IT service management: process capability, process performance, and business performance

As technology is at the core of almost every leading industry, organizations are increasingly scrutinizing their Information Technology (IT) group’s performance so that it is more in line with overall business performance and contributes to the business’ bottom line. Many IT departments are not equipped to meet these increasing IT service demands. They continue to operate as passive-reactive service providers, utilizing antiquated methods that do not adequately provide the quality, real-time solutions that organizations need to be competitive. Organizations need efficient Information Technology Service Management (ITSM) processes in order to cut costs, but ironically, in order to implement highly capable processes, there are significant costs involved, both in terms of time and resources. A potential way to achieve better performing and higher capable processes is to employ methods to compare an organization’s processes against best-practice standards to identify gaps and receive guidance to improve the processes. Many of the existing methods require large investments. Holding back progress towards best practice for financial benefit in the IT industry is the reluctance of many IT organizations to embrace the business side (specifically Service Portfolio Management and IT Financial Management) aspects of ITSM. Service Portfolio Management (SPM) is used to manage investments in Service Management across an organization, in terms of financial values. SPM enables managers to assess the quality requirements and associated costs. IT Financial Management aims to provide information on the IT assets and resources used to deliver IT services. Providing a Service Portfolio and practicing IT Financial Management requires a high level of maturity for an organization. It seems reasonable and logical that the organization’s Chief Information Officer should be able to articulate and justify the IT services provided, report the costs (by service) incurred in delivering these services, and can communicate the demand for those services, that is, how they are being consumed and projections on how they will be consumed in the future. However, a major investment in terms of time and resources may be needed to catalogue such information and report on it. The research problem that this paper addresses is the lack of a pragmatic model and method that associates ITSM process maturity (process capability and performance) with financial performance for organizations that lack mature ITSM processes. Previous studies have reported on cost savings, but there is currently no measurement model to associate ITSM maturity with financial profitability; which in turn prompts the research question: How can the association of ITSM process capability and process performance with financial performance of an organization be determined? This research iteratively develops and applies a measurement model that presents a pragmatic and cost-effective method to link ITSM process capability and process performance with business performance by operationalizing Key Performance Indicators (KPIs) to support Critical Success Factors (CSFs) and associating CSFs with business risks to determine business performance. This study employs a scholar-practitioner approach to changing/improving processes using action research and an adaptation of the Keys to IT Service Management Excellence Technique (KISMET) model to guide the process improvement initiative. This technique leads to the second research question: How can the ITSM measurement framework be demonstrated for CSI? The research was based on a single case study of a global financial services firm Company X that had implemented the ITIL® framework to improve the quality of its IT services. The study found that the measurement framework developed can be used as a starting point for self-improvement for businesses, identifying gaps in processes, benchmarking within an organization as well as guiding an organization’s process improvement efforts. The measurement model can be used to conduct What-If analyses to model the impacts of future business decisions on KPIs and CSFs. The measurement model presented in this study can be quickly implemented, adapted and evolved to meet the organization’s needs. The research offers an example from which other organizations can learn to measure their financial return on investment in ITSM improvement

It governance evaluation: Adapting and adopting the COBIT framework for public sector organisations

This thesis examined the potential to develop an IT governance evaluation framework for an Australian state public sector and identified factors that would positively influence the adoption of the adapted framework. Using four linked studies the research revealed that an adapted framework for the evaluation of IT governance could be derived from best-practice models to fit the specific needs of individual organisations or sectors. The findings contribute to improving the ease of use, enhance usefulness, and increase the intent to adopt IT governance frameworks within a public sector context

Information Security Governance Simplified

Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management. Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn’t when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations

Externalities and Enterprise Software: Helping and Hindering Legal Compliance

Enterprise software helps organizations comply with laws and regulations, yet software itself creates negative externalities that can undermine rights and laws. Software developers are an important regulatory force, yet many know little about how law and software interact. This work examines developer understanding of legal concepts and examples of the software code and law relationship: payroll, Sarbanes Oxley Act, web accessibility, and data protection

Maturity Models Architecture: A large systematic mapping

Maturity models are widespread in research and in particular, IT practitioner communities. However, theoretically sound, methodologically rigorous and empirically validated maturity models are quite rare.  This systematic mapping paper focuses on the challenges faced during the development of maturity models. More specifically, it explores the literature on maturity models and standard guidelines to develop maturity models, the challenges identified and solutions proposed.  Our systematic mapping  revealed over six hundred articles on maturity models. Extant literature reveals that researchers have primarily focused on developing new maturity models pertaining to domain-specific problems and/or new enterprise technologies. We find rampant re-use of the design structure of widely adopted models such as Nolan’s Stage of Growth Model, Crosby’s Grid, and Capability Maturity Model (CMM). We also identify three dominant views of maturity models and provide guidelines for various approaches to constructing maturity models with a standard vocabulary. We finally propose using process theories and configurational approaches to address the main theoretical criticisms with regard to maturity models and conclude with some recommendations for maturity model developers

Human-Intelligence and Machine-Intelligence Decision Governance Formal Ontology

Since the beginning of the human race, decision making and rational thinking played a pivotal role for mankind to either exist and succeed or fail and become extinct. Self-awareness, cognitive thinking, creativity, and emotional magnitude allowed us to advance civilization and to take further steps toward achieving previously unreachable goals. From the invention of wheels to rockets and telegraph to satellite, all technological ventures went through many upgrades and updates. Recently, increasing computer CPU power and memory capacity contributed to smarter and faster computing appliances that, in turn, have accelerated the integration into and use of artificial intelligence (AI) in organizational processes and everyday life. Artificial intelligence can now be found in a wide range of organizational systems including healthcare and medical diagnosis, automated stock trading, robotic production, telecommunications, space explorations, and homeland security. Self-driving cars and drones are just the latest extensions of AI. This thrust of AI into organizations and daily life rests on the AI community’s unstated assumption of its ability to completely replicate human learning and intelligence in AI. Unfortunately, even today the AI community is not close to completely coding and emulating human intelligence into machines. Despite the revolution of digital and technology in the applications level, there has been little to no research in addressing the question of decision making governance in human-intelligent and machine-intelligent (HI-MI) systems. There also exists no foundational, core reference, or domain ontologies for HI-MI decision governance systems. Further, in absence of an expert reference base or body of knowledge (BoK) integrated with an ontological framework, decision makers must rely on best practices or standards that differ from organization to organization and government to government, contributing to systems failure in complex mission critical situations. It is still debatable whether and when human or machine decision capacity should govern or when a joint human-intelligence and machine-intelligence (HI-MI) decision capacity is required in any given decision situation. To address this deficiency, this research establishes a formal, top level foundational ontology of HI-MI decision governance in parallel with a grounded theory based body of knowledge which forms the theoretical foundation of a systemic HI-MI decision governance framework

Advanced Digital Auditing

This open access book discusses the most modern approach to auditing complex digital systems and technologies. It combines proven auditing approaches, advanced programming techniques and complex application areas, and covers the latest findings on theory and practice in this rapidly developing field. Especially for those who want to learn more about novel approaches to testing complex information systems and related technologies, such as blockchain and self-learning systems, the book will be a valuable resource. It is aimed at students and practitioners who are interested in contemporary technology and managerial implications