A Risk Mitigation Framework for Information Technology Projects: A Cultural Contingency Perspective

Abstract

As new information technology (IT) platforms continue to emerge, the technical project risk associated with developing IT projects for these platforms is particularly challenging for organizations. We develop a nomological network of people, process, and technology to gain insight into how the effect of technical project risk can be mitigated at the IT project team level. Drawing on cultural contingency theory, the IT project risk framework, and the IT project management literature, we elaborate on the IT project team composition and team processes necessary to mitigate technical project risk. We tested the nomological network by conducting a field study of 325 IT project teams over a 3-year period at a large corporation in China. We found that project risk mitigation processes mediated the effect of IT project teams’ cultural composition on IT project performance, and the effect of these processes on IT project performance was stronger under high levels of technical project risk compared to low levels of such risk. By incorporating the cultural contingency theory into developing a nomological network of technical risk mitigation processes, this work not only contributes to the IT project management literature, but also provides suggestions for practitioners on how to better leverage people, process, and technology in mitigating IT project risks.

Key words and phrases:

• IT projects
• technical risk
• team processes
• cultural contingency theory
• risk mitigation
• project management
• project risk

Introduction

Spending on information technology (IT) projects constitutes a significant portion of organizational investment and is projected to continue growing as firms seek to improve their operational effectiveness [18]. Despite these investments, reports of failed IT project implementations abound (see [10]). IT project implementation is a multifaceted and complex activity that encompasses various risks related to technology, process, and people [31, 65]. The role of technical project risk—defined as the risks associated with developing an IT artifact that is complex and has requirements that are difficult to clarify due to frequent changes in business needs [8, 76]—in affecting IT project success is increasing in prevalence (e.g., [47, 73, 77]).

Recent years have seen the rapid emergence of myriad new technologies, tools, and platforms (e.g., mobile technologies, social networking, cloud computing, data analytics). Consequently, IT projects that were initially developed to operate in traditional client-server environments must now be developed for deployment on new platforms, such as cloud technology, be able to leverage big data capabilities, and have seamless interoperability across different mobile platforms [54]. The technical complexity of IT project development has increased considerably due to significant knowledge barriers to learning new technologies and understanding the interdependencies across different technological platforms. Besides the increased technical complexity of IT projects, the volatility of requirements—that is, changes in what the delivered software should do—is increasing. The rapid rise of new platforms is expanding the range of possibilities for firms to deliver their products and services. These new platforms are also enabling firms to discover innovative ways of creating new products and services that were not possible before. In order to deliver value, IT project development must make changes to incorporate these new product and service innovation objectives through organizational learning and complex social interactions. Naturally, keeping apace of such changes has implications for the delivery, cost, and quality of IT projects. In a framework that outlines IT project risks, technical project risk that comprises project complexity and requirements change has been acknowledged as one of the most important threats to IT project success [8, 31, 73]. As new platforms continue to emerge, giving rise to product and service innovations, these types of challenges in IT project development are likely to persist.

The technical project risk identified above poses a direct threat to the ability of IT project teams—which are tasked with different types of IT projects, for example, developing a new system, upgrading an old system, migrating an old system to a new system—to complete their objectives [31]. Such a threat is more salient for new system development projects that are likely to utilize new technologies and platforms [75, 78]. In addition, specifying requirements for a new system is more challenging because users are generally not clear about what they need from a new system and tend to change their requirements during the course of the project [24, 31, 47]. According to the IT project risk framework, this threat manifests in two ways. First, technical project risk increases the probability that the IT project team is unable to mobilize the necessary expertise to complete the IT project [15, 76]. Second, technical project risk increases the potential for inadequate planning and control, which can jeopardize IT project success [4, 39]. Taken together, these consequences represent a threat to the execution of IT projects [4, 55, 76, 77]. Although these exogenous technical project risks and the threat they pose are well-known in the literature, there have been limited efforts to examine how their effects can be mitigated, particularly at the IT project team level.

Research on control theory has begun to identify how the threat of such risk can be averted from an IT manager perspective. These studies (e.g., [9, 31, 47, 73]) tend to examine how outcome control, behavior control, clan control, and self-control facilitate higher IT project quality and performance under varying levels of requirement risk. However, they do not examine the precise IT project management processes that IT project teams can use to mitigate the threat of technical project risk. Furthermore, they have focused exclusively on requirement risk. In this paper, we focus on tackling the threat of technical project risk by examining how IT project teams can be composed to mitigate such a threat. Drawing from the IT project management literature, we identify the IT project risk mitigation processes that IT project teams use to avert the threat posed by technical project risk [9, 33, 40, 47, 75]. We consider both forms of technical project risk—requirement risk and project complexity risk—that are salient for new system development projects [75]. However, the efficacy of these risk mitigation processes in affecting IT project performance, under different levels of technical project risk, is not adequately understood, and there is a lack of research on how these risk mitigation processes can be enabled through effective team staffing.

The information systems (IS) literature has found cultural values to be an important consideration in IT project implementation because they shape the manner in which developers approach IT development [62, 64]. For instance, developers with higher collectivism—a cultural value that emphasizes the needs of others over the needs of self—are more likely to emphasize promptness in responding to end-user requests and work to achieve high quality outputs [29]. Consequently, the cultural values represented on IT project teams have the potential to affect how these teams perform their tasks in ways managers have not yet begun to understand. Consideration of the cultural composition of IT project teams, therefore, represents an important stepping-stone to mitigating the challenges posed by technical project risk. To gain insight on the role of team cultural composition in affecting teams’ risk management processes, we build on cultural contingency theory [56]. Cultural contingency theory recognizes that people’s cultural values—which reflect their built-in mental schema of how the world works—are intertwined with, and shape, the actions they perform in the workplace [10, 50, 79]. We extend this theory to the IT project team level by theorizing the connection between the cultural composition of IT project teams and the collective, interdependent actions these teams perform to mitigate the effects of technical project risk. We seek to answer two research questions:

Research Question 1: What type of IT project team composition is more likely to execute project risk mitigation processes to ward off the threat posed by technical project risk?

Research Question 2: How do project risk mitigation processes affect IT project performance under different levels of technical project risk?

The objective of this research is to identify how the threat of technical project risk can be mitigated. We develop a holistic nomological network of technical risk mitigation processes and the IT project team composition necessary to facilitate such processes. As such, we integrate consideration of people (through IT project team composition), process (through risk mitigation processes), and technology (through technical risk) and the relationships between them. Although recent literature has begun to provide insights on the mitigation of technical risks in IT projects (e.g., [31, 47, 73, 77]), there is limited understanding of how people, processes, and technology come together to provide a more complete understanding of this phenomenon. In fact, many of the empirical studies to date have focused almost exclusively on the control of IT projects, overlooking the roles of people and processes. Consideration of people and processes in this domain is critical because IT project development is an inherently collective endeavor, involving collaboration between multiple individuals working together to accomplish a common objective (e.g., [10, 30]). Research in this domain must, therefore, recognize and account for the collective nature of IT project development and the interdependent actions taken by IT project teams to mitigate the effects of technical risk.

Theoretical Background

IT Project Risk Framework

Several IT project risk frameworks have been developed in the literature (e.g., [2, 43, 76]). For the purposes of this research, we leverage the framework conceptualized by Wallace et al. [76] given its theoretical grounding in considerations of people and processes when examining IT project risk. Drawing from sociotechnical systems theory, Wallace et al.’s [76] IT project risk framework distinguishes between technical project risk and social project risk. Technical project risk represents the extent to which IT projects—as efforts to construct an artifact of some complexity based on a set of requirements—have volatile or unclear requirements or must be deployed on unfamiliar or new technology platforms [68, 77]. Social project risk represents the extent to which the IT project is embedded in a social context that can be unstable in terms of politics or availability of resources [76]. The framework theorizes that both technical and social project risk increase project management risk by hampering the ability of the IT project team to function and by increasing the likelihood of poor planning and unrealistic targets. The empirical test indicated that only technical project risk was found to increase project management risk [76]. Figure 1 illustrates how technical project risk reduces IT project performance by increasing project management risk.

Figure 1. IT project risk framework

In this paper, we choose to focus on technical project risk instead of project management risk because it is more relevant in the study of developing new systems or applications that are likely to involve some new technologies with which developers may not be familiar [75, 77]. In addition, defining and specifying requirements for new systems is often more challenging because users are generally not clear about what they need at the beginning of a project and tend to change their requirements during the course of the project (e.g., [31, 47]). In other words, technical project risk is likely to be more salient for new system development projects that are the focus of our study. Per the IT project risk framework, project complexity risk and requirement risk are regarded as major IT project development risks that reduce the probability of IT project success and they are also the antecedents of project management risk [4, 15, 30, 31]. The emergence of such risk is generally out of the control of project managers and, hence, is viewed as an exogenous factor that poses a threat to IT project success. We think it is important to investigate these sources of risk and understand how they can be mitigated.

