Information systems contracts and relationships: A Spanish perspective

Despite the proliferation of academic research on information systems outsourcing, not many studies analyze the characteristics of outsourcing contracts. This research aims to provide an in-depth description of information systems outsourcing. An additional objective is to examine how these characteristics evolve over time. Finally, this study reports on the usefulness of measuring such characteristics over time to assess the maturity level of the information systems outsourcing. This study gathers the data from the responses of the information systems managers of the largest Spanish firms to a questionnaire. This longitudinal study covers 12 years of research and compares authors' previous research results with the results of this study

A Framework for Information Security Risk Management in IT Outsourcing

Qualitative researchers in business and management information systems fields often need to employ a method of inter-coder reliability to test the trustworthiness of the findings of their content analysis. A suitable method for checking the inter-coder reliability enables researchers to rigorously assess the degree of agreement among two or more independent qualitative coders. By employing this method, researchers can identify mistakes in the content analysis before the codes are used in developing and testing a theory or a measurement model and avoid any associated time, effort and financial cost. However, little guidance is available on what method of inter-coder reliability check should be used. In this paper, we present a critical analysis of these methods that are suitable for qualitative business and management IS research, and provide an example of how we employed the most rigorous method among these methods for a qualitative behavioural IS study

SEC-TOE Framework: Exploring Security Determinants in Big Data Solutions Adoption

As in any new technology adoption in organizations, big data solutions (BDS) also presents some security threat and challenges, especially due to the characteristics of big data itself - the volume, velocity and variety of data. Even though many security considerations associated to the adoption of BDS have been publicized, it remains unclear whether these publicized facts have any actual impact on the adoption of the solutions. Hence, it is the intent of this research-in-progress to examine the security determinants by focusing on the influence that various technological factors in security, organizational security view and security related environmental factors have on BDS adoption. One technology adoption framework, the TOE (technological-organizational-environmental) framework is adopted as the main conceptual research framework. This research will be conducted using a Sequential Explanatory Mixed Method approach. Quantitative method will be used for the first part of the research, specifically using an online questionnaire survey. The result of this first quantitative process will then be further explored and complemented with a case study. Results generated from both quantitative and qualitative phases will then be triangulated and a cross-study synthesis will be conducted to form the final result and discussion

The risks of outsourcing services at selected facility management companies in Cape Town

Thesis (MTech (Business Administration))--Cape Peninsula University of Technology, 2019The outsourcing of facility management services has become increasingly competitive and success now depends on companies’ ability to assess and manage risks of low employee morale, intellectual property right, legal, increased costs, unrealistic savings projections and reputational damage successfully. This paper examined outsourcing risks at selected facility management companies in Cape Town. Previous study identifies loss of control, cost and life cycle impact and time inefficiency as anecdotal evidence of outsourcing risks. In the facility management sector, the identification and management of risks have begun to shift progressively from external to internal – like resource and capability management and the strengthening of internal control mechanism. This quantitative study utilised self-administered questionnaire to collect data from 142 randomly selected respondents; employees of participating facility management companies in Cape Town. The paper found that top 6 risks ranked from the highest are information security, legal, ethics/compliance, contractual, financial and economic. The higher end of the mean scoring indicates a greater emphasis on controllable (internal) risks, with 4 out of the top 6 ranked items identified within the internal risks’ category. This research provides insight to understand outsourcing, risks of outsourcing and risk assessment techniques with emphasis on internal risk management. The examination of outsourcing risks enables companies to understand risk assessment, evaluation and mitigation requirements and categorisation for successful management of risks associated with the outsourcing of facility management services

International purchasing offices in China: a dynamic evolution model

“NOTICE: this is the author’s version of a work that was accepted for publication in International Business Review. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in International Business Review 23, 580-593. DOI: 10.1016/j.ibusrev.2013.09.006”The salience of the international purchasing office (IPO) in the management of international sourcing activities of multinational corporations (MNCs) has steadily increased, in developed and emerging economies, since the first adoption of this supply chain strategy in the 1980s. The aim of this paper is to develop an activity/role-based evolution model for IPOs, employing multiple case studies: 14 MNCs’ IPOs in China, studied by British, Italian, and Chinese scholars. Applying role theory in a global purchasing context, we identify eight routine roles and four strategic roles played by IPOs and propose that IPOs could lead an MNC's global sourcing in a geographical region. We challenge the unilinear and sequential nature of existing global sourcing process models and propose a dynamic evolution model, consisting of five stages differentiated by number, depth, and breadth of roles, in which IPOs could leapfrog some stages, re-trench (move back to lower stages) and be potentially withdrawn. Finally, we conclude that the stage of an IPO is determined by the strategic importance of China to its parent company

