Abstract
This chapter introduces students to general concepts and theoretical foundations of managing risks induced by developing and using information technology (IT risks). This chapter first provides an overview of the broad nature of IT risks. We introduce categories of IT risks to illustrate its diverse and heterogeneous causes and consequences as well as possible strategies required to balance the risks and benefits of information systems. Second, we illustrate the interdisciplinary challenges that come with managing IT risks on the most researched form of IT risk, namely IT project risks. We discuss the subjectivity of IT risks, various IT risk assessment techniques, outline the process of managing IT project risks, and introduce the dynamics of IT project risks. Third, we present five perspectives on IT risks as a fruitful lens to structure the variety of topics in IT risk research. Using these five perspectives as a framework, we present the most frequently cited IT risk research papers and theories. We conclude with an IT risk research agenda that posits worthwhile avenues for advancing the understanding and control of IT risks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Selected Bibliography
S. Alter, S. Sherer, A general, but readily adaptable model of information system risk. Commun. AIS 2004(14), 1–28 (2004)
H. Barki, S. Rivard, J. Talbot, Toward an assessment of software development risk. J. Manag. Inf. Syst. 10(2), 203–225 (1993)
R. Charette, Software Engineering Risk Analysis and Management (Multiscience Press, New York, 1989)
R.K. Rainer Jr., C.A. Snyder, H.H. Carr, Risk analysis for information technology. J. Manag. Inf. Syst. 8(1), 129–147 (1991)
D.W. Straub, R.J. Welke, Coping with systems risk: security planning models for management decision making. MIS Q. 22(4), 441–469 (1998)
L. Wallace, M. Keil, A. Rai, How software project risk affects project performance: an investigation of the dimensions of risk and an exploratory model. Decis. Sci. 35(2), 289–321 (2004)
Additional Literature
M. Wiesche et al., Classifying information systems risks: what have we learned so far? in 46th Hawaii International Conference on Systems Science (HICSS 2013), Maui, HI, USA (2013)
S. Alter, M. Ginzberg, Managing uncertainty in MIS implementation. Sloan Manag. Rev. 20(1), 23–31 (1978)
R. Schmidt et al., Identifying software project risks: an international Delphi study. J. Manag. Inf. Syst. 17, 5–36 (2001)
J.R.K. Rainer, C.A. Snyder, H.H. Carr, Risk analysis for information technology. J. Manag. Inf. Syst. 8(1), 129–147 (1991)
P.A. Pavlou, D. Gefen, Psychological contract violation in online marketplaces: antecedents, consequences, and moderating role. Inf. Syst. Res. 16(4), 372–399 (2005)
M. Junginger, Wertorientierte Steuerung von Risiken im Informationsmanagement (Universität Hohenheim, Stuttgart, 2004)
C.L. Iacovou, R. Nakatsu, A risk profile of offshore-outsourced development projects. Commun. ACM 51(6), 89–94 (2008)
M. Benaroch, Y. Lichtenstein, K. Robinson, Real options in information technology risk management: an empirical validation of risk-option relationships. MIS Q. 30(4), 827–864 (2006)
D.W. Straub, R.J. Welke, Coping with systems risk: security planning models for management decision making. MIS Q. 22(4), 441–469 (1998)
K. Lyytinen, L. Mathiassen, J. Ropponen, A framework for software risk management. J. Inf. Technol. 11(4), 275–285 (1996)
J. Ropponen, K. Lyytinen, Can software risk management improve system development: an exploratory study. Eur. J. Inf. Syst. 6(1), 41 (1997)
J. Adams, Risk (Routledge, Oxford, 1995)
F.H. Knight, Risk, Uncertainty and Profit (BeardBooks, Washington, 2002)
S. Alter, S. Sherer, A general, but readily adaptable model of information system risk. Commun. AIS 2004(14), 1–28 (2004)
B. Boehm, Software risk management: principles and practices. IEEE Softw. 8(1), 32–41 (1991)
R. Charette, Software Engineering Risk Analysis and Management (Multiscience Press, New York, 1989)
H. Barki, S. Rivard, J. Talbot, Toward an assessment of software development risk. J. Manag. Inf. Syst. 10(2), 203–225 (1993)
S. Nidumolu, The effect of coordination and uncertainty on software project performance: residual performance risk as an intervening variable. Inf. Syst. Res. 6(3), 191 (1995)
M. Schermann, Risk Service Engineering: Informationsmodelle für das Risikomanagement (Gabler, Wiesbaden, 2011)
The Standish Group, CHAOS Summary for 2010 (The Standish Group, Boston, 2010)
C. Sauer, A. Gemino, B. Reich, The impact of size and volatility on IT project performance. Commun. ACM 50(11), 79–84 (2007)
A. Shenhar et al., Project success: a multidimensional strategic concept. Long Range Plan. 34(6), 699–725 (2001)
L. Kappelman, R. McKeeman, L. Zhang, Early warning signs of IT project failure: the dominant dozen. Int. J. Proj. Manag. 23, 31–37 (2006)
