Literature Review
2.1- Introduction
This student is determined to make use from literature involved with risk management and risk management strategies for several reasons:
first, Literature involved is very rich in studies and research that are saturated with information that sheds light at every aspect of risk management strategies especially risk involved with ICT rapid development risk. This gives student researcher the freedom and flexibility to use appropriate data and information in order to have a meaningful and useful thesis which may contribute to the existing literature.
Second, existing literature is not stagnant rather is dynamic and the world witnesses new studies and research every new day accompanied by new products and services
Third, although literature of ICT risks management strategies in general are very rich with avalanche of studies, reports, and comments and so forth however, except very few discuss ICT risk resulted from ICT rapid development, as it is observed by this student during his research for data sources and relevant literature. The reason for this literature wealth is ICT has become a part of human life. It has become a necessity for people to live, operate, work, study and being entertained. ICT revolution has changed not people traditional culture into digital culture only but also IT has become inseparable component of human’s life and activities (Sehrawat,2014). Matter of fact people around the globe have come to an era in which they cannot function without social media network, young people in particular. Young people spend long hours every day on browsing Facebook, YouTube and other network sites, and in a degree that such network sites have become people’s pass time.
Thus, living in the midst of a digital environment carries risks and potential risks of all types and from various sources. Such risks have caused tremendous pressures on both consumers and products and service providing companies, In turn, such pressures have made people be aware of these risks and became motivated to take measures and actions to deal with risks in an effective and decisive manner. In simple terms, it can be said that actions, measures and plans people take to encounter risks are called risk management.
Accordingly, this chapter consists of two parts:
First, examines risk management and risk management strategies in general.
Second part, examines risk management strategies for ICT rapid development risk.
2.2- Concept of Risk management:
Scholars and researchers involved have been busy for a long time in defining risk due to life complexity and speedy pace of developments that occur in every sector of any modern society of the world. Some say that risk is an event or potential event that influence the success or the failure of organizations( Ricardo et al 2015)
Risk, regardless of type or magnitude, should not be ignored on the hope it will disappear by itself, Management that carries such philosophy, will end up with a great failure. In contrast companies especially those look toward long term profitability should deal effectively with risk or potential risk with all proper and available means.
With little observation and from this student experience it can be noticed that every organization and enterprise ICT included should have a group of competent managers work hard to have positive consequences as a result for their effective risk management or to have a specialized experts or a department whose main function is to manage risk and crises for their organizations benefits while minimizing the loss or the harm resulted from risks.
Reviewed literature showed that risk management’s main function is to address risks attached to organizations’ activities, in an effective and methodical manner. Therefore, risk management focuses on identification and treatment of risk, potential risk and crises that a firm faces. Also, risk management works to maximize the value of organization through risk treatment and contributes significantly in the organization’s success. (Sehrawat 2014).
It has become in business world, as a routine norms that addressing and treating risks are not one day task, rather, risk management is a continuous and renewable ( ITU NEWS 2016). Other experts in the field advise that most senior and competent managers who are able to make risk management part of the organization’s culture and have every employee and manager responsible for the management of risk as part of their job description must lead the risk management department in organizations.. When an organization has effective risk management and effective strategies as a result, employees become accountable, having performance measurement and promoting operational efficiency at all levels (Milne 2012 )
2.3- Risk Management Examples (Evidence)
It is impossible for a company to remove all risk their organization faces or being threaten with, whether these risks exist or potential. It is crucial that management understand and manage the risks properly, skillfully and professionally. Be ready and willing to accept risk challenges in the context of the overall corporate strategy. Theorists and experts in the field recommend organizations to manage risk effectively because there are many approaches to manage risks such as: by the buying of insurance, by using derivative instruments as hedges, by sharing risk with others or by avoiding risky positions altogether or diversification; leverage. (Financial Times 10/28/2016).
There are many examples of risk management; one of the leading organizations in this field is NASA. NASA spends millions of dollars in risk management. One of their investments in this context published a model of international space station showing areas at high risk from impact. Also, the model shows the low impact risk and probability of no impacts. NASA is doing a risk analysis for the International space station in order to address and treat such risk (Risk Mgt. magazine, January 2014).
