INTERNATIONAL JOURNAL OF

PROJECT
MANAGEMENT
International Journal of Project Management 23 (2005) 591–599
www.elsevier.com/locate/ijproman

Intervening conditions on the management of project risk:

Dealing with uncertainty in information technology projects
E. Kutsch a, M. Hall b,*

a
University of Surrey, School of Management, Guildford, Surrey GU2 7XH, United Kingdom
b
University of Bristol, Department of Management, Lewis Wing, Wills Memorial Building, Queens Road, Bristol BS8 1RJ, United Kingdom

Received 18 June 2004; received in revised form 27 July 2004; accepted 10 June 2005

Abstract

A review of the outcome of many information technology (IT) projects reveals that they fail to meet the pre-specified project
objectives of scope, time and budget. Despite well-established project risk management processes, project managers perceive their
application as ineffective to manage risk. This failure may well be attributed to the inadequate application of those risk management
processes. The purpose of this research was to investigate how project managers responsible for the management of risk in IT pro-
jects actually managed risk and to relate this back to established project risk management processes. In undertaking this investiga-
tion, we were seeking to understand the ways in which the project managersÕ approaches and behaviours, when considering risk in
IT projects, differed from what might be expected. Results show that because of environment-related and decision maker-related
conditions, project managers tend to deny, avoid, ignore and delay dealing with risk, with the consequence of those actions having
an adverse influence on their perceived effectiveness of risk management and the project outcomes. If project risk management, and
its underlying processes are not to be discredited, the behaviour of project managers when confronted by uncertainty should be con-
sidered and actions need to be taken to discourage project managersÕ irrational actions.
Ó 2005 Elsevier Ltd and IPMA. All rights reserved.

Keywords: Risk management; Expected utility theory; Irrationality; Stakeholder behaviour

1. Introduction practitioners surveyed [2], IT project failure was most

Projects may be considered to have failed when
expected scope, cost and time targets are not met,
expected benefits are not realised, or a stakeholder is
dissatisfied with an aspect of the process or outcome.
In particular, IT projects (the provision of a service
to implement systems and solutions, including a variety
of hardware and software products [1]) have a high
rate of failure [2,3]. In one study, it was found that a
third of all software projects were terminated before
completion while more than 50% of the projects cost
approximately double the estimate [2]. According to
*
Corresponding author. Tel.: +44 117 954 5699.
E-mail address: Mark.Hall@bris.ac.uk (M. Hall).
commonly attributed to lack of top management
involvement, a weak business case and inadequate risk
management. The highest ranked factor for project
failure was risk management. The Project Management
Institute [4] defined risk management in a project envi-
ronment as the systematic process of identifying, anal-
ysing, and responding to uncertainty as project-related
events or conditions which are not definitely known
with the potential of adverse consequences on a project
objective. Despite well established and accepted project
risk management processes being available, including
PMI 2000, Prince 2 or PRAM, project managers com-
monly perceive these as not effective for managing pro-
ject uncertainties [2,5]. In the area of decision making
under uncertainty, expected utility theory (EUT) has

0263-7863/$30.00 Ó 2005 Elsevier Ltd and IPMA. All rights reserved.

doi:10.1016/j.ijproman.2005.06.009
592 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599

been the dominant normative and descriptive model. Expected Utility Theory
However, research has shown that conditions in project
risk management deviate from the claims according to Choice Probability Utility
this theorem. Kahneman and Tversky [6], for example,
established in their research that the procedure of Risk
O
materialises
‘‘framing’’ violates the EUT model. Elsewhere (e.g.

-P
[8,9]) it was revealed that psychological factors play Risk

1
an important part in decision making under uncer- mitigation
tainty but are not adequately captured by EUT. action
PxA P
Although much work has been done to date examin- Risk does not
ing the response of individuals to risk in various settings, A
materialise
such as in the oil industry or in education, little research
has been carried out to ascertain the impact of interven-
ing conditions on the management of risk by project
managers, their impact on the project outcome and the
perceived effectiveness of risk management systems Risk
G
and processes in the context of project management. materialises

-Q
The purpose of this research was to investigate how No risk

1
intervening conditions deviated from those one might mitigation
presume under expected utility theory, how they influ- action
G + (Q x A) Q
enced actions taken by project managers and how pro-
Risk does not
ject managersÕ perceptions of the effectiveness of A+ G
materialise
project risk management ultimately contribute to pro-
ject success and/or failure in the delivery of IT projects.
The goal was to better understand how, under condi-
tions of uncertainty, the application of risk management Fig. 1. Expected utility theory.
techniques by project managers might be improved.

