You are on page 1of 18

University of Technology Sydney (UTS)


Risk Analysis Using Fuzzy Logic for IT


32567 Business Intelligence for Decision Support

Assignment #1

Prepared by

: Ali Al Habib


: 11621366


: 08/09/2014

Table of Contents

............................................................................................ 3

1.0 Introduction

.................................................................................. 4

2.0 Risks of IT Outsourcing ...................................................................... 4

3.0 Fuzzy Logic ..................................................................................... 7

4.0 Fuzzy Logic Approach for ITO Risk Analysis

......................................... 8

5.0 Proposed Model of Fuzzy Techniques ..................................................... 9

6.0 Case Study: India Leading IT Industry

7.0 Conclusion


............................................... 12

................................................................................ 16

....................................................................................... 17

Page | 2

IT outsourcing activities considered one of the critical items for large scale corporative.
Where many organization shifting for outsourcing the IT services or partial functions.
However, this decision required to be studied with respect of risk. The risk analysis
consider an important and essential for organization decision making for many critical
activities. Qualitative and quantitative are classified as traditional methods that used for
risk analysis. However, a structure and hierarchy method for the assessment the risk used
guiding to proper decision making approach which is fuzzy logic. This paper
demonstrated the fuzzy logic methodology for analyzing the risk for IT outsourcing. A
case study is exemplified for applying this technique. Finally, further remarks and future
work for this approach are proposed.

Keywords: Fuzzy, Risk Analysis, IT Outsourcing, Decision Making.

Page | 3

1.0 Introduction
IT outsourcing is one of the important and powerful trend in IT business world.
It has a serious impact for corporative performance and growth. It will support the
companies that wish to proceed in IT outsourcing to focus on their strategic
business and cutoff the cost. Outsourcing typically involves entering into an
official agreement with a third party (vendors/companies) to provide and deliver
specific services, usually for a certain and agreed fees. But this decision which is
Outsourcing the IT completely or partially not always applicable. Even with past
outsourcing experience, managing the outsourcing arrangement is critical and
required an extensive study for risk analysis.
The traditional risk analysis approaches are quantitative and qualitative
analysis methodology. Whereas, the quantitative and qualitative analysis have
some advantages and commonly used. However a hierarchy and structured
method is used for evaluation the risk which is the Fuzzy Logic and leading to
support decision making. This literature review will briefly list some of common of
risks that affect the IT outsourcing. Then will introduce the fuzzy logic method.
Further, explanation for using the Fuzzy logic approach for solving and managing
the risk analysis for IT outsourcing with a demonstrating a case study. A
conclusion provided with recommendation and future work addressed at end.
2.0 Risks of IT Outsourcing
IT outsourcing considered one of the important topics nowadays. This activity
effects in direct way the companies, services, customers and individuals. This is a critical
decision especially for large scale corporate to determine either to proceed for
outsourcing the IT services to keep focus on their core business. The outsourcing. The
main objective of outsourcing in addition to keep eyes and provide a desired quality on
the main business is cost cutting. But in some case the IT outsourcing is not a right
decision for outsourcing the critical IT services that are in-cooperated with central
business activities. The outsourcing decision discussed on IT services that are considered
eligible for outsourcing. A bench marking required to be conducted to evaluate the need
of the outsourcing. In addition to that the risk analysis required to be studied.

Page | 4

There are many risks raised due this decision. The risks are summarized in eleven
(11) points.
1. Possibilities of Weak Management
In some cases the IT services performance and delivery are weak and is not satisfied
the corporate operation due to poor IT management. If the corporate decide to Outsource
due this reason, the company executives should know that the they still need a
professional IT manger has the capability for managing the contracts with outsourced
vendors and track, monitor and maintain the relationship with the third-party. The
company has to consider this risk either to higher qualified IT manger or internally rectify
the performance issue for replacing the position or turn around internally.

2. Inexperience staff
Another risk is once a newly established contracts with a vendor the weak
performance staff would like to transfer to this outsourced company and this will not
improve the performance of outsourced IT services or meet the objective of the
outsourcing. The situation will be worst, in case the selected outsourced vendor one
of the highly ranked companies and specialist staff decided that to move this
company. This will be a big loss for experience resources and original company most
of time eager to keep such resources.
3. Business uncertainty
If the outsources decision based on cost cutting and focusing on the main business
and not evaluating other elements such as the potential growth for the corporate and
future roadmap. Such as a CEO decide to retain the IT services based on growth and
expansion of company activity. This classified as uncertainty with dealing with

