Information Systems Outsourcing

Software development projects are in need to graft external expertise and knowledge for multiple reasons and under different governance arrangements. The classic outsourcing literature focuses on integrating such knowledge under conditions where a single application is built by an outside vendor under a detailed contract dictating the process, outcomes and governance of such undertaking. In such a situation the client articulates and shares the entire business logic and system requirements of the application to be built with the vendor as dictated by the mutual contract. The growing popularity of deploying a modular micro-service architecture (MSA) questions some assumptions that underlie the classical software development outsourcing model and its governance. While under MSA software developers on the client and vendor side may continue to work on the core business logic of the whole application, multiple microservices will be outsourced from third-party vendors. Transitioning to MSA and sourcing from multiple vendors with short engagement cycles and under arms-length arrangements introduces new levels of complexity to outsourcing governance. This calls for introducing new governance logics and arrangements, new types of organizing and monitoring of software development teams, and addressing new types of risks introduced by microservice architecture and its stronger coupling with commercial service stacks (such as AWS). We introduce a granular, three-layered outsourcing model to analyze make-or-buy decisions when MSA is deployed and seek to understand its benefits and risks while establishing outsourcing arrangements. In conclusion, we identify outsourcing research challenges introduced by the growing use of MSA in software development.

For the last 50 years, IT researchers have investigated IT governance; the apparatus of structure, processes, and relational capabilities needed to ensure expected benefits are generated from IT resources. This include looking at the structure of IT departments, the use of outsourcing, the role of overseers, etc. Notwithstanding accumulated knowledge, IT governance as an object of study is changing and this is challenging our understanding of governance. Recent changes in the environment have created a context where an increasingly large part of the decisions related to IT governance are now made by instances outside the firm. These changes include outsourcing, offshoring, growth of platforms, IT services evolution, as well as new regulations and standards. We argue that focusing on governance structures may lead to being concerned with only a small portion of the IT resources used by an organization. In contrast, a focus on governance processes is likely to offer a broader reach for governance purposes.

A void exists in information systems (IS) sourcing research: Organizations increasingly source data for varied purposes, but IS sourcing literature has not focused on data sourcing nor sourcing partnerships. We examine some of the implicit views in the IS literature regarding data that have not yet been well articulated. Exploring these views in terms of data sourcing arrangements offers future research opportunities.

Companies must drive innovation to stay competitive in today’s fast-changing and highly competitive environment. Therefore, they do also involve their outsourcing vendors as strategic partner for innovation. While recently at least some studies have examined innovation-oriented outsourcing partnerships and their outcomes, almost no research has yet focused on the innovation-related actions from an outsourcing vendor’s perspective. Our paper explores what kind of initiatives outsourcing vendors implement to create innovation for their customers. It analyzes a unique dataset of more than 830 innovation initiatives, as reported by global outsourcing vendor firms. The analysis identifies 22 different types of innovation initiatives, which are clustered into six different dimensions. Using these results plus nine interviews with outsourcing experts, we have developed a categorization model which allows for categorizing innovation-related vendor initiatives and provides a basis for evaluating the strategic importance of each category for firms searching for or evaluating an outsourcing vendor.

Innovation ecosystems are becoming increasingly important for the co-creation and modification of digital innovation by different and often competing organizational actors. However, how innovation ecosystems emerge between such organizational actors is yet unknown. This article addresses this gap by exploring how central organizational actors create innovation ecosystems, and how and why these innovation ecosystems emerge over time and through the interplay of all involved organizational actors that pursue both common (i.e., cooperate) and own goals (i.e., compete). To answer these questions, we opted for a single-case study of a large software development project, initiated by a major logistics company and implemented in collaboration with its independent IT department, six software vendors, and some field experts. This unique constellation with different coopeting (i.e., simultaneously cooperating and competing) organizational actors is particularly well suited to answer our research questions. Our results show that central organizational actors can create the basic structure and procedures of an innovation ecosystem. However, for an innovation ecosystem to progress in its emergence, central organizational actors need to stabilize the basic structure, while all other organizational actors need to help refine the basic procedures. The better adapted the structure and the procedures, the better organizational actors can exploit them to materialize coherent and customer-oriented digital innovation. We present our findings as a three-phase process model of innovation ecosystem emergence, in which innovation agency is distributed and redistributed among the organizational actors. Our findings have important implications for the literature on innovation ecosystems, the coopetition paradox, and digital innovation.

