Why Do Firms Have Information Systems?

Abstract In this essay, it is suggested that a multi-level interaction perspective offers insight in answering the fundamental question, "Why do firms have IS?" The role of humancomputer interaction (HCI) in firms is recast in this context and seen to be basic to the modern firm's interactions more broadly, with implications for firm capabilities and organizational learning

Assimilating IT Innovation: The Longitudinal Effects of Institutionalization and Resource Dependence

This study seeks to understand the longitudinal effects of external pressures on the assimilation of IT innovations in organizations, making the distinction between pressures from organizations\u27 exchange partners and pressures from the institutional environment. Analyzing 11-year survey data on the adoption and usage of enterprise resource planning (ERP) in Fortune 1000 companies, I have found significant evidences for both sources of external pressures for ERP assimilation. Further, the effects of pressures from exchange partners depended on the extent to which ERP was legitimated as an appropriate organizational technology and practice. These findings not only resolve the long-time confounding of institutional theory and resource dependence theory, but also help delineate each theory\u27s applicability in the operation of external factors on IT assimilation. Practically, this research helps guide practitioners to prioritize external pressures and align such pressures with their organizations\u27 internal specifics

Understanding the complex and dynamic nature of e-health systems assimilation: a system dynamics modelling approach

2018 Conference paper presented at Strathmore University, Nairobi Kenya. Thematic area (Health, Healthcare Management and Research Ethics)Technology assimilation process allows organisations and individuals to integrate technologies into their user practices in a non-routine post-adoptive manner that enhances organisational outcomes. However, previous research in technology implementation shows an assimilation gap between organisational adoption and the full deployment of these technologies within work practices. Healthcare institutions suffer from low technology assimilation often associated with slow uptake on e-health systems. Technology assimilation is a dynamic and complex process and yet previous studies seem incognisant of this understanding and have mainly used variance models to conceptualise and study technology usage. Such studies have thus failed to acknowledge the impact of elements of feedback loops, delays and non-linearity inherent in technology assimilation on the use of technologies. This paper highlights the complex dynamic nature of technology assimilation process within a healthcare setting and proposes system dynamics as a complementary approach to model e-health systems assimilation. System dynamics is an approach used by researchers to gain decision insights into complex dynamic systems by inferring system behaviour from the structure of the system.1.Faculty of Information Technology; Strathmore University 2.School of Computing and Informatics; Mount Kenya Universit

Investigating the Relationship between IT and Organizations: A Research Trilogy

The overall objective of this dissertation is to contribute to knowledge and theory about the influence of information technology (IT) on organizations and their members. This dissertation is composed of three related studies, each examining different aspects of the relationship between IT and organizations. The objective of the first study is to provide an overview of the dominant theoretical perspectives that IS researchers have used in the last five decades to study the influence of technology on organizations and their members. Without being exhaustive, this study seeks more specifically to identify, for each decade, the dominant theoretical perspectives used in the IS field. These dominant theoretical perspectives are illustrated by the selection and description of exemplars published in the decade and their implications for researchers and practitioners are discussed. This review is useful not only for understanding past trends and the current state of research in this area but also to foresee its future directions and guide researchers in their future research on the influence of IT on organizations and their members. The objective of the second study is to theorize how IT artifacts influence the design and performance of organizational routines. This study adopts organizational routines theory as its theoretical lens. Organizational routines represent an important part of almost every organization and organizational routines theory is an influential theory that explains how the accomplishment of organizational routines can contribute to both organizational stability and change. However, the current form of this theory has several limitations such as its neglect of the material aspect of artifacts and the distinctive characteristics of IT artifacts, and its treatment of artifacts as outside of organizational routines. This study seeks to overcome these limitations by extending organizational routines theory. The objective of the third study is to develop a better understanding of information security standards by analyzing the structure, nature and content of their controls. This study investigates also the mechanisms used in the design of information security standards to make them both applicable to a wide range of organizations and adaptable to various specific organizational settings. The results of this study led to the proposition of a new theory for information systems called generative control theory

Development of a Cybersecurity Skills Index: A Scenarios-Based, Hands-On Measure of Non-IT Professionals\u27 Cybersecurity Skills

