The literature review is a critical analysis of the current studies on risk management and its impact on decision-making in projects in the private sector, especially in the construction, information and telecommunications, and finance industries. Due to the complexity and uncertainties that these types of projects face, properly managing risks has become a critical component in ensuring project success (Hillson, 2017).
This review aims at examining how risk management frameworks can be used to make decisions at various project lifecycle phases, such as initiation and execution (Rad, 2018). Although risk management is gaining more recognition, most of the existing understanding of risk management as a concept revolves around understanding how the framework of the risk approach can be incorporated into the decision-making processes in real-time (Tufano, 2018; Fenton et al., 2016).
The range of this review includes theoretical viewpoints, frameworks, and research concerning the integration of risk management in decision-making across different industries in the private sector (Setyarini et al., 2024). The chapter will present the key theoretical and conceptual frameworks that guide risk management in these projects, and how these frameworks assist in strategic decision-making. It will also discuss the difficulties that project managers encounter when integrating risk management practices into the decision-making processes involved in complex projects (Tufano, 2018). The review is divided into several key parts: a description of the theoretical frameworks in this field, a diagram illustrating the conceptual framework, a timeline overview of earlier studies, identification of research gaps, and a highlight of the key findings.
Some of the risk management frameworks to be analyzed in this review include Enterprise Risk Management (ERM) and risk-adjusted return on capital (RAROC), which determine the impact that these frameworks have on decision-making (Hillson, 2017). Theories of decision-making that incorporate risk analysis into the project decisions will also be considered, alongside the influence that organizational culture and leadership have on the development of risk management practices (Jayaweera et al., 2025). Furthermore, the impact of stakeholders on decision-making and their role in risk management strategies will be critically evaluated within the project environment (Rad, 2018; Haq et al, 2025).
Theoretical Framework
Risk Management Theory
The risk management theory has experienced significant development especially with the increased complexity of global projects. The initial models of risk management contributing to the identification of hazards and the mitigation of the hazard were developed to include the entire scope of strategy that incorporates the risk management in line with organisational goals (Hwang and Ng, 2016). Enterprise Risk Management (ERM) has established itself as an important framework, and the focus of risk involves an organisational strategy to risk; it incorporates risk management within all aspects of strategic decision-making (Mikes & Kaplan, 2015). The focus on the holistic perspective on risk, which includes both financial and non-financial elements, allows organisations to better handle uncertainty at various project life cycles (Frigo & Anderson, 2018).
The current trends in the theory of risk management imply a more active approach, according to which organisations do not only aim to avoid risks but also take them as innovative opportunities and competitive advantage (Khan and Rasheed, 2019). This paradigm shift indicates a widened perspective that risk management is not only the issue of minimise loss but is maximise creation of value in uncertain environments (Venkatesh and Shankar, 2018). Investment risk management Tools like Risk-Adjusted Return on Capital (RAROC) have become pivotal to appreciating the trade-offs between risk and reward in a project investment and have further incorporated risk management with organisational decisions (Barton et al., 2017).
These changing frameworks have created the possibility of integrating risk management in the main part of the strategic decision-making, not only in the functioning side of a project but also in the sustainability of the project itself (Aven and Zio, 2016). Such integrated frameworks are essential in adoption in the private sector where the high-risk nature of the industry, including construction projects, IT projects, and financial projects, makes uncertainty one of the most critical factors in the projects.
Decision Theory
The theory of decision, which investigates the process whereby people and organisations make decisions under uncertainty is important in the process of integrating risk management in project decision making. Expected Utility theory (EUT) and Prospect Theory are two major theories in the field of risk decision-making. EUT assumes that the decision-makers will prefer an alternative that enjoys the largest expected utility with the results attached to that alternative in terms of their probability (Von Neumann and Morgenstern, 1944). Though Prospect Theory, as conjured by Kahneman and Tversky (1979), contradicts this by arguing that human beings are more likely to appreciate the losses as compared to the same gains, a condition called loss aversion.
These theories are used in project management because project managers determine the risks and weigh between the possible rewards and the risk of a project failure. Such a phenomenon is referred to work by Simon (1957) was named Bounded Rationality and implies that, because of the cognitive constraints, decision-makers are not able to consider all risks due to possible outcomes, but have to use heuristics and simplified models of decision-making. These observations about decision theory illustrate the intrinsic constraints on the process of decision-making and the necessity of formal risk management protocols to make decisions about a project despite uncertain circumstances (Tversky and Kahneman, 2021).
