根據Standish Group的軟體專案開發追蹤調查報告，儘管組織投入許多經費、時間與人力來開發軟體，軟體專案開發失敗的消息仍然時有所聞，這代表對許多組織而言，軟體專案開發是一項具有高度風險的工作。儘管如此，我們對風險因子的發生機率與衝擊程度的瞭解仍然十分有限，甚至缺乏瞭解風險因子與專案績效的相互關係以及專案時程與風險因子的關連。

本篇論文的主要目標在探討軟體專案時程、風險因子與績效間的相互關係。根據有系統的文獻回顧、建置軟體專案風險資料收集網站以及集群分析，本論文的主要二個貢獻如下：首先本研究彙整軟體風險管理領域於1991年至2006年間的文獻，並經由所收集之專案風險資料分析的結果，發現不同的軟體風險因子其發生機率與衝擊程度是有顯著差異的；此外藉由高績效專案、中績效專案與低績效專案的風險落差分析，透析軟體風險與專案績效的互動影響。最後，本研究也發現使用者風險、需求風險、規劃與控制風險以及團隊風險會受到軟體專案時程所影響，並透過風險元件來提供有效管理軟體風險的資訊。

根據上述所提到的研究發現，專案管理者可以採取適當的態度、技巧與作業實務來有效管理風險因子，而不是只單純告知專案管理者有哪些軟體風險因子需要注意而已。

Despite the fact that many organizations have invested a lot of money, time and effort to develop their software projects, the failures of software projects are still frequent based on the longitudinal analysis of the Standish Group. This stresses the fact that software projects pose various risks and daunting tasks for many organizations. However, currently we lack an understanding of the relative likelihood of occurrence and the various impacts of different software risks factors. And similarly, previous studies failed to analyze the gap between software risk factors and project performance and the invisible correlation of project duration to risk factors.

This dissertation aims to increase the understanding on the interactive effects of software project duration, risk factors and performance. Based on systematical literature review, web-based survey and clustering analysis, two contributions of this dissertation are summarize as below: Firstly, after summarizing the software risk management research work between 1991 and 2006 in the literature, this study analyizes the collected software risk management data and further finds that the likehihood of occurrence of software risks and composite impacts have significant differences on six risk dimensions. Moreover, it indicates that no association exists between the likelihood of occurrence and composite impact among the six risk dimensions. A pattern analysis of risks across high, medium, and low-performance software projects also shows the gap between software risks and project performance. Secondly, the study not only reveals that risk exposures associated with user, requirement, planning & control and team risk dimensions were affected by project duration, but also shows how to manage software risks effectively through observing trends in the risk components.

Based on the above-mentioned findings, project managers can accordingly adopt appropriate attitudes, skills, and practices to deal with risky areas more effectively rather than just identifying those software risks with which project managers should be concerned.

[1]Addison, T. (2003). E-commerce project development risks: Evidence from a Delphi survey. International Journal of Information Management, 23(1), 25-40.
[2]Adler, T. R., Leonard, J. G., & Nordgren, R. K. (1999). Improving risk management: moving from risk elimination to risk avoidance. Information and Software Technology, 41(1), 29-34.
[3]Akaike, H. (1973). Information theory and an extension of the maximum likelihood principle. Paper presented at the Second International Symposium on Information Theory, 267-281.
[4]Aloini, D., Dulmin, R., & Mininno, V. (2007). Risk management in ERP project introduction: Review of the literature. Information & Management, 44(6), 547-567.
[5]Amland, S. (2000). Risk-based testing: Risk analysis fundamentals and metrics for software testing including a financial application case study. Journal of Systems and Software, 53(3), 287-295.
[6]Ankerst, M., Breunig, M. M., Kriegel, H. P., & Sander, J. (1999). OPTICS: Ordering Points to Identify the Clustering Structure. SIGMOD Record (ACM Special Interest Group on Management of Data), 28(2), 49-60.
[7]Armour, P. G. (2005). Project portfolios: Organizational management of risk. Communications of the ACM, 48(3), 17-20.
[8]Armstrong, J. S., & Overton, T. S. (1977). Estimating Non-response Bias in Mail Surveys. Journal of Marketing Research, 51, 71-86.
[9]Arrow, K. J. (1971). Essays in the Theory of Risk Bearing: Markham Publishing.
[10]Baccarini, D., Salm, G., & Love, P. E. D. (2004). Management of risks in information technology projects. Industrial Management and Data Systems, 104(3), 286-295.
