Risk management practices in IS outsourcing: an investigation into commercial banks in Nigeria

This research work focuses on the risk management practices adopted by Commercial Banks in Nigeria that are related to the outsourcing of information systems (IS). The need for the research emerged from the lack of studies addressing these problems in developing countries in general and in this country in particular. The research reported in this paper shows that despite the globally increasing trend of IS outsourcing in the sector, Nigerian commercial banks are lacking in both strategic and operational risk management practices. Consequently, they are especially prone to the adoption inappropriate IS solutions and are vulnerable to IS failure and fraud. The research is empirically based drawing on an extensive literature and case study review as well as an extensive survey of banks in Nigeria. The main method of data collection was a questionnaire sent to 15 commercial banks, which was aimed at respondents in three distinct categories: executive management, systems managers and users. The analysis of the data included both a quantitative and an inductive qualitative approach. The latter was used to draw inferences on the current situation. The findings revealed that managers of commercial banks understand the nature of IS outsourcing and that they all agreed that adopting risk management practices is important. Nevertheless, the situation is critical. A significant proportion of the commercial banks have no documented and structured outsourcing strategy or policy; consequently no programme or procedural guidance is available at any level. The study also discovered that contrary to practice in developed countries, the regulatory authorities in Nigeria have not formulated substantive guidelines or procedural rules to be adopted nationally by commercial banks.

[1]  R. Hirschheim,et al.  Information systems outsourcing : myths, metaphors, and realities , 1993 .

[2]  J. O'Brien Management Information Systems: Managing Information Technology in the Networked Enterprise , 1996 .

[3]  Thomas R. Mylott Computer Outsourcing: Managing the Transfer of Information Systems , 1995 .

[4]  Ndi Okereke-Onyiuke The Nigerian Stock Exchange , 2002 .

[5]  C. Lonsdale,et al.  Effectively managing vertical supply relationships: a risk management model for outsourcing , 1999 .

[6]  R. Nolan,et al.  How to Manage an IT Outsourcing Alliance , 1995 .

[7]  L. D. Looff,et al.  Information Systems Outsourcing Decision Making: A Managerial Approach , 1996 .

[8]  Judith Broady-Preston,et al.  Strategy, information processing and scorecard models in the UK financial services sector , 2001, Inf. Res..

[9]  Ying Fan Strategic outsourcing: evidence from British companies , 2000 .

[10]  R. L. Huber How Continental Bank outsourced its "crown jewels.". , 1993, Harvard business review.

[11]  James W. DeLoach,et al.  Enterprise-wide risk management : strategies for linking risk and opportunity , 2000 .

[12]  Susan V. Scott IT-ENABLED CREDIT RISK MODERNISATION: A REVOLUTION UNDER THE CLOAK OF NORMALITY , 1999 .

[13]  Leslie P. Willcocks,et al.  IT outsourcing in insurance services: risk, creative contracting and business advantage , 1999, Inf. Syst. J..

[14]  J. Ward,et al.  Strategic Planning for Information Systems , 1990 .

[15]  Keri E. Pearlson,et al.  Managing and Using Information Systems: A Strategic Approach , 2019 .

[16]  David Hillson,et al.  Extending the risk process to manage opportunities , 2002 .

[17]  P. Drucker Managing in a Time of Great Change , 1995 .

[18]  Lawrence Loh,et al.  Diffusion of Information Technology Outsourcing: Influence Sources and the Kodak Effect , 1992, Inf. Syst. Res..