People, technology, processes and risk knowledge sharing

The present global economic crisis creates doubts about the good use of accumulated experience and knowledge in managing risk in financial services. Typically, risk management practice does not use knowledge management (KM) to improve and to develop new answers to the threats. A key reason is that it is not clear how to break down the “organizational silos” view of risk management (RM) that is commonly taken. As a result, there has been relatively little work on finding the relationships between RM and KM. We have been doing research for the last couple of years on the identification of relationships between these two disciplines. At ECKM 2007 we presented a general review of the literature(s) and some hypotheses for starting research on KM and its relationship to the perceived value of enterprise risk management. This article presents findings based on our preliminary analyses, concentrating on those factors affecting the perceived quality of risk knowledge sharing. These come from a questionnaire survey of RM employees in organisations in the financial services sector, which yielded 121 responses. We have included five explanatory variables for the perceived quality of risk knowledge sharing. These comprised two variables relating to people (organizational capacity for work coordination and perceived quality of communication among groups), one relating to process (perceived quality of risk control) and two related to technology (web channel functionality and RM information system functionality). Our findings so far are that four of these five variables have a significant positive association with the perceived quality of risk knowledge sharing: contrary to expectations, web channel functionality did not have a significant association. Indeed, in some of our exploratory regression studies its coefficient (although not significant) was negative. In stepwise regression, the variable organizational capacity for work coordination accounted for by far the largest part of the variation in the dependent variable perceived quality of risk knowledge sharing. The “people” variables thus appear to have the greatest influence on the perceived quality of risk knowledge sharing, even in a sector that relies heavily on technology and on quantitative approaches to decision making. We have also found similar results with the dependent variable perceived value of Enterprise Risk Management (ERM) implementation

A Conceptual Definition of Information Technology Project Management: A Campaign-Driven Perspective

Despite the importance of the project management phenomenon in information technology projects, the information technology project management (ITPM) concept lacks clarity and is narrowly defined. In this paper, we adopt a change management perspective to propose a multidimensional and configurable conceptualization of ITPM. More specifically, using a “campaign” metaphor, we identify twelve key underlying activities of ITPM, grouped under three dimensions, i.e., diplomatic, promotional, and martial, then position these activities within the organizational control theory framework

Developments in Practice XXVII: Delivery IT Functions: A Decision Framework

Despite a steadily growing industry of third party providers, IT organizations to date have ventured rather cautiously into this new area of IT function delivery. This paper attempts to explain why this is so by examining the decision behavior and practices of a number of leading edge organizations. From this analysis, four key decision criteria were identified: flexibility, control, knowledge enhancement and business exigency. Based on the insights of the focus group, the concept of a maturity model for IT functions is introduced as well as a function delivery profile to map delivery options onto core and non-core IT functions. We argue that these elements should form the basis of a decision framework to guide the selection of delivery options. Following this framework, organizations should now begin to move beyond the exploration stage to develop more strategic, nuanced and methodological approaches to IT function delivery

The Effects of Dynamic IT Capability and Organizational Culture on Firm Performance: An Empirical Study

This paper presents an empirical study that examines the effects of dynamic IT capability and organizational culture on firm performance. More specifically, this study investigates the main effects of dynamic IT capability on firm performance, the main effects of organizational culture on firm performance, and the interaction effects between the two factors on firm performance. Adopting the Resource-Based View (RBV) of the firm, dynamic capabilities theory, complementarity theory, and organizational culture theories, this multidisciplinary study uses survey method to collect data. This study finds that dynamic IT capability and organizational culture jointly predict firm performance. This research makes a contribution to both academic research and management practice. Theoretically, this study integrates multiple theories to provide a better IT business value model; practically, this study provides leaders in industry with useful advice on IT/IS strategy and IT investment decision-making

O desenho da gestão da tecnologia da informação nas 100 maiores empresas na visão dos executivos de TI

The objective of this paper is to identify the design of IT management atn the top 100 Brazilian companies. The research method was a quantitative approach, using the descriptive-statistical method to describe the data collected through a questionnaire with 77 questions, based on the rationale of the IT management, proposed by Lutchen (2003). The main results indicate that: a) IT aligns with the basic processes of business, although not fully synchronized; b) IT management adheres to conformity systems (ITIL, COBIT), but does not show optimization of business processes; c) IT delivers the basic demands, but does not impose or use the best automated practices; and d) IT quality is based on documented processes, but lacks indicators to control and orient business improvement. One may infer that IT management, at the top 100 Brazilian companies is essentially based on standard IT conformity systems, under the rationale of solution providers, and not as a business innovator or rule breaker. Thus, in spite of aligning and responding to business basic demand, IT management still does not show clear signs of alignment with the evolving nature of business models, needed to sustain business performance.O objetivo desse artigo é identificar o desenho do gerenciamento da TI nas 100 maiores empresas brasileiras. A pesquisa teve uma abordagem quantitativa e utilizou-se do método estatístico-descritivo para apresentar os dados, coletados por meio de questionário estruturado fechado, com 77 questões baseadas na gestão da TI, dentro da lógica argumentativa de Lutchen (2003). Os principais resultados indicam que: a) há um alinhamento com os processos básicos de negócio, porém, com mostras de dessincronias; b) a gestão está orientada para os sistemas de conformidade (ITIL, COBIT), mas sem otimização dos processos de negócio; c) a TI entrega as demandas básicas, porém sem estrutura para impor e usar as melhores práticas automatizadas; e d) a qualidade apresenta processos documentados, porém com falta de indicadores para o desenvolvimento dos negócios. Infere-se do quadro da pesquisa que a gestão da TI é conduzida essencialmente com base nas metodologias padrões de gestão de TI, muito mais dentro da lógica de fornecedora de soluções do que dentro dos princípios da inovação ou quebra de regras dos negócios. Assim, apesar de alinhar-se e responder às demandas básicas dos negócios, a gestão da TI não dá ainda mostras claras de avanço de aderência à natureza evolutiva dos modelos de negócios necessária à sustentação de desempenho desses

The Changing Role of the CIO. Is CIO an IT Expert or a Business Executive?