[11]Bacher, J., Wenzig, K., & Vogler, M. (2004). SPSS Two Step Cluster - A First Evaluation. Paper presented at the Sixth International Conference on Social Science Methodology.
[12]Badiru, A. B., & Sieger, D. B. (1998). Neural network as a simulation meta-model in economic analysis of risky projects. European Journal of Operational Research, 105(1), 130-142.
[13]Bagozzi, R. P., & Yi, Y. (1988). On the evaluation of structural equation models. Journal of the Academy of Marketing Science, 16(1), 74-94.
[14]Bahli, B., & Rivard, S. (2003). The information technology outsourcing risk: A transaction cost and agency theory-based perspective. Journal of Information Technology, 18(3), 211-221.
[15]Barki, H., Rivard, S., & Talbot, J. (1993). Toward an assessment of software development risk. Journal of Management Information Systems, 10(2), 203-225.
[16]Barki, H., Rivard, S., & Talbot, J. (2001). An integrative contingency model of software project risk management. Journal of Management Information Systems, 17(4), 37-69.
[17]Barros, M. D. O., Werner, C. M. L., & Travassos, G. H. (2004). Supporting risks in software project management. Journal of Systems and Software, 70(1-2), 21-35.
[18]Baskerville, R. L., & Stage, J. (1996). Controlling prototype development through risk analysis. MIS Quarterly: Management Information Systems, 20(4), 481-501.
[19]Benaroch, M. (2002). Managing information technology investment risk: A real options perspective. Journal of Management Information Systems, 19(2), 43-84.
[20]Benaroch, M., Lichtenstein, Y., & Robinson, K. (2006). Real options in information technology risk management: An empirical validation of risk-option relationships. MIS Quarterly: Management Information Systems, 30(4), 827-864.
[21]Bennett, J. C., Bohoris, G. A., Aspinwall, E. M., & Hall, R. C. (1996). Risk analysis techniques and their application to software development. European Journal of Operational Research, 95(3), 467-475.
[22]Bentler, P. M., & Bonett, D. G. (1980). Significance tests and goodness of fit in the analysis of covariance structures. Psychological Bulletin, 88, 588-606.
[23]Block, R. (1983). The Politics of Projects: Yourdon.
[24]Boehm, B., & Turner, R. (2003). Using risk to balance agile and plan-driven methods. Computer, 36(6), 57-66.
[25]Boehm, B. W. (1989). Software Risk Management: Institute of Electrical & Electronics Engineers.
[26]Boehm, B. W. (1991). Software risk management: Principles and practices. IEEE Software, 8(1), 32-41.
[27]Boehm, B. W., & DeMarco, T. (1997). Software risk management. IEEE Software, 14(3), 17-19.
[28]Brooks, F. P. (1995). The Mythical Man-Month (2 ed.): Addison-Wesley.
[29]Browne, M. W., & Cudeck, R. (1993). Alternative ways of assessing model fit. Testing Structural Equations, 137-162.
[30]Cafasso, R. (1994). Few IS projects come in on time, on budget. Computerworld, 28, 20.
[31]Calisir, F., & Gumussoy, C. A. (2005). Determinants of budget overruns on IT projects. Technovation, 25(6), 631-636.
[32]Carbone, T. A., & Tippett, D. D. (2004). Project risk management using the project risk FMEA. Engineering Management Journal, 16(4), 28-35.
[33]Carr, M. J. (1993). Taxonomy-Based Risk Identification. Technical Report, CMU/SEI-93-TR-6, Software Engineering Institute, Carnegie Mellon University.
[34]Carr, M. J. (1997). Risk management may not be for everyone. IEEE Software, 14(3), 21-24.
[35]Carr, V., & Tah, J. H. M. (2001). A fuzzy approach to construction project risk assessment and analysis: construction project risk management system. Advances in Engineering Software, 32(10-11), 847-857.
[36]Cash, J., McFarlan, F. W., McKenney, J., & Applegate, L. (1992). A portfolio approach to IT development. Corporate Information Systems Management, 3rd Edn, 418-434.
[37]Charette, R. N. (1996). Large-scale project management is risk management. IEEE Software, 13(4), 110-117.
[38]Charette, R. N. (1996). The mechanics of managing IT risk. Journal of Information Technology, 11(4), 373-378.