Risks can come from various sources according to business type, size or type of activity. Matter of fact, organizations face risk from the minute it is established, internal environment risks and external environment risk , even with its products and trade names, for instance, the war among major ICT corporations over patents theft or unauthorized use of intellectual rights by either one of these corporations. Besides that ICT corporations face the threats from project failures at any phase in design, development, production as it happened with Samsung and its smart phone Galaxy 7 or legal liabilities, as it happened recently between Apple sand Samsung and the law suits against Micro Soft in several European countries and many other risks. (Ricardo,et al 2015).
Researchers argue that risk management deals with risks in different way , some concentrate on human factor variables, mental states and decision making, because human resources are main drivers for risk management (Sehrawat 2014).
ICT risk management and risk management strategy relevant literature is very rich and extensive. This study relies heavy in reviewing a certain previous studies in order to achieve its objectives, for example; a study conducted by Mizoguchi Traci (2012) entitled “information Technology risks in today’s environment. Mizoguchi argues that most important items are: todays ICT technology in particular and technology in general is given strategic importance despite these accompanied by risk increase, while other important ele
ments used in dealing with risk such as scrutiny and control have not seen any increase; rather, they suffer from huge deficiencies which leave significant negative impact on organizations. One thing causes readers to be astonished is that, the claim of some scholars in the field that risk can be applied to technology in general not to ICT rapid development risk in particular. (Mizoguchi). That is why these researchers do not add ICT rapid development risk in their classification lists of top ten risks.
2.4 Risk Management Models.
Before developing a model one must define risks of the company and have proper approaches to manage such risks. This means that one must have processes and strategies. Thus a model represents a process used to the existing situation and to act to the risk that threats the situation or the system.( Strategic Plan 2013).
There are countless numbers of models that are used in risk management. I will cite three of these for the purpose of this study:
Valsamakis, Vivian & du Toit(Hulbert 2012)
This model consists of four steps: Starts with risk identification followed by risk evaluation, risk control and risk financing. First step is the most important of all.
Burke’s Model(Strategic Plan 2013)
Consists of: Objectives definition, Risk identification. Risk quantification ,Risk response. All of these come under: Risk control and review and risk management plan. There still many more models in use, however, I used two of these just for example purposes.
2.5- Risk management strategies:
Information technology is increasingly pervasive in modern life in every sector.
ICT risk is a risk related to information technology. This is a relatively new term due to an increasing awareness that information security which is simply one facet of a multitude of risks that are relevant to ICT and the real world processes it supports. (Keen 2012)
A number of methodologies have been developed to deal with this kind of risk alongside adaptations of existing practices to new paradigms including agile risk management.
Peter Lambert (2013-2016) is the editor of an article discussing non confidential information about ICT strategy for the Australian Defense Ministry. What concerns this study is the ICT security risk, whereas lambert dedicated large parts of his report on this issue such as: Defense department has worked in securing multi-level research network. In another place lambert writes, DSTO is working in having” multi-level security systems enabling provisioning from low to very high levels of security “(Lambert). In another place Lambert writes that DSTO has worked on fulfilling a need to manage the growing number “and sophistication of cyber security threats” (Lambert 2016)
Matter of fact, ICT security issue occupies most of his research.
This indicates that the biggest ICT risk Lie in security issues.
And this is exactly what concerns my study.
2.6 Risk communication
Risk communication is a complex cross-disciplinary academic field related to core values of the targeted audiences. Problems for risk communicators involve how to reach the intended audience, to make the risk comprehensible and relatable to other risks, how to pay appropriate respect to the audience's values related to the risk, how to predict the audience's response to the communication, etc. (Douglas 2009)A main goal of risk communication is to improve collective and individual decision making. Risk communication is somewhat related to crisis communication. (Sehrawat 2014)
It is crucial for organization’s survival to have strategies or plans with which it can face risk and threats of risk. The strategy or the plan must deal with each risk the organization has identified. To have a solid or going risk management strategy is one of the most important things management can do for their business. Companies fail all the time, risk management (Strategies) is about being prepared for as many of these adverse events as possible, so that the organization or the enterprise can ride out storms that make its competitors go under. (ITU NEWS 2016)
Risk management strategy can vary widely depending on company’s needs. The strategy should contain a few essential items as authors recommend, every risk manager must prepare a list of individual risk that faces the organization including potential risk, and evaluate such risks from every aspect. In addition, risk manager have to evaluate his organization controls and a plan of action. Manager should be expert, far sighted and leader able to and has problem solving skills and decision making skills. Managers must decide what to do about each risk, Experts recommend that risk managers can use four strategies to combat risks: to avoid, to reduce ,to transfer risk or accept risk..
