Jan Devos

Rethinking IT governance for SMEs

Purpose – The purpose of this paper is to critically rethink the concepts and the theoretical foundations of IT governance in small‐ and medium‐sized enterprises (SMEs).Design/methodology/approach – The paper is based on multiple case studies. In total, eight cases of outsourced information system projects where failures occurred were selected. An outsourced information system failure (OISF) is suggested as a failure of governance of the IT in a SME environment. A structure for stating propositions derived from two competing theories is proposed (Agency Theory and Theory of Trust).Findings – The results reveal that trust is slightly more important than control issues such as output‐based contracts and structured controls in the governance of IT in SMEs.Practical implications – The world of SMEs is significantly different from that of large companies, and therefore, the concept of IT governance in SMEs needs reconsideration. For researchers and practitioners, it would be more meaningful to focus on actual,...

IT Governance in SMEs: Trust or Control?

It is believed by many scholars that a small and medium-sized enterprise (SME) cannot be seen through the lens of a large firm. Theories which explain IT governance in large organizations and methodologies used by practitioners can therefore not be extrapolated to SMEs, which have a completely different economic, cultural and managerial environment. SMEs suffer from resource poverty, have less IS experience and need more external support. SMEs largely contribute to the failure of many IS projects. We define an outsourced information system failure (OISF) as a failure of IT governance in an SME environment and propose a structure for stating propositions derived from both agency theory and theory of trust. The theoretical question addressed in this paper is: how and why do OISFs occur in SMEs? We have chosen a qualitative and positivistic IS case study research strategy based on multiple cases. Eight cases of IS projects were selected. We found that trust is more important than control issues like output-based contracts and structured controls for eliminating opportunistic behaviour in SMEs. We conclude that the world of SMEs is significantly different from that of large companies. This necessitates extra care to be taken on the part of researchers and practitioners when designing artefacts for SMEs.

Information Systems for Small and Medium-sized Enterprises

This book establishes and explores existing and emerging theories on Small and Medium-sized Enterprises (SMEs) and the adoption of IT/IS. It presents the latest empirical research findings in that area of IS research and explores new technologies and practices. The book is written for researchers and professionals working in the field of IS research or the research of SMEs. Moreover, the book will be a reference for researchers, professionals and students in management information systems science and related fields.

Cognitive factors influencing treatment decision-making in patients with localised prostate cancer: development of a standardised questionnaire.

Abstract Background: Men diagnosed with localised prostate cancer have to make a well-informed treatment choice between (robot-assisted) radical prostatectomy, external beam radiotherapy and, in selected cases, brachytherapy and active surveillance. We developed and validated a questionnaire to determine the cognitive reasons motivating this choice. Materials and methods: The Prostate Cancer Decision-Making Questionnaire (PC-DMQ) was designed in-house and validated through the Delphi method. Finally, we tested the questionnaire in a cohort of 24 men, recently diagnosed with localised PC, before undergoing RARP (n = 16), EBRT (n = 6), brachytherapy (n = 1) or active surveillance (n = 1). Results: The experts reached consensus after three rounds. In the patient cohort, 75% of men undergoing RARP chose this treatment because ‘it provides the best chance of cure’. Reasons to choose EBRT were not as explicit: 33.3% chose this treatment because ‘it provides the best chance of cure’ and 33.3% because ‘the maintenance of potency is important to them’. Conclusions: The PC-DMQ is a comprehensive and standardised tool that allows further research into cognitive factors that influence treatment decision-making in patients with localised PC.

Narratives of an Outsourced Information Systems Failure in a Small Enterprise

In this study we investigate a case of an outsourced information systems (IS) failure (OISF) within the collaborative partnership among asymmetric partners. A small and medium-sized enterprise (SME) is dealing with an independent software vendor (ISV) conducting a project of implementing an IS that fails. We used a narrative research methodology for our enquiry. In the construction of our narrative we followed the OISF framework as a theoretical touchstone. As a major conclusion we found that asymmetric collaborations with partners with inadequate managerial and technical IT capabilities are extremely prone to OISF’s. We showed that an outcome-based and fixed price contract is not an adequate instrument to conduct such a partnership and to avoid a failure.

How Much Matter Probabilities in Information Security Quantitative Risk Assessment

The starting point of this research essay is a critical review of two methods to conduct a quantitative analysis of information systems security risks: 1) Management of Risk: Guidance for Practitioners and 2) a cost model based on annual loss expectancy. We are focusing on these methods with a perspective that highlights the limits of both empiricism and the theoretical elements that underlie them. From an epistemological point of view we have considered the logical syntax of the two models, the semantics included in statements and the pragmatics of the scientific discourse: the use of models to demonstrate the risk assessment thesis, to solve the problems of risks in the human judgment versus mathematical calculus controversy. The major issues that we are discussing in this article imply various perspectives on scientific criteria, the choice among various theories and the structuring of problems proposed to be solved. We argue that the models that have been developed so far, the top-down approach (which involves well defined and well understood rules), as well as the demonstrations based on the induction method, cannot be applied in a lot of scenarios, because information systems, considered as a complex whole made up of various components, is primarily not a positivistic science solely described by mathematics. The main research question to be answered in this paper is: What are the limits of knowledge in probabilistic computations for information systems security risk assessment? Our purpose is to demonstrate the epistemological limits of the two models and the error of generalizing probability calculus using the interpretive approach.

Phishing Attacks Root Causes

Nowadays, many people are losing considerable wealth due to online scams. Phishing is one of the means that a scammer can use to deceitfully obtain the victim’s personal identification, bank account information, or any other sensitive data. There are a number of anti-phishing techniques and tools in place, but unfortunately phishing still works. One of the reasons is that phishers usually use human behaviour to design and then utilise a new phishing technique. Therefore, identifying the psychological and sociological factors used by scammers could help us to tackle the very root causes of fraudulent phishing attacks. This paper recognises some of those factors and creates a cause-and-effect diagram to clearly present the categories and factors which make up the root causes of phishing scams. The illustrated diagram is extendable with additional phishing causes.

Effect of ERP Implementation on the Company Efficiency - A Macedonian CASE

Enterprise Resource Planning (ERP) is slowly find its place in many organizations in Macedonia. The primary goal of an ERP implementation is managing and coordinating all resources, information, and business processes from shared data stores. This paper elaborates on an ERP solution implementation in the Macedonian production sector and the effect it has on the company efficiency. A case study was conducted in a small or medium-sized manufacturing company in Macedonia during a period of seven years and compared to empirical findings of ERP systems implementations in developed countries. Findings show almost similar results. ERP systems implementations require time, money and management commitment and the effect to improve efficiency is embryonic. However it was also noticed that ERP system implementation helps in the transformation of the ownership of the company and in establishing better market competitiveness.