Completing activities online are a part of everyday life, both professionally and personally. But, conducting daily operations, interacting, and sharing information on the Internet does not come without its risks as well as a potential for harm. Substantial financial and information losses for individuals, organizations, and governments are reported regularly due to vulnerabilities as well as breaches caused by insiders. Although advances in Information Technology (IT) have been significant over the past several decades when it comes to protection of corporate information systems (IS), human errors and social engineering appear to prevail in circumventing such IT protections. While most employees may have the best of intentions, without cybersecurity skills they represent the weakest link in an organization’s IS security. Skills are defined as the combination of knowledge, experience, and ability to do something well. Cybersecurity skills correspond to the skills surrounding the hardware and software required to execute IS security to mitigate cyber-attacks. The main goal of this research study was to develop a scenarios-based, hands-on measure of non-IT professionals’ cybersecurity skills. As opposed to IT professionals, end-users are one of the weakest links in the cybersecurity chain, due to their limited cybersecurity skills. Historically, non-IT professionals (i.e., office assistants, managers, executives) have access to sensitive data and represent 72% to 95% of cybersecurity threats to organizations. This study addressed the problem of threats to organizational IS due to vulnerabilities and breaches caused by employees. Current measures of cybersecurity skills of non-IT professionals are based on self-reported surveys and were found inaccurate. Prior IS and medical research found participants view scenarios as nonintrusive and unintimidating. Therefore, this research study utilized scenarios with observable hands-on tasks to measure and quantify cybersecurity skills of non-IT professionals. This study included developmental research with a sequential-exploratory approach to combine qualitative and quantitative data collection. To ensure validity and reliability of the Cybersecurity Skills Index (CSI), a panel of 18 subject matter experts (SMEs) reviewed the CSI following the Delphi expert methodology. The SMEs’ responses were incorporated into the development of an iPad application (app) prototype (MyCyberSkills™). Following the iPad app prototype development, eight SMEs provided feedback on the scenarios, tasks, and scoring of the app using the Delphi technique. Furthermore, pilot testing of the app was conducted by manually collecting and scoring the hands-on task performance of a group of 21 non-IT professionals. The manually collected data were compared to the app computed results to ensure reliability and validity. All revisions were incorporated into the prototype prior to the start of the empirical research phase. Once the iPad app prototype was completed and fully tested, the quantitative research phase used the prototype to collect data and document the results of the measure. Participants from multiple public organizations were asked to complete the scenarios-based, hands-on tasks as presented in the prototype. Following the pre-analysis data screening, this study used a combination of descriptive statistics and one-way analysis of variance (ANOVA) to address the research questions. Results from 188 participants indicate that educational level and experience using technology appear to be significant demographic variables when it comes to the level of cybersecurity skills demonstrated by non-IT professionals. Moreover, job function, hours accessing the Internet, or primary online activity did not appear to be significant variables when it comes to the level of cybersecurity skills of this population. This research validated that the CSI benchmarking index could be used to assess an individual’s cybersecurity skills level. As organizations continue to rely on the Internet for conducting their daily operations, understanding an employee’s cybersecurity skills level is critical to securing an organization’s IS. Moreover, the CSI operationalized into the MyCyberSkills™ iPad app prototype can be used to assess an organization’s employee’s demonstrated skills on cybersecurity tasks. Furthermore, assessing the cybersecurity skills levels of employees could provide an organization insight into what is needed to further mitigate threats due to vulnerabilities and breaches caused by employees. Discussions and implications for future research are provided

Repairing routines in enterprise system transformations : a sociomaterial perspective

