Systemic risk might jeopardize your IT project portfolio: A qualitative evaluation of risk measures

Amend, Julia; Guggenmos, Florian; Urbach, Nils; FRIDGEN, Gilbert

doi:10.12821/ijispm130301

Download

Article (Scientific journals)

Systemic risk might jeopardize your IT project portfolio: A qualitative evaluation of risk measures

Amend, Julia; Guggenmos, Florian; Urbach, Nils et al.

2025 • In International Journal of Information Systems and Project Management, 13 (3), p. 1-32

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/10993/67118

DOI
10.12821/ijispm130301

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

ijispm-130301.pdf

Author postprint (1.05 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

IT portfolio; IT project; systemic risk; risk measure; qualitative evaluation

Abstract :

[en] IT project portfolios consist of various projects which depend on each other. Including additional IT projects, which are interdependent with existing ones, affects the IT portfolio’s systemic risk, which arises from these interdependencies. To handle this risk, organizations must quantitatively analyze the systemic risk of their IT portfolio. However, an overview and evaluation of risk measures for quantitatively analyzing systemic risk in IT portfolios has been missing. In our study, we first conducted a structured literature review to identify risk measures. We then determined evaluation criteria based on mathematical considerations on how risk measures can be modeled and insights from our literature review. Subsequently, we performed a qualitative, criteria-based evaluation to clarify which risk measure fits specific use cases. Finally, we delineated our findings as three recommendations. Our research supports organizations in better analyzing systemic risk in their IT portfolios by selecting the most appropriate risk measure according to their data or use case, contributing to a more successful IT portfolio management.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > APSIA - Applied Security and Information Assurance
NCER-FT - FinTech National Centre of Excellence in Research

Disciplines :

Management information systems
Computer science

Author, co-author :

Amend, Julia

Guggenmos, Florian

Urbach, Nils

FRIDGEN, Gilbert ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX

External co-authors :

yes

Language :

English

Title :

Systemic risk might jeopardize your IT project portfolio: A qualitative evaluation of risk measures

Publication date :

2025

Journal title :

International Journal of Information Systems and Project Management

ISSN :

2182-7796

eISSN :

2182-7788

Publisher :

University of Minho

Volume :

Issue :

Pages :

1-32

Peer reviewed :

Peer Reviewed verified by ORBi

Focus Area :

Security, Reliability and Trust

Development Goals :

9. Industry, innovation and infrastructure

Additional URL :

https://revistas.uminho.pt/index.php/ijispm/article/download/6706/7454

FnR Project :

FNR16570468 - NCER-FT - 2021 (01/03/2023-28/02/2025) - Gilbert Fridgen

Available on ORBilu :

since 07 January 2026

Statistics

Number of views

12 (0 by Unilu)

