Abstract
Rapid changes in the business environment have created opportunities and challenges. Businesses need to be more responsive to competitive environments and customers’ requirements. Business agility involves implementing agile practices across organizational functions. Agile processes are especially critical in IT Service Management (ITSM). When agile processes are implemented to meet changing business and customer demands in ITSM environments, the speed and leanness characterizing agile practices often lead to agile practices not always explicitly addressing all underlying risks. Customer demands for fast solutions often means that risks are not attended to with necessary thoroughness. Some risks are not apparent and these concealed risks need to be revealed and managed. The failure to completely address risks involves errors of commission and errors of omission. Coupling agile business, agile systems development, and agile ITSM practices with effective risk management approaches within the agile framework is a suggested approach to manage risk in this evolving environment.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abrahamsen EB, Selvik JT, Engemann KJ (2020) Definition of reliability and maintenance concepts in oil and gas—validity aspects. Saf Reliab 39(2):134–164
Agarwal N, Rathod U (2006) Defining ‘success’ for software projects: an exploratory revelation. Int J Proj Manag 24(4):358–370
Alahyari H, Gorschek T, Svensson RB (2019) An exploratory study of waste in software development organizations using agile or lean approaches: a multiple case study at 14 organizations. Inf Softw Technol 105:78–94
Alkhalil Z, Hewage C, Nawaf L, Khan I (2021) Phishing attacks: a recent comprehensive study and a new anatomy. Front Comput Sci 3:563060
Assmuth T, Hildén M, Benighaus C (2010) Integrated risk assessment and risk governance as socio-political phenomena: a synthetic view of the challenges. Sci Total Environ 408(18):3943–3953. https://doi.org/10.1016/j.scitotenv.2009.11.034
Augustine S, Payne B, Sencindiver F, Woodcock S (2005) Agile project management: steering from the edges. Commun ACM 48(12):85–89
Bamiah MA, Brohi SN (2011) Seven deadly threats and vulnerabilities in cloud computing. Int J Adv Eng Sci Technol 9(1):87–90
Barke H, Prechelt L (2019) Role clarity deficiencies can wreck agile teams. PeerJ Comput Sci 5:e241
Bechtel J, Kaufmann C, Kock A (2021) Agile projects in nonagile portfolios: how project portfolio contingencies constrain agile projects’ teamwork quality. IEEE Trans Eng Manag 69:3514–3528
Beck K, Beedle M, Bennekum AV, Cockburn A, Cunningham W, Fowler M, Grenning J et al (2001) Manifesto for agile software development. https://agilemanifesto.org/. Accessed 21 July 2022
Blankenship LV, Miles RE (1968) Organizational structure and managerial decision behavior. Adm Sci Q, 106–120
Boddy D, Gunson N (2021) Organizations in the network age. Routledge, Abingdon
Boehm B, Turner R (2003) Using risk to balance agile and plan-driven methods. IEEE Comput 36(6):57–66
Bouwman H, Heikkilä J, Heikkilä M, Leopold C, Haaker T (2018) Achieving agility using business model stress testing. Electron Mark 28(2):149–162
Brosseau D, Ebrahim S, Handscomb C, Thaker S (2019) The journey to an agile organization. McKinsey & Company, Chicago
Buganová K, Šimíčková J (2019) Risk management in traditional and agile project management. Transport Res Procedia 40:986–993. https://doi.org/10.1016/j.trpro.2019.07.138
Cetinkaya A, Ishii H, Hayakawa T (2019) An overview on denial-of-service attacks in control systems: attack models and security analyses. Entropy 21(2):210
Charitou CD, Markides CC (2003) Responses to disruptive strategic innovation. MIT Sloan Manag Rev 44(2):55-63A
Crăciun AM (2018) Threats and risks to telecommunications systems. Int J Inf Secur Cybercrime (IJISC) 7(1):23–31
Daft RL (2020) Organization theory & design. Cengage Learning, Boston
Dalton DR, Todor WD, Spendolini MJ, Fielding GJ, Porter LW (1980) Organization structure and performance: a critical review. Acad Manag Rev 5(1):49–64
de Laat K (2022) Remote work and post-bureaucracy: unintended consequences of work design for gender inequality. ILR Rev 76:135–159
