Mitigating Knowledge Management Internal And External Risk Factors:A Literature Review Of Best Practices

ABSTRACT: Used to store, manage, and leverage information, knowledge management systems are becoming increasingly valuable assets within organizations. Organizations must manage knowledge internally (through knowledge risks) and externally (through reputational risks). We define knowledge risks as internal human, technological, and organizational factors, and reputational risks as the effects of knowledge risks and external perils to reputation, credibility, financial status, and future success. An oversight of either risk type can cause significant damage to an organization. This literature review was a means to analyze, categorize, and offer best practices for mitigating risks within a knowledge management system. KEYWORDS: #Risk management, #informationloss, #knowledgerisks, #knowledgemanagement, #reputationalrisks

1. Introduction

Risk is the possibility that actions or events could lead to consequences that impact what people value (Burnap, 2021). Organizations’ most-considered risks are knowledge loss and disinformation or unreliable information (Durst & Zieba, 2018). Although awareness could inspire leaders to gather information and suggest proper risk management strategies, researchers have not yet observed the totality of mitigating knowledge management system (KMS) risk across industries. Organizations must ensure that risks are anchored in their risk management to avoid disasters due to neglect (Durst, Hinteregger & Zieba, 2019). Further, there is a need to establish how to conduct, follow, and customize risk management assessments for KMS. Researchers have focused on risk and knowledge management as separate topics or applied conceptual frameworks to a specific project. Alhawari, Karadsheh, Nehari Talet & Mansour’s (2012) attempt to provide a knowledgebased risk management framework for information technology projects provides a foundation but cannot be applied to all fields. Thus, there is limited knowledge about the relationship between risk management and implementing KMS across a wide range of industries. Despite a knowledge management (KM) implementation failure rate of 50-70% (Rhem, 2015), KM remains unexplored among many organizations in need of risk awareness. In this paper, we present the findings from a literature review to identify risk management components for implementing and maintaining KMS, which can pose a significant risk for organizations.

1.1. Significance of study

Experts and leaders should integrate risk management with KM to achieve the best outcomes for their organizations (Durst et al., 2019). In addition, organizations should be able to identify and understand potential knowledge risks (Durst & Zieba, 2018). This study will provide a significant resource for organizational leaders, policymakers, and researchers on the benefits of mitigating knowledge and reputational risks. High-level question: What are the best practices for mitigating risks within a knowledge management system? Q1: Are there risk factors specific to knowledge management? Q2: Is there a relationship between knowledge and risk? Q3: Can a knowledge management risk assessment follow a traditional risk assessment flow?

2. Literature review

Knowledge management is the process of sharing, transmitting, distributing, collecting, and documenting knowledge (Abualoush, Masa’deh, Bataineh & Alrowwad, 2018). Leaders use KM to systematically manage organizational knowledge assets to create value and meet organizational objectives. However, managing knowledge also involves managing risk (Yarovenko, Bilan, Lyeonov & Mentel, 2021); therefore, we discuss the KM risk cycle to understand the relationship between knowledge and risk. The KM risk cycle describes the interplay between organizations’ KM and risk management activities. Lipa, Kane & Green’s (2022) riskknowledge infinity cycle shows that KM and quality risk management are synergetic, in that “a robust [quality risk management] program will reduce risk while applying knowledge and creating new knowledge, while and a good KM program will ensure the best possible knowledge is available for risk reduction and to foster continual improvement” (Lipa, 2020). Lipa et al. presented four primary findings: (a) both the input and the outcome of risk management are knowledge; (b) knowledge has an inverse relationship with risk; (c) risk is informed by knowledge that is readily available, while new knowledge is informed by risk; and (d) the risk-knowledge infinity cycle is perpetual. We now discuss the basic elements of a risk management process and apply KM concepts to each. The risk management process has four stages: risk identification, risk assessment, risk mitigation, and risk monitoring (Dahiya, Solanki & Dhankhar, 2020).