Our model extends the IT project risk framework by uncovering the risk mitigation processes IT project teams can use to alleviate the threat of technical project risk as well as by seeking to understand how IT project teams can be composed to facilitate the risk mitigation processes¹. Drawing from the IT project management literature, we identify three risk mitigation processes, that is, coordination and monitoring, planning and scheduling, and client interaction (e.g., [33, 40, 47, 75]). Requirement risk is often caused by inadequate or poor communication between IT project teams and clients. Consequently, more interactions with clients are likely to help clarify requirements and reduce requirement risk. Likewise, coordination and monitoring, and planning and scheduling are likely to help teams better cope with the complicated development processes that involve new and unfamiliar technologies. We identify coordination and monitoring, planning and scheduling, and client interaction as three critical processes in mitigating IT project risks. The fact that technical project risk is an exogenous factor over which project managers typically have minimal control, suggests that it is theoretically best conceptualized as a moderator to better understand the effect of risk mitigation processes on IT project performance.

Our model also aims to provide a better understanding of how IT project teams of different cultural composition are able to perform under such IT project risk conditions. In order to overcome the threat posed by technical project risks, IT project teams must be able to easily engage in the necessary project risk mitigation processes [9, 68, 76]. Understanding the cultural values of the IT project team’s members provides insight about how the team is likely to act with respect to such processes. We choose to focus on team cultural composition and theorize how it affects IT project performance through risk mitigation processes for mainly three reasons. First, given that cultural values comprise schemas about interactions between social entities [5], they shed light on our understanding of how and why people interact with each other. The collective nature of IT project development and the interdependent actions taken by IT project teams, especially for projects developing new systems or applications, require intensive interactions among project team members, and between project team members and clients (e.g., [28, 47, 57]), making the cultural lens appropriate for understanding IT project teams’ behaviors and actions. Second, we argue that it is important to incorporate the role of culture into the IT project risk framework because IT project teams’ risk propensity and risk perceptions are culture-sensitive (e.g., [32]). Prior studies indicate that the identification and management of project risk needs to account for cultural differences (e.g., [42]). Third, unlike other extrinsic motivators, such as reward or punishment mechanisms, that drive teams’ behaviors, such as engagement in risk mitigation processes, cultural values are likely to act as an intrinsic motivator when they are accepted and internalized, and therefore should have a stronger influence on teams’ behaviors [41]. Next, we outline the theory that forms the basis for our predictions about how IT project team cultural composition affects project risk mitigation processes.

Different Perspectives on Cultural Values

Culture reflects the norms, values, and belief systems that individuals possess [12]. These norms, values, and belief systems form the cognitive schemas that serve as a basis for people’s perception of situations [41]. It allows them to make sense of various events and activities that occur in the world around them and serves as a key driver of collective action. Naturally, these schemas carry over into the workplace, helping employees to make sense of their work environment and how to accomplish work tasks [41]. Through mental programming, cultural values determine which ways of acting or behaving are preferred over others in a work setting [56]. A variety of frameworks have emerged to characterize the different cultural values that shape individual behavior in management [23, 25]. We adopt Hofstede’s taxonomy of culture to understand IT project team performance. Although it has received some criticism, Hofstede’s taxonomy is the most widely used and has shed light on numerous organizational phenomena at various levels of analysis [34] and is appropriate to study IT project implementation with respect to its clarity and parsimony.

Hofstede’s taxonomy identifies five cultural values: individualism/collectivism, masculinity/femininity, uncertainty avoidance, power distance, and long-term orientation [23]. Cultural values have been studied from a variety of perspectives in the literature [34, 41]. One perspective, which is predominant in the literature, views culture as being a country- or society-level characteristic [23, 34]. In this view, it is assumed that members of society are culturally homogeneous such that there is low within-country variation and higher between-country variation in cultural values. A more recent perspective views culture as being an individual characteristic that can vary within country contexts (e.g., [22, 29, 71, 74]).

Although Hofstede’s taxonomy of cultural values was initially conceptualized at the national level and early research on culture claimed that cultural values were more important at the societal level than the individual level (e.g., [23]), it is the combination of individual cultural values that give rise to culture at a higher level [66]. Contemporary work has examined these values at the individual level (e.g., [34, 62, 71]), conceptualizing them as the extent to which an individual embraces specific cultural values, that is, espoused cultural value. An important reason to conceptualize culture at the individual level is that recent research indicates there is a large variation in cultural variables across individuals even within the same country (i.e., same national culture) and such differences have led to interesting insights regarding different phenomena (e.g., [62, 71, 80]). Kirkman et al. [34], based on a review of over two decades of culture studies, noted that despite the potential to uncover important insights, accounting for cultural values at the individual level to advance understanding of prior relationships has been limited and is an important future research direction.

Cultural Contingency Theory

Cultural contingency theory views culture as a mechanism for understanding the success or failure of organizational work characteristics in yielding positive outcomes [56]. The theory posits that organizational work structures (e.g., rules, procedures, work autonomy, clearly defined goals) facilitate the achievement of organizational goals when they are congruent with the cultural values of employees in the host country [56]. In this context, the risk mitigation processes we identify represent particular team processes or teams’ collective behaviors that reflect specific rules, procedures, or practices that organizations endorse with an expectation of reducing risks and increasing productivity for new system development projects. When work structures are congruent with employees’ cultural values, higher performance is achieved due to the level of comfort employees have with expectations of desired behavior [12, 56]. In contrast, employees are less likely to achieve success when work structures are at odds with culturally accepted values and behaviors because employees harbor dissatisfaction and a lack of commitment toward value incongruent initiatives [56]. Viewed through this lens, organizational work structures form an important context for understanding the effectiveness of employees with specific cultural values. For example, such a view helps us to understand why employees with low power distance tend to perform better than employees with high power distance under a participative management structure [56]. Likewise, we can better explain why organizational work structures emphasizing autonomy or individual rewards would be more effective for employees with individualistic values and why organizational work structures emphasizing work unit solidarity or team-based rewards would be more effective for employees with collectivistic values [56]. In this study, the concept of congruence can be examined through the relationship between team cultural values and their risk mitigation processes such that team cultural values could either facilitate or constrain risk mitigation processes, depending on the level of congruence between a specific team cultural value and the risk mitigation processes. In addition, such congruence, manifested in the deployment of risk mitigation processes, would play an important role in affecting IT project performance.

Team Composition and Individual Cultural Values

Given our focus on IT project team composition, we draw on espoused culture at the individual level but examine its aggregate effects between teams by giving consideration to the compositional makeup of each team. This is accomplished by treating team cultural composition as a configural property of the team [37]. According to Klein and Kozlowski [37], configural team properties emerge from individual team members’ values, attitudes, and beliefs (e.g., culture, personality). As a team-level characteristic, configural team properties “capture the array, pattern, or variability of individual characteristics within a team” [37, p. 217]. With configural team properties, there is no assumption that individual characteristics are held in common by all team members. Rather, researchers attempt to assess the configuration or array of these individual characteristics within the team [37]. Understood through this lens, each team can differ in the array of individual characteristics present in its membership. For example, Barry and Stewart [3] conceptualized the personality composition of teams as the array of a particular personality characteristic across individuals within a team. They argued that it is possible to understand differences in how teams behave by capturing “the number or proportion of group members with relatively high scores on personality traits that are theoretically related to group processes and performance” [3, p. 65]. This means, for example, that some teams will have a small proportion of members with high conscientiousness and other teams will have a large proportion of members with high conscientiousness. Building on this logic, Barry and Stewart [3] predicted that teams with greater proportions of highly conscientious members were more likely to engage in team processes such as cohesion and task focus. Similarly, Eby and Dobbins [13] predicted and found that as the proportion of team members with high collectivism increases, the likelihood of the team engaging in cooperative team behaviors increases. Kirkman and Shapiro [35] found that as the proportion of team members with high power distance increased, the team was more resistant to the introduction of team self-management practices compared to teams whose compositional makeup reflects an increasing proportion of individuals with low power distance.

Taken together, this extant research suggests that (1) cultural composition can and should be treated as a configural property of teams and (2) cultural composition has a meaningful impact on the actions and reactions of teams to work-related situations. In order to remain consistent with the prior literature on team composition, we use the term cultural composition to reflect the proportion of team members who espouse a particular cultural value. For instance, an IT project team in which a large proportion of the membership embraces collectivistic values is referred to as having a high collectivistic composition and an IT project team in which a small proportion of team members espouse collectivistic values is referred to as having a low collectivistic composition.²

Model Development

Figure 2 presents our research model that incorporates project team cultural composition, project risk mitigation processes (planning and scheduling, coordination and monitoring, and client interaction), and technical project risk (requirement risk and project complexity risk) in understanding IT project performance. Anchoring on cultural contingency theory, we theorize that IT project team cultural composition will impact IT project performance through project risk mitigation processes. In addition, our model examines how project risk mitigation processes affect IT project performance across different levels of requirement risk and project complexity risk.

