IT risk management: interrelationships based on strategy implementation

Purpose Risk management is an under-explored topic in information systems (IS) research that involves complex and interrelated activities. Consequently, the authors explore the importance of interrelated activities by examining how the maturity of one type of information technology risk management (ITRM) practice is influenced by the maturity of other types of ITRM practices. The purpose of this paper is to explore these relationships, the authors develop a model based on organizational strategy implementation theory and the COBIT framework. The model identifies four types of ITRM practices, namely, IT governance (ITG); communications; operations; and monitoring. Design/methodology/approach The authors use a survey methodology to collect data on senior information technology (IT) executives' perceptions on ITRM practices. The authors use an exploratory factor analysis (EFA) to identify four dimensions of ITR M practices and conduct a structural equation model to observe the associations. Findings The survey of senior IT executives' perceptions suggests that the maturity of ITRM practices related to ITG, communications and monitoring positively influence the maturity of operations-related ITRM practices. Further, the maturity of communications-related ITRM practices mediates the relationship between ITG and operations-related ITRM practices. The aggregate results demonstrate the inter-relatedness of ITRM practices and highlight the importance of taking a holistic view of ITRM. Research limitations/implications Given the content and complexity of the study, it is difficult to obtain senior executives’ responses in large firms. Therefore, this study did not use a separate sample to conduct the EFA to obtain the underlying four constructs. Also, the ITRM practices identified are perceptions. Even though the authors consider this to be a limitation, it also communicates the pressing areas that senior IT professionals are expected to focus given various external and internal pressures. This study focuses on large firms, hence, small to midsize firms are not well represented. Practical implications Given the demanding regulatory and financial reporting requirements and the complexity of IT, there is an increasing possibility that the accounting profession will require IT professionals to focus on operations-related ITRM practices, such as security, availability and confidentially of data and IS are closely related to internal controls. However, as this study demonstrates, the maturity of operations-related ITRM practices cannot be achieved by focusing solely on operations-related IT risks. Therefore, IT practitioners can use this study to raise awareness of the complex interrelationships among ITRM practices among managers to improve the overall ITRM practices in a firm. Social implications The study also shows the importance of establishing proper communication channels among various business functions with regard to ITRM. Extant IT research identifies the importance of the firm’s communication structure on various firm performance measures. For example, Krotov (2015) mentions the importance of communication in improving trust between the Chief Executive Officer and Chief Financial Officer. Firms with established communication channels have the necessary medium to educate and involve other departments with regard to the security of data. Thus, such firms are more likely to have mature risk management practices because of increased awareness of risks and preventive techniques. Originality/value The study contributes to ITG and risk management literature by identifying the role of monitoring-related ITRM practices on improving other areas of risk management. The study also extends the existing ITRM literature by providing an organizational strategy perspective to ITRM practices and showing how ITRM practices follow organizational strategy implementation. Further, the authors identify four underlying ITRM categories. Consequently, researchers could choose between two factors (Vincent et al., 2017) or four factors based on the level of detail required for the particular study.

Download Full-text

Green information system integration for environmental performance in organizations

Benchmarking An International Journal ◽

10.1108/bij-05-2018-0142 ◽

2019 ◽

Vol 26 (3) ◽

pp. 1033-1062 ◽

Cited By ~ 9

Author(s):

Bokolo Anthony Jr

Keyword(s):