Uncovering the nature of the relationship between outsourcing motivations and the degree of outsourcing: An empirical study on Finnish small and medium-sized enterprises

Prior literature has identified several outsourcing motivations, such as cost reduction and access to expertise, and deciphered the influence of these variables on outsourcing decisions. In another stream of outsourcing studies, researchers have gauged the degree of outsourcing, unearthing how companies may choose to outsource a set or processes instead of the whole business function. In this article, we draw on both of these streams of outsourcing research to study the relationship between outsourcing motivations and the degree of outsourcing within a particular business function. We probe the effect of nine motivation items on outsourcing decision through an empirical study using survey data gathered from 337 small and medium-sized enterprises. We find that cost reduction, a focus on core competence and business/process improvements are all associated with a higher degree of outsourcing, but interestingly, access to expertise is negatively associated with the degree of outsourcing. This finding suggests that companies that outsource mainly to acquire external expertise outsource only a limited number of processes within a specific business function. Our main theoretical contribution lies in uncovering the dynamic nature of outsourcing motivations, meaning that as companies outsource a larger degree of their business processes, some motivation items become more accentuated and others fade in importance

ISM Approach to Model Offshore Outsourcing Risks

[EN] In an effort to achieve a competitive advantage via cost reductions and improved market responsiveness, organizations are increasingly employing offshore outsourcing as a major component of their supply chain strategies. But as evident from literature number of risks such as Political risk, Risk due to cultural differences, Compliance and regulatory risk, Opportunistic risk and Organization structural risk, which adversely affect the performance of offshore outsourcing in a supply chain network. This also leads to dissatisfaction among different stake holders. The main objective of this paper is to identify and understand the mutual interaction among various risks which affect the performance of offshore outsourcing.  To this effect, authors have identified various risks through extant review of literature.  From this information, an integrated model using interpretive structural modelling (ISM) for risks affecting offshore outsourcing is developed and the structural relationships between these risks are modeled.  Further, MICMAC analysis is done to analyze the driving power and dependency of risks which shall be helpful to managers to identify and classify important criterions and to reveal the direct and indirect effects of each criterion on offshore outsourcing. Results show that political risk and risk due to cultural differences are act as strong drivers.Kumar, S.; Sharma, RK.; Chauhan, P. (2014). ISM Approach to Model Offshore Outsourcing Risks. International Journal of Production Management and Engineering. 2(2):101-111. doi:10.4995/ijpme.2014.2096SWORD10111122Aron, R., Bandyopadhyay, S., Jayanty, S., & Pathak, P. (2007). Monitoring process quality in off-shore outsourcing: A model and findings from multi-country survey. Journal of Operations Management, 26(2), 303-321. doi:10.1016/j.jom.2007.02.014Aron, R., Clemons, E. K., & Reddi, S. (2005). Just Right Outsourcing: Understanding and Managing Risk. Journal of Management Information Systems, 22(2): 37-55.Aron, R., & Singh, J. V. (2005). Getting offshoring Right. Harvard Business Review, Dec 2005.Datta, P. P. & Roy, R. (2011). Incentive issues in performance-based outsourcing contracts in the UK defence industry: a simulation study. Production Planning & Control, 1-16, iFirst.Forte, D. (2009). State of the art security management. Computer Fraud & Security, 10: 17-18.Frank, S. J. (2005). Source Out, Risk In. IEEE Spectrum, April 2005.Lacity, M.C., Willcocks, L.P. & Rottman, J.W. (2008). Global outsourcing of back office services: lessons, trends, and enduring challenges. Strategic Outsourcing: An International Journal, 1(1): 13-34.Shekhar, S. (2008), Benchmarking knowledge gaps through role simulations for assessing outsourcing viability. Benchmarking: An International Journal, 15(3): 225-241

Global purchasing strategy and International Purchasing Offices: Evidence from case studies