Figure 2. Research model

Drawing on our earlier discussion on the influence of cultural values, we argue that IT project teams will behave in ways that are consistent with the values represented by their cultural composition. This means, for example, that in IT project teams with high masculinity cultural composition, the IT project team will engage in high masculinity congruent behaviors, such as a strong emphasis on task achievement. The compositional view indicates that this influence of cultural composition will be uniform across cultural values—i.e., individualism/collectivism, masculinity/femininity, power distance, uncertainty avoidance, and long-term orientation composition will shape IT project team behavior through the same processes.

Influence of IT Project Risk Mitigation Processes

The project management risks outlined in the IT project risk framework can be mitigated through processes that emphasize project planning and scheduling, coordination with clients and coordination and monitoring of IT project team activities [50, 55]. IT project planning and scheduling involves establishing major project milestones, identifying key steps necessary to achieve those milestones, allocating necessary resources and establishing realistic targets [68]. IT project teams that engage in planning and scheduling are able to develop a clear path for achieving IT project objectives and have adequate resources to meet those objectives, thus mitigating the risk of failure due to cost and schedule overruns [67]. Tiwana and Keil [73] found that IT project performance was higher in IT projects that emphasized meeting project milestones on time and within budget. Maruping et al. [47] found that such IT projects resulted in higher quality IT products.

In IT projects that involve client-vendor transactions, members of the vendor firm often possess high technical knowledge about how to develop and deliver systems and members of the client firm often possess greater business domain knowledge including understanding of standard operating procedures, existing internal IT platforms in use, and idiosyncratic business processes [19]. In order to produce an IT product that adequately meets client needs, it is necessary to integrate the business domain knowledge of the client firm with the technical knowledge of the IT project team. Much of the tacit, contextualized business domain knowledge cannot be adequately captured in requirements documentation [28]. Interaction between the IT project team and the client firm helps to bridge this knowledge gap, facilitate knowledge exchange, and enable IT project teams to be more effective in meeting IT project objectives [19] and reducing IT project cost overruns and fostering high client satisfaction [62].

In addition to mitigating planning and control risk through planning and scheduling and client interaction, it is important for IT project teams to mitigate team risk that arises when the team cannot manage the activities that actually produce the IT product itself [76]. Coordination and monitoring processes enable IT project teams to mitigate team risk. Coordination enables IT project teams to mitigate team risk by synchronizing the tasks of team members so that they jointly yield desired outcomes [14, 50]. Through coordination, IT project teams are able to integrate the necessary technical expertise of team members when and where needed [15, 16, 49]. Higher IT project quality can be achieved when IT project team members focus not only on their own task requirements, but also on how their task outputs contribute to the IT project as a whole [16]. Monitoring ensures that various task outputs are vetted for quality and that key project milestones are being achieved [36, 49]. Through monitoring, IT project teams mitigate team risk by providing an updated view of the IT project status relative to objectives. Such a view provides scope for making adjustments when and where necessary in order to achieve IT project objectives.

Hypothesis 1:

IT project risk mitigation processes will positively influence IT project performance.

Moderating Role of Technical Project Risk

As noted earlier, technical project risk represents an exogenous factor that reduces the likelihood of IT project success. IT project risk mitigation processes are designed to attenuate the effects of this technical project risk by preparing team members to address the risk when it materializes. As such, we expect IT project performance to be even more contingent on the execution of IT project risk mitigation processes when technical project risk is heightened.

Requirement Risk

When requirement risk manifests, IT project teams need to be capable of adjusting [57]. Failure to resolve such risks can result in the delivery of an obsolete system if the IT project team does not incorporate new or modified requirements [73]. IT project risk mitigation processes enable IT project teams to handle the threat posed by requirement risk in several ways. Accommodating new requirements or adapting to changes in existing requirements takes time and resources [40]. Under such circumstances, it is important for IT project teams to have established planning and scheduling activities. Establishing IT project milestones enables IT project teams to estimate how efforts to accommodate requirement changes will affect the schedule. A clear picture of how the ability to meet scheduled milestones will be affected can prompt IT project teams to redistribute existing resources or to lobby for additional resources so that milestones can be met. Through planning, IT project teams are also able to re-prioritize objectives if necessary. In contrast, IT project teams with no such planning and scheduling activities are less able to estimate how accommodating requirement changes will affect their ability to meet the IT project schedule or affect costs. Moreover, with a lack of adequate planning, IT project teams are less capable of re-prioritizing tasks as necessary.

Coordination and monitoring activities enable IT project teams to cope with requirement risk. When requirement changes occur, modifications to one part of the system can affect the functioning of other aspects of the system due to interdependence. This makes it important to coordinate the efforts to accommodate requirement changes so that team members do not undercut each other’s contributions. Maruping et al. [47] showed that processes that synchronize team member efforts are more important in increasing IT project quality when requirement changes are high compared to when they are low. Such coordination efforts ensure that team members maintain an awareness of which other tasks are affected when changes are implemented and perhaps collaborate with the relevant team members [50, 59, 65]. A lack of coordination creates a risk of team members making changes without regard to how it affects the rest of the system, consequently eroding IT product quality [47]. IT project teams also need to monitor task outcomes when changes are implemented. Otherwise, unintended effects of implementing requirement changes can go unnoticed (thus, degrading IT product quality) or may be discovered much later when it is more expensive to implement corrections.

Client interaction becomes a more important means for achieving high IT project performance when requirement risk emerges. Implementing changes to the system in response to requirement changes can affect its functionality. Interacting with the client enables IT project teams to ensure that requirement changes are implemented correctly and that the resulting effects on the overall system are in line with client expectations [44]. Engaging in client interactions facilitates more efficient adjustments based on client feedback on system design [21]. IT project teams can also get a clearer understanding of the requested changes, minimizing the risk of incorrect implementation. IT project teams that do not engage in client interactions when requirement risk emerges run the risk of implementing incorrect modifications and, consequently, increasing costs at later IT project stages. In sum, IT project risk mitigation processes are beneficial for IT project performance, even when technical project risk is low. They become an even more important means of achieving high IT project performance when technical project risks emerge.

Hypothesis 2:

Requirement risk will moderate the relationship between IT project risk mitigation processes and IT project performance such that the positive influence of IT project risk mitigation processes will be stronger when requirement risk is high compared to when it is low.

Project Complexity Risk

High project complexity risk can create significant uncertainty for IT project teams as they attempt to use unfamiliar technology and develop IT products to operate on multiple or unfamiliar platforms. Under such circumstances, IT project risk mitigation processes become an important means for achieving high IT project performance. When operating with unfamiliar technologies or constructing IT products for unfamiliar platforms, it is difficult to predict the link between actions and outcomes. Conclusions are often reached through trial and error as IT project teams go through a process of discovery in their problem solving [52]. Planning and scheduling under such conditions gives IT project teams a rough means for establishing estimates and allocating resources for key project milestones. Given the level of uncertainty associated with complex IT projects, such estimates may lack complete accuracy, but having them in place provides IT project teams with much better direction for containing costs and meeting deadlines. Establishing targets also gives IT project teams a goal to aim for and the use of goals has been shown to yield better performance.

Project complexity risk necessitates efforts to coordinate and monitor IT project team activities. The lack of clarity regarding the underlying production technology or the platform on which the IT project will operate makes it important for IT project team members to communicate with each other and synchronize their task execution. Failure to do so can give rise to various problems, such as poor synchronization in product integration across multiple platforms or the implementation of different standards when working with new technologies. These problems can cause delays in IT project delivery and result in escalation of costs due to rework. IT project performance is also contingent on monitoring where IT project teams divide complex projects into phases, such that timely feedback is provided to allow adjustments to be made when current actions do not yield the expected project progress. An absence of monitoring will prevent IT project teams from tracking project progress and recognizing the need for adjustments.

IT project teams faced with high project complexity risk also benefit significantly from client interaction. Given the level of uncertainty that surrounds development for an unfamiliar platform that a client firm possesses, IT project teams can gain insights about how the platform operates from the client firm’s IT department. They can also provide information about the various systems with which the new IT product will need to interface. Given their familiarity with their own systems, members of the client firm are in a position to be more direct in their feedback to the IT project team [36]. Such input saves IT project teams’ time as they do not need to go through a trial and error process to discover what works and what does not work on the platform. In sum, project risk mitigation processes become more instrumental in enabling IT project teams to achieve high IT project performance when project complexity risk is high compared to when such risk is low.