Environmental Performance ◽

Information Diffusion ◽

Organizational Strategy ◽

Equation Modeling ◽

It Infrastructure ◽

It Professionals ◽

Green Is ◽

Content Type ◽

Institutional Pressure ◽

It Executives

PurposeThe purpose of this paper is to develop an eccentric model to examine the factors that influence environmental performance in organizations based on belief–action–outcome framework and natural resource-based view theory.Design/methodology/approachData were collected by employing online survey from respondents in organizations to statistically test the eccentric model and its associated hypotheses. Partial least squares–structural equation modeling and Statistical Package for Social Sciences were utilized to analyze the survey data.FindingsThe results show that information technology (IT) professionals and IT executives’ behavior positively influences environmental performance. Further results suggest that the belief of IT professionals and IT executives is significantly influenced by the action of IT infrastructure, institutional pressure, organizational strategy and information diffusion. In addition, results reveal that the action of IT infrastructure, institutional pressure, organizational strategy and information diffusion in organizations significantly has an impact on the outcome of environmental performance. Moreover, results indicate that green information systems (IS) for pollution prevention, product stewardship and clean development initiatives adopted positively influence the environmental performance of organizations.Research limitations/implicationsThe developed eccentric model further shows how green IS practice integration can improve environmental performance. However, the selected respondents are from a single country as such findings from this study cannot be generalized to other countries.Practical implicationsPractically, this paper has implications for the capability of IS to promote environmental performance in organizations.Social implicationsThis study provides a pertinent contribution in developing and validating an eccentric model for green IS adoption. Besides, a survey instrument is developed that can be used by future studies.Originality/valueThe developed model helps to explore the factors that influence environmental performance and also the outcomes of green IS adoption for environmental performance. Accordingly, IT professionals and IT executives can draw upon the eccentric model in assessing their current environmental-friendly practice for the effective initialization of green IS for corporate value.

Download Full-text

The moderating effect of operator type: the impact of information technology (IT) expenditures on hotels’ operating performance

International Journal of Contemporary Hospitality Management ◽

10.1108/ijchm-09-2019-0753 ◽

2020 ◽

Vol 32 (8) ◽

pp. 2519-2541

Author(s):

Nan Hua ◽

Arthur Huang ◽

Marcos Medeiros ◽

Agnes DeFranco

Keyword(s):

Information Technology ◽

Operating Performance ◽

Moderating Effect ◽

Holistic View ◽

Content Type ◽

Operating Income ◽

Operator Type ◽

Research Outcome ◽

The Impact ◽

The Relationship

Purpose This study aims to examine how operator type moderates the relationship between hotel information technology (IT) expenditures and operating performance. Design/methodology/approach By adapting and extending O’Neill et al.’s (2008) and Hua et al.’s (2015) research, this study constructed an empirical model and tested proposed hypotheses, with Newey and West (1994) errors computed to accommodate potential heteroscedasticity and autocorrelation issues. Findings Operator type moderates the impact of hotel IT expenditures on operating performance. In particular, it appears that the operator type of franchising exerts a stronger moderating effect compared with other operator types explored. Practical implications This study, as the first of its kind, shows that the choice of operator type shapes how a hotel can effectively use IT expenditures to improve operating performance. This finding can be beneficial for hotel owners when making operator type decisions. In addition, operator type moderates the direct impact of IT expenditures on revenues and gross operating income. This study’s results show that franchised hotels seem to use IT expenditures more effectively compared with independently owned hotels. Originality/value This study contributes both theoretically and practically to understand how operator type moderates the relationship between IT expenditures and hotel performance. The research outcome provides a more holistic view that governs the relationships between IT expenditures, operator type and operating performance.

Download Full-text

A conceptual framework

Management of Environmental Quality An International Journal ◽

10.1108/meq-09-2019-0187 ◽

2019 ◽

Vol 31 (2) ◽

pp. 331-347 ◽

Cited By ~ 4

Author(s):

George Kofi Amoako

Keyword(s):

