Search results

Information system projects often go awry and when they do internal auditors are often in a position to bring the problems to management’s attention. However, managers are not always receptive to risk warnings, even when internal auditors who are role prescribed to carry out this function deliver such warnings. This phenomenon is known as the deaf effect. This paper aims to examine the actions that internal auditors take to resolve the deaf effect and how these actions affect the auditor–manager relationship.

Based on a multiple case study approach, the authors conducted in-depth interviews with auditors and examined ten cases of the deaf effect from the auditor’s perspective.

The findings revealed three categories of actions that auditors took in response to the deaf effect and how these actions immediately affected the auditor–manager relationship. Further, by analyzing the subsequent sequence of actions taken by the auditor in each case, the authors identified three distinct patterns that capture the dynamics of the auditor–manager relationship over time until the deaf effect was, ultimately, resolved.

Several practitioner studies have shown that internal auditors and managers struggle to build effective relationships, even under the most favorable circumstances and the authors suggest that deaf effect situations are likely to pose an even greater challenge to the auditor–manager relationship. The study contributes to the discourse on internal audit effectiveness in several ways. First, the authors identified three categories of actions that internal auditors took in response to the deaf effect. The authors found that two of these categories of action are related to the two distinct roles that internal auditors can play (inspector or consultant). Second, the authors examined how these categories of actions played out over time, influencing the auditor–manager relationship dynamics.

This study investigates the potential of actor‐network theory (ANT) for theory development on information technology project escalation, a pervasive problem in contemporary organizations. In so doing, the study aims to contribute to the current dialogue on the potential of ANT in the information systems field. While escalation theory has been used to study “runaway” IT projects, two distinct limitations suggest a potential of using ANT: First, there is a need for research that builds process theory on escalation of IT projects. Second, the role of technology as an important factor (or actor) in the shaping of escalation has not been examined. This paper examines a well‐known case study of an IT project disaster, the computerized baggage handling system at Denver International Airport, using both escalation theory and ANT. A theory‐comparative analysis then shows how each analysis contributes differently to our knowledge about dysfunctional IT projects and how the differences between the analyses mirror characteristics of the two theories. ANT is found to offer a fruitful theoretical addition to escalation research and several conceptual extensions of ANT in the context of IT project escalation are proposed: embedded actor‐networks, host actor‐networks, swift translation and Trojan actor‐networks.

Risk is an inherent component of business transactions. Today's flattened business organisations are forcing strategic, risk‐related decisions farther down the organisational hierarchy (Richards et.al., 1996). Therefore, every business decision maker has to become proficient at factoring risk into the decision‐making process. How the risk level of the transaction affects the decision maker and the eventual decision is a function of that person's risk propensity. For senior managers in those flattened organisations facing the necessity of having less‐senior individuals making strategic decisions, the attitudes of those individuals toward risk is extremely important.

The paper aims to provide methodological support for hybrid project management, in which the discipline of predictive methodologies combines with the flexibility of adaptive ones. Specifically, the paper explores the extent complexity and volatility dimensions of organisational problems inform choices of PM methodologies both theoretically and in current practice, as a first step towards better methodological support for hybridisation.

The paper takes a mixed method approach, including both secondary research and primary research with practitioners. Primary research consists of a small scale survey (n = 31) followed by semi-structured interviews, with findings triangulated against secondary evidence.

The paper provides empirical insights on how complexity and volatility of organisational problems can inform hybrid project management practices. Specifically, it suggests a mapping between volatility and complexity dimensions and predictive and adaptive risk controls as a first step towards the systematisation of hybrid combinations in projects.

Due to the small participant sample, the research results may lack generalisability.

The paper includes implications for the development of methodological support for setting up hybrid projects in practice.

The paper addresses a gap acknowledged both in the literature and by practitioners.

In this editorial introduction Allen Lee's definition of the information systems (IS) field is taken as the starting point: “Research in the information systems field examines more than just the technological system, or just the social system, or even the two systems side by side; in addition, it investigates the phenomena that emerge when the two interact” (Lee, A. “Editorial”, MISQ, Vol. 25, No. 1, 2001, p. iii). By emphasizing the last part of this, it is argued that actor‐network theory (ANT) can provide IS research with unique and very powerful tools to help us overcome the current poor understanding of the information technology (IT) artifact (Orlikowski, W. and Iacono, S., “Research commentary: desperately seeking the ‘IT’ in IT research – a call for theorizing the IT artifact”, Information Systems Research, Vol. 10 No. 2, 2001, pp. 121‐34). These tools include a broad range of concepts describing the interwoven relationships between the social.

Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the use of software products by organisations. The purpose of this paper is to propose a novel G-RAM framework for business organisations to assess and mitigate risks arising out of software vulnerabilities.

The G-RAM risk assessment module uses GARCH to model vulnerability growth. Using 16-year data across 1999-2016 from the National Vulnerability Database, the authors estimate the model parameters and validate the prediction accuracy. Next, the G-RAM risk mitigation module designs optimal software portfolio using Markowitz’s mean-variance optimisation for a given IT budget and preference.

Based on an empirical analysis, this study establishes that vulnerability follows a non-linear, time-dependent, heteroskedastic growth pattern. Further, efficient software combinations are proposed that optimise correlated risk. The study also reports the empirical evidence of a shift in efficient frontier of software configurations with time.

