EnglishНа русском

Ефективна економіка № 7, 2016

УДК 330.46 : 519.866


M. A. Tkachenko,

master, postgraduate of the department of information management,

Kiev national economic university named after Vadym Hetman




In the paper, an approach to the construction a Markovian model for managing risk in information technology projects is proposed. According to statistics, IT projects are highly vulnerable to risks, and the success rate of IT projects is rather low. At the same time, the existing risk management models for IT projects based on Markov chains tend to have disadvantages and omit important factors crucial for effective risk management. In order to address the issues connected with the use of the existing models, it is proposed to apply the tools of the buffer management concept, principles of agile methodologies, and knowledge management processes.


Keywords: information technology project, risk management, Markov chains, buffer management, knowledge management.



Problem statement. The increasing economic environment complexity as well as rapidly growing amounts of processed data require using and continuous improving information technologies. At the same time, the implementation of information technology projects is connected with numerous issues [2; 3]. Information technology projects are implemented under conditions of uncertainty concerning their outcomes and deliverables being highly vulnerable to risks.

The international standard ISO 31000:2009 defines risk as “effect of uncertainty on objectives” [4]. Accordingly, the aim of project risk management is to reduce the level of uncertainty in the project maximizing the probability of its success. If we regard an IT project as a system which has a desirable state corresponding to achieving the project's objectives, effective risk management implies providing estimates and taking measures to ensure that the project will be in such a state until it is complete. At the same time, risk has a probabilistic nature, and therefore the project being in a certain state is subject to probability as well. Consequently, an IT project's progress under conditions of uncertainty has definite characteristics of Markov processes.

The issue of using Markov chains in project risk management has been subject to research by such Ukrainian scientists as Veres et al. [5], Yefremova et al. [6], Hlybovets et al. [7], Kolesnykova [8], Pryimak et al. [9] and Olekh [10]. At the same time, applying Markov chains exactly to IT project risk management has been investigated by foreign scientists, such as Machac et al. [11], Choetkiertikul et al. [12] and Jeon et al. [13].

The scientists have developed a series of approaches to risk management in projects based on Markov chains. However, in our opinion, these approaches and models have some common flaws as well as leave some issues unaddressed. Due to this, the problem of effective application of the Markov chains method to IT project risk management is still relevant and requires further research.

Analysis of publications. Veres et al. [5] propose to use Markov chains to manage project risks and introduce the notion “project reliability”. Consequently, risk is regarded as a probability of the project's failure. If the current situation deviates from the plan significantly, the project manager should revise his management policy. Omitting finished tasks and rebuilding the project graph, the manager determines an optimal (in terms of risk) variant which may not match the original one. In order to develop concrete mechanisms of operational management, the scientists suggest using, inter alia, models and methods of graph theory and Markov chains.

Yefremova et al. [6] use Markov processes with discrete states and discrete time to develop a project work execution model adjusted for project risk management. It is assumed that, during the project’s course, four states of the model are possible: (1) S1 – carrying out project work; (2) S2 – occurrence of risk, risk identification and analysis; (3) S3 – developing and taking project risk response measures; (4) S4 – project work completion. It is assumed that task are performed, risk response measures are taken as well as risk identification and analysis are carried out with a one-day step. The state of project work execution is identified at the end of each step.

A similar approach was formed by Hlybovets et al. [7] who address the issue of optimization of project cost estimation under conditions of risk using Markov decision-making processes. Within the proposed model, risks may affect durations of tasks as well as the project's duration and cost. For each risk, several states may be determined.

According to Kolesnykova [8], in some cases, there exists an opportunity to manage laws of distribution or parameters of transition probabilities regardless of the process stochasticity. Kolesnikova asserts that, using controllable Markov chains, it is possible to adapt the model to changing characteristics of environment, which allows applying them to decision support systems.

Pryimak and Proshyn [9] propose to use controllable time-inhomogeneous Markov chains as models of real signals and phenomena.

Olekh [10] uses Markov chains with discrete states and discrete time to research into multidimensional estimates when managing projects. Depending on graduation of correspondence states, the scientist picks out six levels of successfulness: from D1 which corresponds to the ecological mark A (good, all important tasks have been fulfilled) to D6 corresponding to the mark F (unsatisfactory, important tasks unfulfilled).

Concerning application of Markov chains to risk management in information technologies projects, there are few publications of foreign authors.

Machac and Steiner [11] propose the Markov process method to calculate risk probability within software development projects in case sufficient data from observation or usage is unavailable. The scientists define a state by the range of risk factor frequencies observed in completed similar projects. Consequently, risk occurrence probabilities are calculated by multiplying the initial state probability with the transition probabilities.

