شناسایی عوامل ریسک برون سپاری فناوری اطلاعات (IT)، با استفاده از اطلاعات وابسته به یکدیگر : روش گسترده DEMATEL

Risk factor identification of IT outsourcing is significant to capture the source of IT outsourcing risk. Risk factors of IT outsourcing are often interdependent, and consequently the interrelationships among factors affect risk factor identification, whereas this fact is neglected in the existing studies. The purpose of this paper is to investigate a method for identifying risk factors of IT outsourcing, in which the interrelationships among risk factors are considered. Firstly, the risk factors of IT outsourcing are figured out through literature review and expert interview. Then, the interrelationships among risk factors and relative analysis are given. Furthermore, based on the 2-tuple fuzzy linguistic representation model and the classical Decision Making Trial and Evaluation Laboratory (DEMATEL) method, an extended DEMATEL method is developed to identify the importance together with the classification of risk factors. Finally, the potential of the proposed method is shown through an illustrative example of a Chinese resource company.

In facing an ever-increasingly competitive and changeable environment, organizations are required constantly managing their resources and focusing on core business so as to maintain competitive advantages (Porter, 1985). To meet this requirement, more and more organizations resort to information technology (IT) as a solution for achieving the informationization management of resource and business (Dewett and Jones, 2001 and Heim and Peng, 2010). In recent years, IT outsourcing has been extensively accepted by various organizations (Antelo and Bru, 2010, Ferreira and Laurindo, 2009, Gonzalez et al., 2006, Lee et al., 2003, Paisittanand and Olson, 2006 and Wang and Yang, 2007). This is because IT outsourcing has many potential benefits: cost saving (Lacity and Hirschheim, 1993, Lacity et al., 1996 and Loh and Venkatraman, 1992), improved efficiency (Barthélemy, 2001, Chen and Wang, 2009 and Samaddar and Kadiyala, 2006), increased flexibility (Offodile and Abdel-Malek, 2002, Rao et al., 1996 and Wu et al., 2005) and so on. However, IT outsourcing also entails risk that may lead to undesirable consequences, e.g., costly contractual amendments (Earl, 1996), shirking and opportunistic bargaining (Ngwenyama & Bryson, 1999), disclosure of commercial secrets and fraud (Mojsilović, Ray, Lawrence, & Takriti, 2007). Thus, a significant risk management effort is required to adeptly steer IT outsourcing operation (Aubert et al., 1999, Osei-Bryson and Ngwenyama, 2006 and Shi et al., 2010). Especially, risk factor identification is the base of whole risk management (Li and Liao, 2007 and Maytorena et al., 2007). By risk factor identification, various risk factors that may influence IT outsourcing operation are uncovered to help decision makers capture the source of IT outsourcing risk. In real world, risk factors of IT outsourcing are often interdependent (Bahli and Rivard, 2005, Lacity and Hirschheim, 1993 and Ramachandran and Gopal, 2010). In some situations, the interrelationships among risk factors can induce the transmission effect from one risk to another. For example, in IT outsourcing operation, requirements instability and technological complexity are two interdependent risk factors (see: Ramachandran & Gopal, 2010). Requirements instability can increase the cognitive uncertainty of technology, which is accompanied with the complexity of technology. On the other hand, technological complexity can make organizations confused with their requirements so as to lead to the instability of requirements. Furthermore, the interrelationship between the two risk factors can induce the transmission effect from market risk to operation risk. Therefore, it is necessary to consider the interrelationships among risk factors in risk factor identification of IT outsourcing. Furthermore, the importance and classification of risk factors are also needed to be identified to support the decision makers’ judgments on risk factors. The importance of a risk factor means the role of this factor and what extent this risk factor should be watched. The classification of risk factors figures out the controllability or uncontrollability of each risk factor, which avails to select the targeted measures for risk control. Some studies on risk factor identification of IT outsourcing have been found. For example, Aubert, Patry, and Rivard (1998) listed risk factors of IT outsourcing by reviewing the existing literature and propose a framework for categorizing the listed risk factors. Further, Aubert et al., 2001 and Aubert et al., 2005 revised and updated the list of risk factors that they presented previously. Following the work of Aubert et al., 1998, Aubert et al., 2001, Aubert et al., 2005 and Bahli and Rivard, 2005 gave the analysis of risk factors. Also, Earl (1996) listed risk factors of IT outsourcing by discussing with both vendors and clients in the IT outsourcing marketplace, while Willcocks, Lacity, and Kern (1999) elicited risk factors of IT outsourcing by a case study. On the other hand, studies on risk assessment (Bahli and Rivard, 2001 and Bahli and Rivard, 2005) and risk control (Aubert et al., 2005, Bahli and Rivard, 2003 and Willcocks et al., 1999) based on the work of risk factor identification can be found. For example, Bahli and Rivard (2001) proposed a model for defining and measuring IT outsourcing risk based on transaction cost and agency theory. Willcocks et al. (1999) conducted a longitudinal case research on risk mitigation in IT outsourcing operation. Prior studies have significantly advanced risk factor identification of IT outsourcing. However, in the existing studies, the major limitation is that the interrelationships among risk factors are not involved. This incurs the inaccuracy in the process of determining the importance and classification of risk factors, together with the low-performance implementation of risk control. Hence, it is necessary to develop a routine method for solving the problem of risk factor identification considering the interrelationships among risk factors. This is the motivation of our study. The purpose of this paper is to develop a method for identifying risk factors of IT outsourcing, in which the interrelationships among risk factors are considered. Firstly, based on the literature review and interviews with experts in IT industry, risk factors of IT outsourcing are figured out. Then, the description and analysis of the interrelationships among risk factors are given. Furthermore, based on the 2-tuple fuzzy linguistic representation model (Herrera and Martínez, 2000 and Herrera and Martínez, 2001) and the classical Decision Making Trial and Evaluation Laboratory (DEMATEL) method (Fontela and Gabus, 1976, Gabus and Fontela, 1972 and Gabus and Fontela, 1973), an extended DEMATEL method is developed to identify the importance and classification of risk factors. This paper is organized as follows. Section 2 lists the risk factors of IT outsourcing. Section 3 analyzes the interrelationships among risk factors. Section 4 introduces the 2-tuple fuzzy linguistic representation model. Section 5 presents an extended DEMATEL method to identify the importance and classification of risk factors. Section 6 illustrates the potential of the proposed method through a case study. Finally, Section 7 summarizes and highlights the main features of the method proposed in this paper.

