Risk and information systems: developing the analysis

  • Leslie Willcocks
  • Helen Margetts
Chapter

Abstract

Risk and information systems receive a variety of treatments in other chapters. Thus Ward put forward an approach for identifying and spreading risk across the information systems portfolio. Peters in Chapter 5 showed how business risks could be identified and information systems use could be related to minimization of those risks. Wiseman described the usefulness of the information economics approach for risk identification, and elements of both Chapters 8 and 10 have shown how this approach can be tailored to produce usable, practical analytical frameworks. This chapter seeks to build on these contributions in several ways. Additional frameworks for risk classification at the investment appraisal stage are assessed. A further framework, drawn from the organization studies literature, is then applied to several cases illustrating risk in information systems applications in different organizational settings. The chapter argues the merit in interpreting risk operationally as not just inherent in certain structural features of the environment or of a project, but also arising as a result of distinctive human and organizational practices and patterns of belief and action. Building on the argument made by Wiseman about the criticality and neglect of organizational risk (see Chapter 9), this chapter suggests that more comprehensive frameworks for risk assessment are needed to complement the all too frequently encountered truncated forms of assessment developed from the project management, operational research and financial management fields.

Keywords

National Health Service Information System National Audit Computer Weekly Disappointed Expectation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Beath, C. and Ives, B. (1989) The Information Technology Champion: Aiding and Abetting, Care and Feeding. Oxford Institute of Information Management Research and Discussion Papers RDP 89/2, Templeton College, Oxford.Google Scholar
  2. Cash, J., McFarlan, W. and McKenney, J. (1992) Corporate Information Systems Management, Irwin, Boston.Google Scholar
  3. Charette, R. (1991) Application Strategies for Risk Analysis, McGraw-Hill, New York.Google Scholar
  4. Chew, B., Leonard-Barton, D. and Bohn, R. (1991) Beating Murphy’s Law. Sloan Management Review, 5, 5–16.Google Scholar
  5. Coleman, T. and Jamieson, M. (1991) Information Systems: Evaluating Intangible Benefits at the Feasibility Stage of Project Appraisal. Unpublished MBA thesis, City University Business School, London.Google Scholar
  6. Collingridge, D. (1992) The Management of Scale, Routledge, London.Google Scholar
  7. Collins, T. (1992) Health computing: the wasted millions. Computer Weekly, 7 May, 32–4. Cooper, R. and Zmud, R. (1990) Information technology implementation research: a technological diffusion approach. Management Science, 36 (2), 123–39.Google Scholar
  8. Corder, C. (1989) Taming Your Company Computer, McGraw-Hill, London.Google Scholar
  9. Currie, W. (1989) The art of justifying new technology to top management. Omega, 17 (5), 409–18.CrossRefGoogle Scholar
  10. Earl, M. (1989). Management Strategies for Information Technology, Prentice-Hall, London.Google Scholar
  11. Earl, M. and Runge, D. (1987) Using Telecommunications-based Information Systems for Competitive Advantage. Oxford Institute of Information Management Research and Discussion Papers RDP 87/1, Templeton College, Oxford.Google Scholar
  12. Farbey, B., Land F. and Targett, D. (1992) Evaluating investments in IT. Journal of Information Technology, 7 (2), 100–12.CrossRefGoogle Scholar
  13. Feeny, D., Earl, M. and Edwards, B. (1989) IS Arrangements to Suit Complex Organizations: 2. Integrating the Efforts of Users and Specialists. Research Paper RDP89/5, Templeton College, Oxford.Google Scholar
