The Trajectory of IT in Healthcare at HICSS: A Literature Review, Analysis, and Future Directions

Research has extensively demonstrated that healthcare industry has rapidly implemented and adopted information technology in recent years. Research in health information technology (HIT), which represents a major component of the Hawaii International Conference on System Sciences, demonstrates similar findings. In this paper, review the literature to better understand the work on HIT that researchers have conducted in HICSS from 2008 to 2017. In doing so, we identify themes, methods, technology types, research populations, context, and emerged research gaps from the reviewed literature. With much change and development in the HIT field and varying levels of adoption, this review uncovers, catalogs, and analyzes the research in HIT at HICSS in this ten-year period and provides future directions for research in the field

Blockchain Value Creation Logics and Financial Returns

With its complexities and portfolio-nature, the advent of blockchain technology presents several use cases to stakeholders for business value appropriation and financial gains. This 3-essay dissertation focuses on three exemplars and research approaches to understanding the value creation logics of blockchain technology for financial gains. The first essay is a conceptual piece that explores five main affordances of blockchain technology and how these can be actualized and assimilated for business value. Based on the analysis of literature findings, an Affordance-Experimentation-Actualization-Assimilation (AEAA) model is proposed. The model suggests five affordance-to-assimilation value chains and eight value interdependencies that firms can leverage to optimize their value creation and capture during blockchain technology implementation. The second essay empirically examines the financial returns of public firms\u27 blockchain adoption investments at the level of the three main blockchain archetypes (private-permissioned, public-permissioned and permissionless. Drawing upon Fichman\u27s model of the option value of innovative IT platform investments, the study examines business value creation through firm blockchain strategy (i.e., archetype instances, decentralization, and complementarity), learning (i.e., blockchain patents and event participation), and bandwagon effects using quarterly data of firm archetype investments from 2015 to 2020. The study\u27s propensity score matching utilization and fixed-effects modeling provide objective quantification of how blockchain adoption leads to increases in firm value (performance measured by Tobin\u27s q) at the archetype level (permissionless, public permissioned, and private permissioned). Surprisingly, a more decentralized archetype and a second different archetype implementation are associated with a lower Tobin\u27s q. In addition, IT-option proxy parameters such as blockchain patent originality, participation in blockchain events, and network externality positively impact firm performance, whereas the effect of blockchain patents is negative. As the foremost and more established use case of blockchain technology whose business value is accessed in either of the five affordances and exemplifies a permissionless archetype for financial gains, bitcoin cryptocurrency behavior is studied through the lens of opinion leaders on Twitter. The third essay this relationship understands the hourly price returns and volatility shocks that sentiments from opinion leaders generate and vice-versa. With a dynamic opinion leader identification strategy, lexicon and rule-based sentiment analytics, I extract sentiments of the top ten per cent bitcoin opinion leaders\u27 tweets. Controlling for various economic indices and contextual factors, the study estimates a vector autoregression model (VAR) and finds that finds that Bitcoin return granger cause Polarity but the influence of sentiment subjectivity is marginal and only stronger on bitcoin price volatility. Several key implications for blockchain practitioners and financial stakeholders and suggestions for future research are discussed

Modeling a systems-based framework for effective IT auditing and assurance for less regulatory environments

