Analysis of Risk Dynamics in Information

European and Mediterranean Conference on Information Systems 2009 (EMCIS2009) July 13-14 2009, Crowne Plaza Hotel, Izmir
ANALYSIS OF RISK DYNAMICS IN INFORMATION TECHNOLOGY SERVICE DELIVERY

zge Nazmolu, Process Specialist, IBM Global Services ve Teknoloji Hizmetleri ve Tic. Ltd. ti. (IGS), Turkey ozgena@tr.ibm.com Yasemine zen, Compliance Specialist & Process Coordinator, IBM Global Services ve Teknoloji Hizmetleri Tic. Ltd. ti. (IGS), Turkey yasemine@tr.ibm.com
This study has begun within the context of Centers for Advanced Studies (CAS) Istanbul at Services Sciences projects and has been developed.
Abstract
This paper is prepared for defining, analyzing and managing risks within Information Technologies (IT) in Service Delivery. Therefore understanding the concept of service delivery correctly is a very important issue. After defining service delivery, some specific risks which appear in IT service delivery and the relationships between risks will also be defined. This project has been prepared by taking the Information Technologies Infrastructure Library (ITIL) as basis, which is a standard in IT. International Business Machines (IBM) maintains its own processes by taking its standards. The main purpose of the study is to define the effects of the specific risks on specific processes related with ITIL. The risks have been determined by reviewing the processes in IBM, ITIL and with the help of the ITSM (Information Technology Service Management) Metrics Model. The remaining part of this report is structured as the necessary background for ITIL and IBM service delivery, the possible sources and analysis of IT service delivery risk and the concluding remarks. Keywords: Information Technologies, Service Delivery, Risks.
INTRODUCTION
Today, no one would dispute that IT has become the backbone of commerce. It underpins the operations of individual companies, ties together far flung supply chains and increasingly, links businesses to the customers they serve (Carr, 2003). During the period when the significance of IT was undisputable, the companies period to outsource IT services. Outsourcing is defined as being one of allocating or reallocating business activities from an internal source to an external source. Any business activity can be outsourced. All or part of any of the unique business activities in a functional area, like management information systems, which have been historically in sourced can be outsourced today (Schniederjans, Schniederjans & Schniederjans, 2007). The most important commercial development of the last 50 years is information technology. It is beginning an inexorable shift from being an asset that companies own in the form of computers, software and myriad related components to being a service that they purchase from utility providers. After pouring millions of dollars into in house data centers, companies may soon find that its time to start shutting them down. IT is shifting from being an asset companies own to a service they purchase (Carr, 2005). An explanation for why IT might lead to firms is that IT might allow firms to "outsource" more of their activities. That is, the use of IT might lead firms to "buy" rather than "make" more of the components and services needed to make their primary products (Brynjolfsson, Malone, Gurbaxani,
1
Ozge Nazimoglu, Yasemine Ozsen Analysis of Risk Dynamics in Information Technology Service Delivery
Kambil, 1993). While companies came into being to outsource their Information Technology Department, the concept of IT service delivery has become important. Business can be competitive only if the risks of IT service delivery are managed (Garbani and Mendel, 2004). If the proposed services are not delivered on time, this can have serious impact on IBMs profits, reputation and its competitive advantage. IBMs service delivery team enables clients to manage the relationship between people, process, technology and information in order to run the business more efficiently. These business benefits are as follows; increasing revenues with the help of bringing new applications faster to market, reducing costs by solving business problems, ability to predict the impact of changes before they occur and usage of IT tracking and auditing tools for compliance. While company provides outsourcing service, it needs to have some standards. ITIL is a library which defined as Information Technologies Infrastructure Library. Today almost every company which related with IT is consistent with ITIL. As a result of these developments, the management of the risks that effect or may affect the service became an important issue. The undisputable significance of risk management occurred following phases.
2
2.1
A BRIEF OVERVIEW OF SERVICE DELIVERY FOR INFORMATION TECHNOLOGIES

