IT managers’ vs. IT auditors’ perceptions of risks: An actor–observer asymmetry perspective

With the growing role of information technology (IT), many organizations struggle with IT-related risks. Both IT managers and IT auditors are involved in assessing, monitoring, and reporting IT risks, but this does not necessarily mean that they share the same views. In this study, we draw upon the actor–observer asymmetry perspective to understand differences in IT managers’ vs. IT auditors’ perceptions of risks. Through a quasi-experiment with 76 employees of a financial institution, we found that IT managers and IT auditors showed the expected actor–observer differences. Implications for both research and practice are discussed.     

Factors contributing to IT industry success in developing countries: The case of Thailand

A stream of research exists that explores a country's information technology (IT) industry success. The theoretical model used in these studies is primarily focused on small developed countries. We contend that the factors that contribute to IT industry success in developing countries are likely to differ somewhat from those that play a role in small developed countries. Research to date on IT industry success has neglected developing countries. This study therefore presents an alternative IT industry success model for developing countries. It adapts Ein-dor, Myers, and Raman's (1997) model in developing such a conceptual model. The adapted framework is then applied in a study of IT industry in a developing country—Thailand. We found IT-related foreign direct investment to be vital to IT industry success in Thailand. Unlike findings from earlier studies on small developed countries, geographical location and to a lesser extent government investment promotion policies are also important to IT industry success in a developing country. These findings support the view that there are differences in the factors that affect IT industry success in developed and developing countries. Implications for research and practice are discussed. © 2005 Wiley Periodicals, Inc.     

Effektives Steuern von IT-Outsourcingdienstleistern

IT executives entering into information technology (IT) outsourcing arrangements seek various strategic, economic, and technological benefits. However, although several cases of IT outsourcing are considered successful, cases of failure can also be observed. Problems and challenges associated with IT outsourcing often not only relate to the strategic decision whether or not to outsource, but to the operational level as well. Especially organizations with little experience of implementing larger IT outsourcing programs face problems with the steering of external outsourcing providers. In this paper, we propose a reference framework that structures the required processes for an effective steering of IT outsourcing relationships. The research is based on the design science paradigm in information systems research. In a first step, we derive a framework from related literature and knowledge in this particular area. We then undertake extensive fieldwork, including expert interviews and field studies to evaluate our framework and to develop it further. The suggested framework proves to be a viable instrument to support the systematic analysis of current processes and the definition of suitable target processes for the steering of IT outsourcing programs. This paper??s primary contribution therefore lies in providing an applicable instrument for practitioners as well as in extending the existing body of knowledge on IT outsourcing governance.     

An extended platform logic perspective of IT governance: managing perceptions and activities of IT

Over the years, Information Technology (IT) has struggled with how to create an effective structure and processes. It is our main thesis that if organizations focused more on implementing a sound IT governance strategy, it might help senior executives to manage not only the IT-related activities, but also the perceptions between IT and the rest of the organization, and, in doing so, foster a more successful IT organization. Using six case studies conducted within the oil and gas industry, we explore differences in perceptions toward IT and in the organization of IT activities. Using an Extended Platform Logic Perspective, we note differences and similarities between the firms, with respect to IT capabilities, relational and integration mechanisms, measures of success, and relationships with the business units. Our results suggest that our colleagues-in-practice have evolved from focusing on one-way architectures within a centralization/decentralization context toward a two-way relationship-oriented approach to managing the IT structure. We conclude by offering some thoughts on how IT executives can help to shape perceptions of IT within their firms and explore how academics can begin to help our colleagues-in-practice as they struggle with the governance of the IT function.     

Game content creation and it proficiency: An exploratory study

Computer and video gaming are often considered to be potential routes to the development of aptitude and interest in using other forms of information technology (IT). The purpose of this exploratory study was to determine the extent to which young people who play games engage in related IT practices, such as creating and sharing content or creating fan sites. Additional goals were to identify differences in such practices according to grade level, gender, and access to IT-related resources in the home, as well as to explore relationships between engagement in game-related practices and perceived proficiency in general computer-related skills.     