Number of downloads

4 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

Acemoglu, D., Ozdaglar, A., & Tahbaz-Salehi, A. (2015). Systemic risk and stability in financial networks. American Economic Review, 105(2), 564–608.
Acharya, V. V., Pedersen, L. H., Philippon, T., & Richardson, M. (2017). Measuring Systemic Risk. The Review of Financial Studies, 30(1), 2–47.
Al-Ahmad, W., Al-Fagih, K., Khanfar, K., Alsamara, K., Abuleil, S., & Abu-Salem, H. (2009). A taxonomy of an IT project failure: root causes. International Management Review, 5(1).
Archer, N., & Ghasemzadeh, F. (1999). An integrated framework for project portfolio selection. International Journal of Project Management, 17(4), 207–216.
Ash, J., & Newth, D. (2007). Optimizing complex networks for resilience against cascading failure. Physica a: Statistical Mechanics and Its Applications, 380, 673–683.
Azhari, A., & Raharjo, T. (2023). A Systematic Literature Review on Digital Transformation Projects Discovering Project Goals and Problems. Journal of Theoretical and Applied Information Technology, 101(21), 6855–6870.
Baccarini, D., Salm, G., & Love, P. E. (2004). Management of risks in information technology projects. Industrial Management & Data Systems, 104(4), 286–295.
Bai, L., Han, X., Wang, H., Zhang, K., & Sun, Y. (2021). A method of network robustness under strategic goals for project portfolio selection. Computers & Industrial Engineering, 161.
Bai, L., Han, X., Zhang, Y., & Xie, X. (2023). Optimal Project Portfolio Selection Considering Cascading Failure Among Projects. IEEE Transactions on Engineering Management, 1–11.
Bathallath, S., Smedberg, Å., & Kjellin, H. (2016). Managing project interdependencies in IT/IS project portfolios: a review of managerial issues. International Journal of Information Systems and Project Management, 4(1), 67–82.
Beer, M., Fridgen, G., Müller, H.‑V., & Wolf, T. (2013). Benefits Quantification in IT Projects.
Beer, M., Wolf, T., & Zare Garizy, T. (2015). Systemic Risk in IT Portfolios – An Integrated Quantification Approach. In Proceedings of the 36th International Conference on Information Systems (ICIS), Fort Worth, Texas, USA.
Bonacich, P., & Lloyd, P. (2001). Eigenvector-like measures of centrality for asymmetric relations. Social Networks, 23(3), 191–201.
Brockmann, D., & Helbing, D. (2013). The hidden geometry of complex, network-driven contagion phenomena. Science, 342(6164), 1337–1342.
Buldyrev, S. V., Parshani, R., Paul, G., Stanley, H. E., & Havlin, S. (2010). Catastrophic cascade of failures in interdependent networks. Nature, 464(7291), 1025–1028.
Bürger, O., Häckel, B., Karnebogen, P., & Töppel, J. (2019). Estimating the impact of IT security incidents in digitized production environments. Decision Support Systems, 127, 113144.
Cooley, D. M., Galik, C. S., Holmes, T. P., Kousky, C., & Cooke, R. M. (2012). Managing dependencies in forest offset projects: Toward a more complete evaluation of reversal risk. Mitigation and Adaptation Strategies for Global Change, 17(1), 17–24.
Costantino, F., Di Gravio, G., & Nonino, F. (2015). Project selection in project portfolio management: An artificial neural network model based on critical success factors. International Journal of Project Management, 33(8), 1744–1754.
Crucitti, P., Latora, V., & Marchiori, M. (2004). Model for cascading failures in complex networks. Physical Review E, 69(4).
Curcio, D., Gianfrancesco, I., & Vioto, D. (2023). Climate change and financial systemic risk: Evidence from US banks and insurers. Journal of Financial Stability, 66, 101132.
Didrage, O. (2013). The Role and the Effects of Risk Management in IT Projects Success. Informatica Economica, 17(1), 86–98.
Drake, J. R., & Byrd, T. A. (2006). Risk in information technology project portfolio management. Journal of Information Technology Theory and Application, 8(3).