S. Hoermann, M. Schermann, H. Krcmar, Towards understanding the relative importance of risk factors in IS projects. A quantitative perspective, in 18th European Conference on Information Systems, Pretoria, South Africa (2010)
L. Wallace, M. Keil, A. Rai, How software project risk affects project performance: an investigation of the dimensions of risk and an exploratory model. Decis. Sci. 35(2), 289–321 (2004)
A. Gemino, B. Reich, C. Sauer, A temporal model of information technology project performance. J. Manag. Inf. Syst. 24(3), 9–44 (2007)
K. de Bakker, A. Boonstra, H. Wortmann, Does risk management contribute to IT project success? A meta-analysis of empirical evidence. Int. J. Proj. Manag. 28(5), 493–503 (2010)
H. Barki, S. Rivard, J. Talbot, An integrative contingency model of software project risk management. J. Manag. Inf. Syst. 17(4), 37–69 (2001)
R. Baskerville, J. Stage, Controlling prototype development through risk analysis. MIS Q. 20(4), 481–504 (1996)
F.W. McFarlan, Portfolio approach to information systems. Harv. Bus. Rev. 59(5), 142–151 (1981)
M. Keil et al., A framework for identifying software project risks. Commun. ACM 41(11), 76–83 (1998)
S.L. Jarvenpaa, N. Tractinsky, M. Vitale, Consumer trust in an Internet store. Inf. Technol. Manag. 1(1–2), 45–71 (2000)
P.A. Pavlou, Consumer acceptance of electronic commerce: integrating trust and risk with the technology acceptance model. Int. J. Electron. Commer. 7(3), 101–134 (2003)
D.H. McKnight, V. Choudhury, C. Kacmar, Developing and validating trust measures for e-commerce: an integrative typology. Inf. Syst. Res. 13(3), 334–359 (2003)
O.E. Williamson, Transaction-cost economics: the governance of contractual relations. J. Law Econ. 22(2), 1–30 (1979)
W.H. DeLone, E.R. McLean, Information systems success: the quest for the dependent variable. Inf. Syst. Res. 3(1), 60–95 (1992)
V. Grover, M.J. Cheon, J.T.C. Teng, The effect of service quality and partnership on the outsourcing of information systems functions. J. Manag. Inf. Syst. 12(4), 89–116 (1996)
R.C. Mayer, J.H. Davis, F.D. Schoorman, An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995)
B.W. Boehm, A spiral model of software development and enhancement. IEEE Comput. 21(5), 61–72 (1988)
G.B. Davis, Strategies for information requirements determination. IBM Syst. J. 21(1), 4–30 (1982)
S. Ang, D. Straub, Production and transaction economies and IS outsourcing: a study of the US banking industry. MIS Q. 22(4), 535–552 (1998)
S. Ganesan, Determinants of long-term orientation in buyer-seller relationships. J. Mark. 58(2), 1–19 (1994)
L.G. Zucker, Production of trust: institutional sources of economic structure, 1840–1920. Res. Organ. Behav. 8, 53–111 (1986)
R. Zmud, Management of large software development efforts. MIS Q. 4(2), 45–55 (1980)
G.A. Akerlof, The market for “lemons”: quality uncertainty and the market mechanism. Q. J. Econ. 84(3), 488–500 (1970)
J. March, H. Simon, Organizations (Wiley, New York, 1958)
D. Kahneman, A. Tversky, Prospect theory: an analysis of decision under risk. Econom., J. Econom. Soc. 47(2), 263–291 (1979)
U. Beck, Risk Society: Towards a New Modernity (Sage, Frankfurt am Main, 1992)
P. Artzner et al., Coherent measures of risk. Math. Finance 9(3), 203–228 (1999)
W.F. Sharpe, Capital asset prices: a theory of market equilibrium under conditions of risk. J. Finance 19(3), 425–442 (1964)
P. Slovic, Perception of risk. Science 236(4799), 280 (1987)
D.B. Parker, Risks of risk-based security. Commun. ACM 50(3), 120 (2007)
R.J. Kauffman, R. Sougstad, Risk management of contract portfolios in IT services: the profit-at-risk approach. J. Manag. Inf. Syst. 25(1), 17–48 (2008)
P. Jorion, Value at Risk: The New Benchmark for Managing Financial Risk, vol. 2 (McGraw-Hill, New York, 2007)
M. Sutter et al., Calculating the conditional value at risk in IS projects: towards a single measure of project risk, in 19th European Conference on Information Systems (ECIS), Helsinki, Finland (2011)
M. Douglas, Risk and Blame: Essays in Cultural Theory (Routledge, New York, 2002)
M. Zuckerman, Sensation Seeking and Risk (American Psychological Association, Washington, 2007)
U. Beck, World Risk Society (Polity Press, Cambridge, 1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Schermann, M., Wiesche, M., Hoermann, S., Krcmar, H. (2014). Information Technology Risks: An Interdisciplinary Challenge. In: Klüppelberg, C., Straub, D., Welpe, I. (eds) Risk - A Multidisciplinary Introduction. Springer, Cham. https://doi.org/10.1007/978-3-319-04486-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-04486-6_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04485-9
Online ISBN: 978-3-319-04486-6
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)