Managing risk in information technology projects

There are several studies on managing risks in information technology (IT) projects. Most of the studies identify and prioritise risks through empirical research in order to suggest mitigating measures. Although they are important to clients for future projects, these studies fail to provide any framework for risk management from IT developers' perspective. Although a few studies introduced a framework of risk management in IT projects, most of them are presented from clients' perspectives and very little effort has been made to integrate this with the project management cycle. As IT developers absorb a considerable amount of risk, an integrated framework for managing risks in IT projects from developers' perspective is needed in order to ensure success in IT projects. The main objective of the paper is to develop a risk management framework for IT projects from the developers' perspective. This study uses a combined qualitative and quantitative technique with the active involvement of stakeholders in order to identify, analyse and respond to risks. The entire methodology has been explained using a case study on an information technology project in a public sector organisation in Barbados.

Designing a safety management support system using open architecture databases: the requirements of information representation in the support of managers' risk-related decision-making

This research was conducted at the Space Research and Technology Centre o the European Space Agency at Noordvijk in the Netherlands. ESA is an international organisation that brings together a range of scientists, engineers and managers from 14 European member states. The motivation for the work was to enable decision-makers, in a culturally and technologically diverse organisation, to share information for the purpose of making decisions that are well informed about the risk-related aspects of the situations they seek to address. The research examined the use of decision support system DSS) technology to facilitate decision-making of this type. This involved identifying the technology available and its application to risk management. Decision-making is a complex activity that does not lend itself to exact measurement or precise understanding at a detailed level. In view of this, a prototype DSS was developed through which to understand the practical issues to be accommodated and to evaluate alternative approaches to supporting decision-making of this type. The problem of measuring the effect upon the quality of decisions has been approached through expert evaluation of the software developed. The practical orientation of this work was informed by a review of the relevant literature in decision-making, risk management, decision support and information technology. Communication and information technology unite the major the,es of this work. This allows correlation of the interests of the research with European public policy. The principles of communication were also considered in the topic of information visualisation - this emerging technology exploits flexible modes of human computer interaction (HCI) to improve the cognition of complex data. Risk management is itself an area characterised by complexity and risk visualisation is advocated for application in this field of endeavour. The thesis provides recommendations for future work in the fields of decision=making, DSS technology and risk management.

Understanding supply chain disruption risk with the aid of social networks and information flows analysis

Supply Chain Risk Management (SCRM) has become a popular area of research and study in recent years. This can be highlighted by the number of peer reviewed articles that have appeared in academic literature. This coupled with the realisation by companies that SCRM strategies are required to mitigate the risks that they face, makes for challenging research questions in the field of risk management. The challenge that companies face today is not only to identify the types of risks that they face, but also to assess the indicators of risk that face them. This will allow them to mitigate that risk before any disruption to the supply chain occurs. The use of social network theory can aid in the identification of disruption risk. This thesis proposes the combination of social networks, behavioural risk indicators and information management, to uniquely identify disruption risk. The propositions that were developed from the literature review and exploratory case study in the aerospace OEM, in this thesis are:- By improving information flows, through the use of social networks, we can identify supply chain disruption risk. - The management of information to identify supply chain disruption risk can be explored using push and pull concepts. The propositions were further explored through four focus group sessions, two within the OEM and two within an academic setting. The literature review conducted by the researcher did not find any studies that have evaluated supply chain disruption risk management in terms of social network analysis or information management studies. The evaluation of SCRM using these methods is thought to be a unique way of understanding the issues in SCRM that practitioners face today in the aerospace industry.

Defining an OWL ontology that could be used to integrate mental-health risk information within a decision support system

In the field of mental health risk assessment, there is no standardisation between the data used in different systems. As a first step towards the possible interchange of data between assessment tools, an ontology has been constructed for a particular one, GRiST (Galatean Risk Screening Tool). We briefly introduce GRiST and its data structures, then describe the ontology and the benefits that have already been realised from the construction process. For example, the ontology has been used to check the consistency of the various trees used in the model. We then consider potential uses in integration of data from other sources. © 2009 IEEE.