Hypothesis 3:

Project complexity risk will moderate the relationship between IT project risk mitigation processes and IT project performance such that the positive influence of IT project risk mitigation processes will be stronger when project complexity risk is high compared to when it is low.

In light of the robustness of IT project risk mitigation processes to increasing levels of technical project risk in affecting IT project performance, the essence of our model is that these processes represent the means by which the cultural composition of IT project teams will influence IT project performance.

Influence of IT Project Team Cultural Composition

We draw from the cultural contingency theory [56] to explain the influence of IT project team cultural composition on IT project performance through IT project risk mitigation processes. Viewed through this lens, the efficacy of organizational work structures, in this case, the rules, procedures or good practices the organization embraces or endorses to mitigate IT project risks, can be understood in terms of the level of congruence they have with prevailing deep-rooted values. Structures that are congruent with the employees’ cultural values are argued to yield high performance due to the level of comfort employees have with expectations of desired behavior [12, 56]. In this context, when teams’ cultural values are congruent with the core values embedded in the risk mitigation processes, teams are likely to perceive risk mitigation processes more favorably, resulting in an increased level of enactment in the risk mitigation behaviors that contribute positively to IT project performance. In contrast, team members are less likely to deploy the risk mitigation processes if they do not embrace or endorse the values of doing so. Consequently, the positive effect of risk mitigation processes on IT project performance will be attenuated.

Individualism/Collectivism (IC)

Individualism/collectivism indicates individuals’ preference for a social framework. People high on individualism prefer prioritizing their own personal goals over those of the collective. In contrast, people high on collectivism are likely to prioritize the needs and goals of the collective over their own because they expect that the group will take care of them in exchange for their loyalty [23]. The risk mitigation processes reflect an organizational structure that accounts for the nature of task interdependencies and emphasizes collaboration and coordination in facilitating the achievement of IT project team objectives (e.g., [7, 59]). As an example, planning and scheduling emphasize task synchronization to ensure the best outcome for the team as a whole, rather than for individual interests [29, 64]. Likewise, interacting with clients underlies the importance of recognizing and understanding the needs of clients. Therefore, IT project teams high on collectivistic culture are likely to favor an organizational structure that values collaboration and coordination in reducing IT project risks. As the proportion of collectivistic individuals in an IT project team increases, a greater emphasis on collective planning and scheduling is likely to emerge given the joint responsibility of team members to reach IT project objectives. Because of inherent task interdependencies, the ability to reach key project milestones is dependent on the outputs of multiple individual team members. Increasing collectivistic composition will also increase the likelihood of greater coordination and monitoring. Eby and Dobbins [13] show that teams with a higher collectivistic composition exhibit cooperative behaviors such as coordinating effort and monitoring task output. Finally, given their penchant for cooperativeness, these teams will have a tendency to be inclusive in their management of the project—likely seeing all involved parties as being part of a project-related in-group and having a higher level of trust in each other (e.g., [7, 9]). This collaborative stance toward the project team-client relationship is consistent with a “we” rather than “I” orientation that is common in collectivists [29]. These teams interact with their clients to get detailed feedback on how well their deliverables meet the requirements of their clients. Taken together, the collectivistic composition of IT project teams should be positively related with the enactment of IT project risk mitigation processes.

Hypothesis 4:

An increase in the proportion of IT project team members with high collectivism will increase IT project performance through IT project risk mitigation processes.

Masculinity/Femininity (MF)

Masculinity describes individuals’ degree of preference for achievement, assertiveness, and material success, a conceptualization that is not bounded by biological gender differences [23, 64]. Individuals with masculine cultural values tend to be task oriented and emphasize high performance over all else. The key objective for having an organizational structure that defines the team processes in risk management is to achieve better IT project performance. For teams high on masculinity, they should perceive an alignment between the team’s value and the main objective of the organizational structure. Consequently, they are more likely to develop a positive attitude toward the organizational structure, and engage in the risk mitigation processes defined by the organizational structure. Kankanhalli et al. [29] argue that masculinity is positively associated with economic values that emphasize IT project planning and control. Similarly, we expect that IT project teams with a greater masculinity composition are more likely to engage in planning and control activities as a way of achieving higher IT project performance. Specifically, project teams with high masculinity will work hard to ensure that a work schedule is developed to facilitate the accomplishment of team objectives, task assignment and prioritization have been clearly understood by team members, and necessary contingency plans are created to cope with unexpected situations. Coordination and monitoring represent an instrumental means for creating efficiencies in task execution and tracking progress toward IT project goal accomplishment [49, 59]. For example, more communication and coordination with other team members would help clarify ambiguity in task roles, explore and better understand the similarities and differences between different problems, or inspire new methods for problem solving. As such, IT project teams with a greater masculinity composition will engage in such activities, which they anticipate will translate into higher IT project performance. Client interaction represents another instrumental mechanism that resonates with the achievement orientation of IT project teams with greater masculinity composition. Such activity provides the IT project team with useful feedback that can be incorporated into the IT product in a timely manner. In addition, client interaction contributes to the building of long-term relationships with clients that drive future business growth, an indicator of success or achievement desired by team members high on masculinity. Client interaction is especially important in IT projects where success hinges on the ability to satisfy client requirements [62]. IT project teams with a greater masculinity composition will see this kind of activity as providing a means to enhance IT project success.

Hypothesis 5:

An increase in the proportion of IT project team members with high masculinity will increase IT project performance through IT project risk mitigation processes.

Power Distance (PD)

Power distance indicates the extent to which individuals with less power are willing to acknowledge differentials of power and inequality [23, 64]. Low power distance individuals tend to ignore status inequalities in hierarchical organizational structures. In contrast, high power distance individuals accept the existence of status inequalities and revere those in positions of higher status [23]. Individuals with high power distance tend to avoid stepping outside the bounds of authority, dislike working autonomously and do not take initiative [35]. They also revere those with higher status [35]. Therefore, the cultural value of high power distance is at odds with an organizational structure that emphasizes collaboration and coordination among team members, regardless of power and status differentials, and interaction with clients whom are generally considered as having more power, for reducing IT project risk. Under such circumstances, we expect that IT project teams with a greater power distance composition will be less likely to make decisions on formulating work plans and schedules [62]. They generally prefer to receive such directives from authority figures (e.g., project managers). Clients are viewed as having greater authority in client-vendor IT project relationships [62]. IT project teams with greater power distance composition may be less willing to interact with clients. In addition, Kirkman and Shapiro [35] have empirically shown that teams with greater power distance composition are less likely to engage in coordination and monitoring because such team processes could involve interactions and communication with supervisors and managers, for example, providing and explaining various progress reports. Similarly, we expect that IT project teams with greater power distance composition will be less likely to engage in coordination and monitoring activities.

Hypothesis 6:

An increase in the proportion of IT project team members with high power distance will decrease IT project performance through IT project risk mitigation processes.

Long-Term Orientation (LTO)

Long-term orientation indicates people’s plan and consideration for the future. Those who espouse high long-term orientation have a tendency toward forward thinking, value long-term commitments, and exhibit a great deal of persistence [23, 64]. This is in contrast to the respect for short-term focus and fulfillment of social obligations exhibited by short-term (low long-term) orientation individuals. A strong future orientation enables high long-term orientation teams to see connections between current actions and future outcomes. Therefore, the cultural value of high long-term orientation is in congruence with an organizational structure that stresses collective work preparation among team members and cultivation of long-term relations with clients as effective means to reduce IT project risk. In such situations, IT project teams that have a greater long-term orientation composition are more likely to engage in planning and scheduling activities. Such activities focus on outlining key milestones that will be met at future dates as well as considering the steps and resources that will be necessary to achieve them. The future-orientation of planning and scheduling activities makes them a natural fit for IT project teams with high long-term orientation composition. Because of the interdependence that exists between tasks and sub-tasks, the sequencing of individual tasks needs to be coordinated so that completion of one task (or sub-task) coincides with the beginning of the next [14]. IT project teams with greater long-term orientation composition are likely to see and value the connection between task coordination and the ability to meet IT project milestones. Monitoring activities enable IT project teams to reinforce the link between coordination activities and progress toward IT project milestones. Finally, IT project teams with greater long-term orientation composition recognize that their actions on the current project can have lasting effects on the viability of the long-term relationship with the client and the team’s reputation within the organization. Such teams are likely to place an emphasis on reaching out and establishing connections with their clients through ongoing client interaction. By interacting with the client, teams can diagnose if problems exist, find out if the client is satisfied with project progress, and remain apprised of the client’s future needs.

