• Login
    View Item 
    •   ResearchSpace Home
    • College of Law and Management Studies
    • School of Management, IT and Governance
    • Information Systems and Technology
    • Masters Degrees (Information Systems and Technology)
    • View Item
    •   ResearchSpace Home
    • College of Law and Management Studies
    • School of Management, IT and Governance
    • Information Systems and Technology
    • Masters Degrees (Information Systems and Technology)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Managing IT outsourcing risks: the case of large organisations in South Africa.

    Thumbnail
    View/Open
    Badru_Abdulbaqi_Eyitayo_2017.pdf (1.682Mb)
    Date
    2017
    Author
    Badru, Abdulbaqi Eyitayo.
    Metadata
    Show full item record
    Abstract
    Information technology (IT) is significant to achieving business objectives. Despite the significance of IT to the business, organisations are outsourcing the whole, or part thereof, of their IT department to reduce cost and focus on the core of their business. The outsourcing of IT, however, comes together with risks such as vendor lock-in, loss of control and information breaches that could lead to IT outsourcing (ITO) failure. If these risks are not properly identified and managed, organisations will remain vulnerable. While studies have been conducted on ITO and risk management, very few have conducted exploratory research to address how to manage the risks of ITO. Hence, using a qualitative approach, this study explored how large organisations manage the common risks of ITO. These risks are the operational risk, business continuity risk, data privacy risk and compliance risk of the IT Service Provider (ITSP). The study further explored the impact of these risks on large organisations and the mitigating controls organisations can have in place to reduce their impact and likelihood of occurrence. Interviews, which were recorded, was conducted with 12 experts from two large organisations in South Africa. The recorded interviews were transcribed, coded using NVivo software and analysed using thematic analysis. The main themes of this study were governance, develop ITO risk profile, ITSP audit, risk treatment, and assurance. Findings show that organisations need to constitute a Risk Management Committee with a substantial level of experience in the management of risks and ITO. This is to ensure the effective identification, assessment and treatment of ITO risks. Furthermore, the constituted Risk Committee must conduct verification exercises to identify the inherent risks of ITO. They must also conduct maturity assessment and business impact analysis (BIA) in assessing the probability of occurrence and impact of ITO risks. The Committee must establish technical and administrative controls in mitigating the risks of ITO. The findings further show that organisations must integrate risk governance and assurance polices in their ITO risk management strategy to continuously monitor residual risks and identify potentially new risks. A governance Framework for IT Service Provider Risk Management (ITSPRM) that may serve as a guide in the effective management of ITO risks was also developed and presented.
    URI
    https://researchspace.ukzn.ac.za/handle/10413/18164
    Collections
    • Masters Degrees (Information Systems and Technology) [67]

    DSpace software copyright © 2002-2013  Duraspace
    Contact Us | Send Feedback
    Theme by 
    @mire NV
     

     

    Browse

    All of ResearchSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsAdvisorsTypeThis CollectionBy Issue DateAuthorsTitlesSubjectsAdvisorsType

    My Account

    LoginRegister

    DSpace software copyright © 2002-2013  Duraspace
    Contact Us | Send Feedback
    Theme by 
    @mire NV