Eisenberg, L., & Noe, T. H. (2001). Systemic Risk in Financial Systems. Management Science, 47(2), 236–249.
Ellinas, C. (2019). The domino effect: an empirical exposition of systemic risk across project networks. Production and Operations Management, 28(1), 63–81.
Ellinas, C., Allan, N., Durugbo, C., & Johansson, A. (2015). How robust is your project? From local failures to global catastrophes: A complex networks approach to project systemic risk. PloS One, 10(11).
Ellinas, C., Allan, N., & Johansson, A. (2016). Project systemic risk: Application examples of a network model. International Journal of Production Economics, 182, 50–62.
Flyvbjerg, B., & Budzier, A. (2011). Why your IT project may be riskier than you think. Harvard Business Review, 89, 23–25.
Flyvbjerg, B., Budzier, A., Lee, J. S., Keil, M., Lunn, D., & Bester, D. W. (2022). The Empirical Reality of IT Project Cost Overruns: Discovering A Power-Law Distribution. Journal of Management Information Systems, 39(3), 607–639.
Freixas, X., Parigi, B. M., & Rochet, J.‑C. (2000). Systemic Risk, Interbank Relations, and Liquidity Provision by the Central Bank. Journal of Money, Credit and Banking, 32(3), 611.
Frey, T., & Buxmann, P. (2012). IT project portfolio management-a structured literature review. In Proceedings of the 20th European Conference on Information Systems (ECIS), Barcelona, Spain.
Fridgen, G., & Moser, F. (2013). Using IT fashion investments to optimize an IT innovation portfolio’s risk and return. Journal of Decision Systems, 22(4), 298–318.
Gao, J., Buldyrev, S. V., Havlin, S., & Stanley, H. E. (2011). Robustness of a network of networks. Physical Review Letters, 107(19), 195701.
Ghasemi, F., Sari, M. H. M., Yousefi, V., Falsafi, R., & Tamošaitienė, J. (2018). Project Portfolio Risk Identification and Analysis, Considering Project Risk Interactions and Using Bayesian Networks. Sustainability, 10(5), 1609.
Guan, D., Guo, P., Hipel, K. W., & Fang, L. (2017). Risk reduction in a project portfolio. Journal of Systemic Science and Systems Engineering, 26(1), 3–22.
Guggenmos, F., Hofmann, P., & Fridgen, G. (2019). How ill is your IT Portfolio?–Measuring Criticality in IT Portfolios Using Epidemiology. In Proceedings of the 40th International Conference on Information Systems (ICIS), Munich, Germany.
Guo, N., Guo, P., Dong, H., Zhao, J., & Han, Q. (2019). Modeling and analysis of cascading failures in projects: A complex network approach. Computers & Industrial Engineering, 127, 1–7.
Guo, N., Guo, P., Madhavan, R., Zhao, J., & Liu, Y. (2020). Assessing the Vulnerability of Megaprojects Using Complex Network Theory. Project Management Journal, 51(4), 429–439.
Ha, H., & Madanian, S. (2020). The potential of artificial intelligence in it project portfolio selection.
Häckel, B., & Hänsch, F. (2014). Managing an IT portfolio on a synchronised level, or: The costs of partly synchronised investment valuation. Journal of Decision Systems, 23(4), 388–412.
Häckel, B., Lindermeir, A., Moser, F., & Pfosser, S. (2017). Mindful engagement in emerging IT innovations. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 48(1), 53–74.
Häckel, B., Pfosser, S., Stirnweiß, D., & Voit, C. (2018). Determining optimal strategies for investments in an emerging IT innovation. In Proceedings of the European Conference on Information Systems (ECIS), Portsmouth, UK.
Hautsch, N., Schaumburg, J., & Schienle, M. (2015). Financial network systemic risk contributions. Review of Finance, 19(2), 685–738.
Hill, J., Thomas, L., & Allen, D. (2000). Experts’ estimates of task durations in software development projects. International Journal of Project Management, 18(1), 13–21.
Irsak, M., & Barilovic, Z. (2023). Digital Transformation Project in a Function of Raising Competitive Advantage. Economic and Social Development: Book of Proceedings, 49–57.