Hypothesis 7:

An increase in the proportion of IT project team members with high long-term orientation will increase IT project performance through IT project risk mitigation processes.

Uncertainty Avoidance (UA)

Uncertainty avoidance reflects the level of comfort people have with uncertain or ambiguous situations. Those with high uncertainty avoidance prefer to avoid such situations by establishing formalized rules, structures, and procedures [23]. For such individuals, situations involving uncertainty tend to be a cause for concern [69]. In contrast, those with low uncertainty avoidance orientation tend to be open to change, have a willingness to take risks, and are tolerant of unstructured situations [64]. Therefore, the cultural value of high uncertainty avoidance is aligned with an organizational structure that places emphasis on rules, procedures or best practices that define the team processes in reducing uncertainty and risk. Under such conditions, IT project teams with greater uncertainty avoidance composition will attempt to create greater certainty about project progress through planning and scheduling processes as such activities bring greater clarity and certainty about team member role assignments and responsibilities, identify key milestones and outline alternative courses of action for accomplishing team goals [55]. Such IT project teams are also more likely to perform coordination and monitoring activities to maintain an awareness of IT project status and progress toward objectives. Monitoring gives such IT project teams the comfort of knowing how they are progressing toward meeting IT project milestones. The feedback and input obtained through client interaction provides greater clarity about the environment in which the IT product will operate and more certainty about how the client feels about prototype designs [21, 44]. Such exchanges also provide greater clarity about what the client wants and IT project teams with an uncertainty avoidance mindset should find this appealing.

Hypothesis 8:

An increase in the proportion of IT project team members with high uncertainty avoidance will increase IT project performance through IT project risk mitigation processes.

Method

Setting and Participants

We conducted a field study of IT projects at a large foreign-owned subsidiary firm located in China. For several reasons, this organization is an appropriate site for conducting our study. First, China boasts a rapidly growing economy and it is attracting skilled knowledge-intensive labor from across the globe. This makes for an increasingly culturally diverse populace. Second, the organization was a foreign-owned subsidiary that hired talent internationally as well as from within China in order to capitalize on the growing economy. Hence, we expected that there would be variation in cultural values among the organization’s employees. Another advantage of basing our sample in a single organization is that it allowed us to naturally control for influences that might be attributed to organizational differences.

The participating organization had implemented many IT projects over a 3-year period, resulting in a sampling frame of 560 completed projects. The majority of these IT projects were to develop new systems or applications required by client companies in various industries, e.g., manufacturing, retailing, finance, to fulfill different business objectives. For instance, one IT project involved the development of a mobile app for a retailer that allowed its consumers to receive promotions and information on discounts when they visit its stores. The teams consisted of developers who were internal to the corporation and each team member worked on only one team. We examined the rosters of the IT project teams to ensure that multiple projects from the same team were not included in the sample. Of the 560 teams, 58% or 325 of them provided usable responses (i.e., at least 80% of team members provided complete responses). The minimum within-team response rate of 80% compares favorably to other studies with average within-team response rates of 25% to 50% (e.g., [16, 51]). We checked for non-response bias and found no significant difference in demographics between respondents and non-respondents, both at the individual and the team levels. The maximum team size was 12 members, and the average duration of the projects was about 90 days. The average age of participants was 29.33 years (S.D. = 4.45) for a total of 3,104 unique developers, of which 1,222 (39%) were women. The participants were from China (44%), U.S. (16%), India (12%), Singapore (12%), Malaysia (5%), and other countries (11%).³

Measurement

We operationalized the constructs by adapting existing scales to fit the context of our study. The unit of analysis is the project team. For constructs that were measured from individuals, it is necessary to justify the aggregation of individual-level scores to form the team-level construct [6], and report the within-group agreement index (r_wg(j)), and intra class correlation coefficients (ICC). The r_wg(j) indicates the extent to which group members’ responses to the survey converge greater than would be expected by chance [27]. The ICC(1) reflects between-group variance in individual responses and the ICC(2) indicates the reliability of the group-level means [6]. Appendix A presents the items used in this study and Appendix B summarizes the sources used to measure the constructs as well as the reliability and aggregation statistics. It is useful to check whether there is variation on the different cultural values across the participants given that they all worked for one company and lived in one country. The large standard deviation of each cultural value at the individual level (calculated as average of all participants) indicates individuals embrace cultural values to varying degrees (SD_{individualism/collectivism} = .89; SD_{masculinity/femininity} = 1.03; SD_{power distance} = .87; SD_{uncertainty avoidance} = 1.03; SD_{long-term orientation} = 1.08).

Team Cultural Composition

Given that our study theorizes the effect of team cultural composition—conceptualized as the proportion of team members who espouse a specific cultural value, measuring the proportion of the team members who score high on each cultural value is the most appropriate way to capture cultural composition. Such an approach has been used to examine the influence of team composition (on some value, belief or attitude) on team processes and performance. Prior studies (e.g., [3, 13, 53]) measured the composition of teams on a particular value, e.g., collectivism, by following a three-step process of: (1) measuring collectivism at the individual level, (2) creating a cutoff score of approximately the top quarter of the scale (after standardizing the scores across the sample) to represent high collectivism, and (3) operationalizing composition on collectivism as the proportion of team members with high collectivism by dividing the number of team members with a high collectivism score by total number of team members.

The three-step aforementioned approach represents the standard way of operationalizing team composition on a particular value, attitude, or belief [37]. Thus, we followed this approach to operationalize team cultural composition. First, we measured each cultural dimension at the individual level. Second, we determined a cutoff score to determine who had high values on each cultural dimension. Specifically, we standardized the scores on each cultural value across the entire sample. Then, we used the top 20% of the sample distribution as the cutoff point to identify team members who scored high on each cultural dimension. Specifically, team members who exceeded the 20% sample distribution cutoff point were considered high on the cultural dimension. Third, we operationalized the proportion of team members with a particular cultural value by counting the number of individuals who were classified as having a high score on that cultural dimension and dividing that number by the total number of team members. For example, if three members in a team of 12 had scores on power distance that exceeded the 20% cutoff point, then that team received a power distance composition score of 25% (i.e., 3/12). We also repeated the analyses using the cutoff criteria of top 30% (e.g., [53]) and found that the pattern of effects were quite similar at different cutoff points.

Technical Project Risk

Requirement risk was used to capture the degree of requirements volatility throughout the entire project and the measure was adapted from Nidumolu and Subranmani [58]. Project complexity risk was operationalized to indicate the degree to which a project involves new, immature or sophisticated technologies and the measure was adapted from Wallace et al. [76].

IT Risk Mitigation Processes

The three IT risk mitigation processes (i.e., coordination and monitoring, planning and scheduling, and client interaction) were operationalized to represent the team processes IT project teams enact to reduce IT project risk and were adapted from Maruping et al. [48] and Venkatesh et al. [75].

IT Project Performance

IT project performance was operationalized as a formative construct that includes project quality, delivery time, and project cost (e.g., [15, 73]). One important criterion to evaluate the outcomes of IT projects is the quality of the IT product (e.g., [47]). Given that number of errors is an important criterion to indicate the quality of the product, the quality of projects was assessed as bug severity (e.g., [47]), computed as the product of the number of bugs and the number of hours required for fixing them. The number of bugs and number of bug-fixing hours were obtained from project archives. In the final measure, lower bug severity indicates higher IT product quality. To improve interpretability of the results relating to bug severity, we reverse scored the measure such that large values indicated high project quality and small values indicated low project quality. Delivery time was measured as schedule overrun in days, and project cost was measured as cost overrun in U.S. dollars. Measures of delivery time and project cost were obtained from project archives. Delivery time and project cost were also reversed scored to improve interpretability.

Control Variables

We included four important control variables in our analyses. First, we controlled for project duration—that is, the number of days spent on completing the project. Prior research has found that projects of a longer duration tend to exhibit poorer performance [67]. Second, we controlled for team size because increasing size has been associated with coordination problems and consequently, decreased performance (see [4]). Third, we controlled for team experience, operationalized as the average number of years of project experience for members on a team. Fourth, we controlled for project size—that is, the number of lines of code in the final project [15]. Prior research indicates that when the size of a project grows, the level of risk associated with the project increases and project performance will be affected (e.g., [15]).

Procedures

The data were collected via surveys and archival project documentation. Given that each team member worked for only one team over the 3-year period, team rosters rarely changed during this period unless people left the company or transferred to other business units. Considering that a minimal amount of change occurred in team composition and that an individual’s cultural values are fairly stable, we asked team members to complete a one-time survey regarding their cultural values and other demographic information before they started working on the projects. As the project teams worked on their respective projects, they were required to record and update various project-related metrics, such as project complexity, number of bugs, and man-hours spent. Project complexity and bug severity data were obtained from project archives at the end of the 3-year period. At the end of each project, team members were asked to rate the extent to which requirements changed over the course of the entire project, specify the degree of project complexity risk, and respond to questions about the risk mitigation processes used during the IT project. Unique bar codes were used to link responses from developers at different measurement points (i.e., before the projects started and at the end of the projects) and to link them to a specific team. The use of different sources and types of data, i.e., survey responses and archival project metrics at different points in time, helps to mitigate common method bias and is a major strength of our design.

