The development of analysis methodology of financial risks of projects in IT sphere

Authors

DOI:

https://doi.org/10.15587/2706-5448.2026.352430

Keywords:

risk analysis, general data protection regulation (GDPR), IT project, Monte-Carlo method, financial analysis

Abstract

The object of research is methodology for analysis of the financial risks of IT projects related to organizations' compliance with the General Data Protection Regulation (GDPR).

In this article, the authors assess the financial risks of two projects that can be considered and analyzed by organizational management to bring existing software and processes into compliance with the aforementioned GDPR requirements. The first project considered by the organization involves the development of appropriate software for users’ personal data storage, protection and processing by a dedicated internal team of specialists, with the possibility of further commercialization of the developed product by selling a ready-to-use software and services package to partners and other clients. The second solution considered is a project in which the responsibility for personal data processing, storage and protection is transferred to a third party, and the organization purchases a ready-to-use package of software and related services from them.

The results of the financial risk analysis of these projects indicate that the in-house software development project is less risky and more reasonable in the long-term perspective. This is due to the fact that it provides a 231 times lower probability of exceeding the planned budget benchmark compared to the alternative project.

The risk analysis model described in the article can be used to assess financial risks of projects not only within the IT industry but also, after certain adaptations, in other business entities.

Author Biographies

Anton Ostapets, State University of Trade and Economics

PhD Student

Department of Financial Analysis and Audit

Iryna Parasii-Verhunenko, State University of Trade and Economics

Doctor of Economic Sciences, Professor

Department of Financial Analysis and Audit

Kostiantyn Bezverkhyi, State University of Trade and Economics

Doctor of Economic Sciences, Associate Professor

Department of Financial Analysis and Audit

Mykola Matiukha, Kyiv National University of Technologies and Design

PhD, Associate Professor

Department of Economics

Oleksandr Yurchenko, Borys Grinchenko Kyiv Metropolitan University

PhD

Department of International Economics

References

  1. Akomea-Frimpong, I., Jin, X., Osei-Kyei, R. (2020). A holistic review of research studies on financial risk management in public–private partnership projects. Engineering, Construction and Architectural Management, 28 (9), 2549–2569. https://doi.org/10.1108/ecam-02-2020-0103
  2. Bai, L., Shi, H., Kang, S., Zhang, B. (2021). Project portfolio risk analysis with the consideration of project interdependencies. Engineering, Construction and Architectural Management, 30 (2), 647–670. https://doi.org/10.1108/ecam-06-2021-0555
  3. Bezverkhyi, K., Hnylytska, L., Yurchenko, O., Poddubna, N. (2023). Analytical procedures of the audit of integrated reporting of corporate enterprises. Financial and Credit Activity Problems of Theory and Practice, 3 (50), 87–101. https://doi.org/10.55643/fcaptp.3.50.2023.4045
  4. Chen, H. L. (2023). Influence of supply chain risks on project financial performance. International Journal of Production Economics, 260, 108870. https://doi.org/10.1016/j.ijpe.2023.108870
  5. Kim, B.-C. (2023). Dependence Modeling for Large-scale Project Cost and Time Risk Assessment: Additive Risk Factor Approaches. IEEE Transactions on Engineering Management, 70 (2), 417–436. https://doi.org/10.1109/tem.2020.3046542