4. Outdated technology skills

The market for some technology is not immature to provide such desired service
to be outsource due to the vendors using outdated devices and legacy services.
Moreover, the advance technologies may be offered with rare companies and their
prices significantly high compared to company operation and maintenance.
Page | 5

5. Endemic Uncertainty
Some case there is no define scope or service needed by the employee due to
updated in technology or changing user requirement due unseen requirement in the
project. A fixed contract with outsourcing entities will not be sufficient in the matter.
The companies should have clauses for reviewing their contracts and have them able
to inject their requirement once they objected to change.
6. Hidden Costs
The cost saving and targeting this element is vital for success the Outsourcing. By
comparing the cost of the outsource vendor to company IT budget and operation a
one view of the cost will be expose. But they cannot see hidden cost due to
discontinue for a technology or not considering the turnover phase including the
relocation and redeployment costs. Moreover, not considering the management cost
for this activity.
7. Lack Of Organizational Learning
Some companies executives do not have the full view of IT capabilities and their
role in running their service along the corporate. May they need to experience the
importance role for some service that needed to support especially for the strategic
ones. In some cases strategic assets and facilities are hard to be outsourced
8. Loss of Innovation Capacity
In some areas related to the companies required them to have an Innovative ideas
to be implemented and development for some application to meet their trend and
move forward. The outsourced IT partner may has a limitation on this. The
outsourcing is not a smart option in this situation.

Page | 6

9. Danger of Eternal Triangle

The vendor and company may not speak in one language. The may face a difficulties
in getting understanding each other. As the management seeking to have IT specialist
knows their culture and the vendor may express that the users need a learning curve to
facilitate the implementation. The outsourcing decision may lead to such situation.
10. Technological Indivisibility
Separated IT services from the corporate such as Wide area network leased line, data
center, call centers or portable application designing are not complex to be outsourced.
The issue will be raised where the area to interface such as the desktop PCs, Local Area
Network (LAN), these unobvious and uncertainty about the role and responsibilities
between them.

11. Fuzzy Focus

The IT outsourcing in many cases is not effective to deliver an innovation
environment. Also, it is not meeting the challenging efforts for many vital project
timeframes in related of systems delivery and implementation. The real problem become
more serious when the outsourcing focus on how of IT not what of IT. Then, s potential
efforts from management, executive and other company resources will be exerted in
undefined issues and lead to unsuccessful results.

3.0 Fuzzy Logic

Generally, the risk could be described as possible future loss or undesirable
product that may appear from a certain current action. The discussion on the previous
section clearly shows the risks for outsourcing IT services or any function for the
companies. The need for having a structure technique is important to supports the
decision for proceeding in this strategic goals in cutting the cost and aiming to focus in
main business. An important model briefly demonstrated here which Fuzzy Set Theory.
This model will provide a guidelines for the executives and CEOs in managing the risk of
the IT outsourcing (Samantra, Datta et al. 2014).
Fuzzy logic is one of the most successful of models in business decision making
area. It was initiated and developed by Lotfi Zadeh of University of California Berkeley
in the 1965 as a means to model and represent mathematically the vagueness and provide
structured formalized tool to transfer the status from uncertainty to the clarity to get the
Page | 7

desired decision support problem. Fuzzy model can in-house the uncertainty of
real-world human language and logic. Fuzzy logic addresses and resembles human
decision making with an ability to generate precise solutions from certain or approximate
The fuzzy logic will allow a great in dealing with qualitative data, as well as
object attribute. Also, it offers an attractive trade-off between accuracy and compactness
express relationships in terms of simple rules. Additionally, not computationally
expensive, it is cheaper because they are easier to design and require a few rules to cover
large scale of complexity.
Fuzzy logic and probabilistic logic are mathematically similar both have truth
values ranging between 0 and 1 but conceptually distinct, due to different
interpretations. Fuzzy logic corresponds to "degrees of truth", while probabilistic logic
corresponds to "probability, likelihood"; as these differ, fuzzy logic and probabilistic
logic yield different models of the same real-world situations.
For example, both kinds of truth and probabilities range between [0, 1] and may
seems likely at first look. If we let a 50 ml glass contain 5 ml of water cup. We may take
in our consideration the two concepts: Empty and Full status. The meaning of each of
these status could be represented by Fuzzy Set. One probably define the cup as being 0.5
empty and 0.05 fully. The design might equally be a set of membership function where
the cup would be considered full for all values below to 25 ml.
4. Fuzzy Logic Approach for ITO Risk Analysis
There are many studies discussed the IT Outsourcing risks and provide their
results in published papers. They study various sources of risks and risk mitigate
guideline and advice but they dont try to quantify the degree of risk that could be extent
and considered. The risk factors measured by Quantitative and quantitative criteria.
Where the quantitative criteria could be used in this situation as easy technique. While
the qualitative technique
dealing with subjective measures, as many risk signs and factors subjective in nature and
depend on decision-makers linguistic judgment. The need to transform the linguistic
assessment evaluation to logical mathematical base. Fuzzy model proposed here to show
the capability of this model for risk assessment. A Fuzzy number is define as fuzzy subset
in the universe. There are many type of fuzzy numbers such as triangular, bell-shaped and

Page | 8

trapezoidal used to form a decision making process. For easy the computation and simple
the mathematics the trapezoid is widely used(Samantra, Datta et al. 2014).

