Risk management and tacit knowledge in IT projects: making the implicit explicit

This research addressed the need for in-depth investigation of what actually happens in the practice of risk management in software package implementation projects. There is strong 'official' sanction in the IT literature for the use of formal risk management processes for IT projects but there is a confused picture of their application in practice. While many potential risk factors for IT projects have been identified, and formal procedures have been prescribed for the management of these risks, there has been little work investigating how project managers assess these risks in practice and what countermeasures they employ against these risks in their projects. In particular, the study used an interpretive critical decision interview approach to focus on those areas of risk management knowledge that project managers have acquired through experience, i.e. tacit knowledge. A new categorization of risk factors emanating from three sources -- vendor, client, and third party -reveals risk factors not previously identified. Some of these new factors arise from the three sources noted, while others arise from the package implementation focus of the projects and from aspects arising from the location of the projects in Hong Kong. Key factors that cause problems even when anticipated and mitigated, and the most often unanticipated problems are also identified. The study further presents an examination of the studied managers' risk management practices, and the strategies they use to address both potential and actual problems. This examination revealed close conformance with recommended literature prescriptions at some stages of projects, and significant variation at other stages, with strategies applied being broad and general rather than risk specific. A useful categorization of these strategies into four broad groups relating to different sets of risk factors is presented, reflecting the actual practice of respondents. Tacit knowledge was revealed throughout these investigations in the variances observed between prescribed and actual practice, and particularly from an examination of project managers' decision-making practices from two different perspectives - rational and naturalistic. A hybrid decision-making model is proposed to capture the actual processes observed, and to provide prescriptive guidance for risk management practice. The investigation makes a contribution to the field of IT project risk management in three ways. First, the investigation has addressed the need for empirical studies into IT risk management practices and the factors influencing project managers in their choice and application of strategies to manage risk. Second, by examining how experienced IT project managers approach the task of managing risk in software package implementations, the study has extended our understanding of the nature of the knowledge and skills that effective IT project managers develop through experience. Third, the study makes a theoretical contribution to our understanding of IT project risk management by examining the decision-making processes followed by IT project managers from the perspective of two contrasting theories of decision-making - the rational method and the Naturalistic Decision Making theory.

[1]  Graeme G. Shanks,et al.  A model of ERP project implementation , 2000, J. Inf. Technol..

[2]  Suzanne Rivard,et al.  An Integrative Contingency Model of Software Project Risk Management , 2001, J. Manag. Inf. Syst..

[3]  Alice Lam Tacit Knowledge, Organizational Learning and Societal Institutions: An Integrated Framework , 2000 .

[4]  E. Schein Organizational Culture and Leadership , 1991 .

[5]  Amy L. Pablo Managerial risk interpretations: does industry make a difference? , 1999 .

[6]  Richard K. Wagner,et al.  Tacit knowledge in everyday intelligent behavior. , 1987 .

[7]  Geoff Walsham,et al.  GIS for District-Level Administration in India: Problems and Opportunities , 1999, MIS Q..

[8]  Tony Moynihan,et al.  Coping with client-based 'people-problems': the theories-of-action of experienced IS/software project managers , 2002, Inf. Manag..

[9]  Gary Klein Applied Decision Making , 1999 .

[10]  D. Schoen,et al.  The Reflective Practitioner: How Professionals Think in Action , 1985 .

[11]  David Lorge Parnas,et al.  A Rational Design Process: How and Why to Fake It , 1985, TAPSOFT, Vol.2.

[12]  D. Shanks IMPLICIT LEARNING AND TACIT KNOWLEDGE - AN ESSAY ON THE COGNITIVE UNCONSCIOUS - REBER,A , 1995 .

[13]  Kay M. Nelson,et al.  Understanding Software Operations Support Expertise: A Revealed Causal Mapping Approach , 2000, MIS Q..

