Assessment of the Effectiveness of Risk Management Practices in the Performance of IT Projects

: This study assessed the effectiveness of risk management practices in the performance of IT projects. This study was guided by Project Management Theory. The study employed a mixed research approach, a mixed research approach and descriptive research design. The study was conducted at the Tanzania Revenues Authority Head Office in Dar es Salaam, the targeted population of this study is 200 and the sample size was 133 obtained suing simple random sampling techniques and purposive sampling techniques. in this study data was analysed using quantitative and qualitative techniques. The findings show that management practices are very essential in the implementation of the IT projects. It was also shown that effective project implementation depends much on the effective risk management practice because it is through them that risk can be mitigated for the sustainability of the IT projects. moreover, the results obtained through correlation analysis shows that Risk Assessment Practices (RAP) correlated (r (125)> .568, P< .000), Risk Response Practices (RRP) correlated (r (125)> 452, P < .000), Risk Response Practice (RRP) and the performance of IT Projects (PIP). Lastly Monitoring and Control Process (MCP) had a correlation of (r (125)> 652, P < .000. The results of this study concluded that there is a positive and significance relationship between risk management practices and the performance of IT projects. Despite of these supportive findings this study recommended for the proactive management of project risk because IT project implementation is subject to the limitation challenges and risks, thus through proactive management of project risk a comprehensive assessment of risk and preparation of a suitable management plan can be activated. The study recommended further research be conducted on the assessment of the effectiveness of implementation approaches toward project sustainability.


Introduction
Risk is understood to be the magnitude of potential loss or failure (Wang, Zeng, & Tu, 2017). It is a possibility that, if it happens, might have a beneficial or bad effect on the project (Mfinanga, Mrosso, & Bishibura, 2019). As with all projects, IT projects are also susceptible to hazards, which can arise in both small and big IT projects and have the potential to result in project failure (Mwangi, & Ngugi, 2019). Since it may help project managers reduce their exposure to both, effective risk management is a crucial component of the decision-making process for projects (Baharuddin, & Yusof, 2018). As a result, project risk management has to be integrated into project management and used consistently throughout a project (Cantelmi, di Gravio, & Patriarca, 2021). Many projects fail because businesses make the mistake of assuming that every project will succeed and fail to recognize the risk factors involved in the project, analyse them, and create mitigation or backup plans (Chapman, 2019). Projects are always prone to uncertainties, risk and failure to effectively manage the associated risks appropriately leading to failure of the project in terms of delay in completion. Over the last 20 years, scholars have been interested in the success or failure of IT projects (Dobie, 2020). According to the McKinsey Global Institute (MGI), big IT projects often ran 45% over budget, and 7% over schedule, and delivered 56% less value than expected in 2012. Only 12% of projects, according to Standish group (2014), were completed on schedule and within the allocated budget (Filippetto, Lima, & Barbosa, 2021), revealing that IT projects carry out risk management to maximize the performance and mitigate risk effect and efficiently and to enjoy financial saving and greater productivity (Frigo, & Anderson, 2011). Also, many ICT enterprise has realized the importance of risk management practices and has improved rates of a new project and better decision-making (Hosseini, & Ivanov, 2020). Therefore, this study aims to find out the contribution of risk assessment practices on the performance of IT projects. To examine the roles of risk response practices on the performance of IT projects and to assess the roles of the monitoring and control process of risk in the performance of IT Projects. The specific objectives of this study were; i.
To find out the contribution of risk assessment practices on the performance of IT projects, ii.
To examine the roles of risk response practices on the performance of IT projects iii.
To assess the roles of the monitoring and control process of risk in the performance of IT Projects.

Materials and Methods
The study adopted a mixed research approach, under this approach, the researcher was able to collect quantitative data by using Likert Scale questionnaires and qualitative data through interviews and reviews of various documents. This study used descriptive research design, through descriptive research design the researcher was able to identify characteristics, frequencies, trends and categories of the research problem. In this study, data were collected through questionnaires and interviews and supplemented by a documentary review. Data was loaded into the Statistical Package for Social Sciences (SPSS) for processing and analysis. The Quantitative data were analysed using quantitative techniques in which means and standard deviations were computed. Correlation analysis, analysis of variance (ANOVA), and lastly the researcher employed the regression analysis to test the relationship between the research variables using the following equation below.