Information Technology (IT) has become indispensable in contemporary business processes and in business value creation strategies. Those charged with governance, risk management and compliance are, often, challenged by sophisticated IT oriented decision-making dilemmas due to complex IT use in contemporary business processes. Investors and other stakeholders increasingly expect very rich, reliable and transparent assurance that their interests are safe. Auditors, as a result, are looked upon to expand their role to leverage the functions of those charged with governance and management. IT audit literature, hence, demonstrates existence of several best practices aimed at meeting the increasing demand for more audit and assurance outcomes that bridge the widening audit expectations gaps. In developing countries with less stringent regulatory systems, however, attempts to implement many of these frameworks have proved unsuccessful. Reasons include paucity of guidance in the frameworks and lack of suitable theoretical foundations to resort to for solutions to implementation challenges. Extant literature review reveals scanty research effort by practitioners or academicians in the field in the empirical situation to design a more suitable framework to serve as intervention. In this research an attempt has been made to create an intervention by designing a framework, i.e. an artefact for IT auditing for less regulated business environments. By adductive inference the cybernetics theory of viable systems approach was ingrained as the theoretical foundation from which the variables for the design were extracted. The abduction was based on the diagnostic power and ability to support self-regulation in a less regulatory environment. Action design research (ADR) approach was employed to achieve the research objective. Both qualitative and quantitative techniques were found to be useful for the evaluation and data analysis. At the design phase, a multiple case study method together with workshops were employed to gain insight into the problem and to collect data to support the design process. Four organisations from both public and private sectors in Ghana were selected to participate in the research. At the evaluation stage a survey technique was used to collect data mainly for the validation of construct variables and the refinement of the framework. The questionnaire scale used was 1=Strongly Disagree; 2=Disagree; 3=Somewhat Agree; 4=Agree and 5=Strongly Agree. A total of 136 respondents who included IT audit and Internal audit practitioners, Audit trainees and students, Directors and management staff were involved from four selected organisations. A factor analysis yielded twenty variables extracted from the ingrained theory for the building of a conceptual model which were grouped into six factors or domains. The entire conceptual model was tested with PLS-SEM technique because of the causal relationships that motivated the development of the conceptual hypotheses. A composite reliability used to assess the internal consistency of the model was overall adequate with values greater than 0.7. Similarly, a convergent validity of the model showed that all the variables were above the threshold value of 0.5. Thus, the model and design theory were found to be reliable and valid. Correlation and regression analysis was applied in testing individual hypotheses and the results helped to reorganise the final framework. The study contributed an artefact in the field of IT audit which represents a comprehensive teachable practitioner’s guide for the improvement of the IT audit practice. The framework also serves as guidance to those charged with governance and management in monitoring, self-review and as framework to attain IT audit readiness in less regulatory environments. Implementation challenges are expected to be resolved by reverting to the ingrained theory

The impact of information systems auditor’s training on the quality of an information systems audit

Abstract: The significance of information technology (IT) audits in organisations is an area that has received increased focus, and it is increasingly necessary to conduct additional research into the IT audit subject area. As a result of increased dependence and spending on IT, it has effectively become a requirement for organisations to increase their level of assurance about these investments and their ability to deliver as expected. IT audits fulfil this role, and are used to examine the effectiveness of controls, security of important systems and business operations to identify weaknesses and find ways that can be used to improve and mitigate the impact of these weaknesses. However, prior research has not measured the impact that training of auditors has on the quality of IT audits. The findings of this study show that organisations play an integral role in the training programs. However, these organisations do not understand their training programs and cannot properly communicate the training requirements to IT auditors. The research findings have also shown that continuous professional development programs are additional tools in enhancing IT auditor knowledge. This research undertaking has found that generally, internal programs are more effective in delivering content to IT auditors and thus more emphasis can be put on them. Overall, this research undertaking strengthens the idea that resources should be committed to improving training programs, as improving training programs eventually leads to efficiency in all matters related to IT audit quality.M.Com. (Computer Auditing

Regulating secure software development : analysing the potential regulatory solutions for the lack of security in software

The security of our informational infra­structure is still relatively poor. Huge investments have been made and even the regulators have taken information security seriously. Majority of current efforts both at the operational and the regulatory level, however, address only symptoms of an underlying problem: the insecurity of the software products - the salient components of most information and software systems. Secure software development has gained momentum during the past couple of years and improvements have been made. By analysing the incentives for secure software development, it is argued in this study that without appropriate regulatory intervention the level of security will not improve to meet the needs of the network society as a whole. Beside information security in general, secure software development has to be raised as an important public policy if we wish to achieve a more secure network society and to maintain trust for information products and systems in commerce. Efficacious regulatory measures are desperately needed to change the current practices. This study analyses two of the most attractive alternatives, software product liability and disclosure of vulnerability information, and makes suggestions for their improvement

A strategy towards implementing standardised data structures in municipal information systems