Today, large implementation projects introducing Enterprise System (ES) technology in organizations are a very common phenomenon, typically driven by the idea that a myriad of benefits can be realized. Yet, after implementation, organizations often face challenging problems due to misalignments between “best practices” embedded in ES technology and existing work practices. For the individual user implementation of new technology thus implies considerable effort in terms of cognitively accomplishing appropriation. This complex process of appropriation was found to result in very strong links between technology and individuals that is described as a sociomaterial entanglement by some scholars. In addition, ES technology implementations do often not ‘simply’ introduce a new technology into an organization, but will likely replace a similarly complex, integrated legacy system. Given the strong link between individuals and technology, established while appropriating the legacy system, replacing old technology will imply the breaking of old associations as much as the building of new ones. Consequently, the point of departure is as much characterized by an achieved sociomaterial entanglement with the old technology as it is by the need to integrate new technology into work practices. It has long been argued that organizational routines are key to understanding changes of work practices in organizations as well as the associated process of organizational learning. While the question how organizational routines emerge and evolve over time is extensively studied, little is known about what happens when routines are disrupted. In addition, the substitution of a legacy system raises the question, how exiting entanglements influence changes in routines triggered by ES technology implementation. Addressing this gap in the literature, this thesis aims to understand how sociomaterial routines are repaired after the implementation of ES technology. To answer this question, a longitudinal interpretive case study of an ES technology implementation project in the retail banking division of a large German bank was conducted. The custom-built legacy system to be replaced by new ES technology due to technical and regulatory requirements had been in place for over thirty years before. Within the retail banking division the study focuses on the credit service unit, which offers back-office services to the bank’s customers and advisors. The case material consists of 57 semi-structured interviews and observation of 38 participants, collected at three different stages during the project (before go-live, immediately after go-live, and 6 month later). Using narrative networks as an analytical device helped capturing the complexity of routine changes related to ES technology implementation and provided the conceptual link between organizational routines and sociomaterial entanglements. Based on a comparison of relevant routines at different points in time during (post-) implementation, five categories of practices individuals (in different positions/at different organizational levels) employed to repair routine performances were identified. Two of the practices aimed directly at adapting routines. But, individuals also developed additional support practices (i.e., work practices, which are performed in addition to, but share common fragments with, the supported routine). Two more repair practices targeted the sociomaterial background based on which routines are established, that is they changed the basis on which those actants are delineated, which are subsequently forming routine fragments. Thus, in line with other studies of post-implementation behavior, the findings show that repairing routines is a collaborative achievement of many, if not all, individuals directly and indirectly affected by the technological change. Yet, the repair practices employed at different levels do not operate independently, but are highly interrelated. Like researchers studying other phenomena using a sociomaterial lens, both physical (e.g., use of printouts) as well as digital (e.g., functionality of new ES technology) materiality were found to be important constituents of problems and repair practice. Furthermore, time was similarly important for repairing routines as both the timing of routine executions as well as the unfolding of repair practices over time had major effects on the final success of recreating routines. The findings also highlight that repair practices are different with respect to their persistence. While those practices employed to handle the situation of change were more likely to disappear again (yet did not necessarily do so), those required for adapting routines and accommodating the new system most likely persist. In conclusion, repairing routines after ES technology implementation does not only involve replacing one routine fragment (related to the old technology) with a new fragment (based on new technology) and appropriately reincorporating this new fragment into an otherwise stable routine. To the contrary, repairing routines implicates far more profound changes to routines, which have to be negotiated both with the social and material environment, and further requires adjusting the sociomaterial background based on which routines are established. In addition, repair practices evolve over time and differ with respect to their persistence. Thus, repairing a routine has a social, material, and temporal dimension, which jointly have to be considered. This doctoral thesis contributes to theory by providing a conceptual account of ES Transformation, which offers an explanation of how a working ES is reestablished by repairing routines after the implementation of ES technology. These findings are also valuable for practitioners as they allow them to better understand and consequently better plan and manage ES Transformations

eLearning adoption in Eastern and Southern African higher education institutions

Philosophiae Doctor - PhDThis research was undertaken to propose a model for eLearning adoption in Higher Education in Africa and to identify and empirically test measures to assess the model. The model identified eLearning, individual and organisational factors affecting eLearning adoption in higher education. eLearning factors were deemed to be aligned with the individual and organisational factors and therefore, the measurement of individual and organisational factors of eLearning adoption is essential in determining the current state, and future development that could enhance eLearning adoption in higher education. This study is a first attempt in Africa to define and present a conceptualization of an eLearning adoption framework. The framework is a combination of frameworks and models from various disciplines, including social psychology, information systems, anthropology, sociology, education, communication, marketing, management, geography, economics and cognitive psychology. These frameworks for eLearning adoption in Higher Education are synergised and contextualised in the study.South Afric