Integration, complexity & Risk The making of technology-out out-of-control Aalborg, Aug. 2006 Ole Hanseth, University of Oslo
Background LSE-Oslo project: Integration and The Duality of Risk Exploring new risks Book: Ciborra & Hanseth (eds.) Complexity, Risk & ICT, Elgar Publishing, 2007. 5 cases: Hospital: EPR Telecom (Mobile): Billing Bank: Global e-mail e infrastructure Ship classification: In house dev. ERP Pharmaceutical: Intranet
Complexity and Risk BCS&RAE: The Challenges of Complex IT Projects http://www.bcs.org/nr/rdonlyres/3b36137e-c5fe C5FE-487B-A18B-4D7281D88EF7/0/complexity.pdf Situation today: High failure rates, best practices not adopted Growing complexity Old methods have not scaled, new ones have not emerged Understand it Manage it: Risk Management
Complexity Complexity = number of types of components*number of types of links*speed of change Dramatically increased SOCIO-TECHNICAL COMPLEXITY: integrating technologies, users, organizations, work practices,
Theories of Complexity (and Risk) Risk Society/Reflexive Modernization Complexity Sciences Actor-Network Theory Propagation of (un-intended) side-effects effects
Risk Society/Reflexive Modernization Globalization Risk = unpredictability = side-effect effect Environment: global warming, biotech Propagation of side-effects: effects: domino-effects boomerang effects Self-destructive More integration => More risk! Non-knowledge is the engine of change
Complexity Sciences Complexity Sciences: CAS; Chaos Theory, Cells making a body, molecules making a liquid,.. Autonomous, self-organized, learning oriented, open Emergent orders Attractors Positive feed-back Non-linearity Driver of change and learning: variety - Order at the edge of chaos Destroyed if tried controlled/redesigned from above/outside
Standardization The economy as evolving complex systems, the emergence of standards Network externalities (=side-effects) effects) Increasing returns Path dependency Diffusion of standards Change of standards: Backward compatibility Chain of events Lock-in
). A self-reinforcing installed base
Actor-Network Theory Heterogeneous networks: humans and non-humans, technological and non- technological components Fluids: changing and staying the same Order s dis-order (side-effects) effects)
Complex technologies in Organization Studies Perrow: : Normal Accidents Theory Tight couplings and interactive complexity LaPorte (Weick): High Reliability Organizations Focus on risks Learning from experience Who is correct? The limits of knowledge and learning Giddens/Back: More knowledge may lead to less control
General pattern Integration to increase control (of complex processes) Integration increases complexity = managing complexity by increasing complexity => less control
Reflexive Integration: Electronic Patient Records Ole Hanseth, Edoardo Jacucci, Miria Grisot,, and Margunn Aanestad Reflexive Standardization: Side Effects and Complexity in Standard Making MISQ Special Issue on Standards Aug. 2006. Aim (1995): One integrated patient record One integrated system Norwegian standard Better and safer patient treatment Result?
Making a standard => Killed it The beginning: 5 Norwegian regional (and university) hospitals + global vendor Integrating data across specialities/units and hospitals Integration with infrastructure (computers, OS, network,..) Integrating practices within and across hospitals Integrated with Siemens products and strategies Globalized the project (Scandinavia, Europe, India, US,..) Slow progress competing products emerged Health care reform in Norway: Regional standards
Getting rid of paper =>More paper After 8 years: 20-30% of info electronic Lots of air in printouts Electronic lab reports up to 14 paper copies
One integrated system => More systems From 5 to 134 EPR systems One patient one record order creates dis-order IVF: father and mother Birth: Mother & child. specialist systems (the wider the scope, the lower usability) Instruments which include EPR s
Integrated patient record => More fragmentation More EPR-s More paper => Poorer access to paper record Crises in the archive Crises!! Scanning? also added to the complexity
Patient risks? http://www.nrk.no/nyheter/distrikt/nrk_trondelag/1.622219 Krisemøte på St.Olavs Datasystemet ved St Olavs Hospital er ute av drift. Alle de nye sentrene står uten både interntelefoner og datasystemer. Kriseledelsen ved sykehuset er nå innkalt til møte. Av Elisabeth AasPublisert 20.06.2006 09:54 Folk som skal i kontakt med sykehuset anbefales å ringe 113 om det er akutt. I følge informasjonsmedarbeider Marit Kvikne begynte problemene å tårne seg opp i går kveld, før systemet kollapset i løpet av natta. Katastrofeledelsen ved sykehuset er innkalt og det jobbes med midlertidige løsninger for å opprettholde sikker drift. Nær halve sykehuset er uten datanett. Både øre-nese-hals-avdelingen, slagenheten og laboratoriessenteret er satt ut av spill som igjen påvirker primærleger rleger. Sykehuset hadde i dag tidlig pressekonferanse om datatrøbbelet bbelet. Og det blir en ny klokken 13. - Sykehuset går over i en katastrofeberedskap.. Vi håndterer øyeblikkelig hjelp på en god måte,, men må redusere på den vanlige virksomheten vår, sier fungerende sykehusdirektør,, Gunnar Bovim, til NRK Trøndelag ndelag. Konsekvensene ved datasvikt er omfattende.pasientlistene fungerer ikke på grunn av data-problemene problemene, journalsystemet er nede og telefonsamtaler til og fra avdelingen er ikke mulig.
New strategy 2003-2004: 2004: Portal Also quite complex.?
Reflexivity: Global Bank System risks, near disaster Ongoing growth and integration Variety of e-mail e systems, services, practices E-mail: from instant messaging to business critical archive One integrated e-mail e system, one integrated and centralized support organization Integration of cultures? Bank Holiday Shutdown The system didn t t boot: to much e-maile Booting locally, restoring back-ups Access rights: full rights to everybody Global access to sensitive information Booted after a week
Reflexivity: Mobile Phone Billing Australian company went bancrupt Rapid growth and change over many years Customers, employees, services, telecom infrastructure, IT infrastructure, ISs,,.. Going global: expatriates Consultancies, outsourcing Communication Matrix More consultancies: mixture of methods, hiding info. Risk Management Many risks.. To many: complex system in itself Avoiding blame Risk Shuffling (distribution of bads )
Could the risks have been managed? Predicted? Would best practise make a difference? Spiral model/prototyping?
High Reliability Organizations? Learning? EPR: More integration Will experience do it? Or institutionalized irresponsibility?