Risk Analysis ITO
of 18
-
Upload
ubair-mushtaq -
Category
Documents
-
view
13 -
download
0
description
Risk Analysis ITO
Transcript of Risk Analysis ITO
-
University of Technology Sydney (UTS)
ENGINEERING & INFORMATION TECHNOLOGY
Risk Analysis Using Fuzzy Logic for IT
Outsourcing
32567 Business Intelligence for Decision Support
Assignment #1
Prepared by : Ali Al Habib ID : 11621366 Date : 08/09/2014
-
Page | 2
Table of Contents
Abstract ............................................................................................ 3
1.0 Introduction .................................................................................. 4
2.0 Risks of IT Outsourcing ...................................................................... 4
3.0 Fuzzy Logic ..................................................................................... 7
4.0 Fuzzy Logic Approach for ITO Risk Analysis ......................................... 8
5.0 Proposed Model of Fuzzy Techniques ..................................................... 9
6.0 Case Study: India Leading IT Industry ............................................... 12
7.0 Conclusion ................................................................................ 16
References ....................................................................................... 17
-
Page | 3
Abstract
IT outsourcing activities considered one of the critical items for large scale corporative. Where many organization shifting for outsourcing the IT services or partial functions. However, this decision required to be studied with respect of risk. The risk analysis consider an important and essential for organization decision making for many critical activities. Qualitative and quantitative are classified as traditional methods that used for risk analysis. However, a structure and hierarchy method for the assessment the risk used guiding to proper decision making approach which is fuzzy logic. This paper demonstrated the fuzzy logic methodology for analyzing the risk for IT outsourcing. A case study is exemplified for applying this technique. Finally, further remarks and future work for this approach are proposed.
Keywords: Fuzzy, Risk Analysis, IT Outsourcing, Decision Making.
-
Page | 4
1.0 Introduction
IT outsourcing is one of the important and powerful trend in IT business world.
It has a serious impact for corporative performance and growth. It will support the
companies that wish to proceed in IT outsourcing to focus on their strategic
business and cutoff the cost. Outsourcing typically involves entering into an
official agreement with a third party (vendors/companies) to provide and deliver specific services, usually for a certain and agreed fees. But this decision which is
Outsourcing the IT completely or partially not always applicable. Even with past
outsourcing experience, managing the outsourcing arrangement is critical and
required an extensive study for risk analysis.
The traditional risk analysis approaches are quantitative and qualitative
analysis methodology. Whereas, the quantitative and qualitative analysis have
some advantages and commonly used. However a hierarchy and structured
method is used for evaluation the risk which is the Fuzzy Logic and leading to
support decision making. This literature review will briefly list some of common of
risks that affect the IT outsourcing. Then will introduce the fuzzy logic method.
Further, explanation for using the Fuzzy logic approach for solving and managing
the risk analysis for IT outsourcing with a demonstrating a case study. A
conclusion provided with recommendation and future work addressed at end.
2.0 Risks of IT Outsourcing
IT outsourcing considered one of the important topics nowadays. This activity effects in direct way the companies, services, customers and individuals. This is a critical decision especially for large scale corporate to determine either to proceed for outsourcing the IT services to keep focus on their core business. The outsourcing. The main objective of outsourcing in addition to keep eyes and provide a desired quality on the main business is cost cutting. But in some case the IT outsourcing is not a right decision for outsourcing the critical IT services that are in-cooperated with central business activities. The outsourcing decision discussed on IT services that are considered eligible for outsourcing. A bench marking required to be conducted to evaluate the need of the outsourcing. In addition to that the risk analysis required to be studied.
-
Page | 5
There are many risks raised due this decision. The risks are summarized in eleven (11) points.
1. Possibilities of Weak Management
In some cases the IT services performance and delivery are weak and is not satisfied the corporate operation due to poor IT management. If the corporate decide to Outsource due this reason, the company executives should know that the they still need a professional IT manger has the capability for managing the contracts with outsourced vendors and track, monitor and maintain the relationship with the third-party. The company has to consider this risk either to higher qualified IT manger or internally rectify the performance issue for replacing the position or turn around internally.
2. Inexperience staff
Another risk is once a newly established contracts with a vendor the weak performance staff would like to transfer to this outsourced company and this will not improve the performance of outsourced IT services or meet the objective of the outsourcing. The situation will be worst, in case the selected outsourced vendor one of the highly ranked companies and specialist staff decided that to move this company. This will be a big loss for experience resources and original company most of time eager to keep such resources.
