Cumberlands Enterprise Risk at Nationstate Insurance Case Study Discussion

User Generated

mnpxfnyyl

Computer Science

University of the Cumberlands

Description

Case Study: Answer question given after and based on each discussions. page no: 156-159 and 160-164

Find the attached textbook. and sample assignment.

APA format. NO plagiarism.



Unformatted Attachment Preview

Running Head: THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS The Scientific Method Applied To Digital Forensics by student name Professor D. Barrett University Course Todays date 1 THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 2 Abstract Computer forensics is the process of digital investigation combining technology, the science of discovery and the methodical application of legal procedures. Judges and jurors often do not understand the inner workings of computers and rely on digital forensics experts to seek evidence and provide reliable, irrefutable testimony based on their findings. The scientific method is the process of diligent, disciplined discovery where a hypothesis is formed without bias, and analysis and testing is performed with the goal of effectively proving or disproving a sound hypothesis. When investigative teams do not follow standard investigative procedures it can lead to inappropriate and inaccurate evidentiary presentations that are extremely difficult for non-technical participants to refute. The practitioners of digital forensics can make strides to measure and improve the accuracy of their findings using the scientific method. This paper includes a summary of the scientific method as applied to the emerging and growing field of digital forensics and presents details of a specific case where both the prosecution and defense would have benefitted greatly from the use of this proven method of discovery and analysis. Findings can only be deemed reasonably conclusive when the scientific process is correctly applied to an investigation, findings are repeatable and verifiable, and where both the evidence collected and the tools used are subject to the utmost scrutiny. THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 3 The Scientific Method Applied To Digital Forensics The forensic analyst and investigator must use a unique combination of technical, investigative, and scientific skills when approaching a forensic case. Most adults remember the Scientific Method from their middle school science class as a set of six steps beginning with stating a problem, gathering information, forming a hypothesis, testing the hypothesis, analyzing the data and drawing conclusions that either support or do not support the hypothesis. Peisert, Bishop, & Marzullo (2008) note that the term computer forensics has evolved to mean “scientific tests of techniques used with the detection of crime” yet note that many academic computer scientists also use the term to refer to the “process of logging, collecting, auditing or analyzing data in a post hoc investigation”. The necessity to maintain chain of custody requires methodical and detailed procedures, as does the formulation of a legitimate and unbiased hypothesis and conclusion using the scientific method. Since many judges and jurors assume that computer forensic evidence is as “reliable and conclusive” as it is depicted on television, the legal system is unaware of the volatile nature of computer forensics investigations and the significance of a scientific approach to evidence gathering and analysis (Peisert et al., 2008). The Scientific Process as Applied to Computer Forensics Peisert et al. (2008) discuss in detail the need for the use of the scientific method in forensic investigations, not only for the process of discovery and analysis of evidence, but for measuring the accuracy of the forensic tools used in an investigation. Casey (2010) agrees, and cautions that evidence must be compared to known samples so that investigators better understand the scope and context of the evidence that is discovered or presented and to better understand the output of forensic tools. Casey (2010) further elaborates that the scientific method is a powerful tool for forensic investigators who must be neutral fact finders rather than advocates for one side of a case or the other. The process of creating a hypothesis and completing experiments to prove or disprove them allows an investigator to gain a concrete understanding of the digital evidence or mere traces of evidence under analysis. Casey (2010) also notes that while there is no ethical requirement to do so and may be impractical, a thorough investigative practice would consider investigation of alternate scenarios presented by defense. Forensic examination tools can contain bugs, or behave differently with various types of data and forensic images. Casey (2010) recommends that investigators examine evidence at both the physical and logical layers since both methods can provide unique perspectives, and the physical layer may not yield deleted, corrupted or hidden THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 4 data. Suspects with limited technical experience can rename image files with different extensions not used for images, and those with more technical knowledge can use advanced steganography techniques to embed data within other data in an attempt to defy detection. The 2004 case of State of Connecticut v. Julie Amero in Norwich, Connecticut is one where the scientific method was clearly missing from both the defense and prosecution. Eckelberry, Dardick, Folkerts, Shipp, Sites, Stewart, & Stuart (2007) completed a comprehensive post-trial analysis of the evidence as provided to the defense and discovered very different evidentiary results using a structured scientific approach to their investigation. Amero was a substitute elementary teacher accused of displaying pornographic images that appeared on pop-up’s to her students from what ultimately was proven to be a spyware-infected school computer. The credibility of the legal system was compromised and the prosecution made a numerous incorrect assumptions based on results provided from inadequate forensic tools and poor investigative techniques (Eckelberry et al., 2007). The computer that Amero was using in her classroom was a Windows 98 machine running Internet Explorer 6.0.2800 and a trial version of Cheyenne AntiVirus that had not received an update in several years. The content filtering at the school had expired several months prior to the incident. The prosecution presented nonfactual statements that may easily have been misconstrued by a non-technical jury and that likely caused a guilty verdict. The false testimony made by the school IT specialist indicated that the virus protection was updated weekly when in fact they were not since computer logs and the signatures clearly showed that virus updates were no longer supported by the vendor. The updates may have been performed but against files that had no new updates for many months. The IT Manager who testified also incorrectly claimed that adware was not able to generate pornography and especially not “endless loop pornography”. This information was received as a fact by the non-technical jury and incredibly not refuted by the defense. The detective for the prosecution also stated that his testimony was based completely on the product ComputerCop which the vendor admits is incapable of determining if a website was visited purposefully or unintentionally. The forensic detective astoundingly admitted that he did not examine the computer for the presence of adware (Eckelberry et al., 2007, p. 7-10). The case against Amero was largely based on testimony stating that she deliberately visited the offensive pornographic websites and that the sites visited subsequently showed the links in red. The post-trial investigative team quickly verified that the ‘sites visited’ color setting in Internet Explorer on the suspect machine was set to “96,100,32” which is a greenish-gray color. One of the web pages that the defendant allegedly visited had an THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 5 HTML override to highlight one of the links presented in red and was not colored based on a deliberate visit to the site. According to Eckelberry et al. (2007) the page in question was not discovered in “any of the caches or Internet history files or the Internet History DAT files. The post-trial investigative team through meticulous investigation and use of the scientific method were able to present facts that were “exculpatory evidence showing that the link was never clicked on by the defendant” or any other person, and disproved most of the statements made by the forensics examiner and the witnesses for the prosecution (Eckelberry et al., 2007, p. 12-14). The prosecution testimony stated that there was no evidence of uncontrollable pop ups found on the suspect machine, however, the post-trial investigative team discovered irrefutable evidence that the page in question was loaded twenty-one times in one second using a computer forensics tool called X-Ways Trace. Eckleberry et al. (2007) detail many other instances where testimony was haphazard and discovered that a Halloween screen saver was the source of the adware that presented the continuous stream of pornographic sites. The chain of custody was also compromised in that the disk image was from a Dell PC but the defense witness saw a Gateway PC stored at the police station. The officer reportedly seized a computer but the police report contradicts this and states that only a drive was taken (Eckelberry et al., 2007, p. 14-17). The case described and investigated by Eckelberry et al. (2007) resembles a staged blunder designed as a humorous sample case for beginning forensic students to discuss. The case was however very real and even though the defendant was eventually acquitted she suffered lasting harm from the notoriety based on the initial conviction of contributing to the delinquency of minors. If the prosecution or defense had investigated the evidence using the scientific method and maintained a credible chain of custody, or at least used clear critical thinking while performing a thorough forensic investigation this case may never have gone to trial. It wasted the time and resources of judge, jury, and countless other participants in the trial and permanently damaged an innocent victim (Eckelberry et al., 2007). Conclusion The scientific method is a process that allows confidence in a hypothesis when it can be subjected to repeated identical tests. The use of the scientific method not only provides a methodical structure to a forensic investigation, it lends credibility to a case in the very nature of the steps used to document and diligently test any given hypothesis. The case independently investigated post-trial by Eckelberry et al. (2007) was performed by a team of trained experts who were well aware of the necessity of the methodical requirements and necessity of the THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS scientific method of discovery. Their findings proved that the suspect was in fact a victim of poorly maintained computers by a local Connecticut school system, that the forensic expert and witnesses who testified in the case were untrained and uninformed and used inadequate tools for the investigation. Cases such as State of Connecticut v. Julie Amero illustrate the importance of using the scientific method, and the necessity of proper training in the art and science of digital forensics. 6 THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 7 References Carrier, B. (2002, October). Open Source Digital Forensics Tools: The Legal Argument. In @ Stake Inc. Retrieved September 8, 2011, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.7899&rep=rep1&type=pdf Casey, E. (Ed.). (2010). Handbook of Digital Forensics and Investigation (Kindle ed.). Burlington, MA: Elsevier, Inc. Eckelberry, A., Dardick, G., Folkerts, J., Shipp, A., Sites, E., Stewart, J., & Stuart, R. (2007, March 21). Technical Review of the Trial Testimony of State of Connecticut vs. Julie Amero. Retrieved September 9, 2011, from http://www.sunbelt-software.com/ihs/alex/julieamerosummary.pdf Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to Computer Forensics and Investigations (4th ed.). Boston, MA: Course Technology, Cengage Learning. Peisert, S., Bishop, M., & Marzullo, K. (2008, April). Computer Forensics in Forensis. Retrieved September 8, 2011, from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.3949&rep=rep1&type=pdf IT STRATEGY: ISSUES AND PRACTICES This page intentionally left blank Third Edition IT STRATEGY: ISSUES AND PRACTICES James D. McKeen Queen’s University Heather A. Smith Queen’s University Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo Editor in Chief: Stephanie Wall Acquisitions Editor: Nicole Sam Program Manager Team Lead: Ashley Santora Program Manager: Denise Vaughn Editorial Assistant: Kaylee Rotella Executive Marketing Manager: Anne K. Fahlgren Project Manager Team Lead: Judy Leale Project Manager: Thomas Benfatti Procurement Specialist: Diane Peirano Cover Designer: Lumina Datamantics Full Service Project Management: Abinaya Rajendran at Integra Software Services, Pvt. Ltd. Cover Printer: Courier/Westford Composition: Integra Software Services, Pvt. Ltd. Printer/Binder: Courier/Westford Text Font: 10/12 Palatino LT Std Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on appropriate page within text. Copyright © 2015, 2012 and 2009 by Pearson Education, Inc., Upper Saddle River, New Jersey, 07458. Pearson Prentice Hall. All rights reserved. Printed in the United States of America. This publication is protected by Copyright and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permission(s), write to: Rights and Permissions Department. Library of Congress Cataloging-in-Publication Data McKeen, James D. IT strategy: issues and practices/James D. McKeen, Queen’s University, Heather A. Smith, Queen’s University.