Risk Factors in Information Systems Projects - Literature review Example

Title: Risk Factors in Information systems projects Name Institution Course name Lecturer’s name Table of Contents Title: Risk Factors in Information systems projects 1 Table of Contents 2 Abstract 3 Introduction 4 Literature review 5 Methodology 10 Results 12 Discussion 12 Classification of risk factors 12 Managing risk factors using activity-based system framework 16 Summary and conclusion 17 References 18 Abstract It is important to manage risk factors in information system projects. It is important for project managers to plan for how to implement successfully Information System in their organizations. However, these projects may be influenced by factors from both external and internal environment. These factors are called risk factors and how it is managed determines the success of the implemented project. This paper examines various risk factors of information system which originate from technology, human, organization and project team. A small study involving professionals in the field of information system was conducted to obtain an evidence of how these factors affect the success of the information system projects. Keywords: Risk, Risk factors, Information System, Project Management, Technology, Organizational Strategy. Introduction Today, almost every company has integrated information system in their business. An information system helps in coordinating activities at different functional units of the organization from administration to strategic management (Gholami, 117). With this defined role, information system has been perceived to be an important and effective tool which integrates various areas and manage them to achieve the anticipated results. Advance in information technology has powered the use of information system in many businesses. As realized from work practices that Information Systems are similar in majority of the organizations, the recent research shows that they suffer similar risk factors. These risk factors affect the success of the implementation of the information system. Based on the Pan & Shan (108) report, about 60% to 80% of information system projects fails due to poor management and mitigation of risk factors. Individuals and organizations may be reluctant in admitting these failures thus leading us to the question, to what extend does the risk factors determine the success of failure of information system as far as organizational goals and objectives are concerned? What are the recommended strategies to manage these risk factors? This paper evaluates the risk factors associated with information system. Data was collected through interaction of professional in this field of information management. Focus group was used to collect data. Discussion was made based on the findings and recommendations made as part of the improvement of information system projects. Literature review Risk identification in information systems in projects is a subject of discussion among many researchers and has evolved since many years ago. Risk defines ether the success or failure of the project and the history tells us that the root of information system failure or success depends on how project managers with their teams manage risks in the organizations (Gholami, 120). One of the early researches in information system risk factors was in 1973 by Morgan and Soden. The two researchers explained the risk factors that are normally associated with either the success or failure of information system projects. After examining ten projects which were not successful, Morgan and Soden came into one conclusion that the inability of effective management within the organization system. According to Guarro (115) management roles and functions that are more criticized by Morgan and Soden were planning, organizing, coordinating, directing and controlling. The application of these functions and roles however has been improved in the contemporary society especially with the introduction of tech-based information management systems. Does this mean the risk factors when it comes to management of information systems have been controlled? Apparently, no! However, there is an aspect of organized framework of identifying and managing risk factors. Feng, Wang & Li (58), identified some risks and risk factors that face information systems. The risks include poor designing experience of the information system, unwillingness of the users, several users with limited restrictions, maintenance issues, technical problems and the cost of installing and maintaining. With my little experience in class and general knowledge in particular, the complexities brought by technology, the structure of application and project size has extensive impact on software development. Based on Jones, Miller, Gold & Gray (166) knowledge on risk management, risk factors can be rooted from four areas attached to the information system which include the characteristics of the organization, environment, task and individuals within the system. Reed & Knight (2) found that the four factors are informational rooted and are bound to affect the project either positively or negatively depending on how they are handled. Taking my current institution where I am pursuing my studies at the moment as an example, managing institution’s information is every challenging. The introduction of student portal some years back is one of the projects that have hit the ground in the institution. Many challenges have been experienced since the implementation of the system in the institution for instance, during the early stages of usage, the system was subjected to many cases of cybercrime. The scammers were trying their best to manipulate the information within the system but with the security measures on the system, they were denied unauthorized access. Pan & Shan (115) After examining of various information systems, found out that they possess similar characteristics which include: In more complex projects, there are many mutually connected activities as well as participants which have the same common objective. Risk factors within the system are associated with uncertainty and immanency. For effective risk management system, risk factors should be identified within a given time of the project and implemented within a harmonized framework that has planned costs. Information management system is task and objective driven and these tasks should be accomplished by the parties involved. The system contain necessary experts with sufficient inputs such as financial and human resources. Form the above characteristics, the process of identifying and managing risk factors is a complex process and needs effective integration of these elements. Many researchers in the field of information system have classified the successfulness of managing risk factors in information systems into three categories. In the first category, the system is classified to have met all the requirements including implemented within the budget and meeting its functional objectives, secondly, managing the project within the main project which are unfinished and the third category involves checking on the unsuccessful parts of the system which may influence negatively the system functionality as far as the objective of the organization is concerned. According to Hajeer (1271) looking at risk factors at any point of the system would help in