Search results

The purpose of this paper is to describe the dynamic development of technical controls in different companies and to interpret the observations using Van de Ven and Poole's typology of change process theories.

Case study data were obtained through semi‐structured interviews, observation and document analysis in three organisations (Company A, Company B and Company C).

The paper highlights the life‐cycle development of technical controls, where controls are implemented, improved and eventually removed. It highlights the fact that the progression through the life‐cycle can follow either a dialectical motor of change based on conflict or a teleological motor of change based on consensus.

The findings of the paper enhance the theory of rules developed by March et al., by providing insight into how change actually occurs, i.e. how inertia is broken.

The paper offers practitioners some guidelines for the management of their control systems to help them maintain more effective and efficient control systems.

The paper explains that under a teleological motor of change, inertia is broken more easily than under a dialectical one, because there is less tolerance for control obsolescence, hence improvement and removal of obsolete controls are more likely to occur. This is important for listed organisations having to implement more and more technical controls to comply with laws such as SOX. The paper also suggests that the life‐cycle is not a “motor” of change as suggested by Van de Ven and Poole, because it cannot explain how inertia is broken.

This paper aims to discuss the need for management control system for information security management that encapsulates the technical, formal and informal systems. This motivated the conceptualization of supply chain information security from a management controls perspective. Extant literature on information security mostly focused on technical security and managerial nuances in implementing and enforcing technical security through formal policies and quality standards at an organizational level. However, most of the security mechanisms are difficult to differentiate between businesses, and there is no one common platform to resolve the security issues pertaining to varied organizations in the supply chain.

The paper was conceptualized based on the review of literature pertaining to information security domain.

This study analyzed the need and importance of having a higher level of control above the already existing levels so as to cover the inter-organizational context. Also, it is suggested to have a management controls perspective for an all-encompassing coverage to the information security discipline in organizations that are in the global supply chain.

This paper have conceptualized the organizational and inter-organizational challenges that need to be addressed in the context of information security management. It would be difficult to contain the issues of information security management with the existing three levels of controls; hence, having a higher level of security control, namely, the management control that can act as an umbrella to the existing domains of security controls was suggested.

Purpose – Addresses labor control in fields where familiar organizational and occupational controls are weak, notably postindustrial arenas characterized by networks, heterogeneity, and change.Methodology/approach – Proposes that labor control operates via socio-technical networks composed of diverse ties to social actors, technologies, and typifications. Data from an interview-based study of early website production work is used to examine the impact of such a network.Findings – Socio-technical networks constrained web workers#x02019; actions but also offered opportunities for autonomous discretion. Some shifting between networked and hierarchical controls occurred in larger organizations.Research implications/limitations – The role of networks in the labor process is not well understood; this study provides a starting point.Social implications – Socio-technical networks are heterogeneous and lack common status metrics, making inequality among workers difficult to gauge and address. Further, since networked controls are decentralized, their pressures are not easily identified or resisted by workers.Originality/value – This chapter describes a form of labor control that may characterize some postindustrial fields more closely than traditional models. In addition, it contributes new insights on how work is shaped by technical networks and abstract typifications.

This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices.

The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced.

The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment.

This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation.

The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.

This chapter is devoted to the study of the standard control of the material costs of production as a factor of technical growth of an enterprise of manufacturing industries: ways of integration in a single information space of information that allows you to manage the cost and quality of products at all stages of the value creation; theoretical and methodological approaches to the implementation of control functions of material costs (technological waste and production losses) according to preestablished consumption rates in the value creation of an industrial enterprise, especially in a number of machine-building factories of Nizhny Novgorod industrial cluster; theoretical methods of synthesis and comparison data, structured description of characteristics of the object of study, system analysis, as well as empirical methods of observations and descriptions of the subject area. The necessity of further improvement of effectiveness and methodology of a control function of a standard cost accounting system in the aspect of maintaining the technical growth of an enterprise is substantiated. Current condition is analyzed, and ways of modernization of organizational, managerial, methodological, metrological, and competence types are proposed. Also, sets of conditions for implementation of standard control and procedures incorporated into instrumental information space are substantiated. It is proved that the application of standard accounting of material costs for production within the framework of a system of standard accounting effectively contributes to noticeable technical growth and meets modern criteria and parameters of an effective management. It is substantiated that conditions for the implementation of a standard control of material costs for the production of an industrial enterprise that contributes to technical growth are availability and comprehensiveness of organizational, managerial, methodological, and metrological types of security control of material resources in the production; compliance with technical standards for processing, warehousing, storage, transportation of material resources; and matching competencies of management personnel with their functions. It is expected to introduce a standard control of material costs within the framework of a standard accounting system in practices of machine-building enterprises, as a significant factor of technical growth. Scientific understanding of an essence of the standard control of material costs within the framework of a standard cost accounting system, justified and outlined by the author, ensures incorporation into practice of effective production management, contributes a noticeable technical growth of industrial enterprises of the processing industries; provides a significant improvement in a quality of accounting results in general.