[39]Charette, R. N. (2005). Why software fails. IEEE Spectrum, 42(9), 36-43.
[40]Chen, S. M. (1999). Evaluating the rate of aggregative risk in software development using fuzzy set theory. Cybernetics and Systems, 30(1), 57-75.
[41]Chen, S. M. (2001). Fuzzy group decision making for evaluating the rate of aggregative risk in software development. Fuzzy Sets and Systems, 118(1), 75-88.
[42]Chittister, C., & Haimes, Y. Y. (1993). Risk associated with software development: a holistic framework for assessment and management. IEEE Transactions on Systems, Man and Cybernetics, 23(3), 710-723.
[43]Chittister, C., & Haimes, Y. Y. (1994). Assessment and management of software technical risk. IEEE Transactions on Systems, Man and Cybernetics, 24(2), 187-202.
[44]Chittister, C. G., & Haimes, Y. Y. (1996). Systems integration via software risk management. IEEE Transactions on Systems, Man, and Cybernetics Part A: Systems and Humans., 26(5), 521-532.
[45]Chiu, T., Fang, D., Chen, J., Wang, Y., & Jeris, C. (2001). A robust and scalable clustering algorithm for mixed type attributes in large database environment. Paper presented at the Proceedings of the Seventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.
[46]Clemons, E. K., & Row, M. C. (1995). Identifying sources of reengineering failures: A study of the behavioral factors contributing. Journal of Management Information Systems, 12(2), 9-36.
[47]CMMI Product Development. (2002). Capability Maturity Model Integration (CMMI), Version 1.1. CMU/SEI-2002-TR-011, Software Engineering Institute, Carnegie Mellon University.
[48]CMMI Product Development. (2006). CMMI for Development, Version 1.2. CMU/SEI-2006-TR-008, Software Engineering Institute, Carnegie Mellon University.
[49]Cole, A. (1995). Runaway projects - Cause and effects. Software World, 26(3), 3-5.
[50]Conrow, E. H., & Shishido, P. S. (1997). Implementing risk management on software intensive projects. IEEE Software, 14(3), 83-89.
[51]Cortellessa, V., Goseva-Popstojanova, K., Appukkutty, K., Guedem, A. R., Hassan, A., Elnaggar, R., et al. (2005). Model-based performance risk analysis. IEEE Transactions on Software Engineering, 31(1), 3-20.
[52]Costa, H. R., Barros, M. d. O., & Travassos, G. H. (2007). Evaluating software project portfolio risks. Journal of Systems and Software, 80(1), 16-31.
[53]Cuellar, M. J., & Gallivan, M. J. (2006). A framework for ex ante project risk assessment based on absorptive capacity. European Journal of Operational Research, 173(3), 1123-1138.
[54]Cule, P., Schmidt, R., Lyytinen, K., & Keil, M. (2000). Strategies for heading off is project failure. Information Systems Management, 17(2), 65-73.
[55]DeMarco , T. (2003). Waltzing With Bears: Managing Risk on Software Projects: Dorset House Publishing Company.
[56]DeMarco, T., & Lister, T. (2003). Risk management during requirements. IEEE Software, 20(5), 99-101.
[57]Dey, P. K., & Ogunlana, S. O. (2004). Selection and application of risk management tools and techniques for build-operate-transfer projects. Industrial Management and Data Systems, 104(3), 334-346.
[58]Dillman, D., Tortora, R. L., Conradt, J., & Bowker, D. (1998). Influence of plain vs. fancy design on response rates for web surveys. Paper presented at the Proceedings of the Joint Statistical Meetings, Survey Methods Section.
[59]Drummond, H. (1996). The politics of risk: Trials and tribulations of the Taurus project. Journal of Information Technology, 11(4), 347-357.
[60]Du, S., Keil, M., Mathiassen, L., Shen, Y., & Tiwana, A. (2007). Attention-shaping tools, expertise, and perceived control in IT project risk assessment. Decision Support Systems, 43(1), 269-283.
[61]Duda, R. O., & Hart, P. E. (1973). Pattern Classification and Scene Analysis: Wiley.
[62]Engel, A., & Last, M. (2007). Modeling software testing costs and risks using fuzzy logic paradigm. Journal of Systems and Software, 80(6), 817-835.
[63]Ester, M., Kriegel, H. P., Sander, J., & Xu, X. (1996). A density-based algorithm for discovering clusters in large spatial databases with noise. Proceedings of the 2nd ACM International Conference on Knowledge Discovery and Data Mining (KDD), Portland.
