A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness : evidence from IT steering committees

Given the substantial investment in information technology (IT), and the significant impact IT has on organizational success, organizations consume considerable resources to manage acquisition and use of their IT resources. While various arguments proposed suggest which IT governance arrangements may work best, our understanding of the effectiveness of such initiatives is limited. We examine the relationship between the effectiveness of IT steering committee driven IT governance initiatives and firm's IT management and IT infrastructure related capabilities. We further propose that firm's ITrelated capabilities generated through IT governance initiatives should improve its business processes and firm-level performance. We test these relationships empirically by a field survey. Results suggest that firms' effectiveness of IT steering committee driven IT governance initiatives positively relates to the level of their IT-related capabilities. We also found positive relationships between IT-related capabilities and internal process-level performance. Our results also support that improvement in internal process-level performance positively relates to improvement in customer service and firm-level performance.

Information accountability with policy languages for e-Health

ICT is becoming a prominent part of healthcare delivery but brings with it information privacy concerns for patients and competing concerns by the caregivers. A proper balance between these issues must be established in order to fully utilise ICT capabilities in healthcare. Information accountability is a fairly new concept to computer science which focuses on fair use of information. In this paper we investigate the different issues that need to be addressed when applying information accountability principles to manage healthcare information. We briefly introduce an information accountability framework for handling electronic health records (eHR). We focus more on digital rights management by considering data in eHRs as digital assets and how we can represent privacy policies and data usage policies as these are key factors in accountability systems.

The internetalisation of information, knowledge and interaction components of the firm’s internationalisation process

Transcending traditional national borders, the Internet is an evolving technology that has opened up many new international market opportunities. However, ambiguity remains, with limited research and understanding of how the Internet influences the firm’s internationalisation process components. As a consequence, there has been a call for further investigation of the phenomenon. Thus, the purpose of this study was to investigate the Internet’s impact on the internationalisation process components, specifically, information availability, information usage, interactive communication and international market growth. Analysis was undertaken using structural equation modelling. Findings highlight the mediating impact of the Internet on information and knowledge transference in the internationalisation process. Contributions of the study test conceptualisations and give statistical validation of interrelationships, while illuminating the Internet’s impact on firm internationalisation.

A quantum information retrieval approach to memory

As computers approach the physical limits of information storable in memory, new methods will be needed to further improve information storage and retrieval. We propose a quantum inspired vector based approach, which offers a contextually dependent mapping from the subsymbolic to the symbolic representations of information. If implemented computationally, this approach would provide exceptionally high density of information storage, without the traditionally required physical increase in storage capacity. The approach is inspired by the structure of human memory and incorporates elements of Gardenfors’ Conceptual Space approach and Humphreys et al.’s matrix model of memory.

Informed for healthy ageing : exploring how ageing Australians experience health information use

Exploring information use within everyday or community contexts is a recent area of interest for information literacy research endeavours. Within this domain, health information literacy (HIL) has emerged as a focus of interest due to identified synergies between information use and health status. However, while HIL has been acknowledged as a core ingredient that can assist people to take responsibility for managing and improving their own health, limited research has explored how HIL is experienced in everyday community life. This article will present the findings of ongoing research undertaken using phenomenography to explore how HIL is experienced among older Australians within everyday contexts. It will also discuss how these findings may be used to inform policy formulation in health communication and as an evidence base for the design and delivery of consumer health information resources and services.

Enterprise information security policy assessment : an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach.

Towards a Deeper Understanding of Information Technology Governance Effectiveness : A Capabilities-Based Approach

We examine the relationship between the effectiveness of IT steering committee-driven IT governance initiatives and firm’s IT management and IT infrastructure related capabilities. We test these relationships empirically by a field survey of 216 firms. Results of this study suggest that a firms’ effectiveness of IT steering committee-driven IT governance initiatives positively relate to the level of their IT-related capabilities. We also found positive relationships between IT-related capabilities and internal process-level performance, which positively relate to improvement in customer service and firm-level performance. For researchers, we demonstrate that the resourcebased theory provides a more robust explanation of the determinants of firms IT governance initiatives. This would be ideal in evaluating other IT governance initiatives effectiveness in relation to how they contribute to building performance-differentiating IT-related capabilities. For decision makers, we hope our study has reiterated the notion that IT governance is truly a coordinated effort, embracing all levels of human resources.

