A Methodology to Sequence the Service Management Processes in IT Departments: Application to theTourism Industry

One of the key elements to consider in business management is the management of IT (In- formation Technology) departments by implementing processes as described in the ITIL (Information Technology Infrastructure Library) standard. This is particularly important in industries that are not directly related to ICT (Information and Communication Technologies), such as the tourism industry. In this paper, we present a methodology to sequence the implementation of the ITIL processes in any company to support its development. The methodology is based on an optimization algorithm and the information extracted from a survey. The optimal sequence is built from this information and from the information of the restrictions imposed by the company that implements the ITIL processes. We applied the methodology to a company in the tourism industry. The sequence obtained shows the need to implement operative processes (initial positions in the sequence), and afterwards strategic processes (final positions in the sequence). A comparison with other authors’ proposals shows differences in the order of processes proposed by this methodology. The main conclusion is that it is possible to use the information of companies to efficiently generate an optimal sequence of ITIL processes which enhances their management; this sequence is unique for every company that wants to implement ITIL in the tourism industry, and it is independent from the proposals of other authors who designed generic/non-optimal sequences.2021-2

Strategic Management of IT Practices in Tourism for Operation and Service Enhancement.

The information technology infrastructure library (ITIL) standard describes processes that should be implemented in Information Technology (IT) departments for proper operations management, which includes human resources management, economic management, and strategic management, among others. This should be especially considered in the business management of industries with no relation to information technologies (IT), such as tourism and hospitality companies. This work aims to present a method to establish the order of adoption of the IT management processes in companies that belong to the tourism industry. We conducted a survey to obtain the necessary data and developed a methodology that is based on an optimization procedure. This procedure generates the optimal sequence of IT tasks to adopt in a generic small company in the tourism industry. The methodology was then applied to a representative tourism company. Through the sequence obtained, it is shown that it is necessary to implement operative processes, and subsequently, strategic processes. A comparative study was developed to find the differences with other authors’ proposals. The most important result we found was the possibility of efficient use of organizations’ information to build an optimized list of IT procedures to improve their administration. The obtained list of processes is specific for each organization, and not dependent on the solutions offered by other authors who proposed a general or underoptimal list of processes.2022-2

Determining the Cost of Business Continuity Management - A Case Study of IT Service Continuity Management Activity Cost Analysis

