本研究依據美國專案管理協會(PMI)發行之「專案管理知識體系導讀指南」(PMBOK Guide)所定義之九大知識領域中之專案風險管理內含之六項策略為基礎，再參考Boehm於1991所設計之風險管理模型；以企業架構為工具，推導出建模的規則後，重新塑模，建構出結構行為合一的「架構導向專案風險管理模型」。此模型除可清楚描繪系統整體性及各結構元素提供之服務外，並能展現結構元素間之互動行為關係。
在專案管理的範疇中，專案風險管理模型長期以來均以流程導向為主要的基礎。本研究將以架構導向為塑模方法，為專案風險管理塑模後與ISO - 31000及紐澳先進國家與國內政府部門相關風險管理流程導向塑模作對照比較。結果顯示架構導向專案風險管理模型，可讓專案管理者迅速掌握專案全貌、易於導入且成本更低。利用它企業將更容易制定標準作業、且因組織權責明確使風險管理制度更易於落實。
此研究能為專案風險管理建立更具實用價值的模型，可為企業及學術界後續運用及參考。

This research studies the six strategies of Project Risk Management defined by a Guide to Project Management Body of Knowledge (PMBOK) issued by U.S. Project Management Institute (PMI), the model of risk management invented by Boehm in 1991, and an enterprise architecture tool. As a result, this research comes out Architecture-Oriented Project Risk Management Model, abbreviated as AOPRMM, which emphasizes structure behavior coalescence within an organization. AOPRMM thoroughly describe the organization’s integrity and the services provided by various structure elements. Moreover, AOPRMM is able to demonstrate the relationship of interaction among structure elements.
Currently, most risk management models are categorized into the process-oriented approach. This research utilizes architecture-oriented as a new approach for modeling the project risk management. The model used in our approach is compared with those such as standard model of ISO 31000, standard model of New Zealand, and standard model of Taiwanese government. The result of this research shows that AOPRMM could help project managers master the whole project in a short period of time, implement the project easily, and lower the cost. By applying AOPRMM, the industries could regulate standard operations, and clarify the responsibility and authority in order to implement the project risk management successfully.
This research achieves a beneficial model and knowledge for the project risk management. This accomplishment may be valuable for the business and academic circles to follow and refer.

第一章 緒 論 ...................................................... 1
第一節 研究背景 ................................................... 1
第二節 研究動機 ................................................... 2
第三節 研究目的 ................................................... 3
第四節 研究方法與步驟 ............................................. 5
第二章 文獻探討 ................................................... 7
第一節 專案管理 ................................................... 7
第二節 風險管理工具 .............................................. 11
第三節 架構簡介 .................................................. 29
第四節 ISO31000風險管理模型 ..................................... 32
第三章 架構導向專案風險管理模型設計(AOPRMM) ...................... 39
第一節 架構導向模型設計原則 ...................................... 39
第二節 AOPRMM架構階層圖 ......................................... 45
第三節 AOPRMM結構元素圖 ......................................... 50
第四節 AOPRMM結構元素服務圖 ..................................... 51
第五節 AOPRMM結構元素連結圖 ..................................... 65
第六節 AOPRMM結構行為合一圖 ..................................... 67
第七節 AOPRMM互動流程圖 ......................................... 68
第四章 架構導向與ISO31000專案風險管理模型之比較 ................. 83
第一節 架構導向專案風險管理模型之優缺點 .......................... 83
第二節 ISO31000專案風險管理模型之優缺點 ......................... 84
第三節 架構導向與ISO31000專案風險管理模型之比較 ................. 86
第五章 結論與建議 ............................................... 100
第一節 研究成果 ................................................. 100
第二節 後續建議 ................................................. 102
第六章 參考文獻 ................................................. 103