Competitive Advantage ◽

Conceptual Model ◽

Future Study ◽

Implementation Strategies ◽

Strategy Implementation ◽

Sustainable Competitive Advantage ◽

Holistic View ◽

Content Type ◽

Effective Implementation ◽

Environmental Activities

Purpose The purpose of this paper is to explore the possible effects of corporate environmental activities on sustainable competitive advantage through the mediation of leadership factors and effective implementation strategies. Design/methodology/approach The work is essentially non-empirical review of the literature with the development of a conceptual model which can be tested in a later study. Findings The study proposes that corporate environmental activities can give firms competitive advantage. The studies also propose that stakeholders can act as pressure thereby moderating the relationship between corporate environmental activities and sustainable competitive advantage. Leadership factors and effective implementation affect competitive advantage. Research limitations/implications This study has a few limitations that must be considered and could provide guidance for future study; as this study does not address customers point of view, future study could help in the investigation in order to get a holistic view. Moreover, the study is based on the literature, and the conceptual model has not been tested. Practical implications The study proposes that good leadership and effectiveness in strategy implementation can make corporate environmental activities lead to sustainable competitive advantage. The findings of the study provide managers of firms with a possible tool in creating sustainable competitive advantage. Originality/value Despite the rapid growth in research on environmental issues in corporate world, limited studies have been conducted on how leadership factors and effectiveness of strategy implementation can influence how corporate environmental activities affect competitiveness of firms. This study makes an original contribution by proposing strategies for sustainable competitive advantage through the instrumentality of corporate environmental decisions.

Download Full-text

Alignment of Business Strategy and Information Technology Considering Information Technology Governance, Project Portfolio Control, and Risk Management

Global Business Expansion ◽

10.4018/978-1-5225-5481-3.ch040 ◽

2018 ◽

pp. 898-916

Author(s):

Vincent Kobina Ahene Parry ◽

Mary L Lind

Keyword(s):

Information Technology ◽

Risk Management ◽

Significant Relationship ◽

Business Strategy ◽

It Governance ◽

Project Portfolio ◽

It Alignment ◽

Information Technology Governance ◽

It Executives ◽

The Relationship

Information technology (IT) governance is an important component in developing an overall business and IT strategy. Factors to consider in the IT governance and strategy relationship are project portfolio control, risk management. Using a quantitative survey of 201 IT executives a significant relationship was shown between effective IT governance and project portfolio control and risk management. However, the results of the study did not support a significant relationship between effective IT governance and business/IT alignment. Ultimately, this study helped to shed light on the relationship between effective IT governance and project portfolio control as well as provided support to the existing literature on the relationship between effective IT governance and risk.

Download Full-text

Strategy communication and transition dynamics amongst managers: a public sector organization perspective

Management Decision ◽

10.1108/md-11-2019-1589 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Demola Obembe ◽

Jarrah Al Mansour ◽

Oluwaseun Kolade

Keyword(s):

Social Practice ◽

Single Case ◽

Strategy Implementation ◽

Middle Level ◽

Organizational Strategy ◽

Structured Interviews ◽

Strategy Formulation ◽

Dynamic Interactions ◽

Critical Determinant ◽

Content Type

PurposeThe purpose of this paper is to build on the research-supported view that interactions between top and middle management enhances effective implementation of organizational strategies by exploring the role of internal actors in driving organizational strategy at the intersection between strategy formulation and strategy implementation.Design/methodology/approachAdopting a social practice perspective, we undertook semi-structured interviews of 27 top and middle level managers drawn from a single case organization. Data collected were analysed using thematic analysis.FindingsDifferences in managerial perception of strategy has significant impact on implementation of strategic decisions as well as creating tensions in recursive communication practices between internal social actors. Furthermore, individual perceptions cannot only limit the extent of strategy awareness amongst key actors, the manifestations through social interaction between top and middle managers is a critical determinant of effective communication and realization of organizational strategy.Originality/valueThe research contributes to the strategy process and practice literature by exploring the dynamic interactions taking place at the intersections of strategy formulation-implementation phases of organizational strategy. It particularly highlights practical issues in top and middle manager interactions and implications for successful strategy implementation.

