Managing information security risk using integrated governance risk and compliance.

This paper aims to demonstrate the building blocks of an IT Governance Risk and Compliance (IT GRC) model as well the phased stages of the optimal integration of IT GRC frameworks, standards and model through a longitudinal study. A qualitative longitudinal single case study methodology through multiple open-ended interviews were conducted over a period of four years (July 2012 to November 2015) in a retail financial institution. Our empirical study contributes to both academic research and practice in IT GRC. First, we identified the various building blocks of IT GRC domain from vertical as well as horizontal perspectives. Second, we methodologically demonstrated the gradual metamorphosis of the evolution of an IT GRC from a single ITG framework to multiple IT GRC building blocks. The journey thus throws light on the gradual staged process of attaining maturity in IT GRC by an organization. The resultant IT GRC model thus, guides managerial actions towards a better understanding of the positioning of IT GRC building blocks in an organization through the understanding of the interaction of vertical and horizontal domains. The results of the paper thus enable practitioners and academics to better understand and evaluate IT GRC implementation for effective governance, reduce risk and ensure compliance in organizations

Managing resource learning in distributed organisations with the organisational capability approach

International audienceOrganisational capability management is a recent approach; it enables global and coordinated management of resources and facilitates future synergies within extended organisations. This paper provides a state of the art of organisational capability approach and proposes a management framework. On the one hand, an overview of the theoretical principles and the practical solutions, especially methods for standardising and transferring firms' good practices, points out the limits of their sustainable functioning. On the other hand, the framework manages organisational capabilities by following the theoretical principles and overcoming identified barriers. This proposition is structured around three kinds of processes: primary (design and transfer), support (assessment and enhancement) and management (coordination and alignment)

An empirical assessment of the use of an algorithm factory for video delivery operations

Introduction: Video service providers are moving from focusing on Quality of Service (QoS) to Quality of Experience (QoE) in their video networks since the users’ demand for high-quality video content is continually growing. By focusing on QoE, video service providers can provide their subscribers with a more personalized and engaging experience, which can help increase viewer satisfaction and retention. This focus shift requires not only a more sophisticated approach to network management and new tools and technologies to measure and optimize QoE in their networks but also a novel approach to video delivery operations. Methods: This paper describes the components, interactions, and relationships of an algorithm factory for video delivery operation that assures high QoE for video streaming services. The paper also showcases the results of gradually implementing an algorithm factory in the video industry. Using a dataset from 2016 to 2022, we present the case of a European PayTV service provider that achieved improved performance measured by both objective and subjective metrics. Results: The use of an algorithm factory significantly improved the PayTV service provider’s performance. The study found a fivefold increase in the speed of critical incident resolution and a 59% reduction in the number of critical incidents, all while expanding the customer base and maintaining the same level of labor resources. The case also demonstrates a strong positive relation between the productivity measures of the PayTV operator and their survey-based quality ratings. These results underscore the importance of flawless QoS and operational excellence in delivering QoE to meet the evolving demands of viewers. Discussion: The paper adds to the existing literature on relationships between operational efficiency, innovation, and subjective quality. The paper further offers empirical evidence from the PayTV industry. The insights provided are expected to benefit both traditional and over-the-top (OTT) video service providers in their quest to stay ahead in the rapidly evolving video industry. It may also translate to other service providers in similar industries committed to supporting high-quality service delivery.</p

Data driven decision support systems as a critical success factor for IT-Governance: an application in the financial sector

IT-Governance has a major impact not only on IT management but also and foremost in the Enterprises performance and control. Business uses IT agility, flexibility and innovation to pursue its objectives and to sustain its strategy. However being it more critical to the business, compliance forces IT on the opposite way of predictability, stability and regulations. Adding the current economical environment and the fact that most of the times IT departments are considered cost centres, IT-Governance decisions become more important and critical. Current IT-Governance research and practise is mainly based on management techniques and principles, leaving a gap for the contribution of information systems to IT-Governance enhancement. This research intends to provide an answer to IT-Governance requirements using Data Driven Decision Support Systems based on dimensional models. This seems a key factor to improve the IT-Governance decision making process. To address this research opportunity we have considered IT-Governance research (Peter Weill), best practises (ITIL), Body of Knowledge (PMBOK) and frameworks (COBIT). Key IT-Governance processes (Change Management, Incident Management, Project Development and Service Desk Management) were studied and key process stakeholders were interviewed. Based on the facts gathered, dimensional models (data marts) were modelled and developed to answer to key improvement requirements on each IT-Governance process. A Unified Dimensional Model (IT-Governance Data warehouse) was materialized. To assess the Unified Dimensional Model, the model was applied in a bank in real working conditions. The resulting model implementation was them assessed against Peter Weill‘s Governance IT Principles.Assessment results revealed that the model satisfies all the IT-Governance Principles. The research project enables to conclude that the success of IT-Governance implementation may be fostered by Data Driven Decision Support Systems implemented using Unified Dimensional Model concepts and based on best practises, frameworks and body of knowledge that enable process oriented, data driven decision support

