Effects of control on the performance of information systems projects: The moderating role of complexity risk

• Date: 01 May 2015
• Published date: 01 May 2015
• DOI: http://doi.org/10.1016/j.jom.2015.03.003
• Author: Shan Liu

Journal of Operations Management 36 (2015) 46–62

Contents lists available at ScienceDirect

Journal of Operations Management

journal homepage: www.elsevier.com/locate/jom

Effects of control on the performance of information systems projects:

The moderating role of complexity risk

Shan Liu∗

Economics and Management School, Wuhan University, Wuhan 430072, China

article info

Article history:

Received 24 January 2014

Received in revised form 31 January 2015

Accepted 9 March 2015

Available online 18 March 2015

Accepted by Thomas Younghoon Choi

Keywords:

Project management

Performance

Complexity risk

Managerial control

System development

abstract

Control of projects is a core issue for organizations. Successful projects, such as information systems

projects, enable organizations to develop a superior supply network and enhance the capability of oper-

ations management. A few studies have investigated the effects of control on project performance;

however,complexity risk has not been integrated into the relationship between control and performance.

Limited evidence has been provided concerning whether modes of control differ in their effectiveness in

the presence of a single risk factor. Based on quantitative data obtained from 128 information systems

projects, behavior, outcome, clan, and self-control are empirically determined to be positively associ-

ated with the system performance of projects. However, complexity risk generates a mixed moderating

effect on the relationship between control and performance. In the presence of a high complexity risk,

the effects of behavior and self-control on performance are low, whereas the effectiveness of outcome

and clan control increases. This finding implies that complexity risk is a double-edged sword with regard

to control. Each control mode exhibits different characteristics and effectiveness under high complex-

ity risk. Therefore, appropriate control modes should be carefully selected, and highly effective control

modes, such as outcome and clan control, should be prioritized in managing complex system projects.

© 2015 Elsevier B.V. All rights reserved.

1. Introduction

Improving project management remains a primary concern of

researchers and managers. Successful projects, such as information

systems (IS) projects, enable organizations to develop a superior

supply network and enhance the capability of operations man-

agement (Bergeron et al., 1991; Cao and Schniederjans, 2004;

Chien et al., 2007; Setia and Patel, 2013). Given the demand for

the integration of logistics, human resources, finance, and infor-

mation, an increasing number of complex system projects (e.g.,

inter-organizational and enterprise resource planning or ERP sys-

tems projects) have emerged (Lu et al., 2006; Tenhiälä and Helkiö,

2014). However, projects over the last decade have exhibited

poor performance regardless of complexity. The Chaos Manifesto

released by The Standish Group (2013) indicated that only 39% of

the investigated projects succeeded, 18% failed, and 43% encoun-

tered schedule, budget, and functioning issues. Projects with high

complexity also face unfavorable situations (Hartono et al., 2003).

∗Correspondenceto: Economics and Management School, Wuhan University, P.O.

Box 11-04, Room A414, Wuhan 430072, China. Tel.: +86 15807106158.

E-mail address: shan.l.china@gmail.com

Approximately 60% of the survey respondents claimed that they

failed to receive even half of the expected benefits from imple-

menting one type of complex project: the ERP system (Krigsman,

2013). These results suggest that previous projects display low per-

formance and that poor control and risk management are practiced.

At least two research streams have aimed to improve project

performance. One stream builds on control-based theory and high-

lights the importance of formal control (i.e., a mechanism that

relies on process and outcome evaluation) and informal control

(i.e., a mechanism that relies on social and self-regulating strate-

gies) (Kirsch, 1996, 1997; Tiwana, 2008; Choudhury and Sabherwal,

2003). The other stream includes risk-based views and empha-

sizes the significance of managing critical risks (Wallace et al.,

2004b; Schmidt et al., 2001; Liu et al., 2010). Researchers have

recently combined these two streams and argued that risks interact

with control to influence performance (Keil et al., 2013). How-

ever, the integration of the two research streams failed to consider

the complexity risk. This research insufficiency is rather surpris-

ing because complexity inherently exists in the development of

projects, wherein technological issues and organizational factors

beyond the control of project teams must be addressed (Xia and Lee,

2005). Three research gaps in previous studies on project control

have been identified.

http://dx.doi.org/10.1016/j.jom.2015.03.003

0272-6963/© 2015 Elsevier B.V. All rights reserved.

S. Liu / Journal of Operations Management 36 (2015) 46–62 47

First, many studies have focused on the choice of control

during the development of projects (Kirsch et al., 2002, 2010;

Rustagi et al., 2008). However, the relationship between control

and performance should be further examined. Previous research

has presented four modes of control, namely, behavior, outcome,

clan, and self-control. Behavior control is a formal mechanism

employed by controllers to evaluate controlee performance on

the basis of the latter’s adherence to the prescribed procedures

and the steps initially defined for a task (Kirsch, 1997). Outcome

control is a formal mechanism that controllers utilize to evalu-

ate controlee performance based on the extent to which output

targets are achieved (Choudhury and Sabherwal, 2003). Clan con-

trol is an informal mechanism that controllers utilize in enabling

the project team to embrace common values, employ consen-

sual problem-solving approaches, and pledge to achieve collective

goals (Kirsch et al., 2010). Self-control is an informal mecha-

nism employed by controllers to allow controlees to set their

own goals, manage their achievements autonomously, and sanc-

tion or reward themselves (Kirsch and Cummings, 1996). Control

researchers argue that performance can be enhanced by employing

various types of control. This argument is supported by the prior

evidence (e.g., Tiwana and Keil, 2010; Keil et al., 2013). Neverthe-

less, contradictory results on the effects of these control modes

on project performance have been obtained by previous studies.

