|Research reveals that there are various types of risk associated with the development and successful implementation of Information Technology (IT) based Information Systems (ISs) at organisational level. The situation often leads to a plethora of problems in attempting to meet business needs or organisational goals. This paper reviews the failures of some organisational IT-based ISs and discusses possible types of risk associated with the development and application of the ISs coupled with business risk factors. Based on the experience gained in a current project for developing an IT-based IS for manufacturing management, the author suggests an anti-positivist methodology (Action Research) that articulates a learning process which may be employed to minimise possible risks of failure in the development and application of organisational ISs. It is hoped that the discussion put forward will help to generate and increase participants' awareness level of risks of failure of organisational ISs so that they can be avoided or reduced. A possible model to minimise risks in IS projects through Action Research strategy is presented which may assist to improve and simplify the process of development and implementation of such systems for enterprises.|
Keywords: Information Technology; Information Systems; Risks; Anti-positivism; Action research.
The implication of the two examples is that while the failures of major information system projects (such as the NatWest IBM DB2 Share registration system and Taurus itself) may be loudly reported in the news media, there could be many others that fail in less noticeable or less publicised ways. Considering expenditure in this aspect of a growing technology, it could be said that in the UK both private and public organisations spend a substantial sum of money on IT-oriented ISs. As of 1992 a review of expenditure on IT by private sector organisations in the UK rose to over 1.5% of revenue on the average while that of the public sector organisations (ignoring operational equipment of the ministry of defence) accounts for over 1.7% of revenue on the average (see details in: Willcocks and Margetts, 1994, p.127; Price Waterhouse, 1992; Margetts, 1991). In both cases of the expenditures on IT between 30% to 40% of the projects achieve no net benefits (see research review details in Willcocks 1992, 1993). Consequently, discussing ways and means of minimising risks of failure associated in the development and successful implementation of organisations' ISs may provide a significant area of concern to managers and such information systems analysts/developers. Also, a methodology that is capable of integrating both the 'soft' and 'hard' aspects of organisational information systems' development, in order to minimise the chances of failure of ISs for business management and operations, may be a worthwhile strategy for deliberation.
A distinction could be drawn between IT and IS, in that: (a) IT represents the competence presented by computer hardware, software applications and telecommunications technologies; (b) IS represents a wider notion which encompasses various intelligence gathering devices put together to meet the defined information requirements of an individual (or organisation) in attempt to properly control the surrounding. IS may or may not be IT-based (cf. Davenport and Short, 1990, p.11; Stowell, 1991, p.174; Willcocks and Margetts, 1994, p.128). In most of the rest of the paper the term IS will be used to include the potential offered by IT. The next section discusses possible types of risk in ISs and business risk factors of an organisation.
Based on theoretical and empirical investigations in the current research project of developing a prototype IS for tendering process in manufacturing management, the possible types of risk associated with the development and implementation of ISs as listed above could further have an impact on and compound an organisation's business risk factors. In manufacturing management, results obtained from organisational investigation indicate that the risk factors which are often considered in practice are both quantitative and qualitative, encompassing the areas of: (i) total cost/benefit assessment in monetary terms; (ii) quality in terms of fitness for purpose; (iii) technology advantage; (iv) price and profitability; (v) timely delivery of products/services; (vi) image attainment and its sustainability; (vii) long term partnership relations and its proper management (with suppliers and customers) in terms of shared business risks and shared rewards; (viii) safety. These risk factors may also be applicable to the service industry. The types of risk and business risk factors aforementioned are not exhaustive but they serve to illustrate the potential risks in ISs. The exposure of an organisation to risks in ISs may increasingly become prominent when such risks further affect parameters of its 'business deliverables' to customers and stakeholders. In extreme cases the commercial viability of the company may be seriously jeopardised.
Some proponents and exponents of risk assessment/analysis of IS projects in organisations have evolved some models to help in evaluating various possible types of risk at the feasibility stage in order to avoid pitfalls. For instance, Corder (1989, pp.242-244) discusses the "strategic weighting of risk factors in estimating computer projects", and presents a table for the calculation of strategic risks associated with such projects. The method identifies risk factors in organisational ISs and classifies them into three groups specified as: (1) High-risk factors, encompassing five components given to be (a) project size, (b) project definition, (c) user commitment and stability, (d) elapsed time and (e) number of systems interfaces; (2) Medium-risk factors, which includes seven elements given to be (a) functional complexity, (b) number of user department, (c) newness of technology/vendor, (d) user experience of computers (e) the project team's experience of the user area, (f) newness of technology to the organisation, (g) number of vendor/contractors; (3) Low-risk factors, covering three elements listed to be (a) number of sites, (b) functional newness (c) number of project phases. Some other models include that of Parker et al (1988) and that of Cash et al (1992; also see Willcocks and Margetts, 1994, p.128).
While these approaches may be useful they are likely to fall short of offering a 'complete solution' to risks reduction (or avoidance) in the development and successful implementation of organisational ISs; they tend to lay emphasis on the feasibility (or initial) stage. But the initial stage which represents only a part of a coherent 'whole' in an IS project may be largely based on financial and statistical evaluation techniques that do not fully consider the human and business implications. Therefore, a problem-solving methodology which articulates an iterative learning process for both the organisational participants and the ISs analyst(s)/designer(s), then consider the various stages of the project may have a better potential in helping to reduce (or entirely avoid) the risks associated with all the stages (e.g. feasibility, design, development, implementation, training and use). The methodology suggested here is the anti-positivist paradigm of social inquiry and organisational analysis which is further discussed in the sections below.
