IT OUTSOURCING PROJECT RISKS: FROM CLIENT AND VENDOR PERSPECTIVES

Transcription

1 IT OUTSOURCING PROJECT RISKS: FROM CLIENT AND VENDOR PERSPECTIVES Abstract This study examines the risk factors of IT outsourcing projects from client and vendor perspective, and compares their difference. The quasi-delphi study which consisted of three ranking rounds was conducted. A number of 41 client project managers and 21 vendor project managers were participated. This study identifies one of the top three risks ranked by the client has been considered to be of little importance by the vendor. The findings reveal that the client and vendor have different perceptions on project risks. Keywords: Delphi study, Risk identification, IT outsourcing; IT project risk. 1 INTRODUCTION Organizations have adopted IT outsourcing to develop its IT or raise its IT capacity for some beneficial reasons over the last two decades. However, despite the benefits that companies can achieve from IT outsourcing, outsourcing projects contend with numerous problems. IT outsourcing involves risks of undesirable outcomes; for example, the difficulty of management and IT control (Choudhury and Sabherwal, 2003), cost escalation (Bahli and Rivard, 2013), and ensuring IT security (Khalfan, 2004). IT outsourcing projects involve two types of organization: clients and vendors. The client desires a reliable product to be delivered on schedule, without defects and under budget. The vendor desires a high-profit project to be accomplished on time with no overrunning costs or surprises. Based on their agency relationship, the vendor may perceive project risks in ways that vary from those of the client (Taylor, 2007). The situation signifies the need for a comprehensive understanding of both the client s and vendor s perceptions of risk. This study explored the perception gaps regarding project risks between the client and the vendor. A quasi-delphi study was conducted to produce a rank-order list of risk factors. The results of the survey were subsequently compared to identify differences between the client and vendor perceptions of risk. The study revealed that the client and vendor have different perceptions on project risks. 2 BACKGROUND IT outsourcing involves the use of external technological or IT professional resources (Loh and Venkatraman, 1992). Studies seeking to help companies implement outsourcing have explored the

2 knowledge of selecting vendors (Barthelemy, 2001; Khan et al., 2011), managing relationships (Grover et al., 1996; Qi and Chau, 2012), and establishing contracts (Aubert et al., 2005; Osei-Bryson and Ngwenyama, 2006), and identifying potential risks (Natovich, 2003; Willcocks et al., 1999). Although IS researchers, such as Natovich (2003), Taylor (2007), Nakatsu and Iacovou (2009), and Aundhe and Mathew (2009), have extensively explored the risks of IT outsourcing projects, their investigations have been limited to a single perspective, of either the client or the vendor. Previous research has indicated a gap of expectations and perceptions of project outcomes among multiple stakeholders (Jiang et al., 2002). The gap leads to user dissatisfaction with project product or service. Different stakeholders may have different opinions regarding potential risk factors, and their opinion would influence the plan of risk control (Keil et al., 2002). Therefore, the perception gap of risks has drawn researchers' attention. Reconciling the stakeholders perceptions of project risks has become a common thread through much of the IT literature (Liu et al., 2010; Schmidt et al., 2001). To manage IT project successfully, project managers and users must have agreement on risks and threats, and reconcile their viewpoints on the risk assessment. Previous attempts to compare the perspectives of stakeholders have been limited to general IT projects. The current study is the first to examine the differences in how the client and vendor prioritize outsourced IT project risks. 3 DATA COLLECTION This study adopted a modified version of the Delphi method (Schmidt et al., 2001) because it has been used extensively in information systems (IS) research to yield reliable risk rankings. The panelists in this study were experienced IT project managers from organizations that have been involved in IT outsourcing activities for several years. The sampling frame was gathered from the members of the Project Management Institute (PMI) and multiple organizations from Taiwan and Indonesia. A total of 62 project managers initially agreed to participate in the first round: 41 on the client panel and 21 on the vendor panel. Table 1 shows the demographical characteristics of the sample. Three indicators are used to assess their experience: years of IT experience, the total number of projects, and the total number of outsourced IT projects that have been managed by the panelist over their career. On average, panelists have 8 years of IT experience and have managed at least two outsourced IT projects. The panelists work in different organizations which include a wide range of industries. Client panel Vendor panel Mean Max Min Mean Max Min Work experience (years) No. of project a No. of outsourced project IS employees in company

