Cybersecurity risk of interfirm cooperation: Alliance or joint venture?

Interfirm cooperation between two or more firms is undertaken to create value jointly. However, interfirm cooperation also entails risks. We focus on cybersecurity risks of interfirm cooperation. Two prominent governance modes for interfirm cooperation are: (i) non-equity alliances and (ii) equity alliances such as joint ventures (JVs). We explain why non-equity alliances are likely to increase cybersecurity risks of collaborators whereas JVs are likely to reduce them. We test these ideas in the context of hospital–physician group collaborations in the U.S. Hospital Industry during 2009-2017. The results indicate that hospitals using non-equity alliances for physician group collaborations are more likely to experience cybersecurity breaches. Hospitals that use JVs to govern physician group collaborations are less likely to experience cybersecurity breaches. We discuss the implications of these findings for IS research and practice

Impact of the Information Technology Unit on Information Technology-Embedded Product Innovation

Organizations increasingly embed IT into physical products to develop new product innovations. However, there is wide variance in the outcomes of the IT-embedded product (ITEP) innovation process. In this paper, we posit that the IT unit’s involvement in the ITEP innovation process could positively influence the outcomes. ITEP innovations become part of complex ecosystems in which they interact with their developers, customers, and other ITEPs. These developments suggest new roles for IT units of organizations. Yet, there is dearth of theory explaining how the IT unit of a firm could contribute to the firm’s development of ITEP innovations in ways to create customer value and improve firm performance. This paper seeks to address this gap. ITEP innovations present new challenges for organizations. This paper builds on complexity science to articulate the challenges and explain how the IT unit can increase an organization’s capacity to cope with them. First, the paper adopts Wheeler’s (2002) “net-enabled business innovation model” to structure the key stages of innovation that an organization goes through in developing new ITEPs. Second, the paper articulates IT-specific uncertainties and challenges entailed in each of the four stages. Third, the paper develops hypotheses explaining how the IT unit could increase the effectiveness of each stage by helping to address these uncertainties and challenges. Finally, the paper empirically tests and finds support for the hypotheses in a sample of 165 firms. The paper contributes to the literature on IT-enabled business innovations by developing and validating a new theoretical explanation of how IT units increase the effectiveness of the ITEP innovation process

Managing Information Technology under Extreme Organizational Disequilibrium: the Case of Corporate Spinoffs

This paper studies the strategic management of information technology in periods of extreme organizational disequilibrium. In such periods, critical business parameters such as industry positioning, competitive strategies, organizational structures, leadership, and business processes change significantly and simultaneously, thus disrupting the very fundamental bases for strategic IT decisions. Corporate spinoffs represent such an extreme case for spun-off businesses that have to adjust most critical business parameters in a compressed timeframe and under severe resource constraints. Based on in-depth case studies on five spun-off businesses, we found that strategic IT management in the period of extreme disequilibrium largely reflected the priority of stabilizing business operations to ensure business survival. However, when organizations take shortcuts and make inadequate anticipatory IT investments, they compromise their long-term prosperity after new equilibrium emerges. A theoretical model of strategic IT management is proposed in the context of corporate spinoffs when concluding the study

THE PERFORMANCE EFFECTS OF TRANSITIONAL IT SERVICES IN CORPORATE SPIN-OFFS

In corporate spin-offs, spun-off units pursue two major objectives: separating and restructuring their business for independent operation; and retaining business continuity and minimizing operational disruptions. In trying to balance the conflicting demands of these objectives, spun-off units often turn to “transitional IT services” provided by their parents. However, the business value of the transitional IT services is not understood well yet. In this study, we examine different impacts of transitional IT services at different stages of corporate spin-offs. Our study population covers corporate spin-offs in which spun-off units were set up as independent public firms during 1999-2009 timeframe. We find that longer transitional IT services prolong the time-to-close spinoff deals and negatively affect market valuation of the spun-off units at the first day of trading. But longer transitional IT services positively affect operating performance of the spun-off units. They also help mitigate negative effects of business restructuring on operating performance

The Role of Information Technology in Risk/Return Relations of Firms

Information Technology (IT) investments are the largest capital budgeting item in most U.S. firms. Thus, there is significant scholarly interest in understanding the relationship between IT investments and firm performance. However, findings to date remain mixed: while some studies find a positive relationship between IT investments and firm performance, others fail to find any significant relationships at all. One possible reason for this may be that most studies conceptualize and measure firm performance in terms of returns~{!*~}but ignore risk. Although risk is also an important aspect of firm performance, and there are tradeoffs between risks and returns, most IS studies have not included risk in examining the relationship between IT investments and firm performance. Focusing only on the return implications of IT ignores risk/return tradeoffs and the possibility that IT can influence the risk/return positions of firms. In this study, we build on and extend the economic theory of complementarities to explain how and why IT influences risk/return relations of firms. We discuss how the incorporation of risk into the analysis of performance effects of IT provides new insights for theory and practice