Systems Thinking Theory
The Systems Thinking Theory provides an overall perspective of project management with a focus on the interrelation of different components of the project. Under this approach, risks in one aspect of the project (e.g., financial risks) may flow to other aspects (e.g., time and quality), causing the cascading effect that may interrupt the success of the project (Senge, 1990). In complicated projects, like the construction and IT projects where different stakeholders and processes are interdependent on each other, these inter-relationships are important to have the risk properly managed.
Systems Thinking urges the project managers to consider the project as a complete entity, as opposed to individual components, and thus to be aware of the potential indirect risks and consequences that could affect it to avoid their effects. It also supports having ongoing feedback loops, risk management strategies that change dynamically as new risks arise or as project conditions are varied (Meadows, 2008). The systems thinking approach will allow project managers to create a more sustainable and responsive risk management approach, enhancing their decision-making in a manner that allows them to address uncertainty and complexities during the project lifecycle.
Stakeholder Theory
The Stakeholder Theory developed by Freeman (1984) emphasises the necessity to determine and respond to the interests and expectations of the entire community of stakeholders in the project. Stakeholders such as clients, contractors, employees, and investors are relevant when it comes to risk management and thus, the risk environment and project decisions. They are concerned and their priorities impact on the perception and management of risks during the project lifecycle.
In the projects of the private sector and, in particular, in such industries as construction, IT and finance, where several conflicting interests of different stakeholders come to play, the comprehension and regulation of such relations becomes particularly significant. Risk mitigation may be achieved through proper stakeholder involvement that allows aligning project objectives to stakeholder expectations, enhancing communication, and establishing trust (Mitchell et al., 2017). Stakeholder Theory, therefore, confirms that the efficient risk management process should be holistic and consider it in terms of both technical and social and political aspects, which affect decision-making.
Conceptual Framework
The theoretical model of the research study will be used to show how risk management practices can affect decision-making and eventually lead to project delivery in the private sector projects. This framework offers a platform for interbreeding the relationship between major variables, such as risk identification and risk assessment and mitigation strategies and how they affect project decisions at various phases, from initiation up to execution.
Conceptual Framework Diagram
It is also based on several theoretical foundations such as Risk Management Theory, Decision Theory, Systems Thinking, and Stakeholder Theory, which offer a perspective through which the process of integrating risk management into the process of making decisions can be viewed.
Risk Management Practices
The first element of the framework entails risk identification and risk assessment. The holistic approach taken with attractions of Enterprise Risk Management (ERM) based on risk at the organisational-wide level informs the manner in which risks are identified and analysed, and consequently addresses risks at the project and organisation levels. Another model that is frequently used with the assessment of the financial risk of investing in particular projects is Risk-Adjusted Return on Capital (RAROC), which is also relevant to project-related decision-making (Saunders and Allen, 2018).
Decision-Making Processes
The second element is the very process of decision-making. When it comes to decision-making, decision theories like Expected Utility Theory (Von Neumann and Morgenstern, 1944) and Prospect Theory (Tversky and Kahneman, 2021) can be used to determine how project managers balance risks and rewards involved in a decision. Bounded Rationality (Simon, 1957) further builds on this by viewing that the decision-makers are constrained by the cognitive biases and the incomplete information and require the application of risk management strategies to make the most informed decisions.
Project Outcomes
Risk Management and Project Outcomes framework
The last element is concerned with project outcomes- successful and unsuccessful projects on cost, time, quality, and satisfaction among stakeholders. There should be a relationship between risk management practices and the outcomes of projects since risk management directly influences the achievement of these goals by the project (Kerzner, 2023). Successful risk management is a way to reduce possible failures, increase the project’s flexibility, and increase the chances of having positive consequences.
Describing Theoretical Underpinnings
The Risk Management Theory acts as the backbone theory in explaining the manner in which risk is addressed within projects and organisations. It stresses the role of systematic frameworks, including the Enterprise Risk Management (ERM), that enable the integration of risk management into the strategic decision-making process. The theory is central in making the project successful, particularly in complex businesses where uncertainties and risks are critical to the success of the project. With ERM, organisations are able to evaluate and address organisational and project risks to enhance the quality of decision-making and overall project success (Mikes and Kaplan, 2015).