3 Number % Number % Size of panel Gender: Male Female Org. industry : IT Service Manufacturing Distribution Government Financial services Medical Others Table 1. Panel demographics a = all IT projects, including in-house and outsourced projects This study employed a variation of the Delphi survey method developed by Schmidt (1997). The quasi-delphi survey consisted of two phases. The first phase was designed to assemble a list of risks in IT outsourcing projects from IS literature. The second phase, consisting of three rounds, was designed to rank the identified risks. Data were distributed using paper-based questionnaires, electronic mail, and online survey tools. In Phase 1, a list of 34 risk items assembled from the literature was presented to several panelists. The risks occurred at a frequency of 50% or higher were retained for the next phase. As a result, all 34 risk factors were remained. In Phase 2, the panels were separated into clients and vendors, allowing each panel to participate in three ranking rounds independently. The ranking rounds were complete when an acceptable level of consensus (Kendall s W > 0.5) was reached following (Schmidt, 1997). In addition, the inversion to the ranking of risk factors is performed to compute Kendall s W. In this phase, the panelists were also asked to add extra critical risk items but none provided additional ones. In the first round, each panel was presented a list of 34 risk factors derived from Phase 1. Panelists were asked to rank and rate each risk factor on a 7-point Likert scale (1=not important, 7=most important). The rating was used in separate analysis, that is, to show the rating differences between the vendor and client. A mean rank for each risk factor was computed at the end of each round (round 1 to round 3). Subsequently, the 20 risk factors with higher mean rank were selected for each panel. In the second round, each panel was presented a list of 20 risk factors derived from the first round. The results were summarized and subsequently sent to the panelists as part of round 3 s questionnaire. In the third round, the panelists were asked to rank their top 10 risk factors from a list of RESULT AND ANALYSIS The quasi-delphi survey resulted in a moderate level of consensus among panelists (Kendall s W > 0.5). The final round resulted in a Kendall s W of on the client side, and a Kendall s W of on the vendor side. According to Schmidt (1997), Kendall s rank-order correlation coefficient (T) was

4 computed to test the agreement between the two panels, and T =.289 was obtained. Consulting a table of exact probabilities for T (Siegel and Castellan (1988), p. 362) show that the one-tailed probability is p =.146, suggesting that the two panels viewed risk perception differently. The analysis results indicate that there are regions of consistency and inconsistency among the client and vendor perceptions of risk factors. Table 2 lists the comparison between risks ranked as most important by the client and the vendor. Risk factors Client Vendor A. Lack of communication between client-vendor 1 2 B. Incomplete contracting 2 1 C. Lack of vendor commitment 3 10 D. Lack of top management support 4 5 E. Lack of schedule and budget management 5 4 F. Inadequate planning 6 9 G. Vendor financial instability 7 H. Poor vendor selection criteria and process by client 8 8 I. Requirements misunderstanding (or unclear) 9 6 J. Lack of experience and expertise with project activities 10 3 K. Inadequate staffing L. Failure to consider all costs M. Poor change management 13 7 N. Lack of active management of the vendor on contract and relationship O. Lack of knowledge transfer 15 P. Biased portrayal by vendor 16 Q. Customization of product 17 R. Lack of documentation management S. Lack of project management know-how T. Lack of audit and control from client 20 U. Lack of effective development methodology 11 V. Client readiness 13 W. Improper definition of roles and responsibilities 14 X. Lack of team morale 15 Y. Conflict between client and vendor 18 Table 2. Comparison of the client and vendor rankings The analysis results show that the clients and vendors agreed that only five of the same risk factors were important (score > 3 on average). These risks include: lack of communication between the client and the vendor, incomplete outsourcing contract, lack of top management support of the project, lack of schedule and budget management and inadequate project planning. In addition to the consistency, the results also reveal that there were disagreements between the clients and vendors. The clients ranked two important risk factors that are not considered important by the vendor: lack of vendor commitment to the project, and poor vendor selection criteria and process. The vendors perceived two risk factors as important that the clients did not: unclear requirements (or requirement misunderstanding), and lack of experience and expertise with project activities. Lack of vendor commitment is the third most important risk factor from the client s perspective.