SOA in practice – a study of governance aspects

The academic literature on Service Oriented Architecture (SOA) governance is based on theories and assumptions rather than practices, whereas the SOA governance frameworks proposed by Information Technology (IT) vendors are made to suit their products. Research shows that the problems with SOA governance in practice are among the major reasons of SOA failures. An extensive literature review that covers SOA, IT governance and SOA governance has been carried out part of this research. The purpose of this research paper is to increase our understanding of SOA governance and to show which SOA aspects organizations should consider when adopting a SOA governance framework. Based on a literature review, this study first proposes a list of SOA aspects to be considered when implementing SOA governance. By adopting an interpretive research methodology – based on interviews with professionals and practitioners in the fields of IT governance and SOA governance – this research paper examines the importance of these aspects. The results provide a theoretical conceptualization of SOA aspects that can be used to assess SOA governance practices and provide guidance to improve them.     

No time to waste: the role of timing and complementarity of alignment practices in creating business value in IT projects

Despite significant research progress, alignment-related issues are among the top concerns of executives. Previous studies mostly focus on a company-wide strategic level of alignment; while this ‘top-down’ view has benefits, it largely ignores the operational practices that help achieve alignment in IT projects as well as the impact that timing and complementarity of practices have on achieving alignment. In our research we apply four alignment practices – communication, shared understanding, management commitment and IT investment evaluation – to individual IT projects rather than at a company level; specifically, we look at the role of timing and complementarity for these alignment practices throughout different project phases. A detailed analysis of six IT projects carried out at three companies in the telecommunications industry reveals that IT projects creating higher business value employ all four alignment practices immediately from the start. No project was able to recover from failing to establish these four alignment practices in the first phase. While supporting the importance of complementarity of alignment practices, our findings also add the importance of the earliness of this complementarity.     

Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement

Abstract

With any complex project deployment, a clearly understood and reliable infrastructure can only be substantiated through a rational and explicit planning process. This planning process is often described as information technology (IT) governance. Governance-based control infrastructures are valuable and can provide the basis for control over every form of organizational resource. Given the level of sophistication of malicious agents, an information and communication technology management control system with even one hole in it is a business catastrophe waiting to happen. Strong executive sponsorship is the prerequisite for effective IT governance and the proper way to establish information security is to engineer an array of interlocking best practices, from a commonly accepted model of best practice. Organizations must define substantive policies, assign roles and responsibilities, educate employees and describe and enforce accountability. This paper presents an understanding and mastery of five strategic principles of cybersecurity best practices based on the Framework for Improving Critical Infrastructure Cybersecurity (CSF).     

A survey of data processing steering committees

An approach to attempting to plan and control data processing functions is to use a steering committee. The committee composed of user, top management, and data processing representatives, is intended to bring a broad perspective to focus on systems issues.This paper summarizes the results of a survey on data processing steering committees. The empirical results indicate the actual practices of companies in utilizing steering committees. The reasons for implementing the approach structure, and operating processes are presented. Business experience with the success or failure of these committees is evaluated. The results are interpreted within the context of the current steering committee literature and practices.     

How does the application of an IT service innovation affect firm performance? A theoretical framework and empirical analysis on e-commerce

Understanding the effects of IT-related innovations on firm performance is crucial for businesses. Extant research has investigated the implications of IT innovations and provided some important findings, but the varied theoretical approaches have produced results that are often ambiguous: thus there is a need to examine the process further. We attempted to provide a systematic, theoretically informed framework for understanding the conditions that may enhance (or hinder) the potential of IT innovations in a sample of firms. Our model included business and IT resources, both internal and external, that may influence the performance of firms which have applied a pervasive IT service innovation: e-commerce. Our empirical test of the model used a research design that takes into account time-lag effects. The model explained more than half of the variance in the performance of IT innovators and offered several explanations for why some firms succeeded in implementing IT service innovations while others did not. Several theoretical and managerial implications result from these findings.     

Dynamic information technology capability: Concept definition and framework development

In a digital world, information technology (IT) units routinely update their capabilities to cope with changing business requirements and frequent technology releases. Extending the dynamic capabilities literature, this article presents the concept of dynamic IT capability, a multidimensional first-order dynamic capability that enables IT units to assist firms in appropriating business value from IT resources by influencing a set of IT-related ordinary capabilities. Scholars currently lack a dynamic capabilities framework that explains, from an IT unit’s perspective, how IT resources can be acquired, deployed, integrated, and reconfigured to fulfill business objectives. To bridge this research gap, we develop a high-level framework that highlights three constituent components of dynamic IT capability: dynamic digital platform capability, dynamic IT management capability, and dynamic IT knowledge management capability. Through an extensive literature review, we identify and summarize the set of ordinary capabilities that each dynamic IT capability component creates and reconfigures. We then offer guidance on future instrument development. To encourage further exploration of this critical construct, we close by highlighting future avenues for dynamic IT capability research.     