[64]Everitt, B., Landau, S., & Leese, M. (1993). Cluster Analysis: A Hodder Arnold Publication.
[65]Ewusi-Mensah, K. (1997). Critical Issues in Abandoned Information Systems Development Projects. Communications of the ACM, 40(9), 74-80.
[66]Fairley, R. (1994). Risk management for software projects. IEEE Software, 11(3), 57-67.
[67]Fan, C. F., & Yu, Y. C. (2004). BBN-based software project risk management. Journal of Systems and Software, 73(2), 193-203.
[68]Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50.
[69]Garvey, P. R., Phair, D. J., & Wilson, J. A. (1997). Information architecture for risk assessment and management. IEEE Software, 14(3), 25-34.
[70]Gemmer, A. (1997). Risk management: moving beyond process. Computer, 30(5), 33-43.
[71]Goldstein, H. (2005). Who killed the virtual case file? IEEE Spectrum, 42(9), 18-29.
[72]Gonzalez, R., Gasco, J., & Llopis, J. (2006). Information systems outsourcing: A literature analysis. Information and Management, 43(7), 821-834.
[73]Goseva-Popstojanova, K., Hassan, A., Guedem, A., Abdelmoez, W., Nassar, D. E. M., Ammar, H., et al. (2003). Architectural-Level Risk Analysis Using UML. IEEE Transactions on Software Engineering, 29(10), 946-959.
[74]Guha, S., Rastogi, R., & Shim, K. (1998). CURE: An efficient clustering algorithm for large databases. Proceedings of the ACM SIGMOD International Conference on Management of Data, 73-84.
[75]Guha, S., Rastogi, R., & Shim, K. (2000). Rock: a robust clustering algorithm for categorical attributes. Information Systems, 25(5), 345-366.
[76]Han, J., & Kamber, M. (2001). Data mining: Concepts and techniques. Data Mining: Concepts and Techniques.
[77]Han, W.-M., & Huang, S.-J. (2007). An empirical analysis of risk components and performance on software projects. Journal of Systems and Software, 80(1), 42-50.
[78]Heemstra, F. J., & Kusters, R. J. (1996). Dealing with risk: A practical approach. Journal of Information Technology, 11(4), 333-346.
[79]Houston, D. X., Mackulak, G. T., & Collofello, J. S. (2001). Stochastic simulation of risk factor potential effects for software development risk management. Journal of Systems and Software, 59(3), 247-257.
[80]Huang, S. J., Lin, C. Y., & Chiu, N. H. (2006). Fuzzy decision tree approach for embedding risk assessment information into software cost estimation model. Journal of Information Science and Engineering, 22(2), 297-313.
[81]Huang, S. M., Chang, I. C., Li, S. H., & Lin, M. T. (2004). Assessing risk in ERP projects: Identify and prioritize the factors. Industrial Management and Data Systems, 104(8), 681-688.
[82]Iacovou, C. L., & Dexter, A. S. (2005). Surviving IT project cancellations. Communications of the ACM, 48(4), 83-86.
[83]Im, I., Kim, Y., & Han, H.-J. The effects of perceived risk and technology type on users' acceptance of technologies. Information & Management, In Press, Corrected Proof.
[84]ISO/IEC 16085 - 2006: Information Technology - Software Lifecycle Processes - Risk Management. (2006). ISO International Organization for Standardization.
[85] Iversen, J. H., Mathiassen, L., & Nielsen, P. A. (2004). Managing risk in software process improvement: AN action research approach. MIS Quarterly: Management Information Systems, 28(3), 395-434.
[86]Jain, A. K., & Dubes, R. C. (1988). Algorithms for Clustering Data: Prentice-Hall.
[87]Jain, A. K., Murty, M. N., & Flynn, P. J. (1999). Data clustering: A review. ACM Computing Surveys, 31(3), 316-323.
[88]Jiang, J. J., & Klein, G. (1999). Risks to different aspects of system success. Information and Management, 36(5), 263-272.
[89]Jiang, J. J., & Klein, G. (2000). Software development risks to project effectiveness. Journal of Systems and Software, 52(1), 3-10.
[90]Jiang, J. J., Klein, G., & Discenza, R. (2001). Information system success as impacted by risks and development strategies. IEEE Transactions on Engineering Management, 48(1), 46-55.