This single organisation case study discusses the cost of business continuity management in IT services. Information technology (IT) expenses can amount to a substantial part of operational costs in a company, and IT leaders tend to aim for thorough IT cost management to meet financial targets. Thus, information security activities such as business continuity management (BCM) rank among the most important concerns for IT leaders. Despite the concerns of IT management, senior management appears to be hesitant to spend on BCM as much as IT management would hope for. Senior management may struggle with the question of how to justify spending on an activity that proves its usefulness only when a rare event occurs. The challenge for measuring costs of sociotechnical activities was the inspiration for this work – to find out whether the cost of business continuity management (BCM) could be explained better to help decision making. Two main paradigms emerged from literature – BCM activities in the context of organisational routines, and IT cost and information security cost classifications. The theoretical assumption was that the relationship between IT costs and BCM activities emulates the activity- based costing theory (ABC) – the premise of cause-and-effect relationship between activities and costs. The key question is “How to determine the cost of BCM activities in IT services?” To find out, I used comprehensive archival data set from a case company and designed a retrospective quantitative model to analyse the association between BCM activities and IT costs. By employing causal-comparative method and multiple linear regression analysis, I compared distinct groups of IT services to determine how much of the variation in IT costs could be explained by BCM activities. In addition, I measured the relative effect of each independent variable towards the total cost of BCM. As both statistical and practical significance test results were supported, several interesting results were observed between BCM activities and IT costs – namely human, technology and organisational resources, as well as IT service designs. The research presents two theoretical contributions and one empirical contribution to the theory. The first and primary contribution is the BCM activity cost model. This is the final product for the main research question of determining the cost of BCM in IT services. The second contribution is the total cost of BCM framework. This framework contributes to the broader academic discussion of information system (IS) cost taxonomies in IT services and information security. The third contribution is empirical confirmation how to observe unknown cost effects by multiple regression analysis. Learnings from this research can contribute IS researchers focused on the economic aspects of IS and IT. The research also introduces three practical contributions. The first one considers the observation of overall BCM cost effects on IT services. Although the results of a single case study cannot be generalized directly to every organization, information herein may aid companies to evaluate BCM impact on their budgets. The second practical contribution considers the challenges regarding measurement of activity costs that can be difficult to observe directly. Within the limitations of this research, nothing here suggests that the BCM activity cost model could not be productized and integrated into other cost appraisal tools in a company or applied in other IT service management areas. The last important practical contribution are the definitions of BCM activity cost variables. Confirming the cost association between theoretical and empirical BCM frameworks can help BCM professionals to promote BCM process.Tämä yhden organisaation tapaustutkimus pohtii jatkuvuudenhallinnan kustannusten osuutta tietojärjestelmäpalveluissa. Informaatioteknologian (IT) kustannukset saattavat muodostaa merkittävän osa yrityksen menoista, ja IT-johtajat pyrkivät yleensä tarkkaan kulujenhallintaan saavuttaakseen yrityksen taloudelliset tavoitteet. Siksi tietoturva-aktiiviteetit kuten jatkuvuudenhallinta (business continuity management, BCM) ovat heidän olennaisimpia huolenaiheitaan. IT-johtajien huolista huolimatta ylin johto ei yleensä ole kovin innokas panostamaan BCM:ään niin paljon kuin IT-johto toivoisi. Ylin johto saattaa tuskailla sen kanssa, miten perustella kulut toimiin, joita kaivataan vain harvinaisissa poikkeustilanteissa. Sosioteknisten kulujen mittaamisen haaste antoi inspiraation tälle tutkimukselle; tavoite oli selvittää, olisiko mahdollista selittää BCM-kustannuksia paremmin päätöksenteon tueksi. Kirjallisuudesta nousee esiin kaksi keskeistä aihepiiriä: BCM organisaation toimintatapojen kontekstissa sekä IT-ja tietoturvakulujen luokittelu. Teoreettinen oletus oli, että IT-kulujen ja BCM- toimenpiteiden suhde emuloi toimintolaskennan (activity-based costing, ABC) teoriaa – se, että toimenpiteiden ja kulujen välillä on syy-seuraussuhde. Avainkysymys on ”Miten määritellä BCM- toimenpiteiden kulut IT-palveluissa?” Tämän selvittämiseksi käytin kattavaa arkistodataa caseyhtiöstä ja kehitin retrospektiivisen kvantitatiivisen mallin analysoidakseni BCM-toimenpiteiden ja IT-kulujen suhdetta. Kausaalis-komparatiivisen metodin ja lineaarisen regressioanalyysin avulla vertailin erilaisia IT-palvelujen ryhmiä selvittääkseni missä määrin BCM-toimenpiteet voisivat selittää IT-kulujen vaihtelua. Lisäksi mittasin jokaisen muuttujan suhteellisen vaikutuksen BCM:n kokonaiskustannuksiin. Kun sekä tilastolliset että käytännölliset testitulokset huomioitiin, BCM- toimenpiteiden ja IT-kulujen suhteesta ilmeni useita kiinnostavia tuloksia: sekä inhimillisiä että teknologia- ja organisaatioresursseihin ja IT-palvelujen muotoiluun liittyviä. Tutkimus tuotti kaksi teoreettista kontribuutiota sekä yhden empiirisen todistuksen teorialle. Ensimmäinen ja olennaisin näistä on BCM-toimenpiteiden kustannusmalli. Tämä lopputuotos vastaa tutkielman avainkysymykseen BCM-kuluista IT-palveluissa. Toinen kontribuutio on BCM-kehyksen kokonaishinta. Tämä voi ruokkia laajempaa akateemista keskustelua tietojärjestelmien (information system, IS) kustannustaksonomioista IT- palveluissa ja tietoturvassa. Kolmas kontribuutio, empiirinen todistus, osoittaa epäsuorien kulujen mittaamisen olevan mahdollista regressioanalyysiä hyödyntäen. Tutkimuksen havainnoista voi olla hyötyä IS:n ja IT:n taloudellisiin aspekteihin keskittyneille IS-tutkijoille. Tutkimuksesta nousee esiin myös kolme käytännön kontribuutiota. Ensimmäinen liittyy siihen, miten BCM-kokonaiskulujen vaikutuksia IT-palveluihin seurataan. Vaikka yhden tapaustutkimuksen tuloksia ei voida yleistää, tutkimuksen havainnot voivat auttaa yrityksiä arvioimaan BCM:n vaikutuksia budjetteihinsa. Toinen käytännön kontribuutio liittyy haasteisiin siinä, kuinka mitata toimenpidekustannuksia, joita on hankala tarkkailla suoraan. Tämän tutkimuksen rajoissa ei ilmennyt mitään syytä sille, etteikö BCM-toimenpiteiden kustannusmallia voitaisi tuotteistaa ja integroida yrityksen muihin kustannusarviotyökaluihin tai etteikö sitä voisi soveltaa muille IT-palvelujen hallinnon alueille. Viimeinen merkittävä käytännön kontribuutio on BCM-toimenpiteiden kustannusmuuttujien määrittely. BCM-ammattilaiset voivat helpommin edistää BCM-prosessia, kun teoreettisten ja empiiristen BCM-kehysten kulujen vastaavuus vahvistetaan

