Information System Outsourcing Risks in Banking Sector of Ethiopia

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Outsourcing, a management practices strongly consolidated within the area of Information Systems, is currently going through a stage of unstoppable growth. The aims of this research are to determine the IS services that are currently being outsourced and to describe the main reasons which may lead banks to adopt Information Systems Outsourcing, analyze the associated risks that IS clients are likely to face and risk management practice in the case of the banking sector in Ethiopia. The researcher used a quantitative research method and as data collecting instrument questionnaires. The findings from this research showed that network service is the major common IS Services' activity that is being outsourced, and ATM maintenance is the second highly outsourced IS services. Website hosts are the third mostly outsourced IS services in the banking sector. Help desk support is the least outsourced services with none of the respondents indicating that their banks are outsourcing the services. Improve service quality was cited by the respondents as the major reason for outsourcing IS services and the second major reason was to access better skill and expertise. Reduce the cost was the least rated of the reason to IS outsourcing. From the findings' access and security risk was major risk that rated by the respondents. The second risks rated by the respondents were loss of control risk, and the third risk was a loss of innovative capacity, i.e. the bank, loss capability of creativity on new things. Reputational risk was the least considered as a risk in IS outsourcing. As risk management in the banks, it was revealed by most of the respondent in the banks have structured risk management procedures or guidelines for the outsourcing of IS in place. Banks have a controlling mechanism to check the performance and service quality of the service provider and also have the procedure that follows to measure the success/failure of outsourced information systems. In the bank, the IS manager has a poor communication to their employees, i.e. the risks they faced or challenged by outsourced IS recognition are not appropriately communicated to employees in the banks. The bank has not a properly process to audit the service provider to assess its compliance with the policies, procedures, security controls and regulatory requirements. Protecting confidential data and access management in the banks was considered to be important, so according to the respondents, there is a high protection of the sensitive data and there were proper access managements are reviewed regularly basis in the banks and the risk that appropriate exit strategies are in place.



Outsourcing, IS Outsourcing, Reasonto Outsourcing, Risks Associated to Outsourcing and Risk Management