The Importance of IT
Traditionally, the IT-related activities of organizations have been divided into three types; systems development and maintenance, systems operations, and systems administration. Systems development and maintenance activities are necessary for both the development of new systems and the maintenance of existing ones (feasibility studies, systems analysis, systems design, programming, user training, testing, and systems evaluation). Systems operations activities are related to the operation of existing systems (data entry, job scheduling, output production and distribution and database operations). Systems administration activities involve managing both systems development and systems operation activities (policy setting, personnel management, and planning) (Tavakolian, 1989).
Figure 1.
The New View - Business touch the world through IT (Grady, Robert B.1997)
IT is involved in every interaction between the business and the "real world." IT buffer represents the increasing use of IT for interaction between the business and the outside world. At the most obvious level, it is the sale of products over the Internet and email communication with employees and contractors. At another level, it is the capture of incoming information, such as invoices, into digital form as soon as they arrive in the office. Today, even many very small transactions become records in a point-of-sale system or stock control system. A small failure or improvement of IT can have a dramatic effect on the business' ability to operate and perhaps to influence its profitability (Harris,
2
Herron, Iwanicki, 2008). IT is an issue that is related with business, that is aware of the developments and affects all the systems. The quality of the outputs that are composed of the received inputs is closely related with the efficiency of the IT. IT can provide employees with knowledge of industry best practices, information on relevant leading edge technologies, and the goings on at professional associations relevant to their work. In short, access to such rich boundary spanning information makes opportunities more salient (Dewett and Jones, 2000). Since 1990, organizations are increasingly focusing on learning and knowledge creation. This indicates that an organization should utilize its intellectual capacity and improve knowledge flows among its members to achieve a competitive advantage. The influence of global competitiveness and development in IT has led to the recognition that knowledge and the capacity to develop knowledge are the resources that have tremendous impact on achieving a sustainable competitive advantage (Gunasekaran, Khalil, Rahman, 2003).
2.2
ITIL (Information Technologies Infrastructure Library)
ITIL best practices were first developed in the 1980s by the British government's Office of Government Commerce (OGC) formerly called the Central Computer and Telecommunications Agency. ITIL is a collection of best practices that have become widely observed in the IT service industry and a detailed framework of a number of significant IT practices, with comprehensive checklists, tasks, procedures, and responsibilities that are designed to be tailored to any IT organization. ITIL suggests that any IT operation should have some form of help desk where users of IT can ask questions or resolve problems. ITIL describes recommended best practices such as how to investigate and solve reported problems called into the operations help desk. These are the best practices and processes that are necessary for IT to process its applications in an efficient, controlled environment (Moeller, 2008). ITIL adoption rates have been on the rise. The CIO executive board reported in 2004 that 30 percent of global companies with more than $1 billion in revenues evaluated the potential of implementing ITIL, and approximately 13 percent were moving forward with ITIL implementation. Adoption is expected to increase to 60 percent of global companies with more than $1 billion in revenue by 2008 (Harris, Herron, Iwanicki, 2008). ITIL version 3 is made up of five books, referred to as the ITIL core. These books are Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement as follows;
2.2.1 Service Strategy
Service Strategy focuses on how to transform service management into a strategic asset. Providers benefit from seeing the relationships between various services, systems, or processes they manage and the business models, strategies, or objectives they support (Bajada, Stephen, 2008). It helps a company to plan for implementing IT service management strategies. Service Strategy allows companies to define new IT services and helps ensure that the currently defined IT services meet the business requirements of the company (SkillSoft Press, 2006).
2.2.2 Service Design
Service Design means "The design of new or changed services for introduction into the live environment". It involves using a holistic approach to determine the impact of the introduction of changes upon the existing infrastructure services and management processes. New or changed services, processes, and technology should not be implemented in isolation. Service Design is required to enable the continuation of all current operational aspects, considering the impact of changes