  14. Gallagher, J. and Scott, R. (1988) Kwik–Fit Holdings. Case 388–007–1, Case Clearing House, Cranfield.Google Scholar
  15. Harrow, J. and Willcocks, L. (1992) Management, innovation and organizational learning. In Rediscovering Public Services Management (eds L. Willcocks and J. Harrow ), McGraw-Hill, London.Google Scholar
  16. Hodgkinson, S. (1991) The Role of the Corporate Information Technology Function in the Large Multibusiness Company. Oxford Institute of Information Management Research and Discussion Papers, RDP 1/2, Templeton College, Oxford.Google Scholar
  17. Hull, J. (1990) Application of risk analysis techniques in proposal assessment. Project Management, 8 (3), 152–7.CrossRefGoogle Scholar
  18. Johnston, H. and Vitale, M. (1988) Creating competitive advantage with interorganizational systems. MIS Quarterly, June, 153–65.Google Scholar
  19. Kearney, AT (1990) Breaking the Barriers: IT Effectiveness in Great Britain and Ireland, AT Kearney/LIMA, London.Google Scholar
  20. Keen, P. (1991) Shaping the Future, Harvard Business Press, Boston.Google Scholar
  21. KEW Associates/Computer Weekly (1992) UK IT Market Analysis, Autumn 1992 edition, Computer Weekly, London.Google Scholar
  22. Kumar, K. (1990) Post-implementation evaluation of computer-based IS: current practices. Communications of the ACM, 33 (2), 203–12.CrossRefGoogle Scholar
  23. Kwon, T. and Zmud, R. (1987) Unifying the fragmented models of information systems implementation, In Critical Issues in Information Systems Research (eds J. Boland and R. Hirschheim ), Wiley, Chichester.Google Scholar
  24. Loudon, K. and Loudon, J. (1991) Management Information Systems: A Contemporary Perspective, Macmillan, New York.Google Scholar
  25. Lyttinen, K. and Hirschheim, R. (1987) Information systems failures — a survey and classification of the empirical literature. In Oxford Surveys of Information Technology, Vol. 4 (ed. P. Zorkoczy ), Oxford University Press, Oxford, pp. 257–309.Google Scholar
  26. Margetts, H. (1991a) Information technology in the public sector: new risks, new dangers. Paper at the ESRC/LSE Seminar Series on Hazard Management, ’IT Developments and Hazard Analysis’, London School of Economics, London, November.Google Scholar
  27. Margetts, H. (1991b) The computerization of Social Security: the way forward or a step backwards? Public Administration, 69 (3), Autumn.Google Scholar
  28. Margetts, H. and Willcocks, L. (1993) Information technology in public sector settings: disaster faster? Public Money and Management, 13 (2), 49–56.CrossRefGoogle Scholar
  29. Mintzberg, H. (1989) Mintzberg on Management, Free Press, New York.Google Scholar
  30. National Audit Office (1989) Department of Social Security, Operational Strategy. Report by the Comptroller and Auditor General, HMSO, London.Google Scholar
  31. National Audit Office (1991). Managing Computer Projects in the National Health Service, HMSO, London.Google Scholar
  32. OTR Group (1992) Report detailed in Computer Weekly, 12 December, p. 12.Google Scholar
  33. Parker, M., Benson, R. and Trainor, E. (1988) Information Economics: Linking Business Performance to Information Technology, Prentice-Hall, Englewood Cliffs, New Jersey.Google Scholar
  34. Pettigrew, A. (1985) The Awakening Giant: Continuity and Change in ICI, Blackwell, Oxford. Pettigrew, A. and Whipp, R. (1991) Managing Change for Competitive Success, Blackwell, Oxford.Google Scholar
  35. Pettigrew, A., Ferlie, E. and McKee, L. (1992) Shaping Strategic Change, Sage, London.Google Scholar
  36. Pike, R. and Ho, S. (1991) Risk analysis in capital budgeting: barriers and benefits. Omega, 19 (4) 235–45.CrossRefGoogle Scholar
  37. Post, G. and Dilz, D. (1986) A stochastic dominance approach to risk analysis of computer systems. MIS Quarterly, December, 362–75.Google Scholar
  38. Rogers, E. and Kim, J. (1985) Diffusion of innovations in public organizations, in Innovation in the Public Sector (eds R. Merritt and A. Merritt ), Sage, Beverly Hills.Google Scholar