How Different Types of IS Assets Account for Synergy-Enabled Value in Multi-Unit Firms: Mapping of Critical Success Factors and Key Performance Indicators

Rooted in a longstanding tradition, research and practice strives to determine how to derive business value from IT investments. This applies particularly to the neglected research area of multi-unit firms, where there is still a high potential to enhance IT synergies. Our study addresses important research gaps in IT business value research. First, we investigate how different of types of IS assets, i.e., infrastructural, transactional, and strategic IS, account for cross-unit synergies to create business value. Second, we map critical success factors and key performance indicators of this value creation process in order to open the “grey box” in IT business value research. An explorative multiple-case study methodology with five case sites is applied. Our results reveal that these different types of IS assets account for a different degree of cost and value synergies, support diverse critical success factors, and require distinct measurement approaches in the form of KPIs

ITIL Service Management Model for E-learning

ITIL is one of the powerful approach to IT service management for any industries, such as in education. ITIL could help organizations use IT to reorganize business process and achieve the target. This paper presents a service management model for virtual education or learning management system from Petra Christian University in Surabaya, Indonesia. For the construction model, evaluation of the process of the ITIL along with virtual education components, which are: technological, administrative, communicative and pedagogical are conducted. Furthermore, the role and responsibilities of the involved actors in the system was discovered, and list of activities was defined to be developed for every step in a process of the service lifecycle, which are: service strategy, service design, service transition and service operation. The proposed model shows that the ITIL components can be adapted to the requirements of the education processes in virtual educatio

Designing a Tool for Measuring IT Process Maturity in an Agile Development Context

This paper presents the design of a tool for recurring quantitative self-assessment of IT Service Management (ITSM) process maturity in an agile environment. Continual improvement of ITSM processes can be measured by performing a process maturity assessment, comparing the organization’s process performance against a best-practice reference set of processes. In this paper we report a project that has developed a quantitative measuring survey-based tool. The specific context for the research is a financial institution that has adopted agile development. This change brought on an increased need to monitor ITSM process performance, and a Design Science Research (DSR) project was launched to create an ITSM maturity assessment tool. The results show that a company-wide ITSM process maturity assessment can be established as a survey-based self-assessment, and that the aggregate scores from this self-assessment present a good indicator of the organization’s process performance, especially when complemented by a reference score. A key learning from the study is that the iterative DSR methodology made it possible to create a system that in good way measure ITSM process maturity

An analysis about the relationship between the cloud computing model and ITIL v3 2011

Cloud Computing is widely recognized as a recent computing paradigm of digital transformation in which scalable and elastic computational resources are delivered as a service through Internet technologies. Its characteristics made this business model increasingly adopted by organizations reaching business goals. Besides its benefits, some risks may impact organizations internally and, in the way they deliver their services to their clients. Therefore, it became important to understand the impacts of the Cloud model on the way companies organize their processes. The goal of this work is to investigate which are the main impacts arising from the Cloud Computing model currently impacting Information Technology Infrastructure Library framework processes. The methodology selected will be through semi-structured interviews with knowledgeable professionals to effectively collect practical information that, according to the Systematic Literature Review performed, could not be collected by the traditional literature. By analyzing the Systematic Literature Review results, several processes of this framework were affected, which may lead to a need for reframing it. Although the organization’s approach to this model must be enhanced and adapted to a new reality, the empirical insights collected from semi-structured interviews, suggest that the framework does not need to be reframed, and ITIL v3 2011 most impacted processes by the introduction of the Cloud-based model, are Change Management and Incident Management.A computação em nuvem é amplamente reconhecida como um paradigma de computação recente da transformação digital, no qual recursos computacionais escaláveis e elásticos são fornecidos como um serviço através de tecnologias na Internet. As suas características fizeram com que esse modelo de negócio fosse cada vez mais adotado por organizações que na prossecução dos seus objetivos de negócio. Além dos benefícios, também existem os riscos podem impactar as organizações internamente e na forma como entregam os seus serviços aos clientes. Portanto, tornou-se importante entender os impactos do modelo de Cloud na forma como as empresas organizam seus próprios processos e práticas. O objetivo deste trabalho é investigar quais são os principais impactos decorrentes do modelo de Cloud que impactam atualmente os processos da Information Technology Infrastructure Library. A metodologia selecionada será por meio de entrevistas semiestruturadas a profissionais capacitados para recolher informações decorrentes de experiências na prática que, de acordo com a Revisão Sistemática da Literatura realizada, não poderiam ser obtidas pela literatura tradicional. Ao analisar os resultados da Revisão Sistemática da Literatura, diversos processos desta framework foram afetados, o que pode levar à necessidade de reformulá-la. As considerações empíricas recolhidas nas entrevistas semiestruturadas, sugerem que a framework não necessita de ser reformulada e que os processos do ITIL v3 2011 mais impactados no modelo Cloud são o de Gestão de Incidentes e de Gestão da Mudança