IT Risk Identification and Evaluation: a Case Study on XYZ University

Daniel Albertivan, Hendryantono Limantara, Reza Annisa Rachmadiati, Nico Surantha, Adik Wedsa Pamungkas


The purpose of this paper is to demonstrate that Failure Mode Effect Analysis (FMEA) can be applied to the educational field to identify various failure modes and its potential failure effect that could occur in anytime. FMEA is widely used in a design, a manufacturing or assembly process, or a product and service for identifying all possible failures. Risk identification is part of risk management. Therefore it is a critical first step of it. This paper is a case study on XYZ University which trying to implement risk management which only focused on how to identify the risk using FMEA. FMEA needs some parameters to be defined which are severity values, the likelihood of occurrence, and detection. Risk Priority Number (RPN) is a matrix that indicates potential risk calculated by multiplying the three components, and it used to classify which should be taken care of first based on the highest RPN value. Filtering the ticketing system and mapped the incidents that happened to the current business process is how the data collected, also the interview to end user for validation. The result of this paper is astonishing because it is different from the initial expectation that business process like LMS or network facility will get the highest RPN value, but after doing all the process, it is found that telecommunication is at the top. Surely this provides a new perspective to risk management to be slicker in handling potential one.


educational; Failure Mode Effect Analysi; FMEA; risk; risk management.

Full Text:



Antonio, B., & Gaudenzi, B. (2013). Risk Management.

Wickboldt, J. A., Bianchin, L. A., Lunardi, R. C., Granville, L. Z., Gaspary, L. P., & Bartolini, C. (2011). A framework for risk assessment based on an analysis of historical information of workflow execution in IT systems. Computer Networks, 55(13), 2954–2975.

Zou, P. X. W., Wang, S., & Fang, D. (2008). A lifeâ€cycle risk management framework for PPP infrastructure projects. Journal of Financial Management of Property and Construction, 13(2), 123–142.

Fontaine, M. (2015). Project Risk Management. Enterprise Risk Management: A Common Framework for the Entire Organization. Elsevier Inc.

Huth, M., Vishik, C., & Masucci, R. (2016). From Risk Management to Risk Engineering: Challenges in Future ICT Systems. Handbook of System Safety and Security: Cyber Risk and Risk Management, Cyber Security, Threat Analysis, Functional Safety, Software Systems, and Cyber-Physical Systems. Elsevier Inc.

Ko, D. G., & Kirsch, L. J. (2017). The hybrid IT project manager: One foot each in the IT and business domains. International Journal of Project Management, 35(3), 307–319.

Liu, S. (2016). How the user liaison’s understanding of development processes moderates the effects of user-related and project management risks on IT project performance. Information and Management, 53(1), 122–134.

Lipol, L., & Haq, J. (2011). Risk analysis method: FMEA/FMECA in the organizations. IJESEAS International Journal of Basic & Applied Sciences, 11(05), 74–82.

Santos, F. R. S. dos. (2008). Fmea and Pmbok Applied To Project Risk Management. JISTEM Journal of Information Systems and Technology Management, 5(2), 347–364.

Shinde, R. R., & Morey, R. B. (2015). Failure Mode Effect Analysis-Case Study for Bush Manufacturing process. IJESEAS International Journal of Scientific Engineering & Applied Sciences, 1(4), 283-294.

Thakore, R., Dave, R., & Parsana, T. (2015). Research Article A Case Study : A Process FMEA Tool to Enhance Quality and Efficiency of Bearing Manufacturing Industry, 3, 413–418.

Kritzinger, D. (2017). Failure Modes and Effects Analysis. Aircraft System Safety, 101–132.

Jamali, G., & Oveisi, M. (2016). A Study on Project Management Based on PMBOK and PRINCE2. Modern Applied Science, 10(6), 142.

Schwalbe, K. Information Technology Project Management, Revised 6e., Course Technology, Cengage Learning, 2011.

PMI. (2013). A Guide to the Project Management Body of Knowledge. Project Management Institute (Vol. 5).

Rodríguez, A., Ortega, F., & Concepción, R. (2017). An intuitionistic method for the selection of a risk management approach to information technology projects. Information Sciences, 375, 202–218.

Ennouri, W. (2015). Risk Management Applying Fmea-Steg Case Study. Polish Journal of Management Studies, 11(1), 56–67.

Rodrigues-da-Silva, L. H., & Crispim, J. A. (2014). The Project Risk Management Process, a Preliminary Study. Procedia Technology, 16, 943–949.

Zeb, J., Froese, T., & Vanier, D. (2013). Infrastructure Management Process Maturity Model: Development and Testing. Journal of Sustainable Development, 6(11).

Khatavakhotan, A. S., & Ow, S. H. (2012). An innovative model for optimizing software risk mitigation plan: A case study. In 2012 Sixth Asia Modelling Symposium (pp. 220-224). IEEE.

Tonny, B., Pa, N. C., Nor, R., Nor, H., Jusoh, Y., Information, G., & Systems, T. (2016). Development and Initial Results of a Component Model for Risk Mitigation in IT The Development and Initial Results of a Component Model for Risk Mitigation in IT Governance, (December).

Jnr, B. A., Pa, N. C., Nor, R., Nor, H., & Josoh, Y. Y. (2016). The Development and Initial Results of a Component Model for Risk Mitigation in IT Governance, 2(2), 1–13.

Polancich, S., Rue, L., Poe, T., & Miltner, R. (2018). Proactive Risk Mitigation: Using Failure Modes and Effects Analysis for Evaluating Vascular Access. Journal for Healthcare Quality, 40(1), 58–65.

Shahzad, B., & Afzal, S. (2010). Risk Mitigation And Management Scheme Based On Risk Priority. Work, 10(4), 108–113.

Torabi, S. A., Giahi, R., & Sahebjamnia, N. (2016). An enhanced risk assessment framework for business continuity management systems. Safety Science, 89, 201–218.

S. Parsana, T., & T. Patel, M. (2014). A Case Study: A Process FMEA Tool to Enhance Quality and Efficiency of Manufacturing Industry. Bonfring International Journal of Industrial Engineering and Management Science, 4(3), 145–152.

Sprcic, D. M., Pecina, E., & Orsag, S. (2017). Enterprise Risk Management Practices in Listed Croatian Companies. UTMS Journal of Economics, 8(3), 219–230.

Cervone, H. F. (2009). Using Pugh matrix analysis in complex decision-making situations. OCLC Systems & Services, 25(2), 76–81.



  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development