The probability of avoiding risks in a project through

2. Background
The dominant paradigm underlying project risk pro-
cesses such as defined by the Project Management Insti-
tute [4] and CCTA [9] is the expected utility theorem
[10,5]. Expected utility is ‘‘a weighted average of the util-
ities of all the possible outcomes that could flow from a
particular decision, where higher-probability outcomes
count more than lower-probability outcomes in calculat-
ing the average’’ [11, p. 21]; the utility of decision-
making choices are weighted by their probabilities and
outcomes [7,12,11].
In order to understand this, one might consider the
following simplified example, as displayed in Fig. 1. A
project manager facing risk in a project has the choice
to apply project risk management to mitigate project
risk or may choose not to manage it.
According to Fig. 1, four scenarios may unfold:
1. project manager proactively executes risk mitigation
actions and risks materialise;
2. project manager proactively executes risk mitigation
actions and risks do not materialise;
3. project manager does not proactively executes risk
mitigation actions and risks materialise;
4. project manager does not proactively executes risk
mitigation actions and risks do not materialise.
the execution of risk response actions is P and without
risk actions Q, with P larger than Q and 1 Q larger
than 1 P. The utility if avoiding risks (relative to the
cost of materialised risk) is A and the utility of no ac-
tions (relative to the cost of those actions) is G while
A is assumed to be greater than G. The utility of scenario
1 is the worst and, therefore, set at 0.
The utility of scenarios 1 and 3 depends on the cost of
uncertainty materialising and adversely affecting the
project outcome. In contrast, the utility of scenarios 1
and 2 depends on the cost to execute actions, the com-
mitment of ‘‘scarce’’ project resources such as time
and money. Therefore, the decision by the project man-
ager to take actions or not depends on the utility of
avoiding uncertainty (benefit) while committing re-
sources (cost) and the relative magnitude of the objec-
tive or subjective probabilities.
Expected utility has been generally accepted in risk
literature as a model of rational choice for taking risky
decisions [13] and is considered to be a very robust
framework for decision making under conditions of
uncertainty [14]. Rationality can be defined as ‘‘agree-
able to reason; not absurd, preposterous, extravagant,
foolish, fanciful, or the like; intelligent, sensible’’ [15].
According to EUT, rational actions of risk actors (indi-
viduals who influence and/or own the risk process) can
be defined as follows [13, p. 43]:
 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
 rational actors can choose between different possible
actions. Actions may differ in kind and scale;
 rational actors assign (objective or subjective) proba-
bilities to various outcomes;
 rational actors can order possible actions according to
their preferences;
 rational actors try to choose an action, which is opti-
mal according to their preferences.
An important aspect of EUT is the assumption of a
state of perfect knowledge for risk actors [13]. Complete
certainty implies [16, p.129]:
 a clear and unambiguous identification of the prob-
lem, its constituent elements and its causes;
 perfect information about all the relevant variables in
terms of both quantity and quality;
 a well-developed model of the problem which incorpo-
rates all the variables likely to influence the decision
outcome and a perfect understanding of the manner
and scale of interaction;
 an exhaustive list of all possible solutions;
 an unambiguous statement of the objectives which is
specific, quantifiable and internally consistent;
 perfect knowledge of the future consequences of each
possible solution and their implications for the project;
 the availability of all the resources and sufficiency of
reliability in all the structures and systems necessary
for the successful implementation of the chosen
solution;
 the presence of perfectly rational and experienced
decision-makers with unlimited analytical and cogni-
tive abilities.
For the purposes of clarity, we have assumed that the
project manager is the main risk actor. However, project
management literature suggests that various stakehold-
ers, which may include individuals and organisations,
may be directly or indirectly involved in the process of
managing risk. While recognising the involvement of
these stakeholders, the focus for our research was on
the project manager as the main risk actor, although
the contributions of other risk actors were relevant to
some aspects of the research, as will become apparent.
In the context of project risk management, the prefer-
ences of project managers should only relate to the ac-
tive mitigation of that risk with adverse consequences
on project objectives of time, cost and quality [4,9,17].
However, although this describes how managers should
make decisions when undertaking risk management, evi-
dence shows that their actions often deviate from EUT
(e.g. [18,14,19,20]. Deviation from EUT may derive
from, for example [21, p. 251]:
 the uncertainty associated with taking any given action
and whether or not negative outcomes will result;
593
 cognitive and emotional overload that results from
awareness of risk in many (of not most) behaviours;
 the complex and varied dynamics associated with per-
forming any given behaviour.
3. Methodology
While EUT describes a ÔrationalÕ approach to the
understanding and management of risk, either as threat
or opportunity [23] the concern of this paper was the
Ôlived realityÕ of project managers involved in IT pro-
jects and how this impacted upon the orderly pursuit
of a management of risk predicated on EUT. In this
sense, it encompassed a decision making process that
dealt with uncertainty, encompassing as it does, risk
management, but also including the broader processes
of decision making in risky and uncertain project envi-
ronments [23]. Essentially, the concern was with beha-
viour and activities that interrupted (or intervened
with) the process of risk management predicted by
EUT. Beyond this, the concern was to develop an
understanding of how and why these behaviours
occurred, what their effect tended to be, and what
implications these effects might hold.
Research has previously been conducted into behav-
iour when managing risk in disciplines such as in psy-
chology and general management [6,21,24]. However,
this paper focuses upon intervening conditions and their
effect on risk management in the context of IT projects.
As the objective was to develop an understanding of
how these conditions arose, an exploratory research ap-
proach using semi-structured interviews was adopted.
This involved an iterative process of proposing and
checking for patterns, both during the interviews and
in subsequent analysis, in order to develop insights into
behaviours and approaches adopted by IT project man-
agers in practice.
During analysis, the approach was one of seeking and
evaluating similarities and differences between the cases
or groups of cases, each interview representing a specific
case. This entailed selecting categories, categorising each
case and looking for similarities and differences both
within groups and between groups. In this study, catego-
ries included
 the overestimation of risk compared with its
underestimation;
 high-perceived risk as opposed to low-perceived risk;
 success of a project compared with failure of a project.
The approach taken was to examine the findings
and create categories. The literature was then revisited
to establish whether the issue had previously been
addressed elsewhere.
594 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599