Metodología de Implantación de Modelo de Gestión del Conocimiento Estratégico

Las Pequeñas y Medianas Empresas (PYMEs) presentan un conjunto de problemas asociados a TI, como la falta de gestión, de capacitación, la poca inversión, una operación deficiente, entre otras; así mismo se encuentran las que no logran aplicar de manera efectiva los marcos y estándares. Por ello, se ha efectuado una profunda revisión sistemática de la literatura (SLR) sobre el problema en el que se encuentran las Pequeñas y Medianas Empresas (PYMEs) en relación con la cuestión de cómo abordar el cumplimiento de las normas de la Librería de Infraestructuras de Tecnologías de la Información (ITIL). Los resultados encontrados llevaron a establecer el objetivo final de esta tesis, la construcción de un Mapa de Navegación de ITIL v3 con una interfaz amigable y fácil de entender, implementándolo a través del gestor documental de Alfresco Community. Con el fin de evitar recurrir a los exhaustivos manuales de ITIL v3 para llevar a cabo su completo estudio. La implementación ayuda a realizar la consulta y facilita el rastreo del Ciclo de Vida ITIL indicándole al usuario que procesos son los que necesita, cuáles tiene y cuáles faltarían para que su implementación de ITIL sea completa. Es conveniente destacar que el desarrollo del Mapa de Navegación de ITIL v3 y su inclusión en Alfresco Community fue pensando concretamente para las empresas PYMEs, siendo estas las que cuentan con mayores problemas al tratar de gestionar sus servicios. Pretendiendo que estos mecanismos realizados sean de gran ayuda en un futuro a las PYMEs, contando con un proceso que se adapte sus necesidades y que al mismo tiempo este apegado a las buenas prácticas de TI pudiendo gestionar sus servicios, pero sobre todo maximizando su valor y minimizando el riesgo

Embedding risk management within new product and service development of an innovation and risk management framework and supporting risk processes, for effective risk mitigation : an action research study within the Information and Communication Technology (ICT) Sector

At first glance, innovation and risk management seem like two opposing disciplines with diverse objectives. The former seeks to be flexible and encourages enhanced solutions and new ideas, while the latter can be seen as stifling such innovative thinking. Since there is a failure rate of as many as eight out of every ten products launched, it is perhaps necessary for organisations to consider applying more structured approaches to innovation, in order to better manage risks and to increase the chances of delivering improved goods and services. A risk management approach is well suited to address the challenge of failure, as it focuses not only on the negative impact of risks but also on the opportunities they present. It aligns these with the strategic objectives of the organisation to increase the chances of its success. The research objective of this study was to establish how to embed risk management within the innovation divisions of an organisation to ensure that more efficient products and services are delivered to customers. To achieve this end, action research was conducted in a large organisation operating in a high-technology environment that launches many diverse products and services and rapidly expanding service offerings to other industries. The study took four years to complete and delivered multiple interventions that successfully embedded risk management within the organisation, leading to changed behaviours and double-loop learning. Two main knowledge contributions are offered by the study. Firstly, a generic and empirically validated integrated Innovation and Risk Management Framework (IRMF) is developed and guides new product and service development by considering both best practices and risks. Secondly, a risk dashboard is designed as a design science artefact within the action research cycles, which consolidates all the knowledge that was generated during the study. This is ultimately a visual interface to support stage-gate decision making. Since the context of the study was broad, extensive and complicated, the use of mixed-method research complemented and expanded on the findings by providing another layer of support and validation. This thesis highlights the complexity of innovation and presents the need for an organising framework that will encourage innovation but is sufficiently flexible to cater for diverse needs and risks. The study delivers several other, valuable contributions regarding what, how and why incidents occur within the real-world context of new product and service development. Several generic artefacts, such as risk processes and maturity frameworks, are also developed, which can guide risk and new product and service development practitioners to deliver more efficient product and services. This study offers several novel approaches to evaluating risks and provides practical support and recommendations, addressing shortcomings of fragmented research in similar, but smaller-scale studies that have been conducted in information systems. It is the premise of this research that a much wider number of risks need to be managed as new products and services are developed, than was noted in previous studies. Effective risk management in new product and service development could lead to competitive advantage for organisations by increasing knowledge and facilitating sustainable, informed risk decision-making

An evaluation of the challenges of Multilingualism in Data Warehouse development

In this paper we discuss Business Intelligence and define what is meant by support for Multilingualism in a Business Intelligence reporting context. We identify support for Multilingualism as a challenging issue which has implications for data warehouse design and reporting performance. Data warehouses are a core component of most Business Intelligence systems and the star schema is the approach most widely used to develop data warehouses and dimensional Data Marts. We discuss the way in which Multilingualism can be supported in the Star Schema and identify that current approaches have serious limitations which include data redundancy and data manipulation, performance and maintenance issues. We propose a new approach to enable the optimal application of multilingualism in Business Intelligence. The proposed approach was found to produce satisfactory results when used in a proof-of-concept environment. Future work will include testing the approach in an enterprise environmen

