SlideShare une entreprise Scribd logo

Trial lecture - Risk Management and Open Source Software Adoption - Øyvind Hauge

Télécharger en tant que PPTX, PDF
Ø
Øyvind Hauge

The trial lecture from my PhD defense with the original topic: Present and discuss relevant conceptualizations of risk and control in business organizations relevant to the process of OSS adoption

TechnologieBusiness
1  sur  32
Conceptualizations of risk and control in business organizations relevant to the process of OSS adoption Trial lecture Øyvind Hauge oyvind.hauge@idi.ntnu.no
53.3% of the respondents thought computer breakdowns was a major concern (Coleman, 2006) The local hospital was in 2006 a full day without ICT support and a week without wireless phone Denver Airport, Computerized Baggage Handling fails, 1995 -> costs up to 1$ million per day Therac-25, 1985-1987, overdoses of radiation leading to three deaths
Table of content The scope of this presentation Risk and control Ways of controlling risk Risk and control related to OSS adoption
Present and discuss relevant conceptualizations of risk and control in business organizationsrelevant to the process of OSS adoption SE & IS
Business organization Is a legal entity (private or public) Has a Mission to provide either goods or services Owner Budget Variations in Size Domain Country Organization form Geographical distribution …
Table of content The scope of this presentation Risk and control Ways of controlling risk Risk and control related to OSS adoption
Risk The effect of uncertainty on objectives The effect may be positive or negative Risk=Probability*Cost Involves uncertainty Event Causes/threats Consequences ISO Guide 73:2009, Aven (2009)
Types of risk ,[object Object]
Cost
Schedule
Organizational environment
User
Team
Requirement
Project complexity
Planning and controlScott and Vessey (2002), Wallace et al. (2004), Karolak (1996)
”Typical” software risks Baccarini et al. (2004) – IT projects Personnel shortfall Unreasonable schedule and budget Unrealistic expectations Incomplete requirements Diminishing window of opportunity Boehm (1991) – Software risks Personnel shortfall Unreasonable schedule and budget Developing the wrong functions and properties Developing the wrong user interface Gold-plating Changing requirements Shortfall in externally furnished components Shortfall in externally performed task Real-time performance shortfalls Straining computer science capabilities Aloini et al. (2007) – ERP systems Inadequate product selection Ineffective strategic thinking and planning Ineffective project management techniques Bad managerial conduct Inadequate change management Inadequate training and instruction Poor project team skills Inadequate Business Process Re-engineering Low top management involvement Low key user involvement Chatzoglou and Diamantidis (2009) – IT/IS implementation Management ability Information integrity Controllability Exclusivity
Few risks are technical Baccarini et al. (2004) – IT projects Personnel shortfall Unreasonable schedule and budget Unrealistic expectations Incomplete requirements Diminishing window of opportunity Boehm (1991) – Software risks Personnel shortfall Unreasonable schedule and budget Developing the wrong functions and properties Developing the wrong user interface Gold-plating Changing requirements Shortfall in externally furnished components Shortfall in externally performed task Real-time performance shortfalls Straining computer science capabilities Aloini et al. (2007) – ERP systems Inadequate product selection Ineffective strategic thinking and planning Ineffective project management techniques Bad managerial conduct Inadequate change management Inadequate training and instruction Poor project team skills Inadequate Business Process Re-engineering Low top management involvement Low key user involvement Chatzoglou and Diamantidis (2009) – IT/IS implementation Management ability Information integrity Controllability Exclusivity
Risks Negative impact on objectives May come from a number of sources The most important risks are not related to the technology
Control Measures that are modifying risk Prevent Reduce consequences Event Causes/threats Consequences ISO Guide 73:2009
Table of content The scope of this presentation Risk and control Ways of controlling risk Risk management Real Option Theory Processes and standardization Risk and control related to OSS adoption
1. Risk management Coordinated activities to direct and control an organization with regard to risk Aven (2008), ISO Guide 73:2009
Not all risk can be controlled Hanseth and Ciborra (2007), Forester (1989)
The norm of risk management GALE (Globally At Least Equivalent) ALARP (As Low As Reasonably Probable) Stålhane and Skramstad (2006), Aven (2009)
Traditional risk analysis Baskeville and Stage (1996), Karolak (1996), Boehm (1991), Holmgren and Thedéen (2009)
Risk identification: What can go wrong? Group discussions SWOT analysis Brain storming Expert panels Earlier experiences References Checklists McManus (2004), Boehm (1991)
Risk avoidance/mitigation Find root causes of risks Deal with root causes or reduce consequences Sell risk to 3rd party Expertise (train/hire) Introduce barriers Design the risk out of the solution Buy information e.g. proof of concept Lane (1998), Boehm (1991)
2. Real Option Theory Add flexibility and options proactively Options may be used but they don’t have to Benaroch et al. (2007), Erdogmus and Favaro (2002)
First date at a steakhouse The date is a vegetarian Menu option 1. Steak Menu option 1. Steak First date at a restaurant serving different dishes The date is a vegetarian Menu option 2. Salad Menu option 2. Fish
Options for IT projects The option to: Defer Explore Stage Change-Scale Abandon Outsource Lease Strategic-Grow Benaroch et al. (2007), Erdogmus and Favaro (2002)
3. Processes and standardization Processes Tool support Techniques Standards ,[object Object]