Table 1
Characteristics of the interviewees and their projects
Interviewee ref. Organisation Position Approx. project volume (£m) Duration (months)
Interviewee 1 Company A IT project manager 15 36
Interviewee 2 Company B IT consultant n.a. 18
Interviewee 3 Company C IT project manager n.a. 1
Interviewee 9 Company C IT project manager 10 2
Interviewee 4 Company D IT project manager 0.08 0.25
Interviewee 5 Company E IT project manager 18 12
Interviewee 6 Company F IT project manager 1 12
Interviewee 7 Company G IT project manager 30–40 18
Interviewee 10 Company H IT project manager 3 14
Interviewee 11 Company I IT project manager n.a. 18
Interviewee 12 Company J IT project manager 10 18
Interviewee 13 Company J IT project manager 150 48
Interviewee 14 Company J IT project manager 1–2 1
Interviewee 15 Company J IT project manager 40 6
Interviewee 16 Company J IT project manager 100 6
Interviewee 17 Company J IT project manager 1000 120
Interviewee 18 Company J IT project manager 30 n.a.
Interviewee 19 Company K IT project manager 8 36
n.a., this information was unavailable or undisclosed.

In total, 19 IT project managers and consultants were
interviewed from eleven separate companies (Table 1).
The interviews were semi-structured in nature, including
questions such as:
 Why were risks overlooked?
 Why did risks that were expected to materialise not, in
fact, materialise?
 Were any project risk management stages ineffective?
If so, why?
In selecting the sample, the aim was to acquire data
from a range of IT projects, large and small, complex
and less-complex. This was reflected in the sample. An-
other feature of the sampling approach was to achieve
data saturation [25]. In this sense, we identified catego-
ries and themes arising from the interview, until no
new categories emerged. The project managers either
discussed projects they were currently involved with,
or ones on which they had recently been working. The
projects were of a wide variety of values and timescales.
The interviews were each of between one and two hours
duration. The interviews were then transcribed and
analysed.
4. Findings
In the analysis of the interviews, a fourfold typology
emerged, describing behaviours and activities that pro-
ject managers were either aware of, or were implied by
their comments, which intervened, or interrupted the ra-
tional and orderly management of risk during IT pro-
jects. We called these Ôintervening conditionsÕ, drawing
on Strauss and CorbinÕs [26, p.103] definition: ‘‘Inter-
vening conditions are the broad and general conditions
bearing upon action. . . [they]. . .. either facilitate or con-
strain action’’. These are summarised in Table 2 and
subsequently discussed in detail, drawing on indicative
quotations from the interviews in order to illustrate par-
ticular points.
4.1. Denial of uncertainty
The first condition that emerged related to risk as an
ÔobjectÕ of ÔaweÕ; an ÔobjectÕ to be ÔfearedÕ by those in-
volved in projects. It seemed that project managers were
unwilling to expose their customers to risks because
those risks might have created anxiety and doubts
among the stakeholders about the competency of the
service provider:
‘‘We presented ourselves in such a way that we would
seem as reasonable and competent as possible. And
problems and risks donÕt go down so well. We wanted
to come across as people who could get the project
under way and complete it. The first aim was to win
the tender, no matter what the cost. . . I didnÕt want to
be the doomsayer in the euphoric preliminary phase. . .
Problems were kept to a minimum, simply in order to
come across as a competent provider.’’ (Interviewee 5)
The refusal to admit that risks existed, or their con-
cealment, in order to avoid exposing stakeholders to
an object perceived as a ‘‘dread’’ and, consequently,
threat to the viability of the project, was categorised as
denial of uncertainty. This can be defined as a refusal
by project managers to expose other project stakehold-
ers to negative discomforting risk related information.
The underlying condition of denial was the refusal of
project managers to believe in uncertainties with
 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
Table 2
Overview of behaviours intervening in project risk management process
Intervening condition Definition
Denial of uncertainty The refusal by risk actors to reveal to other
stakeholders risk related information that may
hold negative or discomforting connotations