Results and Discussion
Demographic Characteristics of the Respondents Table  1 presented the demographic characteristics of the respondents where by on the age of the respondents 23.2% of the respondents were aged between 18 -28 years and 26.4% of the respondents were aged between 29 -39 years. On the other hand, 34.4% of the respondent aged 30 -40 years, 16.0% of the respondents aged 41 years above. The overall findings depict that there was an effective participation of the respondents in the age group of between 30 -40 years for about 34.4%, the study successfully obtained respondents within different age groups hence enabling the collection of data from different people.
Table 1 also showed that among the respondents 55.2% were male and 44.8% were female, this shows that there was effective participation of the male respondents compared to female respondents, the study employed both genders to avoid bias among the respondents. Thus, despite the slight difference of about 6.4% but the researcher managed to free the study from bias.
On the Level of education, Table 1 shows that 54.4% of the respondents had a bachelor's degree, 40.8% of the respondents had a diploma and only 4.8% had a master's level of education. The study successfully obtained a diversity of respondents in terms of the level of education and this helped to obtain different perceptions, thoughts and ideas that could be used to generalize the conclusion. Table 1 also presents results concerning the occupation of the respondents whereby 72.8% were project team members who takes the role of implementing different It projects in different areas. Also, 16% of the respondents were IT officials, 8% were heads of departments and 3.2% were project coordinators. The study had several respondents who fit and implement various roles in project management hence this enable the researcher to have a response from people who are working directly with project implementation so they could provide reliable information about project risk management.
On the working experience of the respondents, the data obtained show that 48.05% of the respondents had experience of 6 -10 years, while 27.2% of the respondents had the experience of between 1 -5 years and lastly 24.8% of the respondents had the experience of 11+ years in the implementation of IT project hence they could have detailed information about project risk management. From the demographic characteristics of the respondents, the researcher aimed to assess the ability of the respondents to produce information which can be relied upon when concluding the risk management practice in the implementation of IT projects. The information provided by the respondents could be relied upon because their characteristics allowed the researcher to obtain a valid conclusion.  Table 2 presents the relationship between the independent variables as follows; the overall relationship between the research variable was 0.01 which was positive and significant. More specifically Risk Assessment Practices (RAP) correlated (r (125)> .568, P< .000), this means that since p-value was less than 0.05 it implies that RAP is positively and significantly related to the Performance of IT Projects (PIP). In the same way, Risk Response Practices (RRP) correlated (r (125)> 452, P < .000), this also depicts a positive and significant relationship between Risk Response Practice (RRP) and the Performance of IT Projects (PIP). Lastly Monitoring and Control Process (MCP) had a correlation of (r (125)> 652, P < .000), this also depicts a positive and significant relationship between the Monitoring and control process (MCP) on the Performance of IT Project (PIP).
The study revealed a positive and significant relationship between the independent variable and the dependent variable which means that the tests of Linearity were statistically satisfied.
These results are positively in line with (Ilyina, E. & Sanovich, 2021), who affirm that the monitoring and control process offers an innovative and preliminary technique for measuring PRM success by assessing the efficacy of risk monitoring and management, as well as the repercussions that come from these measures after the project. Also, monitoring and evaluation help in improving capability through the deployment of a maturity model (Manal et al., 2019). A maturity model structure was proposed in this research to aid in efficient project risk management (Masár, & Hudáková, 2019). It was suggested to use a maturity model framework to include efficient project risk management. Highlighted the need for risk monitoring and control procedures for daily meetings, increments, prototypes, product backlogs, and sprint planning (Mishra, & Alok, 2017). The study's findings increased the risk control and monitoring procedures used in agile projects, increasing their success in Tanzania. Note: **. Correlation is significant at the 0.01 level (2-tailed).
The results in Table 3 show that the Minimum value of Skewness was -.814 and the maximum was .1380 while the value of Kurtosis was -1.131 as a minimum and .1631 as a maximum. The results show that data was normally distributed because the values of Skewness and Kurtosis were in the acceptable range. If the test for normality is statistically satisfied then regression analysis can be performed on these data. Table 4 shows that the predictors in the regression model were powerful as R was .691, which is equal to 69.1% and R square was 6.50 which is equal to 65% adjusted to 5.34%. this depicts that the relationship between the independent variables and the dependent variable is significant at 69.1% which means it was positive and significant. Since the study has shown that the adjusted Rsquare implied that there is a variation in project performance which was accounted for by three variables which include Risks Assessment Practices, Risk Response Practices and Risks Monitoring and Control Practices.  From the ANOVA test results, Table 5 shows that the F test was 21.700 which was significant at .000. These results mean that there was a statistically significant relationship between research variables since the level of significance was at .000 which was less than 0.05 p -value. This means the determinants of risk management practices have a statistically significant relationship to the performance of ICT projects. The findings of this study show that Since was .000 which is < 0.05 it is an indication that the predictors such as RAP, RRP, and MCP as independent variables have a positive and significant relationship to the project performance. Hence it can be concluded that project risk management practices are critical for peak project performance. These findings are positively supported developing strategies or eliminating the threats and event that creates risks. Risk response can either be in the form of risk avoidance, risk acceptance and sharing, risk mitigation or risk transfer. The identification of risks, tasks associated with responding to them and the risk owner who takes action (Nicholas, & Steyn, 2020).  Table 6 presents the regression coefficients as follows Risks Assessment Practices (RAP) shows that (β = .494, P =.000), which shows the positive and significant relationship between Risks management and the performance of the ICT projects. In the same vein Risk Response Practices (RRP) were also found to have (β = .146, P = .000), which means that this is a positive and significant relationship between Risk Response Practices and the performance of IT Projects. Lastly, Monitoring and Control Practices (MCP) was found to have (β = .047, P = .004), which means that there is a positive and significant relationship between monitoring and control process on the performance of IT projects. The relationship between the independent and the dependent variable was depicted with the presence of p -a value less than 0.05 and also this relationship envisages that the increase of the risk management practices affects positively the performance of the IT Projects. It is affirmed that project assessment allows the project team to identify, categorize, prioritize and mitigate or avoid these risks ahead of time as a step towards risk management procedure (Pimchangthong, & Boonjing, 2017). Thus, it is important to conduct a risk assessment because it is about creating a sensible measure to control the risks in the project implementation phase (Serpell, Ferrada, & Rubio, 2019).

