Measurement of Project Risk Management Maturity Level using

Project Management Maturity Model (PMMM): Case Research a

Telecommunication Company in Indonesia

Akhmal Muammar Dwiki Rafsanjani, Devi Pratami, Achmad Fuad Bay and Ageak Raporte Bermano

School of Industrial Engineering, Telkom University, Jl. Telekomunikasi Terusan Buah Batu No.1, Bandung, Indonesia

Keywords: Risk, Project Management Maturity Model, Project Risk Management, Construction, Project-Based

Organization

Abstract: Construction projects are highly dynamic, but have a lot of risks in every field of work. To reduce the

occurrence of a risk to the project, it is obligatory to do project risk management to avoid losses to the

project time, cost, and quality. Evaluation of risk management also needs to be done to improve the quality

of project risk management. Hence, this research aims to improve project management in one of the project-

based organizations in Indonesia by measuring the maturity level of project risk management. This research

uses the Project Management Maturity Model (PMMM) as its framework with seven risk management

processes as its criteria. This criterion will be used to compile a self-assessment survey that will be

disseminated to gather evidence. This research also carried out the weighting and ranking of these criteria

using the Analytical Process Hierarchy (AHP) method. The results of this research found that from the

results of weighting and ranking that the criteria of priority are plan risk management, and the maturity level

obtained in the six risk management processes at level 1which is the initial process, and one process at level

4 which is the managed process. Overall, the maturity level of PBO project risk management is currently at

level 1, which is the initial process.

1 INTRODUCTION

Construction projects have close links with

economic, social, and infrastructure development for

any country. Construction projects can provide

employment, encourage growth, and act as a link

between other sectors and the economy (Dixit et al.,

2018). The construction project itself is a dynamic

field and has a lot of risks, especially construction

projects which are very flexible and complex have a

very high risk because it is implemented outside and

involves many parties (Alifen, Setiawan, and

Sunarto, 1999). When working on a construction

project, it is very important to do risk management

to avoid loss of costs, qualities, and project

schedules. Risk management is an approach taken to

risk by understanding, identifying, and evaluating

the risk of a project (Labombang, 2011).

Yazdanifard and Ratsiepe (2011) stated that one of

the main problems of project management is the

poor risk management implemented by the company

because of risk management covers and influences

all activities in a project. In a research conducted by

Pratami, Fadlillah and Haryono (2018) on one of the

telecommunications construction projects, there

were found 27 risks with a very high level, 6 risks

with a high level, and 3 risks with a very low level

so a risk assessment is needed when the project will

begin to find out the risks contained in the project.

The results of the Project Management Institute's

(2018) research stated that poor project performance

was occurred due to low levels of project

management maturity. The level of project

management maturity allows organizations to

identify how to improve project performance

(Brookes et al., 2014). This was reinforced by the

research conducted by Kaming and Setyanto (2009),

which stated that there is a relationship between the

maturities of project management with the level of

success of project implementation. Therefore it is

important to know the extent of the achievement of

organizational performance through the level of

maturity of its project management

Rafsanjani, A., Pratami, D., Bay, A. and Bermano, A.

Measurement of Project Risk Management Maturity Level using Project Management Maturity Model (PMMM): Case Research a Telecommunication Company in Indonesia.

DOI: 10.5220/0009405900760083

In Proceedings of the 1st International Conference on Industrial Technology (ICONIT 2019), pages 76-83

ISBN: 978-989-758-434-3

(Hartono, Wijaya and Arini, 2014).

To explain this research in more detail, a

research case was taken at one of the PBO (Project-

Based Organizations) in Indonesia engaged in

telecommunications services and networks. The

project management problem is one of the issues in

this organization, especially in project risk

management. Therefore the purpose of this research

is to identify the maturity level of the organizational

project risk management in order to improve the

performance of project risk management

implementation.