The impact of IT on decision structure and firm performance: evidence from the textile and apparel industry

Clarifying the relationships between information technology (IT), organizational performance, and decision structure remains an important area of inquiry in IS research. Through an empirical analysis and complementary case examples, our study examines these associations among firms operating in the US-based apparel and textile industry from 1992 to 1997. Based on data gathered from 50 public firms located across the USA, the study finds that IT used to enhance internal communication supports a decentralized decision structure, which in turn is associated with higher financial performance. Hence, IT exhibits an indirect performance effect. However, use of IT to enhance communication is also found to have a direct performance effect in large organizations. This paper proposes that use of communication enhancing IT can support organizational learning processes by facilitating flexible exchange of skills and knowledge across functional areas. Case examples are used to illustrate how these learning effects can materialize.     

An Empirical Assessment of IT Governance Transparency: Evidence from Commercial Banking

We have developed an IT governance disclosure framework to examine how firms communicate their IT governance activities. Using this framework for a sample of 200 commercial banking firms, our empirical assessment indicates that differences in the level of disclosure are systematically related to differences in institutional settings. We also find that firms with relatively good corporate governance practices consider IT performance measurement matters to be highly important when informing and communicating with shareholders.     

Exploring IT Governance in Theory and Practice in a Large Multi-National Organisation in Australia

Abstract

IT governance is critical to most organisations and has an influence on the value generated by IT investments. Unfortunately, IT governance is more aspiration than reality in many organisations. This research seeks to address the dearth of empirical evidence about IT governance in practice, presenting the findings of an IT governance case study in an Australian organisation. Recommendations are provided to assist organisations to maximise potential of IT governance and insights are provided for researchers.     

How access gaps interact and shape digital divide: a cognitive investigation

Inequalities in the access to and use of information and communication technologies (ICT) have become an important area of concern for over a decade. Yet, theoretical attempts to understand the dynamics behind shaping these inequalities are scarce. This study draws upon the extent literature on digital divide and explains how the four different access gaps (motivational, material, skills, and usage) interact and contribute to digital divide. Revealed causal mapping (RCM) is utilised to analyse the data collected from eight same-gender focus groups in four primary schools located in Iran. The revealed causal map demonstrates the interaction and linkages between different access gaps. The findings provide a theoretical account of the dynamics behind shaping digital divide and generate insights into extending the concepts of access gaps. We establish a theoretical model that places an emphasis on the centrality of motivational-related factors such as ‘lack of interest in IT-related things’ and ‘lack of motivation to learn recent technology’ as well as skills-related factors such as ‘operating skills’, ‘anti-filtering skills’, and ‘lack of IT background’.     

Effective information technology (IT) governance mechanisms: An IT outsourcing perspective

Effective IT governance will ensure alignment between IT and business goals. Organizations with ineffective IT governance will suffer due to poor performance of IT resources such as inaccurate information quality, inefficient operating costs, runaway IT project and even the demise of its IT department. This study seeks to examine empirically the individual IT governance mechanisms that influence the overall effectiveness of IT governance. Furthermore, this study examines the relationship of effective IT governance, the extent of IT outsourcing decisions within the organizations, and the level of IT Intensity in the organizations. We used structural equation modeling analysis to examine 110 responses from members of ISACA (Information Systems and Audit Control Association) Australia in which their organizations have outsourced their IT functions. Results suggest significant positive relationships between the overall level of effective IT governance and the following mechanisms: the involvement of senior management in IT, the existence of ethic or culture of compliance in IT, and corporate communication systems.     