The purpose of this paper is to recognise the importance of the interplay between performance measurement, performance management, employee engagement and performance. However, the nature of this phenomenon is not well understood. Analysis of the literature reveals two dimensions of organisational control, technical and social, that are used to develop a conceptual framework for studying this phenomenon.

The authors conducted explorative action research involving pilot and control groups from two departments of a UK bank.

The authors show that an intervention on the social controls has led to changes in technical controls of the performance measurement system resulting in significant improvement in employee engagement and performance.

The research was undertaken with two cases from a single organisation. Further fine-grained, longitudinal research is required to fully understand this phenomenon in a wider range of contexts.

The paper contributes to the theory on performance measures and gives guidance on how organisations might design their performance measurement systems to enhance employee engagement and performance.

The study makes three contributions. First, the authors introduce a new theoretical framework based the organisational control theory providing a basis for future research. Second, through nine propositions, the authors establish a causal relationship between performance measurement, performance management, employee engagement and performance. Third, the authors identify a gap in knowledge concerning the design of organisational controls in the context of the process that is being managed.

In the nineteenth century, the comparative method was seen as essential, if not fundamental, to growth and production of knowledge in the human sciences. However, over time the categories that formed the basis of nineteenth century comparative research (civilized: savage for example) were discredited. And so, in time, was the comparative method itself.

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

As the demand for new services strains library resources, directors of research libraries must practice efficient cost management and demonstrate alignment with institutional objectives. For technical services, this requires managing the effective cost of metadata services, assessing core functions, and evaluating operational performance. This paper uses Complex Adaptive Systems (CASs) as a framework to expose the network of local and global dependencies that currently define the field of operation for technical services. Comparative analyses using a CASs framework were conducted on reports by the Library of Congress, the Heads of Technical Services in Large Research Libraries Interest Group, and the British Library. Each report addresses financial pressures placed on bibliographic control services in response to the 2008 recession. Statements within the reports were assigned to one of three dominant systems: bibliographic control, institutional identification, and distributive networks. The statements were then mapped to the CASs characteristics to determine environmental pressures and areas of adaptation. The reports exposed long-standing dependencies that tie local bibliographic control to a complex network of external agencies. Institutional shifts toward user-centered services coupled with growing fiscal restraint has disrupted the stability of these networks. The analyses found that in all cases network instability led to localized institutional adaptation to existing economic pressures. The paper recommends applying a CASs model to assess the alignment of distributed metadata standards and systems development to local institutional objectives.

The purpose of this paper is to investigate efforts to manage institutional complexity in a state-owned enterprise, the roles of explicated values in these efforts and how these values interact with each other and other influential management controls.

Exploratory case study in StateEnt, a state-owned enterprise that faces institutional complexity. The analysis is based on interviews, observations and documents and concepts from the management control literature and institutional logics are applied.

Findings from this study suggest that a structural differentiation have separated two logics in different departments and two of the explicated values have become symbols of these logics taking on various roles in negotiations. Tension between the departments is heightened because the departments legitimize logic enactment through mobilizing different socio-technical dyads of management control. The division of responsibility between these departments still ensures that they need to collaborate and make compromises. The study also finds that exogenously imposed constraints have a significant influence on organizational activities, which is further strengthened due to internally developed management controls embedded in the same logic.

The study contributes with deeper understanding of values as control, and how these interact with other control forms to influence organizational activity. Herein, the importance of regulatory controls in state-owned enterprises is also highlighted. A limitation of this study is the limited size of the organization under investigation.

The explicit emphasis on values as a control in studies on management control issues in institutionally complex environments is underemphasized in the literature.