Recommandé

18 zain ul abideen final paper258--267
18 zain ul abideen final paper258--26718 zain ul abideen final paper258--267
18 zain ul abideen final paper258--267Alexander Decker
 
A new conceptual framework to improve the application of occupational health...
A new conceptual framework to improve the application of occupational health...A new conceptual framework to improve the application of occupational health...
A new conceptual framework to improve the application of occupational health...Diandra Rosari
 
Risk management of telecommunication and engineering laboratory
Risk management of telecommunication and engineering laboratoryRisk management of telecommunication and engineering laboratory
Risk management of telecommunication and engineering laboratorySalam Shah
 
Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Matt Hamilton
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinarمحمدعبد الحى
 
10120140506004 2
10120140506004 210120140506004 2
10120140506004 2IAEME Publication
 

Recommandé

18 zain ul abideen final paper258--267
18 zain ul abideen final paper258--26718 zain ul abideen final paper258--267
18 zain ul abideen final paper258--267Alexander Decker
 
A new conceptual framework to improve the application of occupational health...
A new conceptual framework to improve the application of occupational health...A new conceptual framework to improve the application of occupational health...
A new conceptual framework to improve the application of occupational health...Diandra Rosari
 
Risk management of telecommunication and engineering laboratory
Risk management of telecommunication and engineering laboratoryRisk management of telecommunication and engineering laboratory
Risk management of telecommunication and engineering laboratorySalam Shah
 
Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Matt Hamilton
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinarمحمدعبد الحى
 
10120140506004 2
10120140506004 210120140506004 2
10120140506004 2IAEME Publication
 
10120140506004 2
10120140506004 210120140506004 2
10120140506004 2IAEME Publication
 
W6 making decisions in risky situations - simon pollard
W6 making decisions in risky situations - simon pollardW6 making decisions in risky situations - simon pollard
W6 making decisions in risky situations - simon pollardlgconf11
 
PM508 - Week 1, Organization Risk Tolerance, Behavior, and Perception
PM508 - Week 1, Organization Risk Tolerance, Behavior, and PerceptionPM508 - Week 1, Organization Risk Tolerance, Behavior, and Perception
PM508 - Week 1, Organization Risk Tolerance, Behavior, and Perceptioncityuelearning
 
Glis Intro 01 20071029
Glis Intro 01 20071029Glis Intro 01 20071029
Glis Intro 01 20071029Jan Pawlowski
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
Erpppt
ErppptErpppt
Erppptsaileshvaishnavi
 