—Third edition. pages cm ISBN 978-0-13-354424-4 (alk. paper) ISBN 0-13-354424-9 (alk. paper) 1. Information technology—Management. I. Smith, Heather A. II. Title. HD30.2.M3987 2015 004.068—dc23 2014017950 10 9 8 7 6 5 4 3 2 1 ISBN–10: 0-13-354424-9 ISBN–13: 978-0-13-354424-4 CONTENTS Preface xiii About the Authors xxi Acknowledgments xxii Section I Delivering Value with IT 1 Chapter 1 DEVELOPING AND DELIVERING ON THE IT VALUE PROPOSITION 2 Peeling the Onion: Understanding IT Value 3 What Is IT Value? 3 Where Is IT Value? 4 Who Delivers IT Value? 5 When Is IT Value Realized? 5 The Three Components of the IT Value Proposition 6 Identification of Potential Value 7 Effective Conversion 8 Realizing Value 9 Five Principles for Delivering Value 10 Principle 1. Have a Clearly Defined Portfolio Value Management Process 11 Principle 2. Aim for Chunks of Value 11 Principle 3. Adopt a Holistic Orientation to Technology Value 11 Principle 4. Aim for Joint Ownership of Technology Initiatives 12 Principle 5. Experiment More Often 12 Conclusion 12 t References 13 Chapter 2 DEVELOPING IT STRATEGY FOR BUSINESS VALUE 15 Business and IT Strategies: Past, Present, and Future 16 Four Critical Success Factors 18 The Many Dimensions of IT Strategy 20 Toward an IT Strategy-Development Process 22 Challenges for CIOs 23 Conclusion 25 t 3FGFSFODFT 25 Chapter 3 LINKING IT TO BUSINESS METRICS 27 Business Measurement: An Overview 28 Key Business Metrics for IT 30 v vi Contents Designing Business Metrics for IT 31 Advice to Managers 35 Conclusion 36 t 3FGFSFODFT 36 Chapter 4 BUILDING A STRONG RELATIONSHIP WITH THE BUSINESS 38 The Nature of the Business–IT Relationship 39 The Foundation of a Strong Business–IT Relationship 41 Building Block #1: Competence 42 Building Block #2: Credibility 43 Building Block #3: Interpersonal Interaction 44 Building Block #4: Trust 46 Conclusion 48 t 3FGFSFODFT 48 Appendix A The Five IT Value Profiles 50 Appendix B Guidelines for Building a Strong Business–IT Relationship 51 Chapter 5 COMMUNICATING WITH BUSINESS MANAGERS 52 Communication in the Business–IT Relationship 53 What Is “Good” Communication? 54 Obstacles to Effective Communication 56 “T-Level” Communication Skills for IT Staff 58 Improving Business–IT Communication 60 Conclusion 61 t 3FGFSFODFT 61 Appendix A IT Communication Competencies 63 Chapter 6 BUILDING BETTER IT LEADERS FROM THE BOTTOM UP 64 The Changing Role of the IT Leader 65 What Makes a Good IT Leader? 67 How to Build Better IT Leaders 70 Investing in Leadership Development: Articulating the Value Proposition 73 Conclusion 74 t 3FGFSFODFT 75 MINI CASES Delivering Business Value with IT at Hefty Hardware 76 Investing in TUFS 80 IT Planning at ModMeters 82 Contents Section II IT Governance 87 Chapter 7 CREATING IT SHARED SERVICES 88 IT Shared Services: An Overview 89 IT Shared Services: Pros and Cons 92 IT Shared Services: Key Organizational Success Factors 93 Identifying Candidate Services 94 An Integrated Model of IT Shared Services 95 Recommmendations for Creating Effective IT Shared Services 96 Conclusion 99 t 3FGFSFODFT 99 Chapter 8 A MANAGEMENT FRAMEWORK FOR IT SOURCING 100 A Maturity Model for IT Functions 101 IT Sourcing Options: Theory Versus Practice 105 The “Real” Decision Criteria 109 Decision Criterion #1: Flexibility 109 Decision Criterion #2: Control 109 Decision Criterion #3: Knowledge Enhancement 110 Decision Criterion #4: Business Exigency 110 A Decision Framework for Sourcing IT Functions 111 Identify Your Core IT Functions 111 Create a “Function Sourcing” Profile 111 Evolve Full-Time IT Personnel 113 Encourage Exploration of the Whole Range of Sourcing Options 114 Combine Sourcing Options Strategically 114 A Management Framework for Successful Sourcing 115 Develop a Sourcing Strategy 115 Develop a Risk Mitigation Strategy 115 Develop a Governance Strategy 116 Understand the Cost Structures 116 Conclusion 117 t 3FGFSFODFT 117 Chapter 9 THE IT BUDGETING PROCESS 118 Key Concepts in IT Budgeting 119 The Importance of Budgets 121 The IT Planning and Budget Process 123 vii viii Contents Corporate Processes 123 IT Processes 125 Assess Actual IT Spending 126 IT Budgeting Practices That Deliver Value 127 Conclusion 128 t 3FGFSFODFT 129 Chapter 10 MANAGING IT- BASED RISK 130 A Holistic View of IT-Based Risk 131 Holistic Risk Management: A Portrait 134 Developing a Risk Management Framework 135 Improving Risk Management Capabilities 138 Conclusion 139 t 3FGFSFODFT 140 Appendix A A Selection of Risk Classification Schemes 141 Chapter 11 INFORMATION MANAGEMENT: THE NEXUS OF BUSINESS AND IT 142 Information Management: How Does IT Fit? 143 A Framework For IM 145 Stage One: Develop an IM Policy 145 Stage Two: Articulate the Operational Components 145 Stage Three: Establish Information Stewardship 146 Stage Four: Build Information Standards 147 Issues In IM 148 Culture and Behavior 148 Information Risk Management 149 Information Value 150 Privacy 150 Knowledge Management 151 The Knowing–Doing Gap 151 Getting Started in IM 151 Conclusion 153 t 3FGFSFODFT 154 Appendix A Elements of IM Operations 155 MINI CASES Building Shared Services at RR Communications 156 Enterprise Architecture at Nationstate Insurance 160 IT Investment at North American Financial 165 Contents Section III IT-Enabled Innovation 169 Chapter 12 INNOVATION WITH IT 170 The Need for Innovation: An Historical Perspective 171 The Need for Innovation Now 171 Understanding Innovation 172 The Value of Innovation 174 Innovation Essentials: Motivation, Support, and Direction 175 Challenges for IT leaders 177 Facilitating Innovation 179 Conclusion 180 t 3FGFSFODFT 181 Chapter 13 BIG DATA AND SOCIAL COMPUTING 182 The Social Media/Big Data Opportunity 183 Delivering Business Value with Big Data 185 Innovating with Big Data 189 Pulling in Two Different Directions: The Challenge for IT Managers 190 First Steps for IT Leaders 192 Conclusion 193 t 3FGFSFODFT 194 Chapter 14 IMPROVING THE CUSTOMER EXPERIENCE: AN IT PERSPECTIVE 195 Customer Experience and Business value 196 Many Dimensions of Customer Experience 197 The Role of Technology in Customer Experience 199 Customer Experience Essentials for IT 200 First Steps to Improving Customer Experience 203 Conclusion 204 t 3FGFSFODFT 204 Chapter 15 BUILDING BUSINESS INTELLIGENCE 206 Understanding Business Intelligence 207 The Need for Business Intelligence 208 The Challenge of Business Intelligence 209 The Role of IT in Business Intelligence 211 Improving Business Intelligence 213 Conclusion 216 t 3FGFSFODFT 216 ix x Contents Chapter 16 ENABLING COLLABORATION WITH IT 218 Why Collaborate? 219 Characteristics of Collaboration 222 Components of Successful Collaboration 225 The Role of IT in Collaboration 227 First Steps for Facilitating Effective Collaboration 229 Conclusion 231 t 3FGFSFODFT 232 MINI CASES Innovation at International Foods 234 Consumerization of Technology at IFG 239 CRM at Minitrex 243 Customer Service at Datatronics 246 Section IV IT Portfolio Development and Management 251 Chapter 17 APPLICATION PORTFOLIO MANAGEMENT 252 The Applications Quagmire 253 The Benefits of a Portfolio Perspective 254 Making APM Happen 256 Capability 1: Strategy and Governance 258 Capability 2: Inventory Management 262 Capability 3: Reporting and Rationalization 263 Key Lessons Learned 264 Conclusion 265 t 3FGFSFODFT 265 Appendix A Application Information 266 Chapter 18 MANAGING IT DEMAND 270 Understanding IT Demand 271 The Economics of Demand Management 273 Three Tools for Demand management 273 Key Organizational Enablers for Effective Demand Management 274 Strategic Initiative Management 275 Application Portfolio Management 276 Enterprise Architecture 276 Business–IT Partnership 277 Governance and Transparency 279 Conclusion 281 t 3FGFSFODFT 281 Contents Chapter 19 CREATING AND EVOLVING A TECHNOLOGY ROADMAP 283 What is a Technology Roadmap? 284 The Benefits of a Technology Roadmap 285 External Benefits (Effectiveness) 285 Internal Benefits (Efficiency) 286 Elements of the Technology Roadmap 286 Activity #1: Guiding Principles 287 Activity #2: Assess Current Technology 288 Activity #3: Analyze Gaps 289 Activity #4: Evaluate Technology Landscape 290 Activity #5: Describe Future Technology 291 Activity #6: Outline Migration Strategy 292 Activity #7: Establish Governance 292 Practical Steps for Developing a Technology Roadmap 294 Conclusion 295 t 3FGFSFODFT 295 Appendix A Principles to Guide a Migration Strategy 296 Chapter 20 ENHANCING DEVELOPMENT PRODUCTIVITY 297 The Problem with System Development 298 Trends in System Development 299 Obstacles to Improving System Development Productivity 302 Improving System Development Productivity: What we know that Works 304 Next Steps to Improving System Development Productivity 306 Conclusion 308 t 3FGFSFODFT 308 Chapter 21 INFORMATION DELIVERY: IT’S EVOLVING ROLE 310 Information and IT: Why Now? 311 Delivering Value Through Information 312 Effective Information Delivery 316 New Information Skills 316 New Information Roles 317 New Information Practices 317 xi xii Contents New Information Strategies 318 The Future of Information Delivery 319 Conclusion 321 t 3FGFSFODFT 322 MINI CASES Project Management at MM 324 Working Smarter at Continental Furniture International 328 Managing Technology at Genex Fuels 333 Index 336 PREFACE Today, with information technology (IT) driving constant business transformation, overwhelming organizations with information, enabling 24/7 global operations, and undermining traditional business models, the challenge for business leaders is not simply to manage IT, it is to use IT to deliver business value. Whereas until fairly recently, decisions about IT could be safely delegated to technology specialists after a business strategy had been developed, IT is now so closely integrated with business that, as one CIO explained to us, “We can no longer deliver business solutions in our company without using technology so IT and business strategy must constantly interact with each other.” What’s New in This Third Edition? r 4JY OFX DIBQUFST GPDVTJOH PO DVSSFOU DSJUJDBM JTTVFT JO *5 NBOBHFNFOU  JODMVEJOH IT shared services; big data and social computing; business intelligence; managing IT demand; improving the customer experience; and enhancing development productivity. r 5XP TJHOJGJDBOUMZ SFWJTFE DIBQUFST PO EFMJWFSJOH *5 GVODUJPOT UISPVHI EJGGFSFOU resourcing options; and innovating with IT. r 5XP OFX NJOJ DBTFT CBTFE PO SFBM DPNQBOJFT BOE SFBM *5 NBOBHFNFOU TJUVBUJPOT Working Smarter at Continental Furniture and Enterprise Architecture at Nationstate Insurance. r "SFWJTFETUSVDUVSFCBTFEPOSFBEFSGFFECBDLXJUITJYDIBQUFSTBOEUXPNJOJDBTFT from the second edition being moved to the Web site. All too often, in our efforts to prepare future executives to deal effectively with the issues of IT strategy and management, we lead them into a foreign country where they encounter a different language, different culture, and different customs. Acronyms (e.g., SOA, FTP/IP, SDLC, ITIL, ERP), buzzwords (e.g., asymmetric encryption, proxy servers, agile, enterprise service bus), and the widely adopted practice of abstraction (e.g., Is a software monitor a person, place, or thing?) present formidable “barriers to entry” to the technologically uninitiated, but more important, they obscure the importance of teaching students how to make business decisions about a key organizational resource. By taking a critical issues perspective, IT Strategy: Issues and Practices treats IT as a tool to be leveraged to save and/or make money or transform an organization—not as a study by itself. As in the first two editions of this book, this third edition combines the experiences and insights of many senior IT managers from leading-edge organizations with thorough academic research to bring important issues in IT management to life and demonstrate how IT strategy is put into action in contemporary businesses. This new edition has been designed around an enhanced set of critical real-world issues in IT management today, such as innovating with IT, working with big data and social media, xiii xiv Preface enhancing customer experience, and designing for business intelligence and introduces students to the challenges of making IT decisions that will have significant impacts on how businesses function and deliver value to stakeholders. IT Strategy: Issues and Practices focuses on how IT is changing and will continue to change organizations as we now know them. However, rather than learning concepts “free of context,” students are introduced to the complex decisions facing real organizations by means of a number of mini cases. These provide an opportunity to apply the models/theories/frameworks presented and help students integrate and assimilate this material. By the end of the book, students will have the confidence and ability to tackle the tough issues regarding IT management and strategy and a clear understanding of their importance in delivering business value. Key Features of This Book r "GPDVTPO*5management issues as opposed to technology issues r $SJUJDBM*5JTTVFTFYQMPSFEXJUIJOUIFJSPSHBOJ[BUJPOBMDPOUFYUT r 3FBEJMZBQQMJDBCMFNPEFMTBOEGSBNFXPSLTGPSJNQMFNFOUJOH*5TUSBUFHJFT r .JOJDBTFTUPBOJNBUFJTTVFTBOEGPDVTDMBTTSPPNEJTDVTTJPOTPOSFBMXPSMEEFDJsions, enabling problem-based learning r 1SPWFOTUSBUFHJFTBOECFTUQSBDUJDFTGSPNMFBEJOHFEHFPSHBOJ[BUJPOT r 6TFGVMBOEQSBDUJDBMBEWJDFBOEHVJEFMJOFTGPSEFMJWFSJOHWBMVFXJUI*5 r &YUFOTJWFUFBDIJOHOPUFTGPSBMMNJOJDBTFT A DIFFERENT APPROACH TO TEACHING IT STRATEGY The real world of IT is one of issues—critical issues—such as the following: r r r r r r r )PXEPXFLOPXJGXFBSFHFUUJOHWBMVFGSPNPVS*5JOWFTUNFOU )PXDBOXFJOOPWBUFXJUI*5 8IBUTQFDJGJD*5GVODUJPOTTIPVMEXFTFFLGSPNFYUFSOBMQSPWJEFST )PXEPXFCVJMEBO*5MFBEFSTIJQUFBNUIBUJTBUSVTUFEQBSUOFSXJUIUIFCVTJOFTT )PXEPXFFOIBODF*5DBQBCJMJUJFT 8IBUJT*5TSPMFJODSFBUJOHBOJOUFMMJHFOUCVTJOFTT )PXDBOXFCFTUUBLFBEWBOUBHFPGOFXUFDIOPMPHJFT TVDIBTCJHEBUBBOETPDJBM media, in our business? r )PXDBOXFNBOBHF*5SJTL However, the majority of management information systems (MIS) textbooks are organized by system category (e.g., supply chain, customer relationship management, enterprise resource planning), by system component (e.g., hardware, software, networks), by system function (e.g., marketing, financial, human resources), by system type (e.g., transactional, decisional, strategic), or by a combination of these. Unfortunately, such an organization does not promote an understanding of IT management in practice. IT Strategy: Issues and Practices tackles the real-world challenges of IT management. First, it explores a set of the most important issues facing IT managers today, and second, it provides a series of mini cases that present these critical IT issues within the context of real organizations. By focusing the text as well as the mini cases on today’s critical issues, the book naturally reinforces problem-based learning. Preface IT Strategy: Issues and Practices includes thirteen mini cases—each based on a real company presented anonymously.1 Mini cases are not simply abbreviated versions of standard, full-length business cases. They differ in two significant ways: 1. A horizontal perspective. Unlike standard cases that develop a single issue within an organizational setting (i.e., a “vertical” slice of organizational life), mini cases take a “horizontal” slice through a number of coexistent issues. Rather than looking for a solution to a specific problem, as in a standard case, students analyzing a mini case must first identify and prioritize the issues embedded within the case. This mimics real life in organizations where the challenge lies in “knowing where to start” as opposed to “solving a predefined problem.” 