This research is expected to have a contribution

to developing project risk management maturity

assessment by using the PM Solutions project

management maturity model (PMMM), as the PM

Solutions model has not all yet integrated with

PMBOK 6

edition. This research gives additions to

implement risk response and monitor risk process to

the maturity assessment in order to be integrated

with the PMBOK 6

edition. The result of this

research can also be used in other projects and

organizations engaged in construction, especially

telecommunication construction, to escalate the

maturity level of their project risk management.

2 LITERATURE REVIEW

2.1 Analytic Hierarchy Process (AHP)

Analytic Hierarchy Process is a measurement

method used to obtain an assessment of the scale

made consisting of and continuous (Saaty, 1987).

AHP has special applications in making group

decisions and is used throughout the world in

various decisive circumstances in fields such as

government, business, industry, health care, and

education (Saaty, 2008).

The procedure for conducting AHP can be

summarized as follow (Saaty, 2008):

 Define the research problem and form it into a

hierarchy. The hierarchy contains objectives,

criteria, and alternatives;

 Make a pairwise comparison matrix filled

with a comparison of elements in pairs

according to the criteria;

 The assessment synthesis to produce a whole

set of priorities for the hierarchy;

 Check the consistency of the assessment;

 The final decision will be obtained based on

the process that has been done.

2.2 Project Management Maturity

Model (PMMM)

Project Management Maturity Model (PMMM) is a

tool developed and used to measure the level of

project management maturity (Patel, Sharma, and

Shah, 2016). PMMM is a conceptual framework

where the project management process can be

optimized to improve organizational capability

efficiently. PMMM has been used as a reference to

measure the level of project management maturity in

various industries. PMMM offer best practice to

assist organizations determine the maturity of the

organizational project management processes, map

logical pathways to improve organizational

processes, determine priorities for short-term

process improvement actions, find out the need for a

project management office and assess compliance

with organizational structure, track progress towards

improvement plans project management, building a

culture of project management excellency

(Crawford, 2015).

Plan Risk

Management

Identify Risk

Perform Qualitative

Risk Analysis

Perform Quantitative

Risk Analysis

Plan Risk Response

Implement Risk

Response

Monitor Risk

Project Risk

Management Process

Figure 1: Project Risk Management Hierarchy Process

Measurement of Project Risk Management Maturity Level using Project Management Maturity Model (PMMM): Case Research a

Telecommunication Company in Indonesia

Figure 2: PM Solutions Project Management Maturity Model

3 RESEARCH METHODOLOGY

3.1 AHP Implementation

The Analytic Hierarchy Process used in this research

aims to weight and rank the project risk management

process because AHP can be applied to prioritize

available criteria by weighting criteria and ranking

(Forman and Gass, 2001). Weighting is

implemented by expert judgments that have

experience in telecommunications construction

project work. AHP in this research has seven

criteria, which are project risk management

processes obtained from PMBOK 6th Edition. The

hierarchy arrangement in this research is shown in

Figure 1.

3.2 Model Determination

This research uses the PM Solutions Project

Management Maturity Model (PMMM) as the

maturity model. The PM Solutions model was

developed by a team of experienced project

managers and has been successful in helping many

ProjectManagementMaturityModel

LEVEL1

Initi al Process

LEVEL2

Structured

Processand

Standards

LEVEL3

Organizational

Standardsand

Institutional

Process

LEVEL4

Managed

Proce ss

LEVEL5

Optimizing

Process

Project

Integeration

Management

Project

Scope

Management

Project

Time

Management

Project

Cost

Management

Project

Quality

Management

Project

HumanResource

Management

Project

Communication

Management

Project

Risk

Management

Project

Procure ment

Management

Project

Stake holder

Management

ProjectRiskManagementis

broken downintospesisf ic

1.Planrisk management

2.IdentifyRisk

3.PerformQualitativeRisk

Anal ysis

4.PerformQuantitativeRisk

Anal ysis

5.PlanRiskResponse

6.ImplementRiskResponse

7.Moni torRisk

Spe ciﬁccomponentsareused

tomeasurematurityand

de velopactionplans

Maturi tyLevel

ICONIT 2019 - International Conference on Industrial Technology

companies measure their level of maturity (Grant

and Pennypacker, 2015). The structure of the PM

Solutions Model is shown in Figure 2, and this

model has been defined by the process of project

risk management in accordance with the standards of

the PMBOK 6

edition.

