Measuring the realization of benefits from enterprise architecture management

Enterprise architecture management (EAM) has become an intensively discussed approach to manage enterprise transformations. While many organizations employ EAM, a notable insecurity about the value of EAM remains. In this paper, we propose a model to measure the realization of benefits from EAM. We identify EAM success factors and EAM benefits through a comprehensive literature review and eleven explorative expert interviews. Based on our findings, we integrate the EAM success factors and benefits with the established DeLone & McLean IS success model resulting in a model that explains the realization of EAM benefits. This model aids organizations as a benchmark and framework for identifying and assessing the setup of their EAM initiatives and whether and how EAM benefits are materialized. We see our model also as a first step to gain insights in and start a discussion on the theory of EAM benefit realization.

A risk simulation framework for information infrastructure protection

Information communication and technology (ICT) systems are almost ubiquitous in the modern world. It is hard to identify any industry, or for that matter any part of society, that is not in some way dependent on these systems and their continued secure operation. Therefore the security of information infrastructures, both on an organisational and societal level, is of critical importance. Information security risk assessment is an essential part of ensuring that these systems are appropriately protected and positioned to deal with a rapidly changing threat environment. The complexity of these systems and their inter-dependencies however, introduces a similar complexity to the information security risk assessment task. This complexity suggests that information security risk assessment cannot, optimally, be undertaken manually. Information security risk assessment for individual components of the information infrastructure can be aided by the use of a software tool, a type of simulation, which concentrates on modelling failure rather than normal operational simulation. Avoiding the modelling of the operational system will once again reduce the level of complexity of the assessment task. The use of such a tool provides the opportunity to reuse information in many different ways by developing a repository of relevant information to aid in both risk assessment and management and governance and compliance activities. Widespread use of such a tool allows the opportunity for the risk models developed for individual information infrastructure components to be connected in order to develop a model of information security exposures across the entire information infrastructure. In this thesis conceptual and practical aspects of risk and its underlying epistemology are analysed to produce a model suitable for application to information security risk assessment. Based on this work prototype software has been developed to explore these concepts for information security risk assessment. Initial work has been carried out to investigate the use of this software for information security compliance and governance activities. Finally, an initial concept for extending the use of this approach across an information infrastructure is presented.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

An examination of keystroke dynamics for continuous user authentication

Most current computer systems authorise the user at the start of a session and do not detect whether the current user is still the initial authorised user, a substitute user, or an intruder pretending to be a valid user. Therefore, a system that continuously checks the identity of the user throughout the session is necessary without being intrusive to end-user and/or effectively doing this. Such a system is called a continuous authentication system (CAS). Researchers have applied several approaches for CAS and most of these techniques are based on biometrics. These continuous biometric authentication systems (CBAS) are supplied by user traits and characteristics. One of the main types of biometric is keystroke dynamics which has been widely tried and accepted for providing continuous user authentication. Keystroke dynamics is appealing for many reasons. First, it is less obtrusive, since users will be typing on the computer keyboard anyway. Second, it does not require extra hardware. Finally, keystroke dynamics will be available after the authentication step at the start of the computer session. Currently, there is insufficient research in the CBAS with keystroke dynamics field. To date, most of the existing schemes ignore the continuous authentication scenarios which might affect their practicality in different real world applications. Also, the contemporary CBAS with keystroke dynamics approaches use characters sequences as features that are representative of user typing behavior but their selected features criteria do not guarantee features with strong statistical significance which may cause less accurate statistical user-representation. Furthermore, their selected features do not inherently incorporate user typing behavior. Finally, the existing CBAS that are based on keystroke dynamics are typically dependent on pre-defined user-typing models for continuous authentication. This dependency restricts the systems to authenticate only known users whose typing samples are modelled. This research addresses the previous limitations associated with the existing CBAS schemes by developing a generic model to better identify and understand the characteristics and requirements of each type of CBAS and continuous authentication scenario. Also, the research proposes four statistical-based feature selection techniques that have highest statistical significance and encompasses different user typing behaviors which represent user typing patterns effectively. Finally, the research proposes the user-independent threshold approach that is able to authenticate a user accurately without needing any predefined user typing model a-priori. Also, we enhance the technique to detect the impostor or intruder who may take over during the entire computer session.

How fit is your organizational culture for business process management?

While business transformations often primarily focus on technological and methodological solutions, there is consensus that having the right organizational culture is critical for the successful change of business processes.

