Towards a Framework to Improve IT Security and IT Risk Management in Small and Medium Enterprises

Design Science ◽

Science Research ◽

Essential Elements ◽

It Risk Management ◽

Current State ◽

The Social ◽

Medium Enterprises ◽

It Risk

In this article, an IT risk management (ITRM) framework for small and medium enterprises (SMEs) is designed and evaluated. The framework's objective is to provide an uncomplicated and accessible ITRM approach primarily aimed at SMEs without a dedicated ITRM. The framework combines essential elements from three leading (IT) risk management frameworks: COBIT 5 for Risk, ISO/IEC 27005:2011 and M_o_R. The framework was developed by employing a design science research methodology for social artefacts and evaluated in two healthcare SMEs. The ITRM framework itself was assessed as comprehensible and potentially useful. Simultaneously, over-arching IT governance issues prevented the immediate framework implementation in the two cases. IT management researchers can draw on this article's findings to better understand the role of the social context in SMEs to achieve an effective practical impact. Practitioners in SMEs can draw on the current state of the framework for an initial ITRM implementation or to increase their current ITRM approaches' maturity.

An IT strategy development framework for small and medium enterprises

10.26686/wgtn.13088534 ◽

2020 ◽

Author(s):

Andreas Drechsler ◽

S Weissschaedel

Keyword(s):

Design Science ◽

Science Research ◽

Strategy Development ◽

It Strategy ◽

Development Framework ◽

Strategy Process ◽

Value Contribution ◽

Sales Industry ◽

© 2017, Springer-Verlag Berlin Heidelberg. We design and evaluate an IT strategy development framework for small and medium enterprises (SMEs). The framework’s objective is to provide a theoretically grounded, empirically validated, uncomplicated, and accessible framework to develop an IT strategy for an SME. The framework is a social artifact whose purpose is to guide the design of two other artifacts: an IT strategy process and an IT strategy plan. We rely on design science research, combined with action research, to design, apply, evaluate, and refine the framework in a specific SME in the sales industry. People responsible for managing the IT in an SME can use the framework to design or refine their IT strategy, in order to make better-informed IT strategy decisions, to improve the utilization of their SME’s usually scarce IT resources, and ultimately increase their IT’s business value contribution. We also gain an enhanced understanding of IT strategies’ role in SMEs and provide methodological implications for social artifact design.

Design Science Research Roadmap Model for Information Systems Projects

International Journal of Information Technology Project Management ◽

10.4018/ijitpm.2018070101 ◽

2018 ◽

Vol 9 (3) ◽

pp. 1-19

Author(s):

Nadhmi Gazem ◽

Azizah Abdul Rahman ◽

Faisal Saeed ◽

Noorminshah A. Iahad

Keyword(s):

Information Systems ◽

Design Science ◽

Science Research ◽

Design Science Research ◽

Is Research ◽

Research Activities ◽

Medium Enterprises ◽

Almost All

This article contends that design science research (DSR) has emerged as an important approach in information systems (IS) research. The design science research roadmap (DSRR) model describes the process of using the DSR in IS in great detail. Unfortunately, the existing literature does not address the task of demonstrating the use of the DSRR in detail by conducting a real case study. This article aims to examine the implementation of the DSRR with real IS research activities. The construction of a systematic innovation framework to solve problems for small and medium enterprises (SMEs) is used as a case study for demonstration purposes. This article shows that the DSRR provides very useful guidance, since it covers almost all the necessary steps to conduct DSR in the information systems field. The illustrations provided with each step of the DSRR in this article will help other researchers, especially novice researchers, to gain a comprehensive understanding of the use of the DSRR model.

Internal Control and SMEs’ Sustainable Growth: The Moderating Role of Multiple Large Shareholders

Journal of Risk and Financial Management ◽

10.3390/jrfm12040182 ◽

2019 ◽

Vol 12 (4) ◽

pp. 182 ◽

Cited By ~ 1

Author(s):

Liangcheng Wang ◽

Yining Dai ◽

Yuye Ding

Keyword(s):

Risk Management ◽

Internal Control ◽

Sustainable Growth ◽

Sensitivity Tests ◽

Large Shareholders ◽

Medium Enterprises ◽

The Relationship ◽

Moderating Role

Small and medium enterprises (SMEs) face more risks for sustainable growth due to a lack of resources than large firms in emerging economies. Hence, it is more likely for SMEs to look to risk management for survival in turbulent markets. As a tool of risk management, whether internal control indeed has contributions to the sustainable growth of SMEs, particularly conditional on multiple large shareholders, is empirically unexplored. Using a sample of SMEs listed in China, this study examines the relationship between internal control and sustainable growth, and assesses a moderating role of multiple large shareholders. The results show that effective internal control significantly promotes SMEs to achieve sustainable growth, and the effect is moderated by multiple large shareholders, suggesting that the role of internal control is more prominent in SMEs with multiple large shareholders. These results are robust to a battery of sensitivity tests. This study extends the literature by providing empirical evidence on the role of internal control in SMEs’ sustainable growth.

SME Financial Management

Enterprise Development in SMEs and Entrepreneurial Firms ◽

10.4018/978-1-4666-2952-3.ch018 ◽

2013 ◽

pp. 330-342 ◽

Cited By ~ 1

Author(s):

Edna Stan-Maduka

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Financial Management ◽

Business Processes ◽

Risk Mitigation ◽

Simplified Approach ◽

Medium Enterprises ◽

Operational Processes

Regulators’ efforts to create awareness of risk management in Small and Medium Enterprises (SMEs) have heightened since the 2008 recession which affected many economies. The objective has been to stress the fundamental role of risk assessment and mitigation in the protection of business processes and profitability of SMEs. This has been hard to achieve due to the inadequate financial and operational processes within small and medium enterprises. This chapter presents an exploration of risk management in SMEs and a simplified approach to SME risk assessment and operational risk mitigation.

