Risk is defined as an uncertain event or condition that, if it occurs, has either positive or negative effects on project objectives (Hillson and Simon 2007; Project Management Institute 2008). Nowadays sound management of risk is a crucial determinant of the success of a project due to increased attention to the variability of actual quality, time, and cost performance compared to the expected one as a consequence of growing pressure on reducing time and costs. It has been demonstrated that failure to deal with risk is the main cause of budget exceeding, falling behind schedule, and missing performance targets (Carbone and Tippet 2004). In several industries, such as the construction and information and communication technology ones, this situation is exacerbated because projects characterized by huge investments, long execution processes, many resources and stakeholders, and unstable economic and political environments introduce a high level of complexity (Guofeng, Min and Weiwei 2011).
Therefore, there is a strong need for assessing and controlling risk throughout all the phases of a project. Different perceptions, attitudes, and requirements have led to a variety of definitions and approaches. To be more precise, risk management processes and supporting techniques have been extensively developed and implemented in both literature and practice. The multitude of different methods asks for instruments suggesting under what circumstances each of them should be adopted and criteria for choosing among risk techniques have been identified. However, these criteria usually do take into account neither a comprehensive set of the peculiar characteristics of a project and of its surrounding environment nor the attitude of an organization towards risk.
The present work develops a theoretical taxonomy supporting the selection of risk management techniques. The classification is based on the significant features of the context of analysis derived from the study of literature about project and risk management (Association for Project Management 2004; Chapman and Ward 2003; Project Management Institute 2008): phase of the risk management process, phase of the project life cycle, and corporate maturity towards risk. This contributes to enhancing the knowledge about how to treat risky events and in turn to improve the risk knowledge management process in order to allow risk management processes to give the expected benefits. The research focuses on projects according to their general definition provided by the Project Management Institute: ‘A project is a temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a definite beginning and end. The end is reached when the project’s objectives have been achieved or when the project is terminated because its objectives will not or cannot be met, or when the need for the project no longer exists’ (Project Management Institute 2008).
After discussing the pertinent literature, a set of dimensions reflecting the managerial and operational conditions characterizing a project is defined. Widely applied techniques to support project risk management are classified according to such framework. Finally, implications, ramifications, and future research directions are elaborated and conclusions are drawn.