The Emergence of Information Infrastructure Risk Management in IT Services

Failure to understand, identify, and manage risk is often cited as a major cause of IT problems. While the project is the preferred level of analysis in most IT risk management research, IT is becoming increasingly infrastructural, and there is therefore a need to adapt risk strategies beyond the project level. In this paper, we explore how risk management practices in a successful IT service provider group emerged over time as the group coped with infrastructural dynamics and complexities. Drawing on Orlikowski's practice lens, we investigate actual practices and possible options related to risk management as rapid technological and organizational changes resulted in increased infrastructure management challenges for the IT service provider. Our research contributes to the IT risk management literature by applying risk theory to service management in the infrastructural domain and by moving beyond the project as level of analysis.

[1]  Lars Mathiassen,et al.  Managing Risks in Distributed Software Projects: An Integrative Framework , 2009, IEEE Transactions on Engineering Management.

[2]  Ole Hanseth,et al.  IT-adaptation challenges in the process industry: an exploratory case study , 2007, Ind. Manag. Data Syst..

[3]  Lars Mathiassen,et al.  Managing Risk in Software Process Improvement: An Action Research Approach , 2004, MIS Q..

[4]  Kalle Lyytinen,et al.  Research Commentary - Digital Infrastructures: The Missing IS Research Agenda , 2010, Inf. Syst. Res..

[5]  Ole Hanseth Introduction: Integration–Complexity–Risk – The Making of Information Systems Out-of-Control , 2007 .

[6]  Wanda J. Orlikowski,et al.  Improvising Organizational Transformation Over Time: A Situated Change Perspective , 1996, Inf. Syst. Res..

[7]  Suzanne Rivard,et al.  Toward an Assessment of Software Development Risk , 1993, J. Manag. Inf. Syst..

[8]  Mark Keil,et al.  Turning Around Troubled Software Projects: An Exploratory Study of the Deescalation of Commitment to Failing Courses of Action , 1999, J. Manag. Inf. Syst..

[9]  W. Souder,et al.  The risk pyramid for new product development: An application to complex aerospace hardware , 1993 .

[10]  Kalle Lyytinen,et al.  Components of Software Development Risk: How to Address Them? A Project Manager Survey , 2000, IEEE Trans. Software Eng..

[11]  Kalle Lyytinen,et al.  Attention Shaping and Software Risk - A Categorical Analysis of Four Classical Risk Management Approaches , 1998, Inf. Syst. Res..

[12]  Marie-Claude Boudreau,et al.  Accounting for the Contradictory Organizational Consequences of Information Technology: Theoretical Directions and Methodological Implications , 1999, Inf. Syst. Res..

[13]  R. Mason,et al.  The Influence Prism in SMEs: The Power of CEOs' Perceptions on Technology Policy and Its Organizational Impacts , 1997 .

[14]  Kalle Lyytinen,et al.  Identifying Software Project Risks: An International Delphi Study , 2001, J. Manag. Inf. Syst..

[15]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[16]  F. W. McFarlan,et al.  Portfolio approach to information systems , 1989 .

[17]  Karen Ruhleder,et al.  Steps Toward an Ecology of Infrastructure: Design and Access for Large Information Spaces , 1996, Inf. Syst. Res..

[18]  George C. Hartmann,et al.  Assessing Technology Risk–A Case Study , 1998 .

[19]  Anandhi S. Bharadwaj,et al.  A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation , 2000, MIS Q..

[20]  Kalle Lyytinen,et al.  Systemic Risk, IT Artifacts, and High Reliability Organizations: A Case of Constructing a Radical Architecture , 2008 .

[21]  Kalle Lyytinen,et al.  Design theory for dynamic complexity in information infrastructures: the case of building internet , 2010, J. Inf. Technol..

[22]  Lars Mathiassen,et al.  Collaborative Practice Research , 2000, Scand. J. Inf. Syst..

[23]  Geoff Walsham,et al.  Doing interpretive research , 2006, Eur. J. Inf. Syst..

[24]  K. Lyytinen A taxonomic perspective of information systems development: theoretical constructs and recommendations , 1987 .

[25]  Eric Monteiro,et al.  Developing Information Infrastructure: The Tension Between Standardization and Flexibility , 1996 .

[26]  Ole Hanseth,et al.  From Risk Management to ‘Organized Irresponsibility’? Risks and Risk Management in the Mobile Telcom Sector , 2007 .

[27]  Lei Li,et al.  The Influence of Checklists and Roles on Software Practitioner Risk Perception and Decision-Making , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[28]  Jørn Braa,et al.  DEVELOPING HEALTH INFORMATION SYSTEMS IN DEVELOPING COUNTRIES THE FLEXIBLE STANDARDS STRATEGY , 2006 .

[29]  Varun Grover,et al.  Shaping Agility through Digital Options: Reconceptualizing the Role of Information Technology in Contemporary Firms , 2003, MIS Q..

[30]  Kalle Lyytinen,et al.  A framework for identifying software project risks , 1998, CACM.

[31]  Geoff Walsham,et al.  Interpretive case studies in IS research: nature and method , 1995 .

[32]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[33]  Eric Monteiro,et al.  Inscribing behaviour in information infrastructure standards , 1997 .

[34]  Jonny Holmström,et al.  Running to Stand Still: Examining the Role of Information Technology in Industrial Risk Management , 2008, ECIS.