Subsequently, the Theory of Decision-making, which is the Prospect Theory, provides a psychological understanding of the manner in which decision-makers cope with uncertainty. This is a theory created by Kahneman and Tversky (2013) on the way project managers gain and lose when making decisions under risk. It emphasises that decision-makers are usually loss-averse, i.e. more pain of a loss than the pleasure of an equal gain. This theory is congruent with the conceptual framework as it provides an understanding of how risk evaluation is done by project managers, and how the opportunity cost is determined in terms of potential gains against the psychological outcome in regard to losses and the decision-making process that will influence the success of the project.
The Systems Thinking Theory adds a layer of understanding to the conceptual framework by demonstrating the interrelation of different parts of a project. This is a theory presented by Meadows (2008), which focuses on how the risks in one region of the project can affect other regions of the project and how the response towards a risk can lead to other risks. The interdependent approach assists project managers in comprehending the impact of their choices on project stages. Through the holism of the project, this theory upholds the necessity of yielding to recurrent risk management alterations as the project passes through various project stages, such as in its initiation, actualisation, and closure.
Finally, the Stakeholder Theory supports the value of stakeholder involvement in risk management. Freeman (1984) suggested that the interests and expectations of the stakeholders are important determiners of risks that should be handled. The Stakeholder Theory implies that a project manager should strike these interests in the right balance to achieve the successful completion of the project. On the framework of risk management, the concept of stakeholders participating in the decision-making process early in the process is critical in that the identification, management and mitigation of risks is performed properly and the decision made is more informed and acceptable. This theory helps keep the project on track and ends up fulfilling the expectations of all the stakeholders by ensuring that the risk management practices are aligned with the stakeholder interests.
Explanation of Conceptual Framework
These theoretical foundations are used as the conceptual framework of this study in examining the connection between risk management practice, decision-making processes and project outcomes of projects in the private sector. The framework reflects how Risk Management Theory on the identification, assessment, and mitigation of risks is applied, whereas the Decision Theory (especially Prospect Theory) underlies the decision-making behaviour of project managers under risky circumstances (Kahneman and Tversky, 2013). Systems thinking gives a wider perspective of the effects of decisions made in one phase which may impact other phases of the project and Stakeholder Theory makes sure that the interests of the stakeholders are taken into consideration during the decision of risk management (Freeman, 1984).
Collectively, these theories can be used to develop a solid model in which a project manager incorporates the risk management practice into the decision-making process and the effects of such practice on a project. The combination of these theoretical viewpoints enables the conceptual frame to conduct a thorough analysis of the processes that trigger project management success in high-risk areas such as construction, IT, and finance (Rad, 2018; Hillson, 2017).
Previous Literature
Early Studies and Foundational Work
Fundamental research in risk management and decision-making processes in the projects established the basis of the current risk management models. The main considerations in these early studies were to determine risks and their evaluation in projects with a strong focus on minimising the doubts and their possible effects. The part therein that was earlier emphasised was more on the quantitative measures of risk, and frameworks were more centered on ensuring that project teams were able to predict the risks and cushion against the possibilities. Among the pioneering and most impactful works was the study conducted by March and Shapira (1987), who examined the risk-taking behaviour in project management. They proposed the principle of bounded rationality, which acknowledged the fact that a decision-maker cannot access all the information to make a decision. This initial effort underlined that the project managers need to create the decision of only little information and judgment which affected the future studies on risk management by highlighting the shortcomings of information in decision-making. Their contribution provided the basis for researching the psychological facet of making decisions under risk (March and Shapira, 1987).
Risk Management Standard (ISO 31000) was published originally in 2009, and it provides an all-encompassing approach to risk management. This criterion was among the earliest to conceptualise risk management as a methodological and integrated procedure, which entails risk identification, evaluation and reduction. It gave a shared vocabulary of risk management within organisations that has allowed cross-industry comprehension and implementation of risk management principles. The ISO 31000 standard emerged as the standard to be followed by organisations around the world especially in the construction industry, the information technology industry, financial sector, among others and emphasised that organisations should integrate risk management with the strategic goals (ISO, 2009).
