ADDIS ABABA UNIVERSITY

SCHOOL OF COMMERCE

DEPARTMENT OF PROJECT MANAGEMENT POST GRADUATE

PROGRAM

ASSESMENT OF RISK MANAGEMENT PRACTICE FOR PROJECT

SUCCESS: THE-CASE OF CORE BANKING SYSTEM REPLACMENT
PROJECT IN WEGAGEN BANK SH.CO.

BY: ELIZABETH SEYOUM

A RESEARCH PROJECT SUBMITTED TO ADDIS ABABA UNIVERSITY

SCHOOL OF GRADUATE STUDIES IN PARTIAL FULFILLMENT OF
THE REQUIREMENTS FOR THE AWARD OF MASTER OF ARTS IN
PROJECT MANAGEMENT

ADVISOR: DR. BANTIE WERKIE

JULY 2021

ADDIS ABABA, ETHIOPIA

1
 ADDIS ABABA UNIVERSITY

COLLEGE OF BUSINESS AND ECONOMICS

SCHOOL OF COMMERCE

ASSESMENT OF RISK MANAGEMENT PRACTICE FOR PROJECT

SUCCESS

THE CASE OF CORE BANKING SYSTEM REPLACMENT PROJECT IN

WEGAGEN BANK SH. CO.

By: Elizabeth Seyoum

Approved by Board of Examiners:

Advisor ___________Signature _____________Date______________

Internal Examiner Name ______________Signature _____________Date______________

External Examiner Name _______________Signature _____________Date______________

2
 Declaration

I hereby declare that the study which is being presented in this thesis entitled ―Assessment of
Risk Management Practice for Project Success the case of- Core Banking System Replacement
Project in Wegagen Bank Sh. Co.‖ is original work of my own. It had not been presented for a
partial fulfillment for any educational qualification at this university or any other and in any
projects by any means, and all the resources materials used for this thesis had been accordingly
acknowledged.

Elizabeth Seyoum

_______________ __________________

DATE SIGNATURE

i
 Acknowledgments
First of all I would like to thank God for helping me to finalize this project work. I wish to
extend special thanks to my advisor Dr. BantieWerkie for his priceless comments, tolerance and
guidance throughout this project work. I would also like to thank my friends and all family
members who supported me and offered deep insight into the study. I wish to acknowledge the
help provided by the team members and technical support staffs participated in the core banking
system replacement project of the bank.

i
 Table of Contents
Acknowledgments............................................................................................................................ i
Table of Contents ............................................................................................................................ ii
Acronyms ........................................................................................................................................ v
Abstract .......................................................................................................................................... vi
CHAPTER ONE ............................................................................................................................. 1
INTRODUCTION .......................................................................................................................... 1
1.1 Background of the Study ............................................................................................................ 1
1.2 Background of the Organization ................................................................................................ 3
1.3 Statement of the Problem ........................................................................................................... 3
1.4 Basic Research Questions .......................................................................................................... 5
1.5 Objective of the Study ................................................................................................................ 5
1.5.1. General Objective ................................................................................................................ 5
1.5.2. Specific Objective ............................................................................................................... 5
1.6 Significance of the Study............................................................................................................ 6
1.7 Scope of the Study ...................................................................................................................... 6
1.8 Limitation of the Study ............................................................................................................... 7
1.9 Organization of the Study........................................................................................................... 7
CHAPTER TWO ............................................................................................................................ 8
LITERATURE REVIEW ............................................................................................................... 8
2.1 Introduction .................................................................................................................................... 8
2.2. TheoreticalReview ........................................................................................................................ 8
2.3 Project Management ...................................................................................................................... 8
2.4. Risk................................................................................................................................................. 9
2.5. Types of Risk ................................................................................................................................ 9
2.5.1. Operational Risk .................................................................................................................... 9
2.5.2. Performance risk ..................................................................................................................... 9
2.5.3.Cost risk .................................................................................................................................. 10
2.5.4.Schedule risk .......................................................................................................................... 10
2.6. The Emergence of Risk Management ...................................................................................... 10
2.7. Advantages of Implementing Risk Management in Organizations....................................... 11

ii
 2.8. Project Risk Management ........................................................................................................ 12
2.9. Steps in Risk Management Process .......................................................................................... 13
2.10. Empirical Reviews ................................................................................................................. 15
2.11.Conceptual framework .............................................................................................................. 18
CHAPTER THREE ...................................................................................................................... 19
RESEARCH METHODOLOGY.................................................................................................. 19
INTRODUCTION ........................................................................................................................ 19
3.1. Research Design ......................................................................................................................... 19
3.2. Research Approach ..................................................................................................................... 19
3.3. Type and Source of Data............................................................................................................ 20
3.4. Data Gathering Instruments ....................................................................................................... 20
3.5. Sampling Techniques and Sample Size ................................................................................... 21
3.5.1. Sampling Technique ............................................................................................................ 21
3.5.2. Sampling Size ...................................................................................................................... 21
3.6. Method of Data Analysis and Presentation .............................................................................. 22
3.7. Validity and Reliability .............................................................................................................. 22
3.8. Ethical Considerations ............................................................................................................... 23
CHAPTER FOUR ......................................................................................................................... 24
4. DATA ANALYSIS AND INTERPRETATION ...................................................................... 24
4.1 Introduction .................................................................................................................................. 24
4.2 Demographic Analysis ................................................................................................................ 25
4.2.1Gender ..................................................................................................................................... 25
4.2.2 Age ......................................................................................................................................... 26
4.2.3 Job Position ........................................................................................................................... 26
4.3 Current Project Risk Management Process in Wegagen Bank sh co. .................................... 28
4.4.Compiled responses found from the interview Questions....................................................... 29
4.4.1 Assessment of Project Risk Identification in core banking system replacement project
of the bank: ..................................................................................................................................... 30
4.4.2 Assessment of Project Risk Analysis in the Core Banking System Replacement of the
Bank 33
4.4.3Evaluate Risk in the core banking system replacement of the Bank ............................... 34

iii
 4.4.4 Treatment of Risk on the project......................................................................................... 35
4.4.5 Assessment of Project Risk Monitoring and Control ....................................................... 35
CHAPTER FIVE .......................................................................................................................... 37
SUMMARY, CONCLUSIONS AND RECOMMENDATIONS................................................. 37
5.1. Summary of Basic Findings ...................................................................................................... 37
5.2 Conclusion .................................................................................................................................... 39
5.3. Recommendation ........................................................................................................................ 39
References:- .................................................................................................................................. 43
ANNEX......................................................................................................................................... 46

iv
Acronyms
PM- Project Management

PMBOK- Project Management Body of Knowledge

PMI- Project Management Institute

IT-Information Technology

WGB- Wegagen Bank

CBS- Core Banking system

v
 Abstract
If risk is not managed properly it can be one factor to hinder success of a project and even it may
lead to project failure. The objective of this study is to show the application of proper risk
management practice is vital for project success. The specific objectives of the study is to assess
the effective risk management practice by taking the core banking system implementation
project of Wegagen Bank Sh.Co. as a case. The study detected the important risk management
elements missed during the implementation of core banking system replacement project of the
bank. The purpose of this study is to assess the project risk management practice during the
Bank’s core banking system replacement project by focusing on basic project risk management
assessment process such as risk management planning, risk identification, analyze risk, evaluate
risk, treat risk and monitoring and controlling, that were identified as basic framework on
different literatures. The main research question focused on what was the practice of project risk
management of core banking system replacement project of Wegagen bank Sh. Co.?The study used
descriptive research design and analysis method, qualitative research approach and purposive
sampling technique. The semi-structural interview was conducted to collect primary data from
the respondents that consisted of 6 core team members including the project manager out of 28
direct participants of the project. The finding of the study indicates that based on the analysis, this
study identified the major gaps between the theory and in the actual risk management practice of the
project. Accordingly the study recommends that as effective communication is basic to minimize
risk during implementation of a project, it is highly recommended that all participants should be
communicated properly about risk and in all life cycle stages of the project. Moreover, to narrow
the gap occurred due to risk mismanagement during implementation of the project due attention
and training should be given for participants with related to various processes under project
risk management practice and risk identification. Based on the analysis finding the study also
recommends that organizations should prepare risk policy and procedure specifically for (IT)
projects that guide the project team to go through a disciplined risk management process. Also
organizations should allocate separate budget and responsible body that can facilitate IT risk
related matters during implementation of projects.

Key words: Risk, Project success, Project Risk Management practice, IT

vi
 CHAPTER ONE
INTRODUCTION
1.1 Background of the Study
According to Project Management Institute, (1996, p. 4)―A project is a temporary endeavor undertaken to
create a unique product or service.‖ A project, by definition, is something that we have not done
previously and will not do again in the future. Because of this uniqueness, we have developed a
―live with it‖ attitude on risk and attribute it as part of doing business.

As stated on Gerard; Claire & Jackie, (2008) risk is a possible event that could cause harm or
loss, or affect the ability to achieve objectives and risk is measured by the probability of a threat,
the vulnerability of the asset to that threat, and the impact it would have if it occurred.

According to Srinivas, (2018), risk management is a planned and a structured process aimed at
helping the project team make the right decision at the right time to identify, classify, quantify
the risks and then to manage and control them. The aim is to ensure the best value for the project
in terms of cost, time and quality by balancing the input to manage the risks with the benefits
from such act. It is just a cost benefit analysis

Also according to Project Management Institute, Inc (2021) explanation risk management
processes fall into five groups like Initiating, planning, executing, monitoring and controlling
and closing. It states that project management knowledge draws on ten areas such as integration,
scope, time, cost, quality, procurement, human resources, communications, and risk
management. Therefore, from the above idea we can observe that project risk management is one
of the knowledge areas of project management that should be implement properly in all life cycle
stages of any project.