Constant progress monitoring and control are needed on regular basis (Ricardo et al 2015)
Risk management strategies fall into three broad, overlapping categories:
Board and Management oversight, security problems and legal and reputational risk management. (Milne 2012)are all parts of risk management.
2.7- ICT Risk Management:
Very few who are aware that the main source of ICT risk comes from the well-known saying, “tomorrow’s design is made to day” (Protiviti 2011). This is to large extent is true especially when we see smart phone makers such as Apple, Samsung and others run with all their might to make new versions of smart phones
Without reasonable intervals in production appropriate timing.
Before now-a day complex technology revolution and throughout history we find that businesses were facing risks, some of these were able to manage risks successfully, and others were not. For the sake of this study, an example can be cited which reflect a management of well-known company then and now, ignoring risk, and in the meantime the same company experienced rapid technology development and ignored the risk accompanied such development. The company is Ford Motors. By reviewing their history on their on line archives, one can see that Ford was established by Henry Ford, in 1920s Ford was making and selling one model car T-Bird which comes in one color black. Customers were forced to buy such car because they did not have a choice. Later, when General Motors was opened in Detroit, people left Ford and flocked to buy cars with several colors and models from GM. Ford’s story does not end here , rather, Henry Ford developed car making technology through inventing the assembly line where he was making cars in a massive scale but, with the same mistake ignoring risks that stem from his bad judgment ,that was keep in making T-Bird in one color black. Ford felt the negative risk consequences in 1928 when he was forced to close down his car making plant for two years so as to modify his policies to match those of GM. (Ford. Org. accesd on 20-2-2016)
In another aspect is software industry risk. The software business has long been one of the leading and most innovative industries in most of the developed countries. Software is embedded in nearly everything, from computers and medical equipment to mobile phones and countless other things. What the world notices nowadays is that, software industry continues to evolve very rapidly, and expanding due to innovative new product and service in every sector of life, life in general and IT in particular (Tucker et al 2011).
If we examine the current state of software industry, we see four key trends dominate the industry, among them what concerns this thesis are: “Mobile applications and innovation and product development.” (Tucker et al, 2011)
In regard to mobile application, it is evident that its growth is being driven by the flurry of new platforms and readily available low-cost devices such as smart phones and tablet computers. They are easy to use and constant availabilit
y. No wonder people are changing their mobiles to more modern ones after a short period of using the old one. Matter of fact, some ICT larger organizations such as Microsoft are integrating mobile application to increase productivity within their company and thus, increase their profitability , competitive advantage and wealth. (Tucker et al, 2011).
In regard to innovation and product: the most visible of the new applications, services and platforms on which software is used are SaaS (software as a service) built to the specific requirements of a company, and PaaS (platform as a service) where by customers add their own application to an associated SaaS platform (e.g. sales force application or AppExchange and NetSuite Suite flex). (Tucker et al 2011).
Software risk encompasses the probability of occurrence for uncertain events and their potential for loss within an organization. Risk management has become an important component of software development as organizations continue to implement more applications across a multiple technology, multi-tiered environment. Typically, software risk is viewed as a combination of robustness, performance efficiency, security and transactional risk propagated throughout the system.( Hulbert 2012)., business goals of the enterprise”. Digital risk management is the next evolution in ‘digital risk and security strategies’. (Sehrawat 2014) It is about re-defining corporate governance and ‘digital perpetuation’ and should form part of the digital risk management plan. (Sehrawat 2014).
In a complex technology environment, it is not enough to deal with problems as they become apparent. “Prevention” is a key to experiencing flawless performance and getting the most out of systems, applications, and organization’s development team. (Hulbert 2012). Exposing the not so obvious to weaknesses in an infrastructure by using dependable software risk analysis, solutions ensure the proper identification of: System Vulnerabilities, Compliance Issues, Stability Problems, Efficiency Weaknesses, Performance Degradation, Security Flaws” (Keen 2012)
2.7.1. Risk Classification
The following section include comments by student on how researcher classified risks that face ICT according to risk seriousness and its importance for example on scale from 1 to 10 we see that personal shortfalls comes in the first and unrealistic comes in the second place while there is no mentioning to ICT rapid development risk. That is why this thesis is important; also it will argue that ICT rapid development risk is more serious than wrong software functions and real time performance according to this classification.
