Search results

This study aims to explore the effect of whistleblowing and interpretation among practitioners in the Nigerian economy. The research puts a premium on understanding the relevance and critical issues in its practices and developing an improved model for the effective practice of whistleblowing and interpretation in Nigeria.

This study adopted a conceptual approach, relying on extant literature to understand the management of whistleblowing incidents and identify the managers’ and other stakeholders’ responsibility in the whistleblowing process. It applied systems dynamics conceptual modelling and presented an improvement approach to addressing the complexities associated with whistleblowing and interpretation among Nigerian organizations.

This study contributed to the extant literature by developing a model for proper management of whistleblowing in the Nigerian context and enhancing the robust practice of whistleblowing and interpretation in Nigeria. The findings highlighted critical factors such as managers’ skills development, legal system support, institutional stakeholders’ function and ethical balance as key factors to effective whistleblowing management and interpretation. This implies that the act of identifying and developing responses to an emerging case of whistleblowing requires a process of developing underpinning assumptions, engagement and consideration of stakeholders’ interests while driving the sustenance of organizational focus.

This study emphasized the departure from absolute best practice to developing idea approaches that reflect stakeholders’ interests and the context of whistleblowing and interpretation. While the study acknowledges limitations in the sole focus on the Nigerian private sector and the Nigerian economic background, it recommends further exploration of whistleblowing and its interpretation on a comparative approach, to improving the current understanding of the topic.

This study aims to develop an inclusive, multidisciplinary, flexible and organizationally adaptable safety risk management framework, including diversity management, that will be implemented to ensure safety is and remains at the desired level. If the number of incidents and potential incidents that could lead to accidents and their impact rates are to be reduced operationally and administratively, aviation safety risks and sources of risk must be better understood, sources of risk identified, and the safety risk management framework designed in an organization-specific and organization-wide sustainable way. At this point, it is necessary to draw the conceptual framework well and to define the boundaries of the concepts well. In this study, a framework model that can be adapted to the organization is proposed to optimize the management of risks and provide both efficient and effective resource allocation and organizational structure design in its operations and management functions.

The qualitative research method – triple techniques – was deemed appropriate for this study, which aims to identify, examine, interpret and develop the situations of safety management models. In this context, document analysis, business process modeling technique and Delphi techniques from qualitative research methods were used via integration as the methodology of this research.

To manage dynamic civil aviation management activities and business processes effectively and efficiently, the risk management process is the building block of the “Proposed Process Model” that supports the decision-making processes of aviation organizations and managers. This “Framework Conceptual Model” building block also helps build capacity and resilience by enabling continuous development, organizational learning, and flexible structuring.

This research is limited to air transportation and aviation safety management issues. This research is limited specifically to a safety-based risk management framework for the aviation industry. This research may have social implications as source saving, optimum resource use and capacity building will make a contribution to society and add value besides operational and practical implementation.

This research may contribute to more safe operations and functions in the aviation industry.

Management and academia may gain considerable support from this research to manage their safety risks via a corporate-tailored risk management framework, both improving resilience and developing corporate capacity. With this model presented, decision-makers will have a guiding structure that can optimally manage the main risk types that may be encountered in the safety risk in the fields of suppliers, manufacturers, demand changes, logistics, information management, environmental, legal and regulatory. Existing studies in the literature are generally in the form of algorithms and cannot be used as a decision-making support tool. This model aims to fill the gap in the literature. In addition, added value may be created by applying this model to optimum management safety risks in the real aviation industry and its related sectors.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

This paper aims to empirically investigate how knowledge coordination is carried out within and across expert teams in the outsourcing service desk context from the standpoint of the information and communication technologies (ICT) provider.

The authors draw on an embedded case study to unravel the mechanisms used by expert teams to achieve knowledge coordination. Data collection included semi-structured interviews and document analysis over eight months.