Risk management processes were developed and implemented where risk information was made
available to key decision-makers. The risk management process, however, should be designed to
do more than just identify the risk (Kerzner, 2003 p.652). The focus of good risk management is
the identification and treatment of risks. It increases the probability of success and reduces the
likelihood of failure and the uncertainty of achieving objectives (Hopkin, 2010 p. 246).

According to PMI4DEV (2021), Project success has been historically defined as a project that
meets its objectives under budget and under schedule. This evaluation criterion has remained as

1
the most common measure in many industries. But for a development project, success goes
beyond meeting schedule and budget goals, it includes delivering the benefits and meeting
expectations of beneficiaries, stakeholders, donors or funding agencies.

Nowadays a sound management of risk is a crucial determinant of the success of a project due to
an increased attention to the variability of actual quality, time, and cost performance compared to
the expected one as a consequence of a growing pressure on reducing time and costs (Cagliano;
Grimaldi & Rafele , 2015).

Mobey & Parker (2000) cited in Kishk and Ukaga (2008), stated that increase the chances of a
proposed project succeeding, it is necessary for the organization to have an understanding of
potential risks, to systematically and quantitatively assess these risks, anticipating possible
causes and effects, and then choose appropriate methods of dealing with them.

Risk management plans contribute to project success by establishing a list of internal and
external risks. This plan typically includes the identified risks, probability of occurrence,
potential impact and proposed actions. High risk events are likely to cause a significant
increase in the budget, disruption of the schedule or performance problems (Duggan, 2019).

An Empirical Investigation by Kishk and Ukaga (2008), states that, there is a significant positive
relationship between risk management components (risk planning and definition, risk analysis,
response to danger, evaluation and review of risk) in achieving project success, also stated that it
has been established that there was a direct relationship between effective risk management and
project success based on their case study. Besides, it can be argued that the more effective
continuous risk management implemented in a project, the higher the chances of project success.

According to news business Ethiopia (2021), for the past two decades more than sixteen private
banks joined in the market and among them Wegagen Bank Sh. Co. is the one. Therefore, this
research will try to assess the risk management practice of the bank for its project success during
its Core Banking system (CBS) Replacement project.

Core banking modernization refers to the replacement, upgrade, or outsourcing of a bank‘s

existing core banking systems and information technology (IT) environment. These systems

2
perform mission critical operations for the bank – processing accounts, loans, payments, and
securities and constitute the heart and backbone of the bank‘s IT infrastructure (Foest, 2019).

1.2 Background of the Organization

Wegagen Bank Sh.Co. is a privately owned share company which started operations on June 11,
1997 with a subscribed capital of Birr 60 million and a paid up - capital of Birr 30 million. The
number of shareholders reached 3973 and has a network of 395 branches of which 150 are in
Addis Ababa and the remaining 245 are located in regional cities and towns of the country as per
the information on printed brochure 2013 E.C.

The bank is governed by the Board of Directors consisting of a Chairperson, a Vice Chairperson
and Directorates. The overall management directed by the management team which comprises
the President/Chief Executive Officer, who is appointed by the Board of Directors, four Vice-
Presidents and sixteen Directors.

Wegagen Bank Sh. Co gives job opportunity for more than 5000 permanent employees as per the
updated information of the bank‘s website as of November 2020. The organization provides
different kinds of services to its customers, to mention some of the major ones, mobilizes various
types of deposits in which interest is paid monthly, credit facilities to business, investment
establishments. The bank also provides international banking services like purchasing and selling
of foreign currency, import and export permit facility, credit for importers, money transfer
services, cashing VISA card, Agent banking, card banking , ATM banking, Internet banking,
mobile banking and many other related activities.

1.3 Statement of the Problem

The use of information technology (IT) in developing countries has attracted a considerable
amount of attention in recent years. Therefore, development of information technology provides
new software solutions for the banking industry from day today. Nowadays, banking service
supported by modern software solutions preferable in the market as clients allowed to access and
manipulate their accounts easily. Also in that way business transactions become smooth so that it
has a positive effect on one‘s country economy. So that among such software technologies we
can mention core banking solution as one.

3
According to Gartner, (2021) definition, a core banking system (Centralized Online Real-time
Electronic Banking) is as a back-end system that processes daily banking transactions and posts
updates to accounts and other financial records and also refers to the services of networked
branches that allow to their clients to access their funds and to perform simple transactions from
any place. Today, the core banking software solutions are even more relevant by assist banks to
give a quality service in addition to their contribution for urgent transformation journey to
modernization (Enterprise Edges, 2020).

IT projects are characterized by high degrees of risk. The rapid pace of change in technologies
combines changes in business processes to create unpredictable shifts in cost, quality and time. A
survey of more than a thousand Canadian organizations found that the main reason for IT project
failure was inadequate risk management and a weak project plan (Nehari, 2014 p.6)

Managements of some companies and other entities have developed processes to identify and
manage risk across the enterprise, and many others have begun development or are considering
doing so. Entities have enhanced capability to identify potential events, assess risk and establish
responses, thereby reducing the occurrence of surprises and related costs or losses. Every entity
faces a myriad of risks affecting different parts of the organization. Management needs to not
only manage individual risks, but also understand interrelated impacts (COSO, 1998).

(Raz; Shenhar & Dvir, 2002, p.108) stated in their study that, In times of increased competition
and globalization project success becomes even more critical to business performance and yet
many projects still suffer delays, overruns, and even failure. Ironically, however, risk
management tools and techniques, which have been developed to improve project success, are
used too little, and may still wonder how helpful they are. Their finding suggests that risk
management practices are still not widely used. They conclude risk management is still at its
infancy and this time more awareness to application training tool development and research on
risk management is needed.

Therefore, to implement standard risk management processes like risk planning, risk
identification, risk analysis, risk response, risk monitoring and controlling for successful project
accomplishment are vital and a must applied during all life cycle stages of any project. However
the researcher observed the gap between the theory and the practice of project risk management

4
process in the core banking system replacement project of the bank. Some team members who
participated in the project said that they don‘t get adequate training about risk management
before or during the project implementation and they don‘t get the chance to participate in the
identification process as a team at all. Also as per traditional measurement of successful projects
cost overrun, schedule delay and quality products are major so that this project faced schedule
delay and cost overrun. Therefore, having all these information and as proper risk management
enables to avoid such negative scenario, the researcher initiated to assess on the overall risk
management process of the core banking system replacement project of the bank. Moreover, as
understood form the above literature and other written sources the importance of proper risk
management for any project type is vital for success and even if there are other related literatures
written on this issue this study will be additional documentation for further research and
reference.

1.4 Basic Research Questions

The study has requested answers for the following questions to the raised problem and objectives
of the study.

 What is important risk management practice elements missed during the implementation
of core banking replacement project CBS project of the bank?

1.5 Objective of the Study

1.5.1. General Objective
 The general objective of this study is to assess the practice of risk management process
in Wegagen Bank Sh. Co. during the core banking replacement project from old version
of OMNI Solution system to Oracle Flexcube.
1.5.2. Specific Objective

The specific objectives of the study include the following:

 What was the practice of risk planning in the Core Banking Replacement project of the
WGB?
 What was the practice of risk identification in the Core Banking Replacement project of
WGB?

5
  What was the practice of risk analysis in the Core Banking Replacement project of
WGB?
 What was the practice of risk response strategy in Core Banking Replacement project
of WGB
 What was the practice of risk monitoring and controlling in the in Core Banking
Replacement project of WGB
 To see whether Wegagen Bank‘s (WGB) risk management policy and procedure
organized to manage Information Technology (IT) projects?

1.6 Significance of the Study

The major significances of the study are the following:

 It creates awareness that effective risk management practice is main factor for successful
project implementation.
 It helps to revise risk management policy and procedure of organizations with the same
scenario.
 It can be a helpful material to other researchers who are inclined to study on this area as
a base line information source and serves as future reference for students.

1.7 Scope of the Study

It is well known that project management is a broad field area and the researcher desire is to
conduct a study picking a particular element of this profession which is risk management. Risk
management process is one of the ten areas of project management and it plays an important role
towards to make project implementation effective and efficient.

IT projects by nature exposed to risk and needs great care during their implementation.
Therefore, the researcher will undertake the study on the risk management process of Wegagen
Bank Sh. Co. during the implementation of core banking replacement project from the old
version called Omni solution to Oracle flexcube.

6
1.8 Limitation of the Study
There were some limitations on this study:

 Lack of clear and well organized secondary sources with related to the project.
 Some major team members during the implementation of the project used as a source of
information resigned from the bank
 To arrange interview session with the concerned bodies was difficult and it created
pressure on overall schedule of the research work.

1.9 Organization of the Study

This research paper has five chapters. Chapter one contains background of the study, background
of the organization, project profile, statement of the problem, research questions, objectives of
the study, scope, limitation and significance of the study. Chapter two is dedicated to review of
related theoretical and empirical literatures on the topic. Chapter three is about the research
methodology including sources of data, research design, methods of data analysis and ethical
consideration. Chapter four will contains analysis of the results. Chapter five will includes
summary, conclusion and possible recommendations based on the findings.

The background work, information will be gathered from the team and core team members, IT
and risk management experts of the bank participated on the core banking replacement project
and the personal observation of the researcher, also secondary sources related with the project,
referred.

