Exploratory Study on Risk Management in Open Innovation

Open innovation is a strategy with increasing adoption by value-seeking companies using or sharing technology with the outside world. But this strategy is also accompanied by risk. However, risk management seems to have been overlooked by researchers on open innovation networks. This exploratory work clarifies to what extent the issue of risk has been considered in open innovation research. Presented results are based on interviews and analysis of existing literature on open innovation.


Introduction
The combination of ideas from Collaborative Networks (CN) and Open Innovation (OI) is creating new synergies through which companies seek collaborative innovation practices outside their boundaries [1]. Although the topic of OI is receiving considerable attention in the last years, and a progressive opening of the boundaries of companies has been taking place, this openness is not immune to risks.
Open innovation is on a growing trend, as suggested by a recent survey [2], which found that 79% of company executives believe that their companies were effectively gaining from open innovation, and more specifically, from using innovations from other industries. Furthermore, 71% of the enquired entrepreneurs hoped to increase their investment in OI-based projects in the following year. Their motivation is to increase commercial success and share risk, as new products and services have always been prone to failures, as illustrated by the 102 paradigmatic examples of product failures reported in [3]. But failure is intrinsic to innovation processes [4]. A recent work curiously titled "failure is the mother of innovation" [5] offers the following quote: "Many people dream of success. Success can only be achieved through repeated failure and introspection. Success represents the one percent of your work that results from the 99 percent that is called failure", which constitutes a paramount driver of the open innovation dynamics.
According to [6], the failure rate of new products is defined as the percentage of new products that are introduced in the market and then fail to meet the commercial expectations. Based on this definition, this work mentions several empirical studies which show an average failure rate of 35%. But considering a less strict notion of failure rate, not just commercial but also including concepts, ideas and prototypes that did not go further, the failure rate is much higher, although difficult to assess because these cases are usually not reported. Therefore, and according to the mentioned study, common belief arguably puts the number of failure rate above 80%. Complementarily, Table 1 shows a number of cases collected from online media documents regarding organizations, news products and open innovation, which are in the neighborhood of this value.  [11] (1) Depending of the category of products; (2) in food and beverage products Unfortunately, beyond the food and beverage example in this table, figures concerning OI failure rates were difficult to find. But the openness and partnershipbased characteristics of OI suggest that we can extrapolate from these numbers and consider that OI failures might also be leveled to high values. Furthermore, OI has got its own specific risks. For instance, "lack of awareness of the benefits of cooperating", "limited information on functional capabilities of potential partners" and "limited information on trustworthiness" were identified as OI failure causes in [12]. Therefore, the risk of failure is intrinsic to OI. However, something which causes some surprise is the apparent absence of literature addressing risk in open innovation. For example, a search performed in Publish or Perish [13] for publications between 2013 and 2017 which had "open", "innovation" and "risk", as keywords in titles of the papers, provided just 10 results, 4 of which were published in 2016. On the other hand, a similar search, using the same criteria, for literature with "risk", "supply", and "chain" in papers' titles provided 1090 results, which amounts to 100 times more than the previous search for OI. Although we could search with other keywords, this order of magnitude between the amounts of literature in these two areas may indicate that risk has been overlooked in OI literature. This contrasts with the failure rates manifestations mentioned before.
Therefore, it is important to find out to which extent and which aspects of risk are addressed in open innovation literature. The objective of this work is, therefore, to perform an exploratory analysis of risk in OI in order to contribute to clarify its nature, namely the most important dimensions. This analysis is based on testimonies of participants in open innovation projects and analysis of open innovation literature, using a text mining approach.
The remaining of this paper addresses Open Innovation and Risk Management, which is then followed by the description of the exploratory analysis, the result analysis, and future work.

