Risk of adopting mission-critical OSS applications: an interpretive case study

2014 ◽  
Vol 34 (4) ◽  
pp. 477-512 ◽  
Author(s):  
Placide Poba-Nzaou ◽  
Louis Raymond ◽  
Bruno Fabi
Keyword(s):  
Risk Management ◽  
Open Source ◽  
Resource Planning ◽  
Adoption Process ◽  
Content Type ◽  
It Risk Management ◽  
Interpretive Case Study ◽  
Mission Critical ◽  
It Risk

Purpose – This study aims to explore the process of open source software (OSS) adoption in small- and medium-sized enterprises (SMEs), and more specifically open source enterprise resource planning (ERP) as a “mission critical” OSS application in manufacturing. It also addresses the fundamental issue of ERP risk management that shapes this process. Design/methodology/approach – The approach is done through an interpretive case study of a small Canadian manufacturer that has adopted an open source ERP system. Findings – Interpreted in the light of the IT risk management, OSS and packaged application adoption literatures, results indicate that the small manufacturer successfully managed the adoption process in a rather intuitive manner, based on one guiding principle and nine practices. In analyzing the data, diffusion of innovation theory appeared to fit rather well with the situation observed and to offer rich insights to explain the mission-critical OSS adoption process. Research limitations/implications – A single case study of successful IT adoption should be eventually counterbalanced by future cases considered to be partial or total failures, using a wider multiple case study approach for comparative purposes. And this should include alternative theoretical interpretations and more detailed empirical work on the extent to which the distinctive features of OSS make its adoption more or less risk-laden. This initial effort should also be followed by further research on mission-critical OSS adoption in contexts other than SMEs (e.g. healthcare organizations) and other than ERP (e.g. customer-relationship management). Practical implications – This research confirms that open source is a credible alternative for SMEs that decide willingly or under external pressure to adopt a mission-critical system such as ERP. Moreover, it suggests that a high level of formalization is not always necessary. Originality/value – The authors argue that rich insights into the dynamics of the mission-critical OSS adoption process can be obtained by framing this process within an IT risk management context.

A probabilistic approach to IT risk management in the Basel regulatory framework

2017 ◽  
Vol 25 (2) ◽  
pp. 176-195 ◽  
Author(s):  
Semir Ibrahimovic ◽  
Ulrik Franke
Keyword(s):  
Risk Management ◽  
Banking Sector ◽  
Operational Risk ◽  
Capital Requirements ◽  
Basel Ii ◽  
Direct Impact ◽  
Content Type ◽  
Operational Risk Management ◽  
It Risk Management ◽  
It Risk

Purpose This paper aims to examine the connection between information system (IS) availability and operational risk losses and the capital requirements. As most businesses today become increasingly dependent on information technology (IT) services for continuous operations, IS availability is becoming more important for most industries. However, the banking sector has particular sector-specific concerns that go beyond the direct and indirect losses resulting from unavailability. According to the first pillar of the Basel II accord, IT outages in the banking sector lead to increased capital requirements and thus create an additional regulatory cost, over and above the direct and indirect costs of an outage. Design/methodology/approach A Bayesian belief network (BBN) with nodes representing causal factors has been used for identification of the factors with the greatest influence on IS availability, thus helping in investment decisions. Findings Using the BBN model for making IS availability-related decisions action (e.g. bringing a causal factor up to the best practice level), organization, according to the presented mapping table, would have less operational risk events related to IS availability. This would have direct impact by decreasing losses, related to those events, as well as to decrease the capital requirements, prescribed by the Basel II accord, for covering operational risk losses. Practical implications An institution using the proposed framework can use the mapping table to see which measures for improving IS availability will have a direct impact on operational risk events, thus improving operational risk management. Originality/value The authors mapped the factors causing unavailability of IS system to the rudimentary IT risk management framework implied by the Basel II regulations and, thus, established an otherwise absent link from the IT availability management to operational risk management according to the Basel II framework.

scholarly journals Do entrepreneurial knowledge and innovative attitude overcome “imperfections” in the innovation process? Insights from SMEs in the UK and Italy

2018 ◽  
Vol 22 (8) ◽  
pp. 1637-1654 ◽  
Author(s):  
Antonio Usai ◽  
Veronica Scuotto ◽  
Alan Murray ◽  
Fabio Fiano ◽  
Luca Dezi
Keyword(s):  
Risk Management ◽  
Knowledge Management ◽  
Asymmetric Information ◽  
Innovation Process ◽  
Comparative Case Study ◽  
Management Process ◽  
Content Type ◽  
Entrepreneurial Knowledge ◽  
The Uk