7
 CHAPTER TWO
LITERATURE REVIEW

2.1 Introduction

A literature review is helps to understand the topic of the research selected. It explains what has
already done on the topic and explains related key issues. It explains who has looked at what,
why, and what have they found with related to a selected topic (Hart, 1998). The focus area of
this paper is to empathize the importance of effective risk management practice makes projects
successful .Therefore, effective risk management and related issues discussed by refer different
journals, primary sources websites and literatures.

2.2. Theoretical Review

The main purpose of the theoretical literature review in this study is to provide an insight into
project management, risk, types of risk, risk management, emergence of risk management,
project risk management, advantages of implementing risk management in organizations, steps
of risk management process by conducting a review on journal articles, books, and other
documents.

2.3 Project Management

The PMBOK cited in Fundamental of Project Management (2011), states project management as
―the application of knowledge, skills, tools, and techniques to project activities to meet project
requirements‖ and characterized ―high quality projects to deliver the required product, service, or
result, within scope, on time, and within budget.

According to project management institute (2021), to make project effective, one of the
disciplines required is effective risk management. Doing anything is a risk. Planning a project,
big or small, is inherent with risk. It‘s part of your job to see those issues before they become
problems. Therefore, before executing the project, you have to put in the work to identify, assess,
and control risk.

8
Even if it is not easy to predict all types of risks that might happen over the life cycle of any
project, different literatures states that the quality of managing risk increases the probability of
success for any project.

2.4. Risk

Risk can simply be considered to be ‗an unplanned event with unexpected consequences‘. Risk
may have positive or negative outcomes or may simply result in uncertainty. Therefore, risks
may be considered to be related to an opportunity or a loss or the presence of uncertainty for an
organization (Hopkin, 2017).

2.5. Types of Risk

According to American Express Company (2021), when it comes to risk management, there are
main types of business risk you may want to address in your company.

2.5.1. Operational Risk

This business risk can happen internally, externally or involve a combination of factors.
Something could unexpectedly happen that causes you to lose business continuity.

Whether it's a people or process failure, these operational risks can adversely impact your
business in terms of money, time and reputation. Address each of these potential operational
risks through training and a business continuity plan

2.5.2. Performance risk

Performance risk is the risk that the project will fail to produce results consistent with project
specifications. This is a common risk that is difficult to attribute to any single party. A project
team can deliver the project within budget and schedule and still fail to produce the results and
benefits. On the other hand, performance risk can lead to cost risk and schedule risk when the
performance of a team or technology results in an increase in cost and duration of the project. In
sum, the company lost money and time on a project that failed to deliver (PM, 2021).

9
2.5.3. Cost risk

Cost risk is an escalation of project costs. It is the risk that the project will cost more than the
budget allocated for it. Perhaps the most common project risk, cost risk is due to poor budget
planning, inaccurate cost estimating, and scope creep. The risk is higher when clients want too
much even though the project has few resources only. Cost risk can lead to other project risks
such as schedule risk and performance risk (PM, 2021).

2.5.4. Schedule risk

Schedule risk is the risk that activities will take longer than expected, and is typically the result
of poor planning. It‘s closely related to cost risk, because slippages in schedule typically increase
costs and also delay the outcome of the project, including its benefits. Delays result in missed
timelines and a possible loss of competitive advantage. Schedule risk leads to cost risk because
longer projects cost more. It can also lead to performance risk, missing the timeline to perform
its intended mission (PM, 2021).

In addition to the risks explained above, there are identified sources of risks in banking activity
according to Elsevier B. (2015):

 credit risk - is the inability of a customer to repay the principal and / or interest on the
loan on time
 liquidity risk - the bank's inability to procure the necessary short-term liquidity
 legal risk - losses caused by unexpected changes in regulations
 operational risk - the probability of loss on account of inadequate internal processes,
employees, systems or external events
 strategic risk - refers to the risk that a new competitor, company or product, alter the
level of competition in the banking market

2.6. The Emergence of Risk Management

According to John Wiley & Sons Inc, (1999-2021) the emergence of project risk management
has long been associated with the use of market insurance to protect individuals and companies
from various losses associated with accidents. Other forms of risk management, alternatives to

10
market insurance, surfaced during the 1950s when market insurance was perceived as very costly
and incomplete for protection against pure risk. The use of derivatives as risk management
instruments arose during the 1970s, and expanded rapidly during the 1980s, as companies
intensified their financial risk management and International risk regulation began in the 1980s.

Risk management began to be studied after World War II. Operational risk partly covers
technological losses; today, operational risk has to be managed by firms and is regulated for
banks and insurance companies (O‘Reilly MediaInc, 2021).

2.7. Advantages of Implementing Risk Management in Organizations

Chapman & Ward, 1997 in (PMI, 2021), states that project management is based on the rational
decision-making assumption—that is, it assumes that all risks and uncertainties can be managed.
These assumptions make PRM appear as an effective process with a positive impact on meeting
project objectives and therefore on project success.

According to Hopkin (2017), the risk management policy should set out the roles and
responsibilities for risk management and internal control. The purpose of risk management is to
fulfill mandatory obligations, provide assurance, support decision making and help ensure the
effectiveness and efficiency of core processes. When allocating risk management
responsibilities, consideration should be given in respect of each of the significant risks faced by
the organization to the separate allocation of responsibilities for:

 determining strategy
 designing controls
 auditing compliance
It is generally considered a good idea to document an organization‘s attitude and commitment to
risk management in a high-level document, such as a Risk Management Policy. The policy may
describe the general attitude of the company towards risks, risk management principles, roles and
responsibilities, risk management infrastructure as well as resources and processes dedicated to
risk management.

To reduce and manage risk, create a strong risk management plan is the success of the endeavor.
Also keep risk register up to date by list all possible risk events that have the potential to impact

11
the project. Understand the risk event and be proactive instead of reactive by investing time in
the early stages of the risk management process and fully analyzing each risk (Scott W., 2020).

2.8. Project Risk Management

The goal of risk management is to create a reference framework that will allow companies to
handle risk and uncertainty (Dionne, 2013 P. 9).

Risk management‘s sole purpose is to increase the probability and impact of positive events,
whilst decreasing the impact and probability of threats or adverse. This is achieved by
thoroughly researching and defining any assumptions, conditions, or constraints associated with
the project requirements and objectives (free-managment-ebooks.com, 2014).

According to Tursoy (2018), risk management in banking is theoretically defined as ―the logical
development and execution of a plan to deal with potential losses. Risk Management includes
following processes; plan, identify, analyze and monitor and control risks. Risk management
aims to reduce the likelihood of bad events to happen, and increase chances of positive events to
occur.

According to Hopkin, (2012) an objective of operational risk management is not to remove

operational risk altogether, but to manage the risk to an acceptable level, taking into account the
cost of minimizing the risk as against the resultant reduction in exposure. Strategies to manage
operational risk include avoidance, transfer, acceptance and mitigation by controls.

 Avoiding means to prevent it before the risk happening to your project.

 Mitigation refers action you should take to reduce the damage may cause by risk on a
project. to if we cannot avoid risk to on your project
 Transfer risk is one effective way helps to deal with risk for example to buy insurance is
one way
 The forth step that you proceed if you can‘t avoid, mitigate, or transfer risk is to accept it.
This step requires digging alternatives in any case to minimize the negative impact of the
risk before fully accept it.

12
2.9. Steps in Risk Management Process
Risk management is the act or practice of dealing with risk. It includes planning for risk,
assessing (identifying and analyzing) risk issues, developing risk handling strategies, and
monitoring risks to determine how they have changed (Kerzner, 2003 P.662).

 Risk planning: This is the process of developing and documenting an organized,

comprehensive, and interactive strategy and methods for identifying and analyzing risk
issues, developing risk handling plans, and monitoring how risks have changed.

 Risk assessment: This process involves identifying and analyzing program areas and
critical technical process risks to increase the likelihood of meeting cost, performance,
and schedule objectives.

 Risk identification is the process of examining the program areas and each critical
technical process to identify and document the associated risk. Risk analysis is the
process of examining each identified risk issue to estimate the likelihood and predict the
impact on the project.

 Risk handling: This is the process that identifies, evaluates, selects, and implements one
or more strategies in order to set risk at acceptable levels given program constraints and
objectives. This includes the specifics on what should be done, when it should be
accomplished, who is responsible, and associated cost and schedule. A risk handling
strategy is composed of an option and implementation approach.

 Risk monitoring: This is the process that systematically tracks and evaluates the
performance of risk handling actions against established metrics throughout the
acquisition process and provides inputs to updating risk handling strategies, as
appropriate.

Also according to PM4DEV (2019), risk management process explained as follows:

 Plan: Risk Planning, involves the identification, quantification and development of a

response plan
 Do: Risks Response includes the activities to mitigate, monitor risks and respond to risk
events.

13
  Check: Risk Plan Evaluation, involves the evaluation of the risk management plan and
response actions taken by the project
 Adapt: Risk Plan Improvement, the actions to improve the risk planned response
mechanisms as well as an update on the risk levels
 Risk Management inputs and outputs:

Inputs: for the project risk management include the following documents or sources of
information:

 WBS, Project Proposal LogFrame, Project environment, Historical information,

 Outputs: The project team will use the above information to develop three important
documents for the project:
 Risk management plan
 Risk response reports
 Improvement plans

14
2.10. Empirical Reviews
This part discusses some literatures previously undertaken by different individuals that show the
importance of effective risk management for successful projects.