Open Innovation
Innovation and its impacts on social, economic and political markets are widely acknowledged among policymakers and other stakeholders as an important endeavor. Recently, there has been a dense production of literature on the importance of innovation in contemporary societies [14].
The term innovation has become part of the public and political discourse and indelibly marks the various scientific areas. Various definitions of innovation are available. The one that is usually given states that innovation occurs when the invention reaches the market [15]. The concept of open-innovation (OI) has reassessed the role of innovation in the current context of the global economy [16], [17], contributing to updating innovation networks. OI has both academic and business relevance, bearing in mind that R&D activities are increasingly distributed, collaborative, and global, requiring novel forms of governance. The OI concept introduced by Chesbrough in 2003 [16] broke with the classical linear model associated with the paradigm of closed innovation and introduced new challenges in the process. OI is, by definition, "open" and shows some facet of "public domain". When promoted by the states, governments and international public institutions, it becomes an important driver of the development of innovation in society in general.
But OI is also a "game" between public and private knowledge sources, being crucial to balance these two parts. On one hand, companies want to be unique in terms of the products and processes they offer, an aim that seems to be a paradox in relation to OI itself. On the other hand, they gain essential value to their internal products by making them available in the market. OI is a continuous process balancing knowledge that cannot be made available and must be kept secret by the company and other knowledge that must be disclosed to the market.
If companies want to incorporate the concept of OI and make it part of their market strategy they must be at the cutting edge of technology and at the forefront of innovation itself. If this is not the case, they can lose their expert knowledge to other companies who may utilize this knowledge to develop newer products that might surpass those initially presented by the leading company. As a result, these companies may also take the driving position in the market.
Thus, although an OI approach may create positive outcomes, it also bares some risk. Thus, companies should have a proper strategy to protect innovation within their organizations, to generate boundaries and make achievements measurable. The governance model that various collaborating partners have (large companies, startups, S&T community, and others) is also very important [18]. When organizations work in an OI environment they must be aware of the greater risks involved in order to keep their competitive edge.

Base Concepts in Risk Management
According to the ISO 31000 standard [19], risk can be defined as a concept which expresses the effect of uncertainty on achieving pre-established objectives, in which an effect can be seen as a positive or negative deviation from an expected outcome. Risk is usually characterized by establishing associations between events and consequences, and corresponding likelihoods of events occurrence. Uncertainty represents a state, which arises from deficient (or lacking) information or understanding related to the events, consequences or likelihoods.
Risk Management corresponds to a set of activities that organizations use to control the many risks which may undermine their ability to achieve objectives [19]. Organizations try to manage these risks, which implies, among other aspects, an accurate identification of their sources, modes and effects. Then risks are leveled to allowable "levels", namely, reducing the likelihood of events or minimize their severity. Risk sources may come from different contexts, so there will always be some degree of uncertainty during the development of any project, particularly in the conceptual and design phases, because we are not able to have a complete picture of all factors that may affect projects.
Globalization brings higher opportunities, namely through possible involvement in global value chains, but also higher hazards and unknowns, so different types of risks must be considered since early stages and during all project life. As such, for example, since 2008, Portuguese public tenders have compulsory specifications for risk activities. It is required that contractors have to perform risk management activities process [20], demanding for contractual rules which directly or indirectly concern risk sharing and transferring, benefit sharing, and establishing rules for situations of non-compliance of contracting parties with the work plan of the public contractor [21]. This induces the need to add additional risk activities for risk and uncertainty modeling and scheduling in public tender proposals [22].
Also in 2011 the ISO Technical Committee on Information Security Risk Management updated their corporate or enterprise processes [23] incorporating ISO 31000 standard on "Risk management -principles and guidelines" [19] and identified associated tools [24], which are mostly focused on negative risk management and security practices, while also reinforcing the use of several classical risk tools as Brainstorming, SWOT and scenario analysis, FMEA (Failure-Mode-and-Effects) analysis [25].
More recently, since 2015, the idea of risk-based thinking and knowledge management has been spreading on enterprise management processes, embedding risk management more deeply on current companies' management practices [26]. This trend is aligned with the classical international standard on Project, Programme and Portfolio Management practices and competencies approaches [27], [28], [29], and introduces on the enterprise's processes not only hazard and negative risks but also opportunities or positive risks management.

The Exploratory Study
As mentioned previously, this work consists of a study of the risk aspects present in OI literature, while assuming a risk management perspective on OI. A text mining knowledge extraction process based on a risk taxonomy is adopted.