PURPOSE OF THE THESIS The objective of this thesis is to understand the factors that affect the role of the CIOs in enterprises as well as to examine the role of the CIOs in Finnish enterprises. Moreover, the objective is to understand the role of IT in business strategy planning and execution. Finally, this thesis tries to provide both theoretical and empirical research based suggestions to Finnish enterprises in relation to the research questions of this thesis. METHODOLOGY The research is started with a literature review where the emphasis was on such issues as IT governance and the role of CIOs in organizations. The data collection of the empirical part of the study is done with 27 semi-structured interviews involving CIOs, CFOs and CEOs in 19 enterprises. Semi-structured interview questions are augmented with open ended questions with the aim to deepen analysis on issues covered by the interview questions as well as to better understand responses received. RESULTS The main finding of this thesis is that the CIO’s role has already evolved into that of a business executive in IT-intensive industries and enterprises. In many other enterprises, the challenge is how to manage the transformation of technically-oriented IT managers into business executives without losing necessary technical competencies. From the CIO’s perspective it is more critical to have access to strategy planning and execution than to have a high organizational status with no such access. The CIO needs not to be a formal member in the executive committee, if the CIO has continuous access to and an active role in the business strategy process and if the needs to organize the executive level responsibilities of IT are understood by the CEO and/or executive committee members. Within this context, the empowerment of CIOs to make strategic decisions will increase the value delivery from the use of IT. Still, one of the easy means to improve the business value delivery of IT is to have the CIO to report to the CEO. This will improve the linkage of business and IT strategies in a natural way. The mentioned impact can be boosted if the CIO is made a member of the executive committee. To carve out more value from the use of IT an enterprise needs to establish a close and interactive relationship between business and IT strategy processes

Knowledge management applied to enterprise risk management

Risk and knowledge are two concepts and components of business management which have so far been studied almost independently. This is especially true where risk management (RM) is conceived mainly in financial terms, as for example, in the financial institutions sector. Financial institutions are affected by internal and external changes with the consequent accommodation to new business models, new regulations and new global competition that includes new big players. These changes induce financial institutions to develop different methodologies for managing risk, such as the enterprise risk management (ERM) approach, in order to adopt a holistic view of risk management and, consequently, to deal with different types of risk, levels of risk appetite, and policies in risk management. However, the methodologies for analysing risk do not explicitly include knowledge management (KM). This research examines the potential relationships between KM and two RM concepts: perceived quality of risk control and perceived value of ERM. To fulfill the objective of identifying how KM concepts can have a positive influence on some RM concepts, a literature review of KM and its processes and RM and its processes was performed. From this literature review eight hypotheses were analysed using a classification into people, process and technology variables. The data for this research was gathered from a survey applied to risk management employees in financial institutions and 121 answers were analysed. The analysis of the data was based on multivariate techniques, more specifically stepwise regression analysis. The results showed that the perceived quality of risk control is significantly associated with the variables: perceived quality of risk knowledge sharing, perceived quality of communication among people, web channel functionality, and risk management information system functionality. However, the relationships of the KM variables to the perceived value of ERM are not identified because of the low performance of the models describing these relationships. The analysis reveals important insights into the potential KM support to RM such as: the better adoption of KM people and technology actions, the better the perceived quality of risk control. Equally, the results suggest that the quality of risk control and the benefits of ERM follow different patterns given that there is no correlation between both concepts and the distinct influence of the KM variables in each concept. The ERM scenario is different from that of risk control because ERM, as an answer to RM failures and adaptation to new regulation in financial institutions, has led organizations to adopt new processes, technologies, and governance models. Thus, the search for factors influencing the perceived value of ERM implementation needs additional analysis because what is improved in RM processes individually is not having the same effect on the perceived value of ERM. Based on these model results and the literature review the basis of the ERKMAS (Enterprise Risk Knowledge Management System) is presented

An Investigation into Expectations of the Chief Information Officer's Role and Knowledge, Skills and Experience that Support It: a Dyadic IT-Business Perspective in NZ Local Government

The CIO role is changing and becoming more strategic, in fact some CIOs even have a role in formulating their organisations strategic direction based on technology innovations. Yet the research that indicates this new role for CIOs is often reporting the experience in large private sector organisations. Is the experience similar in the public sector, especially what are the role expectations of CIOs in small local authority organisations where resources are tight and IT expenditure is subject to public scrutiny? This research explored the expectation of the CIO role in the NZ local government context through the eyes of the CIOs themselves and their business colleagues. It found that, in this context, there was both an operational and strategic expectation of the CIO. While CIOs have a strategic role it is not in formulating strategy, but rather in advising potential technology solutions once strategies are formulated. The focus of the CIO's advice is "value-for-money" as much as it is "value-add", as councils deliver as set of defined services to a "captured" customer base. Operational aspects of the CIO role can take priority over the strategic aspects especially in smaller councils with limited resource where the CIO may need to assume a "hands on" role. The study used resource based theory (RBT) to identify which knowledge, skills and attributes CIOs required for each role they performed. Technology skills, general management and IT management experience are valued for the operationally focused roles while leadership, and high-level organisational and IT industry knowledge are needed for the more strategic roles. Highly developed interpersonal skills and attributes are essential for both types of role