5 5 CONCLUSION This study emphasizes the similarities and differences in the perceptions of two groups, clients and vendors, regarding the importance of outsourced IT project risks. Based on a literature review, we assembled 34 risk factors of outsourced IT projects. By conducting a quasi-delphi study, we analysed data from the separate perspectives of client panelists and vendor panelists, comparing the findings from both panels. We subsequently identified a consistent zone containing risk factors on which the two panels agreed, as well as inconsistent zones representing risk factors that were ranked as important by the clients but not by the vendors (or vice versa). The results indicate five important risk factors on which both clients and vendors agree. However, two of the seven important risks ranked by the client panel were not considered important (average score of less than 3) by the vendor panel. The study results provide the evidence that the clients and vendors perceived the importance of project risks differently, particularly those that stem from the opposite side. The results of identifying and comparing risk perceptions broaden the understanding of IT outsourcing project risk, and provide insights that may help facilitate the success of IT outsourcing. Acknowledgment This study is supported by NSC H MY2 References Choudhury, V. and Sabherwal, R. (2003). Portfolios of control in outsourced software development projects. Information Systems Research, 14 (3), Natovich, J. (2003). Vendor related risks in IT development: A chronology of an outsourced project failure. Technology Analysis & Strategic Management, 15 (4), Bahli, B. and Rivard, S. (2013). Cost escalation in information technology outsourcing: A moderated mediation study. Decision Support Systems, 56, Khalfan, A.M. (2004). Information security considerations in IS/IT outsourcing projects: a descriptive case study of two sectors. International Journal of Information Management, 24 (1), Taylor, H. (2007). Outsourced IT projects from the vendor perspective: different goals, different risks. Journal of Global Information Management (JGIM), 15 (2), Loh, L. and Venkatraman, N. (1992). Determinants of information technology outsourcing: a crosssectional analysis. International Financial Services Research Center, Sloan School of Management, Massachusetts Institute of Technology. Barthelemy, J. (2001). The hidden costs of IT outsourcing. Sloan management review, 42 (3),

6 Khan, S.U., Niazi, M. and Ahmad, R. (2011). Barriers in the selection of offshore software development outsourcing vendors: An exploratory study using a systematic literature review. Information and Software Technology, 53 (7), Grover, V., Cheon, M.J. and Teng, J.T. (1996). The effect of service quality and partnership on the outsourcing of information systems functions. Journal of Management Information Systems, 12 (4), Qi, C. and Chau, P.Y. (2012). Relationship, contract and IT outsourcing success: Evidence from two descriptive case studies. Decision Support Systems, 53 (4), Aubert, B.A., Patry, M. and Rivard, S. (2005). A framework for information technology outsourcing risk management. ACM SIGMIS Database, 36 (4), Osei-Bryson, K.-M. and Ngwenyama, O.K. (2006). Managing risks in information systems outsourcing: An approach to analyzing outsourcing risks and structuring incentive contracts. European Journal of Operational Research, 174 (1), Willcocks, L.P., Lacity, M.C. and Kern, T. (1999). Risk mitigation in IT outsourcing strategy revisited: longitudinal case research at LISA. The Journal of Strategic Information Systems, 8 (3), Nakatsu, R.T. and Iacovou, C.L. (2009). A comparative study of important risk factors involved in offshore and domestic outsourcing of software development projects: A two-panel Delphi study. Information & Management, 46 (1), Aundhe, M.D. and Mathew, S.K. (2009). Risks in offshore IT outsourcing: A service provider perspective. European Management Journal, 27 (6), Jiang, J.J., Klein, G. and Discenza, R. (2002). Perception differences of software success: provider and user views of system metrics. Journal of systems and software, 63 (1), Keil, M., Tiwana, A. and Bush, A. (2002). Reconciling user and project manager perceptions of IT project risk: a Delphi study1. Information Systems Journal, 12 (2), Liu, S., Zhang, J., Keil, M. and Chen, T. (2010). Comparing senior executive and project manager perceptions of IT project risk: a Chinese Delphi study. Information Systems Journal, 20 (4), Schmidt, R., Lyytinen, K., Keil, M. and Cule, P. (2001). Identifying software project risks: an international Delphi study. Journal of management information systems, 17 (4), Schmidt, R.C. (1997). Managing Delphi Surveys Using Nonparametric Statistical Techniques. Decision Sciences, 28 (3), Siegel, S. and Castellan, N. (1988). Nonparametric statistics for the behavioral sciences McGraw-Hill, New York.