ORE: A Framework to Measure Organizational Risk Du

  • Aditya Agrawal
  • Gavin Finnie
  • Padmanabhan Krishnan


Information systems (IS) change initiatives often represent the single largest investment (and therefore risk) for large corporations, yet there exist few management frameworks in the literature to help decision makers measure organizational risk in a balanced manner during this organization-wide change process. The ORE framework has been developed as a design science artifact based on the Leavitt diamond paradigm as a multi-criteria, relative risk, condition consequence, management decision framework enabling decision makers to calculate and compare risk evolution at fixed points of the change cycle and make structured and balanced risk mitigation decisions. In this chapter the principles, architecture and elements of ORE are described.


Information System Program Constraint Design Science Development Platform Information System Evolution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Albrecht, A.J. (1979) Measuring Application Development Productivity. Proc IBM Application Development Joint SHARE/GUIDE Symposium, pp. 83–92, Monterey, CA.Google Scholar
  2. Bennett, K. and Rajlich, V. (2000) Software Maintenance and Evolution: A Roadmap. Paper presented to Conf on Future of Software Engineering, ACM, pp. 75–87, Limerick, Ireland.Google Scholar
  3. Bruegge, B. and Dutoit, H.A. (1998) Communications Metrics for Software Development. IEEE Transactions on Software Engineering, 24(8): 615–628.Google Scholar
  4. Capital Broadleaf International Pty. Ltd. (2005 ) @Risk 4.0 Tutorial Notes: Quantitative Risk Modeling. (15 Sept. 2005).
  5. Chang, S.I. (2004) ERP Lifecycle Implementation, Management and Support: Implications for Practice and Research. Proc 37th HICSS, Hawai’i .Google Scholar
  6. Curtis, B. (1989) Three Problems Overcome with Behavioral Models of the Software Development Process. Paper presented to Proceedings of the Eleventh International Conference on Software Engineering, IEEE, pp. 389–399, Pittsburgh, USA.Google Scholar
  7. Davenport, T.H. (1998) Putting the Enterprise into the Enterprise System. Harvard Business Review, pp. 121–131.Google Scholar
  8. Dedolph, F.M. (2003) The Neglected Management Activity: Software Risk Management. Bell Laboratories Technical Journal, 8(3): 91–95.CrossRefGoogle Scholar
  9. Emery, F.E. and Trist, T.L. (1965) The Causal Texture of Organizational Elements. Human Relations, 18(1): 21–32.CrossRefGoogle Scholar
  10. Evangelidis, A. (2003) FRAMES-A Risk Assessment Framework for E-Services. Electronic Journal of E-Government, 2(1): 21–30.Google Scholar
  11. Fenton, N.E. (1998) Software Metrics, A Rigorous and Practical Approach. Course Technology. International Thomson Computer Press, Boston, MA .Google Scholar
  12. Fenton, N.E., Radlinkski, L., Neil, M. and Marquez, D. (2007) Improved Decision-Making for Software Managers Using Bayesian Networks. Submitted to The 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, Drubovnik, Croatia, September 3–7.Google Scholar
  13. Gluch, D.P. (1994) A Construct for Describing Software Development Risks. Technical Report CMU/SEI-94-TR-14, Software Engineering Institute, Carnegie Mellon University.Google Scholar
  14. Hevner, A.R., March, S.T., Park, J. and Ram, S. (2004) Design Science in Information Systems Research. MIS Quarterly, 28(1): 75–105.Google Scholar
  15. Higuera, R.P. and Haimes, Y.Y. (1996) Software Risk Management. Technical Report CMU/SEI-96-TR-012, Software Engineering Institute, Carnegie Mellon University.Google Scholar
  16. IEEE Standards Board (1998) IEEE Standard for Software Quality Assurance Plans. Standard published by the Software Engineering Standards Committee of the IEEE Computer Society.Google Scholar
  17. Keene, P.G.W. (1981) Information Systems and Organizational Change. Communications of the ACM, 24(1): 24–33.CrossRefGoogle Scholar
  18. Keeney, R. and Raiffa, H. (1993) Decisions with Multiple Objectives: Preferences and Value Tradeoffs. Revised Edition. Cambridge University Press, Cambridge.Google Scholar
  19. Klaus, H., Rosemann, M. and Gable, G.G. (2000) What is ERP? Information Systems Frontiers, 2(2): 141–62.CrossRefGoogle Scholar
  20. Leavitt H.J. (1965) Applied Organizational Change in Industry: Structural, Technological and Humanistic Approaches. In James G. March, editor, Handbook of Organizations, pp. 1144–1170, Rand McNally and Company, Chicago, IL.Google Scholar
  21. Nair, M. (2006) A Survey of Software Estimation Techniques and Project Planning Practices. Proc 7th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, IEEE, Las Vegas, NV.Google Scholar
  22. Nogueira, J. (2000) A Risk Assessment Model for Evolutionary Software Projects, Ph.D. thesis submitted to the Naval Postgraduate School USA.Google Scholar
  23. Offen, R.J. and Jeffery, R. (1997) Establishing Software Measurement Programs. IEEE Software, 14(2): 45–53.CrossRefGoogle Scholar
  24. Project Management Institute (2000) A Guide to the Project Management Body of Knowledge (PMBOK Guide). Technical Report, Project Management Institute of USA Inc.Google Scholar
  25. Roberts, F.S. (1979) Measurement Theory with Applications to Decision Making, Utility, and the Social Sciences. Addison-Wesley, Reading, MA.Google Scholar
  26. Ropponen, J. and Lyytinen, K. (2000) Components of Software Development Risk: How to Address Them? IEEE Transactions on Software Engineering, 26(2): 98–111.CrossRefGoogle Scholar
  27. Saaty, T.L. (1980) The Analytic Hierarchy Process. McGraw-Hill, New York.Google Scholar
  28. Sawy, O.A.E. (2001) Redesigning Enterprise Processes for E-Business. McGraw-Hill Irwin, Singapore.Google Scholar
  29. Skok, W. and Legge, M. (2001) Evaluating Enterprise Resource Planning Systems Using an Interpretive Approach. Paper presented to ACM SIGPCR, San Diego, CA.Google Scholar
  30. Information Systems Audit and Control Association (2002) IS Auditing Procedure P1: IS Risk Assessment Measurement.Google Scholar
  31. Sumner, M. (2000) Risk Factors in Enterprise Wide Information Management System Projects. Proc ACM SIGCPR Conf on Computer Personnel Research, pp. 180–187, Chicago, IL.Google Scholar
  32. Tatikonda, M. and Rosenthal, S. (2000) Technology Novelty, Project Complexity and Product Development Project Execution Success. A Deeper Look at Task Uncertainty in Product Innovation. IEEE Transactions on Engineering Management, 47(1): 74–87.CrossRefGoogle Scholar
  33. Torsten P.G.R., Guido T. (1997) Separation of Powers and Public Accountability. The Quarterly Journal of Economics, 112(4): 1163–1202.Google Scholar
  34. Volker W. and Rohde M. (1995) Towards an Integrated Organization and Technology Development. Proc Conf on Designing Interactive Systems, Processes, Practices, Methods, and Techniques. Ann Arbor, USA.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • Aditya Agrawal
  • Gavin Finnie
  • Padmanabhan Krishnan

There are no affiliations available

Personalised recommendations