According to Kishk and Ukaga (2008), case studies it has been established that there was a direct
relationship between effective risk management and project success. Besides, it can be argued
that the more effective continuous risk management implemented in a project, the higher the
chances of project success

A literature review of project success and risk management has been showed that the
conventional view of project success based on cost, time and quality objectives is not sufficient.
Besides, project success has been seen to be relative based on the pre-determined and pre-agreed
success criteria set by all the stakeholders (Kishk andUkaga 2008).

Gudeta(2018), in his study has been conducted in the assessment of the role of project risk
management on project success by taking projects in the Commercial Bank of Ethiopia as a
sample. The results provide supports for the important role of project risk management for
project successes. Moreover the influence of each of project risk management practices (Project
risk planning, project risk identification, risk analysis and risk response and control) on each
project success indicator was identified using correlation and regression analysis from the
gathered data. Findings from this research indicate that the complete risk management process is
often not followed, or even that practitioners do not see the value of executing particular steps of
the risk management process while they undertook project. The study also clearly indicated that
an individual risk management activity is able to contribute.

Fleischmann (2011), in its article stated that, The survey conducted in Czech National Bank,
about current trends in business risk management focusing on IS/IT risk management in financial
institutions. Special attention is paid to frameworks and regulations available for both financial
and non-financial risk management and their relation to IS/IT risk management. The bank
regulation typically deals with all the aforementioned risk management processes and combines
both the risk-oriented and control-oriented approaches. It results from the fact that banks are

15
under a regulatory obligation to quantify and allocate adequate capital to identified risks as well
as to have in place controls in order to mitigate risks. Therefore, we can state that regulatory
requirements for each risk management process usually encompass both points of view: risks and
controls. Risk monitoring, for example, includes not only obtaining information about risk
exposure but also check whether all the set controls are in place and effective. Therefore, the
article rose as a weakness that, although this regulation implicitly assumes the necessity to
manage IS/IT risk (as a subset of operational risk), IT risk is not mentioned as a risk

Fitih (2020), on its paper Risk Management process and Project Success in the case of
Commercial Bank of Ethiopia indicated that the association between Project risk Management
processes and the success of IT projects seem to have a strong relation with each other. In
conclusion the whole risk management practice including risk identification , risk analysis , risk
response planning and risk monitoring and control, are essential for product success, process
performance and IT project success.

According to the results from the inquiry, even if there is a distinct process set to follow in risk
management process, it seems that not all risk management process group are properly and
equally practiced in the sample taken project.

Hadera (2020) on its study assessed the practice of risk management at Ethiopian Airlines IT
projects. Therefore, as per the respondents' response, the majority of the uncertainties occurred
were handled by project manager along with all teams participated in the projects. In addition,
risk management should be implemented all stages of the project management lifecycle from the
project planning stage to the project closure stage. But, as per the finding from the respondents,
risk management was mostly implemented during the risk planning and implementation stages of
projects. The practice of the risk planning process was rated at a moderate level in the study
organization. Risk planning activities in the planning phase was defined, participating relevant
stakeholders, environmental factors during risk planning. Similarly, the overall practice of risk
identification was found fairly good mean value, and most of the project stakeholders engaged in
risk identification. Different tools and techniques are used to identify risk. Information gathering
is primarily used method to identify risk followed by checklist, both document review
&information gathering, expert judgment, checklists, Document Review; Information gathering;
Assumption analysis. The distribution of responses shows that all the mentioned methods were

16
used to identify project risks. Finally, the findings on risk monitoring and controlling indicate
that there were effective risk monitoring and controlling processes within the project, and project
performance was not evaluated against risk. There was not transparent communication, periodic
review, and response audit of the project risk.

Simanjuntak F. and Suryajaya B, (2014) on the Conference held in Indonesia, indicates that
many banks are looking for a better core banking system to support their business growth with a
more efficient and flexible core banking system to improve their sales and services in the
competitive market and to fulfill regulatory requirements. The decision of replacing the legacy
core banking system is difficult due to the high IT investment cost required for banks because
they are also trying to cut costs. But maintaining the legacy system is costly in terms of upgrade.
Changing the core banking system is also a difficult process and increases risks. To have a
successful Core Banking System implementation, risk assessment is required to be performed
prior to starting any activities. The assessment can help project teams to identify the risks and
then to mitigate the risks as part of the plan.

To have a successful Core Banking System implementation, risk assessment is required to be

performed prior to starting any activities. The assessment can help project teams to identify the
risks and then to mitigate the risks as part of the plan. In this research the Core Banking System
replacement risks were assessed based on ISACA Framework for IT Risk.

Genet (2019), assessment of Project Risk Management Practices: The case of Commercial Bank
of Ethiopia Information Technology Infrastructure Library (ITIL) Project finding shows that the
following weakness In the process of risk planning, all stakeholders were not participated and
their roles and responsibilities were not clearly defined. In addition, risk management plan didn‘t
include in project plan and the tool and technique mainly used risk planning were meetings and
expert judgment. Hence the practice of risk planning was poor in the project.

To increase the chances of a proposed project succeeding, it is necessary for the organization to
have an understanding of potential risks, to systematically and quantitatively assess these risks,
anticipating possible causes and effects, and then choose appropriate methods of dealing for
successful project implementation.

17
2.11. Conceptual framework

As stated on Scribbr (2021) a conceptual framework is a written or visual representation of an

expected relationship between variables. Variables are simply the characteristics or properties
that you want to study.
In this research, assessed the project management processes plan risk management, identify risk,
analyze risk, responding to risk and monitoring and control are variables that brings project
success if implement properly.

The following figure shows how much the project success depends on project management
process.

Source Bakker, K. (2009).

18
 CHAPTER THREE
RESEARCH METHODOLOGY
INTRODUCTION

Research methods include all the techniques and methods which have been taken for conducting
research whereas research methodology is the approach in which research troubles are solved
thoroughly. It is a science of studying how research is conducted systematically (Bhushan and
Alok 2017). Therefore, this chapter tries to discuss the research design, sources of data, sampling,
method of data analysis and ethical considerations for the study.

3.1. Research Design

According to (Creswell, 2003), There are three types of designs which are qualitative,
quantitative, and mixed methods. Also when we further clarify it we can break down the types
of research design into five categories like descriptive, experimental correlational, diagnostic and
explanatory research designs.

Descriptive research design is a scientific method which involves observing and describing the
behavior of a subject without influencing it in any way. It is a type of research that describes a
population, situation, or phenomenon that is being studied. It focuses on answering the how,
what, when, and where questions of a research problem, rather than the why. This study used
descriptive design to assess risk management practices of Wegagen Bank‘s Sh. Co. core banking
system replacement project.

3.2. Research Approach

The qualitative research approach is considered to be the most appropriate and definitely the only
mode to achieve some research objectives such as if the primary objective of the research is to
proposed a conceptual framework which symbolize the current reality and potentially be tested
with quantitative research or if the researcher needs to understand fully the phenomena in order
to clarify patterns, as delineated by (Hair J.F. et al., 2007). Thus, qualitative research is indeed
the most appropriate way for this study since the goal of this study is to assess the risk

19
management practice of Wegagen Bank‘s Sh. Co. core banking system replacement project, and
it can be measured objectively.

3.3. Type and Source of Data

When analyzing qualitative data, the researcher deals with meanings and not with plain numbers.
Qualitative research can be conducted by using different sorts of sources like observation,
unstructured interviews, group interviews, collection of documentary materials and so on.
Conducting interviews or collecting materials causes the production of field notes, transcripts
from interviews, documents, videos and the like (Dey, 1993) . The study employed both primary
and secondary sources of data in order to get appropriate data. As suggested by (Parker, 2003),
qualitative researchers should get involved in a communication with the practitioners in the
organizational coal-face in order to better understand the current state of real-world practices.
The secondary data constitute internal publications provided by participants to the researchers
and publicly available data which are relevant to the topic being observed. This method of
collecting data from multiple sources, termed data triangulation (Patton, 2002) , assists the
researcher not only to collect more comprehensive relevant information but also to cross-check
their consistency in order to enhance the robustness of findings.

Hence, semi structured interview was used as a primary source of data which were helpful in
answering questions related to the study objectives. As a secondary data source document
analysis such as relevant book, some documents related to the project, risk management policy
and procedure of the bank, articles, journals and online information were investigated to
supplement and to serve as the basis for the instruments and findings of the study.

3.4. Data Gathering Instruments

In qualitative research, structured and semi structured interviews are often best conducted toward
the end of a study, as they tend to shape responses to the researcher‘s perceptions of how things
are. They are most useful for obtaining information to test a specific hypothesis that the
researcher has in mind. Instead of leading questions, interviewers often ask open-ended
questions. Open-ended questions indicate an area to be explored without suggesting to the
participant how it should be explored.

20
Therefore, the most appropriate primary data gathering method identified for this research is
semi- structured interview techniques, due to the nature and scope of the qualitative research
being a descriptive study. The interview was prepared based on the review of related literature
important to the subject of the study. The main feature of semi-Structured Interviews is to
facilitate the interviewees to share their perspectives, stories and experience regarding a
particular social phenomena being observed by the interviewer. The participants, who are the
practitioners in their field, will pass on their knowledge to the researcher through the
conversations held during the interview process (Boeije, 2010).

