk repositories. These outcomes back hypothesis H2.2: knowledge-based risk discovery has a positive impact on knowledge-based risk repositories at α ≤ 0.05.
Finally, in Table 6, the T-value amongst knowledge-based risk repositories and risk identification is 8.2, exceeding 1.65. Therefore, it is significant at α ≤ 0.05. Additionally, the value of beta is 0.70, which specifies that the modification of a single component in knowledge-based risk repositories will cause a modification of 0.48 in risk identification. These outcomes back hypothesis H3: knowledge-based risk repositories have a positive impact on risk identification at α ≤ 0.05.
Referring to Table 7, the T-value amongst knowledge-based risk capture and knowledge-based risk repositories is 2.7, exceeding 1.65. Therefore, it is significant at α ≤ 0.05. In addition, the T-value between knowledge-based risk capture and risk identification is 8.2, which exceeds 1.65. Therefore, it is significant at α ≤ 0.05.
| TABLE 7: Test results for H4.1 and H4.2. |
Besides, the value of beta for the indirect impact is 0.168, which specifies that the modification of a single component in knowledge-based risk capture and knowledge-based risk repositories will cause a modification of 0.168 in risk identification. These results back hypothesis H4.1: knowledge-based risk repositories positively mediate the relation amongst knowledge-based risk capture and risk identification at α ≤ 0.05. Accordingly, knowledge-based risk repositories fully mediate the relation amongst knowledge-based risk capture and risk identification in the Jordanian IT sector.
The empirical outcomes reached through PLS and structural path analysis offer practical provision to the article’s major arguments and the proposed model. Firstly, the practical outcomes stressed that IT industries must consider knowledge-based risk capture, mediated by knowledge-based risk repositories, and competences as mechanisms of their risk identification. While such outcomes offer practical provision to the suggested description and operationalisation of the suggested model in this article, they should be explained within the context of the Jordanian information technology industry. The structural path analysis offers practical provision for the hypotheses suggested in the model.
Empirically supporting this hypothesis, the findings of the structural path analysis indicated a positive relationship amongst knowledge-based risk capture, mediated by knowledge-based risk repositories, and risk identification. Such outcomes are confirmed by previous theoretical research (Alhawari et al. 2012; Massingham 2010). However, previous studies have delivered very limited empirical insight into the impact of knowledge-based risk capture on risk identification, as mediated by knowledge-based risk repositories (Becerra-Fernandez et al. 2004; Caldwell 2008; Karadsheh et al. 2008). The implication for Jordanian IT industries is that they may need to pursue a joint strategy aimed at managing knowledge-based risk capture and knowledge-based risk repositories to improve risk identification.
Additionally, referring to Table 7, the T-value between knowledge-based risk discovery and knowledge-based risk repositories is 5.0, exceeding 1.65. Therefore, it is significant at α ≤ 0.05. Moreover, the T-value amongst knowledge-based risk discovery and risk identification is 8.2, exceeding 1.65. Consequently, it is significant at α ≤ 0.05. Moreover, the value of beta for the indirect impact is 0.294, which specifies that the modification of a single component in knowledge-based risk discovery and knowledge-based risk repositories will cause a modification of 0.294 in risk identification. These results back hypothesis H4.2: knowledge-based risk repositories positively mediate the relation between knowledge-based risk discovery and risk identification at α ≤ 0.05. Thus, knowledge-based risk repositories fully mediate the relation amongst knowledge-based risk discovery and risk identification in the Jordanian IT sector.
The practical outcomes reached through PLS and structural path analysis provide practical support for the article’s major opinions and the suggested model. Firstly, the practical outcomes stressed that IT industries must consider knowledge-based risk discovery, mediated by knowledge-based risk repositories, and competences as mechanisms of their risk identification. While such results deliver practical support to the suggested description and operationalisation of the suggested model, they should be clarified within the framework of the Jordanian IT business. The structural path analysis provides empirical support for the hypotheses proposed in the model.