  39. Scott-Morton, M. (ed.) (1991) The Corporation of the 1990s,Oxford University Press, Oxford. Shenhar, A. (1992) Project management style and the space shuttle program (part 2): A retrospective look. Project Management Journal,23 (1), 32–7.Google Scholar
  40. Strassmann, P. (1990) The Business Value of Computers, The Information Economics Press, New Canaan.Google Scholar
  41. Stringer, J. (1992) Risk in large projects, In Operational Research Tutorial Papers (ed. M. Mortimer ), Operational Research Society, London.Google Scholar
  42. Symons, V. and Walsham, G. (1988) The evaluation of information systems: a critique. Journal of Applied Systems Analysis, 15, 119–32.Google Scholar
  43. Tornatzky, L. and Klein, K. (1982) Innovation characteristics and innovation adoption implementation: a meta-analysis of Findings. IEEE Transactions on Engineering Management, February, 28–45.Google Scholar
  44. Vitale, M. (1986) The growing risks of information systems success. MIS Quarterly, December, 327–34.Google Scholar
  45. Walsham, G. (1992) Interpreting Information Systems in Organizations, Wiley, Chichester. Walton, R. (1989) Up and Running: Integrating Information Technology and the Organization, Harvard Business Press, Boston.Google Scholar
  46. Warner, F. et al. (1992) Risk: Analysis, Perception and Management, The Royal Society, London. Willcocks, L. (1989) Information technology in public sector settings: towards effective systems. International Journal of Public Sector Management, 2 (3), 15–29.Google Scholar
  47. Willcocks, L. (1991) Information technology and human resource issues in the 1990s: integration through culture. Paper presented at the Fifth Annual Conference of the British Academy of Management, ’Business: Advancing the Horizons’, University of Bath, 22–24 September.Google Scholar
  48. Willcocks, L. (1992a) Evaluating information technology investments: research findings and reappraisal. Journal of Information Systems, 2 (3), 1–26.Google Scholar
  49. Willcocks, L. (1992b) The manager as technologist, In Rediscovering Public Services Management (eds L. Willcocks and J. Harrow ), McGraw-Hill, London.Google Scholar
  50. Willcocks, L. (1992c) Strategy development and delivery: dealing with the IT evaluation question, In Creating a Business-based IT Strategy (ed. A. Brown ), Chapman & Hall, London.Google Scholar
  51. Willcocks, L. and Lester, S. (1993) How organizations evaluate and control information systems investments: recent UK survey evidence. Paper for the IFIP WG8.2 Working Conference — Information Systems Development: Human, Social and Organizational Aspects, Noordwijkerhout, The Netherlands, 17–19 May.Google Scholar
  52. Willcocks, L. and Margetts, H. (1991) Informatization in UK public services: from implementation, through strategy, to management. Paper at the EGPA Conference — Informatization in Public Administration, The Hague, The Netherlands, August.Google Scholar
  53. Willcocks, L. and Margetts, H. (1993) Informatization in public and private sector settings: distinctive or common risks? Informatization and the Public Sector (forthcoming).Google Scholar
  54. Willcocks, L. and Mark, A. (1989) IT systems implementation: research findings from the public sector. Journal of Information Technology, 4 (2), 92–103.CrossRefGoogle Scholar
  55. Willcocks, L. and Mason, D. (1987a) The DHSS Operational Strategy, 1975–1986. Business Case File in Information Technology, Van Nostrand Reinhold, London.Google Scholar
  56. Willcocks, L. and Mason, D. (1987b) Computerising Work, Paradigm, London.Google Scholar
  57. Williams, T (1990) Risk analysis using an embedded CPA package. Project Management, 8 (2), 84–8.CrossRefGoogle Scholar

Copyright information

© Leslie Willcocks 1994

Authors and Affiliations

  • Leslie Willcocks
  • Helen Margetts

There are no affiliations available

Personalised recommendations