3.5. Sampling Techniques and Sample Size

3.5.1. Sampling Technique

The sampling design that was employed for this study was a non-probability sampling. A non-
probability sampling provides with an information-rich case study in which it enables to explore
the research question and gain theoretical insight (Saunders M et al. , 2009). The sampling type
that was applied for this study was purposive sampling. According to (Creswell, 2009), while
using purposive sampling respondents were chosen based on their convenience and availability.
Thus, for this study samples were selected based on people convenience to the issue of the study.
That means purposefully select participants or sites (or documents or visual material) means that
qualitative researchers select individuals who will best help them understand the research
problem and the research questions.

3.5.2. Sampling Size

According to (Hair J.F. et al., 2010) target population is said to be a specified group of people or
object for which questions can be asked or observation are made to develop the required data
structures and information. Therefore, for this study, Hence, the sample size of the research was
selected through purposive sampling technique to select those who were appropriate for the
research and the interview was made with a project manager and 5 major project team members
who know the area or subject matter very well from the total 28 participants of the project.

21
3.6. Method of Data Analysis and Presentation

Whereas there are rules how to analyze quantitative data, there are no such explicit rules for
qualitative ones (Bryman A. & Bell E. , 2011). Qualitative data analysis concentrates on
portraying reality by discovering meanings from the textual data (Silverman, 2011). Consistent
with the paradigm used, qualitative data analysis was applied in this study from the perspective
of case organizations (Sarantakos, 2005), which means using the an insider‘s approach to view
the practices of the case organization.

Hence, after the semi -structural interview was conducted and answers were obtained, qualitative
data analysis method was utilized by means of descriptive method to present the finding of the
interview. Therefore, the data that were collected through semi structured interview were
analyzed by combining and summarizing the results.

3.7. Validity and Reliability

Reliability and validity are the two important criteria to assess the quality of the research
(Bryman A. & Bell E. , 2011). Since semi-structured interview was the selected data collection
method for this study, there are a number of data quality issues found to be related to reliability,
form of bias, validity and generalizability as mentioned by (Saunders M et al. , 2009). For this
study, the issue of reliability was being addressed by conducting several interviews that allows
identification of patterns to take place. Also, reliable data were collected due to the accessibility
to the best informants within the research context and constant patterns are found to emerge out
of those interviews. The next consideration pertaining to semi-structured interview is biasing in
the way we interpret responses (Easterby-Smith et al., 2008). The issue of biasness was being
addressed by creating and disseminating overview document of the assessment to the
interviewees prior to the interview session. During the interview session the researcher tried to
provide some highlights of the assessment and allows interviewee to give a brief explanation of
his or her role in the project, the length of service 37 to obtain credibility and confidence of the
interviewees. Also, the assessment questions were short and phased clearly to the interviewee
with a neutral tone of voice and the speed of speech was controlled while conducting the
interviews in order to reduce the scope of biasing and increased the reliability of the collected

22
data. The interviewer rephrased the explanation provided by the interviewee to allow the
interviewee to weight and affirm the accuracy of the interpretation and perform correction
wherever necessary. After the semi -structural interview was conducted and answers were
obtained, the researcher used descriptive method to present the finding of the interview. The
researcher also used checklist and asked the interviewees whether elements in the checklist
existed or not in the project‘s activities. This helped the researcher to cross check the interviews‘
answers and clearly observe the gaps in the project risk management practice of the reviewed
project. The reliability of the reply of the interviewees also cross checked through reviewing
secondary data such as project plan, project contract, project status reports and other project
related documents. According to (Adam J. et al., 2007) , validation is a process of how
conclusions are drawn, assumptions are identified or suggestions are proposed. Therefore, the
researcher tried to select only the most appropriate candidates who are directly engaged in risk
management practice of the project.

3.8. Ethical Considerations

Research ethics therefore relates to questions about how we formulate and clarify our research
topic, design our research and gain access, collect data, process and store our data, analyze data
and write up our research findings in a moral and responsible way (Saunders M et al. , 2009).
Ethical considerations are expected to be involved in any kind of research study. This paper
therefore took into consideration of those ethical issues on access and use of data, analysis and
report of the findings in a moral and responsible way. Confidentiality and anonymity of the
voluntary respondents was also guaranteed. The researcher notified the respondents that their
response gives benefit for the research purpose and it is free of risk.

23
 CHAPTER FOUR
4. DATA ANALYSIS AND INTERPRETATION

4.1 Introduction
This chapter deals with the presentation, analysis and interpretation of the data which was
collected through semi-structural interview conducted with the project manager and some team
members who participated on the core banking system replacement project of the bank. To
analyze the collected data with related to the general objective of the study, qualitative analysis
was applied by merge and summarizing the results.

This section presents information on the project risk management practice of Wegagen Bank sc
during the core banking system replacement project. The data contains key elements should be
implemented for effective project risk management processes as indicated on different
literatures. The data sources were collected from semi-structural interview and review of
secondary data. The semi -structural interview responses obtained organized using descriptive
method to present the finding result.

Primary data were collected from project manager, main team members, testers and experts who
participated during the core banking replacement project at Wegagen bank sh. co. Primary Data
were collected by semi structural interview from key informants by using open ended interview
questions while secondary data was collected through reviewing, journals, articles, books
policies and reports of the bank and the primary data compiled from the response of pre-arranged
interviewees.

Lastly this chapter contains two sections. The first is demographic characteristics of respondents,
and the second is all about descriptive analysis. In demographic analysis gender, age and job title
were presented. In case of descriptive analysis, questions were presented qualitatively. Here
under is the explanation of demographic and descriptive analysis.

24
4.2 Demographic Analysis
The demographic information of respondent gathered for the studies were gender, age and job

title and years stayed in Wegagen bank sh.co were presented here under.

4.2.1Gender

Figure 4.1 Gender Distribution

gender

female
25%

male
75%

Source: Survey Result, 2021

The paper tried to address gender distribution of respondents in order to participant the in the
interview provided as shown on the above figure. The following figure depicts that respondents
of male and female answered the interview distributed. Out of 28 respondents 21 (75%) were
male while 25 percent or 7 of them are (53.6%) were females.

Even if the data implies that the male population of the project has the chance to be represented
in every matter, regarding Wegagen bank‘s core banking replacement project and from the
response found some interviewee revealed that even if majority of participants are male there is
no significant impact in administering the core banking system replacement project.

25
4.2.2 Age

Figure 4.2 Age Distribution

When we look the age group of participant, the age below 25 are accounts 2 respondents
representing to 7.1 % of the total respondents. The largest age groups which constitute 28.5% of
the respondents are 37-42 years of age. The rest from 25-30 years were17.8 percent, from 31 up
to 36 covers 21.4 percent and 7 or 25% of the population were accounts 4 and above. From this
result we can observe that the majority of project participants and consultants in Wegagen Bank
were at the productive age group. In addition, there are many senior project experts in the bank.
The following figure depicts the distribution.

Figure 2.2 Age Distribution

8
8 7
7 6
6 5
5
4
3 2
2
1
0
Below 25 25-30 years 31-36 years 37-42 43- 48
years

age distribution

Source: Survey Result, 2021

4.2.3 Job Position

The following figure depicts the distribution of respondents based on their specified role in the
replacement project at Wegagen bank sh.co.

26
Figure 4.3 Job Specification

Responsibility on the Project

job role

12

10

project manager core team leader team members as a facilitator &experts

tester

Source: Survey Result, 2021

Regarding the job role of the participants in the replacement project, the above figure showed
that the distribution, there was 1 project manager, 5 core team leaders, 10 team members as a
tester and 12 facilitators and experts were participants in the core banking system replacement
project.

A study done by Grant, K (2007) explains about the most important and prevalent goals of
project management or project managers to succeed. As many studies have reported, project
failure remains all too common in the dynamic and contemporary project management
environment. Studies that have addressed the causes of project failure have identified a variety of
culprits. Among the frequently cited causes are inadequate communication, inadequate planning,
bad estimating and incorrect scheduling. In each of these cases, the root cause lies in the
planning effort conducted by the project team one project. Therefore, in this regard on the bank‘s
core banking replacement project teams were a composition from different work discipline of the
bank services and work experience which is taken as a good thing.

27
4.3 Current Project Risk Management Process in Wegagen Bank sh co.
A document prepared by NBE (2010) remarked that Risk-taking is an inherent element of
banking and, indeed, profits are in part the reward for successful risk taking. In contrary,
excessive, poorly managed risk can lead to distresses and failures of banks. Risks are, therefore,
warranted when they are understandable, measurable controllable and within a bank‘s capacity to
withstand adverse results.

A study done by Susser (2012) point outs that a good project risk management plan allows
managers to look at the entirety of their project through the lens of what could go wrong. This, in
turn, will help them to develop a plan for a variety of budget, timing, or personnel issues.

According to Wegagan Bank‘s risk management and compliance working procedure manual
(2019) the bank has produced a Risk Management program which outlines current as well as
desired risk management practices that are believed to achieve optimization of risks with returns
from wide ranging operations of banking services. However, IT project risk management of the
bank guided and managed under the same rules set for operational risk management.

The interview conducted with the following major participants who have major role during the
core banking system implementation project of the bank:-

Interviewed with their code and Duties

NO Code of Participant Duty of the Participant on the

project
1 A Project Manager
2 B IT Expert
3 C Core Team Leader
4 D Tester
5 E Risk management Expert
6 F Facilitator

28
4.4. Compiled responses found from the interview Questions
General review on project risk management process of core banking system replacement
project of the Bank:-

The respondent under code “A” who participated on the core banking system replacement
project explained that it is important to identify risk using different techniques, analyze the risk
to validate, evaluate or rank the risk as this will help to prioritize and monitor and review the
risk finally. But the above kind of detailed response for the same question not found from other
respondents. Therefore this showed that, the general concept of project risk management process
knowledge should be mastered minimum by the main member of the project participants. So
some of the respondents complained that the degree of transparency and participation was
limited in the core banking system replacement project of the bank with related to risk.