Outlier detection with partial information:Application to emergency mapping

This paper, addresses the problem of novelty detection in the case that the observed data is a mixture of a known 'background' process contaminated with an unknown other process, which generates the outliers, or novel observations. The framework we describe here is quite general, employing univariate classification with incomplete information, based on knowledge of the distribution (the 'probability density function', 'pdf') of the data generated by the 'background' process. The relative proportion of this 'background' component (the 'prior' 'background' 'probability), the 'pdf' and the 'prior' probabilities of all other components are all assumed unknown. The main contribution is a new classification scheme that identifies the maximum proportion of observed data following the known 'background' distribution. The method exploits the Kolmogorov-Smirnov test to estimate the proportions, and afterwards data are Bayes optimally separated. Results, demonstrated with synthetic data, show that this approach can produce more reliable results than a standard novelty detection scheme. The classification algorithm is then applied to the problem of identifying outliers in the SIC2004 data set, in order to detect the radioactive release simulated in the 'oker' data set. We propose this method as a reliable means of novelty detection in the emergency situation which can also be used to identify outliers prior to the application of a more general automatic mapping algorithm. © Springer-Verlag 2007.

Knowledge management applied to enterprise risk management

Risk and knowledge are two concepts and components of business management which have so far been studied almost independently. This is especially true where risk management (RM) is conceived mainly in financial terms, as for example, in the financial institutions sector. Financial institutions are affected by internal and external changes with the consequent accommodation to new business models, new regulations and new global competition that includes new big players. These changes induce financial institutions to develop different methodologies for managing risk, such as the enterprise risk management (ERM) approach, in order to adopt a holistic view of risk management and, consequently, to deal with different types of risk, levels of risk appetite, and policies in risk management. However, the methodologies for analysing risk do not explicitly include knowledge management (KM). This research examines the potential relationships between KM and two RM concepts: perceived quality of risk control and perceived value of ERM. To fulfill the objective of identifying how KM concepts can have a positive influence on some RM concepts, a literature review of KM and its processes and RM and its processes was performed. From this literature review eight hypotheses were analysed using a classification into people, process and technology variables. The data for this research was gathered from a survey applied to risk management employees in financial institutions and 121 answers were analysed. The analysis of the data was based on multivariate techniques, more specifically stepwise regression analysis. The results showed that the perceived quality of risk control is significantly associated with the variables: perceived quality of risk knowledge sharing, perceived quality of communication among people, web channel functionality, and risk management information system functionality. However, the relationships of the KM variables to the perceived value of ERM are not identified because of the low performance of the models describing these relationships. The analysis reveals important insights into the potential KM support to RM such as: the better adoption of KM people and technology actions, the better the perceived quality of risk control. Equally, the results suggest that the quality of risk control and the benefits of ERM follow different patterns given that there is no correlation between both concepts and the distinct influence of the KM variables in each concept. The ERM scenario is different from that of risk control because ERM, as an answer to RM failures and adaptation to new regulation in financial institutions, has led organizations to adopt new processes, technologies, and governance models. Thus, the search for factors influencing the perceived value of ERM implementation needs additional analysis because what is improved in RM processes individually is not having the same effect on the perceived value of ERM. Based on these model results and the literature review the basis of the ERKMAS (Enterprise Risk Knowledge Management System) is presented.

Managing risk in software development projects:a case study

Purpose - The main objective of the paper is to develop a risk management framework for software development projects from developers' perspective. Design/methodology/approach - This study uses a combined qualitative and quantitative technique with the active involvement of stakeholders in order to identify, analyze and respond to risks. The entire methodology has been explained using a case study on software development project in a public sector organization in Barbados. Findings - Analytical approach to managing risk in software development ensures effective delivery of projects to clients. Research limitations/implications - The proposed risk management framework has been applied to a single case. Practical implications - Software development projects are characterized by technical complexity, market and financial uncertainties and competent manpower availability. Therefore, successful project accomplishment depends on addressing those issues throughout the project phases. Effective risk management ensures the success of projects. Originality/value - There are several studies on managing risks in software development and information technology (IT) projects. Most of the studies identify and prioritize risks through empirical research in order to suggest mitigating measures. Although they are important to clients for future projects, these studies fail to provide any framework for risk management from software developers' perspective. Although a few studies introduced framework of risk management in software development, most of them are presented from clients' perspectives and very little effort has been made to integrate this with the software development cycle. As software developers absorb considerable amount of risks, an integrated framework for managing risks in software development from developers' perspective is needed. © Emerald Group Publishing Limited.