Based on practical evidence, the conclusions of the structural path analysis showed a positive relationship between knowledge-based risk discovery and risk identification, which is mediated by knowledge-based risk repositories. Such findings are consistent with previous practical research (Alhawari et al. 2012; Massingham 2010). However, previous studies have provided very limited practical insight into the impact of knowledge-based risk capture on risk identification, as mediated by knowledge-based risk repositories (Becerra-Fernandez et al. 2004; Caldwell 2008; Karadsheh et al. 2008). Jordanian IT organisations might be forced to chase a mutual strategy aimed at managing knowledge-based risk capture and knowledge-based risk repositories to develop risk identification.
The modern technique is a combination of practical and theoretical research. This article is different from previous articles published by the same authors because it focuses on a practical method using surveys to test forecasts of the theory and to support or disprove it. In contrast, the previous published articles were only theoretical.
Model implementation
To understand the proposed model, we attempt to explain how the model can be implemented. The purpose of this attempt is to judge the applicability and helpfulness of the proposed model based on the hypothesis results.
Once a project is chosen, the project team will attempt to identify the risk(s) specific to the project. During the risk identification phase, the project team will access the database to identify the applicable risk(s) for the new project. The selected risks can be retrieved from the knowledge-based risk repository (KBRR) KBRR and captured or discovered directly during the knowledge capture and discovery phases. Risks can be collected using a variety of methods and techniques, such as lesson-learned brainstorming, experience, interviews and self-assessments, facilitated workshops, strengths, weaknesses, opportunities and threats (SWOT) analysis and scenario analysis.
Furthermore, the role of the KBRR is vital to current and future projects’ success. The KBRR is the main database of projects. The proposed model allows for the collection of a large number of risks through knowledge capture and discovery, which are then stored in the KBRR. As stated before, the risks can be collected from different sources by team members. Then risks can be classified, mapped to previous projects and stored in the repository after review and approval by the project committee. The project team ensures that during and after any project, any risks discovered or captured will be stored in the KBRR for future use. The KBRR contains projects and assigned risks, which can be used by the project team to evaluate any similarities to the existing project, saving the company money and time.
In summary, during the risk identification phase, the project team can evaluate risks by accessing the KBRR directly or executing knowledge-based risk capture and discovery using techniques and methods adopted by their company. Therefore, the relationships between risk identification, the KBRR and knowledge-based risk capture and discovery are relevant to all project phases and are adaptable to diverse types of projects and companies.
Implications of the findings and theoretical contributions
The importance of this article stems from the significance of the knowledge-based risk processes and the impact of knowledge-based risk repositories on the risk identification. Furthermore, the IT sector has been distinctly recognised as a standout amongst the most rapidly developing areas in Jordan.
The latest research publications were examined, and based on our knowledge, the impact was not investigated effectively of the knowledge-based risk research on the identification of risks and processes of knowledge-based risk capture and risk discovery, which is arbitrated by risk repositories of knowledge within the IT sector in Jordan.
Every organisation considers knowledge-based risk processes as a critical component of RM. Because of different processes involved in identifying risks, it has become obligatory to acknowledge certain elements of these processes and implement the right type of risk identification.
However, adapting several risk identification processes with similar concepts without depending on knowledge could result in almost identical outcomes. As a result, management obtains better perceptions of the risk identification process, which can facilitate anticipating deficiencies and managing risk identification in an exceptional matter in every aspect of projects in reference to the knowledge process.
Another interesting aspect is the diversity of risk identification elements in which some elements do not reflect on the roles of knowledge processes often identified in risk identification computation, as an example knowledge-based risk capture and knowledge-based risk discovery. Additionally, some elements do not include components or links to knowledge (knowledge-based risk repositories) content. As a result, the similarity of dissimilar forms of knowledge RM will increase. As a result, the similarity of dissimilar forms of knowledge RM will increase which is recommended for practitioners. This in that manner implies recommendations for practitioners. As stated previously, knowledge is becoming a major and strategic asset in all IT projects in identifying risks. Therefore, knowledge-based risk elements reconciled through knowledge-based risk repositories will allow managers to correctly evaluate possible threats to the recognised initiatives. Once threats are identified, the risk elements can guide management in the direction of solid aspects of the organisation, which are controllable by management.