The second study that forms the basis of the risk management research at its initial stage was Kerzner (2017) the founder of the Project Management Body of Knowledge (PMBOK). One of the pieces of knowledge that the PMBOK concentrated on was risk management, which is critical to successful project management processes. Kerzner stressed that risk management was not a stand-alone operation but rather ought to be incorporated in all the project management stages, beginning with initiation and continuing up until completion. His work assisted in making risk management an important field in project management to shape the future research on the implications of risk management frameworks being integrated in the decision-making processes.
The pioneer works, despite their role in the development of the risk management practices, remained very narrow in focus on technical and did not profoundly analyse the role of risk management in strategic decision-making at the organisational level. They prepared the foundation of the future discourse of risk management way towards integration with organisational goals and strategic decision making, which was a researchable area of interest in later years.
Middle Grade Development (Progress in Risk Management)
As the complexity of the projects in the private sector had increased and the difficulties of risk management in the projects increased, the research on the framework of risk management evolved and incorporated more integrated approaches. During the intermediate period of the research process, researchers began to pay attention to the system of risk management integration into the comprehensive organisational and strategy decision-making processes.
A major step was made in the development of Enterprise Risk Management (ERM) frameworks, where the scope of risk management was expanded over project lines and cut across the entire organisation. Mikes and Kaplan (2015) contributed to the promotion of the ERM framework by claiming that organisations should consider risk management as a part of their business strategy instead of a separate activity. Their study revealed that risk management must be incorporated in the decision-making processes at every organisational level, not in the project teams alone. They added that ERM systems provide a holistic perspective of risk, through which decision-makers may learn about the hazards to the project and also the wider organisational hazards (Mikes and Kaplan, 2015).
Another pivotal change in the middle stage was the Risk-Adjusted Return on Capital (RAROC) model that was presented by Saunders and Allen (2018). This model enables organisations to measure the return on investment in this respect and to take the underlying risks. The combination of risk-adjusted returns has been very handy especially in the field of finance and information technology where decision-making on a project is usually accompanied by a heavy investment in the form of monetary gains. Saunders and Allen have shown that the incorporation of the risk management process with the monetary analysis of projects aids decision-makers in weighing risk and the possible returns, which makes it an invaluable strategic decision aid.
Moreover, Frigo and Anderson (2018) conducted research associated with the alignment of risk management strategies with organisational objectives. They offered that risk management is a fundamental component in the strategic planning and that organisations must not only handle risks but also pursue opportunities by taking risks. This new attitude towards risk prevention and taking opportunities was especially significant in the context of dynamic sectors such as IT and finance, where things quickly change and may pose threats, and where things may also offer opportunities. Their paper argued the need to take a more active stance toward risk management, where the decision-maker can treat risk as a possible source of generating innovation and gaining a competitive edge.
Venkatesh and Shankar (2018), who also studied the use of decision-making theories in risk management. They investigated the way this could be applied using decision theory, with special reference to Prospect Theory, where decision-making would be refined to more closely match risk management structures. They claimed that project managers were frequently biased during the making of decisions, a fact that could result in non-optimal decisions. By introducing Prospect Theory as part of their risk management tool, decision-makers can understand more about the psychological components of risk perceptions and be able to make better decisions.
Although these mid-stage studies added to the theoretical knowledge in risk management, an aspect of the framework’s application in real-time decision-making in the execution of projects was still missing. It started dawning on scholars that, though models like ERM and RAROC had a solid structure of identifying and dealing with risk, it was time to have more practical studies on the application of these models during the actual life cycle of the project. Although the theories had developed, little had been done with regard to the practical application of the links between these frameworks in the day-to-day decisions.
