The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email administrator@ejise.com
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Information about the European Conference on Information Management and Evaluation is available here

linkedin-120 

twitter2-125 

fb_logo-125 

 

Journal Article

Using Value‑at‑Risk for ISIT Project and Portfolio Appraisal and Risk Management  pp1-6

Stefan Koch

© Mar 2006 Volume 9 Issue 1, Editor: Dan Remenyi, pp1 - 43

Look inside Download PDF (free)

Abstract

This paper makes the case for adopting a risk measure from the finance sector for ISIT project and portfolio evaluation. The proposed value‑at‑risk approach constitutes a well‑tested approach in high‑risk environments, especially banking, and reports the expected maximum loss (or worst loss) over a target horizon within a given confidence interval. Value‑at‑risk is computed using either an analytical, parametric approach, or resorting to simulation, either based on historical samples or Monte Carlo methods. The main advantages of using value‑at‑risk measures are that they are methodologically consistent with modern ISIT evaluation approaches like real options, that they offer possibilities for management and assessment of ISIT project portfolios, and that the results are easy to interpret.

 

Keywords: IT investment, risk management, value-at-risk, project portfolio

 

Share |

Journal Article

Improving the Benefits of IT Compliance Using Enterprise Management Information Systems  pp27-38

Renata Paola Dameri

© Jan 2009 Volume 12 Issue 1, ECIME 2008, Editor: Dan Remenyi, pp1 - 118

Look inside Download PDF (free)

Abstract

During the latest years, IT governance has become more and more important. More of the attention on IT Governance is captured by compliance, owing to the recent financial scandals and the severe rules regarding information systems audit and control. Companies need to comply with these rules, but it requires important investments, considered not only strategic but necessary (Remenyi et. al. 2000). However, companies should analyse the compliance requirements to implement an IT governance system, not only to comply with legal rules, but also to improve the strategic alignment between IT and business and to optimise value creation by IT compliance investments (Ventrakaman and Henderson 1996, Van Grembergen 2003). However, companies have difficulties in implementing IT compliance initiatives, because they are complex and require an integrated approach all over the organization. But IT compliance initiatives often lack an integrated, strategic approach: they only try to comply with the increasing rules affecting IT operations, thereby limiting the value of compliance investments. To optimise IT compliance, companies should develop an IT compliance strategy, aiming not only to accomplish with regulations, but also to bring processes into compliance. That is, to realise a full integration between operations, risk control, data reliability. To reach this result, compliance automated solutions are indicated, like GCR (Governance, Risk and Compliance) applications. However, standard solutions fail to support specific problems and the individual value proposition of each company: an EIMS (Enterprise Information Management Systems), developed in house, allows automatically managed processes, data and information security, to access control and system performance and to improve data usability, in accordance with company specific organisation and needs. In this paper, IT compliance is introduced, to define how to orient it to value creation; GRC systems. EIM systems are described, with their different cost and benefits for companies. The aim of the paper is to define how to develop compliance automated systems, to save money and enhance information integration and value. Observations and conclusions derive from practical experience of the author, participating to a project of EIM implementation in a major Italian company.

 

Keywords: IT governance, risk management, accounting information systems, IT compliance, knowledge management

 

Share |

Journal Article

IT Risk Management: A Capability Maturity Model Perspective  pp3-13

Val Hooper anMarian Carcaryd Tarika Kalidas

© Jun 2013 Volume 16 Issue 1, ECIME 2012, Editor: Dr. David Sammon and Dr. Tadhg Nagle, pp1 - 84

Look inside Download PDF (free)

Abstract

Abstract: Understanding the value derived from IT investments and IT enabled operational improvements is difficult, and has been a subject of research and debate among ICT practitioners and academics for many years. This is particularly so because innovat ive technological developments have supported transformative changes in organizational operational activities. Research continues to investigate approaches to not only understanding the value derived by IT but also to optimizing this value. One of the key aspects of optimizing IT‑driven value is the requirement to effectively manage risk. The continual evolution of the IT risk landscape requires effective Risk Management (RM) practices for all IT risk areas, such as, but not limited to security, investm ents, service contracts, data protection and information privacy. Effectively managing these risk areas pose specific concerns from the perspective of Chief Information Officers (CIOs) and Chief Risk Officers (CROs). Hence, significant considerations should be given to not only the processes involved in assessing, prioritizing, handling and monitoring these risks but also to ensuring the development of an appropriate risk culture and the establishment of effective RM governance structures, to support effective RM. This paper examines the maturity model/framework approach to improving an organizationĀs IT capabilities, with specific reference to effectively managing IT‑related risks, and increasing value derived over time. A new IT Risk Management mat urity model is presented; this framework is part of the IT Capability Maturity Framework (IT CMF) which supports value‑driven IT management practices. It was developed by the Innovation Value Institute at the National University of Ireland Maynooth, fol lowing a design science and open innovation research approach. The IT CMF, consisting of 33 Critical Capabilities, focuses on maturing key activities of the IT organization. The Risk Management Critical Capability presented in this paper enables organizat ions to determine their IT RM maturity and identify key recommendations in specific areas to improve maturity overtime. Thereafter the paper presents an analysis of the maturity model approach to managing risk, to improving an organizationĀs IT capabiliti es, and to deriving enterprise‑wide value from more mature IT practices.

 

Keywords: Keywords: IT risks, IT risk management, maturity model, IT CMF, critical capability, RM practices, outcomes and metrics

 

Share |

Journal Issue

Volume 9 Issue 2 / Nov 2006  pp45‑104

Editor: Dan Remenyi

View Contents Download PDF (free)

Editorial

Once again we have received an interesting range of research papers from authors around the world and furthermore they continue to represent a very wide range of thought with regards to the different applications of evaluation thinking for information and communication technology. It is clear that this field has not yet produced a clear consensus as to any particular methodology and I for one believe that this is what one might loosely call a “good thing”.

Six papers have been selected by our reviewers through the process or double‑blind peer review and this has produced six very interesting and yet different papers from authors in Sweden, Spain, The Netherlands, Ireland and Greece.

I trust readers will find these pieces of research as interesting as I have.

 

Keywords: IS integration, activity-based costing, assessment, business evaluation, cost management systems, e-business, e-commerce, enterprise modelling, evaluation framework, event study methodology, information systems effectiveness, information systems management, information systems quality, information technology productivity paradox, internet business, IS success, IT investment, process capability, project portfolio, risk management, software process maturity, system analysis metrics, value-at-risk, web-facilitated business

 

Share |