Communication mechanism with project stakeholders:-

To solve immitigable risks communication is mandatory and with related to this the interviewed
revealed that:-

The respondent under code “A” said that “The communication mechanism which was used in
the core banking system replacement project of the bank with stakeholders was meetings,
discussion with steering committee, all formal and informal communications and schedule
progress report.”

However as the respondents especially under code ―C‖ and ―E‖ of the project, exposed on the
interview response that:

“There was a communication gap with stakeholders also each other as a team rather some
decision is made by personal discussion and relationship than professional communication.
Whenever we raise concerns in our several meetings and progress reports, only positive things
are considered and the actual concerns are left out, or partially sorted. Also because of lack of
proper communication created during the implementation of core banking system replacement
project of the bank and its negative impact of the same situation reflected and created a gap on
post implementation of the project.”

29
Therefore, as understood from the respondent’s clarification, the communication gap created a
space in the knowledge of mitigating risk easily among all teams participated of the project.

Risk reporting and documentation requirements are established and communicated to

concerned project stakeholder:-

The interviewed under code “A” revealed that:

“Documentation requirements was established by using risk register and review and all project
steering committee meetings and status meetings include risk discussions and review sessions
were presented to communicate concerned project stakeholders in the core banking replacement
project of the bank and all risk management tools were implemented based on project
management institute implementation standards.”

However, the respondent under code “E” said that “the risk management tools were missing
based on project management institute implementation standards because other than risk
register there should be other tools like WBS, Root Cause Analysis, SWOT, Risk Assessment
Template for IT, and others.
However based on the response found from the respondent under code “E” even if risk
management department should be as major department with related to risk management issues
but don’t get a chance to play its own role and the participation was limited during the
implementation of the core banking system replacement project.

4.4.1 Assessment of Project Risk Identification in core banking system replacement project
of the bank:

According to Bojidar Bojinov (2016) Projects are the basic building blocks of development.
Without successful project identification, preparation and implementation, development plans
are no more than needs would remain stagnant or regress.

Oliver wyman (2015) remarked risk identification processes have traditionally centered on the
key risk types of credit, market, operational and liquidity risk. Within each, risk sub types are
defined and categorized, often through a process that stays within the risk management
organization. This approach to risk identification is aligned with the traditional, primary
mechanisms for measuring risk and capital adequacy; both Risk-Weighted Asset (RWA) and

30
economic capital approaches categorize risks similarly and implement specific analytical
approaches to each risk type.

When identifying IT-related project risks, at least four types of risks need to be examined:
process risks, product risks, organizational risks, and business risks According to (Charette,
1990).
Process risks are the risks that concern the processes being used to manage, acquire, design,
develop, test, operate, and/or evolve the IT system. The quality of the IT system is highly
dependent on the processes used to develop it. Missing or inappropriate processes can
compromise the project.
Product risks are those that concern the IT system‘s architecture and physical implementation.
The architectural issues concern the overall design of the IT system itself (e.g., is the space/time
complexity balanced, are the number of interfaces sufficient or too many, is the interface
protocol correct), while the implementation issues concern whether the actual hardware used is
reliable enough, whether the operating system being used is appropriate, whether the human
interface is appropriate for the operator‘s skill level, and so forth.
Organizational risks involve the ―soft‖ risk issues: does the organization have sufficient numbers
of qualified personnel, is the organizational structure efficient and will it help foster risk
communication, are excessive levels of politics involved in the project, and so forth.
Business risks concern the business and financial issues that underpin the project, for instance,
competitiveness, productivity, contractual, regulatory, and legal or ethical concerns. Business
risks also involve market issues, such as customer-related concerns.

As per the response found from the respondent under code “A” revealed that risk identification
in the core banking replacement project of the bank was:

“Group discussions have done during the gap analysis of the project and taking experience of
from similar project for the corrections if needed. The impact of risk identification and
management was realized on the successful completion of the project both on budget and
schedule. Everyone participated in one way or another during risk identification, assessment and
tracking.”

31
However all respondents except listed under code “A” complained that in practice, there was
lack of training of the team individually how to identify risks in every life cycle of the project
during their stay. Moreover even there were some risks identified but there was no sufficient
budget to handle the already identified risks. Also there was time shortage to see all risk types
clearly as the project duration was very short and the plan was to solve risks side by side after
the implementation of the project. As some interviewed exposed that the impact of the above
listed problems still not solved and makes the bank to incur additional costs to customize the
system. Due to that the project was not on time so that it required additional budget and some
products needs serious follow up on their quality.

The respondent under code ―E‖ especially emphasized that:-

―There was no clear procedure about risk identification during the project implementation even
if there was little risk identification process during the implementation of the project because of
the participant of IT experts were limited on the main issues and if they were assigned properly
the risk they may identify may be valuable..

A study done by Lavanya, N., (2008) remarked it is very important for any project organization
to set up an effective risk management framework. Instituting such a practice as a project team
culture ensures conscious and focused risk identification and management, project progress as
desired, with the least amount of deviations or surprise, and in line with project and
organizational objectives early and effective communication of project issues to organization and
project stakeholders, An effective team building tool, as team buy-in and acceptance is assured.

Also most of the interviewed explanation indicates that:-

There was lack of structured risk management framework during the core banking system
replacement of the bank and this leads to incomplete impact evaluation, leading to loss of
knowledge about risk and partially it brought negative impacts on the project objectives, like
scope, time, cost, and quality of the replacement project, poor identification of secondary or new
risks arising from the already identified risks and lack of transparency and a communication gap
within and outside the team.

32
4.4.2 Assessment of Project Risk Analysis in the Core Banking System Replacement of the
Bank

NguiMusau (2015) states that the areas that influenced core banking implementation were
product delivery risk analysis, strategic risk, ensuring that risk mitigation were in place,
resources risk analysis and risk and issue identification, business risk analysis, operational risk
analysis , process and controls risk analysis, risk assessment procedure and process and controls
risk analysis, ICT Risk analysis and accounting risk analysis. The study recommends that top
management should provide the necessary support by ensuring that the necessary resources are
availed for successful implementation, human resources department should ensure that necessary
training is carried out prior to project implementation and the risk and compliance department of
the organization needs to be involved in order to ensure that there are proper risk control
measures in place.

The response found from the respondents under code ―A‖ and ―E‖ revealed that:

The most commonly used measurement methods are the coefficient methods, factor analysis,
regression analysis, cluster analysis, discriminate methods, methods of imbalances, the duration
and analysis of elasticity, measuring volatility and sensitivity methods designated by Greek
letters. Scoring models, models for risk assessment based on the concept of Value at risk (VAR)
and several other statistical, econometric and scenario methods.

However, risk analysis techniques used in the core banking system replacement project were as
per PMI guidelines and from some of the most commonly used measurement methods few of
them were applied by comparing it with pre-set by bank management permissible limits and
regulations to take risks.

In general, the response showed that to some extent, in the core baking replacement project, the
results of risk analysis assessment were done by checklist as per the mitigation pan and it was
handled properly.

33
4.4.3 Evaluate Risk in the core banking system replacement of the Bank

Bojidar Bojinov (2016) measurement and risk assessment should be done at the operation level,
the transaction level, the portfolio level as well as the bank institution level. Moreover, they
should be measured and evaluated not only individual risks and their manifestations, but the
aggregate risk of the operation and its impact on portfolio borne and institutional risk. An
important aspect of the evaluation and measurement is the determination of the risk period of its
impact and the probability of a negative event.

A study done by Tigest (2017) points the major gaps in risk evaluation in the banking sector.
These are lack of a common definition of critical risk terms, lack of executive management
support for the risk assessment, lack of established ground rules for conducting the risk
assessment, lack of cultural or context understanding of the organization, function, or process
being risk assessed.

The respondents under code ―A‖, ‖ E‖ and ―F‖ all revealed that:-

The core banking system replacement project team evaluates the risks faced during the
implementation of the project. Risk was evaluated as per its identified mitigation, aversion or
acceptance pans.

Also the strategies of risk mitigation in the bank or strategies to mitigate risk are avoided,
accept, reduce/control, or transfer. In case of avoidance, If a risk presents an unwanted negative
consequence, the bank may be able to completely avoid those consequences, acceptance,
reduction or control and transference were also the strategies of risk mitigation in the bank
depends on the situation and management decision.

The interviewed under code ―C‖, ―B‖ and ―D‖ also said that:-

There was lack of timely decisions on risk related issue and accountability after evaluating the
risk viewed during the core banking system replacement project of the bank. They commented
also if there was a separate risk management body accountable for IT projects that composed of
with the right employees who equipped with the same discipline other than the bank’s risk
management directorate may improve the above mentioned and some related problems.

34
4.4.4 Treatment of Risk on the project

All respondents agreed that:-

From responses found from the respondents, the tools and techniques which used by the bank
for threat risks faced during the core banking system replacement project was in line with as per
the PMI project risk management guidelines.

4.4.5 Assessment of Project Risk Monitoring and Control

Risk monitoring control is the process of keeping track of the identified risk, monitoring residual
risks and identifying new risks, ensuring the execution of risk plans, and evaluating their
effectiveness in reducing risk. Risk monitoring and control records risk metrics that are
associated with implementing contingency plans. Risk monitoring and control is an ongoing
process for the life of the project.