Information system planning in drug service:a case study

The development of an information system in Caribbean public sector organisations is usually seen as a matter of installing hardware and software according to a directive from senior management, without much planning. This causes huge investment in procuring hardware and software without improving overall system performance. Increasingly, Caribbean organisations are looking for assurances on information system performance before making investment decisions not only to satisfy the funding agencies, but also to be competitive in this dynamic and global business world. This study demonstrates an information system planning approach using a process-reengineering framework. Firstly, the stakeholders for the business functions are identified along with their relationships and requirements. Secondly, process reengineering is carried out to develop the system requirements. Accordingly, information technology is selected through detailed system requirement analysis. Thirdly, cost-benefit analysis, identification of critical success factors and risk analysis are carried out to strengthen the selection. The entire methodology has been demonstrated through an information system project in the Barbados drug service, a public sector organisation in the Caribbean.

Estimating time-varying risk premia in UK long-term government bonds

Simple models of time-varying risk premia are used to measure the risk premia in long-term UK government bonds. The parameters of the models can be estimated using nonlinear seemingly unrelated regression (NL-SUR), which permits efficient use of information across the entire yield curve and facilitates the testing of various cross-sectional restrictions. The estimated time-varying premia are found to be substantially different to those estimated using models that assume constant risk premia. © 2004 Taylor and Francis Ltd.

The relationship between market share and information in a high-tech industry

The role of information in high-technology markets is critical (Dutta, Narasimhan and Rajiv 1999; Farrell and Saloner 1986; Weiss and Heide 1993). In these markets, the volatility and volume of information present managers and researchers with the considerable challenge of monitoring such information and examining how potential customers may respond to it. This article examines the effects of the type and volume of information on the market share of different technological standards in the Local Area Networks (LAN) industry. We identify three different types of information: technological, availability and adoption. Our empirical application suggests that all three types of information have significant effects on the market share of a technological standard, but their direction and magnitude differ. More specifically, technology-related information is negatively related to market share as it demonstrates that the underlying technology is immature and still evolving. Both availability and adoption-related information have a positive effect on market share, but the former is larger than the latter. We conclude that high-tech firms should emphasize the dissemination of information, especially availability-related, as part of their promotional strategy for a new technology. Otherwise, they may risk missing an opportunity to achieve a higher share and establish their market presence.

People, technology, processes and risk knowledge sharing

The present global economic crisis creates doubts about the good use of accumulated experience and knowledge in managing risk in financial services. Typically, risk management practice does not use knowledge management (KM) to improve and to develop new answers to the threats. A key reason is that it is not clear how to break down the “organizational silos” view of risk management (RM) that is commonly taken. As a result, there has been relatively little work on finding the relationships between RM and KM. We have been doing research for the last couple of years on the identification of relationships between these two disciplines. At ECKM 2007 we presented a general review of the literature(s) and some hypotheses for starting research on KM and its relationship to the perceived value of enterprise risk management. This article presents findings based on our preliminary analyses, concentrating on those factors affecting the perceived quality of risk knowledge sharing. These come from a questionnaire survey of RM employees in organisations in the financial services sector, which yielded 121 responses. We have included five explanatory variables for the perceived quality of risk knowledge sharing. These comprised two variables relating to people (organizational capacity for work coordination and perceived quality of communication among groups), one relating to process (perceived quality of risk control) and two related to technology (web channel functionality and RM information system functionality). Our findings so far are that four of these five variables have a significant positive association with the perceived quality of risk knowledge sharing: contrary to expectations, web channel functionality did not have a significant association. Indeed, in some of our exploratory regression studies its coefficient (although not significant) was negative. In stepwise regression, the variable organizational capacity for work coordination accounted for by far the largest part of the variation in the dependent variable perceived quality of risk knowledge sharing. The “people” variables thus appear to have the greatest influence on the perceived quality of risk knowledge sharing, even in a sector that relies heavily on technology and on quantitative approaches to decision making. We have also found similar results with the dependent variable perceived value of Enterprise Risk Management (ERM) implementation.

Real options and multinational investments : an empirical study of risk, performance and organisational awareness