2. Highly relevant information. Mini cases are densely written. Unlike standard cases, which intermix irrelevant information, in a mini case, each sentence exists for a reason and reflects relevant information. As a result, students must analyze each case very carefully so as not to miss critical aspects of the situation. Teaching with mini cases is, thus, very different than teaching with standard cases. With mini cases, students must determine what is really going on within the organization. What first appears as a straightforward “technology” problem may in fact be a political problem or one of five other “technology” problems. Detective work is, therefore, required. The problem identification and prioritization skills needed are essential skills for future managers to learn for the simple reason that it is not possible for organizations to tackle all of their problems concurrently. Mini cases help teach these skills to students and can balance the problem-solving skills learned in other classes. Best of all, detective work is fun and promotes lively classroom discussion. To assist instructors, extensive teaching notes are available for all mini cases. Developed by the authors and based on “tried and true” in-class experience, these notes include case summaries, identify the key issues within each case, present ancillary information about the company/industry represented in the case, and offer guidelines for organizing the classroom discussion. Because of the structure of these mini cases and their embedded issues, it is common for teaching notes to exceed the length of the actual mini case! This book is most appropriate for MIS courses where the goal is to understand how IT delivers organizational value. These courses are frequently labeled “IT Strategy” or “IT Management” and are offered within undergraduate as well as MBA programs. For undergraduate juniors and seniors in business and commerce programs, this is usually the “capstone” MIS course. For MBA students, this course may be the compulsory core course in MIS, or it may be an elective course. Each chapter and mini case in this book has been thoroughly tested in a variety of undergraduate, graduate, and executive programs at Queen’s School of Business.2 1 We are unable to identify these leading-edge companies by agreements established as part of our overall research program (described later). 2 Queen’s School of Business is one of the world’s premier business schools, with a faculty team renowned for its business experience and academic credentials. The School has earned international recognition for its innovative approaches to team-based and experiential learning. In addition to its highly acclaimed MBA programs, Queen’s School of Business is also home to Canada’s most prestigious undergraduate business program and several outstanding graduate programs. As well, the School is one of the world’s largest and most respected providers of executive education. xv xvi Preface These materials have proven highly successful within all programs because we adapt how the material is presented according to the level of the students. Whereas undergraduate students “learn” about critical business issues from the book and mini cases for the first time, graduate students are able to “relate” to these same critical issues based on their previous business experience. As a result, graduate students are able to introduce personal experiences into the discussion of these critical IT issues. ORGANIZATION OF THIS BOOK One of the advantages of an issues-focused structure is that chapters can be approached in any order because they do not build on one another. Chapter order is immaterial; that is, one does not need to read the first three chapters to understand the fourth. This provides an instructor with maximum flexibility to organize a course as he or she sees fit. Thus, within different courses/programs, the order of topics can be changed to focus on different IT concepts. Furthermore, because each mini case includes multiple issues, they, too, can be used to serve different purposes. For example, the mini case “Building Shared Services at RR Communications” can be used to focus on issues of governance, organizational structure, and/or change management just as easily as shared services. The result is a rich set of instructional materials that lends itself well to a variety of pedagogical applications, particularly problem-based learning, and that clearly illustrates the reality of IT strategy in action. The book is organized into four sections, each emphasizing a key component of developing and delivering effective IT strategy: r Section I: Delivering Value with IT is designed to examine the complex ways that IT and business value are related. Over the past twenty years, researchers and practitioners have come to understand that “business value” can mean many different things when applied to IT. Chapter 1 (Developing and Delivering on the IT Value Proposition) explores these concepts in depth. Unlike the simplistic value propositions often used when implementing IT in organizations, this chapter presents “value” as a multilayered business construct that must be effectively managed at several levels if technology is to achieve the benefits expected. Chapter 2 (Developing IT Strategy for Business Value) examines the dynamic interrelationship between business and IT strategy and looks at the processes and critical success factors used by organizations to ensure that both are well aligned. Chapter 3 (Linking IT to Business Metrics) discusses new ways of measuring IT’s effectiveness that promote closer business–IT alignment and help drive greater business value. Chapter 4 (Building a Strong Relationship with the Business) examines the nature of the business–IT relationship and the characteristics of an effective relationship that delivers real value to the enterprise. Chapter 5 (Communicating with Business Managers) explores the business and interpersonal competencies that IT staff will need in order to do their jobs effectively over the next five to seven years and what companies should be doing to develop them. Finally, Chapter 6 (Building Better IT Leaders from the Bottom Up) tackles the increasing need for improved leadership skills in all IT staff and examines the expectations of the business for strategic and innovative guidance from IT. Preface In the mini cases associated with this section, the concepts of delivering value with IT are explored in a number of different ways. We see business and IT executives at Hefty Hardware grappling with conflicting priorities and perspectives and how best to work together to achieve the company’s strategy. In “Investing in TUFS,” CIO Martin Drysdale watches as all of the work his IT department has put into a major new system fails to deliver value. And the “IT Planning at ModMeters” mini case follows CIO Brian Smith’s efforts to create a strategic IT plan that will align with business strategy, keep IT running, and not increase IT’s budget. r Section II: IT Governance explores key concepts in how the IT organization is structured and managed to effectively deliver IT products and services to the organization. Chapter 7 (IT Shared Services) discusses how IT shared services should be selected, organized, managed, and governed to achieve improved organizational performance. Chapter 8 (A Management Framework for IT Sourcing) examines how organizations are choosing to source and deliver different types of IT functions and presents a framework to guide sourcing decisions. Chapter 9 (The IT Budgeting Process) describes the “evil twin” of IT strategy, discussing how budgeting mechanisms can significantly undermine effective business strategies and suggesting practices for addressing this problem while maintaining traditional fiscal accountability. Chapter 10 (Managing IT-based Risk) describes how many IT organizations have been given the responsibility of not only managing risk in their own activities (i.e., project development, operations, and delivering business strategy) but also of managing IT-based risk in all company activities (e.g., mobile computing, file sharing, and online access to information and software) and the need for a holistic framework to understand and deal with risk effectively. Chapter 11 (Information Management: The Nexus of Business and IT) describes how new organizational needs for more useful and integrated information are driving the development of business-oriented functions within IT that focus specifically on information and knowledge, as opposed to applications and data. The mini cases in this section examine the difficulties of managing complex IT issues when they intersect substantially with important business issues. In “Building Shared Services at RR Communications,” we see an IT organization in transition from a traditional divisional structure and governance model to a more centralized enterprise model, and the long-term challenges experienced by CIO Vince Patton in changing both business and IT practices, including information management and delivery, to support this new approach. In “Enterprise Architecture at Nationstate Insurance,” CIO Jane Denton endeavors to make IT more flexible and agile, while incorporating new and emerging technologies into its strategy. In “IT Investment at North American Financial,” we show the opportunities and challenges involved in prioritizing and resourcing enterprisewide IT projects and monitoring that anticipated benefits are being achieved. r Section III: IT-Enabled Innovation discusses some of the ways technology is being used to transform organizations. Chapter 12 (Innovation with IT) examines the nature and importance of innovation with IT and describes a typical innovation life cycle. Chapter 13 (Big Data and Social Computing) discusses how IT leaders are incorporating big data and social media concepts and technologies xvii xviii Preface to successfully deliver business value in new ways. Chapter 14 (Improving the Customer Experience: An IT Perspective) explores the IT function’s role in creating and improving an organization’s customer experiences and the role of technology in helping companies to understand and learn from their customers’ experiences. Chapter 15 (Building Business Intelligence) looks at the nature of business intelligence and its relationship to data, information, and knowledge and how IT can be used to build a more intelligent organization. Chapter 16 (Enabling Collaboration with IT) identifies the principal forms of collaboration used in organizations, the primary business drivers involved in them, how their business value is measured, and the roles of IT and the business in enabling collaboration. The mini cases in this section focus on the key challenges companies face in innovating with IT. “Innovation at International Foods” contrasts the need for process and control in corporate IT with the strong push to innovate with technology and the difficulties that ensue from the clash of style and culture. “Consumerization of Technology at IFG” looks at issues such as “bring your own device” (BYOD) to the workplace. In “CRM at Minitrex,” we see some of the internal technological and political conflicts that result from a strategic decision to become more customercentric. Finally, “Customer Service at Datatronics” explores the importance of presenting unified, customer-facing IT to customers. r Section IV: IT Portfolio Development and Management looks at how the IT function must transform itself to be able to deliver business value effectively in the future. Chapter 17 (Application Portfolio Management) describes the ongoing management process of categorizing, assessing, and rationalizing the IT application portfolio. Chapter 18 (Managing IT Demand) looks at the often neglected issue of demand management (as opposed to supply management), explores the root causes of the demand for IT services, and identifies a number of tools and enablers to facilitate more effective demand management. Chapter 19 (Creating and Evolving a Technology Roadmap) examines the challenges IT managers face in implementing new infrastructure, technology standards, and types of technology in their realworld business and technical environments, which is composed of a huge variety of