[14]  J. Rockart,et al.  EIGHT IMPERATIVES FOR THE NEW IT ORGANIZATION , 1996 .

[15]  Richard Baskerville,et al.  Distinctions Among Different Types of Generalizing in Information Systems Research , 1999, New Information Technologies in Organizational Processes.

[16]  V. Ambrosini,et al.  Tacit Knowledge: Some Suggestions for Operationalization , 2001 .

[17]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[18]  Eileen M. Trauth,et al.  Understanding Computer-Mediated Discussions: Positivist and Interpretive Analyses of Group Support System Use , 2000, MIS Q..

[19]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[20]  P E Johnson,et al.  What kind of expert should a system be? , 1983, The Journal of medicine and philosophy.

[21]  Alan Dennis Systems Analysis Design , 2006 .

[22]  Roberta Calderwood,et al.  Critical decision method for eliciting knowledge , 1989, IEEE Trans. Syst. Man Cybern..

[23]  J. Castillo A Note on the Concept of Tacit Knowledge , 2002 .

[24]  David M. Szymanski,et al.  Customer satisfaction: A meta-analysis of the empirical evidence , 2001 .

[25]  M. Polanyi Chapter 7 – The Tacit Dimension , 1997 .

[26]  Wanda J. Orlikowski,et al.  Studying Information Technology in Organizations: Research Approaches and Assumptions , 1991, Inf. Syst. Res..

[27]  Shari Lawrence Pfleeger Risky business: what we have yet to learn about risk management , 2000, J. Syst. Softw..

[28]  Helga Drummond,et al.  The politics of risk: trials and tribulations of the Taurus project , 1996, J. Inf. Technol..

[29]  M. D. Myers,et al.  Qualitative Research in Information Systems: A Reader , 2002 .

[30]  Ikujiro Nonaka,et al.  Managing Industrial Knowledge: Creation, Transfer and Utilization , 2001 .

[31]  Michael D. Myers,et al.  A classification scheme for interpretive research in information systems , 2001 .

[32]  Pei Hsia,et al.  Learning to Put Lessons Into Practice , 1993, IEEE Softw..

[33]  K. J. Vicente,et al.  Cognitive Work Analysis: Toward Safe, Productive, and Healthy Computer-Based Work , 1999 .

[34]  A. Reber Implicit learning and tacit knowledge , 1993 .

[35]  E. Trauth Qualitative Research in IS: Issues and Trends , 2001 .

[36]  R. Nolan,et al.  How to Manage an IT Outsourcing Alliance , 1995 .

[37]  Graham McLeod,et al.  Managing Information Technology Projects , 1997 .

[38]  Dianne C. Berry,et al.  The problem of implicit knowledge , 1987 .

[39]  I. Nonaka A Dynamic Theory of Organizational Knowledge Creation , 1994 .

[40]  M. Patton Qualitative research & evaluation methods , 2002 .

[41]  Henry Mintzberg,et al.  The Structure of "Unstructured" Decision Processes , 1976 .

[42]  Paul M. Fitts,et al.  Perceptual-Motor Skill Learning1 , 1964 .

[43]  James C. Brancheau,et al.  Adoption and Utilization of Commercial Software Packages: Exploring Utilization Equilibria, Transitions, Triggers, and Tracks , 1999, J. Manag. Inf. Syst..

[44]  F. Blackler Knowledge, Knowledge Work and Organizations: An Overview and Interpretation , 1995 .

[45]  Kalle Lyytinen,et al.  Attention Shaping and Software Risk - A Categorical Analysis of Four Classical Risk Management Approaches , 1998, Inf. Syst. Res..

[46]  Rajiv Sabherwal,et al.  The role of trust in outsourced IS development projects , 1999, CACM.

[47]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[48]  Kalle Lyytinen,et al.  A Framework for software risk management , 1996, Scand. J. Inf. Syst..

[49]  John R. Anderson Acquisition of cognitive skill. , 1982 .