[91]Jones, C. (1994). Assessment and control of software risks (1 ed.): Prentice Hall PTR.
[92]Känsälä, K. (1997). Integrating risk assessment with cost estimation. IEEE Software, 14(3), 61-68.
[93]Kappelman, L. A., McKeeman, R., & Zhang, L. (2006). Early warning signs of IT project failure: The dominant dozen. Information Systems Management, 23(4), 31-36.
[94]Karolak, D. W. (1995). Software Engineering Risk Management: IEEE Computer Society Press.
[95]Karypis, G., Han, E. H., & Kumar, V. (1999). Chameleon: Hierarchical clustering using dynamic modeling. Computer, 32(8), 68-75.
[96]Kaufman, L., & Rousseeuw, P. J. (1990). Finding Groups in Data: An Introduction to Cluster Analysis: Wiley-Interscience.
[97]Keil, M., Cule, P. E., Lyytinen, K., & Schmidt, R. C. (1998). A framework for identifying software project risks. Communications of the ACM, 41(11), 76-83.
[98]Keil, M., & Robey, D. (2001). Blowing the whistle on troubled software projects. Communications of the ACM, 44(4), 87-93.
[99]Keil, M., Tiwana, A., & Bush, A. (2002). Reconciling user and project manager perceptions of IT project risk: A Delphi study. Information Systems Journal, 12(2), 103-119.
[100]Keil, M., Wallace, L., Turk, D., Dixon-Randall, G., & Nulden, U. (2000). An Investigation of risk perception and risk propensity on the decision to continue a software development project. Journal of Systems and Software, 53(2), 145-157.
[101]Keil, M., Li, L., Mathiassen, L., & Zheng, G. The influence of checklists and roles on software practitioner risk perception and decision-making. Journal of Systems and Software, In Press, Corrected Proof.
[102]Kemerer, C. F., & Sosa, G. L. (1991). Systems development risks in strategic information systems. Information and Software Technology, 33(3), 212-223.
[103]Kliem, R. (2004). Managing the risks of offshore IT development projects. Information Systems Management, 21(3), 22-27.
[104]Kliem, R. L. (2000). Risk Management for business process reengineering projects. Information Systems Management, 17(4), 71-73.
[105]Kumar, R. L. (2002). Managing risks in IT projects: An options perspective. Information and Management, 40(1), 63-74.
[106]Kwak, Y. H., & Laplace, K. S. (2005). Examining risk tolerance in project-driven organization. Technovation, 25(6), 691-695.
[107]Lambert, D. M., & Harrington, T. C. (1990). Measuring nonresponse bias in customer service mail surveys. Journal of Business Logistics, 11(2), 5-25.
[108]Lauer, T. W. (1996). Software project managers' risk preferences. Journal of Information Technology, 11(4), 287-295.
[109]Lee, H. M. (1996). Applying fuzzy set theory to evaluate the rate of aggregative risk in software development. Fuzzy Sets and Systems, 79(3), 323-336.
[110]Lee, H. M. (1996). Group decision making using fuzzy sets theory for evaluating the rate of aggregative risk in software development. Fuzzy Sets and Systems, 80(3), 261-271.
[111]Lee, H. M., Lee, S. Y., Lee, T. Y., & Chen, J. J. (2003). A new algorithm for applying fuzzy set theory to evaluate the rate of aggregative risk in software development. Information Sciences, 153(SUPP), 177-197.
[112]Lister, T., & Carr, M. J. (1997). Risk management is project management for adults. IEEE Software, 14(3), 20-24.
[113]Liu, X., Kane, G., & Bambroo, M. (2006). An intelligent early warning system for software quality improvement and project management. Journal of Systems and Software, 79(11), 1552-1564.
[114]Longstaff, T. A., Chittister, C., Pethia, R., & Haimes, Y. Y. (2000). Are we forgetting the risks of information technology? Computer, 33(12), 43-51.
[115]Lyytinen, K., Mathiassen, L., & Ropponen, J. (1996). A framework for software risk management. Journal of Information Technology, 11(4), 275-285.
[116]Lyytinen, K., Mathiassen, L., & Ropponen, J. (1998). Attention Shaping and Software Risk -A Categorical Analysis of Four Classical Risk Management Approaches. Information Systems Research, 9(3), 233-255.
[117]MacQueen, J. (1967). Some methods for classification and analysis of multivariate observations. Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, 1, 281-297.