Case studies of IT sophistication in nursing homes: A mixed method approach to examine communication strategies about pressure ulcer prevention practices

Most nursing homes lack information technology (IT) for supporting clinical work in spite of its potential to improve the safety, quality, and efficiency of nursing home care in the United States. Increased attention to medical error and concern for patient safety have prompted general recommendations to develop sophisticated technologies to support clinical decision making at the point of care, to promote data standards in electronic records, and to develop systems that communicate with each other. However, little is known about what IT applications best support communication and risk assessment practices to improve resident outcomes in nursing homes. Thus, the overall aim of this study was to evaluate how differences in IT sophistication in nursing homes impact communication and use of technology related to skin care and pressure ulcers. We used a mixed method approach to conduct case studies on two nursing homes – one with high IT sophistication and one with low IT sophistication. Observational analysis and social network analysis were used to identify patterns in communication types and locations; also, focus groups were conducted to explore communication strategies used by Certified Nursing Assistants (CNAs) to support pressure ulcer prevention practices. Overall, results from social network analysis of observational data indicate that direct interactions between CNAs and registered nurses (RNs) or licensed practical nurses (LPNs) were more frequent in the low IT sophistication home and occurred in more centralized locations (e.g. the nursing station) compared to the high IT sophistication home. Moreover, these findings are supported by focus group results, which indicate that the high IT sophistication home had more robust and integrated communication strategies (both IT and non IT) that may allow for interactions throughout the facility and require less frequent face to face interactions between CNAs and RNs or LPNs to verify orders or report patient status. Results from this study provide insight into the design and assessment of different forms of communication to support clinical work in NHs.Relevance to industryNurses bear great burdens for nursing home care; yet, issues persist with poor quality, variable performance of caregiving, and lack of implementation of proven care interventions. One new hope for improvement in nursing home care is the introduction of IT to improve communication, clinical decision-making, and quality of care.     

Achieving novelty and efficiency in business model design: Striking a balance between IT exploration and exploitation

Digitalization is encouraging an increasing number of firms to design their business models based on information technology (IT) for exploring business opportunities. This study examines the effect of the balance (imbalance) between IT exploration and exploitation on novelty-centered business model design (NBMD) and efficiency-centered business model design (EBMD). Using matched data from the IT-related executive and chief executive officer of 183 firms, this study finds that IT exploration is positively related to NBMD and EBMD and that IT exploitation is positively related to only EBMD. NBMD and EBMD are significantly related to firm performance. Polynomial regression and response surface analysis reveal that NBMD and EBMD first decline and then rise with the increase in the level of balance between IT exploration and exploitation. NBMD declines but EBMD rises with the increase in the level of imbalance between IT exploration and exploitation. This study contributes to the understanding on leveraging IT capability to influence the business model design and firm performance.     

The application of artificial intelligence in auditing: Looking back to the future

ICT-based decision aids are currently making waves in the modern business world simultaneously with increased pressure on auditors to play a more effective role in the governance and control of corporate entities. This paper aims to review the main research efforts and current debates on auditors’ use of artificial intelligent systems, with a view to predicting future directions of research and software development in the area. The paper maps the development process of artificial intelligent systems in auditing in the light of their identified benefits and drawbacks. It also reviews previous research efforts on the use of expert systems and neural networks in auditing and the implications thereof. The synthesis of these previous studies revealed certain research vacuum which future studies in the area could fill. Such areas include matching the benefits of adopting these intelligent agents with their costs, assessing the impact of artificial intelligence on internal control systems’ design and monitoring as well as audit committees’ effectiveness, and implications of using such systems for small and medium audit firms’ operations and survival, audit education, public sector organisations’ audit, auditor independence and audit expectations-performance gap.     

Inter-firm IT governance in power-imbalanced buyer–supplier dyads: exploring how it works and why it lasts

Using a multiple case study design, we investigate the issue of inter-firm IT governance and its impact on information sharing in buyer–supplier dyadic relationships. We interviewed 38 managers of operations, purchasing, and IT in five dyadic relationships, and identified and examined one type of inter-firm IT governance: unilateral IT governance. In this type of IT governance, one party of the dyad dominates the relationship and the decision rights regarding inter-firm IT systems and data sharing. We find that unilateral inter-firm IT governance develops under contract-based and relationship-supplemented inter-firm governance arrangements in which significant power imbalance exists. However, contrary to the prediction of resource dependence theory, power-imbalanced governance can survive and thrive over a long period of time. We find that the inter-firm relational norms and trust that develop between these dyads constrain opportunistic and myopic behaviors in both parties, thus sustaining the seemingly unstable unilateral inter-firm IT governance. We also find that the operational necessity of the buyers and the IT capability of the suppliers are two primary factors that constrain inter-firm information sharing in these dyads. On the basis of these findings, we propose a process model for understanding and managing this type of inter-firm IT governance.