The model of PM Solutions has five levels of

maturity that is in correspond with the structure of

the SEI Capability Maturity Model (Grant and

Pennypacker, 2015). In table 1, the maturity level is

further described and adjusted to project risk

management (Crawford, 2015):

Table 1: Explanations of each maturity level

Level Description

Level 1: Initial Process

The organization does not

have a method or approach

related to PRM, and the

process is only done on an

ad hoc basis, management

awareness related to

project risk management is

very low

Level 2: Structured

Process and Standards

There is a PRM process,

but it is only used for large

scale project, management

has supported the

implementation of project

risk management

Level 3: Organizational

Standards and

Institutionalized Process

All PRM processes have

standards for all projects

and can be reused; the

processes and standards

used by the organization

are formally documented.

Level 4: Managed

Process

The PRM process has been

integrated with

organizational processes

and systems, and

management has mandated

to comply with the PRM

process, there is an

analysis of project

performance

Level 5: Optimizing

Process

There is a process to

measure the effectiveness

and efficiency of the

project, and there are

lessons learned,

management is more

focused on continuous

improvement

3.3 Designing Self-Assessment Survey

The self-assessment survey was designed with

adjustments to the description of the maturity level

of the PM Solutions model and consisted of 48

question items. The self-assessment will be given to

three company managers, project managers, and the

project team to be filled in accordance with

company conditions accompanied by evidence to

support the assessment. The evidence will be

validated to ascertain whether the evidence is in

accordance with the criteria or not.

3.4 Validation of Research Result

Validation is done after the result of AHP

management and project risk management maturity

level measurement is obtained. The validation is

done with the help of expert judgment. Expert

judgment is determined through several criteria such

as already having project management certificate,

experience in project management, and around ten

years' experience in the construction project,

especially telecommunication constructions.

4 RESULT

4.1 Weighting and Ranking of AHP

The results of the weighting implemented by the

expert judgment are included in the comparison

matrix of the results of the recapitulation of

comparison criteria including plan risk management,

identify risk, perform a qualitative risk analysis,

perform a quantitative risk analysis, plan risk

response, implement risk response, and monitor risk.

Then normalize the project risk management

maturity criteria until the weighting and ranking of

the project risk management criteria are shown in

Table 2.

Measurement of Project Risk Management Maturity Level using Project Management Maturity Model (PMMM): Case Research a

Telecommunication Company in Indonesia

Figure 3: Result of Project Risk Management Maturity Level

Based on Table 2 it can be deduced that the order

of importance of the project risk management

maturity criteria from highest to lowest in a row are

plan risk management, identify risk, perform a

qualitative risk analysis, plan risk response,

implement risk response, monitor risk, and perform

a quantitative risk analysis

Table 2: Result of AHP

Criteria Priority

Vector

Percentage Rank

Plan Risk

Management

0,28 28% 1

Identify Risk 0,19 19% 2

Perform Qualitative

Risk Analysis

0,15 15% 3

Plan Risk Response 0,14 14% 4

Implement Risk

Response

0,11 11% 5

Monitor Risk 0,08 8% 6

Perform

Quantitative Risk

Analysis

0,05 5% 7

4.2 Project Risk Management Maturity

Level

The results of the assessment of the project risk

management maturity level on PBO presented in the

form of a spider web diagram in Figure 3 can be

obtained that there is a process that is at level 4

(managed process), which is risk monitor. This can

be stated that the company in this process has been

in a managed process. This means that at that level,

the company has integrated the risk monitoring

process with the processes that are in the company.

Management has given the mandate to comply with

regulations on the risk monitoring process. In

implementing the risk monitoring process, the

company is already in accordance with the views of

the organization. In making a decision, the company

has used data. It also makes risk monitoring a

process with the highest level.