3
(Bajada, Stephen. 2008). Service Design helps create policies, architectures, and designs for IT services to meet the current and future requirements of a company (SkillSoft Press, 2006).
2.2.3 Service Transition
Service Transition helps manage and control the changes in IT services that are implemented in the working environment of a company. Service Transition ensures continuity of IT services when changes occur (SkillSoft Press, 2006). It provides guidance for the development and improvement of capabilities for transitioning new and changed services into operations. It also provides on transferring the control of services between customer and service providers (OGC, 2008).
2.2.4 Service Operation
Service Operation is where the value is seen. Service value is modeled in Service Strategy. The cost of the service is designed, predicted and validated in Service Design and Service Transition. Measures for optimization are identified in Continual Service Improvement. But Service Operation is where any value is actually realized. Until a service is operational, there is no value being delivered (Bajada, and Stephen, 2008).
2.2.5 Continual Service Improvement (CSI)
CSI aims to promote the fact that quality is key to being able to achieve and maintain high levels of service provision. The processes throughout the lifecycle need to be reviewed and analyzed and improved where it would lead to increased efficiency and effectiveness in how the service is provided. Cost will also be important and there must be a balance between this and what will lead to customer satisfaction. CSI objectives are achieved by reviewing what is happening, analyzing findings and producing recommendations for improvement. CSI covers processes throughout the LifecycleStrategy, Design, Transition, Operation (Bajada and Stephen, 2008).
Figure 2.
ITIL Version 3 Processes (Harris, Herron, Iwanicki, 2008)
Figure 2 helps to have an understanding of the ITIL service management process areas and where they fit in the ITIL version 3 books. There is an important point such as Request Fulfillment is the process for dealing with service requests; it also includes the functions of service desk.
4
2.3
IT Service Delivery
A service is a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks (Best Management Practice, 2007). In order to define service delivery, it is important to understand what a service is. IT service delivery is what as an outsourcing company does for companies in order to help them to find the optimal integration between IT and business. By providing this service, it enables clients to manage the relationship between people, process, technology and information in order to run the business more efficiently. These business benefits are as follows; increasing revenues with the help of bringing new applications faster to market, reducing costs by solving business problems, ability to predict the impact of changes before they occur and usage of IT tracking and auditing tools for compliance. Most services cannot be counted, measured, inventoried, tested, and verified in advance of sale to assure quality. Service performance varies from producer to producer, from customer to customer, and from day to day (Parasuraman, Zeithaml, Berry, 1985). For that reason it is really important to understand and ascertain the notion of service delivery. IT Service at IBM has some phases included as follows;
Figure 3.
The Lifecycle of IT Service at IBM
At Engagement Phase, services and products or combination of both are provided to meet customers requirements, and services are determined to be delivered to customer. Baselines, service levels and other technical and non-technical schedules are created. The approach and plan are defined as well as a timeframe. At the end of this phase business requirement will be defined. Transition and Transformation Phase can be defined as a one phase. Transition & Transformation Phase is responsible for transferring of any in-scope staff and validation of the service baseline environment. There some knowledge transfers from the client and setting up of the program management system. Workflow defined and policies are defined. Evolving from the customers existing environment to the environment required for company to achieve its agreements. This phase can vary from contract to contract. Transformation phase can be occurred simultaneously with the transition process. Executive ownership established and also procedures are defined. At the Steady State Phase, measurement and continuous improvement plans and procedures defined. The existing environment is stable. The goal of this phase is to improve process and also control is provided. Processes and procedures are working without problem. This phase can be defined as service delivery phase. This study explains the risks which can occur at the service delivery phase as steady state.
2.4
ITIL and IBM Service Delivery Process