  6. Love, P. E. D., Ika, L. A., Matthews, J., Fang, W. (2024). Risk and Uncertainty in the Cost Contingency of Transport Projects: Accommodating Bias or Heuristics, or Both? IEEE Transactions on Engineering Management, 71, 205–219. https://doi.org/10.1109/tem.2021.3119064
  7. Vegas-Fernández, F. (2022). Project Risk Costs: Estimation Overruns Caused When Using Only Expected Value for Contingency Calculations. Journal of Management in Engineering, 38 (5). https://doi.org/10.1061/(asce)me.1943-5479.0001064
  8. Otniel, D., Claudiu, B., Lorena, B., Felician, A. (2019). Characteristics of Effective IT Project Risk Management in Romanian IT Companies. Economic Computation and Economic Cybernetics Studies and Research, 53 (4/2019), 177–193. https://doi.org/10.24818/18423264/53.4.19.11
  9. Singh, B., Henge, S. K. (2021). Access Risk Management for Arabian IT Company for Investing Based on Prediction of Supervised Learning. Journal of Risk Analysis and Crisis Response, 11 (3). https://doi.org/10.54560/jracr.v11i3.300
  10. Lipyanina, H., Maksymovych, V., Sachenko, A., Lendyuk, T., Fomenko, A., Kit, I. (2020). Assessing the Investment Risk of Virtual IT Company Based on Machine Learning. Data Stream Mining & Processing, 167–187. https://doi.org/10.1007/978-3-030-61656-4_11
  11. Guan, L., Abbasi, A., Ryan, M. J. (2021). A simulation-based risk interdependency network model for project risk assessment. Decision Support Systems, 148, 113602. https://doi.org/10.1016/j.dss.2021.113602
  12. Liang, D., Wang, M., Xu, Z., Chen, X. (2019). Risk interval-valued three-way decisions model with regret theory and its application to project resource allocation. Journal of the Operational Research Society, 72 (1), 180–199. https://doi.org/10.1080/01605682.2019.1654939
  13. Liu, Z., Ding, R., Wang, L., Song, R., Song, X. (2023). Cooperation in an uncertain environment: The impact of stakeholders’ concerted action on collaborative innovation projects risk management. Technological Forecasting and Social Change, 196, 122804. https://doi.org/10.1016/j.techfore.2023.122804
  14. Ferreira de Araújo Lima, P., Marcelino-Sadaba, S., Verbano, C. (2021). Successful implementation of project risk management in small and medium enterprises: a cross-case analysis. International Journal of Managing Projects in Business, 14 (4), 1023–1045. https://doi.org/10.1108/ijmpb-06-2020-0203
  15. Testorelli, R., Ferreira de Araújo Lima, P., Verbano, C. (2020). Fostering project risk management in SMEs: an emergent framework from a literature review. Production Planning & Control, 33 (13), 1304–1318. https://doi.org/10.1080/09537287.2020.1859633
  16. Dhande, J., Rane, P., Dhande, H. (2025). Influence of Project Risk Management in Micro and Small-Scale Industries on Workers’ Occupational Health to Enhance Productivity: An Ergonomic Approach. International Journal of Industrial Engineering and Management, 16 (1), 52–63. https://doi.org/10.24867/ijiem-370
  17. Elseknidy, M., Al-Mhdawi, M. K. S., Qazi, A., Ojiako, U., Mahammedi, C., Rahimian, F. P. (2025). Developing a sustainability-driven risk management framework for green building projects: A literature review. Journal of Cleaner Production, 519, 145891. https://doi.org/10.1016/j.jclepro.2025.145891
  18. Koc, K., Kunkcu, H., Gurgun, A. P. (2023). A Life Cycle Risk Management Framework for Green Building Project Stakeholders. Journal of Management in Engineering, 39 (4). https://doi.org/10.1061/jmenea.meeng-5361
  19. Nguyen, H. D., Macchion, L. (2022). A comprehensive risk assessment model based on a fuzzy synthetic evaluation approach for green building projects: the case of Vietnam. Engineering, Construction and Architectural Management, 30 (7), 2837–2861. https://doi.org/10.1108/ecam-09-2021-0824