Another theorist (Ricardo et al 2015) puts forward another risk classification call it top ten risks the first and the second are Lack of top management commitment to the project, Misunderstanding of the requirements. Without mentioning to ICT rapid development risk
Another top ten of risk classification by Bennett (2003) who puts the top first and second risks as Failure to realize new roles in evolving industry ecosystems, Lack of regulatory certainty on new market structures again he did not mention ICT rapid development. Again this thesis will argue the opposite
By identifying risk types and items, as in the above cited lists, responding to the challenges can be the second step in facing risks and challenges. Through utilizing strategies and plans a manager can combat such risks, mainly through innovation and agility.
Harvard economist Joseph Schumpeter developed a” theory of corporate evolution” linked to the concept of “creative destruction”, highlighting the importance of innovation for long term, sustainable organizational success. Those who fail to consistently innovate (and to successfully monetize this innovation) lose their relevance over time, ultimately becoming an obsolete provider and vanishing.( ITU NEWS 2016)
Relevant literature discusses more than top ten risk classification that “The world appears to be growing increasingly unstable, with an extraordinary number of humanitarian, geopolitical, military and economic crises gripping many regions of the globe. Instant communications is making us more aware of unfolding events and accelerating the flow of information at a pace that creates its own unique challenges and that can, at times, lead to heightened fear and panic.”
In this environment, it would be useful for major communications service providers to develop crisis management plans that not only ensure that their networks stay up and running when calamity hits, but also help speed the ability of their customers to find critical emergency information when they need it most. As far as I can tell, big players such as” AT&T Inc. (NYSE:), Verizon Communications Inc. (NYSE: VZ) and Comcast Corp. (Nasdaq: CMCSA, CMCSK) do not have standing crisis management systems in place to help their customers increase their odds of survival if a major natural or man-made disaster strikes a large city, state or multi-state region”.( Hulbert 2012)
With the trend of targeted cyber-attacks along with the exploitation of common vulnerabilities such as SQL injection, it is clear that the core software infrastructure of several critical industries remains extremely vulnerable.
2.8 information and communications technology: threat risk assessments
The Need for Threat Risk Assessments:
2.8.1 There is an emerging need for organizations to conduct Threat Risk Assessments (TRAs) on their information and communications technology (ICT) infrastructure to identify and deal with threats to their critical systems. While conducting a risk assessment of your critical business infrastructure can be seen simply as good governance, there are many reasons why doing a TRA is a beneficial exercise in the current environment. Among the most pressing motivations for conducting a TRA are: −“ Businesses’ heavy reliance on ICT and their networks; − The potential for weaknesses in complex information networks in their design or implementation; The opportunity for risks to be avoided if they are identified in early design and development, avoiding costly remediation after systems are set to work; Certification of systems or networks containing sensitive or classified information may depend on completing a TRA; and Good governance requiring formal attention to threats to ICT infrastructure.” Information and Communications Technology Threats Broadleaf has conducted a number of TRAs on ICT infrastructure with large organizations. Through the conduct of these assessments, we have found most risks that arise can be grouped under a number of general headings, and that they evolve from a relatively common set of threats. While it is important to maintain an open
mind and adopt an approach that will expose any new threats, we have found there to be a number of recurring threats, which include: The introduction of malicious code; Acts of terrorism; System hardware or software failures; Natural or environmental disasters; Attacks on the system by external networks or hackers; Eavesdropping on the system; and User-initiated issues, either through error or malicious acts.( Strategic Plan 2013)
Software risk management Process Model or Framework Software risk management process models specify stepwise tasks in order to manage risk of the software project. There are variations in” software risk management models which usually centered on the principle and practice of four major processes mentioned before –1) risk identification, 2) risk analysis, 3) risk planning, and 4) risk monitoring and control.” (Sehrawat 2014).
Whilst the software risk management process model in comprises of ” 6 phrases — risk identification, risk analysis, risk planning, risk monitoring and control, risk sign-off and risk post-mortem analysis”.( Milne 2012)
Well known risk
management model or framework includes “Boehm, SEI’s software management model and Kontio’s Riskit methodology”. According to Boehm risk management it consists of two steps –“risk assessment and risk control”. Risk assessment contains risk identification, risk analysis, risk prioritization whereas risk control involves risk management planning,( Milne 2012)
Furthermore, there are risk resolution procedure, and risk monitoring. Riskit argues that it consists of “risk management mandate, goal review, risk identification, risk analysis, risk control planning, risk control and risk monitoring.” In addition, SEI’s software management model, it encompasses “identify, analyze, plan, track, control, and communicate”. (Ricardo et al 2015).
