Lars Mathiassen

Managing risk in software process improvement: an action research approach

Many software organizations engage in software process improvement (SPI) initiatives to increase their capability to develop quality solutions at a competitive level. Such efforts, however, are complex and very demanding. A variety of risks makes it difficult to develop and implement new processes. We studied SPI in its organizational context through collaborative practice research (CPR), a particular form of action research. The CPR program involved close collaboration between practitioners and researchers over a three-year period to understand and improve SPI initiatives in four Danish software organizations. The problem of understanding and managing risks in SPI teams emerged in one of the participating organizations and led to this research. We draw upon insights from the literature on SPI and software risk management as well as practical lessons learned from managing SPI risks in the participating software organizations. Our research offers two contributions. First, we contribute to knowledge on SPI by proposing an approach to understand and manage risks in SPI teams. This risk management approach consists of a framework for understanding risk areas and risk resolution strategies within SPI and a related process for managing SPI risks. Second, we contribute to knowledge on risk management within the information systems and software engineering disciplines. We propose an approach to tailor risk management to specific contexts. This approach consists of a framework for understanding and choosing between different forms of risk management and a process to tailor risk management to specific contexts.

Contextual dynamics during health information systems implementation: an event-based actor-network approach

Despite its information-intensive nature and considerable investments, healthcare continues to lag behind other industries in effectively exploiting information technology (IT). This paradox suggests that the healthcare industry presents particular challenges for successful implementation of information systems. As a result, there is an increasing interest in research into how information systems implementation efforts are shaped in interaction with the healthcare context. This paper contributes to this emerging body of knowledge by applying Actor-Network Theory (ANT) to explore the implementation of a radiology network system in a Swedish hospital. The analysis of the process reveals how complex contextual dynamics had disruptive effects. First, we identified important dynamics related to implementation content; these were mainly expressed as tensions between the radiology network system and medical work practices. Second, we found important dynamics related to implementation context; these were mainly expressed as tensions between shifting networks of actors within the implementation project and the broader institutional setting. Seeking to understand contextual dynamics during healthcare information systems implementation, we use events to focus, structure, and present the ANT analysis. This event-based approach furthers our understanding of how researchers can apply ANT to study IT-based change in general.

Automating the Discovery of As-Is Business Process Models: Probabilistic and Algorithmic Approaches

In the current corporate environment, business organizations have to reengineer their processes to ensure that process performance efficiencies are increased. This goal has lead to a recent surge of work on Business Process Reengineering (BPR) and Workflow Management. While a number of excellent papers have appeared on these topics, all of this work assumes that existing (AS-IS) processes are known. However, as is also widely acknowledged, coming up with AS-IS process models is a nontrivial task, that is currently practiced in a very ad-hoc fashion. With this motivation, in this paper, we postulate a number of algorithms to discover, i.e., come up with models of, AS-IS business processes. Such methods have been implemented as tools which can automatically extract AS-IS process models. To the best of our knowledge, no such work exists in the BPR and workflow domain. We back up our theoretical work with a case study that illustrates the applicability of these methods to large real-world problems. We draw on...

Business agility and diffusion of information technology

European Journal of Information Systems (2006) 15, 116–119. doi:10.1057/palgrave.ejis.3000610 While agility has recently attracted considerable attention in studies of systems development and management of information technology (IT), there is limited recognition within the information systems discipline of the important impact agility has already had on organizational studies in general. The extensive literature on agile development approaches has, for example, few or no links to the considerable literature on organizational agility that has developed since the Agility Forum was founded at Lehigh University in 1991 (Dove, 2001). The purpose of this special issue is to bridge this gap and to create a strong foundation for continued studies of the relationship between business agility and the diffusion of IT into organizational contexts. We believe this to be a timely purpose as organizations rebalance their IT infrastructure and portfolio of IT innovations in preparation for the future.

