**Exploring the Risks of Knowledge Leakage: An Information Systems Case Study Approach**

Fenio Annansingh *Plymouth University United Kingdom* 

### **1. Introduction**

268 New Research on Knowledge Management Models and Methods

Tschaitschian, B., Abecker, A., Hackstein, J. & Zakaoui, J. (2000). Internet Enabled Corporate

Webb, S. P. (1998). *Knowledge Management: Linchpin of Change. Some Practical Guidelines,*

41, Idea Group Publishing, ISBN 1-878289-82-9, London, UK

Aslib, ISBN 0-85142-414-7, London, UK

Knowledge Sharing and Utilization, In: *Internet-Based Organizational Memory and Knowledge Management,* D. G. Schwartz, M. Diviniti & T. Brasethvik, (Eds.), pp. 25-

> Companies in high-tech industries are increasingly investing in 3D and virtual reality (VR) packages to support customers in understanding and using their products. These packages are now taking the form of 3D virtual reality environments (VREs) where employees can navigate, browse and learn in an authentic, close to reality context. These products supported by combinations of photographic techniques and virtual reality programming platforms are becoming increasingly popular and indeed very effective training tools. They provide for realistic contexts and easily navigable environments, which are ideal media for training in complex and specialised settings.

> These VREs promote specialised knowledge and technical skills within authentic environments and reinforce acquired knowledge by increased interactions with both the environment and the objects that compose it. These user-friendly and intuitive interactions encourage creativity and innovative thinking (Nunes & Annansingh, 2003). Furthermore, because these environments are usually web-based applications, hyperlinks enable access to vast amounts of both company specific and general information. This combination of use with precise descriptions of operational details have been identified by companies using them as posing possible risk of knowledge leakage (KL) exposure, thus, representing a threat to organisational knowledge management (KM). This chapter will discuss the findings of a study which explore this exact issue.

> Therefore, the motivation behind this chapter is based on the identification and characterisation of KL risks associated with information systems (IS), namely VREs. The concept of KL has now evolved and increasingly literature searches indicate that KL is now emerging as a major consideration for businesses and academia alike. The definition for KL used in this chapter is:

*"knowledge leakage is the deliberate or accidental loss of knowledge to unauthorised personnel within or outside of an organisational boundary". (Annansingh, 2004)* 

In the past, IS projects have adopted a positivist approach, which focuses primarily on the development process associated with the technology rather than the perception and perspectives of the people involved in the developmental process (Bharadwaj, 2004). From an IS point of view interpretivist is an epistemological stance, concerned with the users' understanding of reality. It embraces a wide range of philosophical and sociological stances, which share the common characteristics of attempting to understand and explain the social world from the perspective of the actors directly involved in the social process (Burrell &

Exploring the Risks of Knowledge Leakage: An Information Systems Case Study Approach 271

In general, KM in organisations should be seen as the process of critically managing knowledge to meet existing needs, to identify and exploit existing and acquired knowledge and to develop new knowledge in order to take advantage of new opportunities and challenges (Quintas et al., 1997). Strategically, KM must be seen as an approach to: manage organisational knowledge assets, support management decision making; enhance competitiveness, and increase capacity for creativity and innovation (Zyngier et al., 2004). Operationally, KM should be viewed as a cycle that starts with knowledge creation, which is followed by knowledge interpretation, knowledge dissemination and use, and knowledge

There are several classifications of knowledge with the most common being explicit, implicit and tacit knowledge (Nonaka & Takeuchi, 1995; McInerney & Koenig, 2011; Polanyi, 1974). Explicit knowledge can be transmitted using logical language and hence can easily be shared and stored (Srikantaiah & Koenig, 2000). Tacit knowledge on the other hand is intangible; it is not easily codified and articulated in formal languages. Nonetheless according to Nonaka & Takeuchi (1995) both types of knowledge do not compete with each other, but rather be supplemented by each other. Implicit knowledge can be transferred, but

However, regardless of the philosophical stance adopted about knowledge and KM this research focuses on the leakage of knowledge rather than its classification and management meanings ascribed to this concept. KM activities and in particular the forgone are prone to

IS development activities consume a significant amount of time, energy and resources in most organisations, yet there are many instances when the potential benefits from these activities do not materialised. Much of the difficultly lies with the uncertainty faced during these projects – which is inherent in their development. It is well recognised that effective development and implementation of IS projects requires considerable planning. Quite often project management techniques are used to ensure the efficient and timely execution of a project. However, the deployment of human resources and scheduling of the project

Risks are an inevitable reality, however, attempting to recognise and manage them does not constitutes a futile exercise (McCarthy, 2001). According to Williams et al., (1999), the more one understands risk the better-equipped one is to manage it. According to Boehm, (1989*)*  risks is: "*the probability of loss".* Ensuing discussion, therefore, is primarily based on this simplistic definition of risks. There are two factors inextricably associated with risk, namely:

Many IS projects fail not because of technological or project management reasons but because of organisational pressures (McCarthy, 2001). Hence the importance of exploring and maintaining such strategic risk management framework and the relevance of

KL due to its very nature because KM processes are coupled with the use of VRE.

activities are not without uncertainty which leads to risks (Alter & Ginzberg, 1978).

 the probability of failing to achieve a goal or a particular outcome; and the consequences of failing to achieve said outcome (Parry, 1999).

Customer relationships

Management decision-making.

retention and refinement (De Jarnett, 1996).

**3. KM and risk management thinking** 

**2.1 Knowledge management characterisation** 

without a conscious process, during learning (Jones & Miller, 2008).

Employee learning, satisfaction and retention, and

Morgan, 1985). It assumes that knowledge, within the domain of human action, is a necessary social construction and therefore inevitably subjective (Walsham, 1993). Hence an interpretivist paradigm was used with the research design comprising of two stages: an exploratory case-study and a cross-sectional sector wide survey used in order to validate the findings emerging from the first phase. Thus a mixed method approach using interviews and survey was employed.

The results show that knowledge embodiment and use in projects occurred during systems development and dissemination owing to the actual utilisation of the 3D models during business transactions and training activities. Since one of the primary goals of KM is to share, transfer and disseminate explicit knowledge, the sharing of this knowledge if done in an ad hoc manner can result in KL. Even the best laid KM policy or framework can be a source of KL due to the absence of an integrated risk management approach. In addition, the general nature of the KM models allows for KL, this weakness or discrepancy occurs where policies and practices do not merge. Another reason for KL is the fact that KM models have failed to consider the protection of knowledge within the organisation and across it boundaries.

In addition, current risk identification process in organisations tends to occur via two pathways. This is clearly based on the relationship between an interacting company and their direct customers and the resulting risks from this relationship. Risk identification and assessment have been characterised as fundamental for business continuity and to maintain a competitive advantage over ones competitor. It is essential for the successful business relationship between developing companies and its direct customers, and may ultimately be crucial for the acceptance and success of the 3D modelling solutions proposed. Each party should have an interest in determining the risk associated with acquiring and interacting with the 3D environments in their own organisation.