[50]  Kim J. Vicente,et al.  Cognitive Task Analysis: What is it? Why Do It? , 1995 .

[51]  Eileen M. Trauth,et al.  Critical Skills and Knowledge Requirements of IS Professionals: A Joint Academic/Industry Investigation , 1995, MIS Q..

[52]  Steven L. Alter,et al.  Information Systems: A Management Perspective , 1991 .

[53]  Tony Moynihan,et al.  An inventory of personal constructs for information systems project risk researchers , 1996, J. Inf. Technol..

[54]  James Cadle,et al.  Project Management for Information Systems , 1996 .

[55]  Kalle Lyytinen,et al.  Identifying Software Project Risks: An International Delphi Study , 2001, J. Manag. Inf. Syst..

[56]  Dennis F. Galletta,et al.  An empirical validation of a contingency model for information require-ments determination , 1998, DATB.

[57]  W. Duncan A GUIDE TO THE PROJECT MANAGEMENT BODY OF KNOWLEDGE , 1996 .

[58]  Dianne C. Berry,et al.  Implicit Learning , 1993 .

[59]  Jan Stage,et al.  Controlling Prototype Development Through Risk Analysis , 1996, MIS Q..

[60]  John P. Campbell,et al.  A Confirmatory Test of a Model of Performance Determinants , 1994 .

[61]  Leslie P. Willcocks,et al.  Risk assessment and information systems , 1993, ECIS.

[62]  H. Bernard,et al.  Data Management and Analysis Methods , 2000 .

[63]  L. Willcocks,et al.  Core IS Capabilities for Exploiting Information Technology , 1998 .

[64]  Elizabeth J. Davidson,et al.  Technology Frames and Framing: A Socio-Cognitive Investigation of Requirements Determination , 2002, MIS Q..

[65]  Donald A. Sch The reflective practitioner: how professionals think in action , 1983 .

[66]  N. Denzin,et al.  Handbook of Qualitative Research , 1994 .

[67]  Tony Moynihan Coping with 'requirements-uncertainty': the theories-of-action of experienced IS/software project managers , 2000, J. Syst. Softw..

[68]  K. Sutcliffe,et al.  Controlling Decision-Making Practice in Organizations , 2001 .

[69]  Robert N. Charette The mechanics of managing IT risk , 1996, J. Inf. Technol..

[70]  Robert J. Sternberg,et al.  Practical intelligence : nature and origins of competence in the everyday world , 1986 .

[71]  Geoff Walsham,et al.  The Emergence of Interpretivism in IS Research , 1995, Inf. Syst. Res..

[72]  J. Spender Organizational knowledge, learning and memory: three concepts in search of a theory , 1996 .

[73]  Karen Locke,et al.  Appealing Work: An Investigation of How Ethnographic Texts Convince , 1993 .

[74]  R. Mathews,et al.  Insight without Awareness: On the Interaction of Verbalization, Instruction and Practice in a Simulated Process Control Task , 1989 .

[75]  Mary Sumner,et al.  Risk factors in enterprise-wide/ERP projects , 2000, J. Inf. Technol..

[76]  Kalle Lyytinen,et al.  A framework for identifying software project risks , 1998, CACM.

[77]  Geoff Walsham,et al.  Interpretive case studies in IS research: nature and method , 1995 .

[78]  Valerie L. Shalin,et al.  Cognitive task analysis , 2000 .

[79]  A. W. Melton Categories of Human Learning , 1964 .

[80]  H. Simon Rational Decision Making in Business Organizations , 1978 .

[81]  M. D. Myers,et al.  An introduction to qualitative research in information systems , 2002 .

[82]  Richard E. Fairley,et al.  Risk management for software projects , 1994, IEEE Software.

[83]  Janice M. Morse,et al.  Transforming qualitative data: Description, analysis, and interpretation , 1996 .

