Although project risks are a prevalent research topic, managing risks is still a major challenge for project managers. In this paper, we take a fresh approach at risk behavior in IT projects by exploring the explanatory power of risk compensation theory (RCT). Although RCT is being discussed in other disciplines such as traffic safety, its potential contribution to IT project risk management has not yet been recognized. We apply an exploratory multiple holistic case study approach to investigate RCT based on internal risk reports of a large international software provider. Our results show modest support for risk compensation in the documented risk behavior. Although our results are of exploratory nature, we show that the usual focus on reducing risks in current risk management methodologies may lead to inefficient risk behavior. Instead, risk management methodologies should support project managers in balancing their risk controls based on their risk propensity and the companies' goals.
Segin, Christian; Schermann, Michael; and Krcmar, Helmut, "Do Project Managers Compensate for Risk Controls? An Exploratory Study on Risk Behavior in IT Projects" (2009). AMCIS 2009 Proceedings. 35.