Avoid the risk of workload and hr planning to achieve sustainable business gr...
Avoid the risk of workload and hr planning to achieve sustainable business gr...Avoid the risk of workload and hr planning to achieve sustainable business gr...
Avoid the risk of workload and hr planning to achieve sustainable business gr...Management_Team
 
Risk factorserp sumner
Risk factorserp sumnerRisk factorserp sumner
Risk factorserp sumnerIIUM
 
PAPERS20 April 2013 ■ Project Management Jou.docx
PAPERS20 April 2013 ■ Project Management Jou.docxPAPERS20 April 2013 ■ Project Management Jou.docx
PAPERS20 April 2013 ■ Project Management Jou.docxdanhaley45372
 
Supply Chain Risk 2009
Supply Chain Risk 2009Supply Chain Risk 2009
Supply Chain Risk 2009Jan Husdal
 
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxRunning head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxjeanettehully
 
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docxRunning head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docxhealdkathaleen
 
Enablers for Maturing your S&OP Processes, SherTrack
Enablers for Maturing your S&OP Processes, SherTrackEnablers for Maturing your S&OP Processes, SherTrack
Enablers for Maturing your S&OP Processes, SherTrackInnovation Enterprise
 
Ics 3210 information systems security and audit - edited
Ics 3210 information systems security and audit - editedIcs 3210 information systems security and audit - edited
Ics 3210 information systems security and audit - editedNelson Kimathi
 
Carol Harstad Research Proposal
Carol Harstad Research ProposalCarol Harstad Research Proposal
Carol Harstad Research ProposalCarol Harstad
 
Role Of Knowledge Management In The Decision Making
Role Of Knowledge Management In The Decision MakingRole Of Knowledge Management In The Decision Making
Role Of Knowledge Management In The Decision MakingFaisal Haroon
 
Casestudy On It Development Outsource
Casestudy On It Development OutsourceCasestudy On It Development Outsource
Casestudy On It Development Outsourceuddika
 
data science & machine learning prasentation
data science & machine learning prasentationdata science & machine learning prasentation
data science & machine learning prasentationsainikoyal108
 
A Customer Relationship Management Case Study Critical Success Factors In Ac...
A Customer Relationship Management Case Study Critical Success Factors In Ac...A Customer Relationship Management Case Study Critical Success Factors In Ac...
A Customer Relationship Management Case Study Critical Success Factors In Ac...Yolanda Ivey
 
10 Trends in Capability Planning for Defence and Security
10 Trends in Capability Planning for Defence and Security10 Trends in Capability Planning for Defence and Security
10 Trends in Capability Planning for Defence and SecurityStephan De Spiegeleire
 
PhD Defense Øyvind Hauge
PhD Defense Øyvind HaugePhD Defense Øyvind Hauge
PhD Defense Øyvind HaugeØyvind Hauge
 
2010 open standards in norwegian public sector nordic oss
2010 open standards in norwegian public sector nordic oss2010 open standards in norwegian public sector nordic oss
2010 open standards in norwegian public sector nordic ossØyvind Hauge
 

Contenu connexe

Similaire à Trial lecture - Risk Management and Open Source Software Adoption - Øyvind Hauge

W6 making decisions in risky situations - simon pollard
W6 making decisions in risky situations - simon pollardW6 making decisions in risky situations - simon pollard
W6 making decisions in risky situations - simon pollardlgconf11
 
PM508 - Week 1, Organization Risk Tolerance, Behavior, and Perception
PM508 - Week 1, Organization Risk Tolerance, Behavior, and PerceptionPM508 - Week 1, Organization Risk Tolerance, Behavior, and Perception
PM508 - Week 1, Organization Risk Tolerance, Behavior, and Perceptioncityuelearning
 
Glis Intro 01 20071029
Glis Intro 01 20071029Glis Intro 01 20071029
Glis Intro 01 20071029Jan Pawlowski
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
Avoid the risk of workload and hr planning to achieve sustainable business gr...
Avoid the risk of workload and hr planning to achieve sustainable business gr...Avoid the risk of workload and hr planning to achieve sustainable business gr...
Avoid the risk of workload and hr planning to achieve sustainable business gr...Management_Team
 