Choetkiertikul et al. [12] employ Markov chains to predict delays in software projects. The proposed predictive models consist of three components: local classifier, relational classifier and collective inference. In order to obtain delay probabilities, finished tasks are labeled, i.e. classified, depending on the difference between their actual completion date and due date. The relational classifier uses task relations in task networks to predict whether a task duration will be overrun based on the information about delays of its neighbours, that is, the task class probability is estimated only based on direct relations. Thus, Choetkiertikul et al. refer to the Markov assumption stating that “given the neihgbourhood, it is sufficient to infer about the current label without knowing the other labels in the network” [12].

Jeon et al. [13] use Markov chains to predict software risks based on quality. Regarding risk as a “possibility that a program's requirements (quality) cannot be met through available technology or through suitable engineering procedures or processes with the triple constraints (schedule, budget, and scope)” [13], risk levels for each issue can be obtained with the use of risk ratings calculated by the risk matrix method.

Unaddressed issues. Notwithstanding that the proposed approaches and models may be characterized as comprehensive and multifaceted, they still have some flaws and leave some issues unaddressed:

1) The proposed approaches don’t allow for correlations between risks or assume zero correlation between them.

2) There is lack of consensus justifying number of states used in models. The number of states is defined depending on ecological marks, risk ratings based on quality, risk management measures, the project's reliability based on allocated financial resources, project risks based on costs etc. However, there is no approach dealing with the overall project's progress based on occurrence of risks.

3) The important problem is how to identify the number of steps for the model. As stated in [10], it may be calculated based on the stationary state. At the same time, if the steps are limited, e. g. we assume that steps correspond to the days necessary to complete the project, a large number of days may imply rather unwieldy calculations and reaching the stationary state far earlier that the project is planned to be finished.

4) The researchers propose to calculate initial vectors and transition probabilities based on historical data. However, it is still unclear how to apply expert methods if data is unavailable or insufficient.

5) The possibility to affect transition probabilities in time is quite important for project risk management flexibility. Although such a possibility was mentioned [5; 8; 9], it was not elaborated.

Aims of the paper. High probability of changes during an IT project’s course requires as flexible risk management approach as possible. Because alterations may turn out to be drastic, providing an adaptive mechanism of response to transitions between the project’s states is particularly important. Due to this, the aim of the article is to construct a Markovian model of IT project risk management which allows for possible changes of transition probabilities.

Main material. In order to address the highlighted issues and achieve the set objective, the buffer management concept, the agile methodologies principles and knowledge management techniques are used.

Buffer management. In order to address the issue concerning correlations between different risks, it is proposed to aggregate risks affecting separate tasks into a project buffer according to the critical chain method. Leach asserts that “the Critical Chain methodology exploits the statistical law of aggregation by protecting the project from common-cause uncertainty of the individual tasks in a task path with time buffers at the end of path in the project network” [14]. It is work remarking that such an approach addresses the problem of correlation between risks only partially because the distributions of random values in the project are considered independent. Nonetheless, the aggregation of risks allows dealing with risk on the project level rather than the level of individual tasks.

Concerning the number of the project’s states, it is proposed to form a set of events with three states corresponding to the three zones of the fever chart (see figure 1). The chart is divided into three zones according to the level of buffer consumption compared to the project progress.



Figure 1. Fever chart. Source: [15]


Agile methodologies. The critical chain project management emphasizes the importance of meeting due dates. However, the Markovian models listed above do not limit types of risks they are meant to cope with only to schedule risks, but also allow for budget and quality risks. Even so it is possible to aggregate budget risks into a budget buffer analogically to a time buffer, it is still problematic to accumulate a scope buffer because of qualitative estimates. The Agile manifesto [16] declares such principles of software development as: (1) agile processes should be well adapted to changing requirements; (2) frequent delivery of working software, from a couple of weeks to a couple of months, with a preference to the shorter timescale; (3) the primary measure of progress is working software.

Most agile methodologies are aimed to minimize risks reducing development processes to a series of short cycles called iterations that usually last 2-3 weeks. Thus, the aggregation of scope risks is done. Also, the use of the agile methodologies compared to the classic ones (including CCPM) may allow addressing the issue concerning the number of steps for the Markovian model. Considering that milestones of an agile project are linked to iterations, the number of steps necessary to finish the project (the number of steps chosen to calculate the probability of the project's success) equals the number of iterations necessary to deliver the required amount of functionality.