Avoidance of uncertainty Lack of attention to risk related information due
to insufficient trust or belief in the efficacy of that
information
Delay of uncertainty Failure to consider or resolve risk due to apathy,
lack of interest or general approach to project
management
Ignorance of uncertainty The complete lack of awareness of risk related
information by stakeholders
possible adverse consequences on the project outcome,
rooted in the desire not to expose themselves or other
stakeholders to something that was perceived as
‘‘worrisome’’.
This attitude to risk has been described as one of
treating it as ÔtabooÕ. ‘‘Taboo matters are literally what
people must not know or even inquire about. Taboos
function as guardians of purity and safety through so-
cially enforced sanctioned rules of (ir)relevance’’ [27,
p. 8].
In another instance,
‘‘His words to me [were] ÔYouÕre the project manager, a
professional project manager, you must have seen this
problem happening before nowÕ. I had no choice but to
say ÔYes David, I did see it happening before now, but
there were very good reasons why I chose not to escalate
to you about that at a different timeÕ.’’ (Interviewee 9)
In this particular case, the risk was not actively man-
aged because it was seen that in mentioning the very
subject of risk, the customer would become aware of it
and this awareness would jeopardise the relationship be-
tween the customer and the project management team.
The relationship between the understanding of and per-
ception of risk appeared to lead to cautiousness among
project managers in developing more understanding
about specific risks and their implications for their par-
ticular projects. Another interviewee elaborated on this
issue:
595
Description
Risk as a ‘‘taboo’’
 Denial of uncertainty in order not to expose stakeholders to
something perceived as negative
 Denial of uncertainty in order not to jeopardise long-term
relationships with stakeholders
 Denial of uncertainty in order not to be perceived as a
‘‘doomsayer’’
 Denial of uncertainty in order to present the project as being
‘‘certain’’ and ‘‘certainly’’ successful for stakeholders
Distrust in risk estimates
 Avoidance of uncertainty because of mistrust between risk actors
 Avoidance of uncertainty because of conflicting confidence levels
about risk estimates between stakeholders
 Avoidance of uncertainty because of conflicting perceptions of
stakeholders about the legitimacy or ability of others to manage
certain risks
Different risk management preference
 Delay of uncertainty because of different expectations of
stakeholders about how to manage risk (active or reactive)
Unawareness of threats
 Ignorance of uncertainty because of the unwillingness to spend
(more) resources on the scanning of the environment
 Ignorance of uncertainty because of the inability to scan and
interpret the environment because of factors such as complexity
and dynamics
‘‘The question is how specific you want to go. Pulling
out a generic risk is fine and people can see the red flag
go up but unless an absolute showstopper sat right in
my arena of operations then I would not necessarily
think it was my case to raise it. Informally I would
say it to the project risk assessor: Ôyou need to talk
to so and so because I think they have an issueÕ.’’
(Interviewee 13)
In summary, it was found that, project managers
responsible for the management of risk acted to reduce
anxiety and consternation among customers and other
stakeholders by not confronting them with uncertain-
ties and risks; in other words, they concealed or denied
the presence of risk and uncertainty. This behaviour
was either purposeful (they would make a decision
not to mention specific, project-related risks) or uncon-
scious (they did not dwell on the presence of risk,
thereby not having to mention it as an issue). Schneid-
ermann [28, p. 22] hypothesised that, because of the
‘‘fear of the unknown’’ risk actors tend to be unwilling
to manage risks. The finding here seemed to suggest
that their unwillingness related to the temptation to
give people the answers they wanted to hear; and the
answer is certainty or a safe and predictable world
[29]. Because risk actors may perceive risk (manage-
ment) to be a gloomy and negative affair [30], they
may downgrade their own perception of risk to a de-
sired external accepted level [31] that can be engaged
through risk management.
596 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
4.2. Avoidance of uncertainty
The second condition effecting behaviour in project