[84]  Joseph A. Horvath,et al.  Tacit knowledge in professional practice : researcher and practitioner perspectives , 2000 .

[85]  K. Oatley Structure of Knowledge , 1972, Nature.

[86]  Pawel Lewicki,et al.  Acquisition of procedural knowledge about a pattern of stimuli that cannot be articulated , 1988, Cognitive Psychology.

[87]  Jonathan H. Klein,et al.  Risk management for information systems development , 1996, J. Inf. Technol..

[88]  Gordon B. Davis,et al.  Strategies for Information Requirements Determination , 1982, IBM Syst. J..

[89]  Henry C. Lucas,et al.  Implementing Packaged Software , 1987, MIS Q..

[90]  Rob J. Kusters,et al.  Dealing with risk: a practical approach , 1996, J. Inf. Technol..

[91]  Bruce Russell,et al.  Relationship quality: the undervalued dimension of software quality , 2003, CACM.

[92]  G. Klein,et al.  Decision Making in Action: Models and Methods , 1993 .

[93]  J. March,et al.  Managerial perspectives on risk and risk taking , 1987 .

[94]  J. Martin,et al.  Buying software off the rack. Packages can be the solution to the software shortage. , 1983, Harvard business review.

[95]  I. Nonaka,et al.  SECI, Ba and Leadership: a Unified Model of Dynamic Knowledge Creation , 2000 .

[96]  A. Adam Whatever happened to information systems ethics? Caught between the devil and the deep blue sea , 2004 .

[97]  F. W. McFarlan,et al.  Portfolio approach to information systems , 1989 .

[98]  Gary Klein,et al.  Pre-project partnering impact on an information system project, project team and project manager , 2002, Eur. J. Inf. Syst..

[99]  D. Leonard,et al.  The Role of Tacit Knowledge in Group Innovation , 1998 .

[100]  Karol G. Ross,et al.  The Recognition-Primed Decision Model , 2004 .

[101]  Nancy L. Russo Expanding the Horizons of Information Systems Development , 2000, Organizational and Social Perspectives on IT.

[102]  Robert N. Charette,et al.  Large-Scale Project Management Is Risk Management , 1996, IEEE Softw..

[103]  G. Klein,et al.  A recognition-primed decision (RPD) model of rapid decision making. , 1993 .

[104]  T. Moynihan,et al.  How Experienced Project Managers Assess Risk , 1997, IEEE Softw..

[105]  J. C. Flanagan Psychological Bulletin THE CRITICAL INCIDENT TECHNIQUE , 2022 .

[106]  Guy G. Gable,et al.  A multidimensional model of client success when engaging external consultants , 1996 .

[107]  D. Sandy Staples,et al.  Having expectations of information systems benefits that match received benefits: does it really matter? , 2002, Inf. Manag..

[108]  Erran Carmel,et al.  Customer-developer links in software development , 1995, CACM.

[109]  Mark Keil,et al.  Pulling the Plug: Software Project Management and the Problem of Project Escalation , 1995, MIS Q..

[110]  G. Ryle,et al.  心的概念 = The concept of mind , 1962 .

[111]  Suzanne Rivard,et al.  Toward an Assessment of Software Development Risk , 1993, J. Manag. Inf. Syst..

[112]  Elena L. Grigorenko,et al.  Practical Intelligence in Everyday Life , 2000 .

[113]  Petter Gottschalk,et al.  External or Internal Focus?—A Comparison of IT Executive and IT Project Manager Roles , 2002 .

[114]  Lisa Abrams,et al.  Using Mentoring and Storytelling to Transfer Knowledge in the Workplace , 2001, J. Manag. Inf. Syst..

[115]  Graeme G. Shanks,et al.  Identification of Necessary Factors for Successful Implementation of ERP Systems , 1999, New Information Technologies in Organizational Processes.

[116]  H. Takeuchi Towards a Universal Management Concept of Knowledge , 2001 .