Demirbag M, Glaister KW (2010) Factors determining offshore location choice for R&D projects: a comparative study of developed and emerging regions. J Manag Stud 47(8):1534–1560
Dey PK, Kinch J, Ogunlana SO (2007) Managing risk in software development projects: a case study. Ind Manag Data Syst 107(2):284–303
Dhillon G, Backhouse J (2001) Current directions in IS security research: towards socio-organizational perspectives. Inf Syst J 11(2):127–153
Dingsøyr T, Petit Y (2021) Managing layers of risk: Uncertainty in large development programs combining agile software development and traditional project management. In: Engemann KJ, O’Connor RV (eds) Project risk management: managing software development risk. De Gruyter Oldenbourg, Berlin, pp 75–96. https://doi.org/10.1515/9783110652321-005
Dönmez D, Grote G (2018) Two sides of the same coin—how agile software development teams approach uncertainty as threats and opportunities. Inf Softw Technol 93:94–111. https://doi.org/10.1016/j.infsof.2017.08.015
Drucker PF (2017) The theory of the business (Harvard business review classics). Harvard Business Press, Boston
Elbanna A, Sarker S (2015) The risks of agile software development: learning from adopters. IEEE Softw 33(5):72–79
Engemann KJ (2019) Emerging developments in organizational risk. Contin Resil Rev 1(1):26–35
Engemann KJ (2018) The routledge companion to risk crisis and security in business. Routledge, New York
Engemann KN, Engemann K (2022) J, Integrating dynamic modeling solutions towards a resilience model. In: Engemann KN, Engemann KJ, Scott C (eds) Organizational risk management: managing for uncertainty and ambiguity. DeGruyter, Berlin, pp 97–110
Engemann KN, Engemann KJ (2017) Risk attitude chain: safety climate, risk attitude and risk decisions. Int J Bus Contin Risk Manag V7N(3):211–221
Engemann KJ, Henderson DM (2012) Business continuity and risk management: essentials of organizational resilience. Rothstein Associates, Brookfield
Engemann KJ, Miller HE (2022) Taking comfort in decisions: implications in a pandemic. Intell Decis Technol Int J 16(1):217–229
Engemann KJ, Miller HE (2017) Precautionary principle and attitudinal decision making. Fuzzy Econ Rev 22(1):3–18
Engemann KJ, Miller HE (2015) Risk strategy and attitude sensitivity. Cybern Syst 46(3):188–206
Engemann KJ, Miller HE (2009) Critical infrastructure and smart technology risk modelling using computational intelligence. Int J Bus Contin Risk Manag 1(1):91–111
Engemann KJ, Yager RR (2018) Comfort decision modeling. Int J Uncertain Fuzziness Knowl-Based Sys 26(Suppl. 1):141–163
Engemann KJ, Miller HE, Yager RR (2005) Disaster management of information resources using fuzzy and attitudinal modeling. Int J Technol Policy Manag 5(4):388–406
Engemann KJ, Miller HE, Yager RR (2004) Decision making with attitudinal based expected values. Int J Technol Policy Manag 4(4):353–365
Engemann KJ, Miller HE, Yager RR (2003) Using the language of summarizing statistics in dynamic decisions. Int J Technol Policy Manag 3(3):322–342
Fogarty A, Edgeworth A, Smith O, Dowling M, Yilmaz M, MacMahon ST, Clarke P (2020) Agile software development—do we really calculate the costs? A multivocal literature review. In: European conference on software process improvement. Springer, Cham, pp 203–219
Fournier S, Srinivasan S, Marrinan P (2021) Turning socio-political risk to your brand’s advantage. Nim Mark Intell Rev 13(2):18–25. https://doi.org/10.2478/nimmir-2021-0012
Gawer A, Srnicek N (2021) Online platforms: economic and societal effects
Ghafir I, Saleem J, Hammoudeh M, Faour H, Prenosil V, Jaf S et al (2018) Security threats to critical infrastructure: the human factor. J Supercomput 74(10):4986–5002
Ghobadi S, Mathiassen L (2017) Risks to effective knowledge sharing in agile software teams: a model for assessing and mitigating risks. Inf Syst J 27(6):1350–1917. https://doi.org/10.1111/isj.12117
Groysberg B, Lee J, Price J, Cheng J (2018) The leader’s guide to corporate culture. Harv Bus Rev 96(1):44–52
Gupta M, George JF, Xia W (2019) Relationships between IT department culture and agile software development practices: an empirical investigation. Int J Inf Manag 44:13–24
