Search results

This paper aims to address research gaps around third party data flows in education by investigating governance practices in higher education with respect to learning management system (LMS) ecosystems. The authors answer the following research questions: how are LMS and plugins/learning tools interoperability (LTI) governed at higher education institutions? Who is responsible for data governance activities around LMS? What is the current state of governance over LMS? What is the current state of governance over LMS plugins, LTI, etc.? What governance issues are unresolved in this domain? How are issues of privacy and governance regarding LMS and plugins/LTIs documented or communicated to the public and/or community members?

This study involved three components: (1) An online questionnaire about LMS, plugin and LTI governance practices from information technology professionals at seven universities in the USA (n = 4) and Canada (n = 3). The responses from these individuals helped us frame and design the interview schedule. (2) A review of public data from 112 universities about LMS plugin and LTI governance. Eighteen of these universities provide additional documentation, which we analyze in further depth. (3) A series of extensive interviews with 25 university data governance officers with responsibilities for LMS, plugin and/or LTI governance, representing 14 different universities.

The results indicate a portrait of fragmented and unobtrusive, unnoticed student information flows to third parties. From coordination problems on individual college campuses to disparate distributions of authority across campuses, as well as from significant data collection via individual LTIs to a shared problem of scope across many LTIs, the authors see that increased and intentional governance is needed to improve the state of student privacy and provide transparency in the complex environment around LMSs. Yet, the authors also see that there are logical paths forward based on successful governance and leveraging existing collaborative networks among data governance professionals in higher education.

Substantial prior work has examined issues of privacy in the education context, although little research has directly examined higher education institutions’ governance practices of LMS, plugin and LTI ecosystems. The tight integration of first and third-party tools in this ecosystem raises concerns that student data may be accessed and shared without sufficient transparency or oversight and in violation of established education privacy norms. However, these technologies and the university governance practices that could check inappropriate data handling remain under-scrutinized. This paper addresses this gap by investigating the governance practices of higher education institutions with respect to LMS ecosystems.

Despite the increasing utilization of webpages for the purposes of information seeking, customers’ concerns have become a crucial impediment for online shopping. The purpose of this paper is to examine the influence of the effectiveness of web assurance seals services (WASS) and customers’ concerns on customer’s willingness to book hotels through perceived website trust and perceived value.

A questionnaire was administrated to measure the study variables. Using partial least squares–structural equation modeling approach to analyze the data collected from 860 users of online hotel websites.

The results indicate that WASS influence positively on perceived website trust and negatively on consumers’ concerns. As well as, perceived value and trust play a mediating role in the link between WASS and consumers’ concerns and their intentions. Finally, perceived website trust and perceived value have greater effect on intention to book hotel for low-habit consumers.

This study ignored the cross-culture issue as it concentrates on the customers from developing countries, so further research may need to compare between two or more than two samples from different societies that could give a significant insights. Second, this study stresses on the WASS to predict customers booking intentions that indicates significant results, so further research may need to examine the role of online reviews as a predictor of customers purchase decision as well.

To the authors’ best knowledge, this is the first empirical research that investigates and examines the influence of the effectiveness of WASS and consumers’ concerns on consumers’ intentions through perceived value and trust. This research also investigates the moderating role of habit in the link between perceived website, perceived value and consumers’ intentions.

The cluster supply chain is widely used in the professional towns in China, and improves the competitiveness of small and medium enterprises through integrating the supply chain with the industrial cluster. The paper aims to discuss this issue.

This paper studies a cluster supply chain under vendor managed inventory (VMI) system, which includes vendors, third-party logistics (TPL) enterprises and retail enterprises, and aims to study the replenishment decisions and coordination contracts in the supply chain. The economic order quantity model is applied to analyze the influence of marginal transportation cost factor under two replenishment modes – direct delivery and milk-run delivery, in order to find out the optimal replenishment decisions corresponding to different marginal transportation cost factors. And then, the revenue sharing contract is used to identify the change of profits of enterprises in the supply chain before and after the coordination contract.

It is concluded that the marginal transportation cost factor is an important factor influencing the replenishment decision especially in milk-run delivery, and the introduction of the revenue sharing contract can improve the revenue in the supply chain.