coming up with a harmonized framework of managing the risks and risk factors associated with the project system. Early in 1981, McFarlan discussed the portfolio of examining the risk factors when it comes to project management. One of the important aspects Reed & Knight (8) pointed out in the portfolio is adapting management roles and approach which could promote the compatibility of the system in the organization as far as strategy is concerned. Out of my small experience especially during my practical session, I realized the portfolio used to be integrating overlooking on three key risk factors which include 1) cost, time level of competence of staffs, 2) the awareness of the project team and how tech-based knowledge should be integrated and 3) the structuring of project activities. Gholami (112) research on risk identification, he found that risk can be labeled and classified. In the research also, he found that risks differ in nature, severity and outcomes. It is thus important to identify, comprehend and manage the risk factors as far as organizational strategy is concerned. Theoretical learning of this approach not only in class but also through physical experience have made me realize that managers offer a great deal during the management of projects especially if they have a wide-ranging list of risk factors. This list could help them monitor and mitigate the associated outcome accordingly. The roadmap to a unifying framework of identifying and managing risk factors in information systems is entrenched from identification of the risk dimensions. According to Feng, Wang & Li (61) the success of a project is based on the ability to identify risk factors that a particular information system faces at different points with time. This will help the project management team to come up with an appropriate conforming strategy with the ultimate objective of improving the chances of project success. I have seen this done several times and am privileged to have been involved indirectly in one or two activities during identification of risks factors. This literature review opens up the discussion of risk management strategies on information systems and personal reflections of the writer on risk management in information systems. In 2004, Yourdon concluded that the success of managing risk factors depends on the following 11 factors: 1. Project coverage, 2. Clear and defined goals, 3. Executive ‘championship’ 4. Good leadership , 5. Managing project scope, 6. Effective planning and management of project system, 7. Effective communication to stakeholders, 8. User participation in formulation, implementation and maintainace of information system framework for managing risks, 9. Timelessness, and 10. Adapting to changes. Methodology This study identifies and evaluates the implementation of information system and defines the relative importance of determining risk factors during the implementation of a project. To ensure the reliability of data collection processes, the researcher opened divergent opinions which collected the feedback from the respondents. Some of the information was retrieved form researcher’s personal reflection and experience on this field of information system. The study engaged in forming a focused group where opinions from respondents were heard, observed and recorded. Ten respondents were involved in the study most of them working in health organization. Health organization was chosen since this is one of the institutions that is fast adapting new technologies. As a matter of fact, management of information system is currently embraced by most health institutions around the world since it is time efficient and saves costs both to the client and the hospital as well. The researcher had a discussion with the members of the focus group panel where he acted as a moderator. The questions during the discussion process involved identifying the risk factors, how it affects project during implementation phase and ways to mitigate the challenges associated with these risk factors. Focus group was the most appropriate method of collecting data since it captures the both the qualitative and quantitative information. The data on perception was captured through observation of the respondents. Data obtained was coded and the results were presented for discussion. Six risk factors associated with information systems were investigated. These risks include: Technological risks Human risks Organizational risk Adaptability risks Strategic risks Project team risks Results There was 100% response during the discussion since all the ten respondents in the group participated actively. 80% percent of the respondents were from public health sector while the 30% were from non-public sector. The results in terms of level of education were distributed as follows: 50% Bachelor’s degree, 30% Master’s degree and 20% PHD. The experience in information system was distributed as follows: between 1 and 5 years were 4, between 6 and 10 years were 3 and above 10 yrs experience were 3. The severity of risks is presented on the chart below. Severity of risk factors Discussion Classification of risk factors Form this paper, risk factors in information systems are classified into the following categories: a) Technological risk: Majority of the respondents pointed out that technology risk as risk factor of great influence to most projects. Advance in technology means changes in hardware and software of the system. This is critical to information technology projects since it normally needs frequent update in order to protect the information form the changing nature of threats in the environment. An observation in health sector where computer-based record system has been integrated by most hospitals, technological risk factor is frequently encountered. In the context of implementing a regional information system in the hospital, more network structures are needed and the provision of incompatible software and hardware increases the risk factor within the system. For example, many of the hospital staff in Australia had to go for training on the usage of the system for them to be compatible with the changes brought by information system implemented in the hospitals. Basically, technological risk are often associated with the changing nature of the contemporary society and the more complex they appear it makes an organization difficult to identify the definite resources to manage the system. Therefore, it expose the organization to opportunistic challenges such as infeasible budget and high likelihood of occurrence of unscheduled risks (Gholami, 114). b) Human risk: This risk factor was a second rated risk by the respondents. I was involved in some functions within the organization during my practical session. During this session, I realized that one of the human risk associate with most of the activities is resistance to change. Integration of information security system perhaps may subject workers to uncertainty of their future. There will be a lot of changes to be undertaken and people may tend to resist from these changes since they perceive they may affect them negatively. Based form this perspective, the installation of the new system in the organization will have to take a lot of effort to be accepted fully by the workers. Otherwise, the reluctance could be a risk factor to the system. For example, the computer skills and knowledge are underscored