Risk management in IT projects - a case of the South African public sector

Purpose - The purpose of this paper is to study the recognition, application and understanding (status) of risk management in information technology (IT) projects in the South African public sector and thus contribute to the research gap. Design/methodology/approach - A quantitative approach in the form of a survey design was adopted, with data being collected through a questionnaire. The results from the study are compared to the theory and practice of risk management before drawing conclusions on the status of risk management in IT projects. Findings - The findings provide significant statistical support for the conclusion that risk management is being applied in current IT projects and that it is understood by the respective project clients. Research limitations/implications - Though risk management has been studied by several authors, very little is known about its status in the South African public sector. This study sheds light on its application in IT projects and its understanding by IT project clients. Practical implications - The study findings encourage project executives to develop knowledge bases for risk management in IT projects, as well as the corresponding tools. This will ultimately assist in knowledge sharing, which increases chances of IT project success. Importantly, the study also highlights that the relationship between project clients and project teams can be accelerated through knowledge sharing and continuous project communication. Originality/value - The research addresses one of the questions held by many scholars on the status of risk management in IT projects. It advances the recognition of risk management as a knowledge base and the practical implications thereof.