Implications of Change Management

Date of Seminar: 2018.01.11 Supervisor: Devrim Göktepe-Hultén Key words: Change management, change process, Shape 2020, Shape & Share Purpose: The purpose of this thesis is to investigate how Cramo AB works with change management and if they succeed or not, by using Kotter’s model as an analytic tool and other theoretical perspectives of change management. Methodology: The research is conducted as a case study of explorative nature. Data was collected at two different semi-structured interviews. One for the managers at Cramo AB and another one for the employees further down in the organisational structure. Seven interviews were performed with respondents from Cramo AB’s top management group and four interviews were conducted with employees from the depots. The collected data was analysed with pattern coding. Theoretical perspectives: Previous research consists of numerous models for change management shows that it is a complex subject. This study will therefore aim to contribute to existing literature by investigating how Kotter’s eight step model for leading change and other selected theoretical perspectives can be analysed against a real case to clarify how and why a company works with changes. Empirical foundation: Cramo AB is an interesting company to investigate, since they currently are working extensively with a change program called Shape 2020. Throughout the years the company implemented many large change processes that have affected the whole organisation. However, employees express some issues today regarding the change processes. Conclusions: This study reached the conclusion that Cramo AB have both successful and failed with change processes. The success rate seems to heavily rely on how well the change and implementation has been communicated as well as how the good or bad the attitude towards change in general is. The comparison between literature and a real case also suggests that literature does not acknowledge the complexity of communication in a real case

Cybersäkerhet - Att stärka den svaga länken : En flerfallsstudie om hur formella och informella styrmedel förebygger interna cyberhot i banksektorn

Bakgrund: Banker fyller en mycket viktig funktion i samhället och har sedan digitaliseringen varit särskilt utsatta för cyberhot. Samtidigt bygger bankens verksamhet till stor del på att upprätthålla förtroendet hos sina kunder, varpå det är av stor vikt för banker att ha en hög cybersäkerhet. Framför allt kan interna cyberhot i form av mänskliga misstag konstateras vara den svaga länken i bankers säkerhetsarbete idag. Därför är det intressant att undersöka hur banker i Sverige arbetar för att öka cybersäkerheten genom formella och informella styrmedel, som kan påverka anställdas beteenden.  Syfte: Studien syftar till att bidra till ökad förståelse om hur banker styr sin verksamhet med formella och informella styrmedel för att förebygga interna cyberhot på arbetsplatsen.  Metod: Studien har ett hermeneutiskt perspektiv och är utformad enligt en kvalitativ metod. Vidare har en abduktiv ansats format uppsatsen. Syfte och frågeställningar har besvarats genom en flerfallstudie av fyra olika banker i Sverige. Det empiriska materialet har inhämtats med hjälp av intervjuer med representanter från respektive bank som arbetar med säkerhet.  Slutsats: För att förebygga interna cyberhot arbetar banker med formella styrmedel främst i form av regler, där de tar hjälp av globala standarder vid utformningen. Reglerna utformas även utifrån bankens kultur och uppdateras ofta. Vi har sett att kompetens och medvetenhet inom cybersäkerhet hos anställda är något som samtliga fallföretag värderar högt, och för att stärka kompetensen lägger bankerna stora resurser på utbildning. Att göra säkerhetstänket till en naturlig del av anställdas dagliga arbete har framför allt understrukits av respondenterna, samtidigt som arbetet med kultur till stor del görs passivt då det starka regelverket formar kulturen. Informella dialoger menas dock vara något som ökar medvetenheten och därmed stärker kulturen. Slutligen har vi identifierat att samtliga styrmedel nämnda ovan påverkar varandra, varpå det är viktigt att ha ett helhetstänk vid styrningsarbetet vad gäller cybersäkerhet. Background: Banks play an important role in society and have since the increasing digitalization been particularly exposed to cyber threats. At the same time, the bank's operations are largely based on maintaining trust of its customers, and therefore it is of great importance for banks to have a high level of cyber security. Above all, internal cyber threats in the form of human error constitute one of the greatest risks to banks' security work today. Therefore, it is interesting to investigate how banks work to mitigate internal cyber threats through formal and informal management controls.  Purpose: This study aims to contribute to an increased understanding of how banks use formal and informal management control to mitigate internal cyber threats in the workplace.  Methodology: This study adopts a hermeneutic perspective and uses qualitative method. Furthermore, an abductive approach has shaped the essay. The purpose and research questions have been answered through a multiple case study of four different banks in Sweden. The empirical material has been obtained with the help of interviews with representatives from each bank who work with security.  Conclusion: To prevent internal cyber threats, banks work with rules which global standards and the company’s culture help design. We have noted that competence and awareness in cyber security is something that is valued highly. To strengthen the competence banks invest large resources in training. Making the idea of safety a natural part of employees' daily work has above all been emphasized by, at the same time as cultural development is largely done passively as the strong regulations shape culture. Informal dialogues, however, increase awareness and thus strengthen culture. Finally, we have identified that all the management controls mentioned above affect each other. Therefore, it is important to have a holistic approach to the governance work regarding cyber security.