In contrast to the risk monitor in the risk

management plan process, identify risk, perform a

qualitative risk analysis, perform a quantitative risk

analysis, plan risk response, and implement risk

response, the company is only at level 1, which is

the initial process. This means that the company

does not yet have a standard and basic process in

implementing the six processes. This is caused by

the lack of awareness and understanding of

management related to the implementation of project

risk management.

Overall, based on PMMM, the risk level of the

company's project management is still at level 1,

which is the initial process. It can be concluded

because in determining the level of maturity must be

taken from the lowest level because to reach a level,

and then all criteria must be met. So that the

achievement level cannot move to the next level

before all criteria have been fulfilled (Crawford,

2015). The company needs a lot of improvement

Plan Risk

Management

Identify Risk

Management

Perform Qualitative

Risk Management

Perform Quantitative

Risk Management

Plan Risk Response

Implement Risk

Response

Monitor Risk

PROJECT RISK MANAGEMENT MATURITY LEVEL

ICONIT 2019 - International Conference on Industrial Technology

from many aspects to increase the level of maturity.

This is inversely proportional to the current

condition of the organization, which requires a high

level of project risk management maturity because

the projects that the organization is working on are

at the medium to a high level with contracts worth

hundreds of millions to billions of rupiahs, which

means it has many risks. All of these things will not

be achieved if there is no contribution from

management as well as the employees.

4.2.1 Plan Risk Management

In the plan risk management process, there are six

attributes that have been prepared based on the

maturity level, based on the results of the self-

assessment survey obtained that the company is

unable to meet the six attributes. It can be concluded

that in this process, the company is at level 1, which

is the initial process, where there is still a lack of

awareness of the company regarding the

implementation of risk management plans. This lack

of awareness means that the company has never

undertaken a risk management plan for the

undertaken projects and tends to ignore the

application of this process, thus creating no

document related to risk management that can be

used and accessed by the project team.

4.2.2 Identify Risk

In the identity risk process, there are six attributes

that have been arranged based on their level of

maturity. Based on the results of the self-assessment

survey, obtained that the company could fulfill three

attributes, including two attributes at level 1 and one

attribute at level 5, but the company remained at

level 1 which is the initial process because the

company was unable to meet the attributes at level 2

to level 4 even though the attribute at level 5 has

been fulfilled.

The company's inability to meet these attributes

is due to various things, namely:

 The company does not have a process

document to identify risks so other projects

cannot use the process;

 The company is more inclined to identify risks

in depth when these risks arise or when a

problem occurs;

 In identifying risks, the company has not yet

done it on a project scale, so it is more likely

to only consider in terms of time and cost

alone.

The inability of this company also affects the

lessons learned less maximally.

4.2.3 Perform Qualitative Risk Management

In the perform qualitative risk analysis process, there

are six attributes that have been arranged based on

their maturity level. Based on the results of the self-

assessment survey obtained that the company can

meet two attributes, namely attributes at level 1 and

at level 4. It can be said that the company is at level

1, which is the initial process because the company

cannot meet the attributes at level 2 and level 3. The

company is at level 1 strengthened by the fulfillment

of attributes stating that when risks are identified,

the project manager will spontaneously speculate on

the impact of these risks without using any

procedures.

4.2.4 Perform Quantitative Risk

Management

In the quantitative risk analysis process, there are six

attributes that have been arranged based on their

level of maturity. Based on the results of the self-

assessment survey obtained that the company can

meet one attribute, namely the attribute at level 5.

However, it can be said that the company is at level

1, namely the initial process, because the company

cannot meet the attributes at level 1 and level 4.

In this process, the company is able to meet the

attributes at level 5 in the form of lessons learned to

improve handling. However, in the lessons learned,

there are shortcomings; namely, the content in the

document is less than the maximum due to the non-

fulfillment of the attributes at the previous level.

4.2.5 Plan Risk Response

In the plan risk response process, there are 11

attributes that have been prepared based on the

maturity level. Based on the results of the self-

assessment survey obtained that the company can

meet two attributes, namely, attribute at level 3. It

can be said that the company is at level 1, namely

the initial process, because the company cannot meet

the attributes at level 1 to level 5.

