This paper considers the application of project risk management techniques, methods and approaches to information systems development. The paper reviews current thinking on risk as it relates to information systems, and the approaches to risk that have been adopted in IS projects. The paper considers, in the context of IS, the processes of risk identification, structuring, assessment, and aggregation, and the use of such risk analysis to inform the process of risk management. The paper analyses available risk management techniques, and then proceeds to develop a comprehensive decision support system to aid risk analysis.
Get full access to this article
View all access options for this article.
References
1.
AnsellJ. (1992). Reliability: independent risk assessment, in Risk: Analysis, Assessment and Management, AnsellJ., and WhartonF. (eds) (Wiley, Chichester) pp. 105–22.
2.
AnsellJ., and WhartonF. (eds) (1992). Risk: Analysis, Assessment and Management (Wiley, Chichester).
3.
Australian Society of Accountants (ASA) (1984). Survey on the Use of Information Technology by Accountants.
4.
AvisonD., and HortonJ. (1992). Evaluation of Information Systems, University of Southampton Working Paper.
5.
BallantineJ., GalliersR., and PowellP. (1995). Daring to be different, capital appraisal and technology investments in Proceedings of the 3rd European Information Systems Conference, AthensGreece, DoukidisG., GalliersR., JelassiT., KrcmarH., and LandF. (eds) pp. 87–97.
6.
BallantineJ., BonnerM., LevyM., MartinA., MunroI., and PowellP. (1996). The 3-D Model of Information Systems Success: the Search for the Dependent Variable Continues, Information Resource Management Journal (forthcoming, October).
7.
BirchD., and McEvoyN. (1995). Structured risk analysis for information systems, in Hard Money – Soft Outcomes, FarbeyB., TargettD., and LandF. (eds) (Alfred Waller, Henley) pp. 29–52.
8.
ChapmanC.B. (1992). A risk engineering approach to risk management, in Risk: Analysis, Assessment and Management, AnsellJ., and WhartonF. (eds) (Wiley, Chichester) pp. 5–39.
9.
ChapmanC.B., and CooperD.F. (1983). Risk engineering: basic controlled interval and memory models, Journal Operational Research Society, 34, 51–60.
10.
EdenC., JonesS., and SimsD. (1983). Messing About in Problems (Pergamon, Oxford).
11.
GilbreathR.D. (1988). Working with pulses, not streams: using projects to capture opportunity, in Project Management Handbook, ClelandD., and KingW. (eds) (Van Nostrand Reinhold, New York).
12.
GoodwinP., and WrightG. (1991). Decision Analysis for Management Judgement (Wiley, Chichester).
13.
GreenJ. (1995). Business Resumption Planning, Unpublished MSc Thesis, University of Warwick.
14.
HottersteinM., and DeanJ. (1992). Managing risk in advanced manufacturing technology, California Management Review, 112–26.
15.
HarrisS., and KatzJ. (1991). Firm size and the IT investment intensity of life insurers, MIS Quarterly, 15(3), 333–52.
16.
HarrisonE. (1992). Some factors involved in determining strategic decision success, Journal of General Management, 17(3), 72–87.
17.
JacksonN., and CarterP. (1992). The perception of risk, in Risk: Analysis, Assessment and Management, AnsellJ., and WhartonF. (eds) (Wiley, Chichester) pp. 41–54.
18.
JenkinsN. (1990). Guidelines for risk assessment and risk management in MoD procurement programmes, in Risk and Risk Analysis: the Royal Aeronautical Society Seminar, London, July (Royal Military College of Science, Shrivenham).
19.
JungermannH., and ThuringM. (1993). The labyrinth of experts’ minds: some reasoning strategies and their pitfalls, Annals of Operational Research, 16, 117–30.
20.
KangariR., and RiggsL.S. (1989). Construction risk assessment by linguistics, IEEE Transactions on Engineering Management, 36, 126–31.
21.
KemererC., and SosaC. (1991). Systems development risks in strategic information systems, Information and Software Technology, 33(3), 212–23.
22.
KeyesJ. (1989). Why expert systems fail, AI Expert, November, 50–3.
23.
KleinJ.H. (1993). Modelling risk trade-off, Journal Opl Research Society, 44445–60.
24.
KleinJ.H. (1994). Cognitive processes and operational research: a human information processing perspective, Journal Opl Research Society, 45, 855–66.
25.
KleinJ.H., PowellP., and ChapmanC. (1994). Project risk assessment based on prototype activities, Journal Opl Research Society, 45(7), 749–57.
26.
KleinJ.H., and CorkR.B. (1996). An Approach to Technical Risk Assessment, in preparation.
27.
KrummF., and RolleC. (1992). Management and application of decision and risk analysis in Du Pont, Interfaces, 22(6), 84–93.
28.
LiangT-P., and TangM-J. (1991). VAR analysis: a framework for justifying strategic information systems projects, Database, 23(1), 27–35.
29.
MowshowitzA. (1976). Information Processing in Human Affairs (Addison-Wesley, Reading, Mass).
30.
OtwayH, and HaastrupP. (1988). Designing risk management support systems, Annals of Operational Research, 16, 439–46.
31.
PowellP. (1994). Fuzzy strategy, crisp investment, in Hard Money – Soft Outcomes: Evaluating and Managing the IT Investment, FarbeyB., TargettD., and LandF. (eds) (Alfred Waller, Henley-on-Thames) pp. 173–92.
RibeiroR., PowellP., and BaldwinJ. (1995). Uncertainty in decision making: an abductive perspective, Decision Support Systems, 13, 183–94.
34.
RobsonW. (1994). Strategic Management and Information Systems (Pitman, London).
35.
RuohonenM. (1991). Stakeholders of strategic information systems planning: theoretical concepts and empirical examples, Journal of Strategic Information Systems, 1(1), 15–28.
36.
StahlM. (1989). Strategic Executive Decisions (Quorum Books, New York).
37.
TateG., and VernerJ. (1990). Casestudy of risk management, incremental development and evolutionary prototyping, Information and Software Technology, 32(3), 207–14.
38.
VitaleM. (1986). The growing risks of information system success, MIS Quarterly, 10(3), 327–34.
39.
Von WinterfeldtR. (1988). Expert systems and behavioral decision research, Decision Support Systems, 4, 461–71.
40.
WhitingF., DaviesJ., and KnulM. (1993). Investment appraisal for IT systems, BT Technology Journal, 11(2), 193–211.
41.
WildemannH. (1988). Analysis and evaluation of basic strategies in investment planning for modern flexible technologies, Annals of Operational Research, 16, 447–64.
42.
WillcocksL. (1992). Evaluating information technology investments: research findings and reappraisal, Journal of Information Systems, 2(4), 243–68.
43.
WillcocksL., and GriffithsC. (1995). Evaluating risk in major IT projects, in Hard Money – Soft Outcomes, FarbeyB., TargettD., and LandF. (eds) (Alfred Waller, Henley) pp. 29–52.
44.
WillcocksL., and MargettsH. (1994). Risk assessment and information systems, European Journal of Information Systems, 3(2), 127–38.