We conducted our analysis using a two-stage process. First, we evaluated the measurement model using a confirmatory factor analysis (CFA). Specifically, to assess the psychometric properties of the scales with reflective items (i.e., cultural values, project risk management processes, technical project risk) and formative items (i.e., project performance), we conducted CFA using Amos (version 6.0). Following the evaluation of the measurement model, we tested the research model using ordinary least squares (OLS) regression analysis. This approach of estimating a measurement model and using regression-based analysis for model testing is most appropriate when estimating a model involving numerous interaction effects and has been used in recent research (e.g., [45, 46, 63, 72, 78]). Estimating a structural equation model (SEM) is not robust to smaller sample sizes, particularly when considering the interaction terms for the moderation hypotheses. We followed the above-cited exemplars of this two-stage approach of evaluating a measurement model using SEM and model testing using regression-based analysis.

Measurement Model

Guided by convention in prior empirical research, we modeled cultural values, project risk management processes, and technical project risk with reflective indicators. Latent constructs are modeled reflectively when the items are highly correlated and are interchangeable without changing the meaning of the construct [60]. The above constructs and their items met these criteria. The decision to model a construct as formative depends on four criteria: (1) direction of causality is from items to construct, (2) items are not necessarily interchangeable, (3) items do not necessarily covary, and (4) it is possible for the nomological net of the items to differ [60]. These criteria suggest that IT project performance be treated as a formative construct. From an empirical standpoint, the correlations among the three dimensions of project performance were not high, suggesting that the three items do not covary.

Following the guidelines suggested by Hu and Bentler [26], we report the model fit statistics that include the goodness of fit (GFI), adjusted goodness of fit index (AGFI), comparative fit index (CFI), and standardized root-mean square residual (SRMR). Our fit statistics (GFI = .94, AGFI = .93, CFI = .92, and SRMR = .05) indicate good fit to the data. Our constructs demonstrated adequate convergent validity as the loadings for the items and the average variance extracted (AVE) were greater than .70 and .50 respectively. Discriminant validity was also established as the square roots of the AVE for our constructs were greater than the correlations between constructs [17]. Composite reliabilities (CRs) were greater than .70 for these scales, thus supporting reliability [17].

Table 1 presents the descriptive statistics and correlations of our scales. Given that proportion was used to calculate cultural composition, CRs and AVEs were not computed for these constructs. However, we did compute CRs and AVEs for the culture measures before we used the proportion approach and the results are shown in Appendix B.

Table 1. Descriptive Statistics and Correlations

	Mean	SD	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15
1. Individualism/collectivism (IC)	28.22	12.20	NA
2. Masculinity/femininity (MF)	31.35	11.03	.23***	NA
3. Uncertainty avoidance (UA)	22.70	10.80	.20**	.30***	NA
4. Power distance (PD)	17.44	12.09	.30***	-.12*	.10	NA
5. Long-term orientation (LTO)	16.20	11.70	.25***	.26***	.11*	.17**	NA
6. Coordination and monitoring	4.23	1.14	.31***	-.24***	.14*	.22***	.13*	.75
7. Planning and scheduling	4.45	1.16	.32***	.26***	.15*	.13*	.32***	.25***	.71
8. Client interaction	4.50	1.34	.31***	-.19**	.08	.11*	.23***	.29***	.33***	.74
9. Project complexity risk	4.75	1.46	.09	.10	.30***	.23***	.28***	.23***	.26***	.21***	.76
10. Requirement risk	4.91	1.23	.05	.08	.06	.14*	.15*	.12*	.17**	.14*	.29***	.74
11. Project duration (control)	95.22	10.22	.07	.04	.02	.08	.23***	.17**	.22**	.22***	.33***	.35***	NA
12. Team size (control)	9.95	1.03	.11*	.04	.07	.11*	.05	.15*	.20**	.20**	.31***	.20**	.23***	NA
13. Project size (control)	1,732	442	.09	.06	.05	.15*	.21**	.22***	.22***	.18**	.28***	.26***	.55***	.54***	NA
14. Team experience (control)	8.60	2.87	.10	−.15*	.11*	.09	.06	.20**	.20**	.16**	.19**	.08	.16*	.13*	.13*	NA
15. IT Project performance	42.13	11.04	.08	.05	−.14*	−.20**	.19**	.17**	.25***	.26***	−.28***	−.23***	−.27***	−.23**	−.22***	.22***	NA

Notes: n = 325; * p < .05. ** p < .01. *** p < .001. NA: Not applicable. Mean and SD for cultural values represent the average percentage of teammates per team who scored at or above the 20% cutoff for a particular cultural value (e.g., the average team had 22.7% of its team members with high uncertainty avoidance). Diagonal elements are the square root of the shared variance between the constructs and their measures; off-diagonal elements are correlations between constructs.

Project performance was modeled as a formative construct. Consequently, it is not subject to the same evaluation criteria as latent constructs modeled with a reflective specification [60]. It is recommended that such constructs be evaluated for multicollinearity using the variance inflation factor (VIF) with an upper threshold of 10 [11]. The VIF for project performance was less than four, suggesting that multicollinearity was not a concern. Appendix C reports item weights for the formative measure of project performance where the weights show the importance of each item. In addition, the item-to-item correlations were higher than item-to-construct correlations and the items had higher correlations with the composite scores of project performance than with the composite scores of other constructs, demonstrating adequate discriminant validity.

Overall, the results support the validity of the measurement model. We proceeded to aggregate the item scores for each construct by computing linear composites following the approach of Tanriverdi and Uysal [72] and Windeler et al. [78]. As is recommended for constructs with reflective indicators, we averaged the indicator scores to compute the variables for cultural values, project risk management, and technical project risk [72]. For the formative project performance construct, we averaged the unit weights from the measurement model [63].

Results

Hierarchical moderated regression analysis was used to test the hypotheses. We first included the control variables only, followed by the main effects and finally, the interaction effects. We examined the data with respect to the underlying assumptions of OLS regression and data problems (i.e., outliers, multicollinearity, normality of error terms, independence of error terms, and homogeneous variance) and found no violations. Table 2 presents the model testing results.

Table 2. Results of Model Predicting IT Project Performance

	IT Project Performance			Coordination and monitoring		Planning and scheduling		Client interaction
	Model 1	Model 2	Model 3	Model 1	Model 2	Model 1	Model 2	Model 1	Model 2
Controls:
Project duration	−.18**	−.15*	−.13*	−.12*	−.08	−.15*	−.13*	−.16**	−.13*
Team size	.07	.05	.04	.08	.08	.13*	.11*	.14*	.10
Team experience	.11*	.08	.05	.14*	.12*	.17**	.14*	.08	.05
Project size	−.16*	−.13*	−.10	−.13*	−.12*	−.17**	−.13*	−.04	−.04
Main effects:
Individualism/collectivism	.09	.06	.04		.24***		.23***		.19**
Masculinity/femininity	.05	.07	.05		−.16**		.17**		.08
Power distance	−.14*	−.08	−.05		.14*		.07		.07
Long-term orientation	.12*	.09	.06		.08		.21***		.16**
Uncertainty avoidance	.08	.03	.04		.09		.08		.07
Mediators:
Coordination and monitoring		.15*	.11*
Planning and scheduling		.20**	.14*
Client interaction		.15*	.11*
Moderators:
Requirement risk		−.05	−.02
Project complexity risk		−.11*	.07
Interactions:
Coordination and monitoring X Requirement risk			.15*
Planning and scheduling X Requirement risk			.17**
Client interaction X Requirement risk			.28***
Coordination and monitoring X Project complexity risk			.08
Planning and scheduling X Project complexity risk			.16**
Client interaction X Project complexity risk			.12*
R^2	.23	.24	.34	.10	.25	.14	.26	.07	.17
ΔR^2		.01	.10**		.15***		.12***		.10**

Notes: n = 325. * p < .05; ** p < .01; *** p < .001.

Project Risk Mitigation Processes and IT Project Performance

H1 predicted that the three project risk mitigation processes—coordination and monitoring, planning and scheduling, and client interaction—would positively influence IT project performance. From Table 2 (model 2), all three project risk mitigation processes have a positive effect on IT project performance, supporting H1.