The company's inability to meet these attributes

is due to various things, namely:

 The company is not able to meet the attributes

at level 1 that is because when planning the

risk response, the project team will carry out a

mitigation strategy when the risk has occurred.

The absence of mitigation strategies for future

events will cause the implementation of risk

responses not to be maximized. This

deficiency also reinforces the statement that

the company in this process is still at level 1;

Measurement of Project Risk Management Maturity Level using Project Management Maturity Model (PMMM): Case Research a

Telecommunication Company in Indonesia

 Next is company's inability to meet the

attributes at level 2 and level 3, it is caused by

the company not having standard procedure

documents in risk response planning so that

the project team does not have guidelines for

making or developing risk response planning;

 At level 3 attributes, the company is able to

fulfill two of the five attributes that have been

prepared. Both of these attributes have been

fulfilled because in developing the company's

risk response it has an application that has

been integrated with the company's cost and

time management, but the company has not

yet integrated with the financial and

accounting systems, strategic planning

processes, and PMO which causes the

company cannot fulfill other attributes;

 The last drawback is the company does not

have an allocation of the project contingency

costs, so it cannot be used to determine the

efficiency and effectiveness of the project.

4.2.6 Implement Risk Response

In the implementing risk response process, there are

six attributes that have been arranged based on their

maturity level. Based on the results of the self-

assessment survey obtained that the company can

only meet the attributes at level 3. So it can be said

the company is at level 1, namely the initial process,

because the company cannot meet the attributes at

level 1 to level 5.

The company's inability to meet these attributes

is due to various things, namely:

 Company is not able to meet the attributes at

level 1 because the company does not do a

formal risk response planning so that no risk

response documents are planned and agreed

upon;

 Company is not able to meet the attributes at

level 2 because the company does not have a

standard process in implementing the risk

response so that in the process of

implementing a risk the project team does not

use a standard process;

 Next, the company does not have a risk

response implementation report document so

that the implementation process cannot be

analyzed and evaluated. Also, the absence of

lessons learned from the process of

implementing the risk response that the

implementation process cannot be improved.

4.2.7 Monitor Risk

In the monitor risk process, there are seven attributes

that have been arranged based on their maturity

level. Based on the results of the self-assessment

survey obtained that the company can meet five

attributes and two attributes that have not been

fulfilled, namely an attribute at level 4 and attributes

at level 5. So it can be said that the company is at

level 4, namely managed process even though there

is one attribute at level 4 that has not yet been

fulfilled, but most of it has been fulfilled, so the

company stays at level 4.

Attributes that are not fulfilled are attributes at

level 4, namely the risk control system is not

integrated with the monitoring program because the

company does not yet have a monitoring program,

but the company's risk control system has been

integrated with other organizational control systems

and the cost and time management program. The

next attribute that is not met is the attribute at level 5

that the company does not yet have lessons learned

that serve to increase risk monitoring efforts.

5 CONCLUSION

From the calculation of the level of maturity, it is

obtained that overall PBO is still at level 1, which is

the initial process. In general, the PBO does not have

a method or approach related to PRM, the PRM

process is only conducted on an ad hoc basis, and

management awareness regarding project risk

management is very low. Especially the most

highlighted is the risk management plan process,

which is at level 1, whereas based on calculations

using AHP, the risk management plan is ranked 1.

With project risk management at level 1, this

PBO is certainly very far from best practice in

project management, because level 1 is the lowest in

the available maturity level. The company itself

wants to continue to improve the quality of risk

management and the expectations of employees and

the project team to have special documents and

applications that discuss project risk management,

and then the company must improve and enhance

the maturity level of their project risk management.