Risk factorserp sumner
Risk factorserp sumnerRisk factorserp sumner
Risk factorserp sumnerIIUM
 
PAPERS20 April 2013 ■ Project Management Jou.docx
PAPERS20 April 2013 ■ Project Management Jou.docxPAPERS20 April 2013 ■ Project Management Jou.docx
PAPERS20 April 2013 ■ Project Management Jou.docxdanhaley45372
 
Supply Chain Risk 2009
Supply Chain Risk 2009Supply Chain Risk 2009
Supply Chain Risk 2009Jan Husdal
 
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxRunning head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxjeanettehully
 
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docxRunning head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docxhealdkathaleen
 
Enablers for Maturing your S&OP Processes, SherTrack
Enablers for Maturing your S&OP Processes, SherTrackEnablers for Maturing your S&OP Processes, SherTrack
Enablers for Maturing your S&OP Processes, SherTrackInnovation Enterprise
 
Ics 3210 information systems security and audit - edited
Ics 3210 information systems security and audit - editedIcs 3210 information systems security and audit - edited
Ics 3210 information systems security and audit - editedNelson Kimathi
 
Carol Harstad Research Proposal
Carol Harstad Research ProposalCarol Harstad Research Proposal
Carol Harstad Research ProposalCarol Harstad
 
Role Of Knowledge Management In The Decision Making
Role Of Knowledge Management In The Decision MakingRole Of Knowledge Management In The Decision Making
Role Of Knowledge Management In The Decision MakingFaisal Haroon
 
Casestudy On It Development Outsource
Casestudy On It Development OutsourceCasestudy On It Development Outsource
Casestudy On It Development Outsourceuddika
 
data science & machine learning prasentation
data science & machine learning prasentationdata science & machine learning prasentation
data science & machine learning prasentationsainikoyal108
 
A Customer Relationship Management Case Study Critical Success Factors In Ac...
A Customer Relationship Management Case Study Critical Success Factors In Ac...A Customer Relationship Management Case Study Critical Success Factors In Ac...
A Customer Relationship Management Case Study Critical Success Factors In Ac...Yolanda Ivey
 
10 Trends in Capability Planning for Defence and Security
10 Trends in Capability Planning for Defence and Security10 Trends in Capability Planning for Defence and Security
10 Trends in Capability Planning for Defence and SecurityStephan De Spiegeleire
 

Similaire à Trial lecture - Risk Management and Open Source Software Adoption - Øyvind Hauge (20)

10120140506004 2
10120140506004 210120140506004 2
10120140506004 2
 
W6 making decisions in risky situations - simon pollard
W6 making decisions in risky situations - simon pollardW6 making decisions in risky situations - simon pollard
W6 making decisions in risky situations - simon pollard
 
PM508 - Week 1, Organization Risk Tolerance, Behavior, and Perception
PM508 - Week 1, Organization Risk Tolerance, Behavior, and PerceptionPM508 - Week 1, Organization Risk Tolerance, Behavior, and Perception
PM508 - Week 1, Organization Risk Tolerance, Behavior, and Perception
 
Glis Intro 01 20071029
Glis Intro 01 20071029Glis Intro 01 20071029
Glis Intro 01 20071029
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Erpppt
ErppptErpppt
Erpppt
 
Avoid the risk of workload and hr planning to achieve sustainable business gr...
Avoid the risk of workload and hr planning to achieve sustainable business gr...Avoid the risk of workload and hr planning to achieve sustainable business gr...
Avoid the risk of workload and hr planning to achieve sustainable business gr...
 