Knowledge management. As regards the problems of determining the initial distribution of state and transition probabilities, it is proposed to solve them with the use of knowledge management tools. Knowledge management is generally defined as a "discipline that promotes an integrated approach to identifying, capturing, evaluating, retrieving, and sharing all of an enterprise's information assets" [18]. Assets like these, in addition to databases, documents, policies and procedures (i. e. explicit knowledge), may also include expertise and experience of individual performers (tacit knowledge). Statistics identifies that organizations applying knowledge transfer technologies increase the chances of project success by 20% [2].

In order to provide knowledge management processes with necessary technological support, it is expedient to build a project's knowledge base which is an “organized repository of knowledge... consisting of concepts, data, objectives, requirements, rules, and specifications” [19]. The form of knowledge base depends on whether it supports a human based information retrieval or an artificial intelligence expert system retrieval.

As mentioned above, in case the data on similar past projects is unavailable or insufficient, it is recommended to use expert methods. However, even if the necessary data is available, the mutual application of expert methods does not seem to be superfluous.

Markovian model of IT project risk management. As mentioned above, as well as in the previous work [20], it was proposed to use three possible states of the project:

State 1. Negative deviations don’t take place or occur at the level of project environment elements affecting only objectives within single project work units. The buffer penetration trend is in the green (safe) zone.

State 2. Negative deviations occur at the level of project work units and potentially affect achieving project objectives and obtaining expected results. The buffer penetration trend is in the yellow (relatively safe) zone.

State 3. Negative deviations occur at the level of project objectives and potentially affect achieving strategic project objectives. The buffer penetration trend is in the red (unsafe) zone.

Thus, we have a set of the project’s states , where ω1 – state 1, ω2 – state 2, ω3 – state 3.

According to the Markov property, the probability of the project’s being in a certain state in n steps () is obtained as follows:


where  is the vector of distribution of probabilities;  – vector describing initial state of the project, P – the transition matrix with elements pij (the probability of transition of the system from the state i to the state j ()).

Because some measures affecting the transition probabilities can be taken during the project’s course as well, it is possible to apply control to the transition matrix thereby using controllable Markov chains. Thus, in addition to the transition matrix P we have a duration matrix D with elements dij (the duration of the iteration when the project transits from the state i to the state j). A Markov chain is considered controllable if at each step n = 1, 2, …, nmax and in each state i = 1, 2, …, N a row of the matrix : ; and a row of the matrix D:  can be chosen where ki is a control strategy for the state i. Accordingly, the aim of risk management is to minimize the overall duration of the project:  where  – the vector of profits (durations).

The number of steps corresponds to the number of iterations left to the project’s completion. After each iteration, the current project’s state should be analysed. Because of frequent changes in requirements and objectives, it is expedient to assess control measures only one step forward (n = 1):




where  – is the average duration based on transition from the state i if the strategy ki is applied.

At the same time, after certain control measures are taken, it is possible to calculate the probability of the project’s success regardless of the matrix of durations assuming that the project scope will be fixed. The initial vector of the chain is obtained based on both historical and expert data. The transition probabilities are also identified based on historical data and expert judgement. In order to combine these approaches, it is expedient to use a risk management knowledge-based system. The structure of the knowledge-based system is shown in the figure 2.


Figure 2. Risk management knowledge-based system. Source: designed by the author


According to the structure, applying risk management to the IT project is based on explicit and tacit knowledge:

1) Explicit knowledge including lessons learned from past projects, risk databases, documented historical data concerning the effectiveness of risk response measures etc. is actualized and brought in the risk database. The risk database information should contain but not limit to risk classification, severity and probability.

2) Based on the information from the risk database and tacit knowledge including the experience and know-how of the project’s stakeholders, the regularities of the domain (knowledge area) are obtained. The regularities are then codified as the rules for the expert system which helps the user to identify the issues and address them through a series of questions and answers. The recommendations of the expert system can be applied to risk management policies in the project, e.g. to estimating the effectiveness of control strategies applied to the Markov chain.

3) After the first iteration and further, based on the performance (explicit knowledge, including buffer data) and feedback from the stakeholders (tacit knowledge), the knowledge-based risk management system receives new information and the cycle repeats itself.

Conclusions. In terms of risk monitoring and control, buffer management provides a convenient tool for tracking the occurrence of risks as well as identifying the overall level of project risk. Therefore, picking out three states of the project corresponding to the zones of the fever chart allows tracking and predicting the project’s progress adjusted for risk influence.