by the installation of information system since it requires a specific skill of handling the flow of information within the organization. This is evident in many organizations since they call for training of employees upon implementation of the new IS in the organization. Therefore, taking consideration of what employees normally enjoy prior to implementation of Information security system, effective communication of change to the new way of doing things should be done in order to reduce this risk factor of resistance to change. c) Strategic risk: The respondents pointed out that misalignment of roles and responsibilities of the individual within the information system project often leads to development of strategic risk factor. Conflicts also were seen to be another contributing factor as well as unreliability of the external partners. Regarding the degree of participation, neglect of duties by individuals often leads to unfinished part of the system thus developing this risk factor. Conflicts often arise when there is a deviation from the common objective. One of the respondent stated that sometimes an organization may realize that other activities like changes in customers demand may lead to change in strategy thus leading to conflict of ideas. d) Adaptability risk: Form the majority of the respondents, information system was perceived to be one of the projects in information technology that is well appreciated by organizations. However, the adaptability to the whole system is seen as the main challenge of this risk factor. For example, for activities like clinical care, only the specialists will understand the clinical applications to the client and less of individuals on the administrative functions will understand this. Since health care is an inclusive provision, all the sectors need to work simultaneously in order to achieve a common goal. Therefore, the computer-based client records in the hospital have limitations to administrative functions. Furthermore, one of the respondents stated that the investment on information system has brought disappointment to the side of clients and customers. From the literature, clients often depend on the professionals to understand the changes in technology and they have little interest about engaging to personal training. Therefore, adaptability in this case pose a significant challenge for the IS project. e) Organizational risk: All the respondents admitted that organizations are in full support of the installation of IS system in their structures. According to Jones et.al (170), IS project success often depends on the support from the management. Lack of support is an ultimate genesis of the risk to the project at all phases. f) Project team risk: Four of the respondents were found to be part of the project team. The main project risk entrenched form project team staff instability due to uncertainty of the changes brought by the project. For example, there are some instances where project champion is lost. Lack of appropriate skills also is part of project team risk which will result to incompetency in handling critical areas of the project. Managing risk factors using activity-based system framework From the analysis of the risk factors in information system project, activity-based framework may work effectively in managing risk factors. The study found out activities attached to the projects based on: a) Work practices: The poorly planned and designed information system could incubate risk factors associated with strategy, technology or human. Poor work practices also provide inadequate and unbalanced resources to be used during implementation and maintenance of the project. b) Project participants: This involves all the stakeholders of the project. In this case, if the contribution of the participants does not meet the required capacity, then it could lead to incubation of adaptability risk or project team risk. One of the respondent with 10 years of experience in the field of information system admitted that failure of many projects results from lack of commitment from major stakeholders. c) Environment and infrastructure: Environment when it comes to information system is the organizational culture. Where there is inconsistency in organizational culture, the adaptability of the new system will be difficult. Most respondents said that the activities set for project completion should fit with the environment so that the conflict is reduced. Human infrastructure is very important especially the recommended skills. Appropriate skills will provide good condition when it comes to promoting project success (Hajeer, 1275). d) Strategies: Information system implemented should be aligned to the main strategy. All the respondents agree that effective aligning of activities improves the performance of individual at every phase of system implementation. However, mismatch of activities could compromise the harmonization of the information system and organization strategy. Summary and conclusion In this paper, the researcher examined risk factors in information systems and how it affects the chances of project success. The results of the study show that technological risks are frequently experienced by the information systems. Human risk factors also are critical to the information system projects. As a result, project managers and all the stakeholders should assess the risk in a consistent way in order to reduce the chances of project failure. Proper risk management strategies require an understanding of the categories of risks and should have a deserved attention. In addition, giving a comprehensive coverage risk factors in an information system, the study incorporated a unifying aspects from the literature with the changes in the contemporary society. This research was a risk-factor oriented research which found that determination and defining of risk factors are important for an organization. It is important to recognize the limitation of the research since this research is only based on limited subjects of study, that is, only those in the field of information management system. We hope as a team this study has provided a framework of addressing risk factors in information system in the contemporary environment. References Feng, Nan, Harry Jiannan Wang, and Minqiang Li. 'A Security Risk Analysis Model For Information Systems: Causal Relationships Of Risk Factors And Vulnerability Propagation Analysis'.Information Sciences 256 (2014): 57-73. Web. Gholami, Saeed. 'Critical Risk Factors In Outsourced Support Projects Of IT'. jmr 4.1 (2011): 112-124. Web. Guarro, Sergio B. 'Risk Analysis And Risk Management Models For Information Systems Security Applications'. Reliability Engineering & System Safety 25.2 (1989): 109-130. Web. Hajeer, Safa’a I. 'Critical Risk Factors For Information System (IS) Projects (IS) Projects Between Sink And Swim'. IJCSET 2.6 (2012): 1270-1279. Print. Jones, C et al. 'Strategies For Improving Systems Development Project Success ,'. Issues in Information Systems 6.1 (2015): 166-178. Print. Pan, G, and L Shan. 'Transition To IS Project De-Escalation: An Exploration Into Management Executives’ Influence Behaviors'. IEEE Xplore 58.1 (2015): 108-127. Print. Reed, April H., and Linda V. Knight. 'Technology Related Risks On Virtual Software Development Projects'. International Journal of Information Technology Project Management 3.1 (2012): 1-14. Web. Read More