hardware, software, applications, and other technologies, some of which date back more than thirty years. Chapter 20 (Enhancing Development Productivity) explores how system development practices are changing and how managers can create an environment to promote improved development productivity. And Chapter 21 (Information Delivery: IT’s Evolving Role) examines the fresh challenges IT faces in managing the exponential growth of data and digital assets; privacy and accountability concerns; and new demands for access to information on an anywhere, anytime basis. The mini cases associated with this section describe many of these themes embedded within real organizational contexts. “Project Management at MM” mini case shows how a top-priority, strategic project can take a wrong turn when project management skills are ineffective. “Working Smarter at Continental Furniture” mini case follows an initiative to improve the company’s analytics so it can reduce its environmental impact. And in the mini case “Managing Technology at Genex Fuels,” we see CIO Nick Devlin trying to implement enterprisewide technology for competitive advantage in an organization that has been limping along with obscure and outdated systems. Preface SUPPLEMENTARY MATERIALS Online Instructor Resource Center The following supplements are available online to adopting instructors: r r r r 1PXFS1PJOU-FDUVSF/PUFT *NBHF-JCSBSZ UFYUBSU &YUFOTJWF5FBDIJOH/PUFTGPSBMM.JOJDBTFT "EEJUJPOBMDIBQUFSTJODMVEJOH%FWFMPQJOH*51SPGFTTJPOBMJTN*54PVSDJOH.BTUFS Data Management; Developing IT Capabilities; The Identity Management Challenge; Social Computing; Managing Perceptions of IT; IT in the New World of Corporate Governance Reforms; Enhancing Customer Experiences with Technology; Creating Digital Dashboards; and Managing Electronic Communications. r "EEJUJPOBMNJOJDBTFT JODMVEJOH*5-FBEFSTIJQBU.BY5SBEF$SFBUJOHB1SPDFTT%SJWFO Organization at Ag-Credit; Information Management at Homestyle Hotels; Knowledge Management at Acme Consulting; Desktop Provisioning at CanCredit; and Leveraging IT Vendors at SleepSmart. For detailed descriptions of all of the supplements just listed, please visit http:// www.pearsonhighered.com/mckeen. CourseSmart eTextbooks Online CourseSmart is an exciting new choice for students looking to save money. As an alternative to purchasing the print textbook, students can purchase an electronic version of the same content and save up to 50 percent off the suggested list price of the print text. With a CourseSmart etextbook, students can search the text, make notes online, print out reading assignments that incorporate lecture notes, and bookmark important passages for later review. www.coursesmart.com. THE GENESIS OF THIS BOOK Since 1990 we have been meeting quarterly with a group of senior IT managers from a number of leading-edge organizations (e.g., Eli Lilly, BMO, Honda, HP, CIBC, IBM, Sears, Bell Canada, MacDonalds, and Sun Life) to identify and discuss critical IT management issues. This focus group represents a wide variety of industry sectors (e.g., retail, manufacturing, pharmaceutical, banking, telecommunications, insurance, media, food processing, government, and automotive). Originally, it was established to meet the companies’ needs for well-balanced, thoughtful, yet practical information on emerging IT management topics, about which little or no research was available. However, we soon recognized the value of this premise for our own research in the rapidly evolving field of IT management. As a result, it quickly became a full-scale research program in which we were able to use the focus group as an “early warning system” to document new IT management issues, develop case studies around them, and explore more collaborative approaches to identifying trends, challenges, and effective practices in each topic area.3 3 This now includes best practice case studies, field research in organizations, multidisciplinary qualitative and quantitative research projects, and participation in numerous CIO research consortia. xix xx Preface As we shared our materials with our business students, we realized that this issuesbased approach resonated strongly with them, and we began to incorporate more of our research into the classroom. This book is the result of our many years’ work with senior IT managers, in organizations, and with students in the classroom. Each issue in this book has been selected collaboratively by the focus group after debate and discussion. As facilitators, our job has been to keep the group’s focus on IT management issues, not technology per se. In preparation for each meeting, focus group members researched the topic within their own organization, often involving a number of members of their senior IT management team as well as subject matter experts in the process. To guide them, we provided a series of questions about the issue, although members are always free to explore it as they see fit. This approach provided both structure for the ensuing discussion and flexibility for those members whose organizations are approaching the issue in a different fashion. The focus group then met in a full-day session, where the members discussed all aspects of the issue. Many also shared corporate documents with the group. We facilitated the discussion, in particular pushing the group to achieve a common understanding of the dimensions of the issue and seeking examples, best practices, and guidelines for dealing with the challenges involved. Following each session, we wrote a report based on the discussion, incorporating relevant academic and practitioner materials where these were available. (Because some topics are “bleeding edge,” there is often little traditional IT research available on them.) Each report has three parts: 1. A description of the issue and the challenges it presents for both business and IT managers 2. Models and concepts derived from the literature to position the issue within a contextual framework 3. Near-term strategies (i.e., those that can be implemented immediately) that have proven successful within organizations for dealing with the specific issue Each chapter in this book focuses on one of these critical IT issues. We have learned over the years that the issues themselves vary little across industries and organizations, even in enterprises with unique IT strategies. However, each organization tackles the same issue somewhat differently. It is this diversity that provides the richness of insight in these chapters. Our collaborative research approach is based on our belief that when dealing with complex and leading-edge issues, “everyone has part of the solution.” Every focus group, therefore, provides us an opportunity to explore a topic from a variety of perspectives and to integrate different experiences (both successful and otherwise) so that collectively, a thorough understanding of each issue can be developed and strategies for how it can be managed most successfully can be identified. ABOUT THE AUTHORS James D. McKeen is Professor Emeritus at the Queen’s School of Business. He has been working in the IT field for many years as a practitioner, researcher, and consultant. In 2011, he was named the “IT Educator of the Year” by ComputerWorld Canada. Jim has taught at universities in the United Kingdom, France, Germany, and the United States. His research is widely published in a number of leading journals and he is the coauthor (with Heather Smith) of five books on IT management. Their most recent book—IT Strategy: Issues and Practices (2nd ed.)—was the best-selling business book in Canada (Globe and Mail, April 2012). Heather A. Smith has been named the most-published researcher on IT management issues in two successive studies (2006, 2009). A senior research associate with Queen’s University School of Business, she is the author of five books, the most recent being IT Strategy: Issues and Practices (Pearson Prentice Hall, 2012). She is also a senior research associate with the American Society for Information Management’s Advanced Practices Council. A former senior IT manager, she is codirector of the IT Management Forum and the CIO Brief, which facilitate interorganizational learning among senior IT executives. In addition, she consults and collaborates with organizations worldwide. xxi ACKNOWLEDGMENTS The work contained in this book is based on numerous meetings with many senior IT managers. We would like to acknowledge our indebtedness to the following individuals who willingly shared their insights based on their experiences “earned the hard way”: Michael Balenzano, Sergei Beliaev, Matthias Benfey, Nastaran Bisheban, Peter Borden, Eduardo Cadena, Dale Castle, Marc Collins, Diane Cope, Dan Di Salvo, Ken Dschankilic, Michael East, Nada Farah, Mark Gillard, Gary Goldsmith, Ian Graham, Keiko Gutierrez, Maureen Hall, Bruce Harding, Theresa Harrington, Tom Hopson, Heather Hutchison, Jim Irich, Zeeshan Khan, Joanne Lafreniere, Konstantine Liris, Lisa MacKay, Mark O’Gorman, Amin Panjwani, Troy Pariag, Brian Patton, Marius Podaru, Helen Restivo, Pat Sadler, A. F. Salam, Ashish Saxena, Joanne Scher, Stewart Scott, Andy Secord, Marie Shafi, Helen Shih, Trudy Sykes, Bruce Thompson, Raju Uppalapati, Len Van Greuning, Laurie Schatzberg, Ted Vincent, and Bond Wetherbe. We would also like to recognize the contribution of Queen’s School of Business to this work. The school has facilitated and supported our vision of better integrating academic research and practice and has helped make our collaborative approach to the study of IT management and strategy an effective model for interorganizational learning. James D. McKeen Kingston, Ontario Heather A. Smith School of Business June 2014 xxii SECTION I Delivering Value with IT Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Developing and Delivering on the IT Value Proposition Developing IT Strategy for Business Value Linking IT to Business Metrics Building a Strong Relationship with the Business Communicating with Business Managers Building Better IT Leaders from the Bottom Up Mini Cases ■ ■ ■ Delivering Business Value with IT at Hefty Hardware Investing in TUFS IT Planning at ModMeters CHAPTER 1 Developing and Delivering on the IT Value Proposition1 I t’s déjà vu all over again. For at least twenty years, business leaders have been trying to figure out exactly how and where IT can be of value in their organizations. And IT managers have been trying to learn how to deliver this value. When IT was used mainly as a productivity improvement tool in small areas of a business, this was a relatively straightforward process. Value was measured by reduced head counts— usually in clerical areas—and/or the ability to process more transactions per person. However, as systems grew in scope and complexity, unfortunately so did the risks. Very few companies escaped this period without making at least a few disastrous investments in systems that didn’t work or didn’t deliver the bottom-line benefits executives thought they would. Naturally, fingers were pointed at IT. With the advent of the strategic use of IT in business, it became even more difficult to isolate and deliver on the IT value proposition. It was often hard to tell if an investment had paid off. Who could say how many competitors had been deterred or how many customers had been attracted by a particular IT initiative? Many companies can tell horror stories of how they have been left with a substantial investment in new forms of technology with little to show for it. Although over the years there have been many improvements in where and how IT investments are made and good controls have been established to limit time and cost overruns, we are still not able to accurately articulate and deliver on a value proposition for IT when it comes to anything other than simple productivity improvements or cost savings. Problems in delivering IT value can lie with how a value proposition is conceived or in what is done to actually implement an idea—that is, selecting the right project and doing the project right (Cooper et al. 2000; McKeen and Smith 2003; Peslak 2012). In addition, although most firms attempt to calculate the expected payback of an IT investment before making it, few actually follow up to ensure that value has been achieved or to question what needs to be done to make sure that value will be delivered. 1 This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen. “Developing and Delivering on the IT Value Proposition.” Communications of the Association for Information Systems 11 (April 2003): 438–50. Reproduced by permission of the Association for Information Systems. 