“NOTICE: this is the author’s version of a work that was accepted for publication in International Journal of Production Economics. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in International Journal of Production Economics, 154, 284-298. DOI: 10.1016/j.ijpe.2013.09.007”Setting up an International Purchasing Office (IPO) is one of the key steps for firms doing global sourcing. This paper aims to explore the relationship between strategy and structure in a contemporary global purchasing context. We build a theory of IPOs, employing a case study method to address two research questions - what types of IPOs exist in China? And how may an IPO become strategic to its parent's global purchasing? We identify three types or clusters of IPOs along four dimensions: motives for sourcing from China; global purchasing strategy for China; IPO structure and IPO followership. We present a causal model and associated propositions to explain how an IPO may become more strategic for its parent company. In the model we identify that, in addition to the direct link of 'structure follows strategy', IPO followership can be an underlying construct, linking IPO structure and global purchasing strategy for China. The paper opens up new avenues for global sourcing research and provides new insights for managers on global purchasing strategy, specifically with respect to IPO organisational design and capabilities

International purchasing offices in China: roles and resource/capability requirements

This is the author accepted manuscript. The final version is available from Emerald via the DOI in this record.Purpose - The purpose of this paper is to address global sourcing organisational design through the following research questions: how do the roles performed by International Purchasing Offices (IPOs) change over time?; what are the resources/capabilities required by an IPO for an effective performance and how do they change over time?; and what are the contingent factors affecting such changes? Design/methodology/approach - The authors employed an exploratory multiple case study approach and analysed 14 Western IPOs located in China for a period between 2007 and 2012. The data were primarily collected through 34 direct, semi-structured interviews of IPO heads and sourcing managers or senior buyers. Findings - The authors identify and discuss the importance of ten roles played by IPOs and 12 required resources/capabilities. Furthermore, considering the changes that occurred to these IPOs over a five-year period (2007-2012), the authors observe three distinct evolutionary behaviours (i.e. "overall development", "selective development", and "stable configuration") and highlight three contingent factors that jointly affect these behaviours (i.e. the architectural and technological complexity of the sourced items, annual volume sourced abroad, and experience in the foreign context). Originality/value - This paper contributes to the resource-based view of the firm in a global sourcing context by highlighting the resources/capabilities required by IPOs and discussing their characteristics. Furthermore, it proposes a typology of IPO micro-organisational evolutionary behaviours. Finally, it applies contingency theory and identifies three factors that might affect the evolutionary behaviours

Information Security Requirements for B2B SaaS Providers

To gain a competitive advantage, companies are continuously more willing to collaborate with other companies and share information between them (Karlsson et al. 2015). Outsourcing is a viable option for many companies offering cost savings and improving efficiency, however, it does not come without risks to information security (Khidzir et al. 2010). Due to the current business environment of interorganisational collaboration, new threats are emerging in the space of information security. Collaborating with other companies introduces new threats by creating possibilities for non-compliant behaviour, intrusion, and exposure. (Goodman and Ramer 2014.) Therefore, organisations must now rely on partners to ensure information security is upheld on an interorganisational level (Karlsson et al. 2015). Within the field of information technology, cloud computing has grown to become one of the most dominant computing paradigms in recent years. According to some estimations, by 2024, more than 45 percent of companies’ IT spending will consist of cloud computing solutions. (Gartner, 2019.) The reason for cloud computing’s rapid increase in popularity is due to its promise of bringing down costs while delivering the same, and potentially more, functionalities as traditional information technology (Marston et al. 2011). However, information security concerns can be seen as one of the biggest challenges that the cloud computing paradigm must overcome for it to reach its full potential (Tipton et al. 2012). Therefore, in this increasingly connected and digital business environment, a fundamental challenge for companies is to meet information security requirements (Gordon et al. 2010). Organisations must adhere to both standard and organisation-specific information security guidelines to meet these requirements (Thalmann et al. 2012). Managing security in companies both providing and consuming services is no longer limited to internal services, systems, and infrastructure. Furthermore, companies providing services to other parties must also consider the requirements of their customers. (Currie et al. 2001.) I am conducting this research for a SaaS company, SoftCo, which operates in the enterprise software industry. The aim of this research was to understand what the most common information security requirements are for SaaS companies by analysing the customer questionnaires regarding information security of the subject organisation SoftCo. These findings are gathered into an artifact which includes the most important information security themes and questions from the analysed companies. This study was conducted as a qualitative study using document analysis to gather the data for identifying the information security themes. Additionally, I have evaluated the produced artifact according to the design science research method process by Peffers et al. (2007) where I compared the information security themes with the ISO/IEC 27001 standard for information security management. In this study I was able to determine 24 different information security themes that were important to customers of SoftCo and also show which of these themes were of most importance according to the questionnaires. Based on these three themes, I identified three areas of information security which were highlighted in the questionnaires: the shift of administrative control from the customer to the service provider, ensuring business continuity and protection against external threats, and concerns regarding auditability and compliance of the service provided