Moderating Role of Technical Project Risk

In H2 and H3, we predicted that requirement risk and project complexity risk would moderate the relationship between project risk mitigation processes and IT project performance, such that the relationships would be stronger when these technical risks are high compared to when they are low. To test these hypotheses, we followed guidelines outlined by Aiken et al. [1] by mean-centering project risk mitigation processes, project complexity risk, and requirements risk prior to creating the interaction terms to reduce collinearity between the main effect and interaction terms. All variance inflation factors (VIF) were below 6, indicating that multicollinearity was not a concern.

From Table 2, model 3 explained significant variance in IT project performance over and above that which was explained by the main effects model (model 2). The variance explained by the moderation model was 34%, an increase of 10% over and above the main effects model, indicating that the moderated model explains greater variance in IT project performance than does the main effects model. Both requirement risk and project complexity risk moderate the relationship between project risk mitigation processes and IT project performance, except that the interaction effect between coordination and monitoring and project complexity risk is non-significant. The plots of the interaction and the tests of simple slopes demonstrated the expected pattern, providing further support for the form of the moderation (see Appendix D). H2 is supported while H3 is mostly supported.

Mediated Effects of IT Project Team Cultural Composition on IT Project Performance

H4-H8 predicted that IT project team cultural composition would influence IT project performance through the project risk mitigation processes—an indirect effect. From Table 2, where the project risk mitigation processes are the dependent variables, IT project team masculinity composition had a negative effect on coordination and monitoring, and IT project team collectivism and power distance composition each had a positive effect on coordination and monitoring. IT project team collectivism, masculinity, and long-term orientation composition were each positively related to planning and scheduling. Finally, IT project team collectivism and long-term orientation composition were each positively related to client interaction. Interestingly, IT project team uncertainty avoidance composition had no effect on any of the project risk mitigation processes. We next examined the extent to which cultural composition affected IT project performance through these processes.

We estimated the indirect effects using bootstrapping to assess the mediating role of project risk mitigation processes [61, 70]. Bootstrapping is the preferred approach to test for mediation as it can quantify the mediation effect, it is robust to skewness in the distribution of the product term, and it does not require large sample sizes [20]. Appendix E shows that IT project team collectivism composition has an indirect effect on IT project performance through all three project risk mitigation processes. IT project team masculinity composition has an indirect effect on IT project performance through coordination and monitoring, and planning and scheduling, but not through client interaction. Power distance composition indirectly influences IT project performance through coordination and monitoring, but not through the other two project risk mitigation processes. Finally, long-term orientation composition has an indirect influence on IT project performance through planning and scheduling, and client interaction, but not through coordination and monitoring. These results provide partial support for H4-H7, while H8 is not supported. Table 3 summarizes the hypotheses testing results.

Table 3. Summary of Hypotheses Results

Hypothesis	Independent Variable	Moderator	Mediator	Dependent Variable	Result
H1	Risk mitigation processes	None	None	IT project performance	Supported
H2	Risk mitigation processes	Requirement risk	None	IT project performance	Supported
H3	Risk mitigation processes	Project complexity risk	None	IT project performance	Supported for planning and scheduling and client interaction, but not for coordination and monitoring
H4	Individualism/collectivism	None	Risk mitigation processes	IT project performance	Supported
H5	Masculinity/femininity	None	Risk mitigation processes	IT project performance	Supported for planning and scheduling, but not for coordination and monitoring and client interaction
H6	Power distance	None	Risk mitigation processes	IT project performance	Supported for coordination and monitoring, but not for planning and scheduling and client interaction
H7	Long-term orientation	None	Risk mitigation processes	IT project performance	Supported for planning and scheduling and client interaction, but not for coordination and monitoring
H8	Uncertainty avoidance	None	Risk mitigation processes	IT project performance	Not supported

It may be instructive to understand how the project risk mitigation processes affect different aspects of IT project performance, particularly because IT project managers often face a triple constraint of balancing between quality, on-time delivery, and cost [67]. Appendix F shows that the three project risk mitigation processes have a stronger positive influence on project quality when technical risk is high versus when it is low. Similar patterns emerge in predicting project delivery and project cost, except the interaction between coordination and monitoring and project complexity risk is non-significant. Taken together, these results suggest that the predictive validity of the project risk mitigation processes is robust across different aspects of IT project performance. The different project risk mitigation processes prove useful across all three IT project objectives (i.e., cost containment, on-time delivery, and project quality).

Discussion

The objective of this research was to advance understanding of how to mitigate the threat of technical project risk on IT project performance at the IT project team level. We developed a holistic nomological network that integrates consideration of people, process, and technology when examining the mitigation of technical project risk. Drawing on cultural contingency theory, the IT project risk framework, and the IT project management literature enabled us to explain how the execution of project risk mitigation processes mitigates the effects of technical project risk. Our field study of 325 IT project teams revealed that team cultural composition has mixed effects on IT project risk mitigation processes, with cultural composition on some values having a negative influence (e.g., masculinity), others a positive influence (e.g., collectivism, power distance, long-term orientation) and others having no influence at all (e.g., uncertainty avoidance). We also found that project risk mitigation processes all positively influence IT project performance and that this positive influence is stronger when technical project risk is high versus when it is low.

Counter to expectations, masculinity composition of IT project teams had a negative influence on coordination and monitoring processes. This may be because masculinity composition promotes a countervailing force that emphasizes task execution without consideration of relationship between tasks. Underlying this is an instrumental motive that narrowly values completion of tasks. Given the division of task responsibilities in IT project teams, as a greater proportion of team members espouse this cultural value there is more likely to be a focus on completing assigned tasks and less on synchronizing tasks. Such a view is similar to observations by Maruping et al. [47] that incentives that emphasize self-regulation of task execution made it more difficult for teams to coordinate a response to requirement risks because all team members are narrowly focused on their own tasks.

It is interesting that uncertainty avoidance composition had no significant effect on any of the project risk mitigation processes. This is counter to expectations because teams with a high uncertainty avoidance orientation are generally expected to be the most likely to engage in project risk mitigation processes. It is possible that IT project teams with high uncertainty avoidance composition do not see these project risk mitigation processes as a means for resolving uncertainty about how to achieve IT project objectives. Such teams may prefer to establish clearly laid out task processes such as those embodied in software development methodologies. Such task processes provide a clear set of technical steps for achieving a functional software output, which the project risk mitigation processes do not provide. The weak or non-significant correlations between uncertainty avoidance and risk mitigation processes provide some evidence to support this explanation.

Theoretical Contributions

First, we contribute to the IT project management literature by offering a holistic nomological network that identifies the people, process, and technology issues involved in mitigating technical project risk. In examining how to mitigate technical project risk, the IT project management literature has maintained a strict focus on the effects of IT project controls (e.g., [30, 47, 73, 77]). Our study provides an alternative approach to technical project risk mitigation by elaborating on the team composition and processes that enable IT project teams to alleviate such threats. This holistic nomological network recognizes that as the technical aspects of IT project development involve collaboration among multiple individuals working together toward a common objective (e.g., [31]), it is important to consider the composition of the IT project team as well as the interdependent activities in which they engage to mitigate technical project risk. Wallace et al. [76] identified planning and control risk and team risk as major project management risks that arise from technical project risk. However, subsequent IT project management research has done little to elaborate on the specific IT project team activities that tackle these risks head-on. Drawing from the IT project management literature, our study identifies three risk mitigation processes defined by organizational structure (e.g., [33, 40, 49]). Our findings show that these project risk mitigation processes positively influence IT project performance. Moreover, these processes are more robust determinants of IT project performance in IT projects where technical project risk is high compared to IT projects in which such risk is low.

Second, we contribute to the IT project management literature by identifying team cultural composition and coordination and monitoring as mechanisms to ward off IT project risk. While the IT project management literature broadly recognizes that cultural values can affect IT project risk, this has been studied almost exclusively through the lens of cultural differences and how they increase such risk (e.g., [38]). We took a new perspective on cultural values as a mechanism for warding off IT project risk by focusing on the cultural composition of each IT project team—in terms of the proportion of team members who embrace a particular cultural value. Adopting this cultural composition perspective yielded some very interesting insights that have not been observed in prior empirical work. Importantly, we observed that as the proportion of team members with high masculinity values increased, IT project teams were less likely to engage in coordination and monitoring. Conversely, we found that as the proportion of team members who embrace high power distance values increases, IT project teams were more likely to engage in coordination and monitoring. This shows that the specific cultural values underlying team cultural composition do not have uniform effects on coordination and monitoring activities in IT project teams. This insight provides a more complete view of the IT project risk framework by elaborating on team composition and its consequences for internal team functioning. Furthermore, our focus on team cultural composition fills an important gap in the literature on the role of culture in IT projects [41].

