Risk and information systems: developing the analysis

Abstract

Risk and information systems receive a variety of treatments in other chapters. Thus Ward put forward an approach for identifying and spreading risk across the information systems portfolio. Peters in Chapter 5 showed how business risks could be identified and information systems use could be related to minimization of those risks. Wiseman described the usefulness of the information economics approach for risk identification, and elements of both Chapters 8 and 10 have shown how this approach can be tailored to produce usable, practical analytical frameworks. This chapter seeks to build on these contributions in several ways. Additional frameworks for risk classification at the investment appraisal stage are assessed. A further framework, drawn from the organization studies literature, is then applied to several cases illustrating risk in information systems applications in different organizational settings. The chapter argues the merit in interpreting risk operationally as not just inherent in certain structural features of the environment or of a project, but also arising as a result of distinctive human and organizational practices and patterns of belief and action. Building on the argument made by Wiseman about the criticality and neglect of organizational risk (see Chapter 9), this chapter suggests that more comprehensive frameworks for risk assessment are needed to complement the all too frequently encountered truncated forms of assessment developed from the project management, operational research and financial management fields.