Artificial Intelligence for Sustainability—A Systematic Review of Information Systems Literature

The booming adoption of Artificial Intelligence (AI) likewise poses benefits and challenges. In this paper, we particularly focus on the bright side of AI and its promising potential to face our society’s grand challenges. Given this potential, different studies have already conducted valuable work by conceptualizing specific facets of AI and sustainability, including reviews on AI and Information Systems (IS) research or AI and business values. Nonetheless, there is still little holistic knowledge at the intersection of IS, AI, and sustainability. This is problematic because the IS discipline, with its socio-technical nature, has the ability to integrate perspectives beyond the currently dominant technological one as well as can advance both theory and the development of purposeful artifacts. To bridge this gap, we disclose how IS research currently makes use of AI to boost sustainable development. Based on a systematically collected corpus of 95 articles, we examine sustainability goals, data inputs, technologies and algorithms, and evaluation approaches that coin the current state of the art within the IS discipline. This comprehensive overview enables us to make more informed investments (e.g., policy and practice) as well as to discuss blind spots and possible directions for future research

Enterprise Content Management - A Literature Review

Managing information and content on an enterprise-wide scale is challenging. Enterprise content management (ECM) can be considered as an integrated approach to information management. While this concept received much attention from practitioners, ECM research is still an emerging field of IS research. Most authors that deal with ECM claim that there is little scholarly literature available. After approximately one decade of ECM research, this paper provides an in-depth review of the body of academic research: the ECM domain, its evolution, and main topics are characterized. An established ECM research framework is adopted, refined, and explained with its associated elements and working definitions. On this basis, 68 articles are reviewed, classified, and concepts are derived. Prior research is synthesized and findings are integrated in a concept-centric way. Further, implications for research and practice, including future trends, are drawn

Managing Flexibility in Outsourcing

In recent years, outsourcing has gained considerable management attention. However, the benefits of outsourcing are not without concessions. One major risk is losing the flexibility to change the extent, nature, or scope of the outsourced business services, and such flexibility is strategically imperative in today\u27s dynamic business environment. This paper seeks to clarify the multi-dimensional notion of flexibility in outsourcing by examining robustness, modifiability, new capability, and ease of exit. Adapting from Evans (1991), we also develop a framework to classify existing practices in managing outsourcing flexibility. We go beyond contractual provision to surface a portfolio of pre-emptive, protective, exploitive, and corrective maneuvers. These strategic maneuvers map well to traditional notions in coordination theory, both in advanced structuring through loose coupling and dependency diversification, and in dynamic adjustment through proactive sensing and reactive adapting. We put forward a set of propositions hypothesizing the relationships between the various strategic maneuvers and the different dimensions of outsourcing flexibility, and discuss the moderating impact of such maneuvers on outsourcing success. We hope the greater conceptual clarity will not only contribute to the effectiveness of outsourcing management but also spawn a new research agenda on outsourcing flexibility

Method support for enterprise architecture management capabilities

"What can our EA organization do and/or what should it be capable of?". In order to answer this questions, a capability-based method is developed, which assists in the identification, structuring and management of capabilities. The approach is embedded in a process comprising four building blocks providing appropriated procedures, concepts and supporting tools evolved from theory and practical use cases. The guide represents a flexible method for capability newcomers and experienced audiences to optimize enterprises’ economic impacts of EAM supporting the alignment of business and IT.„Was muss unser UAM leisten können?“ Als Grundlage für die Beantwortung dieser Frage sollen Konzepte aus dem Fähigkeitenmanagement genutzt werden. Im Rahmen dieser Arbeit wird eine fähigkeitenbasierte Methode entwickelt, welche Unternehmen bei der Identifikation, Strukturierung und Verwaltung von UAM-Fähigkeiten unterstützt. Der Ansatz ist in einen Prozess eingegliedert, welcher vier Hauptbestandteile beinhaltet und die für die Durchführung notwendigen Vorgehen, Konzepte und Hilfsmittel beschreibt, welche wiederrum in Kooperationen mit der Praxis getestet wurden