Software maintenance eats up the lion’s share of corporate software expenses, and many organizations attempt to reduce these costs through outsourcing and offshoring. A key challenge in these initiatives is to transfer knowledge to the new service delivery unit (a vendor or a captive center). Even though knowledge transfer plays a key role across theoretical perspectives in sourcing research (such as transaction cost economics, knowledge-based perspectives, and social perspectives), we know surprisingly little about what knowledge is most critical and through what mechanisms this knowledge is transferred in software maintenance outsourcing and offshoring. Insights from a multiple-case study of five knowledge transfers at a Swiss bank suggest that the most critical knowledge is software knowledge and that software knowledge is transferred through guided learning tasks. Software knowledge (i.e., knowledge about the application software, including its structure, functionality and behavior) is most critical because it allows engineers to cope with the cognitive burden imposed by enormous amounts of code, data, and documents. While engineers in settings of low knowledge specificity may possess sufficient software knowledge from the beginning, engineers in settings of high knowledge specificity acquire this knowledge through a series of guided learning tasks, i.e., by working on real or realistic maintenance tasks while receiving direction and task-specific information from experts. Our study adds to the emerging literature on transitions and offers important implications for the discourses on transaction cost economics and on knowledge-based perspectives in sourcing research.

Today’s IT service suppliers increasingly need to acquire “cultural intelligence”, or the ability to operate in a culturally-diverse environment. Based on an interview-based, qualitative case study of one of the largest IT service suppliers in China, this study explores how the offshore IT service supplier develops cultural intelligence through interaction with a portfolio of clients with diverse cultural backgrounds. Drawing on the dynamic constructivist view of culture, the study adapts the concept of cultural frame to define a set of shared interpretive schemes and practices that enable the supplier to make sense of and respond to clients from different cultures. During repeated client-supplier interaction, supplier employees’ cultural frames are continuously enacted, aligned and realigned, and eventually institutionalized into a set of cultural structures and artifacts. This emergence and embedding process is both facilitated by, and in turn enhances, the supplier’s firm-level cultural intelligence.

This chapter examines competing welfare and market logics in impact sourcing. Impact sourcing is an emerging trend in the global outsourcing industry that aims to contribute to the welfare of marginalised people by providing employment opportunities in outsourcing centres. Drawing on the concepts of institutional logics this paper presents a case study of a USA based IT outsourcing vendor “AlphaCorp” practising impact sourcing in a Pakistan subsidiary. The findings show that in cases where actors are located in diverse institutional contexts, competing interests determine the respective priority given to the welfare and market logics. Multiple responses to the competing logics are identified and we offer a conceptualisation of “enclaves” of competing institutional logics in impact sourcing.

Cloud computing is a fundamental shift in the way computing power is acquired and consumed. It is a special case of IS outsourcing where some IT-related tasks and resources are outsourced to cloud vendors. Cloud computing confers unique capabilities such as heterogeneity, scalability, accessibility, availability, consumption based pricing, fully managed and standardized services on the adopting organizations. These capabilities in-turn result in several strategic and operational benefits to the adopting organizations. However, these capabilities are not leveraged by all adopting firms uniformly. Firms utilize these capabilities based on their orientation towards exploration and exploitation. While SMEs are more aligned towards exploratory activities, large enterprises are inclined towards exploitation. Therefore, we posit that the SMEs and large enterprises accrue differential benefits from cloud adoption such that SMEs leverage cloud to attain strategic benefits and large enterprises seek operational benefits from cloud adoption. Through a survey based exploratory study we found that there is a systematic difference between SMEs and large enterprises in the way they leverage cloud capabilities. Based on the results, we deduce that managers of SMEs believe that they can use cloud computing for exploration and on the contrary, managers of large enterprises believe that they can use cloud computing for exploitation.