Early and Middle-Stage Studies Comparison
| Study | Key Focus | Contribution | Limitations |
| March & Shapira (1987) | Risk-Taking Behavior & Bounded Rationality | Highlighted cognitive limits in decision-making under risk | Limited to psychological aspects, lacked a broader framework |
| ISO 31000 (2009) | Risk Management Standard | Provided a systematic, organisation-wide risk approach | Lacked strategic decision-making integration |
| KerznerĀ (2017) | PMBOK Risk Management Framework | Integrated risk management across project phases | Focused more on technical, less on strategic decision-making |
| Mikes & Kaplan (2015) | Enterprise Risk Management (ERM) | Introduced a holistic, organisation-wide approach | Limited application to real-time decision-making |
| Saunders & Allen (2018) | Risk-Adjusted Return on Capital (RAROC) | Integrated financial evaluation with risk assessment | Primarily focused on financial risks |
| Frigo & Anderson (2018) | Aligning Risk Management with Strategy | Advocated for alignment of risk management with strategy | Lacked practical application in actual project decisions |
| Venkatesh & Shankar (2018) | Decision Theory & Risk Management | Applied Prospect Theory to improve decision-making | Focused on psychological factors, not practical frameworks |
These studies reflect a vital development in the risk management studies of the initial models which dealt with the reduction of the risk, to more comprehensive models that put the management of risk in the context of making strategic decisions. Nonetheless, an exact comprehension of how these frameworks are implemented in real-time project decisions is a gap that is yet to be fulfilled by future research including this.
Current Literature
During the past eight years (2018-2025), the studies of risk management and project decision-making have been transformed by the foundational studies on the effective integration, practical conditions and empirical verification of the studies in the context of the private sector. Increasingly modern research focuses not only on the existence of risk management frameworks but also on the way in which they influence and enhance decision-making in actual projects (Aven and Zio, 2016; Aven, 2020; Olawale and Sun, 2021).
The critical area of recent research is investigating the concept of integrating enterprise risk management (ERM) into real-time decision processes. A research study carried out by Arena et al. (2018) among multinational companies revealed that ERM leads to stronger decision-making, due to the validation of the identification and evaluation of strategic and operational risks. They find that organisations that have developed ERM not only become more aware of risks earlier, but also introduce risk expertise in strategic decision-making about resource, scope and change decisions. Nonetheless, Arena et al. admitted that ERM application is diffused due to the context, and its effect on the micro-level project decision-making is not sufficiently studied.
Equally, the article of Bhimani et al. (2019) examined the effectiveness of integrated risk reporting in improving managerial decision-making in the private sector companies. They point out that sharing the risk information, instead of keeping it within risk functions, helps decision makers in different departments, making them more competent in assessing the uncertainties. Their research found that dispersed access to risk data is substantially better in terms of decision quality, particularly in the early project processes. Though the authors highlighted these insights, they reported that risk literacy among the decision makers is not evenly distributed, thus restricting the systematic use of integrated risk information.
El Shenawany and Abouelazz (2020) is another important contribution to the works on the construction and engineering projects, which is frequently used as the high risk setup. In their study, the authors indicated that the use of formal risk registers and decision support systems enhanced the process of decision-making related to the selection of contractors, procurement procedures, and contingency planning. The difference in this work is that risk tools actually prompted the change of the decisions, rather than theoretical alignment. However, the only type of research they carried out was the large infrastructure projects, so there was a gap concerning the ability of their findings on how risk affects decision-making in less formal or smaller-scale environments.
Risk governance and leadership have also been studied recently. Hillson & Simon (2021) studied the interactions between project governance structures and the risk processes. They discovered that organisations with good governance (official roles, risk committees, and their escalation tracks) demonstrated better decision outcomes due to the elimination of the usual cognitive barriers, such as over-optimism. They did however observe that governance is not necessarily a sufficient condition to lead to improved decision making, but effective communication lines and feedback connections between risk functions and decision partners were also important.
Nguyen et al. (2022) examined the role of risk on decision-making in agile settings in the context of digital and IT projects within the private sector. Their research showed that iterative sprint reviews led to continuous risk assessment that enhanced real-time decision-making regarding scope change and listing of features. The main contribution to the present work is the fact that the dynamic review of risk in the project cadence can produce more robust decision streams. However, they were most relevant to agile models and not so universal to conventional project models.
A significant empirical research undertaken by Olawale and Sun (2021) involved a survey of the Nigeria private sector across industries and analysed the impact of risk management on decision-making by investors, budgeting, and contract negotiation. The conclusion they made was that the organisations having integrated risk structures were much more active in resource reassignments and contingency planning, key decision outputs attributed to project success. Nonetheless, their sample was very regionally limited, and there are concerns regarding its application in other markets.
