Sunday, May 24, 2009

Risk management practices in IT outsourcing projects

Abstract
Risk management in IT outsourcing projects is a process of identifying, analyzing, controlling and reducing risks in IT outsourcing projects life cycle. Risk management is important as the practices of risk management will reduce the risks thus lead to success in IT outsourcing projects. Risk management should be conducted in IT outsourcing as it will foresee risks that might disturb the smooth flowing of IT outsourcing and prevent or reduce the impact of risks if they occur. Therefore, the primary objective of this paper is to analyze how organizations conducted risk management in IT outsourcing practices. The findings revealed that organizations highly considered the last phase of risk management in IT outsourcing which is on-going monitoring. The organizations least considered the first phase; analysis of decision to outsource whereas this phase is very important as a preparation to enter IT outsourcing activities. Therefore, even though other phases were highly considered, lack of initial preparation will reduce the probability of success in IT outsourcing. For future works, the weaknesses and vulnerability of current practices will then be enhanced and framework of risk management in IT outsourcing will then be developed.

1. Introduction
Outsourcing is a trend that is emerging from infancy and entering a more mature phase of its evolution. It has become the popular operation model among multinational companies throughout the world because the benefits are clear. While there are many reasons to outsource a function, there are also numbers of risks associated with doing so [7]. Therefore, it is important for a decision maker to be aware of these risks before decision to outsource is made.

Due to current environment where technology and market always shifted, organizations are facing more risks if the outsourcing activity is not managed [5]. Therefore, Linder [4] listed managing risks explicitly as one of the critical success factor in effective outsourcing. Despite the importance of risk management, the practices of risk management in IT outsourcing projects in Malaysia are still low [6]. The low practice and application of risk management was also confirmed by a research done in [17]. Another research done showed that only 8% of IS project integrate risk management in the development process due to no formal training in risk management [9,10,11].

This paper firstly discussed the importance of risk management in IT outsourcing. Survey was then conducted to gather the information on organizations practices of risk management. Through current practices, evaluation was done to look at which part of risk management processes that organizations always skipped and the reasons behind it. For future work, these vulnerabilities and weaknesses will be enhanced and risk management in IT outsourcing framework will be developed to assist organizations in conducting IT outsourcing.

2. Risk Management in IT Outsourcing
Risk management is the process of identifying, analyzing, controlling and managing the issues and risks that might appear during a lifetime of a project. In outsourcing arrangement, the risks are higher as more players involved. Since IT outsourcing trends in Malaysia would continue [2], it is important to enhance and manage risks that might derive. These risks should be managed as failing to do so will invite disaster to organizations. Therefore, organizations should conduct careful and deliberate risk management as it can substantially attenuate the level of risks exposure [5].

Consorting with adapting risk management in IT outsourcing, FFIEC [3] comes up with a process of risk management in IT outsourcing. The process consists of four steps namely risk assessment and requirement definition, due diligence in selecting service provider, contract negotiation and implementation and on-going monitoring.

In addition to performing risk management, it is important to perform it in the earlier stage [15] so that the risks can be foreseen and be prevented or at least reduce the impact of the risks if they occurred. However, early identification of risks is not enough. During the initial stage, risk assessment may not be imprecise due to limited information and resources. Therefore, organizations should have systematic risk management and continuously carry it out through the life of the projects [14].

Many studies proved the practice of risk management will increase the likelihood of a successful project including a survey done to show a positive association between risk management and project success [8]. Therefore, risk management should be recognized as one of the critical success factors in IT outsourcing projects. In Malaysia, even though the awareness of risk management is high, the practices are still low [6,16] and it might due to no formal training in risk management [9,10,11].

