**5.1 Research design**

The main function of the research design is to:


There are three main approaches to research. According to Creswell (2003), these are qualitative, quantitative and mixed method approach.

Exploring the Risks of Knowledge Leakage: An Information Systems Case Study Approach 275

Fig. 1. The PB-ISR framework: a research framework to support Practice-based IS research

Questionnaire Survey

Theory Extension

Nonetheless, risk analysis is inherently a causal and explanatory analysis which requires special attention to internal validity (Yin, 2003). This is essential whenever a study aims at establishing explanations and causal relations. Internal validity establishes that certain conditions lead to others and requires the use of multiple pieces of evidence from multiple sources to uncover convergent lines of inquiry. Therefore, throughout the study there was an on-going interaction between theory and the data collected. Concept maps were used to represent the data collected as they allow for the establishment of chains of evidence forward and backward. These concept maps allowed a comparative analysis between the results collected from the case study with the theoretical stance, as well as a constant reinterpretation of new findings and already accepted causal chains. Thus the data gained through exploratory interviews were based on the knowledge, experience and perspectives of the respondents. Consequently, a cross sectional survey of similar companies in the UK interacting with 3D models was considered appropriate in order to gain a more holistic

Supported by risk typologies and conceptual understandings drawn from the literature review, initial exploratory interviews were undertaken with the Technical Director (TD), the Development Director (DD), Security and Database Administrator (SDA), Sales and Marketing Director (SMD), Lead Software Developer (LSD) and members of his team. These interviews allowed for an early identification and assessment of risks and were used to

questions (Annansingh & Nunes, 2005).

Case Study Analysis

**5.1.2.1 Interviews** 

understanding of the leakage risks (Annansingh & Nunes, 2005).

Theory Building and Testing

Literature Review

Research Question

Reality of Evidence

provide greater insight into KL risks with such systems.

A mixed method approach is adopted with a dominant qualitative method and supporting quantitative method (QUAL – quan) (Creswell, 2003). One of the reasons for conducting a qualitative study is the research is exploratory and involves the use of a case study. In order to validate the results from this case study a cross sectional questionnaire survey is used. Thus, the study is theoretically driven by a qualitative case study research method with a complementary quantitative cross sectional survey (Tashakkori & Teddlie, 1998; Creswell 1994). Additionally, since not much has been written about the risk of KL resulting from VREs, obtaining both the perceptions and perspectives of various individuals as well as reaching a consensus within a population will assist with the generalisation of the findings. The mixed method procedure used to accomplish this is sequential as described by Creswell (2003). The underlying principle driving this research is the qualitative method as interviews provide the bulk of the information, in addition to the use of both open and closed ended questions in the questionnaires.

Having established the research paradigm, design and chosen methodology, the next logical step is to define the strategy necessary to achieve this goal. A number of IS taxonomy were examined, however none of these models were viewed as being singularly appropriate for this study. As such, an adaptation was done to Galliers (1992) IS taxonomy. Therefore, the rationale for the study consists of identifying the base-events that may trigger the risks, defining and characterising the risks, and finally proposing recommendations on how to minimise and remediate their occurrence.

This research develops and uses the practice-based IS research (PB-ISR) framework presented in Figure 1. This PB-ISR framework is particularly useful for projects where research questions emerge from real-life organisational processes and problems encountered in practice. Thus the formulation of the research question is inherently linked with practice rather than theory (Annansingh & Nunes, 2005).

#### **5.1.1 Research question**

Foreshadowed problems are the starting point of any research (Hammersley & Atkinson, 1994). In this study, the foreshadowed problem emerges from the unexpected fact, that using VREs may result in risks of KL.

In fact, despite the many advantages offered by VREs, their very nature poses risks exposure owing to the fact that the environments produced are intuitive, realistic, browsable and link to comprehensive specialised and technical databases. For Company 3D, the problem is particularly complex, since they produce these virtual environments on behalf of very specialised and high-tech companies, which in turn make these 3D models available both internally and externally to their customers. Thus the research question driving this project emerged from the increasing awareness by Company 3D, that these risks could become crucial in the success of their products and services.

#### **5.1.2 Case study research**

The use of case studies as a research tool has become increasingly important, as they are excellent at simplifying complex issues or objects and can draw on experience and/or add to the strength of information from other researchers (Soy, 1998). A case study strategy, can be used for either one of three purposes – exploratory, descriptive or exploratory (Yin, 2003; Walsham, 1993). A single exploratory case study was employed using Company 3D since it was considered typical of other SMEs involved with 3D models. Owing to this, a case-study research design was implemented based on the triangulation of methods presented.

Fig. 1. The PB-ISR framework: a research framework to support Practice-based IS research questions (Annansingh & Nunes, 2005).