Risk factorserp sumner
Risk factorserp sumnerRisk factorserp sumner
Risk factorserp sumner
 
PAPERS20 April 2013 ■ Project Management Jou.docx
PAPERS20 April 2013 ■ Project Management Jou.docxPAPERS20 April 2013 ■ Project Management Jou.docx
PAPERS20 April 2013 ■ Project Management Jou.docx
 
Supply Chain Risk 2009
Supply Chain Risk 2009Supply Chain Risk 2009
Supply Chain Risk 2009
 
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxRunning head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
 
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docxRunning head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
Running head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY2.docx
 
Enablers for Maturing your S&OP Processes, SherTrack
Enablers for Maturing your S&OP Processes, SherTrackEnablers for Maturing your S&OP Processes, SherTrack
Enablers for Maturing your S&OP Processes, SherTrack
 
Ics 3210 information systems security and audit - edited
Ics 3210 information systems security and audit - editedIcs 3210 information systems security and audit - edited
Ics 3210 information systems security and audit - edited
 
Carol Harstad Research Proposal
Carol Harstad Research ProposalCarol Harstad Research Proposal
Carol Harstad Research Proposal
 
Role Of Knowledge Management In The Decision Making
Role Of Knowledge Management In The Decision MakingRole Of Knowledge Management In The Decision Making
Role Of Knowledge Management In The Decision Making
 
Casestudy On It Development Outsource
Casestudy On It Development OutsourceCasestudy On It Development Outsource
Casestudy On It Development Outsource
 
data science & machine learning prasentation
data science & machine learning prasentationdata science & machine learning prasentation
data science & machine learning prasentation
 
A Customer Relationship Management Case Study Critical Success Factors In Ac...
A Customer Relationship Management Case Study Critical Success Factors In Ac...A Customer Relationship Management Case Study Critical Success Factors In Ac...
A Customer Relationship Management Case Study Critical Success Factors In Ac...
 
10 Trends in Capability Planning for Defence and Security
10 Trends in Capability Planning for Defence and Security10 Trends in Capability Planning for Defence and Security
10 Trends in Capability Planning for Defence and Security
 

Plus de Øyvind Hauge

PhD Defense Øyvind Hauge
PhD Defense Øyvind HaugePhD Defense Øyvind Hauge
PhD Defense Øyvind HaugeØyvind Hauge
 
2010 open standards in norwegian public sector nordic oss
2010 open standards in norwegian public sector nordic oss2010 open standards in norwegian public sector nordic oss
2010 open standards in norwegian public sector nordic ossØyvind Hauge
 
FLOSS2009 Øyvind Hauge
FLOSS2009 Øyvind HaugeFLOSS2009 Øyvind Hauge
FLOSS2009 Øyvind HaugeØyvind Hauge
 
Fri Programvarelisenser Øyvind Hauge
Fri Programvarelisenser Øyvind HaugeFri Programvarelisenser Øyvind Hauge
Fri Programvarelisenser Øyvind HaugeØyvind Hauge
 
OSS2008 Øyvind Hauge
OSS2008 Øyvind HaugeOSS2008 Øyvind Hauge
OSS2008 Øyvind HaugeØyvind Hauge
 
OSS2007 Øyvind Hauge
OSS2007 Øyvind HaugeOSS2007 Øyvind Hauge
OSS2007 Øyvind HaugeØyvind Hauge
 
OSS2009 Øyvind Hauge
OSS2009 Øyvind HaugeOSS2009 Øyvind Hauge
OSS2009 Øyvind HaugeØyvind Hauge
 
Open Nordic 2008 NTNU
Open Nordic 2008 NTNUOpen Nordic 2008 NTNU
Open Nordic 2008 NTNUØyvind Hauge
 
Goopen 2009 Øyvind Hauge
Goopen 2009 Øyvind HaugeGoopen 2009 Øyvind Hauge
Goopen 2009 Øyvind HaugeØyvind Hauge
 

Plus de Øyvind Hauge (11)

PhD Defense Øyvind Hauge
PhD Defense Øyvind HaugePhD Defense Øyvind Hauge
PhD Defense Øyvind Hauge
 
2010 open standards in norwegian public sector nordic oss
2010 open standards in norwegian public sector nordic oss2010 open standards in norwegian public sector nordic oss
2010 open standards in norwegian public sector nordic oss
 