The Role of Risk Management on Financial Performance of Small and Medium Enterprises in Kenya

International Journal of Science and Research (IJSR) ◽

10.21275/art20164543 ◽

2017 ◽

Vol 6 (1) ◽

pp. 2125-2130

Keyword(s):

Risk Management ◽

Financial Performance ◽

The Contribution Of Social Capital And Knowledge Management Towards Sme (Small And Medium Enterprises) Fishery In Ambon City

International Journal of Research in Business and Social Science (2147-4478) ◽

10.20525/ijrbs.v8i1.185 ◽

2019 ◽

Vol 8 (1) ◽

pp. 30-35

Author(s):

Jolyne Myrell Parera

Keyword(s):

Social Capital ◽

Knowledge Management ◽

Explicit Knowledge ◽

Global Competitiveness ◽

Descriptive Research ◽

Knowledge Based ◽

The Social ◽

Globalization era is marked by the vast development of knowledge, technology and information, which is competitively incline. Considering the fact that the global competitiveness continously grows tighter, the paradigm needs to change from resources-based competitiveness to knowledge-based competitiveness. The study on knowledge management towards fishery SMEs (Small and Medium Entreprises) tends to apply tacit knowledge directly among the persons rather than the explicit knowledge. The knowledge management is believed to be invented due to the role of the social capital in the form of trust, norm, and network that proceeds continuously among both the internal SMEs and external institutions. This research was conducted in Ambon as one of the ‘minapolitan area’ in Indonesia, and employed descriptive research method and phenomenology approach based on the assumption of reality reconstruction. As the result, this research found that the knowledge management is evidently created as a form of the social capital role both inside and outside the fishery SMEs areas.

SME Financial Management

Small and Medium Enterprises ◽

10.4018/978-1-4666-3886-0.ch054 ◽

2013 ◽

pp. 1107-1119

Author(s):

Edna Stan-Maduka

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Financial Management ◽

Business Processes ◽

Risk Mitigation ◽

Simplified Approach ◽

Medium Enterprises ◽

Operational Processes

Regulators’ efforts to create awareness of risk management in Small and Medium Enterprises (SMEs) have heightened since the 2008 recession which affected many economies. The objective has been to stress the fundamental role of risk assessment and mitigation in the protection of business processes and profitability of SMEs. This has been hard to achieve due to the inadequate financial and operational processes within small and medium enterprises. This chapter presents an exploration of risk management in SMEs and a simplified approach to SME risk assessment and operational risk mitigation.

An IT strategy development framework for small and medium enterprises

10.26686/wgtn.13088534.v1 ◽

2020 ◽

Author(s):

Andreas Drechsler ◽

S Weissschaedel

Keyword(s):

Design Science ◽

Science Research ◽

Strategy Development ◽

It Strategy ◽

Development Framework ◽

Strategy Process ◽

Value Contribution ◽

Sales Industry ◽

© 2017, Springer-Verlag Berlin Heidelberg. We design and evaluate an IT strategy development framework for small and medium enterprises (SMEs). The framework’s objective is to provide a theoretically grounded, empirically validated, uncomplicated, and accessible framework to develop an IT strategy for an SME. The framework is a social artifact whose purpose is to guide the design of two other artifacts: an IT strategy process and an IT strategy plan. We rely on design science research, combined with action research, to design, apply, evaluate, and refine the framework in a specific SME in the sales industry. People responsible for managing the IT in an SME can use the framework to design or refine their IT strategy, in order to make better-informed IT strategy decisions, to improve the utilization of their SME’s usually scarce IT resources, and ultimately increase their IT’s business value contribution. We also gain an enhanced understanding of IT strategies’ role in SMEs and provide methodological implications for social artifact design.

Carving out New Business Models in a Small Company through Contextual Ambidexterity: The Case of a Sustainable Company

Sustainability ◽

10.3390/su12062337 ◽

2020 ◽

Vol 12 (6) ◽

pp. 2337 ◽

Cited By ~ 2

Author(s):

Vinicius Minatogawa ◽

Matheus Franco ◽

Orlando Durán ◽

Ruy Quadros ◽

Maria Holgado ◽

...

Keyword(s):

Business Model ◽

Business Models ◽

Design Science ◽

Science Research ◽

Business Model Innovation ◽

Organizational Ambidexterity ◽

New Business ◽

Business model innovation (BMI) and organizational ambidexterity have been pointed out as mechanisms for companies achieving sustainability. However, especially considering small and medium enterprises (SMEs), there is a lack of studies demonstrating how to combine these mechanisms. Tackling such a gap, this study seeks to understand how SMEs can ambidextrously manage BMI. Our aim is to provide a practical artifact, accessible to SMEs, to operationalize BMI through organizational ambidexterity. To this end, we conducted our study under the design science research to, first, build an artifact for operationalizing contextual ambidexterity for business model innovation. Then, we used an in-depth case study with a vegan fashion small e-commerce to evaluate the practical outcomes of the artifact. Our findings show that the company improves its business model while, at the same time, designs a new business model and monetizes it. Thus, our approach was able to take the first steps in the direction of operationalizing contextual ambidexterity for business model innovation in small and medium enterprises, democratizing the concept. We contribute to theory by connecting different literature strands and to practice by creating an artifact to assist management.