Groundwater visualisation system (GVS) : a software framework for integrated display and interrogation of conceptual hydrogeological models, data and time-series animation

Management of groundwater systems requires realistic conceptual hydrogeological models as a framework for numerical simulation modelling, but also for system understanding and communicating this to stakeholders and the broader community. To help overcome these challenges we developed GVS (Groundwater Visualisation System), a stand-alone desktop software package that uses interactive 3D visualisation and animation techniques. The goal was a user-friendly groundwater management tool that could support a range of existing real-world and pre-processed data, both surface and subsurface, including geology and various types of temporal hydrological information. GVS allows these data to be integrated into a single conceptual hydrogeological model. In addition, 3D geological models produced externally using other software packages, can readily be imported into GVS models, as can outputs of simulations (e.g. piezometric surfaces) produced by software such as MODFLOW or FEFLOW. Boreholes can be integrated, showing any down-hole data and properties, including screen information, intersected geology, water level data and water chemistry. Animation is used to display spatial and temporal changes, with time-series data such as rainfall, standing water levels and electrical conductivity, displaying dynamic processes. Time and space variations can be presented using a range of contouring and colour mapping techniques, in addition to interactive plots of time-series parameters. Other types of data, for example, demographics and cultural information, can also be readily incorporated. The GVS software can execute on a standard Windows or Linux-based PC with a minimum of 2 GB RAM, and the model output is easy and inexpensive to distribute, by download or via USB/DVD/CD. Example models are described here for three groundwater systems in Queensland, northeastern Australia: two unconfined alluvial groundwater systems with intensive irrigation, the Lockyer Valley and the upper Condamine Valley, and the Surat Basin, a large sedimentary basin of confined artesian aquifers. This latter example required more detail in the hydrostratigraphy, correlation of formations with drillholes and visualisation of simulation piezometric surfaces. Both alluvial system GVS models were developed during drought conditions to support government strategies to implement groundwater management. The Surat Basin model was industry sponsored research, for coal seam gas groundwater management and community information and consultation. The “virtual” groundwater systems in these 3D GVS models can be interactively interrogated by standard functions, plus production of 2D cross-sections, data selection from the 3D scene, rear end database and plot displays. A unique feature is that GVS allows investigation of time-series data across different display modes, both 2D and 3D. GVS has been used successfully as a tool to enhance community/stakeholder understanding and knowledge of groundwater systems and is of value for training and educational purposes. Projects completed confirm that GVS provides a powerful support to management and decision making, and as a tool for interpretation of groundwater system hydrological processes. A highly effective visualisation output is the production of short videos (e.g. 2–5 min) based on sequences of camera ‘fly-throughs’ and screen images. Further work involves developing support for multi-screen displays and touch-screen technologies, distributed rendering, gestural interaction systems. To highlight the visualisation and animation capability of the GVS software, links to related multimedia hosted online sites are included in the references.

Configuring processes and business documents : an integrated approach to enterprise systems collaboration

Enterprise Systems (ES) provide standardized, off-theshelf support for operations and management within organizations. With the advent of ES based on a serviceoriented architecture (SOA) and an increasing demand of IT-supported interorganizational collaboration, implementation projects face paradigmatically new challenges. The configuration of ES is costly and error-prone. Dependencies between business processes and business documents are hardly explicit and foster component proliferation instead of reuse. Configurative modeling can support the problem in two ways: First, conceptual modeling abstracts from technical details and provides more intuitive access and overview. Second, configuration allows the projection of variants from master models providing manageable variants with controlled flexibility. We aim at tackling the problem by proposing an integrated model-based framework for configuring both, processes and business documents, on an equal basis; as together, they constitute the core business components of an ES.

Provision of customer knowledge to supply chains

Knowledge about customers is vital for supply chains in order to ensure customer satisfaction. In an ideal supply chain environment, supply chain partners are able to perform planning tasks collaboratively, because they share information. However, customers are not always able or willing to share information with their suppliers. End consumers, on the one hand, do not usually provide a retail company with demand information. On the other hand, industrial customers might consciously hide information. Wherever a supply chain is not provided with demand forecast information, it needs to derive these demand forecasts by other means. Customer Relationship Management provides a set of tools to overcome informational uncertainty. We show how CRM and SCM information can be integrated on the conceptual as well as technical levels in order to provide supply chain managers with relevant information.

Gender-diverse boards and properties of analyst earnings forecasts

Using a sample of 2,200 US listed firm year observations (2001-2007)this study shows a positive (negative) relation between female participation in corporate boards and analysts' earnings forecast accuracy (dispersion), after controlling for earnings quality, corporate governance, audit quality, stock price informativeness and potential endogeneity. Our findings are important as they suggest that board diversity adds to the transparency and accuracy of financial reports such that earnings expectations are likely to be more accurate for these firms.

Investigating the success of operational business process management systems

Business process management systems (BPMS) belong to a class of enterprise information systems that are characterized by the dependence on explicitly modeled process logic. Through the process logic, it is relatively easy to manage explicitly the routing and allocation of work items along a business process through the system. Inspired by the DeLone and McLean framework, we theorize that these process-aware system features are important attributes of system quality, which in turn will elevate key user evaluations such as perceived usefulness, and usage satisfaction. We examine this theoretical model using data collected from four different, mostly mature BPM system projects. Our findings validate the importance of input quality as well as allocation and routing attributes as antecedents of system quality, which, in turn, determines both usefulness and satisfaction with the system. We further demonstrate how service quality and workflow dependency are significant precursors to perceived usefulness. Our results suggest the appropriateness of a multi-dimensional conception of system quality for future research, and provide important design-oriented advice for the design and configuration of BPMSs.