TDT10 Øyvind Hauge
TDT10 Øyvind HaugeTDT10 Øyvind Hauge
TDT10 Øyvind Hauge
 
NTNU @ Nordic OSS
NTNU @ Nordic OSSNTNU @ Nordic OSS
NTNU @ Nordic OSS
 
FLOSS2009 Øyvind Hauge
FLOSS2009 Øyvind HaugeFLOSS2009 Øyvind Hauge
FLOSS2009 Øyvind Hauge
 
Fri Programvarelisenser Øyvind Hauge
Fri Programvarelisenser Øyvind HaugeFri Programvarelisenser Øyvind Hauge
Fri Programvarelisenser Øyvind Hauge
 
OSS2008 Øyvind Hauge
OSS2008 Øyvind HaugeOSS2008 Øyvind Hauge
OSS2008 Øyvind Hauge
 
OSS2007 Øyvind Hauge
OSS2007 Øyvind HaugeOSS2007 Øyvind Hauge
OSS2007 Øyvind Hauge
 
OSS2009 Øyvind Hauge
OSS2009 Øyvind HaugeOSS2009 Øyvind Hauge
OSS2009 Øyvind Hauge
 
Open Nordic 2008 NTNU
Open Nordic 2008 NTNUOpen Nordic 2008 NTNU
Open Nordic 2008 NTNU
 
Goopen 2009 Øyvind Hauge
Goopen 2009 Øyvind HaugeGoopen 2009 Øyvind Hauge
Goopen 2009 Øyvind Hauge
 