risk management derived from conflicting risk estimates.
In one case, where the customer was presented with a
risk estimate, he strongly objected to the risks being
legitimate. The project manager said:
‘‘The client did not accept the risks, or rather the risk
analysis, wherever it concerned him. So when we had
a risk that required the client to play an active role,
which would have meant investing money or resources,
he opposed the prevention of that risk. He said it
wasnÕt necessary, the project could run without it.’’
(Interviewee 1)
These conflicting perceptions about the legitimacy of
risk between the provider and customer can be described
as avoidance of uncertainty and can lead to the danger of
the risks not being effectively managed. The lack of con-
sensus between perceptions of risk among those in-
volved was found elsewhere to relate to the disbelief or
lack of faith in the message (risk) or the source of the
message (person who manages the risk) [32]; it is a ques-
tion of trust. Differing perceptions of risk, influencing
their treatment, arose elsewhere. In this case, the project
team failed to come to an unambiguous and trustworthy
estimation about risks. Hence, they chose not to manage
them.
‘‘This was a problem, though it wasnÕt really possible to
assess the risks. We couldnÕt come to any opinion.’’
(Interviewee 5)
However, in cases where consensuses about risk esti-
mates were found, some risks were managed and others
were avoided.
‘‘We looked for risks that were easily identifiable, but
didnÕt actually have serious consequences for the pro-
ject. The project was not really at threat from these
risks.’’ (Interviewee 1)
Risks were avoided in this project, because the pro-
ject manager focused on ‘‘easily’’ assessable risks in or-
der to achieve consensus within the project team.
Another interviewee noted how risks were avoided in
his project:
‘‘They were internal risks. But they should not have
been deleted. They should have been managed inter-
nally, not just excluded or even ignored. They did not
go even in the internal risk register.’’ (Interviewee 7)
In this case, the sales department and senior manage-
ment perceived those risk estimates produced by the
project manager as something unrealistic. Therefore,
the project managerÕs risk estimates were regarded as
being Ônon-legitimateÕ; that is to say they were perceived
as not worth being mitigated.
Elsewhere, differences in perception of the legitimacy
of risk estimates occurred along the supply chain, be-
tween subcontractors and prime contractors. In some in-
stances, this led to those risks being left unmanaged.
One interviewee explained why he thought this was the
case:
‘‘[Our] partner has a much wider scope than we have.
They are looking at other issues which are much more
critical to them in the bigger picture and our issues
although they are extremely important for us are not
perceived as being important to [them].’’ (Interviewee 10)
It was found that lack of trust in estimates of risk was
indicative of a more general lack of trust between indi-
viduals within their own project team, with customers
and with subcontractors. One project manager even sug-
gested that the risk management process was used to
deliberately deceive other parties:
‘‘A lack of trust means that some of the risk, which
might have been identified by various parties on the pro-
ject, would not necessarily be given much weight, even if
they were raised to project management. If there is a
lack of trust then risks get tainted to peopleÕs belief that
there are hidden agendas behind that.’’ (Interviewee 13)
4.3. Delay of uncertainty
In some instances, it was revealed that there was a
tendency for the project managers to simply fail to ac-
tively manage certain risks, even where those risks were
not regarded as a threat or ÔtabooÕ and where there was
consensus on what constituted a risk and how it should
be measured. It manifested itself as an apathy to risk
management, relying instead on trouble-shooting prob-
lems if and when they arose. For example, one intervie-
wee noticed how a project culture encouraged this
approach:
‘‘In this particular environment, it was one that was
used to Ôflying by the seat of its pantsÕ and managing
issues and crises as they arrived rather than actually tak-
ing the time and stand back and look ahead and say
ÔWhat can we do to prevent that?Õ. If their focus and cul-
ture is one of fire fighting and crisis management, the
