Risk management in information systems development in a Thai context

• Main Author: Parinyavuttichai, Nipon
• Published: University of Sheffield 2011
• Subjects: 658.4013
• Online Access: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.574532

Information Systems (IS) risks have been known as one of the main reasons that contribute to IS project failure. Effective management of IS risks is therefore important for the success in IS project management. Most current literature tries to identify and describe the characteristics of IS risks and risk management concept from a snapshot view. However, some argues that without a comprehensive understanding of the risk management concept through a holistic approach, i.e., process approach, little may be known about how to effectively manage IS risks. Hence, the main purpose of this study is to examine the risk management concept in IS projects. It seeks to explore how IS risks emerge during information systems development (ISD) processes, and to understand how risk management approaches are used to manage the situations of IS risks. An interpretive case study was used to illustrate how IS risks are managed during four IS projects, i.e., NLT, RPAF, 3D, and e-Paperless project. The key participants tram these projects were interviewed and asked to provide the information about ISD and risk management in their project. The information collected from the field and the relevant project documents were then analysed by using a process model and thematic analysis. The results of each case were compared and contrasted. The findings of this study suggest that by nature IS risks are dynamic meaning that they change over time, unpredictable, and emerge from situations in the project. And this is due to four conditions: antecedent conditions, contextual factors, activities in ISD phase, and escalation theories. Moreover, due to the dynamic nature of IS risks, this study stresses the importance of the systematic risk management as opposed to the risk management based on ad-hoc basis generally adopted by most IS project teams. Particularly, it is found that when systematic risk management processes are implemented, IS risks can be more thoroughly examined and managed. In addition, the study identifies and describes the effective risk management processes and key limitations of risk management by the project development teams. The outcome of this study contributes to the existing knowledge in IS area. In particular, this study identifies and explains the dynamic nature of IS risks, suggests the effective risk management processes and constraints of the current risk management processes, and propose an alternative risk management framework with respect to the changing nature of IS risks. In addition, methodologically the study is among the first to use the thematic analysis with the process model to holistically explain risk management in the IS projects. This study has implications for IS researchers and practitioners in a number of ways. IS researchers may use this study as a template to further investigate IS risks and risk management from the dynamic point of view. Similarly, IS practitioners may learn how to improve risk management performance by avoiding the conditions that trigger IS risk emergence. Besides, they may implement effective risk management strategies and approaches suggested in this study to alleviate the situations of IS risks and risk emergence from their projects. Since this study is conducted only in Thai-based IS projects, the results of this study need to be validated against the projects in the different contexts to see how well the outcome of this study can explain the risk management concept in the different contexts. Also, this research is based on the exploratory nature whose main objective is to explore and describe the situations of risks and risk management in the chosen IS projects. Therefore, the findings may disappoint those who seek theory development from this study as the findings may not always be generalisable to every IS project context.