The regulation pertaining to a Standard Chart of Accounts (SCOA) for Municipalities was published in 2014 and is applicable to all 257 municipalities and municipal entities in South Africa. The regulation represents a data classification framework or structure and affects all financial management and internal control systems (FMICS) used by municipalities and municipal entities, and affects key business processes within these organisations. Compliance with the SCOA regulation means that the full municipal accountability cycle should accommodate all seven of the SCOA segments, from the budget through transacting and reporting at the transaction level, with all seven of the segments being embedded in the master data table of the municipal FMICS. While the change to technology and systems may be self-evident, the related business change should not be underestimated. This information technology (IT) driven organisational change across the whole municipal environment represents the research topic and key objective of this research study, namely, a strategy towards implementing standard data structures in municipal IT systems. The study followed a pragmatic philosophy using diagnostic reasoning based on an inductive approach, multiple action research methods and a descriptive case study to derive the proposed implementation strategy. The research subjects, which included 25 pilot municipalities, were studied for the duration of the pilot implementation of the strategy with the objective of identifying and utilising the lessons learnt from their experience to fast track the rollout of the strategy to non-pilot municipalities. The study was limited to the local government environment and to South Africa as a geographic area and involved an accidental sample aligned to the implementation project under investigation. The proposed implementation strategy was, however, of a generic nature and is therefore applicable to any other institution or environment engaged in a similar implementation project. The main contribution of the study is an implementation strategy for standard data structures in municipal financial information systems and which consists of seven diagnostics, 17 guiding policies and 48 coherent actions. The strategy was developed and refined during six cycles of data collection, which were conducted at 25 municipalities actively involved in implementing of the standard data structures. The secondary contributions of the research study include three conference papers and one submission to an academic journal

An Innovation-driven IT Governance Framework for Benefits Realisation and its Application to Public Sector

Information and communication technology (ICT or IT) provides benefits to an organisation. However, a large number of IT projects fail. The research literature shows extant governance frameworks are not adequately protecting against project failures and are not as effective on many of these IT projects as they should be. This thesis developed a new IT governance framework using an agile benefit management approach, aimed to achieve benefits realisation for any scale of IT projects, particularly for projects in the public sector such as Defence. The framework objectively targets digital transformation and technological agility, however, is shown in the thesis to assist in other enterprise challenges with IT acquisition and through-life management, such as cyber-resilience. The framework is based on many theories, principles, and practices, such as: Transaction Cost Economics Theory, Prospect Theory (Decision-Making Under Uncertainty), Reference Class Forecasting, Stratification and the Incremental Enlargement Principle and Fuzzy Logic. The framework is shown to be effective primarily through better informed decision-making. Benefits realisation is critical for information technology project success. The framework provides a systematic methodology on how to define economic benefit, technical benefit, and strategic benefit. It provides benefit realisation measures through fuzzy inference system, and it provides decision support based on the benefit performance measures and dis-benefit risk management. When compared to industry-based frameworks for IT acquisition and sustainment this new framework is unique because it includes all internal and external stakeholders such as users, providers, industry, and academia to continuously collaborate for innovating, iterating, and evaluating technology for realisation of benefits to achieve the organisational goals and objectives. The proof of concept has been conducted through a detailed case study in the Defence public sector, and several critiques of IT reform in other public sector applications where difficulties are occurring. Organisations will be able to use this framework for a more rapid and assured uptake of emerging technologies of the Fourth Industrial Revolution into their technology stack. Examples of some of these emerging technologies are AI, machine learning, geo-spatial, block chain, cognitive and brain computing, cloud computing, data echo system, and cybersecurity

The development of IT identity due to social media use : antecedents and impact on computer-based office work during COVID-19 pandemic