10. References

[1] APICS, Managing the Risks of Outsourcing: A Survey of Current Practices and Their Effectiveness, 2003.
[2] C. Yvonne, “Growing Trend in IT Outsourcing,” The Star, Oct. 20, 2003.
[3] Federal Financial Institution Examination Council, (FFIEC), Outsourcing Technology Services, 2004.
[4] J. C. Linder, Outsourcing for Radical Change. Amacom, New York, 2004.
[5] J. Jorgensen, “Managing the Risks of Outsourced IT”, The Internal Auditor, 1996, Vol 53, No 6, p. 54.
[6] KPMG, Strategic Risk Management Survey, Australia, 2005.
[7] NISER, ICT Survey for Malaysia 2001/2002, Kuala Lumpur, 2003.
[8] Noor Habibah Arshad, An Approach to the Development of Framework for Software Risk Management, Phd. Dissertation, UKM, 2003.
[9] Noor Habibah Arshad, Azlinah Mohamed and Zaiha Mat Nor, “Risk Management Practices in Malaysia’s Public Sector”, WSEAS Transaction on Business and Economics Journal, 2006, Vol 3, No 7, pp 534-54.
[10] Noor Habibah Arshad, Azlinah Mohamed and Zaiha Mat Nor, Risk Factors in Development Projects, in the Proceedings of the 5th WSEAS International Conferences on E-activities, Venice, Italy, Nov 20-22, 2006.
[11] Noor Habibah Arshad, Azlinah Mohamed and Zaiha Mat Nor, The extend of risk management practices in egovernment projects, in the Proceedings of the 6th WSEAS International Conferences on Software Engineering, Parallel and Distribution Systems (SEPADS, 07), Corfu Island, Greece, Feb 16-19, 2007.
[12] Noor Habibah Arshad, Yap May Lin, Azlinah Mohamed and Sallehuddin Affandi, Inherent Risks in ICT Outsourcing Project, in A. Aggarwal, R. Yager and I. W. Sandberg (Eds.), Studies in Simulation and Modelling. WSEAS Press, Canada. 2006.
[13] N. R. Venkateswar, Mitigation Operational Risk in Outsourcing, DM Direct Special Report, 2005. Retrieved January 17, 2006 from http://www.dmreview.com/article_sub.cfm?articleId=1028024.
[14] R. N. Charette, “The Mechanics of Managing IT Risk”, Journal of Information Technology. 1996, Vol 11, No 4, p.374.
[15] R. B. Misra, “Global IT Outsourcing: Metrics for Success of all Parties”, Journal of Information Technology Cases and Applications, 2004, Vol 6, No 3, pp 21-34.
[16] Syaripah Ruzaini Syed Aris, Noor Habibah Arshad and Azlinah Mohamed, Critical Review of Risk Management in IT Outsourcing, presented at First Regional Conference on Computational Science and Technologies, Sabah, Malaysia, 29-30 Nov 2007.
[17] Syaripah Ruzaini Syed Aris, Azlinah Mohamed and Noor Habibah Arshad, “Preliminary Study on Risk Management in E-Government Outsourcing Projects,” in Eactivities: Networking the World, Proceedings of the 6th WSEAS International Conference on e-activities, Puerto De
La Cruz, Tenerife, Canary Islands, Spain, 14-16 Dec 2007, M. Gloria Sanchez-Torrubia, Ed. Canada: WSEAS Press, 2007.
[18] V. Grover, M. J. Cheon and J. T. C. Teng, “The Effect of Service Quality and Partnership on the Outsourcing of Information Systems Functions”, Journal of Management Information Systems, Vol 12, No. 4, 1996, pg 89.

Syaripah Ruzaini Syed Aris,   Noor Habibah Arshad,   Mohamed, Azlinah   
Faculty of Information Technology and Quantitative Science (FTMSK), Universiti Teknologi MARA, Selangor, MALAYSIA;

This paper appears in: Information Technology, 2008. IT Sim 2008. International Symposium on 
Publication Date: 26-28 Aug. 2008
Volume: 4,  On page(s): 1-8
Location: Kuala Lumpur, Malaysia, 
ISBN: 978-1-4244-2327-9

No comments:

 
hit counter
unique hit counter