Conclusion
In this study risk management practices assessed includes risk assessment practices, risk response and monitoring and control are required for the process performance, product performance and IT project success. The study has successfully added to the board of existing knowledge about project risk management and performance, especially in the field of IT. This is because it helps in the risk analysis to avoid negative impact on scheduled time and budget. Although more valuable results and recommendations have been presented in this study the small sample groups were limited to IT officials from Tanzania Revenues Authority in Tanzania, further research should be conducted on large sample groups from different departments and agencies including both private and public this is because the failure of the project either private or public brings effects to the general community. In relation to the risk assessment practice, this recommends that management should ensure a proactive project of risk, this is because any project implementation associated with limitation, challenges and risks which hinder its performance. Through a proactive management of project risk, a comprehensive assessment of risk and preparation of a suitable management plan that can be activated in the event of unforeseen issues can be useful to rescue the projects and ensure its sustainability.
In relation to the risk responses, this study recommends that management should provide a proven methodology to accurately and efficiently complete projects of any size and complexity with minimal associated risk. This can be done through a detailed planning which provides a realistic plan that would help respond to the risks and help to reduce costly changes in the project. In relation to project monitoring and control process the study recommends that there is a need to have effective alignment of the management and departmental tasks, resource contention and effective resources utilization tracking criteria and systems. This will enhance a systematic review of the project implementation while enabling the project team to trace the origin of the risk and predict the probable measure to mitigate it immediately.
information systems project in the public sector.