The Impact of Information Technology Investments on Firm Processes and Performance

This book provides the much needed international dimension on the payoffs of information technology investments. The bulk of the research on the impact of information technology investments has been undertaken in developed economies, mainly the United States. This research provides an alternative dimension - a developing country perspective on how information technology investments impacts organizations. Secondly, there has been much debate and controversy on how we measure information technology investment payoffs. This research uses an innovative two-stage model where it proposes that information technology investments will first impact the process and improvement in the processes will then impact the performance. In doing so, it considers sectors of information technology investment rather than taking it as one. Finally, almost all prior studies in this area have considered only the tangible impact of information technology investments. This research proposes that one can only better understand the benefits by looking at both the tangible and intangible benefits.

International transfer pricing : the Australian approach and lessons for Canada

In response to developments in international trade and an increased focus on international transfer-pricing issues, Canada’s minister of finance announced in the 1997 budget that the Department of Finance would undertake a review of the transfer-pricing provisions in the Income Tax Act. On September 11, 1997, the Department of Finance released draft transfer-pricing legislation and Revenue Canada released revised draft Information Circular 87-2R. The legislation was subsequently amended and included in Bill C-28, which received first reading on December 10, 1997. The new rules are intended to update Canada’s international transfer-pricing practices. In particular, they attempt to harmonize the standards in the Income Tax Act with the arm’s-length principle established in the OECD’s transfer pricing guidelines. The new rules also set out contemporaneous documentation requirements in respect of cross-border related-party transactions, facilitate administration of the law by Revenue Canada, and provide for a penalty where transfer prices do not comply with the arm’s-length principle. The Australian tax authorities have similarly reviewed and updated their transfer-pricing practices. Since 1992, the Australian commissioner of taxation has issued three rulings and seven draft rulings directly relating to international transfer pricing. These rulings outline the selection and application of transfer pricing methodologies, documentation requirements, and penalties for non-compliance. The Australian Taxation Office supports the use of advance pricing agreements (APAs) and has expanded its audit strategy by conducting transfer-pricing risk assessment reviews. This article presents a detailed review of Australia’s transfer-pricing policy and practices, which address essentially the same concerns as those at which the new Canadian rules are directed. This review provides a framework for comparison of the approaches adopted in the two jurisdictions. The author concludes that although these approaches differ in some respects, ultimately they produce a similar result. Both regimes set a clear standard to be met by multinational enterprises in establishing transfer prices. Both provide for audits and penalties in the event of noncompliance. And both offer the alternative of an APA as a means of avoiding transfer-pricing disputes with Australian and Canadian tax authorities.

Environmental reporting in the Australian mining industry : complying with regulation or meeting international best practice?

It is nearly 10 years since the introduction of s 299(1)(f) Corporations Act , which requires the disclosure of information regarding a company's environmental performance within its annual report. This provision has generated considerable debate in the years since its introduction, fundamentally between proponents of either a voluntary or mandatory environmental reporting framework. This study examines the adequacy of the current regulatory framework. The environmental reporting practices of 24 listed companies in the resources industries are assessed relative to a standard set by the Global Reporting Initiative (GRI) Sustainability Reporting Guidelines. These Guidelines are argued to represent "international best practice" in environmental reporting and a "scorecard" approach is used to score the quality of disclosure according to this voluntary benchmark. Larger companies in the sample tend to report environmental information over and above the level required by legislation. Some, but not all companies present a stand-alone environmental/sustainability report. However, smaller companies provide minimal information in compliance with s 299(1)(f) . The findings indicate that "international best practice" environmental reporting is unlikely to be achieved by Australian companies under the current regulatory framework. In the current regulatory environment that scrutinises s 299(1)(f) , this article provides some preliminary evidence of the quality of disclosures generated in the Australian market.