林信惠、黃明祥、王文良，軟體專案管理，智勝出版，2005再版
李復孝、趙善中，“架構導向軟體測詴管理模型之研究”，第九屆電子化企業經營管理理論暨實務研討會，大葉大學，2008年。
信懷南，不確定年代的專案管理，聯經出版，2001初版第三刷
趙善中、康忠倫、于遠航，系統分析與設計--使用軟體架構模型--，博碩文化公司，台北，2008年。
趙善中、趙薇、趙鴻，系統架構學--軟體架構、企業架構、知識架構、思考架構--，科技圖書出版，台北，2008年。
謝長宏，系統概論，華泰書局，台北，1999年。
AS-NZS 4360: 2004 Risk management, Standards Australia International Ltd, Sydney, Standards New Zealand, Wellington, 2004.
Boehm, B. W. (1991). Software Risk Management：Principles and Practices. IEEE Software.
Dinsmore, P. C. (1999). Winning in Business with Enterprise Project Management. American Management Association
DRAFT INTERNATIONAL STANDARD ISO/DIS 31000
Andersen, E. S., Grude, K.V., Haug, T., & Turner, J. R (1987). Goal Directed Project Management, Kogan Page Limited, London.
Feiler, P. H., & Humphrey W. S. (1993). Software Process Development and Enactment: Concepts and Definitions. Software Engineering Institute, Carnegie Mellon University, IEEE.
Fowler, M., & Rice, D. (2003). Patterns of Enterprise Application Architecture. Addison-Wesley
Greenberg, H. R., & Cramer J. J. (1991). Risk Assessment and Risk Management for
104
The Chemical Process Industry. Van Nostrand Reinhold , New York.
Guidelines for Chemical Process Quantitative Risk Analysis: Center for Chemical Process Safety of the American Institute of Chemical Engineers (1989). New York.
IBM Project Management Fundamentals Handbook, 1997
IBM ICM, “Initial Development of Process Overview” , 2001
Jones, C., Software Systems Failures and Success, International Thomson Computer Press, 1996
Kerzner , H., “Project Management : A System Approach to Planning, Scheduling and Controlling”, 2nd ed. New York : Van Nostrand Reinhold Co. Inc. 1984
Khan F. I., & Abbasi S. A. (1998). Techniques and methodologies for risk analysis in chemical process industries. Journal of Loss Prevention in the Processes Industry,11.
Kim, I.S. (2001). Human reliability analysis in the man-machine interface design review. Analysis of Nuclear Energy, 28.
Lankhorst, M. (2005). Enterprise Architecture at Work: Modeling, Communication, and Analysis. Springer
Hyatt, N. (2003) Guide for process hazards analysis: Hazards identification & risk analysis, 1st ed, Dyadem Press, Ontario.
Paul, C. (1999). Dinsmore, “Winning in Business with Enterprise Project Management”, American Management Association.
Phan, D. D., Vogel, D. R., & Nunamaker, Jr., J. F. (1995), Empirical studies in software development project: Field Survey and OS/400 Study. Information and Management, 28.
Pinto, J. K. & Slevin, D. P. (1987). Critical factors in successful project implementation. IEEE Transactions on Engineering Management, 34(1).
PMBOK Guide 2000 Edition, PMI
105
Reducing Risks, Protecting people: HSE's Decision Making Process (2001). Health and Safety Executive, Sudbury.
Lovejoy, S. (1996). A Systematic Approach to Getting Results. Gower, USA.
Williams, J. (1986). HEART-A proposed method for assessing and reducing human error.Advances in Reliability Technology Symposium, Bradford, UK.
International Organization for Standardization. (2009). ISO/FDIS 31000. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=43170
International Organization for Standardization. (2009). Draft international standard: ISO-DIS 31000. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=43170
Schekkerman, J. (2003). How to Survive in the Jungle of Enterprise Architecture Frameworks: Creating Or Choosing an Enterprise Architecture Framework. Trafford Publishing
Standards New Zealand (2009). ISO 31000.
http://www.standards.co.nz/default.htm
FEAF美國聯政府架構框架
http://www.whitehouse.gov/omb/egov/a-1-fea.html
DoDAF美國防部架構框架
http://en.wikipedia.org/wiki/Department_of_Defense_Architecture_Framework
Agile EA
http://agileea.wikidot.com/
Zachman企業架構
http://www.zifa.com
106
企業架構發展協會
http://www.enterprise-architecture.info/
NIH健全企業架構國家學會
http://enterprisearchitecture.nih.gov/
行政院研究發展考核委員會 (2009). 談ISO31000風險管理標準之發展. 引自http://rdec2www.hyweb.com.tw/lp.asp?CtNode=10879&CtUnit=1516&BaseDSD=7&mp=180 - 2009.2.14.