Abstract: With the advantages of advanced technology and low costs, Software as a Service (SaaS) is regarded as a favorable means to facilitate a modern organization’s IT performance and competitiveness. However, many organizations may be still unwilling to employ SaaS mostly due to the concern about the subsequent potential risks. Therefore, an analysis of risk factors has been an important part of the SaaS adoption in decision-making. It utilized Decision Making Trial and Evaluation Laboratory (DEMATEL) approach to define security risk and IT governance risk as two distinct affecting issues so that a causeeffect diagram and a visual SR-GR matrix could be developed respectively for a quantitative analysis of risk factors. The results show that the core of matters of SaaS adoption not only lies in its authentication and authorization, but it is also affected by the Right of IT control. By identifying key influential factors and calculating the index of the combined effects of various factors, it provides practical guidance for SaaS adoption and further exploration of the cause and effect relationship among factors.

Key words: Software as a Service(SaaS)；adoption；decision making trial and evaluation laboratory (DEMATEL)；risk factors