IT identity is a relatively new concept in the area of Management Information Systems (MIS). Its importance has become increasingly pronounced as identity is one of the predictors of human behavior. At the same time, understanding the behavior of individuals when using information technology (IT) in the workplace represents the link between technology investments and increased performance through IT. In this respect, one of the most used communication technologies recently, social media, allows individuals to extensively experience different facets of their identities. The overall objective of this thesis is to understand the development of IT identity due to social media use and assess its impact on computer-based office work during the COVID-19 pandemic. Three specific objectives were defined for this purpose. Thus, the thesis is structured in three papers that sought to respond to each of the specific objectives, which are: (i) identify the possible antecedents of the development of IT identity due to social media use, (ii) the connection between them and the three reflective dimensions that constitute the identity of IT and, finally, (iii) the impact of IT identity due to the use of social media in the organizational scope. The first paper is a theoretical study and proposes the adaptation and expansion of Carter's original theoretical model (2012) from the theoretical instances related to this technology and that can influence the development of IT identity due to social media use. As a result, a conceptual model was developed. Ten propositions related to the concepts derived from the literature and inserted in three main instances of IT identity development were presented due to the use of social media. The empirical investigation of the relationship between the antecedents of the model proposed in the first paper and the three dimensions of IT identity began in the second article of the thesis. For this purpose, a netnography was proposed and executed between 2019 and 2021. One of the paper's findings indicated that the frequency of use of WhatsApp can lead to precipitation of the most strongly polarized behavior and that one of the reflective dimensions of IT identity, relatedness with WhatsApp, can play a preponderant role in the precipitation of such behavior. From this result, in paper 3, a quantitative and exploratory study, based on duality theory, sought to develop and test hypotheses about how IT identity concerning social media can benefit, but at the same time bring negative consequences for computer-based office workers in the current period of the COVID-19 pandemic. For this, a model was proposed showing the relationship between the dimensions of IT identity and four facets of the so-called New Ways of Working. Among the study's findings, it was verified that IT identity in relation to social media platforms could be a positive factor in preserving the cohesion of employees professional identity since feelings of affinity and emotional energy in relation to these technologies favored access to organizational knowledge and colleagues when working remotely. This thesis can contribute to expanding Carter's (2012) model to contemplate a class of IT as social media is constituted (paper 1). In turn, the expansion of the original model can potentially contribute to broadening the understanding of this technology's role in fostering polarized behavior in the use of WhatsApp, one of the most used social media these times(paper 2). Finally, in the third paper, the indication that the frequency of WhatsApp use may be associated with a strong IT identity about this technology (verified in paper 2) led to the proposition of a model to empirically test how the three dimensions of IT Identity in relation to the use of social media, directly and indirectly, influence the aspects of new ways of working for workers using computer devices to perform their duties. Emotional energy in relation to social media (i.e., prolonged feelings of confidence, enthusiasm, and energy toward social media) is positively related to superior performance when individuals direct it to their work use, allowing them to better handle the work-life conflict. The thesis presents limitations regarding its ability to inferences that were addressed in each of the papers. Similarly, suggestions for future research were presented in each paper. Finally, the conclusion chapter presents the integration of the thesis papers to form the complete study, the overview of research objectives, the main results, contributions to academia and practice, its limitations, and suggestions for future research.A identidade de TI é um conceito relativamente novo na área de Gestão de Sistemas de Informação (GSI). A sua importância tem se tornado cada vez mais acentuada na medida que a identidade é um dos preditores do comportamento humano. Paralelamente, a compreensão do comportamento dos indivíduos ao utilizar a tecnologia da informação (TI) no ambiente de trabalho representa o elo entre os investimentos em tecnologia e o aumento do desempenho por meio da TI. Sob esse aspecto, uma das tecnologias de comunicação mais usadas em tempos atuais, as mídias sociais, permitem de forma extensiva que os indivíduos experimentem diferentes facetas das suas identidades. O objetivo geral dessa tese é compreender o desenvolvimento da identidade de TI devido ao uso de mídias sociais e avaliar o seu impacto para os trabalhadores de escritório que utilizam dispositivos computacionais para executar suas funções de trabalho durante o período da pandemia de COVID-19. Para isso foram definidos