The risks change as the project matures, new risks develop, or anticipated risks disappear.
Good risk monitoring and control processes provide information that assists with making
effective decisions in advance of the risk´s occurring. Communication to all project stakeholders
is needed to assess periodically the acceptability of the level of risk on the project.
The purpose of risk monitoring is to determine if proper policies and procedures are followed,
risk responses have been implemented as planned and risks have occurred or arisen that were
not previously identified.

Risk control may involve choosing alternative strategies, implementing a contingency plan,
taking corrective action, or preplanning the project. The risk response owner should report
periodically to the project manager and the risk team leader on the effectiveness of the plan, any
unanticipated effects, and any mid-course correction needed to mitigate the risk.

The respondent under code ―A‖ said that :

The way the project manager regularly review the status of critical risks and/or risk response
plans are based on the risk register review and status. All scheduled plans for risk are
incorporated in the core plan of the project and they are tracked and updated as part of
everyday activity and progress report. Learning documents were incorporated in the project risk

35
monitoring and controlling during the implementation of core banking replacement project of
the bank was new risks and mitigations are done through the project. Any outcome of the same
are documented and updated the project lesson learned document

However according to the rest of respondents except the respondent under code “A”:-

“On the core banking system replacement project of the bank, there was no system used to
control and monitor the entire risk framework of the core banking system implementation project
but only risk register with manual tracking and review was used.” Also The process risk
management process is not robust enough form the beginning, so project managers have to
implement their own workarounds to ensure adequate control is maintained in a changing
environment. So project teams streamline what is required and do what they think is best and all
of these scenarios lead to sub-optimal processes, lack of standard on the risk monitoring and
compliance policy of the bank with related to IT project. ,

36
 CHAPTER FIVE
SUMMARY, CONCLUSIONS AND RECOMMENDATIONS
This chapter presents the summary of the key findings deriving from the data analysis. Later, the
conclusion about the risk management practice of the project that is drawn from data analysis
and recommendations.

This study attempted to assess the risk management practices of core banking system
replacement project in Wegagen Bank sh.co .By focusing on risk management process overview
and plan, risk identification, risk analysis, risk response and response, risk monitoring and
controlling processes. Based on the data analyzed in chapter four, using descriptive approach for
qualitative data collected through interview the researcher comes up with the following results.

5.1. Summary of Basic Findings

The finding from the interview conducted with related to general review on project risk
management process showed that, the general concept of project risk management process
knowledge not mastered fully at least by the main member of the project participants well. The
degree of transparency, awareness and participation with related to risk management planning
among the whole team was limited in the core banking system replacement project of the bank.
To solve immitigable risks communication is mandatory. But the finding with related to
communication mechanism with project stakeholders and with the whole team each other has
gap..

 The finding revealed about risk reporting and documentation requirements are established
and communicated to concerned project stakeholder for, ―the risk management tools were
missing based on project management institute implementation standards because other
than risk register there should be other tools like WBS, Root Cause Analysis, SWOT, and
Risk Assessment Template for IT, and other projects.
 Another finding found from the respondents showed that even if risk management
department should be as major department with related to risk management issues but
don‘t get a chance to play its own role and its formal participation was limited during the
implementation of the core banking system replacement project.

37
 The finding indicates about assessment of project risk identification process in core
banking system replacement project of the bank that, practically there was lack of
training of the team individually how to identify risks in every life cycle of the project
during their stay. Moreover even there were some risks identified but there was no
sufficient budget to handle the already identified risks. Also there was time shortage to
see all risk types clearly as the project duration was very short and the plan was to solve
risks side by side after the implementation of the project. As some interviewed exposed
that the impact of the above listed problems still not solved and makes the bank to incur
additional costs to customize the system. Due to that the project was not on time so that it
required additional budget and some products needs serious follow up on their quality.
 The finding revealed with related to risk analysis techniques used in the core banking
system replacement project were as per PMI guidelines and from some of the most
commonly used measurement methods few of them were applied by comparing it with
pre-set by bank management permissible limits and regulations to take risks.
 In general, the response showed that to some extent, in the core baking replacement
project, the results of risk analysis assessment were done by checklist as per the
mitigation pan and it was handled properly.
 The finding with related to evaluation of risk in the core banking system replacement
project of the bank, indicates that there was lack of timely decisions on risk related issue
and accountability after evaluating the risk. Also there is no a separate risk management
body accountable for IT projects that composed of with the right employees who
equipped with the same discipline other than the bank‘s risk management directorate can
be raise as a problem.
 The finding with related to assessment of project risk monitoring and control evaluation
of risk in the core banking system replacement project of the bank showed that, there was
no system used to control and monitor the entire risk framework of the core banking
system implementation project but only risk register with manual tracking and review
was used. Also there was lack of standard on the risk monitoring and compliance policy
of the bank with related to IT project.

38
 5.2 Conclusion
In order to fill the gaps between the theories of project risk management process and the actual
risk management practice of Wegagen Bank sh. co. and based on the findings mentioned in
chapter four and the analysis part of the study, the following conclusions are drawn:-

The Bank risk compliance and policy manual states in general that the purpose of effective risk
management is proper planning to identify the project risk early enough mitigating, averting or
accepting risk based on risk management process. Also it states risk identification process for
projects handled using different techniques to analyze the risk to validate, evaluate or rank the
risk, so this will help to prioritize and monitor and review the risk. However, in practice the
study revealed that in the core banking system replacement project of Wegagen Bank Sh. Co.
risk control mechanisms used were meetings, formal, informal communications by evaluating
schedule progress report. But there was lack of proper communication and guidance in the
project life time. Due to that risk management plan not communicated properly for the
stakeholders and the project teams.

In the core banking system replacement project of the bank the risk identification and
management were realized partially so it creates lag on schedule and budget increment.
However, the results of risk assessment were performed by checklist as per the mitigation pan.

In general the finding shows that risk identification, analysis, prioritize, evaluate and monitoring
and control during the implementation of core banking system replacement project not
implemented properly according to risk management practice procedure. There was no any
formal policy that guides the project team to overcome uncertainties in the project. In addition,
project teams didn‘t taken active training and updates on project risk management directives and
practice. Also Wegagen Bank‘s (WGB) risk management policy and procedure should also
separately and specifically for the use of Information Technology (IT) projects of the bank.

5.3. Recommendation
 Risk Communication is an important tool for disseminating information and understanding about
a risk management decision. This understanding and information should allow stakeholders to
make an informed conclusion about how the decision will impact their interests and values. In
addition to that proper communication helps to design appropriate risk managements plan before

39
the starting of any project. However, the finding shows that there was communication problem
during the core banking system replacement of the bank. Therefore, by learning from the past
experience, the bank should working upon hard to avoid the weakness showed with related to
communication during the core banking replacement project not to repeat it in the future
projects.

We can conclude from the finding with related to risk identification process of core banking
replacement project of the bank there was lack of training of the team individually how to
identify risks in every life cycle of the project during their stay. Moreover even there were some
risks identified but there was no sufficient budget to handle the already identified risks.
Therefore, the researcher recommends that the bank should organize the best way to identify
project risks based on common ideas written about how to handle risk identification and apply
the same for future projects:-

 Interview key project stakeholders before planning any project helps not to miss any
important project risks.
 Brainstorm potential risks with project team as project teams are the people who are
working on project with day in and day out.
 Before any project get started better to take their idea what they see as potential risks.
Consider hosting a brainstorming session to identify serious risks to any project.
 See if all project teams or the concerned department like risk management and IT
department together has built a checklist of common risks together. Identify important
risk events, put them into a risk register and, start documenting to set themselves up for
success on future projects.
 See if all project teams or the concerned department has built a checklist of common
risks. Identify important risk events, put them into a risk register and, start documenting
for success on future projects.

The finding with related to risk analysis in general, showed that to some extent, in the core
baking replacement project, the results of assessment were done by checklist as per the
mitigation pan and it was handled fairly. However, the researcher recommends that the analysis

40
process of the core banking system replacement project of the bank become full if the following
points were added and the missed points can serve as lesson for the future project of the bank.

 For instance each risk identified has to, analyze the likelihood, severity, and for each risk,
come up with a response plan.
 Depending on the complexity of IT projects, risks consider doing the analysis with the
project team or with key stakeholders.
 Prioritize risks based on the risk register and analysis, which risks are most likely to
happen and most potentially damaging to any project. So that, based on the response plan
assigned to team members to their action on risks which has high severity and probability
of occurring.
 As collaboration is also really important at this stage, it is advisable to make sure building
a culture of team collaboration, openness, and honesty.
 Allocate proper budget will help to much for managing risks and in order to avoid any
nasty surprises by risk so that it is obvious properly managed risks makes projects
successful.

The finding with related to evaluation of risk in the core banking system replacement project of
the bank, indicates that there was lack of timely decisions on risk related issue and
accountability after evaluating the risk. Also there is no a separate risk management body
accountable for IT projects that composed of with the right employees who equipped with the
same discipline other than the bank‘s risk management directorate can be raise as a problem.
Therefore, the researcher recommends that:

 Actively monitoring risks on projects in order to avoid any nasty surprises sending
regular status updates for project teams and project stakeholders proactively.
 Also, check in regularly with individual risk managers. As the project manager or team
lead, check in with them regularly to make sure everything is going well.
 Collaboration is also really important at this stage. Make sure you‘re building a culture
of team collaboration, openness, and honesty at this stage is necessary.

The finding with related to assessment of project risk monitoring and control evaluation of risk
in the core banking system replacement project of the bank showed that, there was no system

41
used to control and monitor the entire risk framework of the core banking system implementation
project but only risk register with manual tracking and review was used. Also there was lack of
standard on the risk monitoring and compliance policy of the bank especially with related to IT
project.