This paper presents an extended DEMATEL method for identifying risk factors of IT outsourcing using interdependent information among risk factors. Using the method, the importance and classification of risk factors can be obtained to facilitate the decision making on risk factor identification and risk control in the process of IT outsourcing. The proposed method has the distinct merits as discussed below. The interrelationships among risk factors that significantly affect the identification of the importance and classification of risk factors are involved in the proposed method, whereas it is neglected in the existing methods. This consideration covers the Domino Effect among factors in the decision analysis process of risk factor identification, which is consistent with the real world situations. Thus, it will benefit the practitioners who are dealing with the risk management of IT outsourcing. In the proposed method, the 2-tuple fuzzy linguistic representation model and the classical DEMATEL are integrated to identify the importance and classification of risk factors of IT outsourcing in a linguistic environment. Especially, the 2-tuple fuzzy linguistic representation model is used to process linguistic terms, which can avoid information loss. Thus, compared with the existing fuzzy DEMATEL methods (e.g., Wu and Lee, 2007 and Lin and Wu, 2008), the proposed method is more suitable to deal with the interdependent information in the form of linguistic terms. It is important to highlight that, since the method presented in this paper differentiates from the existing methods, it gives decision makers one more choice for identifying risk factors of IT outsourcing. In addition, the proposed method also contributes to the theoretical investigation of risk factor identification using interdependent information in linguistic environment. In terms of future research, some new methods need to be developed to solve the problems of risk factor identification with hybrid interdependent information such as numerical values, interval numbers and linguistic terms.