Methodological Steps
The adopted method for risk-related OI literature analysis includes the following steps:  Get aware of standards concerning risk from a risk management perspective.  Propose of a taxonomy of risks, as a result of the previous step.  Collect further evidence from experts through interviews.  Collect a corpus composed of open innovation literature which also addresses risks.  Use of the risk taxonomy as input to a text mining process in order to discover which factors or dimensions of risk are more emphasized in the OI literature.  Evaluate the obtained results.

A Risk Management based Taxonomy
Considering international standards on entrepreneurial management process risk and project management professional practices, namely, ISO 21500, ISO 31000 and PMI global standards PMBOK®Guide, a reference risk management structure can be organized as a taxonomy as illustrated in Fig. 1. This taxonomy identifies main risk management processes and sub-processes and associated risk tools. An aspect on this taxonomy which will be mentioned recurrently consists of the positive and negative aspects of risk.  This taxonomy shows that risk management includes two principal dimensions, namely, assessment and treatment, and that each dimension is also split in more granular aspects. For instance, risk assessment, on the left side of the figure, requires the identification of the source events and consequences. An example of a risk assessment method which addresses these aspects is the Failure Mode and Effects Analysis. The risk management taxonomy is an input for the next step of our analysis of the literature concerning OI.

The Text Mining Process
Much of the available information is an unstructured format, like the many documents that are written in natural language. But, this information holds valuable knowledge, which may become reusable if transformed by some process into a more structured format, allowing knowledge extraction. This process is called Text Mining [30].
A Text Mining process (TMP) can in general be used, for example, in the initial stages of a literature review, allowing identifying which documents are associated with topics of interest [31]. It can also be used in the extraction or discovery of knowledge that can be used, for instance, in the construction of ontologies [32]. In the context of our work, TMP is used to examine OI documents for the discovery of the more relevant risk dimensions.
Developing the Text Mining Process. A TMP follows a number of steps in which a specific technique is applied on a set of documents, usually named as corpus. A variety of such techniques are available and well established [30], [31]. Therefore, our TMP starts by preparing a corpus composed of literature related to OI and which also addresses risk. The whole text mining process is shown in Fig. 2.
As shown in the figure, the collected corpus in fed to TMP at the beginning of the process, in which the contents of each document is extracted. Each document is then split into individual sentences (those that can be split by '.', '?', '!', and so on). Then each sentence is decomposed into individual words, in a step usually named as tokenization. Each word is then subject to a lemmatization operation. After that, each word that is not in the dictionary is removed from each sentence. The next process is to eliminate words that have no meaning from the point of view of Text Mining, which is usually described as "stop words" [31]. After that, some words that are considered useless from the point of view of risk in OI are eliminated (actually, we did not use this feature, but reserved it for later use).

Fig. 2.
Representation of the text mining process.
The next step consists in the statistical analysis of the words from each document and each sentence. This step provides two Term Frequency (TF) tables, one that accounts the frequency of each word in a document and another that accounts the frequency of each word in a sentence. Our approach to account words frequency within each sentence, instead of within the same document, was inspired in [33], which allows increasing the granularity of the knowledge extraction process. For example, it has more meaning that two terms, e.g. "risk" and "management", appear in the same sentence than in separate sentences of a document. Another approach to account associated terms is to use n-grams [34].
Many text mining methods also perform an adjustment to attenuate the importance level of the most frequent words. That is, if a word appears very frequently across the documents in a corpus, then it is considered a common word, without relevant meaning. Therefore, the relative frequencies TF obtained before are adjusted by a function called Inverse Document Frequency (IDF) [35].
Finally, we proceed to the classification of the risk factors that are present in the risk taxonomy introduced before. The classification process picks each sentence from documents and compares it to keywords present in the taxonomy. Depending on the correspondences between each sentence and the keywords, two vectors u and v are created, one for a sentence and another for the keywords. Each component of the vector is filled with a value which corresponds to ui=TFi*IDFi for vectur u and similarly for vector v. The comparison is made through a similarity function that corresponds to the determination of the cosine between the vectors of sentence u and keywords v using equation 1 [31].
After these steps, the last block of the TMP, the query mechanism, allows the user to input queries using the Prolog language (in our implementation). The results of a query are written to CSV files, which are then used to create charts allowing a better visualization of the answers provided by the query mechanism, as illustrated in the next section.
The whole process supported by an implementation in the JAVA language. A number of third party components were also used, such as API for reading the contents of PDF documents [36].