Also, check regularly project teams and project stakeholders with individual risk managers. As
the project manager or team lead, check in with them regularly to make sure everything is going
well.
The finding result make alert project managers and concerned bodies to give their proper
attention to consider allocation of their resources and time to plan upon the most important risk
management processes before implementation of any project.

 The findings also showed that the challenges exhibited in implementation of the four
basic components of risk management process and what was missed during Wegagen
Bank‘s core banking system replacement project.

The finding revealed that as core banking replacement project is one of IT projects so that the
key risk management factors that would be fundamental and most valuable for effective risk
management success fulfilled or not.

The finding revealed that weather Wegagen Bank‘s (WGB) risk management policy and
procedure organized as to manage risks effectively during the implementation of Information
Technology (IT) projects in general.

42
 References:-
Adina A. (2015), The performance, banking risks and their regulation, Faculty of Economics
and Business Administration, Elsevier B.V Alexandru Ioan Cuza University of Iasi,
România.
American Express Company, (1999-2021) Business Risk trends and insights, John Wiley &
Sons. Inc. USA
Bhushan S. and Alok S. (2017), Research Methodology RZ 94, Sector - 6, Dwarka, New Delhi
Boeije, H. (2010). Analysis in Qualitative Research. London : Saga Publications
Cagliano A.C.; Grimaldi S.; Rafele C. (2015).‗Choosing Project Risk Management Technique’.
A Journal of Risk Research, vol. 18 n. 2, pp. 232-248. - ISSN 1366-9877

COSO, (1998), Enterprise Risk Management Frame work, John Wiley & Sons, Beyond Internal
Control to Enhance Corporate Governance, Boston.
Creswell, J. (2009). Research Design: Qualitative , Quantitative and Mixed Methods Approaches
. 3rd Edition . Thousand Oaks , California: Saga Publications.
Dey, I. (1993). Qualitative Data Analysis: A User Friendly Guide for Social Scientists. London:
Routledge .
Dionne G. (2013) History Risk Management: History, Definition and Critique Definition and
Critique, Canada Research Chair in Risk Management, HEC Montréal, CIRRELT and
CIRPÉE, Canada.
Fiteh, A. (2020), The Practice of Risk Management Process and Project Success: The case of
Commercial Bank of Ethiopia IT Project, MA thesis, Addis Ababa University.
Foest W. (2019) Core Banking Modernization VP Retail & Commercial Next Generation
Banking Solution Architecture.

Gartner, Inc (2021) . Definition of core banking n.d., viewed 14 August 2021,
https://www.gartner.com/en/information-technology/glossary/core-banking-systems

Genet A. (2019), Assessment of Project Risk Management Practices: The case of Commercial
Bank of Ethiopia Information Technology Infrastructure Library, MA thesis, Addis
Ababa University.

43
Gudeta, K. (2018), The Role of Project Risk Management Practices for Project Success: The
Case of Projects in the Commercial Bank of Ethiopia, MA thesis, Addis Ababa
University.
Hadera Z. (2020), Assessing Practice of Risk Management in IT Projects: The case of Ethiopian
Airlines Digital Project Management Office , MA thesis, Addis Ababa

Hair J.F. , Money A.H. , Samouel P & Page M. . (2007). Research Methods for Business.
England : John Wiley & Sons Ltd

Hart, S. D. (1998), The role of Psychopaths in assessing risk for violence: Conceptual and
methodological issues. Legal and Criminological Psychology,3, 121-137.
Heagney .J (2012) Fundamentals of project management, 4th ed , NY: NY American
management association

Hopkin, (2017), Fundamentals of Risk Management Understanding, evaluating and

implementing effective risk management 4th edition, by Kogan Page Limited Second,
USA
Joseph J. Heagney Sayville, NY February (2011) Fundamental of Project Management
American Management Association 4TH edition New York • Atlanta • Brussels
Kerzner, H. (2003). Project management, a system approach to planning, scheduling and
controlling (10th ed.). John Wiley &Sons, Inc.
Kishk, M and Ukaga, C (2008), The impact of effective risk management on project success. In:
Dainty, A (Ed) Procs 24th Annual ARCOM Conference, 1-3 September 2008, Cardiff,
UK, Association of Researchers in Construction Management.

Lavanya, N. & Malarvizhi, T. (2008). Risk analysis and management: a vital key to effective
project management. Paper presented at PMI® Global Congress 2008—Asia Pacific,
Sydney, New South Wales, Australia. Newtown Square, PA: Project Management
Institute.

Mobey, A. and Parker, D. (2002) Risk Evaluation and Its Importance to Project Implementation.
Work Study, 51, 202-208. Viewed on July 10 2021
http://dx.doi.org/10.1108/00438020210430760 article citation

44
Nehari Amine (2014), Risk Management and Information Technology Projects, International
Journal of Digital Information and Wireless Communication, King Fahd University of
petroleum and Minerals, Saudi Arabia

Patton, M. (2002). Qualitative Research and Evaluation Methods, 3rd Edition. Thousand Oaks ,
California: Saga Publication.

PMI (1996), A Guide to the Project Management Body of Knowledge, Project Management
Institute, Newtown Square, PA

Saunders M. , Lewis P. & Thornhill A. . (2009). Research Methods for Business Students , 5th
Edition . England : Pearson Education Limited .

Simanjuntak Fenty and Suryajaya Bobby (2014), Risk Assessment of Core Banking System
Replacement based on ISACA Framework, Swiss German University, Edu Town BSD
City, Tangerang 15339, Indonesia

Srinivas K. (2018), Process of Risk Management National Institute of Construction Management

and Research, Pune, Maharashtra, India
Turgut.T. (2018), Risk Management in Banking Industry, Near East University, Munich

Tzvi R. Aron j., Shenhar and Dov Dvir, (2002) Risk Management ,Project Success,
Technological Uncertainty, Telaviv University, Ramat.

Vlasta Svatá & Martin Fleischmann, (2011) "IS/IT Risk Management in Banking Industry," Acta
Oeconomica Pragensia, Prague University of Economics and Business, vol. 3.

45
 ANNEX

ADDIS ABABA UNIVERSITY COLLEGE OF BUSINESS AND

ECONOMICS SCHOOL OF COMMERCE
PROJECT MANAGEMET DEPARTMENT

Interview Guideline

My name is Elizabeth SeyoumI am a master‘s program student of Addis Ababa University in

project management department. And I would like to talk to you about your experiences as a
participant in the Core Banking System replacement project of Wegagen Bank Sh. Co.

Specifically, I am assessing risk management for project success in the case of Core banking
system replacement project of the bank. The interview should take less than an hour. I will be
taping the session because I don‘t want to miss any of your comments. Although I will be taking
some notes during the session, I can‘t possibly write fast enough to get it all down. Because
we‘re on tape, please be sure to speak up so that we don‘t miss your comments. All responses
will be kept confidential. This means that your interview responses will only be educational
purpose and does not identify you as the respondent. Remember, you don‘t have to talk about
anything you don‘t want to and you may end the interview at any time. Are there any questions
about what I have just explained? Are you willing to participate in this interview?

__________________ __________________ __________ Interviewee Witness Date

46
I. General Questions about back ground of the interviewee

Interviewee Full Name: _____________________

Responsibility in the Project: ________________

Work Experience: _____________________

Sex ---------------------------------------------
Age ----------------------------------------------

 Tell me about your key responsibilities in the core banking replacement project of the
Bank? And how long did you work in this project?

II. General review on project risk management process

1. What do you think the purpose and objective of project risk management in core banking
replacement of the bank? Please describe for me standard risk management process (i.e.
risk planning, risk identification, risk analysis, Risk response, monitoring and control).
2. Tell me about the communication system to project stakeholders? In what way risk
reporting and documentation requirements are established and communicated to
concerned project stakeholder?
3. What inputs tools and techniques the core banking system replacement project use during
risk management planning?

2.1 Assessment of Project Risk Identification

1. How do you identify project risk(s) in core banking replacement project of the bank?
Tell me about how was the processes of project risk identification in the core banking
replacement project?
2. Please tell me the impact of proper identification of risk factors on risk management
system. And how was the participation of all project stakeholders?
3. What inputs, tools and techniques were used in the risk identification process during
the whole lifecycle of the core banking replacement project?

47
 2.2. Assessment of Project Risk Analysis

1. What kind of risk analysis technique was used in the core banking system replacement
project of the bank implemented? Please specify the tools and techniques?
2. Please tell me the frequency risk assessed during the core banking system replacement
project of the bank? Also how do describe the impact of proper identification of risk factors
on risk management system?
3. How does the project management team meet formally to participate and review the results
of the risk assessments in core banking system replacement project of the bank?

2.3. Evaluate risk

1. How was the core banking system replacement project team evaluates the risks
faced during the implementation of the project?

2.4. Treat risk

1. How do you manage project risks? What tools and techniques used for managing risks of the
core banking system replacement project of the bank?
2.5 Assessment of Project Risk Monitoring and Control
1. What was the system used to control and monitor the entire risk framework of the core
banking system implementation project and the bank as a whole?
2. How does the project manager regularly review a ―dashboard‖ or other report that provides
the status of critical risks and/or risk response plans?
3. How was lesson learned documents incorporated in the project risk monitoring and
controlling during the implementation of core banking replacement project of the bank?
4. Any general comments if you have please regarding risk management practice in core
banking system replacement of the bank?

Thank you!!!

48