Not-for-profit ratios for financial resilience and internal accountability : a study of Australian international aid organisations

Not-for-profit (NFP) financial ratio research has focused primarily on organisational efficiency measurements for external stakeholders. Ratios that also capture information about stability, capacity (liquidity), gearing and sustainability, enable an assessment of financial resilience. They are thus valuable tools that can provide a framework of internal accountability between boards and management. The establishment of an Australian NFP regulator highlights the importance of NFP sustainability, and affirms the timeliness of this paper. We propose a suite of key financial ratios for use by NFP boards and management, and demonstrate its practical usefulness by applying the ratios to financial data from the 2009 reports of ACFID (Australian Council for International Development)-affiliated international aid organisations.

Knowledge-Intensive Business Processes: Proceedings of the 1st International Workshop on Knowledge-intensive Business Processes [CEUR Workshop Proceedings, Volume 861]

Nowadays, Workflow Management Systems (WfMSs) and, more generally, Process Management Systems (PMPs) are process-aware Information Systems (PAISs), are widely used to support many human organizational activities, ranging from well-understood, relatively stable and structures processes (supply chain management, postal delivery tracking, etc.) to processes that are more complicated, less structured and may exhibit a high degree of variation (health-care, emergency management, etc.). Every aspect of a business process involves a certain amount of knowledge which may be complex depending on the domain of interest. The adequate representation of this knowledge is determined by the modeling language used. Some processes behave in a way that is well understood, predictable and repeatable: the tasks are clearly delineated and the control flow is straightforward. Recent discussions, however, illustrate the increasing demand for solutions for knowledge-intensive processes, where these characteristics are less applicable. The actors involved in the conduct of a knowledge-intensive process have to deal with a high degree of uncertainty. Tasks may be hard to perform and the order in which they need to be performed may be highly variable. Modeling knowledge-intensive processes can be complex as it may be hard to capture at design-time what knowledge is available at run-time. In realistic environments, for example, actors lack important knowledge at execution time or this knowledge can become obsolete as the process progresses. Even if each actor (at some point) has perfect knowledge of the world, it may not be certain of its beliefs at later points in time, since tasks by other actors may change the world without those changes being perceived. Typically, a knowledge-intensive process cannot be adequately modeled by classical, state of the art process/workflow modeling approaches. In some respect there is a lack of maturity when it comes to capturing the semantic aspects involved, both in terms of reasoning about them. The main focus of the 1st International Workshop on Knowledge-intensive Business processes (KiBP 2012) was investigating how techniques from different fields, such as Artificial Intelligence (AI), Knowledge Representation (KR), Business Process Management (BPM), Service Oriented Computing (SOC), etc., can be combined with the aim of improving the modeling and the enactment phases of a knowledge-intensive process. The 1st International Workshop on Knowledge-intensive Business process (KiBP 2012) was held as part of the program of the 2012 Knowledge Representation & Reasoning International Conference (KR 2012) in Rome, Italy, in June 2012. The workshop was hosted by the Dipartimento di Ingegneria Informatica, Automatica e Gestionale Antonio Ruberti of Sapienza Universita di Roma, with financial support of the University, through grant 2010-C26A107CN9 TESTMED, and the EU Commission through the projects FP7-25888 Greener Buildings and FP7-257899 Smart Vortex. This volume contains the 5 papers accepted and presented at the workshop. Each paper was reviewed by three members of the internationally renowned Program Committee. In addition, a further paper was invted for inclusion in the workshop proceedings and for presentation at the workshop. There were two keynote talks, one by Marlon Dumas (Institute of Computer Science, University of Tartu, Estonia) on "Integrated Data and Process Management: Finally?" and the other by Yves Lesperance (Department of Computer Science and Engineering, York University, Canada) on "A Logic-Based Approach to Business Processes Customization" completed the scientific program. We would like to thank all the Program Committee members for the valuable work in selecting the papers, Andrea Marrella for his valuable work as publication and publicity chair of the workshop, and Carola Aiello and the consulting agency Consulta Umbria for the organization of this successful event.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.