PurposeEntrepreneurial knowledge spurs innovation and, in turn, generates a competitive advantage. This paper aims to explore if entrepreneurial knowledge combined with the attitude to innovate can overcome the key “imperfections” of the innovation process generated by dynamic, current technological progress in the knowledge-intensive sector. The “imperfections” identified in risk management, asymmetric information in the knowledge management process and hold-up problems can all disrupt collaborative partnerships and limit opportunities for innovation.Design/methodology/approachA theory-building approach is applied which offers a case study analysis of two small- to medium-sized enterprises (SMEs). These two SMEs operate in Europe but in two different territories: the UK and Italy. The study explores three key imperfections, risk management, asymmetric information in the knowledge management process and hold-up problems, which occur in the innovation process.FindingsThe entrepreneurs face these imperfections by adopting an open innovation model. Notwithstanding, both entrepreneurs had to deal with all “imperfections”, and their skills, attributes, attitude and aptitude allowed them to grow their business and continually develop new products. Therefore, the imperfections do not limit the innovative capacity of an entrepreneur but rather enhance their challengeable attitude. In this regard, the case studies induce a further analysis on entrepreneurial knowledge intertwined with entrepreneurial risk management and networking skills.Research limitations/implicationsThe empirical significance of the two cases does not allow theorisation. However, this research offers interesting results which can be strengthened by a comparative case study with other countries or deeper investigation by applying a quantitative approach.Originality/valueBy leveraging entrepreneurial knowledge, the imperfections noted in the innovation process can be overcome. Entrepreneurial knowledge is recognised as the main asset of an enterprise if it is combined with external talent or human resources. Entrepreneurs aim to develop innovative approaches and ideas through establishing both formal and informal collaborative partnership relationships which are used thanks to the entrepreneurs’ networking skills, knowledge and abilities.

Digital innovation in context

2019 ◽  
Vol 32 (3) ◽  
pp. 696-714 ◽  
Author(s):  
Daniel Nylén ◽  
Jonny Holmström
Keyword(s):  
Centralized Control ◽  
Church Of Sweden ◽  
Advertising Agency ◽  
Digital Innovation ◽  
Content Type ◽  
Organizational Settings ◽  
Interpretive Case Study ◽  
Traditional Organization

Purpose The purpose of this paper is to investigate how digital innovation processes emerge and evolve in organizational settings, and how serendipitous and unbounded digital innovations affect organizations’ overall digital directions. Design/methodology/approach The authors draw on an interpretive case study of the Church of Sweden, tracing in detail the design, deployment and governance of an interactive website for digital prayer, the Prayer Web (PW). Findings The findings show how the site came about in a serendipitous manner, created by an advertising agency as part of a marketing campaign. In turn, the unbounded nature of digital innovation was revealed as the wide and rapid adoption of the PW raised issues concerning the church’s overall digital direction linked to centralized control, as well as the nature and role of pastors, prayer and communities, as the site allowed people to post prayers and spread their messages (initially with no moderation). Originality/value The authors explore the serendipitous and unbounded ways in which digital innovation emerged and evolved in a traditional organization with a long legacy as an important societal institution. The paper contributes by generating rich insights on the role of the distinct aspects of digital technology in serendipitous and unbounded digital innovation. It particularly highlights how the editability and reprogrammability of digital artifacts triggered unexpected new behaviors and governance requirements in the organization under study. The authors encourage further research into the interrelationship between multiple unbounded and serendipitous digital innovations in an organization over time.

Institutional logics and risk management practices in government entities: evidence from Saudi Arabia

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Peter Murr ◽  
Nieves Carrera
Keyword(s):  
Risk Management ◽  
Saudi Arabia ◽  
Management Practices ◽  
Single Case ◽  
Institutional Logics ◽  
Content Type ◽  
Traditional Logic ◽  
Adoption And Implementation ◽  
The Government

Purpose This study aims to understand how institutional logics influence the adoption and implementation of risk management (RM) practices by government entities in a non-western, developing country. Design/methodology/approach This study draws on the institutional logics perspective (ILP) to analyze a case study of a government entity in Saudi Arabia. Data were obtained from semi-structured interviews, observations and documentary evidence. Findings Findings suggest that the adoption and implementation of RM projects by Saudi governmental agencies was rooted in a traditional logic, even though the catalyst of the government for adopting a RM culture across government agencies was framed within a reform program inspired by a modernization logic. In the entity under investigation, the RM project led to an unstable situation where actors were confronted with these two competing logics. Although the project used manifestations of a modernization logic, the actions of individuals within the organization were embedded in a traditional logic. Research limitations/implications The study is based on a single case study in a specific country, limiting the generalizability of the findings. Originality/value This study provides novel evidence of the adoption and implementation of RM in governmental entities in a developing, non-western, country using ILP. Doing so enhances our knowledge about how managers struggle with competing institutional logics in an underexplored setting and enriches current accounts of key drivers and barriers of RM. It also addresses calls for a deeper understanding of the logics and managerial practices interplay in the public sector.