Business Agility and Information Technology in Service Organizations

Service organizations have to deal with highly uncertain events, both in the internal and external environment. In the academic literature and in practice there is not much knowledge about how to deal with this uncertainty. This PhD dissertation investigates the role and impact of information technologies (IT) on business agility in service organizations. Business agility is a relatively new term defined as the capability of organizations to swiftly change businesses and business processes beyond the normal level of flexibility to effectively manage highly uncertain and unexpected, but potentially consequential internal and external events. Empirical research was carried out via surveys and interviews among managers from 35 organizations in four industries and in three governmental sectors. Four in-depth case studies were carried out within one service organization. The dissertation has six key findings: 1) In many large service organizations business agility is hampered by a lack of IT agility. 2) Organization and alignment of processes and information systems via the cycle of sensing, responding and learning along with the alignment of business and IT are important conditions for improving business agility performance of service organizations. 3) Standardization of IT capabilities and higher levels of data quality support higher levels of business agility of service organizations. 4) Two knowledge management strategies – codification and personalization -- are identified that can be used to respond to events with different degrees of uncertainty. A codification knowledge management strategy supports the response to events with low levels of uncertainty by exploiting explicit knowledge from organizational memory. A personalization knowledge management strategy drives the response to events with high levels of uncertainty by exploitation of tacit knowledge and social capital. 5) Social capital is an important moderating variable in the relation between IT capabilities and business agility. Social capital can mitigate the lack of IT agility that exists in many service organizations by overcoming information system boundaries and rigidities via human relationships. 6) The combination of sensing, responding and learning capabilities is required to increase all dimensions of business agility performance. Overall, this research introduces a new approach to analyze and measure business agility. This thesis takes the first steps to develop theoretical knowledge on the conditions under which IT supports higher levels of business agility and business agility performance

Overcoming digitalization-driven challenges in banks : An exploration of theory and practice towards improving Enterprise Architecture Management’s ability to support rapid change

Banks increasingly need the ability to implement rapid change to react to changes in technology, user demands, and regulations that are difficult to foresee. The complex information systems (IS) and process landscape of incumbent banks impede this ability. Enterprise architecture management (EAM), as a function that aims to oversee the coherent development of the IS and IT landscape in alignment with the business, is argued to have the capability to support this ability. However, the speed and uncertainty of changes, as well as a focus of banks to implement Agile project methodolo-gies and de-centralize decision-making, challenges EAM to effectively fulfill this role. A Theoretical Base model is constructed from the literature and promising approaches to increase the effectiveness are identified. An exploratory case study of three large banks that are affected by digitalization to different extents, is conducted on the basis of this model. The findings indicate non-technical issues to be the most challenging factors for EAM today, which need to be addressed to allow EAM to valuably support banks’ ability to accommodate rapid change by providing transparency, guidance for projects regarding processes and technology, as well as steering for the long-term evolution of the IT landscape. EAM can help banks most effectively by supporting cross-team communication and facilitating reduced complexity in the long-run