This research explored how the implementation of knowledge-based risk repositories with knowledge-based risk processes can expand the execution of risk identification in IT projects utilised by IT project companies. This study is applicable to companies employing knowledge-based risk processes, knowledge-based risk repositories and risk identification.
The direct and indirect impacts amongst the two domains of knowledge-based risk processes (knowledge-based risk capture and knowledge-based risk discovery) constitute the first attempt in research to help clarify how the combinations lead to identifying elements of knowledge-based risk repositories to mature risk identification in IT projects, which paves the way for future research.
The unpleasant consequences of project RM all pertain to knowledge, which is the central part of project RM. The risk identification factors are scheduling, budgeting and functionalities. However, for knowledge-based risk processes, unpleasant consequences are usually related to repository of knowledge, capture and discovery. These risks can directly challenge our capability to apprehend, discover, represent and store knowledge to apply risk identification within IT projects and to deal with schedule deficiencies if risk is identified.
Knowledge-based risk processes nowadays get more consideration because of the affirmation that learning from the past will for the most part help directors in IT projects use sound judgement in uncertain circumstances.
Limitations and future study
Nonetheless, this research has a few impediments, which offer open doors for forthcoming research. We perceive that this investigation is close to an initial move toward a hypothetical and empirical investigation in the region of knowledge-based risk processes, knowledge-based risk repositories and risk identification.
To achieve our definitive goal, we need to conquer a few basic constraints, which ought to be tended to in future investigations. To begin with, the outcomes cannot be generalised on the grounds that the investigation centres around IT organisations in Jordan. Moreover, this exploration should be conducted in another nation and utilise huge IT organisations in Jordan for testing size purposes. Thirdly, a beneficial area for future research would be to reproduce the investigation described in other business sectors, for example, banks and industries, and to compare the corresponding results with the results of this study.
The article additionally has an extensive number of intriguing issues that would require further research to improve the predictive power of the model suggested. One noteworthy direction for additional research could be to recreate this article over an increased range of nations in bigger establishments for similar purposes. Additionally, an international study amongst IT organisations in Jordan and different nations would add valuable knowledge to the experiment.
Conclusion
This article uncovered the components that impact risk identification in knowledge-based risk processes and knowledge-based risk repositories. The article provided dependable gears for important features in the analysis of knowledge-based risk processes and knowledge-based risk repositories and has vital insinuations for the application of risk identification. In this article, we set out to examine the factors affecting the success of knowledge-based risk processes within Jordan’s IT corporations. One of the most noteworthy discoveries is the relative strength of the causal relation by which knowledge-based risk repositories mediate the relation between knowledge-based risk capture and risk identification.
The most substantial finding is the relative strength of the causal relation by which knowledge-based risk repositories mediate the relation amongst knowledge-based risk discovery and risk identification. The main conclusion of this article is that knowledge-based risk processes, such as knowledge-based risk capture and knowledge-based risk discovery, have a significant impact on risk identification, which is mediated by knowledge-based risk repositories. The present article provides valuable knowledge to directors in IT organisations in Jordan by suggesting a model that defines the integration between knowledge-based risk processes and knowledge-based risk repositories to improve the risk identification process in Jordanian IT organisations.
Acknowledgement
Authors’ contributions
A.N.T. is the corresponding author and was responsible for the literature review and article completion. L.K. contributed to the reviewing and searching for the latest articles related to the risk identification. S.A. was responsible for the research survey design, data analysis and responsible for the experimental and paper design. H.H. performed data collection and made conceptual contributions.