Dernier

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 

Dernier (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 

Trial lecture - Risk Management and Open Source Software Adoption - Øyvind Hauge

  • 1. Conceptualizations of risk and control in business organizations relevant to the process of OSS adoption Trial lecture Øyvind Hauge oyvind.hauge@idi.ntnu.no
  • 2. 53.3% of the respondents thought computer breakdowns was a major concern (Coleman, 2006) The local hospital was in 2006 a full day without ICT support and a week without wireless phone Denver Airport, Computerized Baggage Handling fails, 1995 -> costs up to 1$ million per day Therac-25, 1985-1987, overdoses of radiation leading to three deaths
  • 3. Table of content The scope of this presentation Risk and control Ways of controlling risk Risk and control related to OSS adoption
  • 4. Present and discuss relevant conceptualizations of risk and control in business organizationsrelevant to the process of OSS adoption SE & IS
  • 5. Business organization Is a legal entity (private or public) Has a Mission to provide either goods or services Owner Budget Variations in Size Domain Country Organization form Geographical distribution …
  • 6. Table of content The scope of this presentation Risk and control Ways of controlling risk Risk and control related to OSS adoption
  • 7. Risk The effect of uncertainty on objectives The effect may be positive or negative Risk=Probability*Cost Involves uncertainty Event Causes/threats Consequences ISO Guide 73:2009, Aven (2009)
  • 8.
  • 16. Planning and controlScott and Vessey (2002), Wallace et al. (2004), Karolak (1996)
  • 17. ”Typical” software risks Baccarini et al. (2004) – IT projects Personnel shortfall Unreasonable schedule and budget Unrealistic expectations Incomplete requirements Diminishing window of opportunity Boehm (1991) – Software risks Personnel shortfall Unreasonable schedule and budget Developing the wrong functions and properties Developing the wrong user interface Gold-plating Changing requirements Shortfall in externally furnished components Shortfall in externally performed task Real-time performance shortfalls Straining computer science capabilities Aloini et al. (2007) – ERP systems Inadequate product selection Ineffective strategic thinking and planning Ineffective project management techniques Bad managerial conduct Inadequate change management Inadequate training and instruction Poor project team skills Inadequate Business Process Re-engineering Low top management involvement Low key user involvement Chatzoglou and Diamantidis (2009) – IT/IS implementation Management ability Information integrity Controllability Exclusivity
  • 18. Few risks are technical Baccarini et al. (2004) – IT projects Personnel shortfall Unreasonable schedule and budget Unrealistic expectations Incomplete requirements Diminishing window of opportunity Boehm (1991) – Software risks Personnel shortfall Unreasonable schedule and budget Developing the wrong functions and properties Developing the wrong user interface Gold-plating Changing requirements Shortfall in externally furnished components Shortfall in externally performed task Real-time performance shortfalls Straining computer science capabilities Aloini et al. (2007) – ERP systems Inadequate product selection Ineffective strategic thinking and planning Ineffective project management techniques Bad managerial conduct Inadequate change management Inadequate training and instruction Poor project team skills Inadequate Business Process Re-engineering Low top management involvement Low key user involvement Chatzoglou and Diamantidis (2009) – IT/IS implementation Management ability Information integrity Controllability Exclusivity
  • 19. Risks Negative impact on objectives May come from a number of sources The most important risks are not related to the technology
  • 20. Control Measures that are modifying risk Prevent Reduce consequences Event Causes/threats Consequences ISO Guide 73:2009
  • 21. Table of content The scope of this presentation Risk and control Ways of controlling risk Risk management Real Option Theory Processes and standardization Risk and control related to OSS adoption
  • 22. 1. Risk management Coordinated activities to direct and control an organization with regard to risk Aven (2008), ISO Guide 73:2009
  • 23.
  • 24. Not all risk can be controlled Hanseth and Ciborra (2007), Forester (1989)
  • 25. The norm of risk management GALE (Globally At Least Equivalent) ALARP (As Low As Reasonably Probable) Stålhane and Skramstad (2006), Aven (2009)
  • 26. Traditional risk analysis Baskeville and Stage (1996), Karolak (1996), Boehm (1991), Holmgren and Thedéen (2009)
  • 27. Risk identification: What can go wrong? Group discussions SWOT analysis Brain storming Expert panels Earlier experiences References Checklists McManus (2004), Boehm (1991)
  • 28. Risk avoidance/mitigation Find root causes of risks Deal with root causes or reduce consequences Sell risk to 3rd party Expertise (train/hire) Introduce barriers Design the risk out of the solution Buy information e.g. proof of concept Lane (1998), Boehm (1991)
  • 29. 2. Real Option Theory Add flexibility and options proactively Options may be used but they don’t have to Benaroch et al. (2007), Erdogmus and Favaro (2002)