IBM has its own implementation of ITIL for IT service management. The service starts as soon as the contract is signed between the customer and IBM. Service delivery and service support team take control after contract is signed. IBM uses its own processes in order to deliver the services agreed contractually. IBM staff has to be familiar with these processes in order to deliver the services with out any problem. These processes are standard and consistent across the globe for IBM and they are collected under different folders at IBM. These can be thought as related processes defined in ITIL
5
collected under different titles. When these processes interact with each other, risk may arise due to miscommunication and misunderstanding. Service delivery procedure can be defined as a set of integrated processes describing the how of a service delivery. In order to define the processes there are documents which consist of template processes for covering all types of service delivery activity for any customer in any part of the world. IBM service delivery team configures these documents to reflect specific customer requirements, while still maintaining consistency and an auditable link to global best practices like ITIL. IBM procedures are confidential and cannot be described. However, working at IGS, an affilate of IBM, was a good opportunity for understanding inner processes and procedures of the company to see the possible sources of risk. After working at IGS for a while, change, service level management (SLM) and service desk can be the main sources of risk.
3
3.1
RESEARCH METHODOLGY
Research Objectives
The main aim of the study reported in this paper was to identify, explore and find out the relationship between specific risks in IT service delivery. As part of this process of risk assessment, the research aimed to explore the impacts of risks according to related ITIL processes. 3.2 Research Design
ITSM Model (Steinberg, 2006) is used for this study, as comment in short ITSM Model is; filled the operational metrics with the historical data which can be obtained from related systems or some related reports. Values of KPIs (Key Performance Indicators) occur with the operational metrics by using formulas. Formulas are determined by the help of relationship between KPIs and operational metrics. KPIs have some risks levels; HIGH, MEDIUM or LOW according to determined target and warning levels. In order to specify the risks, taken the risks from the model is used. Specific risks and the relationships between them and KPIs are determined. The relationship between risks and KPIs is found out and used for the model. In order to confirm attributes at the relationship, some observations are done at IGS. Delay times for each risk on the process are taken from the Metrics Model. According to observations at IGS, decided which risks will be analyzed. After defining specific risks and the relationship between processes, the effect of risks is defined with the help of assumptions. This study searches the effects of the determined risks on Service Desk, Change Management and Service Level Management. Service Desk is a process within Service Operation, Service Level Management is a process within Continual Service Improvement and Change Management is a process within Service Transition. In order to analyze the risk in IT service delivery, various ITIL disciplines are studied. After carefully studying ITIL and IGSs internal processes the main risk may arise from following disciplines; Service Desk is the place where exist the receipt and resolution of service requests, technical guidance, communication, etc. The central contact point between users and IT staff (Steel, 2008). Also it is the first place that the customer contacts when they have a problem or any request. If these requests and problems are not handled immediately this can cause trust issues between customer and the service provider. Service Desk activities are managing control, communication & promotion and providing management information. Change Management is responsible for ensuring changes are evaluated, approved, controlled, tracked and implemented safely without side effects to the quality of the service itself (Steel, 2008). It aims to minimize risks to IT environment when changes are made. However, after a change is made
6
upgrades, patches, new technologies or systems there is a big risk of customer dissatisfaction if they are not adequate. Service Level Management (SLM) ensures that the agreed services are delivered when and where they are supposed to be delivered. SLM is a very important concept concentrating on value which is an intangible concept. If this value is destroyed by breaching any part of the Service Level Agreements (SLAs), it can have some negative consequences for the service provider as the customer will be dissatisfied. SLM plan, coordinate, draft, agree, monitor and report on SLA (Steel, 2008). SLA is a contract between two parties that specifies performance and quality metrics of an infrastructure/application service offering and the consequences of what happen when those metrics are not met (Bhattacharya, Behara, S. Ravi, Gundersen, 2003).
4
4.1
RISK ASSOCIATED WITH SERVICE DELIVERY