Hammer J (2018) The billion-dollar bank job. The New York Times Magazine, 43-L
Han W, Huang S (2007) An empirical analysis of risk components and performance on software projects. J Syst Softw 80(1):42–50
Harmsen F, Brand M, Hillegersberg J, Aydin MN (2007) Agile methods for offshore information systems development. In: First information systems workshop on global sourcing: services, knowledge and innovation, pp 1–20
Hassani B, Hassani BK (2016) Scenario analysis in risk management. Springer, Berlin
Hazhirpasand M, Ghafari M (2021) Worrisome patterns in developers: a survey in cryptography. In: 2021 36th IEEE/ACM international conference on automated software engineering workshops (ASEW). IEEE, pp 185–190
Henningsson S, Kettinger WJ (2016) Understanding information systems integration deficiencies in mergers and acquisitions: a configurational perspective. J Manag Inf Syst 33(4):942–977. https://doi.org/10.1080/07421222.2016.126751
Indumini U, Vasanthapriyan S (2018) Knowledge management in agile software development—a literature review. In: 2018 National information technology conference (NITC). IEEE, pp 1–7
ISO/IEC (2008) ISO/IEC 12207—systems and software engineering-software - life cycle processes. International Organization for Standardization, Geneva
ISO/IEC (2011) ISO/IEC TR 29110-5-1-2 Software engineering—lifecycle profiles for very small entities (VSEs) part 5-1-2: management and engineering guide: generic profile group: basic profile. International Organization for Standardization, Geneva
ISO/IEC (2022) ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection—guidance on managing information security risks. International Organization for Standardization, Geneva
Ivanova IA, Pulyaeva VN, Vlasenko LV, Gibadullin AA, Sadriddinov MI (2019) Digitalization of organizations: current issues, managerial challenges and socio-economic risks. J Phys: Conf Ser 1399(3):033038
Jalonen H (2011) The uncertainty of innovation: a systematic review of the literature. J Manag Res 4(1):1–47
Kaplan RS, Mikes A (2012) Managing risks: a new framework. Harv Bus Rev 90(6):48–60
Kaplan SM (2009) Smart grid. Electrical power transmission: background and policy issues. The Capital.Net, Government Series
Kapoor KK, Tamilmani K, Rana NP, Patil P, Dwivedi YK, Nerur S (2018) Advances in social media research: past, present and future. Inf Syst Front 20(3):531–558
Khalil C, Khalil S (2020) Exploring knowledge management in agile software development organizations. Int Entrep Manag J 16(2):555–569
Kliem R (2004) Managing the risks of offshore IT development projects. Inf Syst Manag 21(3):22–27
Kroener I, Barnard-Wills D, Muraszkiewicz J (2021) Agile ethics: an iterative and flexible approach to assessing ethical, legal and social issues in the agile development of crisis management information systems. Ethics Inf Technol 23:7–18. https://doi.org/10.1007/s10676-019-09501-6
Kula E, Greuter E, Van Deursen A, Georgios G (2021) Factors affecting on-time delivery in large-scale agile software development. IEEE Trans Softw Eng 48:3573–3592
Lal A, Erondu NA, Heymann DL, Gitahi G, Yates R (2021) Fragmented health systems in COVID-19: rectifying the misalignment between global health security and universal health coverage. The Lancet 397(10268):61–67
Lawrence A (2021) Annual outage analysis 2021: the causes and impacts of data center outages. Uptime Institute
Leffingwell D (2015) SAFe—scaled agile framework. Retrieved from http://www.scaledagileframework.com/
Luong TT, Sivarajah U, Weerakkody V (2021) Do agile managed information systems projects fail due to a lack of emotional intelligence? Inf Syst Front 23:415–433. https://doi.org/10.1007/s10796-019-09962-6
Lynn R (2022) Disadvantages of agile, plainview. https://www.planview.com/resources/articles/disadvantages-agile/. Accessed 6 Apr 2022
Maigida AM, Abdulhamid SIM, Olalere M, Alhassan JK, Chiroma H, Dada EG (2019) Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms. J Reliab Intell Environ 5(2):67–89
Marques R, Costa G, Silva M, Gonçalves P (2017) A survey of failures in the software development process. In: Proceedings of the 25th European conference on information systems (ECIS), pp 2445–2459
