This paper reports on a study to determine the opinion of expert practitioners of the most important risks in the development of e-commerce projects. The 32 respondents in the final round of the survey were mainly project managers from South African software houses. Various academics and users of e-commerce systems also contributed to the survey. The Delphi technique was used to gather the data and to rank the risks.
Misunderstanding the users’ requirements emerged as the most significant risk, followed by the absence of declared business benefits. As with conventional systems, there is a risk of top management not getting totally committed to the project, very often giving verbal encouragement to the IT team but overlooking the impact on the business as a whole.
Respondents place a high importance on the security issues surrounding e-commerce projects. Transactions are subjected to more threats, and developers have to incorporate procedures to ensure transaction integrity and confidentiality, and then convince potential customers of the system's security. Other related issues include transaction tracability and database security and integrity.
Hype in the market suggested that there was a large risk of delivering systems too slowly as a result of “cumbersome” methodologies. The research did not find this to be the case.
Different perspectives emerged from the viewpoints of developers, project managers, clients/users and academics.
Information Systems (IS) and the development and management thereof have been the subject of many academic research studies since it became apparent that many, possibly even a majority of IS projects exceeded their allocated budgets and/or their planned timescales.
Software has characteristics which differentiate IT projects from other disciplines, such as construction/building projects. They include invisibility and flexibility (Brooks, 1975). Invisibility refers to the inability to visibly see progress, and the potential of software to be flexible results in the tendency to change scope and thereby threaten deadlines. In addition, all IT projects are unique (if they were not they would presumably be package implementations), and therefore the absence of usable historical benchmarks renders us somewhat ineffective when attempting to estimate project timescales.
One of the cornerstones of project management is risk management, and documented studies at various intervals from 1981 to 1998 have enabled IS managers to be aware of most of the potential risks during the development of IS projects. (See for instance McFarlan, 1981; Boehm, 1991; Barki, Rivard, & Talbot, 1993; Keil, Cule, Lyytinen, & Schmidt, 1998.) These risks vary from inexperience with applied technology, through misunderstanding user requirements, to lack of top management support. Some of these risks, such as the three just mentioned, prevail regardless of the computer architecture, and are expected to prevail indefinitely. Recent research (Keil et al., 1998) indicates that risks in projects can (broadly) be categorised as those over which the project manager has control, and those, which are caused by non-controllable elements. Different management strategies are needed to anticipate, avoid, recognise, and counteract these different categories.
This paper has confirmed that various risks are still prevalent, and that they occur in e-commerce as well as traditional projects. Misunderstanding the user requirements and the absence of declared business benefits emerging as the major risks, suggest that many projects are being initiated without feasibility studies and rigorous systems analysis. As with traditional systems, there is still a risk of top management not getting totally involved and committed to the project, very often giving verbal encouragement to the IT team but overlooking the fact that the project is going to have a major impact on the business as a whole, and necessitate the transformation of various business processes and the timing thereof.
Five items which can be attributed to electronic commerce were in the “top 10”, principally the impact on the distribution channels and web security issues. E-commerce systems are unlikely to flourish at the rate predicted by earlier hype, until there is more confidence and trust in the environment. This can only be achieved when potential users of e-commerce systems perceive that the accuracy and security, in the web environment, of data, systems and equivalents to cash, is no worse than that offered with conventional systems and procedures.
