384 Part III • Acquiring Information Systems
Application Characteristics
Scope (personal, departmental, organizational)
Criticality/Impact (risk exposure)
Size and usage (one-time, periodic, ongoing)
Business problem complexity (commonality of task, problem structure)Tool Characteristics
Tool sophistication/complexity
InterconnectednessDeveloper Characteristics
User developer skills, experience, and availability
IS specialist skills, experience, and availabilityFIGURE 9.15 Application, Tool, and Developer Risk Factorsorganization, the user-developed system may have to be
abandoned due to the lack of resident knowledge and docu-
mentation within the business unit (Klepper and Sumner,
1990). This risk exposure is especially great when the appli-
cation is being used as a managerial support tool for deci-
sions with high impact or as a regular transaction processing
and reporting system at the workgroup or department level.
These types of organizational risks associated with
user application development increase considerably when
user-developed applications are allowed to proliferate
without adequate coordination and oversight. The first
management responsibility is to identify when an applica-
tion should be user-developed or IS-developed—by assess-
ing the benefits and risks.
Assessing the Risks from UAD
Let us turn now to the issue of under what conditions a spe-
cific application should be developed by business users
rather than IT professionals. As summarized in Figure 9.15,
three types of factors should be considered: characteristics
of the application to be developed, the tools available for
UAD, and the human resources (IS or user) needed for both
a high-quality application and reliable, ongoing operations
and maintenance over the life of the application.
APPLICATION CHARACTERISTICS Several characteris-
tics of the application need to be taken into account. First,
the organizational risks associated with UAD differ
depending on the intended scope (or organizational usage)
of the application to be developed. Organizations assess
risks based on three levels of application scopethat
typically have significantly different risk levels (Pyburn,
1986–1987), as shown below. Personal applications
typically have the least risk, whereas organizational
applications have the greatest risk.- Personal applications developed and used (operated)
by the primary user for personal decision making,
often replacing work formerly done manually - Departmentalapplications developed by a single
user but operated and used (and perhaps enhanced)
by multiple users in a department; departmental
applications often evolve from applications original-
ly developed for personal use - Organizational applications used by multiple users
across a number of departments
In addition to application scope, the potential impact
of managerial decisions based on the application, as well
as the actual size of the application and its intended
frequency of usage, also need to be considered. Small,
one-time applications are typically good candidates for
user-developed applications.
Finally, the complexity of the business problem sup-
ported by the application needs to be assessed in two different
ways: the degree to which the task is common and the degree
to which the problem being addressed is well defined. If the
application is addressing an ill-structured analytical problem,
a combination of business and IS specialist expertise may be
required to develop the best software application and database
to address it. On the other hand, applications to support busi-
ness tasks that are already well understood (common), such as
a system to track the status of multiple departmental projects
or to track communications with various suppliers, are usual-
ly better candidates for user-developed solutions.
TOOL CHARACTERISTICS Two important tool character-
istics to consider are the complexity of the software tools