Zhang et al. (2023) supplemented this literature review by directly examining the results of decisions – measures of operation success such as schedule compliance, cost variance, and stakeholder satisfaction – and correlating them to various degrees of maturity of risk management. Their findings showed a significant association between formal risk practices (e.g., risk dashboards, scenario analysis, etc.) and better decision outcomes. The given study is unique, as it operationalised the quality of decisions, not based on perceptions or frameworks.
Addition to above studies, recent research by Setyarini et al. (2024) and Arshad et al. (2025) have also given further information regarding risk management in banking and green construction projects, respectively. Setyarini et al. (2024) examined the idea of streamlining risk management plans in projects in the financial sector, emphasising the integrated frameworks facilitating resource distribution, and Arshad et al. (2025) looked at the sustainable risk management applied to a green construction.
Recent Studies
| Study | Focus | Key Contribution | Limitation |
| Arena et al. (2018) | ERM & Decision Making | Enhanced strategic decisions via ERM | Limited to multinational firms |
| Bhimani et al. (2019) | Integrated Risk Reporting | Advocated for decentralized risk data to improve decision-making | Mainly focused on financial sectors |
| El Shenawany & Abouelazz (2020) | Risk Registers in Construction | Demonstrated that risk registers aid decisions in contractor selection | Focused only on construction, not other sectors |
| Hillson & Simon (2021) | Risk Governance & Leadership | Emphasized governance structures in influencing risk decisions | Did not show actual decision changes in projects |
| Nguyen et al. (2022) | Agile Project Risk Management | Found continuous risk review improves agile decision making | Focused on IT projects only |
| Olawale & Sun (2021) | Risk in Nigerian Projects | Showed integrated risk frameworks improve resource allocation | Geographically specific to Nigeria |
| Zhang et al. (2023) | Risk Maturity & Project Outcomes | Linked risk management maturity to decision quality | Limited to large projects, not applicable to SMEs |
| Setyarini et al. (2024) | Risk Management in Banking | Examined risk optimization strategies in financial sector projects | Focused on financial industry |
| Arshad et al. (2025) | Risk Management in Green Projects | Investigated sustainable risk management in green construction projects | Limited to commercial construction in Pakistan |
Source: Self-Created
The table 2.2 is a brief overview of the recent research on risk management and decision-making with regard to projects in the private sector. A row has been used to represent a study, its major focus, its contribution to risk management, and its limitations. As an illustration, the article by Arena et al. (2018) explored Enterprise Risk Management (ERM) and its influence on the strategic decision-making process, but because they focused on multinational organisations, the study was small by definition. On the same note, Nguyen et al. (2022) investigated risk management in agile IT, which demonstrated how risk reviews during the continuum of the projects increase the quality of the decisions, but their spectrum was limited to IT projects. The contributions and gaps in the current research mentioned can be easily compared in this table and, therefore, inform the critical engagement to the readers and define the gaps that further investigation may address in the current dissertation.
Analysis of Prior Studies
Critical analysis of the latest research indicates that the literature has significant strong features or gaps. One of the most prominent strengths in the recent literature review is the move towards the real analysis of risk management integrated into decision-making, not just using descriptive frameworks. An example of such is Arena et al. (2018) and Zhang et al. (2023) who associate formal risk practices with quantifiable decision results, which is a significant step forward compared to the past, where most research focused more on identifying risks than on acting on them. Moreover, the study in the context of agile and digital projects (Nguyen et al., 2022) represents a significant development pattern of analysing risk dynamics in the iterative setting.
Nevertheless, a number of limitations still exist. A large number of studies are contextual, either limited to a type of project (e.g., construction), or a national setting (e.g., Olawale and Sun, 2021) and, thus, cannot be generalised. Also, although several studies investigate organisational factors and the governance systems, it less intently looks at cognitive and behavioural biases in reflections of decision makers in actual project situations. This gap is significant because psychological factors were shown to affect decision-making under uncertainty (Tversky and Kahneman, 2021), but they rarely served in empirical risk decision models.