The use of the agile methodologies may allow addressing the issue concerning the number of steps for the Markovian model. Considering that milestones of an agile project are linked to iterations, the number of steps necessary to finish the project equals the number of iterations necessary to deliver the required amount of functionality

The use of the knowledge-based risk management system provides a highly adaptive mechanism of identifying and responding risks occurring in a dynamic IT project environment.

Because some measures affecting the transition probabilities can be taken during the project’s course as well, it is possible to apply control to the transition matrix thereby using controllable Markov chains.

Thus, the proposed model allows addressing the issues of the existent Markovian models for IT project risk management and provides a flexible and adaptive mechanism that can be applied to projects using agile methodologies.



1. Project management institute (2013), “Project management between 2010 + 2020” [Online], available at: http://www.pmi.org/~/media/PDF/learning/Western-Canada/PMI-Project-Management-Skills-Gap-Report.ashx (accessed 30 Mar 2016).

2. Project management institute (2015), “Pulse of the Profession 2015: Capturing the Value of Project Management 2015” [Online], available at: http://www.pmi.org/~/media/PDF/learning/pulse-of-the-profession-2015.ashx (accessed 30 Mar 2016).

3. Standish group international (2013), “Chaos manifesto 2013” [Online], available at: http://www.versionone.com/assets/img/files/CHAOSManifesto2013.pdf (accessed 12 Feb 2015)

4. International Standards Organisation (2009), ISO 31000:2009, Risk Management - Principles and Guidelines. Geneva: International Standards Organisation.

5. Veres О. М. et al. (2003), “Risk management in project activity” [Online], available at: http://ena.lp.edu.ua:8080/bitstream/ntb/8638/1/04.pdf (accessed 19 Nov 2015).

6. Yefremova A. V., Latkin M. A., Chumachenko I. V. (2007), “Modeling the execution of tasks and monitoring project risks”, Radioelektronni i komp"yuterni systemy, vol. 3, pp. 112-116.

7. Hlybovets M. et al. (2010), “Markovian model of estimation of project cost with risk” [Online], available at:  http://www.ekmair.ukma.edu.ua/bitstream/handle/123456789/1606/Glybovets_Sydorenko_Markov%20model.pdf?sequence=1 (accessed 19 Nov 2015).

8. Kolesnikova E. V. (2013), “Modeling semistructured systems of project management”, Pratsi Odeskoho politekhnichnoho universytetu, vol 3, pp. 127-131.

9. Pryjmak M., Proshyn S (2010), “Markov processes as models of real signals and events”, Zbirnyk tez dopovidej XIV naukovoi konferentsii Ternopil's'koho natsional'noho tekhnichnoho universytetu imeni Ivana Puliuia «Pryrodnychi nauky ta informatsijni tekhnolohii, vol 1, pp. 30-30.

10. Olekh T. M. (2015), “Application of Markov chains to study multivariate estimates at project management” [Online], available at: http://storage.library.opu.ua/online/periodic/kms_2015_10/064-068.pdf (accessed 19 Nov 2015).

11. Machac J. and Steiner F. (2014), “Risk Management in Early Product Lifecycle Phases”, International Review of Management and Business Research, vol. 3(2), pp. 1151-1162.

12. Choetkiertikul M., Dam H. K., Tran T., and Ghose A, (2015), “Predicting Delays in Software Projects Using Networked Classification (T)”, Automated Software Engineering (ASE), pp. 353-364).

13. Jeon C., Kim N. and In H. P. (2015), “Probabilistic Approach to Predicting Risk in Software Projects Using Software Repository Data”, International Journal of Software Engineering and Knowledge Engineering, vol. 25(06), pp. 1017-1032.

14. Lawrence Leach (2010), Vovremja i v ramkah bjudzheta: upravlenie proektami po metodu kriticheskoj cepi [CCPM project management] / Alpina Pablisherz, Moscow, Russian Federation.

15. Kanban way, “Speed up project delivery using Critical Chain” [Online], available at: http://www.kanbanway.com/speed-up-project-delivery-using-critical-chain#.VdrP4_ntmko

(accessed 30 Mar 2016)

16. Ocamb S (2013), “The Agile Manifesto Principles” [Online], available at: https://www.scrumalliance.org/community/articles/2013/november/the-agile-manifesto-principles-what-do-they-mean (accessed 30 May 2016).

18. Duhon B. (1998), “It's all in our heads”, v. 12(8), pp. 8-13.

19. Business dictionary. Knowledge base. [Online], available at: http://www.businessdictionary.com/definition/knowledge-base.html (accessed 30 May 2016).

