The development of analysis methodology of financial risks of projects in IT sphere

Abstract

The object of research is methodology for analysis of the financial risks of IT projects related to organizations' compliance with the General Data Protection Regulation (GDPR). In this article, the authors assess the financial risks of two projects that can be considered and analyzed by organizational management to bring existing software and processes into compliance with the aforementioned GDPR requirements. The first project considered by the organization involves the development of appropriate software for users’ personal data storage, protection and processing by a dedicated internal team of specialists, with the possibility of further commercialization of the developed product by selling a ready-to-use software and services package to partners and other clients. The second solution considered is a project in which the responsibility for personal data processing, storage and protection is transferred to a third party, and the organization purchases a ready-to-use package of software and related services from them. The results of the financial risk analysis of these projects indicate that the in-house software development project is less risky and more reasonable in the long-term perspective. This is due to the fact that it provides a 231 times lower probability of exceeding the planned budget benchmark compared to the alternative project. The risk analysis model described in the article can be used to assess financial risks of projects not only within the IT industry but also, after certain adaptations, in other business entities.