The Impact of Residual Risk and Resultant Problems on Information Systems
Bostrom, R.P., & Heinen, J. S. (1977a).
MIS problems and failures: A socio-technical perspective Part I: The causes.
MIS Quarterly, 1( 3), 17–32.
Bostrom, R.P., & Heinen, J. S. (1977b).
MIS problems and failures: A socio-technical perspective Part II: The application of socio-technical theory. MIS
Quarterly, 1( 3), 11–28.
Burns, T. S., G. M. (1961). The management
of innovation. London, England: Tavistock.
Chin, W. W. (1998). Issues and opinion
on structural equation modeling. MIS
Quarterly, 22( 1), vii.
Chin, W. W., Marcolin, B. L., & Newsted,
P. R. (2003). A partial least squares latent
variable modeling approach for measuring interaction effects: Results from a
Monte Carlo simulation. Information
Systems Research, 14( 2), 189–217.
Curtis, B., Krasner, H., & Iscoe, N.
(1988). A field study of he software
design process for large systems.
Communications of the ACM, 31( 11),
Fornell, C., & Bookstein, F. L. (1982).
Two structural equation models: Lisrel
and PLS applied to consumer exit-voice
theory. Journal of Marketing Research,
19( 4), 440–452.
Fornell, C., & Larcker, D.F. (1981).
Evaluating structural equation models with unobservable variables and
measurement error. Journal of Marketing
Research, 18( 1), 39–50.
Galbraith, J.R. (1977). Organizational
design. Reading, MA: Addison-Wesley.
Houston, D., Mackulak, G., & Collofello,
J. (2001). Stocastic simulation of risk factor potential effects for software development risk management. The Journal of
Systems and Software, 59( 3), 247–257.
Jiang, J.J., G. Klein, & Chen, H. (2006).
The effects of user partnering and user
non-support on project performance.
Journal of the Association for Information
Systems, 7( 2), 68–90.
Kaplan, R. S., & Mikes, A. (2012).
Managing risks: A new framework.
Harvard Business Review, 90, 48–60.
Finally, this research found that
the impact of residual risks is not a
direct effect on project performance.
Rather, the relationship is mediated by
problems that manifest through residual risks that ultimately impact project performance. While this difference
may appear minimal on the surface, it
exposes the far more complex relationship between risk and problems. A risk
may have one or more causes and if the
risk is realized, may have more than one
associated problem (Project Management Institute, 2013). As such, this is a
“many-to-many” relationship, making
all the processes within risk management (risk identification, risk analysis,
risk response planning, and risk monitoring and control) much more complicated. This will be further compounded
as ISD projects continue to escalate
in size, complexity, and functionality.
Future research needs to consider this
elevated relationship when researching
risk as well as residual risk.
Aloini, D., Dulmin, R., & Mininno, V.
(2012). Modeling and assessing ERP
project risks: A Petri net approach.
European Journal of Operations Research,
220( 2), 484–495.
Bakker, K., Boonstra A., & Wortmann,
H. (2010). Does risk management
contribute to IT project success?
A meta-analysis of empirical evidence.
International Journal of Project
Management, 28( 5), 493–503.
Bannerman, P. (2008). Risk and risk
management in software projects:
A reassessment. Journal of Systems and
Software, 81( 12), 2118–2133.
Barclay, D., Higgins, C, & Thompson,
R. (1995). The partial least squares
(pls) approach to causal modeling:
Personal computer adoption and use as
an illustration. Technology Studies, 2( 2),
Barki, H., Rivard, S., & Talbot, J. (2001). An
integrative contingency model of software
project risk management. Journal of Management Information Systems, 17( 4), 37–69.
issues, but there is much still to be
considered. Second, what contributes
to the remaining variance of ISD project
performance? Several options could be
considered. First, Na et al. (2004) identified unforeseeable risk (risk that cannot
be identified nor controlled a priori). It
should be researched as to how prevalent unforeseeable risk is within ISD
projects. Another possibility is secondary risk, or a risk that arises as a direct
result of implementing a risk response
(Project Management Institute, 2013).
It should be considered and researched
whether some risk intervention techniques cause more additional problems
than were eliminated. In practice, this
definition offers opportunities to collect important information and “lessons
learned” on implemented risk intervention techniques and their attributed
success or failure in elimination or mitigation of risks and their problems. This
information should prove invaluable in
refining not only the use of the risk
intervention techniques, but the probability of remaining residual risk. Further information could be collected on
how to eliminate or resolve this residual
risk in an efficient and effective manner.
Second, using a more extensive and
systemic set of risks as antecedents of
residual risk also offer opportunities for
additional research. For example, this
research considered the direct effects
of actor, task, structure, and technology. However, Lyytinen et al. (1996;
1998) also theorized on the interactions
between the categories—task/actor,
task/technology, task/structure, actor/
technology, actor/structure, and tech-nology/structure. Interactions between
these categories could prove more complex to resolve as sophisticated hybrid
residual risks and arising problems.
Categorization of risks is encouraged in
practice (Project Management Institute,
2013) because these categories enhance
the efficiency and effectiveness of risk
identification. It may prove valuable to
include interactions between these categories and the effective risk interventions to arising problems.