Risk Management
Risk is the net negative impact of the exercise of vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level (Stoneburner, Goguen, 2002). With the help of risk management, organizations try to ensure that risks to which they are exposed are the risks to which they think they are and need to be exposed to operate their primary business. Risk management is thus the process by which firms identify their risks and then take any actions required to control deviations of actual risk exposures from predefined tolerances to those risks (Culp, 2002). Risk identification is the most significant issue in the risk management. Before risks can be managed, they must be identified. Risk identification aims to find the major risks before they adversely affect a program. Risk analysis is the next element in the risk management. Risk analysis is the conversion of risk data into risk management information. Each risk must be understood sufficiently to allow a manager to make decisions. Risk analysis sifts the known risks, and places the information in the hands of the decision maker. Analysis provides the information that allows managers to work on the right risks (Scoy, 1992). Everyone agrees that risk arises from uncertainty, and that risk is about the impact that uncertain events or circumstances could have on the achievement of goals. A risk is any uncertainty that, if it occurs, would have an effect on achievement of one or more objectives. Traditionally risk has been perceived as bad; the emphasis has been on the potential effects of risk as harmful, adverse, negative, and unwelcome. In fact risk has been considered synonymous with threat (Hillson, Simon, 2007). Risk management practices in many of the world's largest organizations tend to be based around a narrow definition of the word risk. In the past, many risk managers were tasked with focusing on managing the downside aspects of risk. Consequently, the focus has often been on managing or controlling hazards fraudulent behavior, security breaches, theft, compliance breaches, damage to property, and so on. While these are important, they need to be complemented by an approach that views risk in its upside potential (Frost, Allen, Porter, Bloodworth, 2001). The purposes of the Risk Management in service delivery are handling the effects of the risks, reducing the negative effects of the risks, and accepting some, or all, of the consequences of a particular risk. Risk management is a structured approach to managing uncertainty through, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources.
7
4.2
Specific Risks Related With Service Delivery
Outsourcing IT operations has been recognized to have important potential benefits, including cost reduction, improved quality of service, and access to technological expertise. Researchers and practitioners also recognize that, in some circumstances, IT outsourcing entails risk, and that it sometimes leads to undesirable consequences that are the opposite of the expected benefits (Bahli, Rivard, 2004). Risk in IT service management can be defined as; not delivering the services which were agreed contractually with the customer. Risk can also be defined as any situation that leads to uncertainty. The aim of this study is to identify these risks that lead to this uncertainty according to ITSM Model. Below are some important specific risks; Rework: Any disruption in a process creates a hole in time that travels across the entire system and adds a great deal of cost. The total cost incurred is very difficult to quantify, and the impact rework extend throughout the internal process and the external process (Carreira, Trudell, 2006). When a work is not done properly, the risk of rework could emerge. As a result, the cost could increase and because of a rework the employees morale could be lower. Delayed Solutions: The risk can be defined as solution did not apply to a problem at the required time because of any reason. As a result there could be a risk over the systems or processes. In general this risk brings on some defaults on going processes. Fines and Penalties: In general these risks are related with Service Level Agreements and they present when the work done is not conforming to the contract. Considering the case, the penalty of the employee concerned could increase; even the employee could lose his/her job. Legal Exposure: Legal exposure for companies in the intellectual property arena is infringing the intellectual property rights of another person or company. A technology