Risk Profiles in Individual Software Development and Packaged Software Implementation Projects: A Delphi Study at a German-Based Financial Services Company

The aim of this paper is to compare risk profiles of individual software development (ISD) and packaged software implementation (PSI) projects. While researchers have investigated risks in either PSI projects or ISD projects, an integrated perspective on how the risk profiles of these two types of information system (IS) projects differ is missing. To explore these differences, this work conducted a Delphi study at a German-based financial services company. The results suggest that: First, ISD projects seem to be more heterogeneous and face a larger variety of risks than the more straightforward PSI projects. Second, ISD projects seem to be particularly prone to risks related to sponsorship, requirements, and project organization. Third, PSI projects tend to be predominantly subject to risks related to technology, project planning, and project completion. Finally, in contrast to available lists of risks in IS projects and irrespective of the project type, the paper found a surprisingly high prominence of technology and testing-related risks

Escalating IT-projects: A text-analysis of risk-framing effects of managers

Despite significant research in the area, many IT projects fail to realize their targets with regards to time, budget or functionality. Resources continue to be committed to projects even though information is available which indicates that they are no longer viable. Prospect theory explains that these decisions can result from the risk preferences of individuals. A framing effect occurs when specific words are used, or attributes are emphasized, which influence these risk preferences. This research uses text analysis to determine which types of framing are applied by project managers when discussing a project. This information is used to gain insight into their so-called ‘project frame’ which helps to predict their decision making behavior. The findings demonstrate that the three main types of framing are indeed applied during conversations and that these can be linked to either a positive or a negative project frame

IT Project Management & Managerial Risk: Effects of Overconfidence

Due to high IT project failure rates, risk management in IT projects has attracted significant research interest and continues to be an important research and managerial concern. Recently, a stream of IS research has focused on the risks posed by managerial decision making on IT projects, by showing how managers themselves are a major source of risk by falling prey to various heuristics and biases while making decisions at various stages of IT project management. In this study, we explore one of the concepts i.e. overconfidence, and have proposed some potential areas of research. We hope that empirical examination of the propositions will give an insight into the details of how managers become victims of own biases through overconfidence thus causing severe yet systematic risks to the IT projects

Risk Mitigation in Corporate Participation with Open Source Communities: Protection and Compliance in an Open Source Supply Chain

Open source communities exist in large part through increasing participation from for-profit corporations. The balance between the seemingly conflicting ideals of open source communities and corporations creates a number of complex challenges for both. In this paper, we focus on corporate risk mitigation and the mandates on corporate participation in open source communities in light of open source license requirements. In response to these challenges, we aim to understand risk mitigation options within the dialectic of corporate participation with open source communities. Rather than emphasizing risk mitigation as ad hoc and emergent process focused on bottom lines and shareholder interests, our interest is in formalized instruments and project management processes that can help corporations mitigate risks associated with participation in open source communities through shared IT projects. Accordingly, we identify two key risk domains that corporations must be attendant to: property protection and compliance. In addition, we discuss risk mitigation sourcing, arguing that tools and processes for mitigating open source project risk do not stem solely from a corporation or solely from an open source community. Instead they originate from the interface between the two and can be paired in a complementary fashion in an overall project management process of risk mitigation. This work has been funded through the National Science Foundation VOSS-IOS Grant: 112264

Influence of project risk factors and self-efficacy on the perception of risk in troubled IT projects

Past studies have indicated that if project managers are able to perceive project risks accurately, they may be less likely to continue failing IT projects. A computer simulation based experiment was carried out to investigate the influence of individual self-efficacy and project risk factors on the perception of risk in failing IT projects. Results indicated that project managers with higher self-efficacy are likely to perceive the risks of a failing project to be lower compared to those with lower self-efficacy even though same information about project progess was provided in both conditions. Further, the results suggested that project managers are likely to underestimate the risks of a project with endogenous risk factors as compared to a project with exogenous risk factors

Perceived Control and Privacy in a Professional Cloud Environment

Cloud customers need to assess whether their cloud service provider offers high-quality services and handles sensitive information confidentially. Privacy protection is therefore a major challenge during cloud sourcing. Although cloud customers want control over their sensitive information, they have limited resources to do so. They therefore consider other control agents, such as certification authorities or collectives, but the effectiveness of these groups to ensure privacy protection is unknown. This study differentiates between three control agents (personal control, proxy control, and collective control) and investigates the influence of these agents on cloud customers’ perceived control over sensitive information to protect privacy during cloud sourcing. Results show that proxy and collective control influence cloud customers’ perceptions but personal control does not. Therefore, only external control agents, who can apply sanctions, are perceived as being able to effectively protect privacy

Controls for Managing Risks Across Different Stages of ERP Projects

Enterprise Resource Planning (ERP) implementations can be highly risky, posing numerous challenges to companies that implement them. Prior research has mainly focussed on identifying and assessing risks in ERP projects. Still little is known on mitigating risks by means of managerial control. Thus, this ongoing research aims to address these gaps by exploring how organisations exercise control in regards to identified risks during different stages of an ERP project. By using a case study approach this study particularly seeks to answer if and why control choices for risks change across different project stages. The preliminary results indicate that there is support for both, the need to collate the learnt experiences of ERP participants for these risks and their relative controls to be evaluated at all stages of the ERP project as the importance of risks and controls differ for each phase of the implementation project

SMS Derived vs. Public Perceived Risk in Aviation Technology Acceptance (Literature Review)

Aviation technology progressed from the first airplane flight to landing on the moon in just 63 years with continued progress today. Thus, organizations like commercial airlines and the National Aeronautics and Space Agency (NASA) that use a Safety Management System (SMS) are periodically implementing technology changes. Typically, two different processes are used to derive SMS and public perceived risk. Disparity between the two processes coupled with dissimilar influencing factors has, at times, frequently slowed or halted technology implementation. Understanding both processes and influencing factors using a literature review allows for a more proactive approach in implementing technology, aids in gauging public support, and provides the knowledge to attempt to change the public’s already formed perceived risk