Exploratory Phase
In this section, we provide the results of the exploratory work concerning risk in OI. The discovery of risk aspects in OI may provide better results if we rely on a comprehensive exploratory approach divided into two complementary parts, and afterwards, synergistically combine them. These two lenses of analysis will allow reaching a deeper comprehensive understanding on the OI logic as well as of its relation with risk.
In the first part, we aim to obtain information regarding perception of risks in OI from participants in OI projects, namely from managers and engineers. This empirical research includes the construction of interviews scripts and in-locu observation. The targeted experts have deep experience and understanding on OI, but do not usually disseminate their knowledge, that is, they rarely publish papers. The viable way to obtain empirical knowledge from them consists of targeted interviews.
In a second part, we aim to obtain information regarding risk in OI from researchers who work in the scientific and academic fields. With some exceptions, these researchers do not usually participate directly in OI projects, those of an industrial and commercial nature, but are dedicated to the study of the phenomenon and dynamics of OI. These people achieve more aggregated and theoretical knowledge, which they disseminate mainly through the publication of papers. In this case, given the availability of papers which come from these researchers, a practical method to reach that knowledge consists on the utilization of Text Mining.

Interviews to OI Practitioners
During an OI network event in 2015 [37], twelve interviews were conducted with participants in open innovation projects and holding different positions to triangulate the gathered qualitative data. The participants included product development managers, project coordinators, system developers and a CEO.The questions aimed at clarifying the subject of risk in IO projects. According to experts' opinion, the risks and the way they are seen in OI are listed in Table 2.
An example of novel capability (benefit "i.a" in Table 2) is the case of the Brisa/Via-Verde project that focused on moving from a closed to an open electronic toll collection (ETC) system. According to the CEO of the Brisa company, this move resulted in a significate reduction of costs, e.g. one-third decrease in the cost of the system used to electronically identify vehicles based onboard radio frequency identifier; a kind of RFID (Dedicated Short Range Communication -DSRC) antenna. This reduction resulted from a change from a single supplier to a multi-supplier model. The former unique supplier experienced a reduction of its market share to a half when having to face a crescent competition, with obvious benefit to the customer.
As far as risks are concerned, a reported example (risk "i.a" in Table 2) was the taking over of a market position by a start-up involved in an innovation project. The problem was not in the start-up itself but in the lack of clear competing rules in a science and engineering area without clear subcontracting procedures. This demonstrates the need for creating contractual rules to be agreed by all partners in order to avoid similar situations. For product/service organizations a. Potentially fragile competitive advantages considering others may use and adopt shared achievements; b. "Opportunity window" related to novel products or services might be difficult to maintain; c. Core knowledge differentiation might be blurred considering competitors run on concurrency; d. Increases the risk of markets being occupied by competitors that worked and got competencies in common OI projects.
Open-innovation potential benefits: i. For user-organizations a. Novel capabilities based on the network effect, considering the potential to develop competing product/service organizations; b. Potential cost reductions of required resources, products or services supporting innovation processes; c. Potential reduction of dependency paths namely those associated with vendor lock-in situations [16]. ii.
For product/service organizations a. Provides easier access to competencies; b. Promotes a faster convergence to normalized (generally adopted) processes and technologies; c. Potential decrease of production costs induced by faster generalization and normalization trends; d. Faster network effects for known and novel products and services; e. Reduction of dependency on workers with specific competencies; f. Substitution of developers is easier considering that competencies tend to become normalized and widespread.

