Integrating risk management with quality assurance in IT projects in Sri Lanka : impact on success rates and software stability

Abstract

This study explores how integrating risk management practices with quality assurance (QA) processes impacts the success rates and software stability of IT projects in Sri Lanka’s rapidly evolving technology sector, where project failure rates exceed 40%. Recognizing the limitations of managing risk and quality in isolation, the research adopts a mixed-methods design to provide both statistical validation and contextual understanding. Quantitative data was collected through structured surveys from 327 IT professionals, while qualitative insights were obtained from semi-structured interviews with 15 project managers and QA specialists. Findings revealed strong and statistically significant correlations between integrated practices and project performance. Early risk detection was highly associated with improved project outcomes (R = 0.816), explaining 66% of the variance in success rates. QA-integrated risk management practices correlated with enhanced software stability (R = 0.718), and structured QA-risk frameworks were positively linked to defect detection rates (R = 0.810). Risk-based testing (RBT) also showed a notable correlation with overall project success (R = 0.611). These results affirm the value of combining QA and risk management practices in improving IT project outcomes. Thematic analysis of qualitative data revealed three key challenges in integration: (1) a gap between theoretical standards and practical implementation due to complex frameworks, (2) inadequate testing resources and planning, including insufficient unit and regression testing, and (3) difficulty balancing agile responsiveness with structured QA-risk protocols, particularly amid rapidly changing client requirements. These challenges are exacerbated by limited budgets, fragmented governance, and organizational resistance to cross-functional collaboration. To address these issues, the study proposes a context-specific framework featuring simplified procedures, integrated metrics, and lightweight digital platforms supported by multisectoral governance. Key recommendations include embedding early risk detection in QA processes, using RBT to prioritize high-risk areas, strengthening staff training, and leveraging visual communication tools to improve stakeholder engagement. While offering practical guidance and empirical insights, the study acknowledges limitations such as reliance on self-reported data and a focus on the Sri Lankan context. Future research should examine long-term impacts of integrated frameworks, assess the role of emerging technologies like AI and blockchain, and explore the needs of SMEs. Ultimately, this research positions integrated QA-risk management as essential for delivering resilient, high-performing IT projects