3. Business uncertainty
If the outsources decision based on cost cutting and focusing on the main business and not evaluating other elements such as the potential growth for the corporate and future roadmap. Such as a CEO decide to retain the IT services based on growth and expansion of company activity. This classified as uncertainty with dealing with business.
4. Outdated technology skills
The market for some technology is not immature to provide such desired service to be outsource due to the vendors using outdated devices and legacy services. Moreover, the advance technologies may be offered with rare companies and their prices significantly high compared to company operation and maintenance.
-
Page | 6
5. Endemic Uncertainty
Some case there is no define scope or service needed by the employee due to updated in technology or changing user requirement due unseen requirement in the project. A fixed contract with outsourcing entities will not be sufficient in the matter. The companies should have clauses for reviewing their contracts and have them able to inject their requirement once they objected to change.
6. Hidden Costs
The cost saving and targeting this element is vital for success the Outsourcing. By comparing the cost of the outsource vendor to company IT budget and operation a one view of the cost will be expose. But they cannot see hidden cost due to discontinue for a technology or not considering the turnover phase including the relocation and redeployment costs. Moreover, not considering the management cost for this activity.
7. Lack Of Organizational Learning
Some companies executives do not have the full view of IT capabilities and their role in running their service along the corporate. May they need to experience the importance role for some service that needed to support especially for the strategic ones. In some cases strategic assets and facilities are hard to be outsourced
8. Loss of Innovation Capacity
In some areas related to the companies required them to have an Innovative ideas to be implemented and development for some application to meet their trend and move forward. The outsourced IT partner may has a limitation on this. The outsourcing is not a smart option in this situation.
-
Page | 7
9. Danger of Eternal Triangle
The vendor and company may not speak in one language. The may face a difficulties in getting understanding each other. As the management seeking to have IT specialist knows their culture and the vendor may express that the users need a learning curve to facilitate the implementation. The outsourcing decision may lead to such situation.
10. Technological Indivisibility
Separated IT services from the corporate such as Wide area network leased line, data center, call centers or portable application designing are not complex to be outsourced. The issue will be raised where the area to interface such as the desktop PCs, Local Area Network (LAN), these unobvious and uncertainty about the role and responsibilities between them.
11. Fuzzy Focus
The IT outsourcing in many cases is not effective to deliver an innovation environment. Also, it is not meeting the challenging efforts for many vital project timeframes in related of systems delivery and implementation. The real problem become more serious when the outsourcing focus on how of IT not what of IT. Then, s potential efforts from management, executive and other company resources will be exerted in undefined issues and lead to unsuccessful results.
3.0 Fuzzy Logic
Generally, the risk could be described as possible future loss or undesirable product that may appear from a certain current action. The discussion on the previous section clearly shows the risks for outsourcing IT services or any function for the companies. The need for having a structure technique is important to supports the decision for proceeding in this strategic goals in cutting the cost and aiming to focus in main business. An important model briefly demonstrated here which Fuzzy Set Theory. This model will provide a guidelines for the executives and CEOs in managing the risk of the IT outsourcing (Samantra, Datta et al. 2014).
Fuzzy logic is one of the most successful of models in business decision making area. It was initiated and developed by Lotfi Zadeh of University of California Berkeley in the 1965 as a means to model and represent mathematically the vagueness and provide structured formalized tool to transfer the status from uncertainty to the clarity to get the
-
Page | 8
desired decision support problem. Fuzzy model can in-house the uncertainty of real-world human language and logic. Fuzzy logic addresses and resembles human decision making with an ability to generate precise solutions from certain or approximate information.
The fuzzy logic will allow a great in dealing with qualitative data, as well as object attribute. Also, it offers an attractive trade-off between accuracy and compactness express relationships in terms of simple rules. Additionally, not computationally expensive, it is cheaper because they are easier to design and require a few rules to cover large scale of complexity.
Fuzzy logic and probabilistic logic are mathematically similar both have truth values ranging between 0 and 1 but conceptually distinct, due to different interpretations. Fuzzy logic corresponds to "degrees of truth", while probabilistic logic corresponds to "probability, likelihood"; as these differ, fuzzy logic and probabilistic logic yield different models of the same real-world situations.
For example, both kinds of truth and probabilities range between [0, 1] and may seems likely at first look. If we let a 50 ml glass contain 5 ml of water cup. We may take in our consideration the two concepts: Empty and Full status. The meaning of each of these status could be represented by Fuzzy Set. One probably define the cup as being 0.5 empty and 0.05 fully. The design might equally be a set of membership function where the cup would be considered full for all values below to 25 ml.