[118]Madachy, R. J. (1997). Heuristic risk assessment using cost factors. IEEE Software, 14(3), 51-59.
[119]Maytorena, E., Winch, G. M., Freeman, J., & Kiely, T. (2007). The Influence of Experience and Information Search Styles on Project Risk Identification Performance. IEEE Transactions on Engineering Management, 54(2), 315-326.
[120]McFarlan, F. W. (1981). Portfolio approach to information systems. Harvard Business Review, 59(5), 142-150.
[121]Meila, M., & Heckerman, D. (1998). An experimental comparison of several clustering and initialization methods. Paper presented at the Proceedings of the 14th Conference on Uncertainty in Artificial Intelligence.
[122]Mohtashami, M., Marlowe, T., Kirova, V., & Deek, F. P. (2006). Risk management for collaborative software development. Information Systems Management, 23(4), 20-30.
[123]Motawa, I. A., Anumba, C. J., & El-Hamalawi, A. (2006). A fuzzy system for evaluating the risk of change in construction projects. Advances in Engineering Software, 37(9), 583-591.
[124]Moynihan, T. (1996). An inventory of personal constructs for information systems project risk researchers. Journal of Information Technology, 11(4), 359-371.
[125]Moynihan, T. (1997). How experienced project managers assess risk. IEEE Software, 14(3), 35-41.
[126]Mumford, E. (1996). Risky ideas in the risk society. Journal of Information Technology, 11(4), 321-331.
[127]Mursu, A., Lyytinen, K., Soriyan, H., & Korpela, M. (2003). Identifying software project risks in nigeria: An International Comparative Study. European Journal of Information Systems, 12(3), 182-194.
[128]Mustafa, M. A., & Al-Bahar, J. F. (1991). Project risk assessment using the analytic hierarchy process. IEEE Transactions on Engineering Management, 38(1), 46, 48-50.
[129]Na, K. S., Xiaotong, L., Simpson, J. T., & Kim, K. Y. (2004). Uncertainty profile and software project performance: A cross-national comparison. Journal of Systems and Software, 70(1-2), 155-163.
[130]Na, K.-S., Simpson, J. T., Li, X., Singh, T., & Kim, K.-Y. (2007). Software development risk and project performance measurement: Evidence in Korea. Journal of Systems and Software, 80(4), 596-605.
[131]Nag, R., & Han, J. (1994). Efficient and effective clustering methods for spatial data mining. Proceedings of the 20th Very Large Data Bases Conference, 145-155.
[132]Neumann, D. E. (2002). An enhanced neural network technique for software risk analysis. IEEE Transactions on Software Engineering, 28(9), 904-912.
[133]Ng, M. K. (2000). K-means-type algorithms on distributed memory computer. International Journal of High Speed Computing, 11(2), 75-91.
[134]Ngai, E. W. T., & Wat, F. K. T. (2005). Fuzzy decision support system for risk analysis in e-commerce development. Decision Support Systems, 40(2), 235-255.
[135]Nidumolu, S. (1995). The Effect of Coordination and Uncertainty on Software Project Performance: Residual Performance Risk as an Intervening Variable. Information Systems Research, 6(3), 191-219.
[136] Nidumolu, S. R. (1996). A Comparison of the Structural Contingency and Risk-Based Perspectives on Coordination in Software-Development Projects. Journal of Management Information Systems, 13(2), 77-113.
[137]Nidumolu, S. R. (1996). Standardization, requirements uncertainty and software project performance. Information and Management, 31(3), 135-150.
[138]Nonaka, I., Toyama, R., & Konno, N. (2000). SECI, Ba and Leadership: A Unified Model of Dynamic Knowledge Creation. Long Range Planning, 33(1), 5-34.
[139]Pelleg, D., & Moore, A. W. (1999). Accelerating exact k-means algorithms with geometric reasoning. Proceedings of the 5th International Conference on Knowledge Discovery and Data Mining (KDD).
[140]Pena, J. M., Lozano, J. A., & Larranaga, P. (1999). An empirical comparison of four initialization methods for the K-Means algorithm. Pattern Recognition Letters, 20(10), 1027-1040.
[141]Pervan, G. P. (1998). A review of research in Group Support Systems: Leaders, approaches and directions. Decision Support Systems, 23(2), 149-159.
[142]Pfleeger, S. L. (2000). Risky business: What we have yet to learn about risk management. Journal of Systems and Software, 53(3), 265-273.