Figure. 1. Trapezoid fuzzy number A~

5.0 Proposed Model of Fuzzy Techniques

The methodology proposed is two level of IT outsource risk assessment. The first
level is used for evaluating fuzzy risk extent of multiple potential risk factors.
The second level is used for identifying and evaluate the degree of risk extent of
individual risk sources that affecting to the outsourcing process. The scheme include a
community of k decision makers who are responsible for assessing risks (DMk1,
DMk2, DMk3, , DMk). The number of risks denoted as Rm (R1, R2, R3, m). These
number of risks subjected under influencing factors (F1, F2, F3, Fn). The procedure is
summarized in 7 steps.
Step 1: listing and identification of IT Outsourcing risks and (R) influencing factors (F)
that used to draw a hierarchical risk assessment model. There are 11 risks identified such
as strategic risk, business, technical, financial, legal, operational, environmental,
information risk, managerial risk, relationship risk and time management risk. Each one
of those risk has influence factor. For example, the strategic risk has the following
influence factors:
Loss of organizational competency, F1,1
Proximity of core competency, F1,2
Interdependence of activities, F1,3
Table 1 shows sample of the Hierarchical structure for risk analysis in IT outsourcing.

Page | 9

Table 1 : Hierarchical structure for risk analysis in T Outsourcing

Page | 10

Step 2: The Selection of Fuzzy linguistic classified scale for representing both likelihood
of occurrence and impact of risks, and, also selecting suitable membership functions for
each mentioned variable.
Step 3. Linguistic data (in relation to likelihood of occurrence (L) and impact of risk (I))
for each risk factor have been collected from the experts. Therefore, linguistic data have
been translated into proper fuzzy numbers.
Step 4. Combined preferences (aggregated decision-making opinion) that have been
computed using fuzzy aggregation operators. Fuzzy risk ratings of each influencing factor
have been calculated by multiplying fuzzy likelihood of occurrence and fuzzy risk impact
where R= L X
Step 5. Crisp risk rating corresponding to each risk influencing factor has required to be
calculated using Incentre of centroids method that developed by Thorani applicable for
generalized trapezoidal fuzzy numbers in fuzzy logic theory.
Step 6. Classify and Categorization of risks that has been carried out based on individual
crisp risk ratings.
Step 7. An action requirement plan required to be formulated with reference to different
risk categories.
The above listed steps are designed to be generic (Samantra, Datta et al. 2014).The risk
analysis result may differ from one case to another depend of experts, decision makers
who participated in the evaluation and nature of company policies.
The following section will demonstrate a case study shows the mentioned Fuzzy model.

Page | 11

6.0 Case Study: India Leading IT Industry

Indian company which is one of the IT leader company in India. The case study
conducted with participation of seven selected decision makers. They are classified as IT
executive and mangers expert in the felid of IT outsourcing. They are donated as DM1,
DM2,DM7.They are requested to provide their evaluation for the questionnaire and
rating for linguistic scale.
The risks are identified for the evaluation. The chosen of these risks based on their
importance and common and the sensitivity for IT outsourcing. Each risks (r) having a
correspondent influence factor (f).
Fuzzy Linguistic Scale: Trapezoidal membership function is used for this scale. It is
commonly used and satisfactory for this application (Samantra, Datta et al. 2014). Five
linguistic scale fuzzy numbers are used. The risk is represented by terms, the impact of
risk and likelihood of occurrence R= L (Likelihoods) X I (Impact). They are:
Very Rare (VR), Rare (R), Often (O), Frequent (F) and Very Frequent. These variables
rated by using the flowing rating for risk: Very Low (VL), Low (L), Moderate (M),
Serious (S) and Critical (C).

Table.1 Linguistic scale factor and rating

Page | 12

Data Collection Phase.