Download Full-text

Alignment of Business Strategy and Information Technology Considering Information Technology Governance, Project Portfolio Control, and Risk Management

International Journal of Information Technology Project Management ◽

10.4018/ijitpm.2016100102 ◽

2016 ◽

Vol 7 (4) ◽

pp. 21-37 ◽

Cited By ~ 5

Author(s):

Vincent Kobina Ahene Parry ◽

Mary L Lind

Keyword(s):

Information Technology ◽

Risk Management ◽

Significant Relationship ◽

Business Strategy ◽

It Governance ◽

Project Portfolio ◽

It Alignment ◽

Technology Governance ◽

It Executives ◽

The Relationship

Download Full-text

The Six Sigma framework improves the awareness and management of supply-chain risk

The TQM Journal ◽

10.1108/tqm-04-2019-0120 ◽

2020 ◽

Vol 32 (5) ◽

pp. 1021-1037

Author(s):

Roy Andersson ◽

Yinef Pardillo-Baez

Keyword(s):

Risk Management ◽

Supply Chain ◽

Supply Chains ◽

Six Sigma ◽

Lean Six Sigma ◽

Supply Chain Risk ◽

Holistic View ◽

Content Type ◽

Management Culture ◽

Training Structure

PurposeModern supply chains are at risk as a result of increasing disturbance. The use of Lean and Six Sigma’'s values, methods and tools can be one option to analyze, prevent and mitigate risks. The purpose of this study is to investigate whether a combined Lean Six Sigma philosophy can support the awareness and management of supply-chain risk.Design/methodology/approachThe methodology followed in the study is based on a literature review and multiple case study, performed by means of qualitative methods of data collection, such as observations on-site, face-to-face interviews and document analysis. Case selection includes the results of research conducted in seven large Swedish companies.FindingsIt has been indicated that Lean and Six Sigma values, methods and tools can be very effective in companies’ efforts to control the supply-chain risks and that they improve the companies’ ability to handle variability and risk management. Lean Six Sigma supports a risk-management culture in the focal companies, but they must involve customers and companies in the supply chain if they wish to create a risk-management culture in the entire supply chain. In order to do this, they can use the Six Sigma training structure, but they need to include more risk tools and methods developed for the supply chain management. It has also been indicated in the literature that if more people involve in 6S projects, the financial results will be better, and the innovation of processes will increase.Research limitations/implicationsThese include suggestions for how the companies can use the Six sigma training structure to collaborate in the supply chain.Practical implicationsThis study gives practical suggestions for how the companies in supply chain can collaborate and use the Six Sigma training structure for creating a more holistic view of supply chain, which also decrease risks in supply chain.Originality/valueThis study indicates that Lean Six Sigma supports risk awareness and management in the focal companies of the supply chains, which improves companies’ ability to handle variability and risk management. It has also been demonstrated that the companies should use the Six Sigma framework, especially training, as a foundation, and they should create common projects for better collaboration in the supply chain, which will decrease the risks in the entire supply chain.

Download Full-text

Integrating value-focused thinking and FITradeoff to support information technology outsourcing decisions

Management Decision ◽

10.1108/md-09-2019-1293 ◽

2020 ◽

Vol 58 (11) ◽

pp. 2279-2304 ◽

Cited By ~ 2

Author(s):

Thiago Poleto ◽

Thárcylla Rebecca Negreiros Clemente ◽

Ana Paula Henriques de Gusmão ◽

Maisa Mendonça Silva ◽

Ana Paula Cabral Seixas Costa

Keyword(s):