These frameworks also recommend different techniques, for example, identifying risks for software project such as, Boehm recommended risk checklists, decision drivers, assumption analysis, or decomposition. Riskit recommended brainstorming, checklist or benchmarking whereas SEI recommended risk taxonomy questionnaire method. In another aspect, offshore-outsourced software development is gaining popularity because companies are continuously forced to reduce production costs while keeping sustainable competitive strength. However, this trend of software development increases projects’ complexity and brings up risks to the overall project environment. Therefore, risks of offshore software development require to be managed as early as possible for a successful project.. The approach effectively identifies and specifies the goals of a project and the related risk factors. The model at hand is implemented into an ongoing offshore software development project to” (1) identify goals and risk factors from the local context and finally (2) to determine its applicability of the approach in offshore software development projects from a vendor’s perspective.”( Strategic Plan 2013)
2.9 Crisis Management Strategy
Crisis management strategy (CMS) is corporate development strategy designed primarily to prevent crisis for follow-up company advancement. Thus, CMS is synthesis of strategic management. It includes projection of the future based on ongoing monitoring of business internal and external environment, as well as selection and implementation of crisis prevention strategy and operating management. This is including current status control based on ongoing monitoring of the internal and external environment, as well as crisis-coping strategy selection and implementation.(Ricardo et al 2015 )
2.10 Crisis Management Model
Successfully managing a crisis requires an understanding of how to handle a crisis – beginning with before they occur. Alan Hilburg speaks about a crisis arc. The arc consists of crisis avoidance, crisis mitigation and crisis recovery. Gonzalez-Herrero and Pratt found the different phases of Crisis Management.
There are 3 phases in any Crisis Management as shown below
“The diagnosis of the impending trouble or the danger signals, Choosing appropriate Turnaround Strategy, Implementation of the change process and its monitoring” (Hulbert 2012)
There are many prominent risk management standards, models, or guidelines available in literature and practice. Example models are CMMI (RSKM model), Continuous risk management (CRM), ISO/IEC guide, ISO 9000, ISO 9001:2000, Project Management Body of Knowledge (PMBOK), Prince 2, and IEEE (Strategic Plan 2013)
2.11 Crisis Management Planning
No corporation looks forward to facing a situation that causes a significant disruption to their business, especially one that stimulates extensive media coverage. Public scrutiny can result in a negative financial, political, legal and government impact. Crisis management planning deals with providing the best response to a crisis.( Keen 2012)
2.11.1 Contingency planning
Preparing contingency plans in advance, as part of a crisis-management plan, is the first step to ensuring an organization is appropriately prepared for a crisis. Crisis-management teams can rehearse a crisis plan by developing a simulated scenario to use as a drill. The plan should clearly stipulate that the only people to speak to publicly about the crisis are the designated persons, such as the company spokesperson or crisis team members. Ideally it should be one spokesperson who can be available on call at any time. Cooperation with media is crucial in crisis situation, assure that all questions are answered on time and information on what was done to resolve the situation is provided. The first hours after a crisis breaks are the most crucial, so working with speed and efficiency is important, and the plan should indicate how quickly each function should be performed. When preparing to offer a statement externally as well as internally, information should be accurate and transparent. Providing incorrect or manipulated information has a tendency to backfire and will greatly exacerbate the situation. The contingency plan should contain information and guidance that will help decision makers to consider not only the short-term consequences, but the long-term effects of every decision.( ITU NEWS 2016)
2.11.2 Business continuity planning
When a crisis will undoubtedly cause a significant disruption to an organization, a business continuity plan can help minimize the disruption. First, one must identify the critical functions and processes that are necessary to keep the organization running. This part of the planning should be conducted in the earliest stages, and is part of a business impact analysis phase that will signpost “How much does the organization stand to lose?” (Sehrawat 2014). Practical Business Continuity Management. Business Management: Top tips for effective, real-world Business Continuity Management).