Four groups of coordination mechanisms were found according to their nature and role in helping MESA achieve its organizational goals. The authors also identified how this set of mechanisms responds to the task-resource dependency and how it evolves over time to provide reliable ICT services. Furthermore, the analysis of four knowledge coordination dimensions inside each group uncovers the complexity of coordination in the studied context, with the “who” dimension being predominant across the groups. The analysis further reveals that the content (what) and mode of coordination (how) of each group respond to elements in the knowledge coordination process relevant for the different stages of the ICT service delivery process.

The case study addresses how people in outsourced services coordinate their knowledge to manage the interdependencies among the involved organizations and thus, achieving their goals. This study extends previous research that had analyzed the consequences of knowledge coordination for providers and customers by delving into the mechanisms used in this process from the provider’s point of view.

This paper aims to explore current trends in how companies disclose climate-related risks and opportunities in their financial statements. As part of the authors’ analysis, they examine: whether forward-looking assumptions and judgements are typically considered in reporting climate-related risks/opportunities; whether there are differences in the reporting practices of firms in carbon-intensive industries versus non-carbon-intensive industries; and whether negative media reports have an influence on the levels of disclosure a firm makes.

The authors chose content analysis as their methodology and examined the financial statements published by firms listed on the UK’s FTSE 100 between 2016 and 2020. This analysis is framed by Suchman’s three dimensions of legitimacy, being pragmatic, cognitive and moral.

Climate-related disclosures in the notes and financial accounts of these firms did increase over the period. Yet, overall, the level the disclosures was inadequate and the quality was inconsistent. From this, the authors conclude that pragmatic legitimacy is not a particularly strong driving factor in compelling organisations to disclose climate-related information. The firms in carbon-intensive industries do provide greater levels of disclosure, including both qualitative and quantitative (monetary) content, which is consistent with cognitive legitimacy. However, from a moral legitimacy perspective, this study finds that firms did not adapt responsively to negative media coverage as a way of reflecting their accountability to broader public norms and values. Overall, this analysis suggests that regulatory enforcement and a systematic reporting framework with adequate guidance is going to be critical to developing transparent climate-related reporting in future.

This paper contributes to existing studies on climate-related disclosures, which have mainly examined the ‘front-half’ of annual reports. Conversely, this study aims to shed light on these practices in the “back-half” of these reports, exploring the underlying reasons for reporting climate-related risks and opportunities in financial accounts. The authors’ insights into the current disclosure practices make a theoretical contribution to the literature. Practitioners can also draw on these insights to improve how they report on climate-related risks and opportunities in their financial statements.

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence?

In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel.

This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn.

Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations.

Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats.

Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

Corporate Social Responsibility (CSR) reporting has been widely accepted as a vital tool for communicating with stakeholders on a range of social, environmental, and governance issues, but how companies define, interpret, apply, integrate, and communicate their CSR efforts and impacts in corporate reporting is anything but a straightforward task. The purpose of this chapter is to explore the concept of materiality in CSR reporting and demonstrate practical examples of good CSR and Sustainable Development Goals (SDGs) reporting practices. We chose the aviation industry because of its economic relevance, constant growth, and future expected changes in the aftermath of COVID-19. In addition, airlines affect many of the SDGs directly and indirectly with contending results. This chapter is timely because of the growing willingness by companies to integrate CSR and environmental, social, and governance (ESG) thinking into the corporate strategy and business operations using materiality assessment and enhancing their competitive advantage and ability to maintain long-term value and because ESG and ethical investing have become part of the mainstream investing. Thus, this chapter contributes to an understanding of the wide range of existing and new reporting frameworks and regulations and reinforces the importance of discussing how this diversity of approaches can affect the work toward worldwide comparability of CSR and sustainability reporting.

To elaborate the nature of fact-checking in the domain of political information by examining how fact-checkers assess the validity of claims concerning the Russo-Ukrainian conflict and how they support their assessments by drawing on evidence acquired from diverse sources of information.