[143]Pham, D. T., Dimov, S. S., & Nguyen, C. D. (2005). Selection of K in K-means clustering. Proceedings of the Institution of Mechanical Engineers, Part C: Journal of Mechanical Engineering Science, 219(1), 103-119.
[144]Phan, D., Vogel, D., & Nunamaker, J. (1988). The search for perfect project management. Computerworld, 22, 95-100.
[145]Phelps, R. (1996). Risk management and agency theory in IS projects--an exploratory study. Journal of Information Technology, 11(4), 297-307.
[146]Powell, P. L., & Klein, J. H. (1996). Risk management for information systems development. Journal of Information Technology, 11(4), 309-319.
[147]Project Management Institute. (1996). A guide to the project management body of knowledge(PMBOK Guide 1996 Edition).
[148]Project Management Institute. (2000). A guide to the project management body of knowledge(PMBOK Guide 2000 Edition).
[149]Project Management Institute. (2004). PMBoK Guide. A guide to the project management body of knowledge 3rd ed.
[150]Rai, A., & Al-Hindi, H. (2000). The effects of development process modeling and task uncertainty on development quality performance. Information and Management, 37(6), 335-346.
[151]Rainer, R. K. J. R., Snyder, C. A., & Carr, H. H. (1991). Risk analysis for information technology. Journal of Management Information Systems, 8(1), 18.
[152]Reifer, D. (2002). Ten deadly risks in internet and intranet software development. IEEE Software, 19(2), 12.
[153]Riggs, J. L., Brown, S. B., & Trueblood, R. P. (1994). Integration of technical, cost, and schedule risks in project management. Computers and Operations Research, 21(5), 521-533.
[154]Ropponen, J., & Lyytinen, K. (1997). Can software risk management improve system development: An exploratory study. European Journal of Information Systems, 6(1), 41-50.
[155]Ropponen, J., & Lyytinen, K. (2000). Components of software development risk: how to address them? A project manager survey. IEEE Transactions on Software Engineering, 26(2), 98-112.
[156]Saarinen, T., & Vepsalainen, A. (1993). Managing the risks of information systems implementation. European Journal of Information Systems, 2(4), 283-295.
[157]Sakthivel, S. (2007). Managing risk in offshore systems development. Communications of the ACM, 50(4), 69-75.
[158] Schmidt, C., Dart, P., Johnston, L., Sterling, L., & Thorne, P. (1999). Disincentives for communicating risk: A risk paradox. Information and Software Technology, 41(7), 403-411.
[159]Schmidt, R., Lyytinen, K., Keil, M., & Cule, P. (2001). Identifying software project risks: An international Delphi study. Journal of Management Information Systems, 17(4), 5-36.
[160]Scott, J. E., & Vessey, I. (2002). Managing Risks in Enterprise Systems Implementations. Communications of the ACM, 45(4), 74-81.
[161]Schwarz, G. (1978). Estimating the dimension of a model. Annals of Statistics, 6(2), 461-464.
[162]Sherer, S. A. (1994). Measuring software failure risk: methodology and an example. Journal of Systems and Software, 25(3), 257-269.
[163]Shmueli, O., Widom, J., Sheikholeslami, G., Chatterjee, S., Zhang, A., & Gupta, A. (1998). Wavecluster: A multi-resolution clustering approach for very large spatial databases. Proceedings of the 24th International Conference on Very-large Databases, 428-439.
[164]Sicotte, C., Pare, G., Moreault, M. P., & Paccioni, A. (2006). A Risk Assessment of Two Interorganizational Clinical Information Systems. Journal of the American Medical Informatics Association, 13(5), 557-566.
[165]Sisti, F., & Sujoe, J. (1994). Software risk evaluation method version 1.0.
[166]Sneath, P. H. A. (1957). The application of computers to taxonomy. Journal of General Microbiology, 17, 201-226.
[167]Sorensen, T. (1948). A method of establishing groups of equal amplitude in plant sociology based on similarity of species content. Biologiske Skrifter, 5(4), 1-34.
[168]SPSS Corporation. (2001). The SPSS Two Step cluster component, White paper - Technical Report(TSCWP-0101).
[169]SPSS Corporation. (2004). The SPSS Two Step Cluster Component: A Scalable Component Enabling More Efficient Customer Segmentation, White paper - Technical Report(TSCWP-1100).