  20. Wan, Q., Miao, X., Wang, C., Dinçer, H., Yüksel, S. (2023). A hybrid decision support system with golden cut and bipolar q-ROFSs for evaluating the risk-based strategic priorities of fintech lending for clean energy projects. Financial Innovation, 9 (1). https://doi.org/10.1186/s40854-022-00406-w
  21. Nyqvist, R., Peltokorpi, A., Seppänen, O. (2024). Can ChatGPT exceed humans in construction project risk management? Engineering, Construction and Architectural Management, 31 (13), 223–243. https://doi.org/10.1108/ecam-08-2023-0819
  22. Tian, K., Zhu, Z., Mbachu, J., Ghanbaripour, A., Moorhead, M. (2025). Artificial intelligence in risk management within the realm of construction projects: A bibliometric analysis and systematic literature review. Journal of Innovation & Knowledge, 10 (3), 100711. https://doi.org/10.1016/j.jik.2025.100711
  23. Sivan, A., Priya, K. (2025). Quantum computing and risk prediction accuracy: an analysis of IT companies’ risk appetite. International Journal of Business and Systems Research, 19 (2), 111–139. https://doi.org/10.1504/ijbsr.2025.145483
  24. Nazarova, K., Bezverkhyi, K., Nezhyva, M., Hordopolov, V., Nehodenko, V. (2022). Regression analysis of operating profit of the company. Financial and Credit Activity Problems of Theory and Practice, 4 (45), 124–132. https://doi.org/10.55643/fcaptp.4.45.2022.3667
  25. Parasii-Verhunenko, I., Yurchyshyn, Y., Bezverkhyi, K., Hryshchenko, N., Nazarova, K., Pryimak, N. (2023). Comparative analysis of efficiency and utilization completeness of resource potential in trading enterprises: methodological aspects. Financial and Credit Activity Problems of Theory and Practice, 4 (51), 245–260. https://doi.org/10.55643/fcaptp.4.51.2023.4099
  26. Jiang, W., Jiang, J., Martek, I., Jiang, W. (2025). Critical risk management strategies for the operation of public–private partnerships: a vulnerability perspective of infrastructure projects. Engineering, Construction and Architectural Management, 32 (7), 4771–4795. https://doi.org/10.1108/ecam-12-2023-1292
  27. Jiang, W., Martek, I., Hosseini, M. R., Chen, C. (2019). Political risk management of foreign direct investment in infrastructure projects: Bibliometric-qualitative analyses of research in developing countries. Engineering, Construction and Architectural Management, 28 (1), 125–153. https://doi.org/10.1108/ecam-05-2019-0270
  28. Kaur, P., Askri, S., Majeed, J., Iqbal, N., Peel, R., Armosh, F. et al. (2025). Social Media’s Contribution to Risk Management Strategies for UK-Based IT Companies. Technology and Innovative Management as Drivers of Sustainable Progress, 247–294. https://doi.org/10.4018/979-8-3373-2858-4.ch011
  29. Nabawy, M., Gouda Mohamed, A. (2022). Risks assessment in the construction of infrastructure projects using artificial neural networks. International Journal of Construction Management, 24 (4), 361–373. https://doi.org/10.1080/15623599.2022.2156902
  30. Naidu, Dr. K., Ghangare, Prof. A., Chhajer, K. (2019). Measurement of Volatility of Selected IT Companies in Context of National Stock Exchange and Assessment of Risk Factors From an Investor’s Point of View. International Journal of Recent Technology and Engineering (IJRTE), 8 (3), 8491–8495. https://doi.org/10.35940/ijrte.c4889.098319
  31. Nazarova, K., Bezverkhyi, K., Hordopolov, V., Melnyk, T., Poddubna, N. (2021). Risk analysis of companies’ activities on the basis of non-financial and financial statements. Agricultural and Resource Economics: International Scientific E-Journal, 7 (4), 180–199. https://doi.org/10.51599/are.2021.07.04.10
  32. Matthews, J., Love, P. E. D., Porter, S. R., Fang, W. (2022). Smart data and business analytics: A theoretical framework for managing rework risks in mega-projects. International Journal of Information Management, 65, 102495. https://doi.org/10.1016/j.ijinfomgt.2022.102495