Each critical function and or/process must have its own contingency plan in the event that one of the functions/processes ceases or fails, then the business/organization is more resilient, which in itself provides a mechanism to lessen the possibility of having to invoke recovery plans (Osborne, 2007). Testing these contingency plans by rehearsing the required actions in a simulation will allow those involved to become more acutely aware of the possibility of a crisis. As a result, and in the event of an actual crisis, the team members will act more quickly and effectively.
A note of caution when planning training scenarios, all too often simulations can lack ingenuity, an appropriate level of realism and as a consequence potentially lose their training value. This part can be improved by employing external exercise designers who are not part of the organizational culture and are able to test an organizations response to crisis, in order to bring about a crisis of confidence for those who manage vital systems (Ricardo et al 2015).
2.12 Structural-functional systems theory
Providing information to an organization in a time of crisis is critical to effective crisis management. Structural-functional systems theory addresses the intricacies of information networks and levels of command making up organizational communication. The structural-functional theory identifies information flow in organizations as "networks" made up of members ". Information in organizations flow in patterns called networks. (Keen 2012).
2.13 Role of apologies in crisis management
There has been debate about the role of apologies in crisis management, and some argue that apology opens an organization up for possible legal consequences. "However some evidence indicates that compensation and sympathy, two less expensive strategies, are as effective as an apology in shaping people’s perceptions of the organization taking responsibility for the crisis because these strategies focus on the victims’ needs. The sympathy response expresses concern for victims while compensatio
n offers victims something to offset the suffering." ( five leadership competencies which facilitate organizational restructuring during and after a crisis.
“Building an environment of trust, Reforming the organization’s mindset, Identifying obvious and obscure vulnerabilities of the organization, Making wise and rapid decisions as well as taking courageous action, Learning from crisis to effect change.”
Crisis leadership research concludes that leadership action in crisis reflects the competency of an organization, because the test of crisis demonstrates how well the institution’s leadership structure serves the organization’s goals and withstands crisis. Developing effective human resources is vital when building organizational capabilities through crisis management executive leadership.
2.13.1 Unequal human capital theory
James postulates that organizational crisis can result from discrimination lawsuits. James’s theory of unequal human capital and social position derives from economic theories of human and social capital concluding that minority employees receive fewer organizational rewards than those with access to executive management. In a recent study of managers in a Fortune 500 company, race was found to be a predictor of promotion opportunity or lack thereof. Thus, discrimination lawsuits can invite negative stakeholder reaction, damage the company's reputation, and threaten corporate survival.).
2.14 Social media and crisis management
Social media has accelerated the speed that information about a crisis can spread. The viral effect of social networks such as Twitter means that stakeholders can break news faster than traditional media – making managing a crisis harder. This can be mitigated by having the right training and policy in place as well as the right social media monitoring tools to detect signs of a crisis breaking. Social media also gives crisis management teams’ access to real-time information about how a crisis is impacting stakeholder sentiment and the issues that are of most concern to them.
The crisis management mantra of Lanny Davis, former counsellor to Bill Clinton is to “Tell it Early, Tell it All, Tell it yourself”. A strategy employed at the Clinton White House 1996 – 1998, to any breaking (Keen 2012).
The following are briefly cited for their importance in a firm’s business and their vital role to either cause risks or to treat risk effectively.
2.15- Acquisition and Merger:
Nowadays companies operate in an environment that is characterized by cut throat competition, greed and profitability. In order to achieve these objectives companies resort to many means, mostly unethical. Some of these are acquisition and merger. It is buying a company or taking over a company by another for the purpose of creating shareholder value above that of the sum of two companies. However, strong companies buy other companies to have a more competitive and cost efficient company, as Micro Soft does. Although merger and acquisition look like the same, however, they are slightly different. As literature clarifies, when one company takes over another purchased is called acquisition. From the legal point the purchased company ceases to exist (Sehrawat 2014).
A merger takes place when two firms often the same size agrees to become a one company. As a result the two companies stock is surrendered and a new stock is issued. One of good examples of a merger is Daimler-Benz and Chrysler merged and a new company has been created DaimlerChrysler. Mergers are several types but their overall goals are; Staff reduction, and cost cut, economies of scale. Acquiring new technology and improved market reach. One final thought is that, acquisitions can be friendly and can be hostile.( Sehrawat 2014).
2.16-Research and Development (R&D).