  • 30. First date at a steakhouse The date is a vegetarian Menu option 1. Steak Menu option 1. Steak First date at a restaurant serving different dishes The date is a vegetarian Menu option 2. Salad Menu option 2. Fish
  • 31. Options for IT projects The option to: Defer Explore Stage Change-Scale Abandon Outsource Lease Strategic-Grow Benaroch et al. (2007), Erdogmus and Favaro (2002)
  • 32.
  • 34. Revision control, issue tracking, automated building, …
  • 35. Design patterns, code refactoring, pair programming, …
  • 36.
  • 37. Table of content The scope of this presentation Risk and control Ways of controlling risk Risk and control related to OSS adoption
  • 39. OSS Adoption Hauge et al. (2010)
  • 40. Risk, control and OSS adoption Non-technical risks are the most important OSS risk are therefore not the most prominent ones Relevant to IT adoption and development also relevant to OSS Risk management Alternatives Standards, tools, and processes OSS experience: to analyse the use of OSS in the context
  • 41. "software risks can be best managed by combining specific risk management considerations with a detailed understanding of the environmental context and with sound managerial practices, such as relying on experienced and well-educated project managers and launching correctly sized projects" (Ropponen and Lyytinen, 2000, p.98).
  • 42. References DavideAloini, RiccardoDulmin, and Valeria Mininnocial, Risk management in ERP project introduction: Review of the literature, Information & Management 2007:44, pages 547-567 TerjeAven, 2008, Risk Analysis: Assessing Uncertainties Beyond Expected Values and Probabilities, Wiley TerjeAven, 2009, Risk Mangement, in GöranGrimvall, Åke J. Holmgren, Per Jacobsson, and TorbjörnThedéen (editors), Risks in Technological Systems, Springer David Baccarini, Geoff Salm, and Peter E.D. Love, Management of risks in information technology projects, Industrial Management & Data Systems 2004:104(4) pages 286-295 Michel Benaroch, Yossi Lichtenstein, Karl Robinson, Real options in information technology risk management: an empirical validation of risk-option relationships, MIS Quarterly 2006:30(4) YegorBugayenko, 2009, Competitive Risk Identification Method for Distributed Teams, in OllyGotel, Mathai Joseph, and Bertrand Meyer (editors), Software Engineering Approaches for Offshore and Outsourced Development - Proceedings of the Third International Conference, SEAFOOD 2009, Zurich, Switzerland, Springer Richard L. Baskerville and Jan Stage, Controlling Prototype Development through Risk Analysis. MIS Quarterly, 1996:20(4), pages 481-504 Barry W. Boehm, Software Risk Management: Principles and Practices, IEEE Software, 1991:8(1), pages 32-41 Prodromos D. Chatzoglou and Anastasios D. Diamantidis, IT/IS implementation risks and their impact on firm performance, International Journal of Information Management, 2009:29, pages 119-128 Les Coleman, 2006, Why Managers and Companies Take Risks, Springer John Forester, 1989, Planning in the Face of Power, University of California Press HakanErdogmus and John Favaro, 2002, Keep Your Options Open: Extreme Programming and Economics of Flexibility, in G. Succi, M. Marchesi, L. Williams, D. Wells (editors) XP Perspectives, Addison Wesley
  • 43. References Ole Hanseth and Claudio Ciborra (editors), 2007, Risk Complexity and ICT, Edward Elgar Publishing Limited ØyvindHauge, Daniela S. Cruzes, ReidarConradi, KetilSandangerVelle and Tron André Skarpenes, Risks and Risk Mitigation in Open Source Software Adoption: Bridging the Gap between Literature and Practice, in: Proceedings of the 6th IFIP Working Group 2.13 International Conference on Open Source Systems (OSS2010) - Open Source Software: New Horizons, May 30th-June 2nd, Notre Dame, USA, pages 105--118, Springer, 2010 Åke J. Holmgren and TorbjörnThedéen, 2009, Risk Analysis, in GöranGrimvall, Åke J. Holmgren, Per Jacobsson, and TorbjörnThedéen (editors), Risks in Technological Systems, Springer ISO 31000:2009, Risk management -- Principles and guidelines, http://www.iso.org/iso/catalogue_detail.htm?csnumber=43170 ISO Guide 73:2009, Risk Management Vocabulary, http://www.iso.org/iso/catalogue_detail?csnumber=44651 Casper Jones, 1994, Assessment and Control of Software Risks, Yourdon Press http://www.springerlink.com/content/q0j808/ Christel Lane, 1998, Introduction: theories and issues in the study of trust, in Christel. Lane and John McManus, 2004, Risk Management in Software Development Projects, Elsevier JanneRopponen and KalleLyytinen, Components of software development risk: how to address them? A project manager survey, IEEE Transactions on Software Engineering, 2000:26(2), pages 98-112 Reinhard Bachmann (editors), Trust within and between organisations, Oxford: Oxford University, pages. 1–30. Marvin Rausand, 1991, RisikoanalyseVeiledningtil NS 8514, Tapir Judy E. Scott and Iris Vessey, Managing Risks in Enterprise Systems Implementations, 2002:45(4) Communications of the ACM Thomas Stober and UweHansmann, 2009, Agile Software Development , Springer Tor Stålhane and TorbjørnSkramstad, Presentation for Workshop at EuroSPI 2006 Linda Wallace, Mark Keil, and ArunRai, Understanding software project risk: a cluster analysis, Information & Management, 2004:42 pages 115-125