For instance, several studies have found that behavior control pos-

itively affects performance (Henderson and Lee, 1992; Klein et al.,

2006), whereas other studies have suggested that the effectiveness

of behavior control is insignificant (Tiwana and Keil, 2010). Con-

tradictory findings also exist with regard to the effectiveness of

clan control (Tiwana and Keil, 2010;Liu, 2015). Therefore, further

empirical evidence is necessary for a clear understanding of this

issue.

Second, project risks often affect control effectiveness. Such

risks include complexity risk (i.e., the inherent uncertainty in

system complexity), which denotes the difficulty of project devel-

opment (Wallace et al., 2004a). Although risk and control have

been integrated to examine their joint effect on project perfor-

mance (Keil et al., 2013; Liu, 2015), complexity risk has not been

investigated. Complexity risk is regarded as one of the critical

risks in various types of projects, such as IS and new product

development (NPD) projects (McCarthy et al., 2006; Liu et al.,

2010). Further understanding of the role of complexity risk can

provide insights into how to manage such a risk effectively.

Furthermore, several findings on the interactions between con-

trol and risk are contradictory. For example, Keil et al. (2013)

present a conceptual model that reveals that risks have neg-

ative moderating effects on the correlation between control

and performance. They also empirically demonstrate that user

and requirement risks weaken control effectiveness in projects.

Although this finding is intuitive and has received empirical sup-

port, other researchers have argued that risks enhance control

effectiveness because several control modes (e.g., outcome con-

trol) are effective in uncertain environments (Harris et al., 2009;

Rustagi, 2004). Therefore, whether key risks, particularly com-

plexity risk, enhance or suppress control effectiveness should be

examined.

Third, although various risks have either positive or negative

moderating effects on control effectiveness, such effects on each

form of control are consistent. Limited evidence has indicated that

some control modes are less effective, while others are more effec-

tive in the presence of a single risk factor. However, such a situation

is possible for complexity risk because this risk is unpredictable and

may not necessarily generate a negative effect. Several researchers

argue that a high complexity risk in product development can

increase profits with effective complexity management (Jacobs and

Swink, 2011). Complexity risk can also promote innovation despite

increasing transaction costs and reducing product responsiveness

(Choi and Krause, 2006). Furthermore, different control types have

different features. Behavior control is mechanistic and emphasizes

predictableperformance, whereas self-control is highly flexible and

allows for considerable emergence (Ouchi, 1980; Das and Teng,

1998). By contrast, outcome and clan control are organic and bal-

ance the degree of control and emergence (Chua et al., 2012; Harris

et al., 2009). Given that the management of complex systems with

both emergence and control outperforms that with either emer-

gence or control alone (Choi et al., 2001), the effectiveness of each

control mode differs under the condition of high complexity risk.

Therefore, investigating how complexity risk alters the correlations

among different control modes and project performance is critical.

Managers can then select appropriate control modes to manage

complex projects.

The aforementioned problems are associated with practical

issues because ineffective control mechanisms applied by man-

agers in a particular risky context may work effectively in other

contexts. Understanding these discrepancies enables users, project

managers, and other stakeholders in cross-function teams or orga-

nizations to minimize investing unnecessary resources and costs

and avoid unrealistic optimism about project outcomes. IS projects

are investigated in this study because complexity is a property of

IS, which is intangible and constantly changes (Brooks, 1995). We

attempt to fill the aforementioned research gaps under the guid-

ance of the following questions.

(1) How do control modes affect the performance of IS projects?

(2) How does complexity risk differentially change the

control–performance relationship in IS projects?

Investigation of these issues can provide new insights that

would contribute to general project and supply chain manage-

ment literature. Control can be exercised in outsourcing projects,

which are prevalent in IS projects. Thus, understanding of the above

mentioned issues can contribute to the outsourcing literature by

demonstrating how the performance of outsourcing projects is

influenced by various control modes in the presence of complex-

ity risk. The control issues investigated in this study relate to both

the controller and controlee. Such a control relationship also exists

between buyers and suppliers or between clients and vendors (Li

et al., 2010; Stouthuysen et al., 2012). Therefore, this study con-

tributes to the supply chain management literature because the

control relationship can be extended to the buyer–supplier rela-

tionship. By investigating the effectiveness of each control mode,

the controllers (e.g., buyers) in a project or a supply chain can dis-

cover how to work effectively with controlees (e.g., suppliers) and

manage their relationships to achieve high performance. In addi-

tion, investigation of the collective effect of complexity risk and

control on performance allows managers to effectively adopt differ-

ent forms of control to manage other complex systems, such as NPD

projects and supply networks (Choi and Krause, 2006; McCarthy

et al., 2006). Thus, this research contributes to the NPD and sup-

ply chain management literature by integrating complexity and

control.

This paper is structured as follows. First, existing studies on

control, risk, and complexity are reviewed, and the relevant the-

ories associated with these concepts are introduced. Second, the

research model is developed and the hypotheses are presented.

Third, the measurement model is evaluated and the hypotheses are

empirically tested through hierarchical regression analysis based

on survey data obtained from 128 IS projects. Finally, the results

of the hypothesis testing are presented, and the theoretical and

managerial implications of the findings are discussed.