References
Alhawari, S., Karadsheh, L., Talet, A., Talet, N. & Mansour, E., 2012, ‘Knowledge-based risk management framework for information technology project’, International Journal of Information Management 32(1), 50–65. https://doi.org/10.1016/j.ijinfomgt.2011.07.002
Aloini, D., Dulmin, R. & Mininno, V., 2012, ‘Modelling and assessing ERP project risks: A Petri Net approach’, European Journal of Operational Research 220(2), 484–495. https://doi.org/10.1016/j.ejor.2012.01.062
Anderson, J.C. & Gerbing, D.W., 1988, ‘Structural equation modeling in practice: A review and recommended two-step approach’, Psychological Bulletin 103(3), 411–423.
Becerra-Fernandez, I., Gonzalez, A., & Sabherwal, R., 2004 Knowledge Management: Challenges, Solutions, and Technologies, Prentice Hall, Upper Saddle River, NJ, USA.
Cagliano, A.C., Grimaldi S. & Rafele C., 2015, ‘Choosing project risk management techniques: A theoretical framework’, Journal of Risk Research 18(2), 232–248. https://doi.org/10.1080/13669877.2014.896398
Caldwell, F., 2008, ‘Risk intelligence: Applying KM to information risk management’, Journal of VINE 38(2), 163–166. https://doi.org/10.1108/03055720810889798
Cornford, S., 1998, Managing risk as a resource using the defect detection and prevention process, s.n., New York.
Denas, S., 2015, ‘Risk analysis using earned value: An engineering project management study’, International Journal of Risk and Contingency Management 4(3), 22–33. https://doi.org/10.4018/IJRCM.2015070102
Desai, V., 2015, ‘Risk analysis using simulation software applied on a road infrastructure project’, International Journal of Risk and Contingency Management 4(1), 53–62. https://doi.org/10.4018/ijrcm.2015010104
Dey, P.K., 2010, ‘Managing project risk using combined analytic hierarchy process and risk map’, Applied Soft Computing 10, 990–1000. https://doi.org/10.1016/j.asoc.2010.03.010
Didraga, O., 2013, ‘The role and the effects of risk management in IT projects success’, Informatica Economica 17(1), 86–98. https://doi.org/10.12948/issn14531305/17.1.2013.08
Dimitrijevic, L.R. & Dakic, J.D., 2014, ‘The risk management in higher education institutions’, Online Journal of Applied Knowledge Management 2(1), 137–152.
Fornell, C. & Larcker, D.F., 1981, ‘Evaluating structural equations models with unobservable variables and measurement error’, Journal of Marketing Research 18(1), 39–50. https://doi.org/10.2307/3151312
Fuller, M.A., Valacich, J.S. & George, J.F., 2010, Information systems project management: A process and team approach, Prentice Hall, s.l.
Gaur, A.S. & Gaur, S.S., 2006, Statistical methods for practice and research: A guide to data analysis using SPSS, Sage, Thousand Oaks, CA.
Hair, J.F., Black, B., Babin, B., Anderson, R.E. & Tatham, R.L., 2009, Multivariate data analysis, 6th edn., Upper Saddle River, NJ: Pearson Prentice Hall, USA.
Hair, J., Ringle, C. & Sarstedt, 2014, A primer on Partial Least Squares Structural Equation Modeling (PLS-SEM), Sage, London.
Henseler, J., Fassott, G., Dijkstra, T.K., & Wilson, B., 2017, ‘Analysing quadratic effects of formative constructs by means of variance-based structural equation modelling’, European Journal of Information Systems 21(1), 99–112. https://doi.org/10.1057/ejis.2011.36
Holsapple, C. & Joshi, K., 2002, ‘Knowledge management: A three-fold framework’, The Information Society 18(1), 47–64. https://doi.org/10.1080/01972240252818225
Karadsheh, L., Alhawari, S., El-Bathy, N. & Hadi, W., 2008, Incorporating knowledge management and risk management as a single process, s.n., Las Vegas, NV.