step to take pre-emptive action to prevent a risk or to
reduce a risk is never going to be at the top of their per-
sonal priority list.’’ (Interviewee 14)
Elsewhere, the client did not regard the management
of risk to be particularly important as it felt the project
manager would simply deal with any problems that ar-
ose due to their brand exposure:
‘‘My general feeling, it does come down to the brand.
Fundamentally our name is on that piece of hardware
which is deployed on the end customerÕs desk. They will
 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
see our brand name every day so the brand name is very
important and something we want to protect so from
that point of view there is that association that we have
internally and is very strong for us. Form the customerÕs
point of view I suspect that there, they may be aware of
this, they may be using that to a certain degree in that
way that we will be very protective, that we will always
jump in to save the situation, so there may be a certain
degree of abuse going on there.’’ (Interviewee 9)
Thus, the customer delayed any active risk mitigation
that may have entailed costs and relied on the supplier,
who was contractually obliged to react to any occurring
problems.
The behaviour noted in these cases can be described
as delay of uncertainty by stakeholders in projects. Delay
of uncertainty occurs when decision makers choose to
wait until uncertainty resolves itself [33]. While this sug-
gests a purposeful decision to Ôwait and seeÕ, the inter-
views illustrated that, in some cases it was not a
decision to be reactive to risk but, rather something that
could be characterised as ÔinattentionÕ:
‘‘The manager was a ÔtechieÕ person. He loved technol-
ogy. If it had been technology driven, then I thought
we would not have the issues that we had but because
it was a commercial project, for him, the technology
was standard and mundane. He had no interest at all
in proactive risk management.’’ (Interviewee 9)
Elsewhere, risk management was treated as a Ôbox-
tickingÕ exercise, suggesting that risk management was
held in low regard as an activity. Risk management
was treated as an administrative task rather than a man-
agement task:
‘‘I do not think there was a huge driver. I think this
might have been a reason why the project risk assessment
team might not have been really that well regarded. They
were interested in finding the risk, the solutions were not
really something that they were too bothered with. Their
attitude was, find the risk, rate the risk but then feed that
back into senior management and programme board
and let them come up with a solution.’’ (Interviewee 13)
and elsewhere:
‘‘It becomes an administrative process and as long peo-
ple feel there is a risk register somewhere and lip service
is being paid to it on a reasonably frequent basis, then
they are managing risk.’’ (Interviewee 17)
In summary mitigating activities in response to iden-
tified risks were delayed or deferred because reactive risk
management was the preferred mode of operation or
there was a lack of interest, or an inattention, in exercis-
ing active risk management. The reasons may be politi-
cally or culturally driven: project managers may not pay
attention to active risk management and in other cases
597
project managers may adopt reactive risk management
as their preferred risk management method. Similarly,
it may concern an attitude to project management in
general, which treats it in a procedural manner, this
influencing responses to risk management.
4.4. Ignorance of uncertainty
The fourth issue that emerged from the interviews can
be labelled ignorance of uncertainty. Ignorance of uncer-
tainty can be seen as a lack of awareness of risk-related
information on the part of project managers and other
stakeholders, which could include incomplete knowl-
edge. Ritchie and Marshall [16, p. 117] noted that ‘‘large
uncertainties, and even ignorance, dominate areas of
risk to the extent that the very lack of knowledge is
unsuspected’’. From the interviews, this phenomena ap-
peared to be widespread, either being implied or overtly
mentioned by several of the interviewees. For example:
‘‘To a very great extent, with exception of the actual
business-related risks, we were able to assess all the tech-
nical risks, but were not always able to assess other,
non-technical risks.’’ (Interviewee 4)
‘‘Because we did not even know about it. We did not
even think about it that it would be wrong and in fact