The shift from on-premise to cloud enterprise software has fundamentally changed the interactions between software vendors and users. Since enterprise software users are now working directly on an infrastructure that is provided or monitored by the software vendor, enterprise cloud software providers are technically able to measure nearly every interaction of each individual user with their cloud products. The novel insights into actual usage that can thereby be gained provide an opportunity for requirements engineering to improve and effectively extend enterprise cloud products while they are being used. Even though academic literature has been proposing ideas and conceptualizations of leveraging usage data in requirements engineering for nearly a decade, there are no functioning prototypes that implement such ideas. Drawing on an exploratory case study at one of the world’s leading cloud software vendors, we conceptualize an Action Design Research project that fills this gap. The project aims to establish a software prototype that supports requirements engineering activities to incrementally improve enterprise cloud software in the post-delivery phase based on actual usage data.

This study seeks to explain the perplexing phenomenon that many software outsourcing projects drift, i.e., they enter into a creeping process of targeting emergent goals often at the expense of losing sight of initial goals. Such drift is difficult to reconcile with the traditional logic of control found in the literature. According to this logic, clients should be able to ensure goal achievement through close monitoring. If drift occurs despite rigid control, this suggests that within the control process forces are at work that divert controls from their initial objectives. To better understand these forces in the control process and how they relate to drift, we contrast the logic of control with concepts and assumptions from actor-network theory (ANT). ANT allows us to understand the process of designing, enacting, and adapting controls as one of creating and changing actor-networks. Our longitudinal case study of four software outsourcing projects reveals that drift processes differ depending on three interconnected changes in the actor-networks, i.e., changes in who partakes in the (re-) negotiation of control mechanisms, what specific control mechanisms are (re-) defined, and how they are inscribed in the software artifact and the software task.

IT outsourcing (ITO) is a major contributor to cybersecurity risk exposure. When organizations outsource IT needs and/or cybersecurity functions, they explicitly or implicitly assume that ITO providers bear the responsibility for cybersecurity risk. In reality, ITO clients’ risk profile changes and becomes a combination of their risks and a subset of their ITO provider risks. This paper discusses cybersecurity risk challenges that are exacerbated in the ITO context and a commonly made argument that ITO client-provider trust can improve the management of cybersecurity risk. The paper proceeds to contrast three views on how to build trust with ITO providers: decision-theoretic view, transparency-based view, and market-based view. It shows that the market-based view is most likely to emerge as the dominant model for client-provider trust. Market-based trust involves market mechanisms that reward and penalize ITO service providers for obtaining cybersecurity certifications from independent, trusted third-party agencies. Specifically, the same way firms that obtain cybersecurity certifications benefit from positive market reactions that create firm value, so do firms that experience cybersecurity incidents indicating failures of certified IT security suffer punitive market reactions that destroy firm value. The paper elaborates on the feasibility of market-based trust in the ITO context, and shows that it works in the context of cyber failures and IT insourcing. The paper concludes with a discussion of obstacles to widespread adoption of market-based trust by ITO players.

With the increased adoption of cloud services, the resilience of cloud providers is paramount to not only the firm, but also to the stability of the financial sector. Method: We use a “mixed” method of research by using a combination of data ranging from the UK regulator regulatory data and information from the public domain, supported by interviews with technology risk specialists at the FCA. Conclusion: This research acknowledges the strategic role of information systems and recognises the key advantages that cloud providers can bring to financial firms. Most firms are keen to leverage these benefits, by adopting “cloud” into their future IT strategy. However, we find that this may lead to increased reliance on key service providers, thus leading to concentration risk. We also find that lack of supplier due-diligence and interoperability standards between providers can be significant contributors to this risk. This research then arrives at three aspects—availability concerns, cyber-attacks and contractual issues, which could constrain the ability of service providers to provision contracted services—that could potentially cause detrimental effects across the financial sector. Before concluding, we look at factors that could mitigate this risk and the increasing role of regulators, firms and service providers in this endeavour.