Kayis, B., Zhou, M., Savci, S., Khoo, Y.B., Ahmed, A. & Kusumo, R., 2007, ‘IRMAS-development of a risk management tool for collaborative multi-site, multi-partner new product development projects’, Journal of Manufacturing Technology Management 18(4), 387–414. https://doi.org/10.1108/17410380710743770
Lee, S.Y., 2014, ‘Intelligent risk mapping and assessment system’, International Journal of Security and Its Application 8(3), 119–124.
Massingham, P., 2010, ‘Knowledge risk management: A framework’, Journal of Knowledge Management 14(3), 464–485. https://doi.org/10.1108/13673271011050166
Mousavi, S., Hashemi, H. & Mojtahedi, S.A., 2014, ‘An integrated approach for risk assessment in port projects’, Advanced Computational Techniques in Electromagnetics 2014, 1–11. https://doi.org/10.5899/2014/acte-00171
Neef, D., 2005, ‘Managing corporate risk through better knowledge management’, Journal of the Learning Organization 12(2), 112–124. https://doi.org/10.1108/09696470510583502
Porananond, D. & Thawesaengskulthai, N., 2014, ‘Risk management for new product development projects in food industry’, Journal of Engineering, Project, and Production Management 4(2), 99–113.
Project Management Institute, 2004, A guide to the project management body of knowledge (PMBOK guide), Project Management Institute, Newtown Square, PA.
Project Management Institute, 2013, A guide to the project management body of knowledge: (PMBOK® Guide), 5th edn., Project Management Institute, Newtown Square, PA,USA.
Rodriguez, E. & Edwards, J., 2008, Before and after modeling: Risk knowledge management is required, s.n., Chicago, IL.
Sadaba, A.M., Ezcurdia, A.P., Lazcano, A.M.E. & Villanueva, P., 2014, ‘Project risk management methodology for small firms’, International Journal of Project Management 32, 327–340. https://doi.org/10.1016/j.ijproman.2013.05.009
Sattler, H., Veolckner, F., Riediger, C. & Ringle, C.M., 2010, ‘The impact of brand extension success factors on brand extension price premium’, International Journal of Research in Marketing 27(4), 319–328. https://doi.org/10.1016/j.ijresmar.2010.08.005
Saunders, M., Lewis, P. & Thornhill, A., 2015, Research methods for business students, Prentice Hall, Harlow, Essex.
Schwalbe, K., 2014, Information technology project management, Course Technology, Thomson Learning, Boston, MA.
Serpella, A., Ferrada, X., Howard, R. & Rubio, L., 2014, ‘Risk management in construction projects: A knowledge-based approach’, Procedia - Social and Behavioral Sciences 119, 653–662.
Sharif, A.M., Basri, S. & Ali, H.O., 2014, ‘Strength and weakness of software risk assessment tools’, International Journal of Software Engineering and Its Applications 8(3), 389–398.
Tah, J. & Carr, V., 2001, ‘Towards a framework for project risk knowledge management in the construction supply chain’, Advances in Engineering Software 32, 835–846. https://doi.org/10.1016/S0965-9978(01)00035-7
Taylor, H., 2007, ‘Outsourced IT projects from the vendor perspective: Different goals, different risks’, Journal of Global Information Management 15(2), 1–27. https://doi.org/10.4018/jgim.2007040101
Tomanek, M. & Juricek, J., 2015, ‘Project risk management model based on Prince2 and Scrum Frameworks’, International Journal of Software Engineering and Applications 6(1), 81–88. https://doi.org/10.5121/ijsea.2015.6107
Zikmund, W.G., Babin, B.J., Carr, J.C. & Griffin, M., 2013, Business research methods, Cengage Learning, South-Western, Canada.
|
Hide
Show all
Email this article (Login required)