Using the Text Mining Process
The TMP described in the previous section was applied to a set of OI documents, the corpus, mentioned before. The objective is to find out which risk dimensions are most mentioned in these documents. For that, we proceeded as follows:  Using Google Scholar, search for articles that contain "open" and "innovation" in their title and that also mention the term "risk" in their contents. o We collected the first 110 PDF documents.  Perform the TMP steps in these documents, namely splitting the documents in their corresponding sentences. Furthermore, each sentence was subjected to tokenization and remaining operations described before. o We obtained 35 535 sentences with 10103 distinct words.  The words in the sentences were subjected to frequency determination.
o Document-term frequency (DTF) tables were obtained, one for the documents and one for the sentences.  Using the DTF table and the risk factors presented before, each sentence was transformed into vectors.  The keywords from the risk taxonomy were also transformed into vectors.  Using the cosine similarity indicator, each sentence vector was compared with the keywords vector, using the similarity function (equation 1).  A table was generated comprising each risk factor and the frequency they appear in the documents, according to the similarity result.  A risk factor frequency was increased whenever cosine provides a value above a 0.9 threshold.
The result of this process is illustrated in Fig. 3, which presents the risk factors that are more frequently mentioned in the OI literature. As illustrated, "risk management" seems to be highlighted in the literature as an important aspect of OI. This confirms our intuition that if OI projects occur with a high level of failures, as mentioned before, then adequate risk management strategies must be adopted for the sake of sustainability. The sustainability aspect might be partially achieved through risk sharing which, according to the TMP results, is the second most identified factor in the literature. Perhaps entrepreneurs are also adopting OI as a way to share and mitigate these risks. The other aspects also identified refer to the analysis of risks, their effects, and eventual acceptance or avoidance, which point towards some risk assessment approach, such as Failure Mode and Effect Analysis (FMEA) [38]. The utilization of FMEA in OI is illustrated in [18].

Results Discussion
As mentioned, the exploratory phase was split in two parts, performed using two complementary approaches. One was based on interviews with OI practitioners to obtain their empirical knowledge regarding OI risks. The other approach was based on the extraction of the knowledge using Text Mining on the literature provided by OI researchers.
Regarding interviews, the posterior compilation and interpretation of the various answers allowed a more specific perspective of risk in OI, as shown in Table 2. Although still preliminary, we can consider a classification framework based on risks versus benefits dimensions. Inside each dimension, the underlying factors were grouped in terms of organizational or product (or service) related ones. Furthermore, the consideration of risks versus benefits seems slightly similar to the positive versus negative risks specified in the Risk Management standard.
During the second part, the TMP allowed to highlight the risk dimensions which appeared more frequently in the OI literature. In this part, a risk management taxonomy was given a priory, which contrasts with the previous part, in which a preliminary classification framework was obtained a posteriori. The results collected from the TMP are of statistical nature. Based on the frequency of occurrences, we could infer risk management and risk sharing as important aspects related to failures in OI projects.
After this exploratory phase, a question that remains is whether OI projects can be considered just projects. If yes, then Risk Management standards may be adequate to manage risk in OI. On the other hand, risk management might not be suitable to deal with the specific risks of OI, such as the ones related to collaboration, openness, and know-how sharing aspects. A possible approach which might help clarifying these questions consists on synergistically combining the results from the two parts. For the first part, additional questions that focus on the more frequent dimensions, which surfaced during the TMP part, can be formulated. For the second part, the combination of both results may enable the synthesis of a risk taxonomy more suitable for OI.

Conclusions
This work involved an exploratory analysis of risk in open innovation. Initially, we came across that innovation projects are characterized by their high number of failures being thus necessary to rely on risk management techniques for sustainability.
On the other hand, risk literature in OI seems to be scarce, which is an aspect at odds considering a projected failure rate of OI projects. Therefore, to have a concrete perspective of risk in OI, two complementary activities were carried out during our research. The first one comprised interviews with experts in open innovation, which were performed during an OI workshop. The other activity consisted of the application of a Text Mining process aimed at identifying the risk factors which are highlighted in open innovation literature. Risk management and risk sharing were the more highlighted aspects by the Text Mining Process.
As for future work, we intend to perform a deeper analysis of risk factors in OI using complementary approaches like, for instance, Opinion Mining or Sentiment Analysis.