Third, we contribute to the IT project management literature by theorizing the mediating mechanisms that link IT project team cultural composition to IT project performance. Although team risk has been conceptualized as the threat associated with an IT project team’s inability to perform the activities necessary to carry out the IT project [68], the IT project management literature lacks guidance on the mechanisms by which such risk affects IT project performance. By establishing an IT project team composition → project risk mitigation process → IT project performance relationship through our nomological network, we provide a more holistic understanding of linkages between the various project risks and how they can be managed at the IT project team level. Viewed through this holistic lens, higher long-term orientation composition increases IT project performance by facilitating planning and scheduling, and client interaction processes. Planning and scheduling processes also appear to be facilitated by higher masculinity composition in IT project teams. The implication is that higher composition on these cultural values mitigates project risk. In contrast, higher masculinity composition seems to reduce the propensity of IT project teams to engage in these project risk mitigation processes—thus, increasing risk. By understanding the cultural composition of an IT project team, it is possible to predict their ability to carry out the necessary IT project activities. The cultural composition provides a window into how well-equipped the IT project team is to engage in such activities, and the activities translate into IT project performance.

Limitations and Future Research

First, the generalizability of our findings may be restricted due to the specific setting of our study. Concern about generalizability may, to some extent, be alleviated considering that the IT projects in our study included multiple client companies from various countries (e.g., U.S., European countries) and representing different industries (e.g., finance, marketing, manufacturing). Although the participants in our study were from one company in China, we observed significant cultural differences across individuals. Future research could validate our model in other settings. Second, although our operationalization of IT project team cultural composition is consistent with generally accepted approaches in the literature, it does not take into account that members low on a cultural dimension still possess some amount of that cultural dimension. We used the team average score as another approach to operationalize team cultural composition and obtained similar findings (see Appendix G). In the end, theory should guide whether consideration of other members is relevant. In this study, we emphasize the effects of increasing proportions of team members who espouse a particular cultural value. From a theory perspective, our existing operationalization is appropriate. Third, we measured individual culture using Srite and Karahanna’s [71] measures. While this is consistent with the conceptualization of espoused culture at the individual level, it also presented some challenges in operationalizing individualism/collectivism composition and masculinity/femininity composition. The existing measurement scales for espoused culture do not use a bipolar scale (e.g., [71]). Further, the items for masculinity/femininity were not fully consistent with its conceptualization that is less bounded by gender bias. Future research could develop better scales for these two cultural dimensions. Fourth, future research could identify interventions to mitigate the negative relationship between masculinity composition of IT project teams and coordination and monitoring processes. It is also important to theorize the differential effects of various risk mitigation processes to gain a more nuanced understanding of the relationships between team cultural composition and risk mitigation processes. Finally, our findings on the positive roles of coordination and monitoring, and planning and scheduling in mitigating project risks and affecting project performance are not completely congruent with the traditional view that often discredit the role of planning for projects that involve new or unfamiliar technologies, and volatile or unclear requirements. In light of this, we suggest that future work should investigate the right level of planning and scheduling, and coordination and monitoring, and other situational factors to help us gain a better understanding of how a plan-driven approach affects various types of IT projects.

Practical Implications

Our findings have important implications for managers. A principal take-away from this research is that IT project team cultural composition matters. While technical competence is a primary consideration in IT project team staffing, project managers need to be attuned to the cultural makeup of their teams. An appreciation for the cultural values that are predominant among IT project team members enables project managers to identify natural strengths and deficiencies their teams will have. For instance, when a project manager knows that her IT project team is largely composed of long-term orientation members or high collectivism members, she is reasonably assured that the team will naturally develop clear plans and milestones to achieve project objectives and will seek input from clients when appropriate. Conversely, a project manager who knows that his IT project team is largely composed of high masculinity members can intervene when necessary to encourage his team members to perform project risk mitigation processes. In sum, while we recognize that IT project team staffing decisions are not driven by consideration of cultural values, we underscore that there is value to understanding the cultural composition of one’s team so that an appropriate strategy for mitigating risk can be identified.

The findings with respect to the moderating role of technical project risks suggest that project managers need to consider different interventions depending on whether the IT project for which they are responsible is highly complex or experiences a high frequency of requirement changes. In IT projects where technical project risk is high, project managers should recognize that they will have to step in and push their IT project teams to engage in project risk mitigation processes when the form of team cultural composition does not lend itself to executing such processes. In such circumstances, failure to intervene will increase the likelihood of IT project failure. Conversely, when the team is more inclined to execute such processes, there is less need for intervention by the project manager. In fact, such IT project teams will likely feel a sense of ownership if the impetus for engaging in such activities comes from them rather than from the project manager. For project managers, the key is in knowing when to intervene.

Conclusion

The ability to achieve high IT project performance is contingent on the influence of technology, people and process. While this is broadly recognized in the IT project management literature, prior research has tended to examine these factors independently of each other. Consequently, there have been limited efforts to develop holistic research models that adequately describe the relationships between these factors and how their co-presence in an IT project can affect the ability to achieve high performance. We have developed such a nomological network by theorizing the relationship between IT project team cultural composition, project risk mitigation processes, and technical project risk in affecting IT project performance. Our results show that project risk mitigation processes increase IT project performance and that execution of these processes is especially important in the presence of high technical project risk. Furthermore, IT project team cultural composition influences the degree to which IT project teams execute these project risk mitigation processes. This study advances IT project management research by demonstrating how consideration of combined influence of technology, people, and process affects IT project performance.

Supplemental Material

Supplemental data for this article can be accessed on the publisher’s website.

Additional information

Notes on contributors

Likoebe M. Maruping

Likoebe M. Maruping ([email protected]; corresponding author) is Associate Professor of Computer Information Systems and a member of the Center for Process Innovation in the J. Mack Robinson College of Business at Georgia State University. His research is primarily focused on collaboration and innovation in small- and large-scale collectives such as teams, communities, and crowds. His interests in this area focus on the enabling role of digital collaboration platforms, the mechanisms underlying the collaboration process, and the leadership and governance of collaborative efforts in organizational and open environments. Dr. Maruping is an Associate Editor for Information Systems Research and is a Senior Editor for Journal of the Association for Information Systems. He previously served as an Associate Editor for MIS Quarterly.

Viswanath Venkatesh

Viswanath Venkatesh ([email protected]), who completed his Ph.D. at the University of Minnesota, is Distinguished Professor and Billingsley Chair at the University of Arkansas. His papers, many of which are highly cited, have appeared in journals in various fields including information systems, human-computer interaction, medical informatics, marketing, management, psychology and operations management. He developed and maintains an IS research rankings website that has received the Technology Legacy Award of the Association for Information Systems (AIS). Dr. Venkatesh has served in editorial roles at various journals. He is a Fellow of AIS and of the Information Systems Society (INFORMS).

James Y. L. Thong

James Y. L. Thong ([email protected]) is the Michael Jebsen Professor of Business and Chair Professor of Information Systems in the School of Business and Management, Hong Kong University of Science and Technology. He received his Ph.D. in Information Systems from the National University of Singapore. His research on technology adoption and implementation, e-government, human–computer interaction, information privacy, software piracy, and IT in small business has appeared in Information Systems Research, Journal of Management Information Systems, MIS Quarterly, and Journal of the Association for Information Systems, among others. Dr. Thong is Senior Editor for MIS Quarterly and served as an Associate Editor for Information Systems Research. He is a Fellow of the Association for Information Systems (AIS).

Xiaojun Zhang

Xiaojun Zhang ([email protected]) is an Associate Professor of Information Systems at the Hong Kong University of Science and Technology. He received his Ph.D. from the University of Arkansas. His primary research stream focuses on understanding the impacts of technology on performance outcomes. His research has been published in various journals, including MIS Quarterly, Information Systems Research, Journal of the Association for Information Systems, and European Journal of Information Systems.

Notes

1. Project management risk is different from risk mitigation processes in that the former represents a team’s risk perceptions and the latter represents a team’s behaviors and actions of mitigating IT project risks. In addition, risk mitigation processes are different from good management practices. In this case, the risk management processes chosen are not simply good management practices. They are also specific to or relevant for the context of our study with a focus on new system development that is likely to involve new technologies and have more challenges in defining requirements.

2. It is important to note that such collective behavior is not contingent on the development of a team culture over time. Rather, because individuals with similar cultural values also possess similar schemata on how to operate in the work context, they are likely to adopt similar practices in their work [56]. This is particularly likely in short-lived teams where a pressing need for task-focus overrides the luxury of spending time developing a shared culture.

3. In the model estimation, coefficients for nationality were non-significant. This result corroborates suggestions that consideration of individual cultural values may be more meaningful than country-level considerations [74]. In the interest of parsimony, we subsequently dropped nationality from the analyses.