2  $IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO This chapter first looks at the nature of IT value and “peels the onion” into its different layers. Then it examines the three components of delivering IT value: value identification, conversion, and value realization. Finally, it identifies five general principles for ensuring IT value will be achieved. PEELING THE ONION: UNDERSTANDING IT VALUE Thirty years ago the IT value proposition was seen as a simple equation: Deliver the right technology to the organization, and financial benefits will follow (Cronk and Fitzgerald 1999; Marchand et al. 2000). In the early days of IT, when computers were most often used as direct substitutes for people, this equation was understandable, even if it rarely worked this simply. It was easy to compute a bottom-line benefit where “technology” dollars replaced “salary” dollars. Problems with this simplistic view quickly arose when technology came to be used as a productivity support tool and as a strategic tool. Under these conditions, managers had to decide if an IT investment was worth making if it saved people time, helped them make better decisions, or improved service. Thus, other factors, such as how well technology was used by people or how IT and business processes worked together, became important considerations in how much value was realized from an IT investment. These issues have long confounded our understanding of the IT value proposition, leading to a plethora of opinions (many negative) about how and where technology has actually contributed to business value. Stephen Roach (1989) made headlines with his macroeconomic analysis showing that IT had had absolutely no impact on productivity in the services sector. More recently, research shows that companies still have a mixed record in linking IT to organizational performance, user satisfaction, productivity, customer experience, and agility (Peslak 2012). These perceptions, plus ever-increasing IT expenditures, have meant business managers are taking a closer look at how and where IT delivers value to an organization (Ginzberg 2001; Luftman and Zadeh 2011). As they do this, they are beginning to change their understanding of the IT value proposition. Although, unfortunately, “silver bullet thinking” (i.e., plug in technology and deliver bottom-line impact) still predominates, IT value is increasingly seen as a multilayered concept, far more complex than it first appeared. This suggests that before an IT value proposition can be identified and delivered, it is essential that managers first “peel the onion” and understand more about the nature of IT value itself (see Figure 1.1). What Is IT Value? Value is defined as the worth or desirability of a thing (Cronk and Fitzgerald 1999). It is a subjective assessment. Although many believe this is not so, the value of IT depends very much on how a business and its individual managers choose to view it. Different companies and even different executives will define it quite differently. Strategic positioning, increased productivity, improved decision making, cost savings, or improved service are all ways value could be defined. Today most businesses define value broadly and loosely, not simply as a financial concept (Chakravarty et al. 2013). Ideally, it is tied to the organization’s business model because adding value with IT should enable a firm to do its business better. In the focus group (see the Preface), one company sees value 3 4 4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5 What Value will be Delivered? Where will Value be Delivered? Who will Deliver Value? When will Value be Delivered? How will Value be Delivered? FIGURE 1.1 IT Value Is a Many-Layered Concept resulting from all parts of the organization having the same processes; another defines value by return on investment (ROI); still another measures it by a composite of key performance indicators. In short, there is no single agreed-on measure of IT value. As a result, misunderstandings about the definition of value either between IT and the business or among business managers themselves can lead to feelings that value has not been delivered. Therefore, a prerequisite of any IT value proposition is that everyone involved in an IT initiative agree on what value they are trying to deliver and how they will recognize it. Where Is IT Value? Value may also vary according to where one looks for it (Davern and Kauffman 2000; Oliveira and Martins 2011). For example, value to an enterprise may not be perceived as value in a work group or by an individual. In fact, delivering value at one level in an organization may actually conflict with optimizing value at another level. Decisions about IT value are often made to optimize firm or business process value, even if they cause difficulties for business units or individuals. As one manager explained, “At the senior levels, our bottom-line drivers of value are cost savings, cash flow, customer satisfaction, and revenue. These are not always visible at the lower levels of the organization.” Failure to consider value implications at all levels can lead to a value proposition that is counterproductive and may not deliver the value that is anticipated. Many executives take a hard line with these value conflicts. However, it is far more desirable to aim for a value  $IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO that is not a win–lose proposition but is a win–win at all levels. This can leverage overall value many times over (Chan 2000; Grant and Royle 2011). Who Delivers IT Value? Increasingly, managers are realizing that it is the interaction of people, information, and technology that delivers value, not IT alone.2 Studies have confirmed that strong IT practices alone do not deliver superior performance. It is only the combination of these IT practices with an organization’s skills at managing information and people’s behaviors and beliefs that leads to real value (Birdsall 2011; Ginzberg 2001; Marchand et al. 2000). In the past, IT has borne most of the responsibility for delivering IT value. Today, however, business managers exhibit a growing willingness to share responsibility with IT to ensure value is realized from the organization’s investments in technology. Most companies now expect to have an executive sponsor for any IT initiative and some business participation in the development team. However, many IT projects still do not have the degree of support or commitment from the business that IT managers feel is necessary to deliver fully on a value proposition (Peslak 2012). When Is IT Value Realized? Value also has a time dimension. It has long been known that the benefits of technology take time to be realized (Chan 2000; Segars and Chatterjee 2010). People must be trained, organizations and processes must adapt to new ways of working, information must be compiled, and customers must realize what new products and services are being offered. Companies are often unprepared for the time it takes an investment to pay off. Typically, full payback can take between three and five years and can have at least two spikes as a business adapts to the deployment of technology. Figure 1.2 shows this “W” effect, named for the way the chart looks, for a single IT project. Initially, companies spend a considerable amount in deploying a new technology. During this twelve-to-sixteen-month period, no benefits occur. Following implementation, some value is realized as companies achieve initial efficiencies. This period lasts for about six months. However, as use increases, complexities also grow. Information overload can occur and costs increase. At this stage, many can lose faith in the initiative. This is a dangerous period. The final set of benefits can occur only by making the business simpler and applying technology, information, and people more effectively. If a business can manage to do this, it can achieve sustainable, long-term value from its IT investment (Segars and Chatterjee 2010). If it can’t, value from technology can be offset by increased complexity. Time also changes perceptions of value. Many IT managers can tell stories of how an initiative is vilified as having little or no value when first implemented, only to have people say they couldn’t imagine running the business without it a few years later. Similarly, most managers can identify projects where time has led to a clearer 2 These interactions in a structured form are known as processes. Processes are often the focus of much organizational effort in the belief that streamlining and reengineering them will deliver value. In fact, research shows that without attention to information and people, very little value is delivered (Segars and Chatterjee 2010). In addition, attention to processes in organizations often ignores the informal processes that contribute to value. 5 6 4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5 EVA 12–16 Months 16–22 Months 22–38 Months 3–5 Years Get the House in Order Harvest LowHanging Fruit Make the Business Complex Make Business Simpler Time FIGURE 1.2 The ‘W’ Effect in Delivering IT Value (Segars & Chatterjee, 2010) understanding of the potential value of a project. Unfortunately, in cases where anticipated value declines or disappears, projects don’t always get killed (Cooper et al. 2000). Clarifying and agreeing on these different layers of IT value is the first step involved in developing and delivering on the IT value proposition. All too often, this work is forgotten or given short shrift in the organization’s haste to answer this question: How will IT value be delivered? (See next section.) As a result, misunderstandings arise and technology projects do not fulfill their expected promises. It will be next to impossible to do a good job developing and delivering IT value unless and until the concepts involved in IT value are clearly understood and agreed on by both business and IT managers. THE THREE COMPONENTS OF THE IT VALUE PROPOSITION Developing and delivering an IT value proposition involves addressing three components. First, potential opportunities for adding value must be identified. Second, these opportunities must be converted into effective applications of technology. Finally, value Best Practices in Understanding IT Value r r r r r -JOL*5WBMVFEJSFDUMZUPZPVSCVTJOFTTNPEFM 3FDPHOJ[FWBMVFJTTVCKFDUJWF BOENBOBHFQFSDFQUJPOTBDDPSEJOHMZ "JNGPSBWBMVFiXJOmXJOuBDSPTTQSPDFTTFT XPSLVOJUT BOEJOEJWJEVBMT 4FFLCVTJOFTTDPNNJUNFOUUPBMM*5QSPKFDUT .BOBHFWBMVFPWFSUJNF  $IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO Identification FIGURE 1.3 Conversion Realization IT Value The Three Components of the IT Value Proposition must be realized by the organization. Together, these components comprise the fundamentals of any value proposition (see Figure 1.3). Identification of Potential Value Identifying opportunities for making IT investments has typically been a fairly informal activity in most organizations. Very few companies have a well-organized means of doing research into new technologies or strategizing about where these technologies can be used (McKeen and Smith 2010). More companies have mechanisms for identifying opportunities within business units. Sometimes a senior IT manager will be designated as a “relationship manager” for a particular unit with responsibility for working with business management to identify opportunities where IT could add value (Agarwal and Sambamurthy 2002; Peslak 2012). Many other companies, however, still leave it up to business managers to identify where they want to use IT. There is growing evidence that relegating the IT organization to a passive role in developing systems according to business instructions is unlikely to lead to high IT value. Research shows that involving IT in business planning can have a direct and positive influence on the development of successful business strategies using IT (Ginzberg 2001; Marchand et al. 2000). This suggests that organizations should establish joint business–IT mechanisms to identify and evaluate both business and technical opportunities where IT can add value. Once opportunities have been identified, companies must then make decisions about where they want to focus their dollars to achieve optimal value. Selecting the right projects for an organization always involves balancing three fundamental factors: cash, timing, and risk (Luehrman 1997). In principle, every company wants to undertake only high-return projects. In reality, project selection is based on many different factors. For example, pet or political projects or those mandated by the government or competitors are often part of a company’s IT portfolio (Carte et al. 2001). Disagreement at senior levels about which projects to undertake can arise because of a lack of a coherent and consistent mechanism for assessing project value. All organizations need some formal mechanism for prioritizing projects. Without one, it is very likely that project selection will become highly politicized and, hence, ineffective at delivering value. There are a variety of means to do this, ranging from using strictly bottom-line metrics, to comparing balanced scorecards, to adopting a formal value-assessment methodology. However, although these methods help to weed out higher cost–lower return projects, they do not constitute a foolproof means of selecting the right projects for an organization. Using strict financial selection criteria, for example, can exclude potentially highvalue strategic projects that have less well-defined returns, longer payback periods, and more risk (Cooper et al. 2000; DeSouza 2011). Similarly, it can be difficult getting 7 8 4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5 important infrastructure initiatives funded even though these may be fundamental to improving organizational capabilities (Byrd 2001). Therefore, organizations are increasingly taking a portfolio approach to project selection. This approach allocates resources and funding to different types of projects, enabling each type of opportunity to be evaluated according to different criteria (McKeen and Smith 2003; Smith and McKeen 2010). One company has identified three different classes of IT—infrastructure, common systems, and business unit applications—and funds them in different proportions. In other companies, funding for strategic initiatives is allocated in stages so their potential value can be reassessed as more information about them becomes known. Almost all companies have found it necessary to justify infrastructure initiatives differently than more business-oriented projects. In fact, some remove these types of projects from the selection process altogether and fund them with a “tax” on all other development (McKeen and Smith 2003). Other companies allocate a fixed percentage of their IT budgets to a technology renewal fund. Organizations have come a long way in formalizing where and how they choose to invest their IT dollars. Nevertheless, there is still considerable room for judgment based on solid business and technical knowledge. It is, therefore, essential that all executives involved have the ability to think strategically and systematically as well as financially about project identification and selection. Effective Conversion “Conversion” from idea/opportunity to reality has been what IT organizations have been all