2.1 Risk identification

We start by identifying potential risks associated with KM activities. In this stage, organizational managers discover and document risk factors for future analysis (Dahiya et al., 2020). Organizations can uncover risks by brainstorming from prior personal experiences, consulting with experts, or holding stakeholder meetings.

2.2 Risk factors

Our discussion of possible KM risk factors has two categories: knowledge risks and reputational risks. Knowledge risks can be any activities related to internal KM, such as human, technology, and operational vulnerabilities (Durst et al., 2019). We propose that once knowledge leaves the confines of an organization and enters the general public, knowledge risks become reputational risks. Sickler (2021) identified reputational risk as the potential harm to an organization’s reputation, leading to negative perceptions and a loss of credibility, customers, and finances. Internal knowledge risks can turn into reputational risks when information becomes public or is disclosed to external parties, especially if the information is negative or damaging. Because 70-80% of a company’s market value comes from intangible assets such as brand and intellectual capital (Su, 2014), it is necessary to understand the best practices of mitigating knowledge and reputational risks. 2.2.1 Knowledge Risks (Internal) Knowledge risks relate to an organization’s day-to-day operations (Durst et al., 2019). An ideal approach to knowledge risks is to focus on the organization’s personnel and information technology mechanisms. Here, we outline knowledge risks at the organizational and individual levels. Knowledge Hoarding. With knowledge hoarding, individuals accumulate and keep knowledge to themselves rather than sharing it with others (Durst et al., 2019). Knowledge hoarding leads to a lack of collaboration and knowledge sharing, which could hinder innovation. Although some employees perceive that knowledge developed on the job is their personal intellectual property, the knowledge belongs to the organization (Bilginoğlu, 2019). Knowledge hoarding can be intentional or unintentional. Individuals might resist knowledge sharing due to a lack of training or understanding of the KMS (Friedrich, Becker, Kramer, Wirth & Schneider, 2020). They could also be resistant due to the inconvenience and time or because they do not want to share. Because knowledge sharing is considered an essential activity (Ahmad & Karim, 2019) directly linked to organizational expansion (Rumanti, Wiratmadja, Sunaryo, Ajidarma & Ari Samadhi, 2019), we conclude that knowledge hoarding is a risk factor that could hinder the growth of an organization. Data Quality/Knowledge Quality. Data quality risks stem from potential issues or problems affecting data accuracy, completeness, and reliability (Cichy & Rass, 2019). These risks can arise from various sources, including data entry errors, data definition inconsistencies, lack of proper validation checks, and insufficient data management processes. Data quality is a crucial aspect of knowledge quality because the quality of knowledge is only as good as the quality of the data it is based on. Poor data quality can lead to missed business opportunities and poor decision-making (Cichy & Rass, 2019); therefore, ensuring quality data is essential to achieving high knowledge quality and making informed decisions. Practitioners and researchers recognize the value of data quality. Intellectual Property. In a knowledge driven economy, knowledge assets are essential to gain a competitive edge (Oladejo, 2022). These assets, called intellectual property, can include trademarks, copyrights, patents, trade secrets, and other proprietary information. In the context of KM, intellectual property risks refer to potential legal and financial problems arising from asset infringement or misappropriation. In the past, organizations dismissed the need to protect their knowledge and intellectual property rights (Ali & Tang, 2022). Now, newer research shows that intellectual property in the context of KM is an important component of an organization’s day-to-day activities. Cyberattacks. Cyberattacks include unauthorized access to or malicious attacks on computer systems and networks, including malware, phishing, man-in-the-middle, and denial of service (Li & Liu, 2021). Cyber hacks pose a significant threat to an organization’s knowledge assets. Knowledge assets, such as confidential business information, trade secrets, and customer data, can be valuable targets for cybercriminals. Cyberattacks have many risks, including the theft of information, financial data, and trade secrets. They can also cause disruptions to critical business....

Click here to read the full article