lawyer will need to determine whether a client is using a brand name or term that is too much like the trademark of another person or is capitalizing on work someone else owns. The flip side is it also presents a risk of exposure; clients need to protect their own intellectual property. At a very high level, there are three areas of legal exposure for companies: compliance, reliance, and security (Inside the Minds Staff, 2004). Service Outages: Refers to any time a service recipient does not receive service within the conditions set by a Service Level Agreement or preset expectations (Kozak, 2006). As a result of service outage becomes the most critical and directly affects service delivery. Revenue loss and restoration costs accumulate during an outage. Waste: If an activity adds cost and generates no revenue, it is considered waste but if an activity generates revenue, it is not waste. Wastes are non value added, they do not contribute to a more complete product or service, and the customer is unwilling to pay for these activities (Carreira, Trudell, 2006). Security Breaches: Security breaches have more importance when it is about technical services. When there must be a change, security control analysis must be taken. Low Employee Morale: When employees have a low morale, there could be negative effects on the work done. The probability that the employee makes a mistake could increase. Especially when it is about end user services, this risk is important for the ones that have directly contact with clients. Dissatisfied Customers: This is one of the most important risks, because service deliverys first objective is customer satisfaction. As a consequence of this risk, the customer could outsource its service from another firm as a result of its complaints. Customer loss is the least wanted situation in a service delivery firm. After process analyses, it is seen that the three most risky processes are Change Management, Service Level Management and Service Desk. Below can be founded how the relationships between specific risks and processes according to ITSM Model. In order to determine different levels of risks in the
8
ITSM Model, only these three most important processes have been analyzed. Then these delay times have been weighted at Table 1, taken from Metrics Model.
Delay Times for Each Process Rework Delayed Solutions Fines and Penalties Legal Exposure Service Outages Waste Security Breaches Low Employee Morale Dissatisfied Customers Service Desk 2 5 0 0 0 8 0 6 11 Change Management 9 9 6 3 3 9 3 6 6 Service Level Management 6 9 3 3 0 9 0 9 11
Table 1.
Loss of time in ITSM Model
If the percentage is up to 35%, the risk is defined as High, if it is between 25% and 35%, the risk is defined as Medium, if it is lower than 25 %, and the risk is defined as Low. For example for the risk named Rework, change management have a weight of 9/ (2+9+6) =0, 53>0, 35, so its level is determined as High as shown at Table 2.
Risk Level Rework Delayed Solutions Fines and Penalties Legal Exposure Service Outages Waste Security Breaches Low Employee Morale Dissatisfied Customers Service Desk Low Low None None None Medium None Medium High Change Management High High High Medium High Medium High Medium Medium Service Level Management Medium High Medium Medium None Medium None High High
Table 2.
Level of risks for each process
For confirming these attributes, observations have been made during a week. According to these observations, in 90% of the cases the risk defined is actually seen, in 6% of the cases the risk seen is one grade upper or lower of the defined risk, in 4% of the cases the risk seen is two grades upper or lower of the defined risk. If the level of the risk defined is Medium, the probability that the risk seen is seen Low or High is 5 %. To digitize these data, they have been weighted with the 1-5 scale (1low). To be able to analyze them a sample with 5 observations has been taken. At the end, the table below has been created at Table 3 (only one calculation is shown).
Risk Weights Rework Delayed Solutions Fines and Penalties Legal Exposure Service Outages Waste Security Breaches Low Employee Morale Dissatisfied Customers Service Desk 1,25 1,25 None None None 2,55 None 2,55 4,69 Change Management 4,69 4,69 4,69 2,55 4,69 2,55 4,69 2,55 2,55 Service Level Management 2,55 4,69 2,55 2,55 None 2,55 None 4,69 4,69
Table 3.
Weight of risks for each process (scale 1-5) weight = 0, 90*5, 00 + 0, 06*2, 50 + 0, 04*1, 00 = 4, 69.
For the same example: Rework risk for Change Management