três objetivos específicos. Sendo assim, a tese está estruturada em três artigos que buscam responder a cada um dos objetivos específicos, quais são: (i) identificar os possíveis antecedentes do desenvolvimento da identidade de TI devido ao uso de mídias sociais, (ii) a conexão entre eles e as três dimensões reflexivas que constituem a identidade de TI e, por fim, (iii) o impacto da identidade de TI devido ao uso de mídias sociais no âmbito organizacional. O primeiro artigo, de natureza teórica, propõe a adaptação e expansão do modelo teórico original de Carter (2012) a partir das instâncias teóricas aderentes ao uso e que influenciam o desenvolvimento da identidade de TI pelo uso de mídias sociais. Como resultado, foi desenvolvido um modelo conceitual em que foram apresentadas dez proposições interrelacionando os conceitos derivados da literatura e inseridos em três instâncias principais de desenvolvimento da identidade de TI devido ao uso de mídias sociais. A investigação empírica da relação entre os antecedentes do modelo proposto no artigo 1 e as três dimensões da identidade de TI iniciou-se na sequência no segundo artigo da tese. Para isso foi proposta uma netnografia que foi executada entre 2019 e 2021. Um dos achados do artigo indicou que a frequência de uso do WhatsApp pode levar a precipitação do comportamento mais fortemente polarizado e que uma das dimensões reflexivas da identidade de TI, a afinidade com o WhatsApp, pode desempenhar um papel preponderante na precipitação de tal comportamento. A partir desse resultado, no artigo 3, de natureza quantitativa e exploratória, tendo como base a teoria da dualidade, buscou-se desenvolver e testar hipóteses sobre como a identidade de TI em relação às mídias sociais pode beneficiar, mas ao mesmo tempo trazer consequências negativas para os trabalhadores de escritório que usam principalmente dispositivos computacionais para cumprir suas tarefas no atual período da pandemia de COVID-19. Para isso, foi proposto um modelo apresentando a relação entre as dimensões da identidade de TI e quatro facetas das chamadas Novas Formas de Trabalho. Entre os achados deste estudo, foi verificado que a identidade de TI em relação às plataformas de mídias sociais pode ser um fator positivo na preservação da coesão da identidade profissional dos colaboradores, uma vez que sentimentos de afinidade e energia emocional em relação a essas tecnologias favoreceram o acesso ao conhecimento organizacional e aos colegas ao trabalhar remotamente. Destacam-se como contribuições dessa tese a expansão do modelo de Carter (2012) para contemplar uma classe de TIs como são constituídas as mídias sociais (artigo 1). Por sua vez, a expansão do modelo original contribuiu para ampliar a compreensão do papel dessa tecnologia em fomentar o comportamento polarizado no uso do WhatsApp, uma das mídias sociais mais utilizadas em tempos atuais (artigo 2). Finalmente, no terceiro artigo a indicação de que a frequência de uso no WhatsApp pode estar associada a uma forte identidade de TI em relação a essa tecnologia (verificada no artigo 2), levou a proposição de um modelo para testar empiricamente de que forma as três dimensões da IT Identity em relação ao uso de mídias sociais influenciam direta e indiretamente os aspectos das novas formas de trabalho para os trabalhadores que utilizam dispositivos computacionais para desempenhar suas funções. A energia emocional em relação às mídias sociais (ou seja, sentimentos prolongados de confiança, entusiasmo e energia em relação às mídias sociais) está positivamente relacionada a um desempenho superior quando os indivíduos a direcionam para o seu uso do trabalho, permitindo-lhes também lidar melhor com os conflitos entre a vida profissional e a vida profissional. A tese apresenta limitações quanto a sua capacidade de inferências que foram endereçadas em cada um dos artigos. Da mesma forma, sugestões de pesquisas futuras foram apresentadas em cada artigo. Por fim, o capítulo de conclusão apresenta a integração dos artigos da tese para a formação do estudo completa, a retomada dos objetivos de pesquisa, os principais resultados, contribuições para a academia e para a prática, suas limitações e sugestões para pesquisas futuras

A Confluence of Risks: Control and Compliance in the World of Unstructured Data, Big Data and the Cloud

The emergence of powerful new technologies, the existence of large quantities of data, and increasing demands for the extraction of added value from these technologies and data have created a number of significant challenges for those charged with both corporate and information technology management. The possibilities are great, the expectations high, and the risks significant. Organisations seeking to employ cloud technologies and exploit the value of the data to which they have access, be this in the form of "Big Data" available from different external sources or data held within the organisation, in structured or unstructured formats, need to understand the risks involved in such activities. Data owners have responsibilities towards the subjects of the data and must also, frequently, demonstrate that they are in compliance with current standards, laws and regulations. This thesis sets out to explore the nature of the technologies that organisations might utilise, identify the most pertinent constraints and risks, and propose a framework for the management of data from discovery to external hosting that will allow the most significant risks to be managed through the definition, implementation, and performance of appropriate internal control activities