This is the first study that explores the relationship between a single transport cost and a single transport batch of cluster supply chain in centralized VMI & TPL system. The conclusions of the study have certain theoretical significance for the decision making and coordination of cluster supply chain.

The purpose of this paper is to understand the roles various drivers such as cost, strategy and risk play when business process outsourcing/information technology enabled services (BPO/ITES) firms in India outsource their information technology (IT) functions to third-party vendors. If all key drivers associated with IT outsourcing were understood, and such knowledge of those variables was incorporated into the reasons for outsourcing, there would be a greater probability of a successful outcome.

A “hybrid” (quantitative and qualitative) research methodology was used to gain insight into the IT-outsourcing paradigm by BPO/ITES firms in India. A structured questionnaire related to IT-outsourcing activities conducted from 1999 to 2010 was distributed to nine firms. The resulting data were then analyzed. In addition, two Indian BPO/ITES firms that had outsourced their IT to a third-party vendor to cut cost generously granted in-depth information into their IT-outsourcing paradigm and life cycle.

IT outsourcing is perhaps more complicated than other types of outsourcing. Focussing purely on cost is very risky. Practitioners need to take all three drivers – cost, strategy and risk into consideration. Any degradation of services or responsibilities due to IT outsourcing would mean a very unhappy client or even loss of business.

BPO/ITES firms in India tend to focus only on cost reduction from IT outsourcing without taking into consideration other equally important drivers such as strategy and risk. This paper counsels a holistic approach toward IT outsourcing for a successful outcome. In addition, an IT-outsourcing framework and guide is proposed for practitioners.

Information systems (IS) outsourcing has been viewed as an attractive option by many senior managers generally because of the belief that IS outsourcing vendors can achieve economies of scale and specialization because their only business is information processing. The challenge of implementing, operating and maintaining enterprise resource planning (ERP) systems and the outsourcing service offered by ERP vendors have made ERP outsourcing an attractive option for some organizations. However, although IS outsourcing is now a major industry, the outsourcing of ERP applications is still in its infancy. This paper explores ERP outsourcing in terms of the application service provider (ASP) approach where a third‐party vendor hosts, manages and maintains various data and ERP applications on behalf of different clients. Critical to the management of the ERP outsourcing relationship is the outsourcing contract, which, if improperly or incompletely written, can have significant negative implications for the outsourcing firm. Contracts that encourage vendor performance and discourage under‐performance are therefore clearly of interest to managers. Although many articles have appeared on outsourcing, the issue of incentive contracts for ERP outsourcing has not been adequately addressed by researchers, partly because of the infancy of this area. In this paper, an approach to analyze incentive schemes and structuring ERP outsourcing contracts for the mutual gain of the parties is presented.

While the phenomenon of R&D offshoring has become increasingly popular, scholars have mostly focused on R&D offshore outsourcing from the point of view of the client firms, who are often from an advanced country. By examining vendor firms, in this paper the authors shift the focus to the second party in the dyadic relationship of R&D offshore outsourcing. Specifically, the authors compare vendor firms with nonvendor firms from the same emerging economy and industry to look at whether vendor firms from emerging economies can improve their innovation performance by learning from their clients. The authors also look at the role of depth and breadth of existing technological capabilities of the vendor firm in its ability to improve its innovation performance.

This study is based on firm-level data from the Indian biopharmaceutical industry between 2005 and 2016. The authors use the Heckman two-stage model to control for self-selection by firms. The authors compare the innovation performance of vendor firms with nonvendor biopharmaceutical firms (group vs nongroup analysis) as well as innovation performance across vendor firms (within group comparison).

The authors find that, compared to nonvendor firms, R&D offshore outsourcing vendor firms from emerging economies have higher innovation performance. The authors argue that this higher innovation performance among vendor firms is due to learning from their clients. Among vendor firms, the authors find that the innovation gains are contingent upon the two factors of depth and breadth of the vendor firms' technological capabilities.

This paper makes three contributions: First, the authors augment the nascent stream of research on innovation from emerging economy firms. The authors introduce a new mechanism for emerging economy firms to learn and upgrade their capabilities. Second, the authors contribute to the literature on global value chains, by showing that vendor firms are able to learn from their clients and upgrade their capabilities. Third, by examining the innovation by vendor firms, the authors contribute to the R&D offshore outsourcing, which has largely focused on the client.

