Toward a Performance-Oriented Evaluation Metric for Risk Management in Information Systems Projects

Authors

Tony Deral Menezes, Universiti Kebangsaan MalaysiaFollow
Maryati Yusof, Universiti Kebangsaan MalaysiaFollow
Dian Indrayani Jambari, Universiti Kebangsaan MalaysiaFollow

Abstract

Information Systems (IS) projects frequently fail due to complex, dynamic risks and evolving stakeholder expectations. Although established frameworks, such as PMBOK, ISO 31000, and NIST, provide structured guidance for managing risks, they primarily focus on procedural compliance and documentation rather than evaluating the actual outcomes of mitigation actions. This paper addresses this critical gap by developing a performance-driven evaluation metric that aligns with key phases of risk management. Drawing on an extensive literature review and existing standards, the study proposes outcome-oriented metrics emphasizing responsiveness, adaptability, and strategic alignment. By integrating Lean principles, such as feedback loops, visibility, and continuous improvement, the proposed metric enables project managers to move beyond process compliance toward performance-based evaluation, ultimately enhancing the effectiveness, efficiency, and resilience of risk management in IS projects.

Recommended Citation

Menezes, Tony Deral; Yusof, Maryati; and Jambari, Dian Indrayani, "Toward a Performance-Oriented Evaluation Metric for Risk Management in Information Systems Projects" (2025). International Research Workshop on IT Project Management 2025. 10.
https://aisel.aisnet.org/irwitpm2025/10