4. Fuzzy Logic Approach for ITO Risk Analysis
There are many studies discussed the IT Outsourcing risks and provide their results in published papers. They study various sources of risks and risk mitigate guideline and advice but they dont try to quantify the degree of risk that could be extent and considered. The risk factors measured by Quantitative and quantitative criteria. Where the quantitative criteria could be used in this situation as easy technique. While the qualitative technique
dealing with subjective measures, as many risk signs and factors subjective in nature and depend on decision-makers linguistic judgment. The need to transform the linguistic assessment evaluation to logical mathematical base. Fuzzy model proposed here to show the capability of this model for risk assessment. A Fuzzy number is define as fuzzy subset in the universe. There are many type of fuzzy numbers such as triangular, bell-shaped and
-
Page | 9
trapezoidal used to form a decision making process. For easy the computation and simple the mathematics the trapezoid is widely used(Samantra, Datta et al. 2014).
Figure. 1. Trapezoid fuzzy number A~
5.0 Proposed Model of Fuzzy Techniques
The methodology proposed is two level of IT outsource risk assessment. The first level is used for evaluating fuzzy risk extent of multiple potential risk factors.
The second level is used for identifying and evaluate the degree of risk extent of individual risk sources that affecting to the outsourcing process. The scheme include a community of k decision makers who are responsible for assessing risks (DMk1, DMk2, DMk3, , DMk). The number of risks denoted as Rm (R1, R2, R3, m). These number of risks subjected under influencing factors (F1, F2, F3, Fn). The procedure is summarized in 7 steps. Step 1: listing and identification of IT Outsourcing risks and (R) influencing factors (F) that used to draw a hierarchical risk assessment model. There are 11 risks identified such as strategic risk, business, technical, financial, legal, operational, environmental, information risk, managerial risk, relationship risk and time management risk. Each one of those risk has influence factor. For example, the strategic risk has the following influence factors:
Loss of organizational competency, F1,1 Proximity of core competency, F1,2 Interdependence of activities, F1,3
Table 1 shows sample of the Hierarchical structure for risk analysis in IT outsourcing.
-
Page | 10
Table 1 : Hierarchical structure for risk analysis in T Outsourcing
-
Page | 11
Step 2: The Selection of Fuzzy linguistic classified scale for representing both likelihood of occurrence and impact of risks, and, also selecting suitable membership functions for each mentioned variable. Step 3. Linguistic data (in relation to likelihood of occurrence (L) and impact of risk (I)) for each risk factor have been collected from the experts. Therefore, linguistic data have been translated into proper fuzzy numbers. Step 4. Combined preferences (aggregated decision-making opinion) that have been computed using fuzzy aggregation operators. Fuzzy risk ratings of each influencing factor have been calculated by multiplying fuzzy likelihood of occurrence and fuzzy risk impact where R= L X I. Step 5. Crisp risk rating corresponding to each risk influencing factor has required to be calculated using Incentre of centroids method that developed by Thorani applicable for generalized trapezoidal fuzzy numbers in fuzzy logic theory. Step 6. Classify and Categorization of risks that has been carried out based on individual crisp risk ratings. Step 7. An action requirement plan required to be formulated with reference to different risk categories. The above listed steps are designed to be generic (Samantra, Datta et al. 2014).The risk analysis result may differ from one case to another depend of experts, decision makers who participated in the evaluation and nature of company policies. The following section will demonstrate a case study shows the mentioned Fuzzy model.
-
Page | 12
6.0 Case Study: India Leading IT Industry
Indian company which is one of the IT leader company in India. The case study conducted with participation of seven selected decision makers. They are classified as IT executive and mangers expert in the felid of IT outsourcing. They are donated as DM1, DM2,DM7.They are requested to provide their evaluation for the questionnaire and rating for linguistic scale. The risks are identified for the evaluation. The chosen of these risks based on their importance and common and the sensitivity for IT outsourcing. Each risks (r) having a correspondent influence factor (f). Fuzzy Linguistic Scale: Trapezoidal membership function is used for this scale. It is commonly used and satisfactory for this application (Samantra, Datta et al. 2014). Five linguistic scale fuzzy numbers are used. The risk is represented by terms, the impact of risk and likelihood of occurrence R= L (Likelihoods) X I (Impact). They are: Very Rare (VR), Rare (R), Often (O), Frequent (F) and Very Frequent. These variables rated by using the flowing rating for risk: Very Low (VL), Low (L), Moderate (M), Serious (S) and Critical (C).
Table.1 Linguistic scale factor and rating
-
Page | 13
Data Collection Phase.