Development of Secure Software : Rationale, Standards and Practices

The society is run by software. Electronic processing of personal and financial data forms the core of nearly all societal and economic activities, and concerns every aspect of life. Software systems are used to store, transfer and process this vital data. The systems are further interfaced by other systems, forming complex networks of data stores and processing entities.This data requires protection from misuse, whether accidental or intentional. Elaborate and extensive security mechanisms are built around the protected information assets. These mechanisms cover every aspect of security, from physical surroundings and people to data classification schemes, access control, identity management, and various forms of encryption. Despite the extensive information security effort, repeated security incidents keep compromising our financial assets, intellectual property, and privacy. In addition to the direct and indirect cost, they erode the trust in the very foundation of information security: availability, integrity, and confidentiality of our data. Lawmakers at various national and international levels have reacted by creating a growing body of regulation to establish a baseline for information security. Increased awareness of information security issues has led to extend this regulation to one of the core issues in secure data processing: security of the software itself. Information security contains many aspects. It is generally classified into organizational security, infrastructure security, and application security. Within application security, the various security engineering processes and techniques utilized at development time form the discipline of software security engineering. The aim of these security activities is to address the software-induced risk toward the organization, reduce the security incidents and thereby lower the lifetime cost of the software. Software security engineering manages the software risk by implementing various security controls right into the software, and by providing security assurance for the existence of these controls by verification and validation. A software development process has typically several objectives, of which security may form only a part. When security is not expressly prioritized, the development organizations have a tendency to direct their resources to the primary requirements. While producing short-term cost and time savings, the increased software risk, induced by a lack of security and assurance engineering, will have to be mitigated by other means. In addition to increasing the lifetime cost of software, unmitigated or even unidentified risk has an increased chance of being exploited and cause other software issues. This dissertation concerns security engineering in agile software development. The aim of the research is to find ways to produce secure software through the introduction of security engineering into the agile software development processes. Security engineering processes are derived from extant literature, industry practices, and several national and international standards. The standardized requirements for software security are traced to their origins in the late 1960s, and the alignment of the software engineering and security engineering objectives followed from their original challenges to the current agile software development methods. The research provides direct solutions to the formation of security objectives in software development, and to the methods used to achieve them. It also identifies and addresses several issues and challenges found in the integration of these activities into the development processes, providing directly applicable and clearly stated solutions for practical security engineering problems. The research found the practices and principles promoted by agile and lean software development methods to be compatible with many security engineering activities. Automated, tool-based processes and the drive for efficiency and improved software quality were found to directly support the security engineering techniques and objectives. Several new ways to integrate software engineering into agile software development processes were identified. Ways to integrate security assurance into the development process were also found, in the form of security documentation, analyses, and reviews. Assurance artifacts can be used to improve software design and enhance quality assurance. In contrast, detached security engineering processes may create security assurance that serves only purposes external to the software processes. The results provide direct benefits to all software stakeholders, from the developers and customers to the end users. Security awareness is the key to more secure software. Awareness creates a demand for security, and the demand gives software developers the concrete objectives and the rationale for the security work. This also creates a demand for new security tools, processes and controls to improve the efficiency and effectiveness of software security engineering. At first, this demand is created by increased security regulation. The main pressure for change will emanate from the people and organizations utilizing the software: security is a mandatory requirement, and software must provide it. This dissertation addresses these new challenges. Software security continues to gain importance, prompting for new solutions and research.Ohjelmistot ovat keskeinen osa yhteiskuntamme perusinfrastruktuuria. Merkittävä osa sosiaalisesta ja taloudellisesta toiminnastamme perustuu tiedon sähköiseen käsittelyyn, varastointiin ja siirtoon. Näitä tehtäviä suorittamaan on kehitetty merkittävä joukko ohjelmistoja, jotka muodostavat mutkikkaita tiedon yhteiskäytön mahdollistavia verkostoja. Tiedon suojaamiseksi sen ympärille on kehitetty lukuisia