Auditor obligations in an evolving legal landscape

Purpose – The purpose of this paper is to look at auditor obligations to their clients and potentially to third parties such as investors, with a focus on the quality of financial disclosure in an evolving legal framework. Design/methodology/approach – The article outlines and compares established and emerging trends relative to information disclosure and contractual performance in parallel contexts where information asymmetry exists. In particular, this article considers the disclosure regime that has evolved in the insurance industry to address the substantial imbalance in the level of knowledge possessed by the insured in comparison to the prospective insurer. Abductive reasoning is used to identify causal constructs that explain the data pattern from which the theorised potential for judicial revision of the interpretation of “true and fair” in line with “good faith” in legal regulation is derived. Findings – The authors conclude that there is little doubt that a duty of good faith in relation to auditor-company contractual dealings and potentially a broader good faith duty to third parties such as investors in companies may be on the horizon. Originality/value – In the context of stated objectives by organisations such as the International Federation of Accountants to reconcile ethical and technical skills in the wake of the global financial crisis, there is an increased need to rebuild public and investor confidence in the underpinning integrity of financial reporting. This paper offers a perspective on one way to achieve this by recognising the similarities in the information asymmetry relationships in the insurance industry and how the notion of “good faith” in that relationship could be useful in the audit situation.

On effective accounting information systems in a dynamic business environment : the role of complementing capabilities

The global business environment is witnessing tough times, and this situation has significant implications on how organizations manage their processes and resources. Accounting information system (AIS) plays a critical role in this situation to ensure appropriate processing of financial transactions and availability to relevant information for decision-making. We suggest the need for a dynamic AIS environment for today’s turbulent business environment. This environment is possible with a dynamic AIS, complementary business intelligence systems, and technical human capability. Data collected through a field survey suggests that the dynamic AIS environment contributes to an organization’s accounting functions of processing transactions, providing information for decision making, and ensuring an appropriate control environment. These accounting processes contribute to the firm-level performance of the organization. From these outcomes, one can infer that a dynamic AIS environment contributes to organizational performance in today’s challenging business environment.

A comparative analysis of risk stratification tools for emergency department patients with chest pain

Background: Appropriate disposition of emergency department (ED) patients with chest pain is dependent on clinical evaluation of risk. A number of chest pain risk stratification tools have been proposed. The aim of this study was to compare the predictive performance for major adverse cardiac events (MACE) using risk assessment tools from the National Heart Foundation of Australia (HFA), the Goldman risk score and the Thrombolysis in Myocardial Infarction risk score (TIMI RS). Methods: This prospective observational study evaluated ED patients aged ≥30 years with non-traumatic chest pain for which no definitive non-ischemic cause was found. Data collected included demographic and clinical information, investigation findings and occurrence of MACE by 30 days. The outcome of interest was the comparative predictive performance of the risk tools for MACE at 30 days, as analyzed by receiver operator curves (ROC). Results: Two hundred eighty-one patients were studied; the rate of MACE was 14.1%. Area under the curve (AUC) of the HFA, TIMI RS and Goldman tools for the endpoint of MACE was 0.54, 0.71 and 0.67, respectively, with the difference between the tools in predictive ability for MACE being highly significant [chi2 (3) = 67.21, N = 276, p < 0.0001]. Conclusion: The TIMI RS and Goldman tools performed better than the HFA in this undifferentiated ED chest pain population, but selection of cutoffs balancing sensitivity and specificity was problematic. There is an urgent need for validated risk stratification tools specific for the ED chest pain population.

Designing and evaluating an online role play in conflict management

Purpose This paper aims to identify, through a literature review, key issues regarding how online role plays can be designed and to apply them when designing a role play on conflict management. Design/methodology/approach By drawing on the key issues identified in the literature review, a role play on conflict management was designed and evaluated. Data were collected by developing a survey that focused on perceived learning, participation and satisfaction. Findings Overall, a majority of the students felt that they learned and participated in the role play. The most positive finding was that the students were satisfied with their role play experience. Research limitations/implications Researchers are urged to further develop the dimensions and measures of online role play success. The measures that were developed for evaluating perceived learning, participation and satisfaction with role plays can be further developed and tested. It is suggested that the effects on learning need to be further explored. Practical implications It is suggested that teachers take the identified key issues of online role play design into account. An important challenge seems to be to encourage students to reflect and do additional reading and research in relation with online role plays. Originality/value Online collaboration is commonly argued as beneficial from an e-learning perspective. However, a challenge for research and practice is to learn how collaborative e-learning activities may be developed. This paper contributes by focusing on how online role plays can be designed and evaluated.

No worries – we’ll take care of it!! An examination into managing equality and inclusivity in multicultural Australia

This paper explores the various paths to equality and inclusivity developed in the past 40 years within the Australian workplace with a view to critically examining their capability of addressing diversity and equality within the cultural needs of a unique society. A society which struggles to overcome the tyranny of distance and a colonial past as it takes its place in the world as a global 1st world economy country in what is often considered ‘the global north’ despite its geographical location. Findings indicate that despite various legislative and non-legislative approaches including anti-discrimination; affirmative action; equal opportunity; managing diversity and more recently gender equality, the individual members of the many diverse groups in the Australian workplace still experience inferior work conditions and work opportunities.