  33. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (2016). European Union. Available at: https://eur-lex.europa.eu/eli/reg/2016/679/oj
  34. GDPR Enforcement Tracker. Available at: https://www.enforcementtracker.com
  35. LLC taxation in Ukraine. Available at: https://buh.ua/en/taxation-of-llc
  36. Rynok orendy ofisnoi nerukhomosti v Ukraini (cherven 2025): tendentsii ta analityka (2025). Available at: https://gisuvecon.com/main/105/rinok-orendi-ofisnoyi-neruhomosti-v-ukrayini-cherven-2025-tendenciyi-ta-analitika/
  37. Zarplaty menedzheriv v IT, lito 2025: yak zminylysia za piv roku (2025). Available at: https://dou.ua/lenta/articles/salary-report-managers-summer-2025/
  38. Salaries Software Engineer (Middle-Senior) (2025). DOU.ua. Available at: https://jobs.dou.ua/salaries/?period=2025-06&group=1&position=Software%20Engineer&title=4
  39. Salaries Full Stack Software Engineer (Junior-Middle) (2025). DOU.ua. Available at: https://jobs.dou.ua/salaries/?period=2025-06&group=1&position=Software%20Engineer&title=3&specialization=Full%20Stack
  40. Salaries Security Engineer (Senior) (2025). DOU.ua. Available at: https://jobs.dou.ua/salaries/?period=2025-06&group=7&position=Security%20Engineer&title=4&experience=5-10
  41. Salaries Automation QA (Middle) (2025). DOU.ua. Available at: https://jobs.dou.ua/salaries/?period=2025-06&group=2&position=QA/QC/SDET&title=3&specialization=Automation%20QA
  42. Noutbuky dlia biznesu. TELEMART.UA Available at: https://telemart.ua/ua/laptops/filter/for-business/?srsltid=AfmBOopsoxBVSijztL_N3NyfKoU3q7MBuNL8HCB-jzTbq-ScW6NeilL8
  43. Servery. EServer. Available at: https://e-server.com.ua/uk/aktivne-obladnannja/serveri
  44. Software Development Costs: Your Comprehensive 2025 Guide (2025). Fiverr International Ltd. Available at: https://www.fiverr.com/resources/costs/software-development
  45. Webb, K. (2022). How much does ISO 27001 certification cost? Strike Graph. Available at: https://www.strikegraph.com/blog/how-much-does-iso-2700-certification-cost
  46. Gschwentner, M. (2025). Cheap Cloud Storage: Who Has the Best Value for Money? EXPERTE.com. Available at: https://www.experte.com/cloud-storage/cheap-cloud-storage
  47. Data Loss Prevention Software Cost (2024). Strac. Available at: https://www.strac.io/blog/data-loss-prevention-software-cost
  48. 10 Best Compliance Software for 2025: Compare Their Features, Pros, Cons and Pricing. Scrut Automation. Available at: https://www.scrut.io/post/best-compliance-software
  49. Data protection officer salary guide Ireland. Morgan McKinley. Available at: https://www.morganmckinley.com/ie/salary-guide/data/data-protection-officer/ireland
  50. Moore, M. How to Become a Data Protection Officer. Available at: https://onlinedegrees.sandiego.edu/data-protection-officer-career-guide/
  51. Internal vs. external data protection officer: Which is right for your business? Available at: https://www.dataguard.com/en-gb/internal-vs-external-data-protection-officer/
  52. Compliance automation software. Usercentrics. Available at: https://usercentrics.com/knowledge-hub/compliance-automation-software/
The development of analysis methodology of financial risks of projects in IT sphere

Downloads

Published

2026-02-28

How to Cite

Ostapets, A., Parasii-Verhunenko, I., Bezverkhyi, K., Matiukha, M., & Yurchenko, O. (2026). The development of analysis methodology of financial risks of projects in IT sphere. Technology Audit and Production Reserves, 1(4(87), 6–20. https://doi.org/10.15587/2706-5448.2026.352430

Issue

Vol. 1 No. 4(87) (2026): Economics of enterprises. Macroeconomics

Section

Economics and Enterprise Management

License

Copyright (c) 2026 Anton Ostapets, Iryna Parasii-Verhunenko, Kostiantyn Bezverkhyi, Mykola Matiukha, Oleksandr Yurchenko

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.