Every company seeks to improve its products and procedures through a variety of means and approaches. Some of these research and development- after consumers goods- smart telephones and its applications are the most sectors that are subjected to research and development. R& D
Research and Development can be basic: Companies conduct such research to be as a first step to obtain knowledge and understanding of fundamental concept or aspect. The other type of research and development is applied towards developing products or organizational policies and processes related to operations. Furthermore, certain researchers define Research and Development as a component of innovation. Innovation builds on R&D
2.17- Copy Rights and Trade Secrets
Trade secrets are used when organization’s manufacturing processes or inventions cannot be patented. Thus, trade secrets are utilized to protect such processes and inventions. In addition, trade secrets deal with inventions that meet the patentability criteria and the management like such inventions to be protected by trade secret. There are several advantages of trade secrets; It is not limited in time. While patents have limited validity duration which extends up to 20 years. Thus when a trade secret remains a secret, it may continue indefinitely. Companies save money because trade secrets do not carry registration cost, as the case of patents.
Company is under no obligation to disclose information about trade secrets to any party including government authority.
There are serious risk accompany trade secret, that is in case of competitors discover that trade secret automatically they have the right to use and even claim ownership over it. In contrast, patent and utility models provide protection, but not trade secrets. Matter of fact when trade secret becomes public any one can use it ,a trade secret is very hard to enforce.
2.18- Conclusion:
The aforementioned reviewed literature shows briefly risk management in general and risk management strategy of ICT rapid development risk in particular including the top ten risks of software and ICT in special. Unfortunately, nothing of the cited information reveals the subject of this thesis namely risk management strategy to minimize the effect of ICT rapid development risk. I do believe this makes this study a unique one. Through empirical work which is detailed in chapter four. This thesis will prove that rapid ICT development constitutes a risk, and there must be a risk management strategy to deal with such risk.
References
– Australian government department of defense, defense science and technology organization. Information Management & Technology (IM&T) Strategic Plan 2013-2016 , science and technology for safeguarding Australia Peter Lambertdas
– Hulbert, M. (2012), “BP’s Political Risk Problem in Russia: Who is in Charge”, Forbes, No. 9, http://www.forbes.com/sites/matthewhulbert/2012/09/24/bps-political-risk-problem-in-russia-who-is-incharge/
– ITU News, measuring ICT development: new trends, new challenges, www.lstelcom.com Hiroshima, Japan 2016
– Kaplan, R. S., and Mikes, A. (2012), “Managing Risks: A New Framework”, Harvard Business Review, No. 6, pp. 27-30
– Keen, A. (2012), “Software is King in an Industrial Re-birth”, Financial Times, No. 11, http://www.ft.com/cms/s/0/c0f20ba8-1464-11e2-8cf2-00144feabdc0.html#axzz2BSIsWpjU
– Milne, R. (2012), “Bright Spots Show It Is Not All Bad AT Nokia”, Financial Times, No. 11, http://www.ft.com/cms/s/0/f7158fca-242c-11e2-9509-00144feabdc0.html#axzz2Bq8ZycHt
– Milne, R. (2012), “Case Study: Nokia Seeks Better Connection in Survival Fight”, Financial Times, No. 9, http://www.ft.com/cms/s/0/5d1958f2-f678-
– Milne, R. (2012), “Nokia Looks to Sell HQ to Raise Cash”, Financial Times, No. 10, http://www.ft.com/cms/s/0/6166627a-0d56-11e2-99a1-00144feabdc0.html#axzz2BHDpS8rF
– Protiviti Inc. 2011, Guide to enterprise risk management, United State.
– Ricardo et al 2015, Suspended sediments limit cor
al sperm availability, Scientific Reports 5, Article number: 18084
– Risk management strategy, Financial Times 2016
– Sandeep Sehrawat 2014, risk management strategies in large telecom companies: with special reference to Nokia iracst – International Journal of Commerce, Business and Management (IJCBM), ISSN: 2319–2828 Vol. 3, No.6, December 2014
– Traci Mizuguchi, (Information Technology Risks in Today’s Environment) Deloitte & Touché LLP (No Year)
– Tucker et al, a profile of software industry risk, Protiviti inc. 2011
– Caroline McDonald, January 2014, Year in Risk, Risk Mgt. magazine.
– IT risk management strategy, Risk Mgt. magazine, January 2014
– Mackenzie Weinger, 10/28/2016, Risk Management, Financial Times.