about since their inception. A huge amount of effort has gone into this central component of the IT value proposition. As a result, many IT organizations have become very good at developing and delivering projects on time and on budget. Excellent project management, effective execution, and reliable operations are a critical part of IT value. However, they are not, in and of themselves, sufficient to convert a good idea into value or to deliver value to an organization. Today managers and researchers are both recognizing that more is involved in effective conversion than good IT practices. Organizations can set themselves up for failure by not providing adequate and qualified resources. Many companies start more projects than they can effectively deliver with the resources they have available. Not having enough time or resources to do the job means that people are spread too thin and end up taking shortcuts that are potentially damaging to value (Cooper et al. 2000). Resource limitations on the business side of a project team can be as damaging to conversion as a lack of technical resources. “[Value is about] far more than just sophisticated managerial visions. . . . Training and other efforts . . . to obtain value from IT investments Best Practices in Identifying Potential Value r r r r +PJOUCVTJOFTTm*5TUSVDUVSFTUPSFDPHOJ[FBOEFWBMVBUFPQQPSUVOJUJFT "NFBOTPGDPNQBSJOHWBMVFBDSPTTQSPKFDUT "QPSUGPMJPBQQSPBDIUPQSPKFDUTFMFDUJPO "GVOEJOHNFDIBOJTNGPSJOGSBTUSVDUVSF  $IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO are often hamstrung by insufficient resources” (Chircu and Kauffman 2000). Inadequate business resources can lead to poor communication and ineffective problem solving on a project (Ginzberg 2001). Companies are beginning to recognize that the number and quality of the staff assigned to an IT project can make a difference to its eventual outcome. They are insisting that the organization’s best IT and businesspeople be assigned to critical projects. Other significant barriers to conversion that are becoming more apparent now that IT has improved its own internal practices include the following: r Organizational barriers. The effective implementation of IT frequently requires the extensive redesign of current business processes (Chircu and Kauffman 2000). However, organizations are often reluctant to make the difficult complementary business changes and investments that are required (Carte et al. 2001). “When new IT is implemented, everyone expects to see costs come down,” explained one manager. “However, most projects involve both business and IT deliverables. We, therefore, need to take a multifunctional approach to driving business value.” In recognition of this fact, some companies are beginning to put formal change management programs in place to help businesses prepare for the changes involved with IT projects and to adapt and simplify as they learn how to take advantage of new technology. r Knowledge barriers. Most often new technology and processes require employees to work differently, learn new skills, and have new understanding of how and where information, people, and technologies fit together (Chircu and Kauffman 2000; Perez-Lopez and Alegre 2012). Although training has long been part of new IT implementations, more recently businesses are recognizing that delivering value from technology requires a broader and more coordinated learning effort (Smith and McKeen 2002). Lasting value comes from people and technology working together as a system rather than as discrete entities. Research confirms that highperforming organizations not only have strong IT practices but also have people who have good information management practices and who are able to effectively use the information they receive (Beath et al. 2012; Marchand et al. 2000). Realizing Value The final component of the IT value proposition has been the most frequently ignored. This is the work involved in actually realizing value after technology has been implemented. Value realization is a proactive and long-term process for any major initiative. All too often, after an intense implementation period, a development team is disbanded to work on other projects, and the business areas affected by new technology are left to Best Practices in Conversion r r r r "WBJMBCJMJUZPGBEFRVBUFBOERVBMJGJFE*5BOECVTJOFTTSFTPVSDFT 5SBJOJOHJOCVTJOFTTHPBMTBOEQSPDFTTFT .VMUJGVODUJPOBMDIBOHFNBOBHFNFOU &NQIBTJTPOIJHIFSMFWFMMFBSOJOHBOELOPXMFEHFNBOBHFNFOU 9 10 4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5 sink or swim. As a result, a project’s benefits can be imperfectly realized. Technology must be used extensively if it is to deliver value. Poorly designed technology can lead to high levels of frustration, resistance to change, and low levels of use (Chircu and Kauffman 2000; Sun et al., 2012). Resistance to change can have its root cause in an assumption or an action that doesn’t make sense in the everyday work people do. Sometimes this means challenging workers’ understanding of work expectations or information flows. At other times it means doing better analysis of where and how a new process is causing bottlenecks, overwork, or overload. As one manager put it, “If value is not being delivered, we need to understand the root causes and do something about it.” His company takes the unusual position that it is important to keep a team working on a project until the expected benefits have been realized. This approach is ideal but can also be very costly and, therefore, must be carefully managed. Some companies try to short-circuit the value management process by simply taking anticipated cost savings out of a business unit’s budget once technology has been implemented, thereby forcing it to do more with less whether or not the technology has been as beneficial as anticipated. However, most often organizations do little or no follow-up to determine whether or not benefits have been achieved. Measurement is a key component of value realization (Thorp 1999). After implementation, it is essential that all stakeholders systematically compare outcomes against expected value and take appropriate actions to achieve benefits. In addition to monitoring metrics, a thorough and ongoing assessment of value and information flows must also be undertaken at all levels of analysis: individual, team, work unit, and enterprise. Efforts must be taken to understand and improve aspects of process, information, and technology that are acting as barriers to achieving value. A significant problem with not paying attention to value recognition is that areas of unexpected value or opportunity are also ignored. This is unfortunate because it is only after technology has been installed that many businesspeople can see how it could be leveraged in other parts of their work. Realizing value should, therefore, also include provisions to evaluate new opportunities arising through serendipity. FIVE PRINCIPLES FOR DELIVERING VALUE In addition to clearly understanding what value means in a particular organization and ensuring that the three components of the IT value proposition are addressed by every project, five principles have been identified that are central to developing and delivering value in every organization. Best Practices in Realizing Value r r r r r 1MBOBWBMVFSFBMJ[BUJPOQIBTFGPSBMM*5QSPKFDUT .FBTVSFPVUDPNFTBHBJOTUFYQFDUFESFTVMUT -PPLGPSBOEFMJNJOBUFSPPUDBVTFTPGQSPCMFNT "TTFTTWBMVFSFBMJ[BUJPOBUBMMMFWFMTJOUIFPSHBOJ[BUJPO )BWFQSPWJTJPOTGPSBDUJOHPOOFXPQQPSUVOJUJFTUPMFWFSBHFWBMVF  $IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO Principle 1. Have a Clearly Defined Portfolio Value Management Process Every organization should have a common process for managing the overall value being delivered to the organization from its IT portfolio. This would begin as a means of identifying and prioritizing IT opportunities by potential value relative to each other. It would also include mechanisms to optimize enterprise value (e.g., through tactical, strategic, and infrastructure projects) according to a rubric of how the organization wants to allocate its resources. A portfolio value management process should continue to track projects as they are being developed. It should ensure not only that projects are meeting schedule and budget milestones but also that other elements of conversion effectiveness are being addressed (e.g., business process redesign, training, change management, information management, and usability). A key barrier to achieving value can be an organization’s unwillingness to revisit the decisions made about its portfolio (Carte et al. 2001). Yet this is critically important for strategic and infrastructure initiatives in particular. Companies may have to approve investments in these types of projects based on imperfect information in an uncertain environment. As they develop, improved information can lead to better decision making about an investment. In some cases this might lead to a decision to kill a project; in others, to speed it up or to reshape it as a value proposition becomes clearer. Finally, a portfolio value management process should include an ongoing means of ensuring that value is realized from an investment. Management must monitor expected outcomes at appropriate times following implementation and hold someone in the organization accountable for delivering benefits (Smith and McKeen 2010). Principle 2. Aim for Chunks of Value Much value can be frittered away by dissipating IT investments on too many projects (Cho et al. 2013; Marchand et al. 2000). Focusing on a few key areas and designing a set of complementary projects that will really make a difference is one way companies are trying to address this concern. Many companies are undertaking larger and larger technology initiatives that will have a significant transformational and/or strategic impact on the organization. However, unlike earlier efforts, which often took years to complete and ended up having questionable value, these initiatives are aiming to deliver major value through a series of small, focused projects that, linked together, will result in both immediate short-term impact and long-term strategic value. For example, one company has about three hundred to four hundred projects underway linked to one of a dozen major initiatives. Principle 3. Adopt a Holistic Orientation to Technology Value Because value comes from the effective interaction of people, information, and technology, it is critical that organizations aim to optimize their ability to manage and use them together (Marchand et al. 2000). Adopting a systemic approach to value, where technology is not viewed in isolation and interactions and impacts are anticipated and planned, has been demonstrated to contribute to perceived business value (Ginzberg 2001). Managers should aim to incorporate technology as an integral part of an overall 11 12 4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5 program of business change rather than dealing with people and information management as afterthoughts to technology (Beath et al. 2012). One company has done this by taking a single business objective (e.g., “increase market penetration by 15 percent over five years”) and designing a program around it that includes a number of bundled technology projects. Principle 4. Aim for Joint Ownership of Technology Initiatives This principle covers a lot of territory. It includes the necessity for strong executive sponsorship of all IT projects. “Without an executive sponsor for a project, we simply won’t start it,” explained one manager. It also emphasizes that all people involved in a project must feel they are responsible for the results. Said another manager, “These days it is very hard to isolate the impact of technology, therefore there must be a ‘we’ mentality.” This perspective is reinforced by research that has found that the quality of the IT–business relationship is central to the delivery of IT value. Mutual trust, visible business support for IT and its staff, and IT staff who consider themselves to be part of a business problem-solving team all make a significant difference in how much value technology is perceived to deliver (Ginzberg 2001). Principle 5. Experiment More Often The growing complexity of technology, the range of options available, and the uncertainty of the business environment have each made it considerably more difficult to determine where and how technology investments can most effectively be made. Executives naturally object to the risks involved in investing heavily in possible business scenarios or technical gambles that may or may not realize value. As a result, many companies are looking for ways to firm up their understanding of the value proposition for a particular opportunity without incurring too much risk. Undertaking pilot studies is one way of doing this (DeSouza 2011). Such experiments can prove the value of an idea, uncover new opportunities, and identify more about what will be needed to make an idea successful. They provide senior managers with a greater number of options in managing a project and an overall technology portfolio. They also enable potential value to be reassessed and investments in a particular project to be reevaluated and rebalanced against other opportunities more frequently. In short, experimentation enables technology investments to be made in chunks and makes “go/no go” decisions at key milestones much easier to make. Conclusion This chapter has explored the concepts and activities involved in developing and delivering IT value to an organization. In their efforts to use technology to deliver business value, IT managers should keep clearly in mind the maxim “Value is in the eye of the beholder.” Because there is no single agreed-on notion of business value, it is important to make sure that both business and IT managers are working to a common goal. This could be traditional cost reduction, process efficiencies, new business capabilities, improved communication, or