The Maturity Model of Risk Management for IT-Entities
EDN: PCYTXA
Abstract
The article considers the author's model for the maturity of risk management systems for entities involved in developing computer software and providing consulting services in this area. The key aspects of its development were the results of an analysis of popular maturity models such as RM Maturity Model, The Management of Risk Maturity Model, RMM, and RM3, based on which requirements were formulated for a domestic RMS model applicable to the IT-field. It was determined that the RMS maturity model should be accompanied by reduced material damage and harm to stakeholders, increased maturity levels, and compliance with national risk management standards. In addition, specialists responsible for managing risks must meet professional standards, and evaluation of the criteria for the developed model allowed us to determine that it meets all requirements, indicating its potential effectiveness in mitigating risks. Depending on its development, an entity can be assigned to one of three levels of maturity – «Low», «Medium», or «High». If an entity has a «Low» level of RMS, it is characterized by a high frequency of materialized risks leading to large amounts of damage, both to itself and to interested parties. An entity with a «Medium» level has an acceptable number of risks leading to «controlled» amounts of damage. At the «High» level, the entity does not experience events that could negatively affect IT-product creation during IT-project implementation (sprint, lifecycle phase, contract, etc.).
About the Author
V. S. NikolaenkoRussian Federation
Valentin S. Nikolaenko
Lenin Ave., 40, Tomsk, 634050
Lenin Ave., 30, Tomsk, 634050
Moscow Tract, 2, Tomsk, 634050
References
1. Nikolaenko V. S. Compliance-risks in the operation of IT products // Strategic Decisions and Risk Management. 2024;15(4):360–367. (In Russ.) https://doi.org/10.17747/2618-947X‑2024-4-360-367
2. Yahvarov E.K Improvement of the risk management system in the commercial activity of the organization // Hypothesis. 2019;(3):19–25. (In Russ.)
3. Cienfuego I. Developing a risk maturity model for dutch municipalities. PhD Thesis. 2013. 227 p.
4. Jugdev K., Thomas J. Project management maturity models: the silver bullets of competitive advantage? // Project Management Journal. 2002;33(4):4–14. https://doi.org/10.1177/875697280203300402
5. Montero G. Analysis of common maturity models applied to project management. book of proceedings of the 7th International Conference on Industrial Engineering and Industrial Management XVII Congreso de Ingeniería de Organización. Valladolid. 2013. P. 788–794.
6. Khoshgoftar M., Osman O. Comparison of maturity models. 2nd International Conference on Built Environment in Developing Countries. Penang. 2008. P. 953–964.
7. Grant K. P., Pennypacker J. S. Project management maturity: an assessment of project management capabilities among and between selected industries // IEEE Transactions on Engineering Management. 2006;53(1):59–68. https://doi.org/10.1109/TEM.2005.861802
8. Backlund F., Choronner D., Sundqvist E. Project management maturity models — a critical review. A case study within Swedish engineering and construction organizations. 27th IPMA World Congress. 2014;119:837–846
9. Anderson E. S., Jessen S. A. Project maturity in organizations // International Journal of Project Management Accounting. 2003;21(6):457–461. https://doi.org/10.1016/S0263-7863(02)00088-1
10. Crawford K. J. Project management maturity model. New York: Auerbach Publications, 2007. 235 p.
11. D. Proença, J. Estevens, R. Vieira and J. Borbinha, “Risk Management: A Maturity Model Based on ISO 31000,” 2017 IEEE 19th Conference on Business Informatics (CBI), Thessaloniki, Greece, 2017, pp. 99–108, https://doi.org/10.1109/CBI.2017.40.
12. Zou P., Chen Y., Chan T. Understanding and improving your risk management capability: assessment model for construction organization // Journal of Construction Engineering and Management. 2010;136(8):854–864. https://doi.org/10.1061/(ASCE)CO.1943-7862.0000175
13. Nikolaenko V., Sidorov A. Assessing the maturity level of risk management in it projects // Sustainability. 2023;15(17):12752. https://doi.org/10.3390/su151712752
14. Nikolaenko V. S. Compliance-features of creating IT-Products within the framework of IT-Projects // Issues of Risk Analysis. 2024;21(5):97–107. (In Russ.) — EDN: OKHMIT
15. Nikolaenko V. S. Technological features of creating IT products within the framework of implementing IT Projects // Strategic Decisions and Risk Management. 2024;15(3):270–279. (In Russ.) https://doi.org/10.17747/2618-947X-2024-3-270-279
16. Farrell M., Gallagher R. The Valuation implications on enterprise risk management maturity // Journal of Risk and Insurance. 2015;82(3):625–657.
17. Nikolaenko V., Sidorov A. Analysis of 105 IT Project risks // Journal of Risk and Financial Management. 2023;16(1):33. https://doi.org/10.3390/jrfm16010033
18. Nikolaenko V. S. Analysis of qualification requirements for specialists involved in the creation of IT‑products within the framework of IT‑projects // Journal of Wellbeing Technologies, 2025;53(3):97–109. https://doi.org/10.18799/26584956/2025/3/1992
Review
For citations:
Nikolaenko V.S. The Maturity Model of Risk Management for IT-Entities. Issues of Risk Analysis. 2026;23(1):36-49. (In Russ.) EDN: PCYTXA
JATS XML
