Pluralist action research: a review of the information systems literature*

Action research (AR) has for many years been promoted and practised as one way to conduct field studies within the information systems (IS) discipline. Based on a review of articles published in leading journals, we explore how IS researchers practise AR. Our review suggests that AR lends itself strongly towards pluralist approaches which facilitate the production of both theoretical and practical knowledge. First, on the level of each study we analyse how research and problem‐solving activities are mixed, in three ways: the research dominant, the problem‐solving dominant and the interactive approaches. Second, in the context of the wider research programme in which the study is situated, we analyse how AR is mixed with other research methods, in two ways: the dominant and the sequential approaches. We argue that these pluralist practices of mixing types of research activities and types of research methods provide IS action researchers with a rich portfolio of approaches to knowledge production. This portfolio helps them address the risks involved in AR to ensure their efforts contribute to the literature as well as to practical problem‐solving.

Managing Risks in Distributed Software Projects: An Integrative Framework

Software projects are increasingly geographically distributed with limited face-to-face interaction between participants. These projects face particular challenges that need careful managerial attention. While risk management has been adopted with success to address other challenges within software development, there are currently no frameworks available for managing risks related to geographical distribution. On this background, we systematically review the literature on geographically distributed software projects. Based on the review, we synthesize what we know about risks and risk resolution techniques into an integrative framework for managing risks in distributed contexts. Subsequent implementation of a Web-based tool helped us refine the framework based on empirical evaluation of its practical usefulness. We conclude by discussing implications for both research and practice.

The influence of checklists and roles on software practitioner risk perception and decision-making

This paper investigates: (1) the influence of risk checklists on software practitioner risk perception and decision-making, and (2) the influence of role (inside project manager vs. outside consultant) on software practitioner risk perception and decision-making. Evidence on these points is presented based on a role playing experiment conducted with 128 software practitioners. Results show that a risk checklist helps software practitioners identify more risks than they would identify without the aid of a checklist. However, the role assigned to subjects did not seem to affect either their risk perception or behavior. The number of risks identified did not affect decision-making, but the use of a risk checklist appeared to shape subjects’ perceptions of which risks were salient in the scenario. Interestingly, subjects using a checklist were able to identify more seeded risks in the scenario, but they also identified more unseeded risks. Implications for research and practice are discussed.

A framework for software risk management

We present a simple, but powerful framework for software risk management. The framework synthesizes, refines, and extends current approaches to managing software risks. We illustrate its usefulness through an empirical analysis of two software development episodes involving high risks. The framework can be used as an analytical device to evaluate and improve risk management approaches and as a practical tool to shape the attention and guide the actions of risk managers.

Managing knowledge in a software organization

This paper explores the practical usage of insights on knowledge management (KM) to support innovation in a software organization. The organization has for some time engaged in software process improvement (SPI) initiatives to improve its operation. The paper applies two complementary approaches to KM, the codified and the personalized, to evaluate current KM practices and to improve its SPI practices. Based on the insights from the case we review key principles within SPI and evaluate the applied KM approaches. We conclude that it is advisable for SPI efforts to explicitly address KM issues. Each software organization has to find its own balance between personalized and codified approaches, this balance needs to be dynamically adjusted as the organization matures, and the adopted KM approach should differentiate between different types of SPI services.

Dialectics of resilience: a multi-level analysis of a telehealth innovation

Resilience is commonly portrayed as a positive capability that allows individuals, groups, and organizations to thrive in dynamic contexts.This paper questions this oversimplified view based on a dialectical analysis of a telehealth innovation within a network of collaborating hospitals. We analyze the major contradictions that characterize the adoption of the innovation. First, we analyze contradictions between individuals and groups within each adopting organization. Second, we analyze contradictions between the adopting organizations. This multi-level analysis leads to a deeper understanding of resilience as a dialectical process. The analysis of the case shows that, although the participating individuals, groups, and organizations demonstrated apparent resilience in adopting the telehealth innovation, the innovation remained in a fragile state, where it was unclear whether it would continue to diffuse, stabilize as-is, or slowly deteriorate. Hence, while resilience facilitated swift and successful adoption, it also created tensions that endangered further diffusion and the long-term sustainability of the telehealth innovation. We suggest that understanding the future success of the innovation would be facilitated to a large extent by a dialectical analysis of the involved contradictions.