a host of other objectives. Although each organization  $IBQUFS r %FWFMPQJOHBOE%FMJWFSJOHPOUIF*57BMVF1SPQPTJUJPO or business unit approaches value differently, increasingly this goal includes much more than the simple delivery of technology to a business unit. Today technology is being used as a catalyst to drive many different types of organizational transformation and strategy. Therefore, IT value can no longer 13 be viewed in isolation from other parts of the business, namely people and information. Thus, it is no longer adequate to focus simply on the development and delivery of IT projects in order to deliver value. Today delivering IT value means managing the entire process from conception to cash. References Agarwal, R., and V. Sambamurthy. “Organizing the IT Function for Business Innovation Leadership.” Society for Information Management Advanced Practices Council Report, Chicago, September 2002. Beath, C., I. Becerra-Fernandez, J. Ross, and J. Short. “Finding Value in the Information Explosion.” MIT Sloan Management Review 53, no. 4 (2012): 18–20. Birdsall, W. “Human Capabilities and Information and Communication Technology: The Communicative Connection.” Ethics and Information Technology 13, no. 2 (2011): 93–106. Byrd, T. A. “Information Technology, Core Competencies, and Sustained Competitive Advantage.” Information Resources Management Journal 14, no. 2 (April–June 2001): 27–36. Carte, T., D. Ghosh, and R. Zmud. “The Influence of IT Budgeting Practices on the Return Derived from IT Investments.” CMISS White Paper, November 2001. Chakravarty, A., R. Grewal, and V. Sambamurthy. “Information Technology Competencies, Organizational Agility, and Firm Performance: Enabling and Facilitating Roles.” Information Systems Research 24, no. 4 (2013): 976–97, 1162–63, 1166. Chan, Y. “IT Value: The Great Divide Between Qualitative and Quantitative and Individual and Organizational Measures.” Journal of Management Information Systems 16, no. 4 (Spring 2000): 225–61. Cho, W., M. Shaw, and H. Kwan. “The Effect of Synergy Enhancement on Information Technology Portfolio Selection.” Information Technology and Management 14, no. 2 (2013): 125–42. Chircu, A., and R. J. Kauffman. “Limits to Value in Electronic Commerce-Related IT Investments.” Journal of Management Information Systems 17, no. 2 (Fall 2000): 59–80. Cooper, R., S. Edgett, and E. Kleinschmidt. “New Problems, New Solutions: Making Portfolio Management More Effective.” Research Technology Management 43, no. 2 (March/April 2000): 18–33. Cronk, M., and E. Fitzgerald. “Understanding ‘IS Business Value’: Derivation of Dimensions.” Logistics Information Management 12, no. 1–2 (1999): 40–49. Davern, M., and R. Kauffman. “Discovering Potential and Realizing Value from Information Technology Investments.” Journal of Management Information Systems 16, no. 4 (Spring 2000): 121–43. DeSouza, K. Intrapreneurship: Managing Ideas in Your Organization. Toronto: University of Toronto Press, 2011. Ginzberg, M. “Achieving Business Value Through Information Technology: The Nature of High Business Value IT Organizations.” Society for Information Management Advanced Practices Council Report, Chicago, November 2001. Grant, G. L., and M. T. Royle. “Information Technology and Its Role in Creating Sustainable Competitive Advantage.” Journal of International Management Studies 6, no. 1 (2011): 1–7. Luehrman, T. A. “What’s It Worth? A General Manager’s Guide to Valuation.” Harvard Business Review (May–June 1997): 131–41. Luftman, J., and H. S. Zadeh. “Key Information Technology and Management Issues 2010– 2011: An International Study.” Journal of Information Technology 26, no. 3 (2011): 193–204. 14 4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5 Marchand, D., W. Kettinger, and J. Rollins. “Information Orientation: People, Technology and the Bottom Line.” Sloan Management Review (Summer 2000): 69–80. McKeen, J. D., and H. A. Smith. Making IT Happen. Chichester, England: John Wiley & Sons, 2003. McKeen, J. D., and H. A. Smith. “Application Portfolio Management.” Communications for the Association of Information Systems 26, Article 9 (March 2010), 157–70. Oliveira, T., and M. F. Martins. “Literature Review of Information Technology Adoption Models at Firm Level.” Electronic Journal of Information Systems Evaluation 14, no.1 (2011): 110–21. Perez-Lopez, S., and J. Alegre. “Information Technology Competency, Knowledge Processes and Firm Performance.” Industrial Management and Data Systems 112, no. 4 (2012): 644–62. Peslak, A. R. “An Analysis of Critical Information Technology Issues Facing Organizations.” Industrial Management and Data Systems 112, no. 5 (2012): 808–27. Roach, S. “The Case of the Missing Technology Payback.” Presentation at the Tenth International Conference on Information Systems, Boston, December 1989. Segars, A. H., and D. Chatterjee. “Diets That Don’t Work: Where Enterprise Resource Planning Goes Wrong.” Wall Street Journal, August 23, 2010. online.wsj.com/article/SB100014240527 48703514404574588060852535906.html. Smith, H., and J. McKeen. “Instilling a Knowledge Sharing Culture.” Presentation at the KM Forum, Queen’s School of Business, Kingston, Ontario, Canada, 2002. Smith, H., and J. McKeen. “Investment Spend Optimization at BMO Financial Group.” MISQ Executive 9, no. 2 (June 2010): 65–81. Sun, Y., Y. Fang, K. Lim, and D. Straub. “User Satisfaction with Information Technology Service Delivery: A Social Capital Perspective.” Information Systems Research 23, no. 4 (2012): 1195–211. Thorp, J. “Computing the Payoff from IT.” Journal of Business Strategy 20, no. 3 (May/June 1999): 35–39. CHAPTER 2 Developing IT Strategy for Business Value1 S uddenly, it seems, executives are “getting” the strategic potential of IT. Instead of being relegated to the back rooms of the enterprise, IT is now being invited to the boardrooms and is being expected to play a leading role in delivering topline value and business transformation (Korsten 2011; Luftman and Zadeh 2011; Peslak 2012). Thus, it can no longer be assumed that business strategy will naturally drive IT strategy, as has traditionally been the case. Instead, different approaches to strategy development are now possible and sometimes desirable. For example, the capabilities of new technologies could shape the strategic direction of a firm (e.g., mobile, social media, big data). IT could enable new competencies that would then make new business strategies possible (e.g., location-based advertising). New options for governance using IT could also change how a company works with other firms (think Wal-Mart or Netflix). Today new technologies coevolve with new business strategies and new behaviors and structures (see Figure 2.1). However, whichever way it is developed, if IT is to deliver business value, IT strategy must always be closely linked with sound business strategy. Ideally, therefore, business and IT strategies should complement and support each other relative to the business environment. Strategy development should be a two-way process between the business and IT. Yet unfortunately, poor alignment between them remains a perennial problem (Frohman 1982; Luftman and Zadeh 2011; McKeen and Smith 1996; Rivard et al. 2004). Research has already identified many organizational challenges to effective strategic alignment. For example, if their strategy-development processes are not compatible (e.g., if they take place at different times or involve different levels of the business), it is unlikely that the business and IT will be working toward the same goals at the same time (Frohman 1982). Aligning with individual business units can lead to initiatives that suboptimize the effectiveness of corporate strategies (McKeen and Smith 1996). Strategy implementation must also be carefully aligned to 1 This chapter is based on the authors’ previously published article, Smith, H. A., J. D. McKeen, and S. Singh. “Developing IT Strategy for Business Value.” Journal of Information Technology Management XVIII, no. 1 (June 2007): 49–58. Reproduced by permission of the Association of Management. 15 4FDUJPO* r %FMJWFSJOH7BMVFXJUI*5 y New Behavior s& New Capabilities tures ruc St New Techno log 16 s gie New Strate FIGURE 2.1 Business and IT Strategies Co-evolve to Create New Capabilities ensure the integration of business and IT efforts (Smith and McKeen 2010). Finally, companies often try to address too many priorities, leading to an inadequate focus on key strategic goals (Weiss and Thorogood 2011). However, strategic alignment is only one problem facing IT managers when they develop IT strategy. With IT becoming so much more central to the development and delivery of business strategy, much more attention is now being paid to strategy development than in the past. What businesses want to accomplish with their IT and how IT shapes its own delivery strategy are increasingly vital to the success of an enterprise. This chapter explores how organizations are working to improve IT strategy development and its relationship with business strategy. It looks first at how our understanding of business and IT strategies has changed over time and at the forces that will drive even further changes in the future. Then it discusses some critical success factors for IT strategy development about which there is general consensus. Next it looks at the different dimensions of the strategic use of IT that IT management must address. Finally, it examines how some organizations are beginning to evolve a more formal IT strategydevelopment process and some of the challenges they are facing in doing so. BUSINESS AND IT STRATEGIES: PAST, PRESENT, AND FUTURE At the highest level, a strategy is an approach to doing business (Gebauer 1997). Traditionally, a competitive business strategy has involved performing different activities from competitors or performing similar activities in different ways (Porter 1996). Ideally, these activities were difficult or expensive for others to copy and, therefore, resulted in a long-term competitive advantage (Gebauer 1997). They enabled firms to charge a premium for their products and services. Until recently, the job of an IT function was to understand the business’s strategy and figure out a plan to support it. However, all too often IT’s strategic contribution was inhibited by IT managers’ limited understanding of business strategy and by business managers’ poor understanding of IT’s potential. Therefore, most formal IT plans were focused on the more tactical and tangible line of business needs or opportunities  $IBQUFS r %FWFMPQJOH*54USBUFHZGPS#VTJOFTT7BMVF for operational integration rather than on supporting enterprise strategy (Burgelman and Doz 2001). And projects were selected largely on their abilities to affect the shortterm bottom line rather than on delivering top-line business value. “In the past IT had to be a strategic incubator because businesspeople simply didn’t recognize the potential of technology,” said a member of the focus group. As a result, instead of looking for ways to be different, in the past much business strategy became a relentless race to compete on efficiencies with IT as the primary means of doing so (Hitt et al. 1998; Porter 1996). In many industries, companies’ improved information-processing capabilities have been used to drive down transaction costs to near zero, threatening traditional value propositions and shaving profit margins. This is leading to considerable disruption as business models (i.e., the way companies add value) are under attack by new, technology-enabled approaches to delivering products and services (e.g., the music industry, bookselling). Therefore: Strategists [have to] honestly face the many weaknesses inherent in [the] industrial-age ways of doing things. They [must] redesign, build upon and reconfigure their components to radically transform the value proposition. (Tapscott 1996) Such new business strategies are inconceivable without the use of IT. Other factors, also facilitated by IT, are further influencing the relationship between the business and IT strategy. Increasingly, globalization is altering the economic playing field. As countries and companies become more deeply interrelated, instability is amplified. Instead of being generals plotting out a structured campaign, business leaders are now more likely to be participating in guerilla warfare (Eisenhardt 2002; Friedman 2005). Flexibility, speed, and innovation are, therefore, becoming the watchwords of competition and must be incorporated into any business or IT strategy–development process. These conditions have dramatically elevated the business’s attention to the value of IT strategy (Korsten 2011; Weiss and Thorogood 2011). As a result, business executives recognize that it was a mistake to consider technology projects to be solely the responsibility of IT. There is, thus, a much greater understanding that business executives have to take leadership in making technology investments in ways that will shape and/or complement business strategy. There is also recognition at the top of most organizations that problems with IT strategy implementation are largely the fault of leaders who “failed to realize that adopting … systems posed a business—not just a technological—challenge” and didn’t take responsibility for the organizational and process changes that would deliver business value (Ross and Beath 2002). Changing value models and the development of integrated, cross-functional systems have elevated the importance of both a corporate strategy and a technology strategy that crosses traditional lines of business. Many participants remarked that their executive teams at last understand the potential of IT to affect the top line. “IT recently added some new distribution channels, and our business has just exploded,” stated one manager. Others are finding that there is a much greater emphasis on IT’s ability to grow revenues, and this is...
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: ITM 480