Nonetheless, risk analysis is inherently a causal and explanatory analysis which requires special attention to internal validity (Yin, 2003). This is essential whenever a study aims at establishing explanations and causal relations. Internal validity establishes that certain conditions lead to others and requires the use of multiple pieces of evidence from multiple sources to uncover convergent lines of inquiry. Therefore, throughout the study there was an on-going interaction between theory and the data collected. Concept maps were used to represent the data collected as they allow for the establishment of chains of evidence forward and backward. These concept maps allowed a comparative analysis between the results collected from the case study with the theoretical stance, as well as a constant reinterpretation of new findings and already accepted causal chains. Thus the data gained through exploratory interviews were based on the knowledge, experience and perspectives of the respondents. Consequently, a cross sectional survey of similar companies in the UK interacting with 3D models was considered appropriate in order to gain a more holistic understanding of the leakage risks (Annansingh & Nunes, 2005).

#### **5.1.2.1 Interviews**

274 New Research on Knowledge Management Models and Methods

A mixed method approach is adopted with a dominant qualitative method and supporting quantitative method (QUAL – quan) (Creswell, 2003). One of the reasons for conducting a qualitative study is the research is exploratory and involves the use of a case study. In order to validate the results from this case study a cross sectional questionnaire survey is used. Thus, the study is theoretically driven by a qualitative case study research method with a complementary quantitative cross sectional survey (Tashakkori & Teddlie, 1998; Creswell 1994). Additionally, since not much has been written about the risk of KL resulting from VREs, obtaining both the perceptions and perspectives of various individuals as well as reaching a consensus within a population will assist with the generalisation of the findings. The mixed method procedure used to accomplish this is sequential as described by Creswell (2003). The underlying principle driving this research is the qualitative method as interviews provide the bulk of the information, in addition to the use of both open and

Having established the research paradigm, design and chosen methodology, the next logical step is to define the strategy necessary to achieve this goal. A number of IS taxonomy were examined, however none of these models were viewed as being singularly appropriate for this study. As such, an adaptation was done to Galliers (1992) IS taxonomy. Therefore, the rationale for the study consists of identifying the base-events that may trigger the risks, defining and characterising the risks, and finally proposing recommendations on how to

This research develops and uses the practice-based IS research (PB-ISR) framework presented in Figure 1. This PB-ISR framework is particularly useful for projects where research questions emerge from real-life organisational processes and problems encountered in practice. Thus the formulation of the research question is inherently linked with practice

Foreshadowed problems are the starting point of any research (Hammersley & Atkinson, 1994). In this study, the foreshadowed problem emerges from the unexpected fact, that

In fact, despite the many advantages offered by VREs, their very nature poses risks exposure owing to the fact that the environments produced are intuitive, realistic, browsable and link to comprehensive specialised and technical databases. For Company 3D, the problem is particularly complex, since they produce these virtual environments on behalf of very specialised and high-tech companies, which in turn make these 3D models available both internally and externally to their customers. Thus the research question driving this project emerged from the increasing awareness by Company 3D, that these risks could

The use of case studies as a research tool has become increasingly important, as they are excellent at simplifying complex issues or objects and can draw on experience and/or add to the strength of information from other researchers (Soy, 1998). A case study strategy, can be used for either one of three purposes – exploratory, descriptive or exploratory (Yin, 2003; Walsham, 1993). A single exploratory case study was employed using Company 3D since it was considered typical of other SMEs involved with 3D models. Owing to this, a case-study

research design was implemented based on the triangulation of methods presented.

closed ended questions in the questionnaires.

minimise and remediate their occurrence.

**5.1.1 Research question** 

**5.1.2 Case study research** 

using VREs may result in risks of KL.

rather than theory (Annansingh & Nunes, 2005).

become crucial in the success of their products and services.

Supported by risk typologies and conceptual understandings drawn from the literature review, initial exploratory interviews were undertaken with the Technical Director (TD), the Development Director (DD), Security and Database Administrator (SDA), Sales and Marketing Director (SMD), Lead Software Developer (LSD) and members of his team. These interviews allowed for an early identification and assessment of risks and were used to provide greater insight into KL risks with such systems.

Exploring the Risks of Knowledge Leakage: An Information Systems Case Study Approach 277

the cross sectional survey. Descriptive data analysis provides simple summaries about the sample and the measures adopted. Together with simple graphic analysis, it forms the basis of quantitative data analysis. Both descriptive univariate and bivariate analysis were conducted and made use of percentages, frequencies, diagrams, cross tabulation and

KL occurs via three main pathways: organisational KL, technological KL and from the KM Process. Based on each of these pathways a discussion now ensue which focuses on the