that the only reason we knew that it was there was when
they started producing their invoices.’’ (Interviewee 15)
Explanations for ignorance of risk are varied. A num-
ber of writers (e.g. [34,35]) suggest that this ignorance
may have its cause in organisational contexts of com-
plexity and dynamism. Freudenberg [36] related igno-
rance of uncertainty to the failure of risk managers to
foresee interactions and interdependencies. In the con-
text of project management, a project manager may face
difficulties in forecasting how each component of a pro-
ject task may influence others (complexity) and the like-
lihood that it will remain stable over the time
(dynamism). One interview illustrates this point well:
‘‘. . . if one went wrong there is a geometric effect because
another piece of software that was dependent on it was
also delayed which then had a knock-on effect. We did
not get down to the level of understanding of all the inter-
actions between all those components.’’ (Interviewee 18).
As the project progressed and components of the
project such as the amount of IT systems in the project
changed, the lack of understanding about the comple-
xity and dynamics of the project caused a sudden
disruption.
Other cases illustrated that project managers some-
times also set their own constraints and boundaries
influenced by their Ôcomfort zoneÕ. Margolis [37, p. 35]
has argued: ‘‘experts in general learn to concentrate on
what is critical in their experience with the domain at
598 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
hand and ignore anything else.’’ Thus, it would appear
that ignorance of risk arises for two reasons. Firstly,
project teams are unable to predict risk because of con-
textual conditions such as complexity and dynamics.
Secondly, they are unwilling to look for risks outside
their defined scope of project management skills.
5. Conclusions
A series of behaviours and conditions were identified
during the research that tended to lead to activity and
decisions that deviated from, or intervened within, the
risk management process described using expected util-
ity theory. In pursuing risk management using the ap-
proach derived from EUT, risk managers and other
project stakeholders could expect the benefits of im-
proved certainty in the outcomes of the project with
the additional benefits of improved budget setting
and reductions in political and financial tension arising
from surprises. However, they failed to avail them-
selves of these benefits because other issues became
paramount – what might be called ‘‘barriers to preven-
tative action’’ [21, p. 234]. These barriers have been
called intervening conditions [26] and have been found
to manifest themselves as conditions of denial, avoid-
ance, delay and ignorance of uncertainty. In some in-
stances, they were purposeful: the result of
commercial positioning or a lack of interest in certain
risky aspects of projects. In other instances, they were
unconscious behaviours rooted in approaches driven by
culture: a fear of revealing bad news or a tendency to
tick boxes and follow procedures. Freudenberg [36, p.
249] argued:
‘‘Instead, the problem is that a variety of factors that are
far more subtle – unseen, unfelt, and yet unfortunate in
their consequences – exert an influence that could scar-
cely be more disturbing even if they were based on delib-
erate malice.’’
As can be seen from the indicative quotations from
the interviews, in many cases the project managers were
aware of the conditions (although they lacked a typol-
ogy with which to describe them). They were also aware
of the negative consequences for the projects they were
trying to deliver. In some instances, the intervening con-
ditions were beyond the control of the project managers
interviewed; they were initiated by a supplier or the cus-
tomer. In other instances, the interviewees were aware
that the condition was the consequence of their own
behaviour. They understood how risk management
should operate, even where they were unaware of EUT
as a theory of action. They were aware that ÔrationalÕ
decision making, in the sense that rationality is under-
stood in EUT, was required and that concealing infor-
mation or ignoring risks that were ÔuncomfortableÕ or
ÔboringÕ was not rational in this sense. That said, from
some perspectives, such actions or inactions might be
considered rational. It might be rational, in some cir-
cumstance, to keep the client ÔhappyÕ rather than allow
the client to become upset or nervous of risk if that
