Keil, M., Cule, P. E., Lyytinen, K., & Schmidt, R. C. (1998). A Framework for Identifying Software Project Risks. Communications of the ACM, 41(11), 76–83. https://doi.org/10.1145/287831.287843
Keil et al. (1998) and Schmidt et al. (2001) involve the same group of four researchers working with data from the same underlying international Delphi study, the former paper targeted at practitioners while the latter at researchers. Schmidt et al (2001) hoped “to develop an authoritative list of risk factors” (p. 10). After asking experienced, successful project managers from the United States, Finland, and Hong Kong to identify and define risk factors, a combined list was further modified and validated by that panel. The regional sub-panels then selected and ranked the factors they decided were most important. While this allowed for regional comparison, the larger list was shared: 53 factors divided among fourteen categories. Keil et al. (1998) reported only a subset of 11 risk factors held in common across the international participants, but also proposed a four quadrant categorization of risks. This framework included axes of “perceived relative importance of risk” and “perceived level of control”. The resulting quadrants were identified as Customer Mandate, Scope and Requirements, Environment, and Execution.