Board and Management-Level Factors Affecting the Maturity of IT Risk Management Practices

2018 ◽  
Vol 33 (3) ◽  
pp. 117-135
Author(s):  
Nishani Edirisinghe Vincent ◽  
Julia L. Higgs ◽  
Robert E. Pinsker
Keyword(s):  
Risk Management ◽  
Internal Control ◽  
Management Practices ◽  
Factors Affecting ◽  
Management Level ◽  
It Risk Management ◽  
Top Managers ◽  
Risk Oversight ◽  
The Impact ◽  
It Risk

ABSTRACT The Securities and Exchange Commission's 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations' (COSO) Internal Control Framework have caused organizations to increase their focus on risk management and consider the impact of information technology (IT) in enterprise risk management. Our study examines whether board involvement, board expertise, and top management's risk culture affect the maturity of IT risk management practices (maturity) in firms. We find that board involvement positively influences maturity while top managers' risk-taking behavior is associated with lower maturity. Even though board expertise influences maturity, board involvement is more important in explaining maturity. Maturity is higher in firms where risk oversight lies with a board-level, rather than a management, committee. However, the maturity of ITRM practices does not differ among firms whether risk oversight lies with the overall board, or any other board committee. The findings contribute to an under-researched area in IT governance.

Spirituality, happiness and auditors' commitment: an interbeing perspective

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Sujoko Efferin ◽  
Christopher Christian Hutomo
Keyword(s):  
Spiritual Development ◽  
Multinational Firms ◽  
Comfort Zone ◽  
Content Type ◽  
Accounting Firm ◽  
Documentary Analysis ◽  
Interpretive Case Study ◽  
And Performance ◽  
Collection Methods

PurposeThis study attempts to explore the meaning and implication of spirituality in an accounting firm by using a Buddhist perspective of interbeing. It explains how the happiness of individuals (auditors, partners, clients and auditor family members); organisational performance and growth and auditors' commitment are interconnected and impermanent.Design/methodology/approachThis study employed an interpretive case study in an Indonesian accounting firm. The researchers explored the collective and individual feelings, thoughts, actions and experiences of the firm's actors. The data collection methods were interviews, participant observations and documentary analysis.FindingsLeadership plays a major role in cultivating spirituality in an accounting firm. The spirituality increases auditors' commitment, (conditional) happiness and performance resulting in client satisfaction and the firm's growth. From an interbeing perspective, partners, auditors and clients are interconnected and impermanent. A firm's growth creates a growing sense of unhappiness due to the diminishing of auditors' comfort zone. Spirituality in the workplace can only engender conditional happiness and organisational commitment that offset the importance of material rewards and career prospects. To reach ultimate (unconditional) happiness, one requires a continuous spiritual development.Research limitations/implicationsThe insights gained from this study need enrichment from cases in different contexts, e.g. multinational firms with members from different countries and cultures.Originality/valueThis study develops the discourse of emancipation in the accounting literature by taking into account spirituality and happiness.

A Step-by-Step Procedural Methodology for Improving an Organization's IT Risk Management System

2018 ◽  
pp. 236-257
Author(s):  
Shanmugapriya Loganathan
Keyword(s):  
Risk Management ◽  
Data Security ◽  
Vital Role ◽  
Transfer System ◽  
Business Systems ◽  
It Risk Management ◽  
It Organization ◽  
Security Network ◽  
Business Cost ◽  
It Risk

Risks in IT are described as a form of threat in context with data security, network transfer, system scheduled processes, critical applications, and business procedures. IT risk management is broadly defined as the process of managing IT risks, and must be executed on a regular basis. It is neither a product nor a purchase, but a policy of an organization implements to protect its business systems. Managing IT risk plays a vital role in administering any business in today's world. Irrespective of the business, deep knowledge of IT risk leads to increased data security, reduced business cost, and greater compliance. This chapter deals with methodologies to improve risk management in an IT organization, their impact, and some examples.

Global IT Risk Management Strategies

2008 ◽  
pp. 285-298 ◽  
Author(s):  
Chrisan Herrod
Keyword(s):  
Risk Management ◽  
Financial Risk ◽  
Best Practice ◽  
New Technologies ◽  
Management Strategies ◽  
Regulatory Compliance ◽  
It Risk Management ◽  
Reputational Risk ◽  
Risk Management Strategies ◽  
It Risk

This chapter describes why it is important for organizations to develop and implement an IT risk management function and use best practice risk assessment methodologies that provide a standard to measure and assess risk within organizations. Information technology risk management is a significant new function that can help companies achieve world class IT service. IT risk management includes regulatory compliance, information security, disaster recovery, and project risks. IT risk management should be part of a company’s risk management strategy on an equal footing with financial risk management and reputational risk management. As the complexity of IT infrastructures increases and as businesses continue to rely upon the Internet as the communication backbone for e-business, the associated risks increase. For these reasons, deciding upon and implementing a risk management process and a standard methodology will greatly reduce the risks associated with the introduction of new technologies that support the mission of the business.

Sign in / Sign up

Export Citation Format

Share Document