Fueled by the growth of Internet-based platforms that provided its technological foundation, and the need for an agile and uniquely skilled workforce, crowdsourcing has grown from the grassroots. Initially linked to more mature concepts such as open innovation and outsourcing, it is slowly developing into its own phenomenon, with a growing body of research investigating its many aspects. To gain insight into the crowdsourcing phenomenon, this chapter thoroughly reviews the literature to identify both areas of saturation and gaps, with a focus on the implications for IS research. Pulling together knowledge on specific aspects of crowdsourcing, we offer a scoping review that provides high-level picture of the current literature. Through this review, we identify key themes that emerge out of the many applications of crowdsourcing, and synthesize the literature to chart a more focused research path moving forward.

The rise of the gig economy has become a global phenomenon that encompasses various industries. Instead of hiring full-time employees, gig economy companies ‘outsource’ work via online platforms to freelance workers who are paid for completing a given task (‘gig’). While gig workers are often portrayed as independent contractors, gig firms leverage advanced digital technologies and smart algorithms to exercise control over their freelance workforce, referred to as technology-mediated control (TMC). This independence-control paradox raises interesting questions in terms of how gig workers perceive the legitimacy of such controls. Against this backdrop, this chapter builds on extant research to propose a three-dimensional conceptualization of TMC legitimacy attuned to the unique features of the gig economy: autonomy, fairness, and privacy. On this conceptual basis, the chapter sets forth to start exploring the nomological network of gig workers’ perceptions of TMC legitimacy and outlines a set of key antecedents, consequences, and contextual boundary conditions, thereby offering directions for future research in the area.

In this paper, we investigate the initial reactions and perceptions of knowledge workers to a planned implementation of robotic process automation (RPA). Using purposive sampling, we conduct a case study in an industry in which workers’ jobs are notoriously vulnerable to automation: we study an accounting firm that is planning to introduce RPA into their core accounting processes. While our informants did raise the expected concerns about job security and loss of control over work, the initial reactions to the technology were surprisingly positive. The informants even expressed enthusiasm and genuine curiosity towards the capabilities of RPA. Overall, our results challenge the views outlined in previous academic literature and popular press concerning the fears and anxieties associated with the introduction of automation technologies in information-intensive knowledge work. To conclude, we theorize on the emerging positively dispersed uncertainty concerning the nature of RPA and the relativistic nature of worker reactions that potentially impact workplace atmosphere.

The implementation of software robots is based on the often time-consuming work carried out by the project team, which often leads to higher than expected costs and time delays. This can be made more efficient by scaling the extension of the robot’s functionalities. However, scaling can only take place once one has understood what can be scaled and to what extent. Therefore, based on an empirically illustrated theoretical conceptualization of scaling the software robot implementation, in this chapter we elaborate how scaling can be approached when implementing software robots.

In this paper, I share some insights obtained from the papers from the fifth International Conference on Outsourcing of Information Services (ICOIS), while drawing upon the broader literature on outsourcing. I examine the current status, changes over time, and potential future directions in the area of outsourcing. As discussed in the paper, the outsourcing of information services (OIS) seems to offer greater potential benefits, with new industries being rooted on outsourcing and significant societal impacts. However, risks associated with OIS have increased as well, making it imperative that firms consider both aspects and not outsource IT when it increases risk and lowers returns. OIS has also become more diverse and more complex, with the broadening of actors involved from one client and one or a few vendors to a large number of individual and organizational external agents, potentially including some central and some peripheral actors as well as crowds, small cloud-based firms, robots, and marginalized individuals. As expected, the governance of outsourcing arrangements has undergone major shifts, from contracted and collaborative arrangements to arms-length and digitally-mediated structures. The research on outsourcing parallels this trend, with greater diversity in both theoretical foundations and research methods, and seems to permeate research in other areas such as business value of IT and design science. Perhaps even more drastic changes lie ahead in OIS, amidst emerging ITs, such as “big data,” blockchains, social media, cloud computing, and artificial intelligence.