• Noraini Che Pa Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 UPM, Serdang, Selangor, Malaysia.
  • Bokolo Anthony Jnr Faculty of Computer Science and Information Technology, University Putra Malaysia, 43400 UPM, Serdang, Selangor, Malaysia.



Risk, operational risk, technical risk, strategic risk, risk mitigation, ICT and knowledge codification.


Recently, organisations have incorporated various methods into their business process in mitigating risk. Although, Information and Communication Technology (ICT) practitioners is not capable mitigate the identified risk systematically due to the high magnitude of loss caused by operational, technical and strategic risk. The ICT practitioners need to improve their ability to identify and mitigate the risks to ICT infrastructures. Besides that ICT practitioners in organization find it difficult to mitigate risks if they don’t utilize completely their knowledge. There is need for ICT practitioner to codify knowledge, especially through the development of policies and practices to guide decision makers in mitigate risk in their organizations. The aim of this paper is to develop a process model for capturing, storing, disseminating and utilizing risk knowledge of knowledge-based supporting ICT practitioners to make decisions. Quantitative research methodology was adopted for reviewing of existing risk mitigation approaches in ICT and carrying out a survey using questionnaire among ICT practitioners. The questionnaire was used to validate the developed process model. Findings from the questionnaire confirms that the developed process model can assist ICT practitioners in mitigating operational, technical and strategic risk based on the codification of past knowledge of risk experts.


Noraini, C. P., Bokolo, A. J., Rozi, N.H. N. and Masrah, A.A. M. 2015. Risk Assessment of IT Governance: A Systematic Literature Review. Journal of Theoretical and Applied Information Technology. 71(2): 184-193.

Noraini, C. P., Bokolo, A. J., Rozi, N. H. N. and Masrah, A.A. M. 2015. A Review on Risk Mitigation of IT Governance. Information Technology Journal. 14 (1): 1-9.

Peter, T. and Kevin C. D. 2012. Knowledge risks in organizational networks: An exploratory framework. Journal of Strategic Information Systems. 21(1): 1-17

Bruce, E.P. 2007. A Strategic Risk Approach To Knowledge Management. Business Horizon. 50 (1): 523-533.

Pratim, D. and William, A. 2010. Software And Human Agents In Knowledge Codification. Knowledge Management Research And Practice. Operational Research Society. 8(1): 45-60.

Acelya, E. Y., Irem, D., Talat, M. B., Kerem, E., Selcuk, A. 2014. A Knowledge-Based Risk Mapping Tool For Cost Estimation Of International Construction Projects. Automation In Construction. 43 (1): 144-155.

Jean, C.L.C. 2005. Are Organisations Too Complex To Be Integrated In Technical Risk Assessment And Current Safety Auditing. Safety Science. 43 (5): 613–638.

Milan, R. and Petr, T. 2011. Operational Risk. Scenario Analysis Prague Economic Papers. 1(1): 23-39.

Frits, T. and Chris S. 2013. Operational Risk Assessments By Supply Chain Professionals: Process And Performance. Journal Of Operations Management. 31(2): 37–51.

Mark, L. F. and Richard J. A. 2011. What Is Strategic Risk Management? Strategic Management. 1(1): 1-20.

Alexander, R., William, W. and Neil M. 2012. Strategic Risk Management, Edinburgh Business School, Heriot-Watt University Edinburgh. 1-15.

Wendy, L. C. 2003. A Knowledge-Based Risk Assessment Framework for Evaluating Web-Enabled Application Outsourcing Projects. International Journal of Project Management. 21(2): 207-217.

Nonaka, I. and Takeuchi, H. 1995. The Knowledge Creating Company: How Japanese Companies Create the Dynamics of Innovation. Oxford University Press USA. 1-15.

Dale, N. 2005. Managing Corporate Risk Through Better Knowledge Management. The Learning Organization. 12(2): 112-124.

Chris, K. 2013. Knowledge Management, Codification and Tacit Knowledge. Information Research. 18 (2): 1-14.

Paul, W., Marcin, R., Dagmar, C., Milos, C., Jana, S. and Jana, M. 2014. The Implications of Tacit Knowledge Utilisation within Project Management Risk Assessment. 1(1): 645-652.

Dani`ele, B., Gilles, L., Blandine, L.,Christophe, L. and Jocelyne, L. 2001. Completion Of Knowledge Codification: An Illustration Through The ISO 9000 Standards Implementation Process. Research Policy. 30(2): 1395–1407.

Sandra, M. N., Carlos, E. S. S., Valério, A. P. S., Aneirson, F. S., Bárbara, E. P. S. 2014. Risk Management In Software Projects Through Knowledge Management Techniques: Cases in Brazilian Incubated Technology-Based Firms. International Journal of Project Management. 32(1): 125–138.

Mostafa, J., Jalal, R., Mohammad, M. M. and Atefe, H,. 2011. Development And Evaluation Of A Knowledge Risk Management Model For Project-Based Organizations. Management Decision. 49(3): 309-329.

Eduardo, R. and John, S. E. 2009. Knowledge Management and Enterprise Risk Management Implementation in Financial Services. 1(1): 1-17.

Noraini, C. P. and Bokolo, A. J. 2015. A Review on Decision Making of Risk Mitigation for Software Management. Journal of Theoretical and Applied Information Technology. 76(3): 333-341.

Noraini, C. P., Bokolo, A. J. and Rozi, N. H. N., and Yusmadi, Y. J. 2015. Proposing a Model on Risk Mitigation In IT Governance. Proceedings of the 5th International Conference on Computing and Informatics, (ICOCI 2015), 11-13 August, 2015 Istanbul, Turkey, 1-6.




How to Cite