DUE TO COPYRIGHT RESTRICTIONS ONLY AVAILABLE FOR CONSULTATION AT ASTON UNIVERSITY LIBRARY AND INFORMATION SERVICES WITH PRIOR ARRANGEMENT This thesis is a cross-disciplinary study of the empirical impact of real options theory in the fields of decision sciences and performance management. Borrowing from the economics, strategy and operations research literature, the research examines the risk and performance implications of real options in firms’ strategic investments and multinational operations. An emphasis is placed on the flexibility potential and competitive advantage of multinational corporations to explore the extent to which real options analysis can be classified as best practice in management research. Using a combination of qualitative and quantitative techniques the evidence suggests that, if real options are explored and exploited appropriately, real options management can result in superior performance for multinational companies. The qualitative findings give an overview of the practical advantages and disadvantages of real options and the statistical results reveal that firms which have developed a high awareness of their real options are, as predicted by the theory, able to reduce their downside risk and increase profits through flexibility, organisational slack and multinationality. Although real options awareness does not systematically guarantee higher returns from operations, supplementary findings indicate that firms with evidence of significant investments in the acquisition of real options knowledge tend to outperform competitors which are unaware of their real options. There are three contributions of this research. First, it extends the real options and capacity planning literature to path-dependent contingent-claims analysis to underline the benefits of average type options in capacity allocation. Second, it is thought to be the first to explicitly examine the performance effects of real options on a sample of firms which have developed partial capabilities in real options analysis suggesting that real options diffusion can be key to value creation. Third, it builds a new decision-aiding framework to facilitate the use of real options in projects appraisal and strategic planning.

"Crack down on the celebrity junkies": does media coverage of celebrity drug use pose a risk to young people?

This study analysed news media content to examine the role played by celebrity drug use in young people's perceptions of drug use. We know that young people have access to discourses of drug use through music and other media which may emphasise short term gains (of pleasure or sexual success) over longer term health and social problems. This study goes beyond a simple modelling approach by using Media Framing Analysis (MFA) to take an in-depth look at the messages themselves and how they are 'framed'. New stories about Amy Winehouse's drug use were used and we conducted focus groups with young people asking them questions about drugs, celebrity and the media. Frames identified include: 'troubled genius', 'losing patience' and 'glamorization or gritty realism'. Initially, the press championed Winehouse's musical talent but soon began to tire of her recklessness; the participants tended to be unimpressed with Winehouse's drug use, characterising her as a promising artist who had 'gone off the rails'. Young people were far more critical of Winehouse than might be expected, demonstrating that concerns about the influence of celebrity drug use and its impact on future health risk behaviour among young people may have been over-simplified and exaggerated. This study illustrates the need to understand young people and their frames of reference within popular culture when designing drug awareness information relevant to them. Furthermore, it indicates that critical media skills analysis may contribute to health risk education programmes related to drug use.

Substances hazardous to health:the nature of the expertise associated with competent risk assessment

This research investigated expertise in hazardous substance risk assessment (HSRA). Competent pro-active risk assessment is needed to prevent occupational ill-health caused by hazardous substance exposure occurring in the future. In recent years there has been a strong demand for HSRA expertise and a shortage of expert practitioners. The discipline of Occupational Hygiene was identified as the key repository of knowledge and skills for HSRA and one objective of this research was to develop a method to elicit this expertise from experienced occupational hygienists. In the study of generic expertise, many methods of knowledge elicitation (KE) have been investigated, since this has been relevant to the development of 'expert systems' (thinking computers). Here, knowledge needed to be elicited from human experts, and this stage was often a bottleneck in system development, since experts could not explain the basis of their expertise. At an intermediate stage, information collected was used to structure a basic model of hazardous substance risk assessment activity (HSRA Model B) and this formed the basis of tape transcript analysis in the main study with derivation of a 'classification' and a 'performance matrix'. The study aimed to elicit the expertise of occupational hygienists and compare their performance with other health and safety professionals (occupational health physicians, occupational health nurses, health and safety practitioners and trainee health and safety inspectors), as evaluated using the matrix. As a group, the hygienists performed best in the exercise, and this group were particularly good at process elicitation and at recommending specific control measures, although the other groups also performed well in selected aspects of the matrix and the work provided useful findings and insights. From the research, two models of HSRA have been derived, an HSRA aid, together with a novel videotape KE technique and interesting research findings. The implications of this are discussed with respect to future training of HS professionals and wider application of the videotape KE method.

Risk management in enterprise resource planning implementation:a new risk assessment framework

Enterprise resource planning (ERP) projects are risky. But if they are implemented appropriately, they can provide competitive advantage to organisations. Therefore, ERP implementation has become one of the most critical aspects of today's information management research. The main purpose of this article is to describe a new ERP risk assessment framework (RAF) that can be used to increase the success of ERP implementation. In this article, through a case study based in a leading UK-based energy service provider, we demonstrate the new RAF, which has been shown to help identify and mitigate risks in ERP implementation. In contrast to other research, this RAF identifies risks hierarchically in external engagement, programme management, work stream and work package levels across technical, schedule, operational, business and organisational categories. This not only helped to develop responses to mitigate risks but also facilitates on-going risk control.