suojamekanismeja, joiden tarkoituksena on estää tiedon väärinkäyttö, oli se sitten tahatonta tai tahallista. Suojausmekanismit koskevat paitsi ohjelmistoja, myös niiden käyttöympäristöjä ja käyttäjiä sekä itse käsiteltävää tietoa: näitä mekanismeja ovat esimerkiksi tietoluokittelut, tietoon pääsyn rajaaminen, käyttäjäidentiteettien hallinta sekä salaustekniikat. Suojaustoimista huolimatta tietoturvaloukkaukset vaarantavat sekä liiketoiminnan ja yhteiskunnan strategisia tietovarantoj että henkilökohtaisia tietojamme. Taloudellisten menetysten lisäksi hyökkäykset murentavat luottamusta tietoturvan kulmakiviin: tiedon luottamuksellisuuteen, luotettavuuteen ja sen saatavuuteen. Näiden tietoturvan perustusten suojaamiseksi on laadittu kasvava määrä tietoturvaa koskevia säädöksiä, jotka määrittävät tietoturvan perustason. Lisääntyneen tietoturvatietoisuuden ansiosta uusi säännöstö on ulotettu koskemaan myös turvatun tietojenkäsittelyn ydintä,ohjelmistokehitystä. Tietoturva koostuu useista osa-alueista. Näitä ovat organisaatiotason tietoturvakäytännöt, tietojenkäsittelyinfrastruktuurin tietoturva, sekä tämän tutkimuksen kannalta keskeisenä osana ohjelmistojen tietoturva. Tähän osaalueeseen sisältyvät ohjelmistojen kehittämisen aikana käytettävät tietoturvatekniikat ja -prosessit. Tarkoituksena on vähentää ohjelmistojen organisaatioille aiheuttamia riskejä, tai poistaa ne kokonaan. Ohjelmistokehityksen tietoturva pyrkii pienentämään ohjelmistojen elinkaarikustannuksia määrittämällä ja toteuttamalla tietoturvakontrolleja suoraan ohjelmistoon itseensä. Lisäksi kontrollien toimivuus ja tehokkuus osoitetaan erillisten verifiointija validointimenetelmien avulla. Tämä väitöskirjatutkimus keskittyy tietoturvatyöhön osana iteratiivista ja inkrementaalista ns. ketterää (agile) ohjelmistokehitystä. Tutkimuksen tavoitteena on löytää uusia tapoja tuottaa tietoturvallisia ohjelmistoja liittämällä tietoturvatyö kiinteäksi osaksi ohjelmistokehityksen prosesseja. Tietoturvatyön prosessit on johdettu alan tieteellisestä ja teknillisestä kirjallisuudesta, ohjelmistokehitystyön vallitsevista käytännöistä sekä kansallisista ja kansainvälisistä tietoturvastandardeista. Standardoitujen tietoturvavaatimusten kehitystä on seurattu aina niiden alkuajoilta 1960-luvulta lähtien, liittäen ne ohjelmistokehityksen tavoitteiden ja haasteiden kehitykseen: nykyaikaan ja ketterien menetelmien valtakauteen saakka. Tutkimuksessa esitetään konkreettisia ratkaisuja ohjelmistokehityksen tietoturvatyön tavoitteiden asettamiseen ja niiden saavuttamiseen. Tutkimuksessa myös tunnistetaan ongelmia ja haasteita tietoturvatyön ja ohjelmistokehityksen menetelmien yhdistämisessä, joiden ratkaisemiseksi tarjotaan toimintaohjeita ja -vaihtoehtoja. Tutkimuksen perusteella iteratiivisen ja inkrementaalisen ohjelmistokehityksen käytäntöjen ja periaatteiden yhteensovittaminen tietoturvatyön toimintojen kanssa parantaa ohjelmistojen laatua ja tietoturvaa, alentaen täten kustannuksia koko ohjelmiston ylläpitoelinkaaren aikana. Ohjelmistokehitystyön automatisointi, työkaluihin pohjautuvat prosessit ja pyrkimys tehokkuuteen sekä korkeaan laatuun ovat suoraan yhtenevät tietoturvatyön menetelmien ja tavoitteiden kanssa. Tutkimuksessa tunnistettiin useita uusia tapoja yhdistää ohjelmistokehitys ja tietoturvatyö. Lisäksi on löydetty tapoja käyttää dokumentointiin, analyyseihin ja katselmointeihin perustuvaa tietoturvan todentamiseen tuotettavaa materiaalia osana ohjelmistojen suunnittelua ja laadunvarmistusta. Erillisinä nämä prosessit johtavat tilanteeseen, jossa tietoturvamateriaalia hyödynnetään pelkästään ohjelmistokehityksen ulkopuolisiin tarpeisiin. Tutkimustulokset hyödyttävät kaikkia sidosryhmiä ohjelmistojen kehittäjistä niiden tilaajiin ja loppukäyttäjiin. Ohjelmistojen tietoturvatyö perustuu tietoon ja koulutukseen. Tieto puolestaan lisää kysyntää, joka luo tietoturvatyölle konkreettiset tavoitteet ja perustelut jo ohjelmistokehitysvaiheessa. Tietoturvatyön painopiste siirtyy torjunnasta ja vahinkojen korjauksesta kohti vahinkojen rakenteellista ehkäisyä. Kysyntä luo tarpeen myös uusille työkaluille, prosesseille ja tekniikoille, joilla lisätään tietoturvatyön tehokkuutta ja vaikuttavuutta. Tällä hetkellä kysyntää luovat lähinnä lisääntyneet tietoturvaa koskevat säädökset. Pääosa muutostarpeesta syntyy kuitenkin ohjelmistojen tilaajien ja käyttäjien vaatimuksista: ohjelmistojen tietoturvakyvykkyyden taloudellinen merkitys kasvaa. Tietoturvan tärkeys tulee korostumaan entisestään, lisäten tarvetta tietoturvatyölle ja tutkimukselle myös tulevaisuudessa

Thriving in the New Normal: The HR Microfoundations of Capabilities for Business Model Innovation. An Integrated Literature Review.

Firms need to respond to the increasing competition and change of the current New Normal environment by being more innovative, and especially in developing new business models. This paper seeks to explore how microfoundations, particularly with respect to human resource management, play a key role in facilitating innovation in business models through the development of key needed capabilities. Four themes are identified with respect to business model innovation (BMI) in the New Normal: BMI as an enabler to create and operate across industries and product‐markets; BMI as a mechanism for firms to better navigate changing institutional landscapes; BMI as giving rise to business model portfolios; and concurrent and cumulative innovations that can lead to BMI. This paper also develops a conceptual framework that presents a synoptic view of the five essential capabilities for BMI, which include analogical reasoning, sensemaking, dynamic capabilities, organisational ambidexterity, and organisational learning. Finally, it is shown how the microfoundations of a bespoke, development‐oriented BMI HR architecture can support the advancement of these capabilities and thus contribute to the strategic HR literature