Karrenbauer, C., & Breitner, M. H. (2022). Value-driven IT Project Portfolio Management: Process Model, Evaluation Framework, and Decision Support. In Proceedings of the International Conference on Information Systems (ICIS), Copenhagen, Denmark.
Katz, L. (1953). A new status index derived from sociometric analysis. Psychometrika, 18(1), 39–43.
Kaufman, G. G., & Scott, K. E. (2003). What is systemic risk, and do bank regulators retard or contribute to it? The Independent Review, 7(3), 371–391.
Kermack, W. O., & McKendrick, A. G. (1927). A contribution to the mathematical theory of epidemics. Proceedings of the Royal Society of London a: Mathematical, Physical and Engineering Sciences, 115(772), 700–721.
Khan, A. A., Laghari, A. A., Shaikh, Z. A., Dacko-Pikiewicz Zdzislawa, & Kot, S. (2022). Internet of Things (IoT) Security With Blockchain Technology: A State-of-the-Art Review. IEEE Access, 10.
Kohnke, O., Nieland, T., Straatmann, T., & Mueller, K. (2024). How do management factors influence digital adoption in the case of a large-scale digital transformation project–A process perspective. Journal of Management & Organization, 30(5), 1564–1584.
Kundisch, D., & Meier, C. (2011). IT/IS project portfolio selection in the presence of project interactions–review and synthesis of the literature.
Lee, J. W., & Kim, S. H. (2001). An integrated approach for interdependent information system project selection. International Journal of Project Management, 19(2), 111–118.
March, J. G., & Shapira, Z. (1987). Managerial Perspectives on Risk and Risk Taking. Management Science, 33(11), 1404–1418.
Mark, J., & Ingmar, L. (2004). Best Practices in IT Portfolio Management. MIT Sloan Management Review.
Markowitz, H. (1952). Portfolio selection. The Journal of Finance, 7(1), 77–91.
Martinsuo, M., & Geraldi, J. (2020). Management of project portfolios: Relationships of project portfolios with their contexts. International Journal of Project Management, 38(7), 441–453.
Micán, C., Fernandes, G., & Araújo, M. (2020). Project portfolio risk management: a structured literature review with future directions for research. International Journal of Information Systems and Project Management, 8(3), 67–84.
Miehle, D., Häckel, B., Pfosser, S., & Übelhör, J. (2019). Modeling IT Availability Risks in Smart Factories. Business & Information Systems Engineering, 1–23.
Motter, A. E., & Lai, Y.‑C. (2002). Cascade-based attacks on complex networks. Physical Review E, 66(6 Pt 2).
Neumeier, A., Radszuwill, S., & Garizy, T. Z. (2018). Modeling project criticality in IT project portfolios. International Journal of Project Management, 36(6), 833–844.
Ngereja, B. J., Hussein, B., & Wolff, C. (2024). A comparison of soft factors in the implementation and adoption of digitalization projects: a systematic literature review. International Journal of Information Systems and Project Management, 12(2), 70–86.
Omol, E. J. (2024). Organizational digital transformation: from evolution to future trends. Digital Transformation and Society, 3(3), 240–256.
Otay, İ., Onar, S. Ç., Öztayşi, B., & Kahraman, C. (2023). A novel interval valued circular intuitionistic fuzzy AHP methodology: Application in digital transformation project selection. Information Sciences, 647, 119407.
Pappert, L., & Kusanke, K. (2023). Modern Project Portfolio Management– Analyzing the Potential of Artificial Intelligence. In A. Kalenborn, M. Fazal-Baqaie, O. Linssen, A. Volland, E. Yigitbas, M. Engstler, & M. Bertram (Eds.), GI Edition Proceedings: volume P-340. Projektmanagement und Vorgehensmodelle 2023, PVM 2023: Nachhaltige IT-Projekte : Gemeinsame Tagung der Fachgruppen Projektmanagement (WI-PM) und Vorgehensmodelle (WI-VM) im Fachgebiet Wirtschaftsinformatik der Gesellschaft für Informatik e.V. In Kooperation mit der Fachgruppe IT-Projektmanagement der GPM e.V. Und der PMI Germany Chapter e.V. : 16. Und 17. November 2023 in Hagen. Gesellschaft für Informatik.