Value focused assessment of cyber risks to gain benefits from security investments

Doutoramento em GestãoCom a multiplicação de dispositivos tecnológicos e com as suas complexas interacções, os ciber riscos não param de crescer. As entidades supervisoras estabelecem novos requisitos para forçar organizações a gerir os ciber riscos. Mesmo com estas crescentes ameaças e requisitos, decisões para a mitigação de ciber riscos continuam a não ser bem aceites pelas partes interessadas e os benefícios dos investimentos em segurança permanecem imperceptíveis para a gestão de topo. Esta investigação analisa o ciclo de vida da gestão de ciber risco identificando objectivos de mitigação de ciber risco, capturados de especialistas da área, prioritizando esses objectivos para criar um modelo de decisão para auxiliar gestores de risco tendo em conta vários cenários reais, desenvolvendo um conjunto de princípios de gestão de risco que possibilitam o estabelecimento de uma base para a estratégia de ciber risco aplicável e adaptável às organizações e finalmente a avaliação dos benefícios dos investimentos em segurança para mitigação dos ciber riscos seguindo uma abordagem de melhoria contínua. Duas frameworks teóricas são integradas para endereçar o ciclo de vida completo da gestão de ciber risco: o pensamento focado em valor guia o processo de decisão e a gestão de benefícios assegura que os benefícios para o negócio são realizados durante a implementação do projecto, depois de tomada a decisão para investir numa solução de segurança para mitigação do ciber risco.With the multiplication of technological devices and their multiple complex interactions, the cyber risks keep increasing. Supervision entities establish new compliance requirements to force organizations to manage cyber risks. Despite these growing threats and requirements, decisions in cyber risk minimization continue not to be accepted by stakeholders and the business benefits of security investments remain unnoticed to top management. This research analyzes the cyber risk management lifecycle by identifying cyber risk mitigation objectives captured from subject matter experts, prioritizing those objectives in a cyber risk management decision model to help risk managers in the decision process by taking into account multiple real scenarios, developing the baseline of cyber risk management principles to form a cyber risk strategy applicable and adaptable to current organizations and finally evaluating the business benefits of security investments to mitigate cyber risks in a continuous improvement approach. Two theoretical frameworks are combined to address the full cyber risk management lifecycle: value focused thinking guides the decision process and benefits management ensures that business benefits are realized during project implementation, after the decision is taken to invest in a security solution to mitigate cyber risk.info:eu-repo/semantics/publishedVersio

Development of a Procedure Reference Model for the Alignment of Non‐medical Support Service Applications in Hospitals – A Framework for Ensuring the Correct Reporting and Configuration of Key Performance Indicators

The outcome of this thesis is the systematically developed and empirically validated “Procedure Reference Model for the Alignment of Non-medical Support Service Applications in Hospitals” comprising six component models, the metamodel, two input documents and a documentation for application as integral parts. The development of the model was done based on a pragmatic philosophical grounding in a multi-methodological iterative approach, including Design Science Research (DSR) principles for the modelling actions and mixed methods principles for the empirical research. In the “Theorising” phase, a sequential mixed methods approach combining a quantitative survey with qualitative expert interviews was conducted generating the basis for the modelling. In two iterations of the “Building” phase, the modelling actions were conducted. While in the “Evaluating” phase, the model was validated in two iterations based on expert interviews and focus group discussions. The model turned out to be relevant in the context of the challenges posed by the current structural changes in healthcare and hospitals. As part of these changes, non-medical support services are increasingly seen as essential not only in contributing to a better cost-efficiency but also as service enabler for the medical services. To be able to deliver the adequate services and service levels and control them within the very complex service provision of hospitals, the managers depend on relevant key performance indicators (KPIs) in an appropriate reporting setting. In Swiss hospitals, the configuration of KPI reporting had only partially been aligned in terms of software applications and/or in terms of reporting styles. Therefore, the research aims and objectives of this thesis were to find a procedure and its significant aspects for aligning non-medical-support service applications in hospitals so that in the future, relevant key performance indicators for systematic controlling and optimization can be generated and configured as effectively and efficiently as possible including the development of a model providing the necessary information. The evaluation of the model showed that the research output was credible and contributory. For practice, it provides a systematic basis for communication between different non-medical support service application stakeholders and thus enables managers to indirectly contribute to the development of a more effective healthcare provision. For the scientific community, it contributes to the development of multi-methodological DSR approaches suitable for complex environments and for multi-disciplinary environments