Managing risk beyond the control of IS managers: the role of business management

While most research has focused on managing technical and project risks in information systems, there are many other components of information systems risk that are currently not evaluated and managed effectively. We identify different sources of risk in both intra- and inter-organizational information systems. Many risks are not well managed because they are beyond the control of the software project manager. We suggest that senior business managers should be responsible for managing organizational risk particularly in the early and later stages of an information systems implementation project. These managers must communicate the importance of new systems and change incentive structures to promote effective system use. We suggest the need to evaluate collaborative risk in inter-organizational information systems and provide guidelines for managing this risk using a joint business management team or a trusted intermediary.