1

Enterprise Risk at Nationstate Insurance
Student’s Name
Institutional Affiliation

ITM 480

2
Enterprise Risk at Nationstate Insurance

#1. List and describe all of the potential benefits (and costs) that Nationstate would
realize from the establishment of an enterprise-wide architecture as envisioned by Jane
Denton?
There are necessarily seven befits that Nationstate would realize from the establishment of an
enterprise-wide architecture as envisioned by Jane Denton. These benefits include (Niemi &
Pekkola, 2019):
a. First, the administrative body will be able to gain a better picture of the overall
business units and their respective systems. That way, understanding the
interdependencies and relationships between these business units will be easier. This
benefit will help in reducing cases of poor communications and misunderstandings.
b. Secondly, Nationstate will easily manage to increase its cost savings through the
elimination of the redundancy of the internal service units. This reduces complexity
significantly and, with that, increases stability and overall quality.
c. Thirdly, implementing the enterprise-wide architecture will enable the organization to
visualize its future direction of success and thus impact change in areas that are less
likely to contribute to the success of the organization. Project showstoppers can also
be effectively eliminated.
d. Fourth, enterprise-wide architecture is a widely accepted method for standardizing IT
and mitigating risks. This means that it creates a way of building solutions on open
standards, hence eas...

Similar Content

Related Tags