Abstract

Risk management is increasingly seen as a means of improving the likelihood of success in complex engineering projects. Yet the presence of a legitimacy gap, driven by the lack of empirical validation of published best practices, might explain low adoption of risk management on projects. We present an empirical investigation and discussion of the eleven principles of the ISO 31000:2009 Risk Management Standard via a large-scale survey of engineering and product development practitioners. Adhering to the risk management principles at a high level was found to be a significant factor in better reaching cost, schedule, technical and customer targets, in addition to achieving a more stable project execution. This finding suggests that, rather than a single rigid standard or an ever-changing set of detailed methods, the ISO principles have potential to be the basis for our shared understanding of best practice, and to catalyze the professionalization of project risk management.

Introduction

Risk management is increasingly seen as a means of improving the likelihood of success in the complex, multi-functional and challenging task of managing engineering and product development projects. Studies show that project risks affect outcomes in a number of industries (Wallace and Keil, 2004; Mishra et al., 2016). Yet studies have shown that risk management practices are poorly adopted by project managers (Kutsch and Hall, 2009; Raz et al., 2002; Grant and Pennypacker, 2006; Ibbs and Kwak, 2000; Papke-Shields et al., 2010). How do project managers decide which risk management practices to engage in, and how can they have confidence in the value of investing in such processes?