A firm's competitive advantage lies in its ability to prevent the loss of knowledge across the organisation's boundaries (Brown & Duguid 2000). KL occurs when the ideas develop in the originating company – where it is being used -- are leaked to the production line of its competitors. The combination of a virtual reality world with a precise description of construction and operational details has been identified as a possible knowledge exposure risk and a threat to internal KM. The use of VREs therefore is a fantastic tool for competitors and other unauthorised personnel to detect, understand and monitor events in the organisation. This is based on the fact that even though organisations have established formal and bounded structures of practice, informal and fluid networks are constantly evolving. Once instituted, these networks adopt an entirely different role from those formally established in the organisation. Thus as individuals in the organisation "*work collaboratively and vital interstitial communities are continually being formed and reformed"* (Brown & Duguid, 2000), knowledge is being disseminated and shared. The dissemination and sharing of this knowledge can result in KL. Quite often networks are formed and established outside the confines of the regular organisational structure and even outside its boundaries. Therefore, due to these processes and activities KL is not only occurring

In addition, from the results several risks were identified as being particular to 3D models as well as those generic to IS projects. The fact that the creation of these environments is fairly new, highlights additional problems for developers, outside the regular software development problems, as development of this sort, can result in longer project cycles and a number of generic vulnerabilities which can lead to project and software risks that affected the quality and performance of the system. Thus it was expressed by developer's that customers would experience problems with the expected performance of the system especially with regards to the information retrieval and storage, real time responses, and database response, contentions or access. The probability of these problems occurring was seen as 'high'. This phenomenon was however, not surprising owing to the fact that the use of 3D models to produce VREs is constantly emerging. These applications are then navigated in a PC environment using a variety of 3D viewing packages. These environments create authentic and detailed virtual models of artefacts that are easily navigable and contain comprehensive information which are queried by users or employees at the click of the mouse (Nunes & Annansingh, 2003). Consequently, evidence indicates the following are most likely risks to occur thus leading to KL, theft; data readily interpreted, easy analysis of information; easy accessibility. In addition, due to the verisimilitude nature these environments make it difficult to monitor environmental

correlations (De Vaus, 2002).

internally but also externally.

different types of KL.

**6. Presentation and discussion of the findings** 

**6.1 Organisational knowledge leakage** 

#### *5.1.2.1.1 Data analysis interviews*

Data analysis of qualitative data begins with the identification of key themes and patterns (Coffey & Atkinson, 1996). Base on the interviews, initial data analysis was conducted via a question by question summary. Following this, open coding was used to identify, name, categorise and describe significant themes and issues found in the interview scripts. The codes emerged from actual terms used by the participants as well as those in existing theory and the literature (Saunders et al., 2009). Consequently, for open coding each sentence in the interview scripts were scrutinised in relation to risks identification and KL risks in VREs, this enabled the broadening of the research focus while keeping within the exploratory confines.

Further to the use of open coding, axial coding was used. Axial coding was used to identify the relationships between the categories of data that emerged from the open coding process. As the relationship between categories were identified they were rearranged based on a hierarchal system with sub-categories emerging (Saunders et al., 2009). Axial coding was used to determine the risks arising from each vulnerability as well as the consequences associated with the risks identified (Coffey & Atkinson, 1996). Here based on the key concepts and the associated risks, the properties or consequences of each were examined via a combination of inductive and deductive thinking.

From these categories, selective coding was used to group the different types of risks into key concepts around KL. Since selective coding was used to identify the main concepts from the sub-categories, a number of key concepts emerged (Saunders et al., 2009). Concepts were used as they provide useful mental images or perceptions. Since concepts are subjective impressions—their understandings may differ from person to person which if measured would cause problems in comparing responses (Kumar, 2011). The decision to assign concepts to the data was done to facilitate data condensation, thus making it more manageable. A number of key concepts were identified from this set of data, namely: organisational KL risks, KL from the KM process and technological KL.

From these concepts, relevant phenomena and examples were identified and selected to support such occurrences. Here similarities and differences were identified with a number of emerging patterns and structures, thus facilitating a more diverse analytical scrutiny (Coffey & Atkinson, 1996). Based on the risks and key concepts identified from employing open, axial and selective coding, testing of these phenomena was done via the use of a questionnaire survey.

#### **5.1.2.2 Questionnaires**

Having completed the analysis and representation of the data from the interviews a cross sectional survey was sent to companies in the UK. This questionnaire survey was used as a validation tool, that is, it was conducted to validate the findings of the case-study by querying the industry sectors that are involved in the design, development and use of 3D virtual models. This approach was adopted as recommended in De Vaus (1996). The aim was to determine whether risks identified from the case study were a true representation of perceptions in the sector. Postal questionnaires were sent to SMEs and targeted a wide group within the organisation with different job functions. 300 companies were selected as matching the criteria of designing and developing 3D models, 40 however had ceased trading and 50 useable questionnaires were returned.

#### *5.1.2.2.1 Data analysis questionnaire*

The use of descriptive data analysis facilitates the exploration of key issues. Like the questionnaire in the case study, descriptive data analysis is used to analysed the data from the cross sectional survey. Descriptive data analysis provides simple summaries about the sample and the measures adopted. Together with simple graphic analysis, it forms the basis of quantitative data analysis. Both descriptive univariate and bivariate analysis were conducted and made use of percentages, frequencies, diagrams, cross tabulation and correlations (De Vaus, 2002).