means the project will proceed.
References
[1] Howard J. Computer services: 2001 Market Report, Key Note
Ltd.; 2001.
[2] Whittaker B. What went wrong? Unsuccessful information
technology projects. Inform Manage Comp Secur 1999;7(1):23–9.
[3] McGrew JF, Bilotta JG. The effectiveness of risk management:
measuring what didnÕt happen. Manage Decis
2000;38(4):293–300.
[4] Project Management Institute. PMI 2000: a guide to the project
management body of knowledge. Pennsylvania: Project Manage-
ment Institute; 2000.
[5] Pender S. Managing incomplete knowledge: why risk manage-
ment is not sufficient? Int J Project Manage 2001;19:79–87.
[6] Kahneman D, Tversky A. Prospect theory: an analysis of decision
under risk. Econometrica 1979;47(2):263–91.
[7] Sitkin SB, Weingart LR. Determinants of risky decision-making
behaviour: A test of the mediating role of risk perceptions and
propensity. Acad Manage J 1995;38(6):1573–92.
[8] Pablo AL. Reconciling predictions of decision making under risk.
J Manage Psychol 1997;12(1):4–20.
[9] CCTA. An introduction to managing project risk. Norwich:
CCTA – The Government Centre for Information Systems; 1995.
[10] Ekenberg L, Boman M, Linnerooth-Bayer J. General risk
constraints. J Risk Res 2001;4(1):31–47.
[11] Borge D. The book of risk. New York: Wiley; 2001.
[12] Arrow KJ. Behaviour under uncertainty and its implications for
policy. Foundations of utility and risk theory with applications.
In: Stigum BP, Wenstop F, editors. Dordrecht: D Reidel Pub-
lishing Company; 1983. p. 19–32.
[13] Jaeger CC, Renn O, Rosa EA, Wehler T. Risk, certainty, and
rational action. London: Earthscan; 2001.
[14] Einhorn HJ, Hogarth RM. Decision making under ambiguity. J
Bus 1986;59(4):225–50.
[15] Simon H. Rationality as process and as product of thought. Am
Econ Assoc 1978;68(2):1–16.
[16] Ritchie B, Marshall D. Business risk management. Lon-
don: Chapman & Hall; 1993.
[17] BSI. Project management – Part 3: guide to the management of
business related project risk. London: British Standards Institu-
tion; 2000.
[18] Cooke S, Slack N. Making management decisions. Hemel
Hempstead: Prentice-Hall International; 1984.
[19] Bourgeois LJ, Eisenhardt KM. Strategic decision processes in
high velocity environments: four cases in the microcomputer
industry. Manage Sci 1988;34(7):816–34.
[20] Neumann PJ, Politser PE. Risk and optimality. In: Yates FJ,
editor. Risk-taking behaviour. West Sussex: Wiley; 1992. p.
27–47.
[21] Adler NE, Kegeles SM, Genevro JL. Risk taking and health. In:
Yates FJ, editor. Risk-taking behaviour. West Sussex: Wiley;
1992. p. 231–55.
[23] Ward S, Chapman C. Transforming project risk management into
project uncertainty management. Int J Project Manage
2003;21:97–105.
[24] Holt R. Risk management: The talking cure. Organization
2004;11(2):251–70.
 E. Kutsch, M. Hall / International Journal of Project Management 23 (2005) 591–599
[25] Bryman A, Bell E. Business research methods. Oxford: Oxford
University Press; 2003.
[26] Strauss A, Corbin J. Basics of qualitative research. Lon-
don: Sage; 1990.
[27] Smithson M. Ignorance and uncertainty. New York: Springer;
1989.
[28] Schneiderman MA. The uncertain risks we run: hazardous
materials. In: Schwing RC, Albers WA, editors. Societal risk
assessment. New York: Plenum Press; 1980. p. 19–37.
[29] Fischhoff B, Lichtenstein S, Slovic P, Derby SL, Keeney RL.
Acceptable risk. Cambridge: Cambridge University Press;
1981.
[30] Raftery J. Risk analysis in project management. London: Chap-
man & Hall; 1994.
[31] Machlis GE, Rosa EA. Desired risk: broadening the social
amplification of risk framework. Risk Anal 1990;10(1):161–8.
599
[32] Poortinga W, Pidgeon NF. Exploring the dimensionality of trust
in risk regulation. Risk Anal 2003;23(5):961–72.
[33] Bobbitt HR, Ford JD. Decision-maker choice as a determinant of
organizational structure. Acad Manage Rev 1980;5(1):13–23.
[34] Palmer TB, Wiseman RM. Decoupling risk taking from income
stream uncertainty: A holistic model of risk. Strat Manage J
1999;20:1037–62.
[35] Jaafari A. Management of risks, uncertainties and opportunities
on projects: time for a fundamental shift. Int J Project Manage
2001;19:89–101.
[36] Freudenberg WR. Heuristics, biases, and the not-so-general
public: Expertise and error in the assessment of risk. In: Krimsky
S, Golding D, editors. Social theories of risk. Westport: Praeger
Publishers; 1992. p. 229–49.
[37] Margolis H. Dealing with risk. London: The University of
Chicago Press; 2003.