The study findings have important implications for both clients and vendors. For client firms, the authors provide evidence that knowledge spillovers do happen, and R&D offshore outsourcing can turn vendors into potential competitors. This research helps firms from emerging economies by showing that becoming vendors for R&D offshore outsourcing is a viable option to learn from foreign firms and improve innovation performance. Going outside geographic boundaries may be a large hurdle for these resource-strapped, emerging economy firms. Providing offshore outsourcing services for narrow slices of R&D activities may be a starting point for these firms to upgrade their capabilities.

This paper is among the first to quantitatively study the innovation performance of vendor firms from emerging economies. The authors also contribute to the nascent literature on innovation in emerging economy firms by showing that providing R&D offshore outsourcing services to client firms from advanced countries can improve firms' innovation performance.

The purpose of this study is to develop a research agenda on internal controls for offshored accounting processes. It further develops a linkage between internal controls of offshored accounting processes and auditing of the organization. Offshoring of accounting processes has become a common business practice, pursued by firms to reduce costs and focus on core competencies. However, our understanding about internal controls of these offshored processes is limited.

Grounded in theory that is supported by prior literature and interviews with practitioners, this paper attempts to develop a research agenda on internal controls for offshored accounting processes.

The main findings of our study suggest that while offshoring saves costs and allows the clients to focus on their core competencies, it also poses risks to the clients’ organizations. To mitigate these risks and comply with the regulatory requirements of the countries where the clients are located, clients and their offshore vendors need to effectively establish adequate internal controls for offshored business processes. Clients should seek those vendors who have appropriate processes in place and are willing to provide Service Organization Control (SOC) reports (or at least are capable of getting a SOC report in the near future). Moreover, clients should avoid offshoring the processes that would exist in defective internal control systems. Similarly, vendors should avoid undertaking those processes for which they are incapable of maintaining efficient internal controls.

Our study has implications for academicians as well as practitioners on understanding the determinants and consequences of internal control for offshored processes.

While internal controls for offshored accounting process and related regulatory changes have been increasingly important topics, little research has been devoted to explore their implications on accounting and auditing literature. We attempt to bridge this gap by synthesizing prior research on internal controls and auditing, and further developing a set of research questions for academic research. Our hope is to spur a new area of research that has not been explored before.

Recent times have witnessed a heightened global interest in outsourcing of logistics functions. This is indicated by the volume of writings on the subject in various scholarly journals, trade publications and popular magazines. However, efforts to organize them in an integrated body of knowledge appear to be very limited. Keeping this in view, this paper makes an attempt to develop a comprehensive literature on outsourcing based on more than 100 published articles, papers and books on the subject.

Offshore outsourcing of non‐core business process has rapidly evolved as a ubiquitous organisational phenomenon. However, failure to follow a clear, systematic and effective outsourcing strategy to evaluate threats, uncertainties and numerous imponderables can cause global enterprise businesses major setbacks. The reasons for such setback could be largely due to lack of core competency, careful legal planning and due diligence to operating models associated with an outsourcing initiative. This paper attempts to collate and exemplify the distinct qualifying processes accommodating contractual and intellectual property rights and provide a worthwhile debate on intricate legal considerations when structuring multi‐jurisdictional outsourcing deals.

The paper presents a comparative analysis of strategic legal and management framework by weighing the risks and evaluating the threats which would assist the decision making process of firms when selecting an appropriate offshore partner to carry out their IT‐development work.

Importance of legal intervention and due diligence to service agreements is further elevated as, at every phase of an outsourcing arrangement, compliance issues and contractual obligations can affect the success of an enterprise customer and its relationship with their outsourcing service provider.

The authors suggest that an exhaustive qualitative and quantitative industry specific research analysis be conducted in order to better define the principles and standards governing sub‐contracting arrangements.

A broader exposure to the strategic management and regulatory framework might provide firms with vantage points from which they could assess and identify new opportunities, evaluate threats and adopt effective risk mitigation strategies. Compliance to security standards and safeguard of information acquisition, analysis and usage should emerge as the mainstream strategy for outsourcing.

The paper offers insights and an overview of management and legal issues in the context of offshore technology outsourcing.

Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.

The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.

The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.

The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.

Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.

There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.

The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.