McKinsey & Company (2018) The five trademarks of agile organizations. McKinsey & Company research report. https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/the-five-trademarks-of-agile-organizations. Accessed 6 Apr 2022
Miao Y, Chen C, Pan L, Han QL, Zhang J, Xiang Y (2021) Machine learning–based cyber-attacks targeting on controlled information: a survey. ACM Comput Surv (CSUR) 54(7):1–36
Miller HE, Engemann KJ (2019a) Business continuity management in data center environments. Int J Inf Technol Syst Approach 12(1):52–72
Miller HE, Engemann KJ (2019b) The precautionary principle and unintended consequences. Kybernetes 48(2):265–286
Miller HE, Engemann KJ (2015) Threats to the electric grid and the impact on organizational resilience. Int J Bus Contin Risk Manag 6(1):1–16
Miller HE, Engemann KJ, Yager RR (2006) Disaster planning and management. Commun Int Inf Manag Assoc 6(2):25–36
Minder R (2022) Iʼm old, not an idiot—one manʼs protest gets attention of Spanish banks. New York Times, (March 25). https://www.nytimes.com/2022/03/25/world/europe/spanish-banks-protest-carlos-san-juan-de-laorden.html. Accessed 7 Apr 2022
Mintzberg H (1990) The design school: reconsidering the basic premises of strategic management. Strateg Manag J 11(3):171–195
Mora M, Marx Gomez J, Reyes-Delgado PY, Adelakun O (2022) An integrative agile ITSM framework of tenets and practices—its design and exploratory utilization. J Org Comput Electron Commer 32:1–31
Mora M, Wang F, Gómez JM, Díaz O (2019) A comparative review on the agile tenets in the IT service management and the software engineering domains. In: International conference on software process improvement. Springer, Cham, pp 102–115
Mora M, Marx-Gomez J, Wang F, Diaz O (2021) Agile IT service management frameworks and standards: a review. Adv Softw Eng Educ e-Learn 921–936
Mora M, Wang F, Phillips-Wren G, Marx Gómez J (2021b) The role of DMSS analytics tools in software project risk management. In: Engemann KJ, O’Connor RV (eds) Project risk management: managing software development risk. De Gruyter Oldenbourg, Berlin, pp 49–74
Nelson CR (2008) Explicit risk management in agile processes. In: Abrahmasson P, Baskerville R, Conboy K, Fitzgerald B, Morgan L, Wang X (eds) Agile processes in software engineering and extreme programming. Springer, Berlin, pp 190–201
NIST (2012) Guide for conducting risk assessments—NIST special publication 800-30 R1. National Institute of Standards and Technology, Gaithersburg
O’Connor RV, Duchonova N (2014) Assessing the value of an agile coach in agile method adoption. In: Barafort B, O’Connor RV, Poth A, Messnarz R (eds) Systems, software and services process improvement, vol 425. Springer, Berlin, pp 135–146
Odzaly EE, Des Greer DS (2014) Lightweight risk management in agile projects. In: Paper presented at the 26th software engineering knowledge engineering conference, Vancouver, Canada
Pavlič L, Heričko M (2018) Agile coaching: the knowledge management perspective. In: Uden L, Hadzima B, Ting I-H (eds) Knowledge management in organizations, communications in computer and information science. Springer, Berlin, pp 60–70
Peixoto M, Silva C, Lima R, Araújo J, Gorschek T, Silva J (2019) PCM tool: privacy requirements specification in agile software development. In: Anais Estendidos do X Congresso Brasileiro de Software: Teoria e Prática. SBC, pp 108–113
Rigby DK (2020) How to focus your agile teams on the right problems. https://www.bain.com/insights/designing-agile-missions/. Accessed 6 Apr 2022
Rigby DK, Sutherland J, Noble A (2018) Agile at scale. Harv Bus Rev 96(3):88–96
Rodríguez G, Soria Á, Campo M (2016) Measuring the impact of agile coaching on students’ performance. IEEE Trans Educ 59(3):202–209
Röell C, Osabutey E, Rodgers P, Arndt F, Khane Z, Tarbag S (2022) Managing socio-political risk at the subnational level: lessons from MNE subsidiaries in Indonesia. J World Bus 57(3):2022. https://doi.org/10.1016/j.jwb.2022.101312,(AccessedNovember30
Ropponen J, Lyytinen K (2000) Components of software development risk: How to address them? A project manager survey. IEEE Trans Softw Eng 26(2):98–112