[170]Su, M. C., & Chou, C. H. (2001). A modified version of the K-means algorithm with a distance based on cluster symmetry. IEEE Transactions on Pattern Analysis and Machine Intelligence, 23(6), 674-680.
[171]Suh, B., & Han, I. (2003). The IS risk analysis based on a business model. Information and Management, 41(2), 149-158.
[172]Sumner, M. (2000). Risk factors in enterprise-wide/ERP projects. Journal of Information Technology, 15(4), 317-327.
[173]Tafti, M. H. A. (2005). Risks factors associated with offshore IT outsourcing. Industrial Management and Data Systems, 105(5), 549-560.
[174]Tah, J. H. M., & Carr, V. (2001). Towards a framework for project risk knowledge management in the construction supply chain. Advances in Engineering Software, 32(10-11), 835-846.
[175]Takagi, Y., Mizuno, O., & Kikuno, T. (2005). An empirical approach to characterizing risky software projects based on logistic regression analysis. Empirical Software Engineering, 10(4), 495-515.
[176]Taylor, H. (2006). Critical risks in outsourced it projects: The intractable and the unforeseen. Communications of the ACM, 49(11), 74-79.
[177]The Standish Group. (2003). Chaos Chronicles Version 3.0.
[178]Tiwana, A., & Keil, M. (2004). The one-minute risk assessment tool. Communications of the ACM, 47(11), 73-77.
[179]Tiwana, A., & Keil, M. (2006). Functionality risk in information systems development: An empirical investigation. IEEE Transactions on Engineering Management, 53(3), 412-425.
[180]Tüysüz, F., & Kahraman, C. (2006). Project risk evaluation using a fuzzy analytic hierarchy process: An application to information technology projects. International Journal of Intelligent Systems, 21(6), 559-584.
[181]US Defense Acquisition University. (2003). Risk Management Guide to DoD Acquisition. 5th Ed. Vers. 2.0.
[182]US Defense Acquisition University. (2006). Risk Management Guide to DoD Acquisition, Sixth Edition (Version 1.0).
[183]Wallace, L., & Keil, M. (2004). Software project risks and their effect on outcomes. Communications of the ACM, 47(4), 68-73.
[184]Wallace, L., Keil, M., & Rai, A. (2004). How Software Project Risk Affects Project Performance: An Investigation of the Dimensions of Risk and an Exploratory Model. Decision Sciences, 35(2), 289-322.
[185]Wallace, L., Keil, M., & Rai, A. (2004). Understanding software project risk: A cluster analysis. Information and Management, 42(1), 115-125.
[186]Wang, W., Yang, J., & Muntz, R. (1997). STING: A statistical information grid approach to spatial data mining. Proceedings of the 23rd VLDB Conference, 186-195.
[187]White, D. (1995). Application of systems thinking to risk management. Management Decision, 33(10), 35-45.
[188]Willcocks, L., Lacity, M., & Fitzgerald, G. (1994). Risk assessment and information systems. European Journal of Information Systems, 3(1), 127-138.
[189]Williams, R. C., Walker, J. A., & Dorofee, A. J. (1997). Putting risk management into practice. IEEE Software, 14(3), 75-82.
[190]Woolridge, R. W., McManus, D. J., & Hale, J. E. (2007). Stakeholder Risk Assessment: An Outcome-Based Approach. IEEE Software, 24(2), 36-45.
[191]Xu, R., & Wunsch Ii, D. (2005). Survey of clustering algorithms. IEEE Transactions on Neural Networks, 16(3), 645-678.
[192]Xu, Z., Khoshgoftaar, T. M., & Allen, E. B. (2003). Application of fuzzy expert systems in assessing operational risk of software. Information and Software Technology, 45(7 SPEC.), 373-388.
[193]Yacoub, S. M., & Ammar, H. H. (2002). A methodology for architecture-level reliability risk analysis. IEEE Transactions on Software Engineering, 28(6), 529-547.
[194]Yang, L., Jones, B. F., & Yang, S. H. (2006). Genetic Algorithm based software integration with minimum software risk. Information and Software Technology, 48(3), 133-141.
[195]Zhang, T., Ramakrishnan, R., & Livny, M. (1996). BIRCH: An Efficient Data Clustering Method for Very Large Databases. SIGMOD Record (ACM Special Interest Group on Management of Data), 25(2), 103-114.
[196]Zwikael, O., & Sadeh, A. (2007). Planning effort as an effective risk management tool. Journal of Operations Management, 25(4), 755-767.