Ozge Nazimoglu, Yasemine Ozsen
9
Analysis of Risk Dynamics in Information Technology Service Delivery
To sum up, the most important risk that should be eliminated about the Service Desk is the risk of Dissatisfied Customer. One of the most significant points in this table is that some risks are not effective on some processes. Other than reviewing the processes separately, the following pie graph can be reviewed in order to understand the effectiveness of each risk. Figure 4 shows impact of risks to Steady State Service Quality.
Figure 4.
Impacts of Risks
The effect of the customer over service delivery is inevitable. Because, the main purpose of service delivery is to maximize the customer satisfaction. The risk of Dissatisfied Customers is the most significant risk that affects all the processes. The delay of the solutions in IT delivery can bear unexpectable results. Thus, this risk should also be reviewed. Since one of the most significant factors that ensure that the processes operate without problems, inevitable damages may occur due to the reluctance or unhappiness of the employees. Service quality in steady state phase depends on the most these three criteria, which means that the failure in those topics is appearing as most influent risk to service quality in the proposed model.
CONCLUSION
Finding the effects of the risks on the processes can be deemed as the first step in increasing the quality of service delivery. The risks that are determined to have high effect will be reviewed separately and the main purpose will be to remove or minimize the effects of risks. These risks can be increased by conducting more researches. In further studies, hypothesis tests could be done over this study to make it more sensitive. Furthermore the sample size could be enlarged so that studies would be more appropriate to reality. The study has several important conclusions. All of nine risks defined from a metrics model, but especially three of them really important at IT service delivery. Conducting studies on the risks that have more effects will decrease the issues that prevent great losses or processes. Each of them should be a research topic for further studies. On the other hand, which ITIL process is more risky is founded. The most risky process is the Change Management and the less risky process is the Service Desk Management. As a result of this study, the most important risk that has an impact on all processes is Dissatisfied Customers. The second one is Delayed Solutions and the third one is Low Employee Morale. In order to minimize the risks in all the processes, works should be conducted to increase customer satisfaction, the methods for not delaying the solutions should be searched and the morale of the employees should be kept high.
10
References
Bahli B and Rivard S. 2004. Validating Measures of Information Technology Outsourcing Risk Factors, Strategic Management of Information Technology. Bajada S. 2008. ITIL v3 Foundation Certification Training, GTS Learning. Bhattacharya S, Behara S, Gundersen D. 2003. Business Risk Perspectives on Information Systems Outsourcing, International Journal of Accounting Information Systems. Brynjolfsson E, Malone T, Gurbaxani V, Kambil A. 1993. An Empirical Analysis of the Relationship Between Informaiton Technology and Firm Size, MIT New York University. Cameron T I, Raman R. 2005. Process Systems Risk Management, Elsevier Science and Technology Books, Inc. Carr, G N. 2003. IT Doesnt Matter, Harvard Business Review. Carr, G N. 2005. The End of Corporate Computing, MIT Sloan Management Review. Carreira B, Trudell B. 2006. Lean Six Sigma that Works: A Powerful Action Plan for Dramatically Improving Quality, Increasing Speed, and Reducing Waste, Amacom. Culp L C. 2002. The ART of Risk Management: Alternative Risk Transfer, Capital Structure, and the Convergence of Insurance and Capital Markets, John Wiley & Sons. Dewett T and Jones R G. 2000. The Role of Information Technology in the Organization: A Review, Model, and Assessment, Journal of Management. Frost C, Allen D, Porter J, Bloodworth P.2001.Operational Risk and Resilience, PricewaterCoopers. Garbani J P and Mendel T. 2004. Forrester Research GigaWorldEurope. Grady R B. 1997. Successful Software Process Improvement, Prentice Hall. Gunasekaran A, Khalil O, Rahman M S.2003. Knowledge and Information Technology Management: Human and Social Perspectives, IGI Publishing. Harris D M, Herron E D, Iwanicki S. 2008. The Business Value of IT: Managing Risks, Optimizing Performance and Measuring Results, Auerbach Publications. Hillson D, Simon P. 2007. Practical Project Risk Management: The ATOM Methodology, Management Concepts. Inside the Minds Staff. 2004. Inside the Minds: The Laws Behind Technology: Leading Lawyers On The Legal Aspects Of Patents, Software Licensing, Telecommunications, & More, Aspatore Books. Kozak M. 2006. Avoiding Project Disaster: Titanic Lessons for IT Executives, Multi Media Publications. Moeller R R. 2008. Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT, and ITIL, John Wiley & Sons. Office of Government Commerce. 2008. Service Transition, OGC. Parasuraman A, Zeithaml A V, Berry L L. 1985. A Conceptual Model of Service Quality and Its Implications for Future Research, Journal of Marketing. Schniederjans J, Schniederjans M, Schniederjans G. 2007. Outsourcing Management Information Systems, IGI Publishing. Scoy V L and Roger. 1992. Software Risk Management Program, Software Engineering Institute, Carnegie Mellon University. SkillSoft Press. 2006. Managing Infrastructure Using ITIL, SkillSoft Press. Steel C A. 2008. Information Technology Governance and Service Management: Frameworks and Adaptations, IGI Publishing. Steinberg A R. Measuring ITIL, Trafford Publishing. Stoneburner G, Goguen A, Feringa A. 2002. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology. Tavakolian, H. 1989.Linking the Information Technology Structure With Organizational Competitive Strategy: A Survey, MIS Quarterly.
11

Analysis of Risk Dynamics in Information

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Analysis of Risk Dynamics in Information

Caricato da

Copyright:

Formati disponibili

European and Mediterranean Conference on Information Systems 2009 (EMCIS2009) July 13-14 2009, Crowne Plaza Hotel, Izmir

ANALYSIS OF RISK DYNAMICS IN INFORMATION TECHNOLOGY SERVICE DELIVERY

A BRIEF OVERVIEW OF SERVICE DELIVERY FOR INFORMATION TECHNOLOGIES

ITIL (Information Technologies Infrastructure Library)

ITIL Version 3 Processes (Harris, Herron, Iwanicki, 2008)

The Lifecycle of IT Service at IBM

ITIL and IBM Service Delivery Process

RISK ASSOCIATED WITH SERVICE DELIVERY

Specific Risks Related With Service Delivery

Loss of time in ITSM Model

Level of risks for each process

For the same example: Rework risk for Change Management

Potrebbero piacerti anche