Rounaghi MM (2019) Economic analysis of using green accounting and environmental accounting to identify environmental costs and sustainability indicators. Int J Ethics Syst 35:504–512
Sánchez-Gordón M, Colomo-Palacios R (2021) Managing software development risk: Risks of introducing the role of agile coach—a multivocal literature review. In: Engemann KJ, O’Connor RV (eds) Project risk management: managing software development risk. De Gruyter Oldenbourg, Berlin, pp 25–48
Sarker S, Sarker S (2009) Exploring agility in distributed information systems development teams: an interpretive study in an offshoring context. Inf Syst Res 20(3):440–461. https://doi.org/10.1287/isre.1090.0241
Schmitz K, Mahapatra R, Nerur S (2018) User engagement in the era of hybrid agile methodology. IEEE Softw 36(4):32–40
Shaikh S, Abro S (2019) Comparison of traditional & agile software development methodology: a short survey. Int J Softw Eng Comput Syst 5(2):1–14
Shameem M, Chandra B, Kumar RR, Kumar C (2018) A systematic literature review to identify human related challenges in globally distributed agile software development: towards a hypothetical model for scaling agile methodologies. In: 2018 4th international conference on computing communication and automation (ICCCA). IEEE, pp 1–7
Shrivastava SV, Rathod U (2015) Categorization of risk factors for distributed agile projects. Inf Softw Technol 58:373–387
Simon HA (1979) Rational decision making in business organizations. Am Econ Rev 69(4):493–513
Solinski A, Petersen K (2016) Prioritizing agile benefits and limitations in relation to practice usage. Softw Qual J 24(2):447–482. https://doi.org/10.1007/s11219-014-9253-3
Stratman JK (2008) Facilitating offshoring with enterprise technologies: reducing operational friction in the governance and production of services. J Oper Manag 26(2):275–287
Sutherland J, Schwaber K (2017) The scrum guide - The definitive guide to scrum: the rules of the game. Document online at http://www.scrum.org
Tavares B, da Silva CES, de Souza A (2019) Practices to improve risk management in agile projects. Int J Softw Eng Knowl Eng 29(03):381–399
Tiwana A, Keil M (2004) The one-minute risk assessment tool. Commun ACM 47(11):73–77
Trziszka M (2019) Agile management methods in an enterprise based on cloud computing. In: International conference on applied human factors and ergonomics. Springer, Cham, pp 122–129
Tuunanen T, Vartiainen T, Ebrahim M, Liang M (2015) Continuous requirements risk profiling in information systems development. In: Paper presented at the 48th international conference on system sciences, Hawaii
Uludag Ö, Kleehaus M, Caprano C, Matthes F (2018) Identifying and structuring challenges in large-scale agile development based on a structured literature review. In: 2018 IEEE 22nd international enterprise distributed object computing conference (EDOC), pp 191–97
Verlaine B (2017) Toward an agile IT service management framework. Serv Sci 9(4):263–274
Vikberg T, Vihavainen A, Luukkainen M, Kurhila J (2013) Early Start in software coaching. In: Baumeister H, Weber B (eds) Agile processes in software engineering and extreme programming. Lecture notes in business information processing. Springer, Berlin, pp 16–30
Walczak W, Kuchta D (2013) Risks Characteristic of agile project management methodologies and responses to them. Oper Res Decis 23(4):75–95. https://doi.org/10.5277/ord130406
Weng H, Ji S, Duan F, Li Z, Chen J, He Q, Wang T (2019) Cats: cross-platform e-commerce fraud detection. In: 2019 IEEE 35th international conference on data engineering (ICDE). IEEE, pp 1874–1885
Wright G, Cairns G, O’Brien FA, Goodwin P (2019) Scenario analysis to support decision making in addressing wicked problems: pitfalls and potential. Eur J Oper Res 278(1):3–19
Zanen LV (2019) Unintended consequences of innovations (Doctoral dissertation, University of Groningen. Faculty of Economics and Business)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Engemann, K.J., Miller, H.E. Toward revealing concealed risks for agile IT service management practices. Inf Syst E-Bus Manage (2024). https://doi.org/10.1007/s10257-023-00666-8
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10257-023-00666-8