**3. KM and risk management thinking**

IS development activities consume a significant amount of time, energy and resources in most organisations, yet there are many instances when the potential benefits from these activities do not materialised. Much of the difficultly lies with the uncertainty faced during these projects – which is inherent in their development. It is well recognised that effective development and implementation of IS projects requires considerable planning. Quite often project management techniques are used to ensure the efficient and timely execution of a project. However, the deployment of human resources and scheduling of the project activities are not without uncertainty which leads to risks (Alter & Ginzberg, 1978).

Risks are an inevitable reality, however, attempting to recognise and manage them does not constitutes a futile exercise (McCarthy, 2001). According to Williams et al., (1999), the more one understands risk the better-equipped one is to manage it. According to Boehm, (1989*)*  risks is: "*the probability of loss".* Ensuing discussion, therefore, is primarily based on this simplistic definition of risks. There are two factors inextricably associated with risk, namely:


Many IS projects fail not because of technological or project management reasons but because of organisational pressures (McCarthy, 2001). Hence the importance of exploring and maintaining such strategic risk management framework and the relevance of

Exploring the Risks of Knowledge Leakage: An Information Systems Case Study Approach 273

senior engineers to have access to whatever information is needed to populate the database. These environments are also easily accessible and can be navigated by even those with very limited training (Annansingh & Nunes, 2005). This is a dynamic environment which

IS research traditionally adopted a positivist approach. However, since the objective of this

use a questionnaire survey to validate and assess risks identified in the literature review

It was believed the perception and perspectives of participants would provide deeper understanding into issues surrounding the development of this software and associated risks, rather than a positivists' approach which prohibits such rich descriptions (Bharadwaj, 2004). Consequently, a constructivist rather than a positivist paradigm is adopted. The constructivist paradigm according to Denzin & Lincoln (1998: 27) "assumes a relativist ontology (there are multiple realities), a subjectivist epistemology, (knower and subject create understandings), and a naturalistic (in the natural world) set of methodological procedures". The interpretivist paradigm which falls under the general umbrella of social constructivism focuses on the understanding of the world as it is, as well as an understanding of the social world from the level of subjective experience. Burrell and Morgan (1985:28) claims that an interpretivist paradigm "seeks explanation within the realm of individual consciousness and subjectivity, within the frame of reference of the participant as opposed to the observer of the action". Based on these arguments and the need to extract the perceptions and perspectives of participants, an

From an ontological perspective, interpretivist researchers view the social world as extremely complex and problematic, where everyday life is an incredible achievement. The interpretivist researcher therefore seeks to interpret, understand, experience or produce the very basis and source of social reality (Burrell & Morgan, 1985; Mason 2002). Additionally this study is an exploratory case study research. The adoption of an interpretivist approach rather than positivist is selected on the basis that the validity of an extrapolation does not depend on the statistical representation of such case/s in a statistical sense but rather on the plausibility and clarity of the logical reasoning used in describing the results and drawing

conceptualise the operational plan to undertake the different procedures and tasks

ensure that the procedures are sufficient to obtain valid, objective and accurate answers

There are three main approaches to research. According to Creswell (2003), these are

encourages creativity and risks taking.

interpretivist stance seems appropriate.

conclusions from the cases (Walsham, 1993).

The main function of the research design is to:

necessary for the execution of the research;

qualitative, quantitative and mixed method approach.

to the research question (Kumar, 2011).

**5.1 Research design** 

characterise and identify risks from the case study.

**5. Research methodology** 

and case study.

chapter is to:

incorporating this framework with the strategic management policy of the organisation is paramount for success. Besides the strategic focus particular attention needs to be paid to operational risks with continuous risk management thinking.

The application of risk management allows for continuous improvement in decision-making processes. The objective therefore is to provide new insights, thus empowering managers to make informed decisions. One of the key issues arising from the risk management process is risk assessment. This constitutes a number of phases, which are primarily the identification, analysis and prioritisation of such risks (Yeates & Cadle, 2007; Pate-Cornell, 2001; Kliem & Ludin, 2000).

Since risk investigation in KL in VREs is lacking, the focus of the chapter is on the identification and analysis of such risk factors. Thus from the stages in the risk management process only the risk identification and analysis phases is considered relevant in this discussion. Consequently, special consideration is given to risk identification techniques in IS so as to provide the underlining framework for classification. The risk identification process will focus on software risks since VREs falls under this generic heading with specific attention given KL risks.