Information Technology ◽

Organizational Performance ◽

Partial Information ◽

Critical Factor ◽

It Services ◽

Problem Structuring ◽

Holistic View ◽

Content Type ◽

Value Focused Thinking ◽

Multicriteria Method

PurposeThe information technology (IT) outsourcing (ITO) decision is a key issue in strategic and operational management and is considered a main critical factor influencing successful organizational performance and technology assessment. The purpose of this paper is to propose a framework combining value-focused thinking (VFT) methodology and the FITradeoff method to support decisions regarding ITO.Design/methodology/approachThis study answers the following questions: How to identify, in a structured way, the objectives that should be considered in an ITO decision process in a changing environment? How to identify new IT services to be outsourced from the established objectives? The VFT method is recommended in this case to structure and model the problem. Moreover, the FITradeoff multicriteria method was considered in this study to support the evaluation and prioritization of IT services in an ITO decisionFindingsThe framework provides promising results for ITO decisions. This study revealed that a lack of strategic and fundamental objectives is a critical issue in making ITO decisions. Although the VFT methodology is subjective in nature, it promotes a better understanding of goals and values, and FITradeoff allows the decision-maker to make comparisons of consequences based on his/her preferences.Research limitations/implicationsThe recommendations of the study are restricted to the case study and cannot be generalized. In addition, applying the method requires attention in determining the criteria used for outsourcing IT.Practical implicationsThe strategic analysis of ITO provides a holistic view of the current situation since (i) the VFT methodology enables the IT manager to generate new alternatives to assist future decisions and (ii) FITradeoff has been demonstrated as a suitable option to evaluate ITO decisions.Originality/valueTo the best of our knowledge, this is the first paper to utilize a problem structuring method (VFT) to identify criteria and alternatives based on the organizational values and objectives. This is integrated with a multicriteria method that uses partial information and may consequently lead to fewer inconsistencies (FITradeoff) in the context of ITO.

Download Full-text

Strategy Implementation

E-Business Strategy, Sourcing and Governance ◽

10.4018/978-1-59904-004-2.ch006 ◽

2006 ◽

pp. 126-139

Author(s):

Petter Gottschalk

Keyword(s):

Information Technology ◽

Organizational Performance ◽

Critical Role ◽

Strategy Implementation ◽

It Investments ◽

Business Executives ◽

New Information ◽

It Planning ◽

It Executives ◽

The Impact

Stages 6 and 7 cover strategy implementation in the Y model. While stage 6 is concerned with implementing the plan and describing results, stage 7 is concerned with evaluating results as illustrated in Figure 6.1. The creation of IS/IT strategy has become a major challenge to business executives and IS/IT executives in recent years. Investments in information technology have been large, and many failed investments reflect this challenge. The impact of IT on organizational performance has grown in strategic importance, and thus the significance of failed IT investments is even greater. Information processing and information technology are becoming critical to many business and government operations, and the technology itself is changing at a rapid rate. New information technology will continue to transform organizations, and changes in how industry participants use IT can alter established relationships in an industry. Strategic IS/IT planning can play a critical role in helping organizations to increase efficiency, effectiveness and competitiveness. Although organizations use different methods in their analysis of current and desired situation, the resulting plans are to be implemented.

Download Full-text

Information technology and risk management in supply chains

International Journal of Physical Distribution & Logistics Management ◽

10.1108/ijpdlm-04-2019-0119 ◽

2020 ◽

Vol 50 (2) ◽

pp. 233-254

Author(s):

Diana Fischer-Preßler ◽

Kathrin Eismann ◽

Rafael Pietrowski ◽

Kai Fischbach ◽

Detlef Schoder

Keyword(s):

Information Technology ◽

Risk Management ◽

Supply Chain ◽

Risk Identification ◽

Future Research ◽

Supply Chain Risk ◽

Content Type ◽

Disruption Risk ◽

Role Of It

PurposeThis paper reviews and classifies research connecting supply chain risk management (SCRM) and information technology (IT) and derives a structured proposal for fruitful research directions.Design/methodology/approachThe authors conducted a systematic literature review of the interplay of SCRM and IT, drawing from major journals in the relevant fields. These findings are enriched by experiences from a three-year international research project.FindingsCurrent research focuses on the role of IT for risk reduction, rather than for risk identification, analysis and monitoring. While much research has investigated operational supply chain risk, fewer insights into disruption risk are available. There is little research on the role of IT in SCRM beyond its potential to enhance information sharing among supply chain partners. To address these gaps, the paper proposes a two-dimensional framework to categorize IT potential for SCRM according to the source and impact of disruption risk on physical supply chain flows, which suggests promising directions for future research.Originality/valueThe paper offers a systematic review to further our understanding of the relationship of SCRM and IT. In addition, it presents and discusses nine areas for further research aimed at mitigating the gaps identified at the intersection of SCRM and IT.

Download Full-text