20. Tkachenko M. A. (2015), “Modeling processes of IT project risk management”, Materialy vseukrains'koi naukovo-praktychnoi konferentsii studentiv, aspirantiv ta molodykh uchenykh «Informatsijni tekhnolohii v modeliuvanni ITM-2016», pp. 103-104.



1. Project management institute. Project management between 2010 + 2020 [Electronic resource]. – Access mode: http://www.pmi.org/~/media/PDF/learning/Western-Canada/PMI-Project-Management-Skills-Gap-Report.ashx (last access: 30.03.2016).

2. Project management institute. Pulse of the Profession 2015: Capturing the Value of Project Management 2015 [Electronic resource]. – Access mode: http://www.pmi.org/~/media/PDF/learning/pulse-of-the-profession-2015.ashx (last access: 30.03.2016).

3. Standish group international. Chaos manifesto 2013 [Electronic resource]. – Access mode: http://www.versionone.com/assets/img/files/CHAOSManifesto2013.pdf (last access: 12.02.2015)

4. International Standards Organisation. ISO 31000:2009, Risk Management - Principles and Guidelines. Geneva: International Standards Organisation, 2009.

5. Верес О. М. та ін. Управління ризиками в проектній діяльності [Електронний ресурс]. – Режим доступу: http://ena.lp.edu.ua:8080/bitstream/ntb/8638/1/04.pdf (дата звернення: 19.11.15).

6. Ефремова А. В., Латкин М. А., Чумаченко И. В. Моделирование выполнения работ и мониторинга рисков проекта //Радіоелектронні і комп’ютерні системи. – 2007. – №. 3. – С. 112-116.

7. Глибовець М. та ін. Марковська модель оцінки вартості проекту з ризиком [Електронний ресурс]. – Режим доступу:  http://www.ekmair.ukma.edu.ua/bitstream/handle/123456789/1606/Glybovets_Sydorenko_Markov%20model.pdf?sequence=1 (дата звернення: 19.11.15).

8. Колесникова Е. В. Моделирование слабо структурированных систем проектного управления //Праці Одеського політехнічного університету. – 2013. – №. 3. – С. 127-131.

9. Приймак М., Прошин С. Марківські процеси як моделі реальних сигналів та явищ //Збірник тез доповідей XIV наукової конференції Тернопільського національного технічного університету імені Івана Пулюя «Природничі науки та інформаційні технології». – 2010. – Т. 1. – С. 30-30.

10. Олех Т. М. Застосування ланцюгів маркова для дослідження багатовимірних оцінок при управлінні проектами [Електронний ресурс]. – Режим доступу: http://storage.library.opu.ua/online/periodic/kms_2015_10/064-068.pdf (дата звернення: 19.11.15).

11. Machac J., Steiner F. Risk Management in Early Product Lifecycle Phases //International Review of Management and Business Research. – 2014. – Т. 3. – №. 2. – С. 1151-1162.

12. Choetkiertikul M. et al. Predicting Delays in Software Projects Using Networked Classification (T) //Automated Software Engineering (ASE), 2015 30th IEEE/ACM International Conference on. – IEEE, 2015. – С. 353-364.

13. Jeon C., Kim N., In H. P. Probabilistic Approach to Predicting Risk in Software Projects Using Software Repository Data //International Journal of Software Engineering and Knowledge Engineering. – 2015. – Т. 25. – №. 06. – С. 1017-1032.

14. Вовремя и в рамках бюджета: Управление проектами по методу критической цепи / Лоуренс Лич; Пер. с англ. — М.: Альпина Паблишерз, 2010. — 354 с.

15. Speed up project delivery using Critical Chain [Electronic resource]. – Access mode: http://www.kanbanway.com/speed-up-project-delivery-using-critical-chain#.VdrP4_ntmko

(last access: 30.03.16). – Title from the screen

16. Scott Ocamb. The Agile Manifesto Principles [Electronic resource]. – Access mode: https://www.scrumalliance.org/community/articles/2013/november/the-agile-manifesto-principles-what-do-they-mean (last access: 30.05.16). – Title from the screen.

18. Duhon B. It's all in our heads //Inform. – 1998. – Т. 12. – №. 8. – С. 8-13.

19. Business dictionary. Knowledge base. [Electronic resource]. – Access mode: http://www.businessdictionary.com/definition/knowledge-base.html (last access: 30.05.16) – Title from the screen.

20. Ткаченко М. А. Моделювання процесів управління ризиками ІТ-проекту // Матеріали всеукраїнської науково-практичної конференції студентів, аспірантів та молодих учених «Інформаційні технології в моделюванні ІТМ-2016». – 2015. – С. 103-104.



Стаття надійшла до редакції 11.07.2016 р.