Abstract

This study investigates the risks of service procurement and the role of risk management practices during service procurement processes for IT services. As a result, the study provides a typology for understanding risk in the IT service procurement context. The findings indicate that several practices related to risk management during the service procurement process are important in reducing the probability and impact of risks. The study shows how a collaborative approach to risk management with service providers is also necessary to manage service disruptions. As such, the results of the study exemplify how risk management practices can support the procurement process for services. Based on the practice-based view, this study provides an explorative framework and propositions for enhancing service performance through the adoption of risk management practices.

Introduction

The procurement of services is associated with exposure to multiple risks that may cause failures in service provision (Harland et al., 2003; Ellram et al., 2008; Lacity et al., 2016). Buying services involves increased levels of risk for the buyer organisation due to complex interactions and inherent uncertainty associated with service exchanges (Vargo and Lusch, 2008). Thus, the service procurement process is complex and unique and requires addressing risks that could prevent the buyer from achieving the desired outcomes of service purchases (Ellram and Tate, 2015; Wynstra et al., 2018).

The purpose of risk management practices is to support the procurement decisions and supply management by reducing the likelihood and negative effects of disruptions that originate from suppliers or supply market characteristics (Zsidisin, 2003). Practices for managing risk can be implemented to improve the identification, assessment, mitigation, and monitoring of risks that relate to the outcomes of procurement decisions (Tummala and Schoenherr, 2011). Although prior research has not explicitly discussed risk management in the service procurement context, studies show that many practices during the service procurement process are implicitly related to the purpose of managing risks. For example, the generation of detailed service specifications reduces uncertainty by ensuring that expectations and service provision outcomes are well-defined and understood (Ellram et al., 2004). Similarly, the implementation of governance mechanisms, that is, contractual, relational, and outcome-based governance, supports the prevention of service failures (Gelderman et al., 2015; Akkermans et al., 2019). It is well understood that collaborative practices between buyers and service providers during procurement and service provision are valuable and prevent undesired outcomes (Grönroos, 2011; Grudinschi et al., 2014). Overall, studies show that the use of practices that are implicitly related to managing risks also improves service performance, including the service quality, service levels, and customer satisfaction (Ellram et al., 2008; Tate and van der Valk, 2008; Akkermans et al., 2019).

Discussion and conclusions

This study investigated the risks of service procurement and risk management practices that are applied during the focal company’s procurement process for IT services. First, we distinguished multiple risk factors and classified them into three contexts that reflect their sources. Furthermore, we documented the main routines within the focal company’s practices to either identify, assess, mitigate, and monitor risks or collaborate in risk management with service providers during the service procurement process. Overall, our findings indicate that, without explicit efforts to manage risk factors during the procurement process, services may become vulnerable to disruptions that reduce the availability or quality of service use. Based on the empirical findings and the theoretical background, propositions and an explorative framework (Fig. 2) were created.

The findings indicate that the focal company’s ability to manage the risks of IT service purchases is partly dependent on the implementation of structured risk management practices before service characteristics have been formally specified. This notion supports the general assumption that challenges with the procurement process for services are primarily reflected in the transaction characteristics of services and the buyer’s capacity to understand and manage heightened levels of uncertainty related to them (Wynstra et al., 2018). For example, the service buyer must avoid incomplete service specifications by investing resources into generating a detailed understanding of their service needs, which can then be communicated to the service providers (Ellram et al., 2008; Van der Valk and Rozemeijer, 2009). In line with these considerations, this study elaborates how the focal company implements routines to identify and assess risk factors during the early stages of the service procurement process. These risk management practices are found to produce important information about risks and their relative significance, which supports the focal company’s ability to establish more complete service specifications ex ante contract. Thus, the following proposition is made.