Descriptive quantitative and qualitative content analysis of 128 reports written by the fact-checkers of Snopes – an established fact-checking organisation – during the period of 24 February 2022 – 28 June, 2023. For the analysis, nine evaluation grounds were identified, most of them inductively from the empirical material. It was examined how the fact-checkers employed such grounds while assessing the validity of claims and how the assessments were bolstered by evidence acquired from information sources such as newspapers.

Of the 128 reports, the share of assessments indicative of the invalidity of the claims was 54.7%, while the share of positive ratings was 26.7%. The share of mixed assessments was 15.6%. In the fact-checking, two evaluation grounds, that is, the correctness of information and verifiability of an event presented in a claim formed the basis for the assessment. Depending on the topic of the claim, grounds such as temporal and spatial compatibility, as well as comparison by similarity and difference occupied a central role. Most popular sources of information offering evidence for the assessments include statements of government representatives, videos and photographs shared in social media, newspapers and television programmes.

As the study concentrated on fact-checking dealing with political information about a specific issue, the findings cannot be extended to concern the fact-checking practices in other contexts.

The study is among the first to characterise how fact-checkers employ evaluation grounds of diverse kind while assessing the validity of political information.

Every year, millions of consumers around the world become victims of credit card fraud. These individuals have to appeal to their credit card companies to reverse unauthorized charges. This study aims to profile the American consumers’ experience when complaints to their credit card companies about unauthorized charges fail to produce a resolution. Using a large database of consumer complaint filings with the Consumer Financial Protection Bureau (CFPB), the characteristics of these consumer complaints are identified, and the drivers of consumer financial hardship resulting from credit card fraud are determined.

A random sample of consumer complaints about their credit card companies’ perceived mishandling of cases, filed with the CFPB, is used to conduct content analysis. The resulting content analysis categories are used in a predictive model to determine the drivers of consumer hardship.

In nearly one-quarter of all complaint filings, the credit card company had blamed the complainant as the party responsible for the fraudulent charges or refused to open a fraud investigation altogether. Nearly 60% of complaint reports contain expressions of emotional distress and many mention financial hardship. Nearly half of all complainants consider the fraud department operations of their credit card company as lacking in service quality, many reporting inability to reach the department or to receive a returned call. Even after CFPB intermediation, only 15% of complainants receive some form of financial relief from their credit card company. The majority of the complainants report a lack of willingness by the credit card company to reverse unauathorized charges, leaving the complainant financially responsible for them.

This study focused on data collected from consumers. Future research can expand the scope of inquiry by surveying the staff and executives in the fraud investigation departments of credit card companies to determine the norms of fraud investigation used within the industry.

This study sheds light on the financial hardship and emotional pains that consumers victimized by credit card fraud experience in dealing with their credit card companies.

To the best of the authors’ knowledge, this is the first study to empirically examine American consumers’ complaints about the fraud investigation operations of their credit card companies. Using data captured through the complaint filing system of a federal bureau (CFPB), the findings have implications for policymakers, regulators and credit card companies.

This paper aims to propose a new method to derive custom dynamic cyber risk metrics based on the well-known Goal, Question, Metric (GQM) approach. A framework that complements it and makes it much easier to use has been proposed too. Both, the method and the framework, have been validated within two challenging application domains: continuous risk assessment within a smart farm and risk-based adaptive security to reconfigure a Web application firewall.

The authors have identified a problem and provided motivation. They have developed their theory and engineered a new method and a framework to complement it. They have demonstrated the proposed method and framework work, validating them in two real use cases.

The GQM method, often applied within the software quality field, is a good basis for proposing a method to define new tailored cyber risk metrics that meet the requirements of current application domains. A comprehensive framework that formalises possible goals and questions translated to potential measurements can greatly facilitate the use of this method.

The proposed method enables the application of the GQM approach to cyber risk measurement. The proposed framework allows new cyber risk metrics to be inferred by choosing between suggested goals and questions and measuring the relevant elements of probability and impact. The authors’ approach demonstrates to be generic and flexible enough to allow very different organisations with heterogeneous requirements to derive tailored metrics useful for their particular risk management processes.