The expert requested to provide a two set of linguistic data for assessment likelihood of
occurrence (R) and Impact of Risk (I) for rating and evaluation each risk influencing
factor (f). Table 2 shows a Sample of the likelihood of occurrence for various risk
influencing factors provided by DMs. While Table 3 shows a sample of the Risk Impact
for various risk influencing factors provided by DMs

Table 2. Likelihood of occurrence (L) of various risk factors assigned by DMs in

linguistic terms.

Page | 13

Table 3. Risk Impact (I) of various risk factors assigned by DMs in linguistic terms.

Then, this linguistic information has been transformed into appropriate trapezoidal fuzzy
numbers referring to the linguistic scale (Table 1).
Risk Rating
The next phase of this process is doing the aggregation task. The aggregation done using
using fuzzy aggregation rules based on that associated decision matrices

Page | 14

Table 4. Aggregated preferences by seven candidates in terms of fuzzy numbers and their
crisp ratings.

Where the aggregation is the process which the fuzzy sets are combined to form
a single collective preference fuzzy set. Let k is the
number of decision makers (DMt, t = 1, . . . , k), who are responsible
for the assessing m IT outracing risks (Ri, i = 1, ... , m), with corresponding n
Influencing factors (Fi,j, j = 1, . . . , n). The aggregated fuzzy preferences
as per (Chen, 2000).

Then, the following equation is developed for calculation fuzzy risk rating of each
influencing factors
It concluded that the highest risk rating after applying above calculation is the strategic
risk has the major critical value and contribution to IT outsourcing process for the
decision making refer to figure.2 shows a summary graph for each percentage risk.

Page | 15

Figure 2. The percentage of contribution of each individual risks to the overall ITO risk.
As we observe, this methodology fuzzy based multi-criteria decision making
approach was a successful evaluation used in analysis the risk for IT outsourcing where
resulted that the risk factor with highest degree of risk required to be monitored carefully
to get the IT outsourcing project success without major impacts. Moreover, this
methodology was pass through a validation process by selecting another 15 IT executive
leaders with more than 10 year experience in IT outsourcing for reviewing the process
with respect the applicability of the method, benefits of operation, completeness of risk
factors and importance of strategic planning for IT outsourcing. The result was highly
recommend this methodology.
7.0 Conclusion
Fuzzy logic process for IT outsourcing is an empirical and a reliable method. It is
more practical and more reliable than the traditional and statics approach. It is considered
close to a realistic outcomes as the experts in IT outsourcing and senior executives in this
fields are participating in this study analysis while the others rely on objects inputs. The
risk impact and likelihood of occurrence their weight scores by the experts. In addition to
that, the approach exemplify a modeling for risk influence in hierarchal structured way.
The case studied that applied for IT leader company was illustrated the success
experience in this field. In my opinion, this fuzzy approach could be extended to other
outsourcing activity in the industrial and business sectors. Definitely, this technique will
support the management provision the outsourcing in clear manner and categorize the
risks with their degree. Future work is proposed to have this model developed in
customized application with logged all risks and their impacts associated with risk
Page | 16

influence and have a special entry for risk analysis for different Outsourcing for industrial
and business sectors.

Page | 17

Chen, S.-j. & Chen, S.-m. 2007, 'Fuzzy risk analysis based on the ranking of generalized
trapezoidal fuzzy numbers', Applied Intelligence, vol. 26, no. 1, pp. 1-11.
Earl, M.J. 1996, 'The Risks of Outsourcing IT', Sloan Management Review, vol. 37, no. 3,
p. 26.
Foundation of Fuzzy Logic, Viewed on 02/09/2014,
Fuzzy Control SystemWikipedia, Viewed on 02/09/2014,
Harris, J. 2000, An introduction to fuzzy logic applications, Kluwer Academic, Dordrecht
; London.
Mathew, S.K. 2006, 'Understanding Risk in IT Outsourcing: A Fuzzy Framework',
Journal of Information Technology Case and Application Research, vol. 8, no. 3, pp.
Nazari-Shirkouhi, S., Ansarinejad, A., Miri-Nargesi, S.S., Dalfard, V.M. & Rezaie, K.
2011, 'Information Systems Outsourcing Decisions under Fuzzy Group Decision Making
Approach', International Journal of Information Technology & Decision Making, vol. 10,
no. 06, pp. 989-1022
Samantra, C., et al. (2014). "Risk assessment in IT outsourcing using fuzzy
decision-making approach: An Indian perspective." Expert Systems with Applications
41(8): 4010-4022.
Shankar, N.R., Abdullah, M.L., P Thorani, Y.L. & Bushan Rao, P.P. 2012, 'Fuzzy Risk
Analysis based on a new approach of Ranking Fuzzy Numbers using Orthocenter of
Centroids', International Journal of Computer Applications, vol. 42, no. 3.

Page | 18