The other limitation that is observed is methodological: some of the studies depend on cross-sectional surveys or qualitative case information that reflects significant perspectives but does not allow for making causal conclusions. Future studies would address the limitations of the evidence base by incorporating longitudinal data with mixed methods and validating the relationship between risk practices and the resultant changes in decision behaviours.
In conclusion, the current literature is an improvement in terms of connecting risk frameworks with decision outcomes, but superior and generalizable models with empirical support across industries are still needed, a gap which this dissertation aims to fill.
Research Gaps
Although there is great development in risk management frameworks and their application in the decision-making process, there are still some gaps in the literature especially on the practical application of the frameworks in various phases of the project lifecycle (Ojo, 2025).
Lack of Research on Risk Management in Project Decision-Making
Although the existing literature demonstrates the relevance of risk management frameworks to the project (e.g., ERM, RAROC), a large part of the literature emphasises the identification and evaluation of risk at the organisational level without taking a closer look at how the mentioned frameworks are implemented in the decision-making processes at the initial stages of a project. Despite the efforts to elaborate the structured risk strategies through the frameworks (like PMBOK and ISO 31000), there is a massive disclosure in how risk management is incorporated into the decisions undertaken when initiating, planning, and executing projects (Kerzner 2017; ISO 31000, 2009). These initial decisions play such a vital role because it provides the basis of the whole project but is most usually based on in-depth risk understanding, or actual real-time risk information, a matter that this research is aimed at zeroing in on.
Impact of Culture and Leadership on Risk Management
Another gap in the literature is that there is no focus on how the practices of risk management can be affected by organisational culture and leadership. Although other researchers such as Hillson and Simon (2021) have examined the importance of governance in decision-making, scant information has been provided on the effect leadership styles and organisational culture have on managing risks as a decision-making process and implementing risk management strategies in project decision-making. The way in which risk is perceived and managed is an essential issue that depends on such aspects as leadership communication, team dynamics, and organisational values. The awareness of the correlation between culture and leadership with modification of risk behaviour and decisions can increase the flexibility (Venkatesh and Shankar, 2018).
Need for Sector-Specific Studies on Risk Management Barriers
Risk management frameworks also differ markedly in their application in various sectors and much of the research has generalised without taking up issue to sector challenges. Construction of industries, IT and finance industries have their own peculiar challenges in the implementation of these frameworks. An example is that IT projects are usually exposed to technological upheavals and changing market trends, whereas construction projects are extremely susceptible to external risks of changes in law and the environment. More studies are required on how sector-specific variables influence the integration and use of risk management practices and how these frameworks can adapt to the unique needs of the sectors (Olawale and Sun, 2021; El-Shenawany and Abouelazz, 2020).
The dissertation will fill these gaps by trying to understand the integration of risk management frameworks into decision-making processes at all phases of the project lifecycle with special reference being given to initiation, planning and implementation of a project. It will delve into organisational culture and organisational leadership as important players in achieving how risk is managed and decisions are made, and more so, the leadership styles, the team dynamics and the communication processes. Moreover, the study will also look at the industry-specific issues encountered by the projects in the construction, IT and finance industries and how the risk management structures can be modified to address the individual issues (Olawale and Sun, 2021). This literature will fill these gaps and hence offer more delicate insights into the incorporation of risk management in the decision-making process, especially in the areas of high risk.
Summary
This literature review has discussed how risk management framework models have evolved and the manner in which they have been incorporated in the decision-making activities of projects in the private sector. Early research has provided the basis of how risk management can be important in making projects successful, but more recent ones have turned to how such structures can affect real-time decision-making in the execution of the project. Regardless of these progresses, there are still some gaps in research such as how risk management frameworks are used at the early phases of a project life cycle, especially in decision making. Furthermore, the role of organisational culture and leadership in determining risk management processes is underexplored and research on the industry-specific issues that the construction, IT and finance industries may face when implementing risk management frameworks needs to be done.
The proposed research will fill these gaps by concentrating on the integration of risk management frameworks in all phases of the project lifecycle and specifically its initiation, planning, and execution. The role played by organisational culture and leadership will also be discussed and the research will directly examine the role of sector-specific factors in risk management practice application. Through the filling of these gaps, the dissertation will join the more comprehensive approach to understanding how risk management might improve the decision-making process of personal sector projects, and especially of high-risk environments.