In the anti-positivist (or 'interpretive') approach to organisational investigation the researcher (or analyst/designer) is an active participants in the process with the relevant group in the organisation. This contrasts with the natural science approach in which the researcher (or analyst/designer) is an observer, external to the process. The concept (based on the philosophy of SSM) seeks individual consciousness and human participation in a situation of problem-solving as opposed to that of an observer of action. Equally, it favours basic meaning that underlies social life (Burrell and Morgan, 1994, p.31). With regards to information systems design, development and implementation the approach implies an understanding of the subjectively created world in the form of an ongoing process. Both the general form of phenomenology ('philosophical examination of the foundation of experience and action') and hermeneutics ('interpretation and understanding' of the context of our social environment in a manner akin to our interpretation and understanding of text) Winograd and Flores (1990, pp.9 and 27-8 respectively) have ontological commitment to the 'interpretive' paradigm for social inquiry and organisational investigation. In attempt to minimise risks in the development and implementation of ISs in an organisation Action Research (AR) strategy is suggested here as a means to enable the ISs researcher (or analyst/designer) to be implicitly and actively involved with the relevant group in the subject of investigation. Comprehensive details about AR are available elsewhere (see: Rapoport 1970; Foster, 1972; Susman and Evered, 1978; Hult and Lennung, 1980; Checkland, 1981; Checkland and Scholes, 1990). The original concept of AR is credited to Lewin (1946), who expresses concern that the traditional science approach to social inquiry was not helping to resolve critical social problems (Susman and Evered 1978, p.587).
5.1 Bringing about change.
Experience in using AR shows that it has the potential to assist in identifying key elements of risks, business needs and data considered suitable for the development of an information system in the attempt to improve and simplify business decision making and operations. This involves investigation into what the managers may consider to be the main components of risks associated with profitably satisfying their customers' requirements as well as how to carry out such risk assessment/analysis in practice. The action methodology of research as a framework for inquiry in human activities has been suggested by many authors and practitioners (e.g. Lewin, 1946; Rapoport, 1970; Foster, 1972; Susman and Evered, 1978; Checkland, 1981; Wilson, 1984; Checkland and Scholes, 1990) The knowledge of this information about AR and personal experience of using it in the current IS project has contributed to considering it as a suitable approach that may help to bring about change and minimise risks in organisational ISs, if properly employed. Fundamentally, AR does not view human actors as objects of inquiry but as initiator of actions in their own right that can bring about changes (Checkland, 1989, pp.38-9).
5.2 'Reductionist' Character of the Positivist Approach.
Checkland (1989, p.36) writes that the application of the natural science approach to social inquiry is usually 'through controlled observation' with 'reductionist' ideas which yield 'testable public knowledge' rather than opinion. Similarly the positivist science approach places emphasis upon parts of a system by failing to consider the 'emergent properties' (Checkland and Scholes, 1990, pp.18-9; Stowell and West, 1994, p.135). However, AR recognises the significance of the 'whole' social structure of an organisation and attempts to treat a problem situation in that respect. This view appears to be in agreement with the notion of hermeneutics circle, as nature does not fragment the world into compartments (cf. Winograd and Flores, 1990, pp.30-33; Burrell and Morgan, 1994, pp. 237-8).
5.3 Collaborative Learning in Risk Assessment.
Action research philosophy proposes an iterative process of investigation and favours participative learning between the researcher (or analyst) and client (see: Lewin, 1946; Rapoport, 1970; Foster, 1972; Susman and Evered, 1978; Stowell, 1991). The concept is in concord with the notion of Soft Systems Methodology which articulates a process of inquiry that leads to action (Checkland, 1981; 1989; Checkland and Scholes, 1990). The integrative problem solving approach is considered a suitable means of reducing risks in ISs projects such that: (a) the 'owner' of the problem situation and the information systems researcher (or analyst/designer) can collaboratively work out the nature of the problem in a project of IS development, its implementation and how to go about resolving the entire problem situation; (b) the organisational participants and the researcher can be involved in the process of learning and improving the system under investigation at an early stage of the project, thereby creating a feeling of ownership and satisfaction for the clients and analyst(s). The process of learning which is likely to improve the mental image of both the analyst and the organisational participants is comparable to the idea of hermeneutics, phenomenology (Winograd and Flores, 1990; Burrell and Morgan, 1994) and Vickers' concept of appreciation (Vickers, 1965).
5.4 Integrating Theory and Practice.
The main concept of AR is that of combining theory with practice as the researcher acts on the social system. This has been shown to involve a cyclic process having five major stages: diagnosis, action planning, action taking, evaluating and specifying learning (see: Susman and Evered, 1978, pp.586-9; Stowell and West, 1994, p.128). The merging of theory and practice then subsequent reflection leads to an increased understanding of the problem situation, which may lead to appropriate action. The AR approach falls into the 'interpretive paradigm' as opposed to the 'functionalist' (positivist) paradigm of resolving organisational problem situations and it is capable of assisting in reducing (or entirely avoiding) risks in the development and implementation stages of organisational ISs.
5.5 Creating a More Desirable Information Systems.
In discussing the corrective measures offered by AR Susman and Evered (1978) note that 'the consequences of selected actions cannot be fully known ahead of time' (ibid p.590). This implies that in the development of an information system for an organisation, the researcher (or analyst/designer) should recognise that what the suitable system should be and how it should be developed to meet the client's needs must be deduced from the AR process itself and not assumed. An assumed 'what' and 'how' in the development of an information system is likely to lead to the creation of an unsatisfactory system which could even assault the very situation it is meant to improve or save.
A. J. Akomode is a Research Student at the University of Paisley