Application Service Provision: Risk Assessment and Mitigation
Thomas Kern, Leslie P. Willcocks, Mary C. Lacity
Many business managers understand the value of renting applications over the Internet, such as lower total cost of ownership, fewer in-house IT staff, more rapid delivery of applications, scalable solutions, and superior cash flow. But there are also risks, such as power shifting asymmetrically to the supplier, suppliers overselling their capabilities, suppliers encountering subcontracting problems, and customer concerns about Internet security and reliability. In conducting ten case studies and surveying 270 companies, we developed a risk-assessment and risk-mitigation framework and learned four lessons about the Application Service Provision (ASP) space. One, ASP sourcing has many of the same risks as traditional IT outsourcing, but the pattern of likely risks differs. Most risks are greater with ASP, but some are the same or less. Two, business managers can learn how to assess ASP risks based on lessons from both traditional IT outsourcing and early ASP adopters. Three, mimicking ASP risk-mitigation strategies will not guarantee success, but many risk mitigation tools are available for most business environments. And four, ASP outsourcing, like all IT out-sourcing, requires significant in-house oversight.
Full Text: PDF
The mission of MISQE is to encourage practice-based research in information systems and to disseminate the results of that research in a manner that makes its relevance and utility readily apparent.