It is highly recommended that PBO can provide

counseling guidance to company management on the

importance of risk management to the project. As a

result of this counseling, management can further

develop the implementation of risk management,

such as conducting training and workshops for

project management and the team. This is certainly

ICONIT 2019 - International Conference on Industrial Technology

done in order to improve performance in

implementing risk management projects to achieve

better results for undertaken projects. This

measurement is implemented to determine the

company's achievements for now and can be used as

an evaluation to help in the company's continuous

improvement.

In this research, it has been proposed an

improvement plan to increase the maturity level of

project risk management in accordance with the

current organizational level, which is at level 1,

namely the initial process. The organization can

understand more about the maturity level of project

risk management from this research. In addition, the

organization can also find out the strengths and

weaknesses of project risk management. However,

this research only measures project risk

management, and further research is needed to

determine the organizational maturity level of the

overall project management by measuring other

knowledge areas.

REFERENCES

Alifen, R. S., Setiawan, R. S., and Sunarto, A. (1999)

‘Analisa "What If" Sebagai Metode Antisipasi

Keterlambatan Durasi Proyek,' Dimensi Teknik Sipil,

1(2), pp. 103–113.

Brookes, N. et al. (2014) ‘The use of maturity models in

improving project management performance An

empirical investigation,' International Journal of

Managing Projects in Business, 8(4), pp. 679–695.

Crawford, J. K. (2015) Project Management Maturity

Model - Review, Project Management Journal. New

York: CRC Press.

Dixit, S. et al. (2018) ‘Construction Productivity and

Construction Project Performance in Indian

Construction Projects’, m(July).

Forman, E. H. and Gass, S. I. (2001) ‘The Analytic

Hierarchy Process — An Exposition CH RO NICLE

THE ANALYTIC HIERARCHY PROCESS — AN

EXPOSITION’, (October 2014).

Grant, K. P. and Pennypacker, J. S. (2015) ‘Project

Management Maturity : An Assessment of Project

Management Capabilities Among and Between

Selected Industries’, (March 2006). doi:

10.1109/TEM.2005.861802.

Hartono, B., Wijaya, D. F. N. and Arini, H. M. (2014) ‘An

empirically verified project risk maturity model:

Evidence from Indonesian construction industry’,

International Journal of Managing Projects in

Business, 7(2), pp. 263–284. doi: 10.1108/IJMPB-03-

2013-0015.

Kaming, P. F. and Setyanto, E. (2009) ‘Studi Mengenai

Kematangan Manajemen Proyek Pada Kontraktor’,

3(KoNTekS 3), pp. 6–7.

Labombang, M. (2011) ‘Manajemen Risiko Dalam Proyek

Konstruksi’, Jurnal SMARTek, 9, pp. 39–46.

Patel, D. R., Sharma, N. D. and Shah, R. A. (2016)

‘Development of Project Management Maturity Model

for Measuring Success of Construction Projects in

Surat City’, International Journal of Scientific

Development and Research, 1(5), pp. 149–152.

Pratami, D., Fadlillah, F. and Haryono, I. (2018)

‘Designing Risk Qualitative Assessment on Fiber

Optic Instalation Project in Indonesia’, 2(1).

Project Management Institute (2018) ‘PULSE OF THE

PROFESSION ® | 2018 - “Success in Disruptive

Times | Expanding the Value Delivery Landscape to

Address the High Cost of Low Performance”’, p. 35.

Available at: https://www.pmi.org/learning/thought-

leadership/pulse/pulse-of-the-profession-2018.

Saaty, R. W. (1987) ‘THE ANALYTIC HIERARCHY

PROCESS-WHAT AND HOW IT IS USED’, 9(3),

pp. 161–176.

Saaty, T. L. (2008) ‘Decision making with the analytic

hierarchy process Decision making with the analytic

hierarchy process’, (JANUARY 2008). doi:

10.1504/IJSSCI.2008.017590.

Yazdanifard, R. and Ratsiepe, K. B. (2011) ‘Poor Risk

Management as One of the Major Reasons Causing

Failure of Project Management’.

Measurement of Project Risk Management Maturity Level using Project Management Maturity Model (PMMM): Case Research a

Telecommunication Company in Indonesia