The expert requested to provide a two set of linguistic data for assessment likelihood of occurrence (R) and Impact of Risk (I) for rating and evaluation each risk influencing factor (f). Table 2 shows a Sample of the likelihood of occurrence for various risk influencing factors provided by DMs. While Table 3 shows a sample of the Risk Impact for various risk influencing factors provided by DMs
Table 2. Likelihood of occurrence (L) of various risk factors assigned by DMs in linguistic terms.
-
Page | 14
Table 3. Risk Impact (I) of various risk factors assigned by DMs in linguistic terms.
Then, this linguistic information has been transformed into appropriate trapezoidal fuzzy numbers referring to the linguistic scale (Table 1). Risk Rating The next phase of this process is doing the aggregation task. The aggregation done using using fuzzy aggregation rules based on that associated decision matrices
-
Page | 15
Table 4. Aggregated preferences by seven candidates in terms of fuzzy numbers and their crisp ratings.
Where the aggregation is the process which the fuzzy sets are combined to form a single collective preference fuzzy set. Let k is the number of decision makers (DMt, t = 1, . . . , k), who are responsible for the assessing m IT outracing risks (Ri, i = 1, ... , m), with corresponding n Influencing factors (Fi,j, j = 1, . . . , n). The aggregated fuzzy preferences
as per (Chen, 2000).
Then, the following equation is developed for calculation fuzzy risk rating of each influencing factors . It concluded that the highest risk rating after applying above calculation is the strategic risk has the major critical value and contribution to IT outsourcing process for the decision making refer to figure.2 shows a summary graph for each percentage risk.
-
Page | 16
Figure 2. The percentage of contribution of each individual risks to the overall ITO risk.
As we observe, this methodology fuzzy based multi-criteria decision making
approach was a successful evaluation used in analysis the risk for IT outsourcing where resulted that the risk factor with highest degree of risk required to be monitored carefully to get the IT outsourcing project success without major impacts. Moreover, this methodology was pass through a validation process by selecting another 15 IT executive leaders with more than 10 year experience in IT outsourcing for reviewing the process with respect the applicability of the method, benefits of operation, completeness of risk factors and importance of strategic planning for IT outsourcing. The result was highly recommend this methodology.
7.0 Conclusion
Fuzzy logic process for IT outsourcing is an empirical and a reliable method. It is more practical and more reliable than the traditional and statics approach. It is considered close to a realistic outcomes as the experts in IT outsourcing and senior executives in this fields are participating in this study analysis while the others rely on objects inputs. The risk impact and likelihood of occurrence their weight scores by the experts. In addition to that, the approach exemplify a modeling for risk influence in hierarchal structured way. The case studied that applied for IT leader company was illustrated the success experience in this field. In my opinion, this fuzzy approach could be extended to other outsourcing activity in the industrial and business sectors. Definitely, this technique will support the management provision the outsourcing in clear manner and categorize the risks with their degree. Future work is proposed to have this model developed in customized application with logged all risks and their impacts associated with risk
-
Page | 17
influence and have a special entry for risk analysis for different Outsourcing for industrial and business sectors.
-
Page | 18
References:
Chen, S.-j. & Chen, S.-m. 2007, 'Fuzzy risk analysis based on the ranking of generalized
trapezoidal fuzzy numbers', Applied Intelligence, vol. 26, no. 1, pp. 1-11.
Earl, M.J. 1996, 'The Risks of Outsourcing IT', Sloan Management Review, vol. 37, no. 3,
p. 26.
Foundation of Fuzzy Logic, Viewed on 02/09/2014,
Fuzzy Control SystemWikipedia, Viewed on 02/09/2014,
Harris, J. 2000, An introduction to fuzzy logic applications, Kluwer Academic, Dordrecht ; London.
Mathew, S.K. 2006, 'Understanding Risk in IT Outsourcing: A Fuzzy Framework',
Journal of Information Technology Case and Application Research, vol. 8, no. 3, pp.
27-39.
Nazari-Shirkouhi, S., Ansarinejad, A., Miri-Nargesi, S.S., Dalfard, V.M. & Rezaie, K. 2011, 'Information Systems Outsourcing Decisions under Fuzzy Group Decision Making Approach', International Journal of Information Technology & Decision Making, vol. 10, no. 06, pp. 989-1022
Samantra, C., et al. (2014). "Risk assessment in IT outsourcing using fuzzy decision-making approach: An Indian perspective." Expert Systems with Applications 41(8): 4010-4022.
Shankar, N.R., Abdullah, M.L., P Thorani, Y.L. & Bushan Rao, P.P. 2012, 'Fuzzy Risk
Analysis based on a new approach of Ranking Fuzzy Numbers using Orthocenter of
Centroids', International Journal of Computer Applications, vol. 42, no. 3.