Existing assumption of independent and identically distributed residuals after vulnerability function fitting is incorrect. This study applies GARCH technique to measure volatility clustering and mean reversal. The risk (or volatility) represented by the instantaneous variance is dependent on the immediately previous one, as well as on the unconditional variance of the entire vulnerability growth process.

The volatility-based estimation of vulnerability growth is a risk assessment mechanism. Next, the portfolio analysis acts as a risk mitigation activity. Results from this study can decide patch management cycle needed for each software – individual or group patching. G-RAM also ranks them into a 2×2 risk-return matrix to ensure that the correlated risk is diversified. Finally the paper helps the business firms to decide what to purchase and what to avoid.

Contrary to the existing techniques which either analyse with statistical distributions or linear econometric methods, this study establishes that vulnerability growth follows a non-linear, time-dependent, heteroskedastic pattern. The paper also links software risk assessment to IT governance and strategic business objectives. To the authors’ knowledge, this is the first study in IT security to examine and forecast volatility, and further design risk-optimal software portfolios.

The purpose of this paper is to analyze risk profiles of projects based on project characteristics and provide key managerial insights.

A total of 37 project cases from engineering and construction (E&C), information system/technology (IS/IT), and new product development (NPD) sectors with detailed information on project characteristics and risks were identified from published literature. An integrated framework was developed to analyze the prominent risk categories associated with novelty, technology, complexity, and pace (NTCP) project characteristics.

Within-sector analysis revealed that schedule, resource, and scope risks are the most prominent risk categories in E&C, IS/IT, and NPD projects, respectively. Similarly, interesting key insights have been drawn from detailed cross-sector analysis, depicting different risk categories based on NTCP project characteristics.

The findings are based on the case studies adopted from the literature that provides details of project characteristics and risk profiles.

Depending upon the risks associated with different project characteristics, an integrated framework developed in the study can be used for the development of highly authentic risk management plans at the onset.

This is one of the earliest studies to provide an integrated risk framework for projects based on their NTCP characteristics. The two contrasting perspectives of within-sector and cross-sector analyses were adopted. Overall, the study will enhance the future preparedness toward risks.

From last few decades, logistics management (LM) constitutes a global concern among organization’s supply chain (SC) to improve their business effectiveness. The purpose of this paper is to uncover and analyze the critical factors (CFs) related to the implementation of effective LM concept and benchmark the SC performance.

The most common (16) CFs were identified and selected through literature and use of the Delphi method. Subsequently, the selected most common CFs were analyzed to distinguish their causal relations using the fuzzy Decision Making Trial and Evaluation Laboratory (DEMATEL) technique under unclear surroundings. A case example of Indian Logistics Company is also discussed to reveal the practical applicability of the research.

Provision of the effective information communication and technological developments in the system and Management dedication, support and involvement CFs are found to have the top most influences in the effective implementation of LM. This paper also groups the CFs into cause and effect relationship which provides valuable insights for analyzing the factors in successful implementation of LM.

This work attempts to understand the different CFs, their relative position and the importance rating in the system, due to which, managers can differentiate the factor which greatly affects the concepts of implementing LM, and thus, improvements can be made accordingly.

First, this work offers 16 CFs to LM implementation from a SC scenario. Second, in the context of contributing to the theory, the combined Delphi and fuzzy DEMATEL-based model is provided that helps in managing the logistic related issues effectively.

Evaluating the potential payoff of an individual project in a portfolio, especially an innovative product development initiative, is a chronic problem with no satisfying solution. Because the commonly used tools to measure such opportunities provide limited insights, executives need better decision support technology.

Executives making difficult portfolio funding decisions must answer such questions as which of their projects seem to be most promising, whether they should act now or bide their time, and how much they should pay to stay in the game.

Executives can use the visible options approach to manage initiatives by taking the following steps: review the composition of the project portfolio; crosscheck the announced initiatives with the company's future value; don't leave upside‐intensive initiatives on the back burner; and use failure‐avoiding management to limit downside risk.

The visual options method has yet to be extensively field‐tested and researchers need to collect feedback from early adopters.

Using visual options techniques, executives can scan a set of initiatives and quickly spot projects inspired by opportunities and those developed in response to threats; the projects with big potential future outcomes and those that have only modest prospects. They can now see urgent opportunities with windows that are closing rapidly as well as the proximate threats that are often easier to recognize.

First full description of the visible options technique. A visible options tool that displays the potential benefits of projects more graphically and gives a more complete picture of possible results over time could help managers make more effective decisions.

The purpose of this paper is to propose a method to address the problem of selecting risk response actions (RRAs) considering the risk dependency that is seldom considered in the existing studies.

First, a method based on the Measuring Attractiveness by a Categorical-Based Evaluation Technique (MACBETH) is proposed to measure the dependencies between the risks, and then a preference coefficient denoting the relative importance of the risk dependency is introduced. Besides, an exponential utility function is used to describe the project manager’s (PM) risk-averse behaviour. Finally, a mathematical model that incorporates the risk dependency and risk preference of the PM is constructed for selecting the RRAs.

Risk dependency plays an important role in the process of RRA selection. First, more expected utility can be obtained when the risk dependency is considered. Second, more attention should be paid to the risk dependency for coping with critical risks when the budget is tight.

This method can be applied to determine the RRAs when the risk dependency exists between the project risks.

This paper proposes a model to select RRAs with consideration of the risk dependency, which is an important issue from a theoretical as well as a practical perspective in project risk management.