Pastor-Satorras, R., & Vespignani, A. (2001). Epidemic dynamics and endemic states in complex networks. Physical Review E, 63(6), 66117.
Pimchangthong, D., & Boonjing, V. (2017). Effects of Risk Management Practices on IT Project Success. Management and Production Engineering Review, 8(1), 30–37.
Prifti, V. (2022). Optimizing Project Management using Artificial Intelligence. European Journal of Formal Sciences and Engineering, 5(1), 30–38. https://doi.org/10.26417/667hri67
Radszuwill, S., & Fridgen, G. (2017). Forging a Double-Edged Sword: Resource Synergies and Dependencies in Complex IT Project Portfolios.
Rotolo, D., Hicks, D., & Martin, B. R. (2015). What is an emerging technology? Research Policy, 44(10), 1827–1843.
Santhanam, R., & Kyparisis, G. J. (1996). A decision model for interdependent information system project selection. European Journal of Operational Research, 89(2), 380–399.
Schulte, F., Karrenbauer, C., & Breitner, M. H. (2024). Critical Success Factors for IT Project Portfolio Management: What do we know, what can we learn? In Proceedings of the 32nd European Conference on Information Systems, Paphos, Cyprus.
The Standish Group. (2018). Decision latency theory: It is all about the interval (Chaos Report). The Standish Group.
The Standish Group. (2020). CHAOS 2020: Beyond Infinity Report. The Standish Group.
Stoica, R., & Brouse, P. (2013). IT Project Failure: A Proposed Four-Phased Adaptive Multi-Method Approach. 1877-0509, 16, 728–736. https://doi.org/10.1016/j.procs.2013.01.076
Tang, L., Jing, K., He, J., & Stanley, H. E. (2016). Complex interdependent supply chain networks: Cascading failure and robustness. Physica a: Statistical Mechanics and Its Applications, 443, 58–69.
Tarannum, R., Joseph Ngereja, B., & Hussein, B. (2025). A structured taxonomy for effective digital transformation project implementation: Development, validation, and practical insights. International Journal of Information Systems and Project Management, 13(1), 3.
Tillquist, J., King, J. L., & Woo, C. (2002). A representational scheme for analyzing information technology and organizational dependency. MIS Quarterly, 91–118.
Verschuur, J., Pant, R., Koks, E., & Hall, J. (2022). A systemic risk framework to improve the resilience of port and supply-chain networks to natural hazards. Maritime Economics & Logistics, 1–18.
Vieira, G. B., Oliveira, H. S., Almeida, J. A. de, & Belderrain, M. C. N. (2024). Project Portfolio Selection considering interdependencies: A review of terminology and approaches. Project Leadership and Society, 5, 100115.
Wang, J. (2013). Mitigation strategies on scale-free networks against cascading failures. Physica a: Statistical Mechanics and Its Applications, 392(9), 2257–2264.
Wang, Q., Zeng, G., & Tu, X. (2017). Information Technology Project Portfolio Implementation Process Optimization Based on Complex Network Theory and Entropy. Entropy, 19(6), 287.
Wehrmann, A., Heinrich, B., & Seifert, F. (2006). Quantitatives IT-Portfoliomanagement: Risiken von IT-Investitionen wertorientiert steuern. WIRTSCHAFTSINFORMATIK, 48.
Wolf, T. (2015). Assessing the Criticality of IT Projects in a Portfolio Context using Centrality Measures. In Proceedings of the 12th International Conference on Wirtschaftsinformatik (WI), Osnabrück, Germany.
Zare-Garizy, T., Fridgen, G., & Wederhake, L. (2018). A privacy preserving approach to collaborative systemic risk identification: the use-case of supply chain networks. Security and Communication Networks, 201
Zhang, X., Wei, C., Lee, C.‑C., & Tian, Y. (2023). Systemic risk of Chinese financial institutions and asset price bubbles. The North American Journal of Economics and Finance, 64, 101880.
Zimmermann, S. (2008). IT-Portfoliomanagement–Ein Konzept zur Bewertung und Gestaltung von IT. Informatik Spektrum, 31(5), 460–468.
Zuluaga, A., Sefair, J. A., & Medaglia, A. L. (Eds.) (2007). Model for the selection and scheduling of interdependent projects. IEEE.