Effectiveness of Organizational Mitigations for Cybersecurity, Privacy, and IT Failure Risks of Artificial Intelligence

Emerging cybersecurity, privacy, and IT failure risks of Artificial intelligence (AI) threaten AI’s business value potential and performance of organizations that develop and use AI. Current research on mitigations for these AI risks is limited to technical and data science level mitigations. There is limited research on organizational mitigations for AI risks. We address this gap by framing organizational mitigations for AI’s cybersecurity, privacy, and IT failure risks and test their effectiveness in a sample of 498 AI algorithms. Developer organizations, which design AI, and user organizations which use AI, are able to reduce the likelihood and the impact of AI’s cybersecurity breach, privacy breach, and IT failure risks if they collaborate to jointly institute organizational mitigations over AI’s risks

Mitigating Bias in Organizational Development and Use of Artificial Intelligence

We theorize why some artificial intelligence (AI) algorithms unexpectedly treat protected classes unfairly. We hypothesize that mechanisms by which AI assumes agencies, rights, and responsibilities of its stakeholders can affect AI bias by increasing complexity and irreducible uncertainties: e.g., AI’s learning method, anthropomorphism level, stakeholder utility optimization approach, and acquisition mode (make, buy, collaborate). In a sample of 726 agentic AI, we find that unsupervised and hybrid learning methods increase the likelihood of AI bias, whereas “strict” supervised learning reduces it. Highly anthropomorphic AI increases the likelihood of AI bias. Using AI to optimize one stakeholder’s utility increases AI bias risk, whereas jointly optimizing the utilities of multiple stakeholders reduces it. User organizations that co-create AI with developer organizations instead of developing it in-house or acquiring it off-the-shelf reduce AI bias risk. The proposed theory and the findings advance our understanding of responsible development and use of agentic AI

AlphaCo: A Teaching Case on Information Technology Audit and Security

Recent regulations in the United States (U.S.) such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT) in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal control mechanisms that minimize them have become important and created an urgent need for professionals who are equipped with IT audit and security skills and knowledge. However, there is severe shortage of teaching cases that can be used in courses aimed at training such professionals. This teaching case begins to address this gap by fostering classroom discussions around IT audit and security issues. It revolves around a hacking incident that compromised online order processing systems of AlphaCo and led to some fraudulent activity. The hacking incident raises a series of questions about IT security vulnerabilities, internal control deficiencies, integrity of financial statements, and independent auditors’ assessment of fraud in the context of the Sarbanes-Oxley Act. The case places students in the roles of executives, IT managers, and auditors and encourages them to discuss several important questions: how and why did the hacking incident happen; what harm did it cause to the firm; how can the firm prevent such hacking incidents in the future; if they do happen, how can the firm detect hacking incidents and fraud sooner; how do auditors assess the impact of such incidents in the context of a financial statement audit; and whether the management and auditors have responsibility in detecting and publicly reporting fraud? The case also facilitates the teaching of relevant conceptual frameworks such as COSO (Committee of Sponsoring Organizations of the Treadway Commission) and COBIT (Control Objectives for Information and related Technology)

Information Technology Relatedness, Knowledge Management Capability, and Performance of Multibusiness Firms

Business value of IT is an enduring research question. The elusive link between IT and financial firm performance calls for further research into intermediate organizational variables through which IT may influence firm performance. This study proposes that knowledge management (KM) is a critical organizational capability through which IT influences firm performance. In the context of multibusiness firms, the study examines how the IT resources of a firm should be organized and managed to enhance the firm’s KM capability, and whether and how KM capability influences firm performance. The study develops two hypothesizes: (1) IT relatedness of the firm’s business units enhances cross-unit KM capability; (2) KM capability, in turn, leads to superior firm performance. Data from 250 Fortune1000 firms provide empirical support for these hypotheses. IT relatedness of business units enhances the cross-unit KM capability of the firm. The KM capability creates and exploits cross-unit synergies from the product, customer, and managerial knowledge resources of the firm. These synergies increase the financial performance of the firm. IT relatedness also has significant indirect effects on firm performance through the mediation of KM capability