Strategic Information System Agility:From Theory to Practices 1800438117, 9781800438118

Table of contents :
Half Title Page
Title Page
Copyright Page
Dedication Page
Contents
List of Figures
List of Tables
List of Acronyms
Preface
Chapter 1-Introduction
1.1 Context
1.2 Why Agility Now?
1.3 The Agility Role
1.4 IT as a Business Agility Obstacle
1.5 IT at the Service of Business Agility
1.6 Research Objective
1.7 Research Design
1.8 Contributions and Relevance
1.9 Book Organization
Chapter 2-Understanding Agility Concept
2.1 Introduction
2.2 Background of Significant Changes Underlying Agility
2.3 Production Method Trends
2.3.1 Lean Manufacturing
2.3.2 Total Quality Management
2.4 Agile Management Paradigm Evolution
2.4.1 Change Management
2.4.2 Change and Uncertainty Mastering in the Entrepreneurial Organization
2.4.3 Work on Agility
2.4.4 Agile Continuous Delivery Methods
2.4.4.2 Agile Manifesto. In 2001, the Agile Manifesto was created by 17 of the world’s leading software development thinkers. Their vision was to establish a set of values and principles lightweight against cumbersome software development processes such a
2.4.4.3 DevOps. In 2009, at the O’Reilly Velocity Conference, two Flickr employees, John Allspaw, Senior Vice President of Technical Operations, and Paul Hammond, Director of Engineering, delivered a now-famous presentation entitled “10+ Deploys per Day:
2.4.4.4 Toyota Kata. In 2009, Mike Rother authored “Toyota Kata”: Managing People for Improvement, Adaptiveness and Superior Results book, which summarizes his 20 years of experience to understand and codify the Toyota production system (Rother, 2009). Ro
Summary
Chapter 3-Information System Evolution
3.1 Introduction
3.2 Information System Definition and Objective
3.3 Information System Concept
3.4 Concepts of Enterprise Application
3.5 Features of Enterprise Applications
3.6 Autonomy
3.7 Distribution
3.8 Heterogeneity
3.9 Dynamism
3.10 EIS and Company Strategy
3.11 Enterprise Information Systems’ Complexity
3.12 Complexity Factors
3.13 Evolution of EISs
3.14 EIS Governance
3.14.1 COBIT
3.14.2 LIBRARY (ITIL)
3.14.3 Structure of ITIL v4
3.14.4 CMMI
Level 1: Initial. Every organization defaults to level 1. Project management is not defined within the organization. Effectiveness relies on the skills and motivation of individuals. No control is carried out.
Level 2: Managed. Project management is defined at the organization level and is applied by default to all projects. All projects meet the CMMI level 2 model’s objectives with the processes proposed by the organization, or by default with processes define
Level 3: Defined. Project management processes are extended to the entire organization through standards, procedures, tools, and methods also defined at the organizational level. The entire organization has a discipline that is applied consistently. The o
Level 4: Quantitatively Managed. The success of projects is quantified. The causes of deviations can be analyzed. Process performance is predictable in terms of quantity and quality.
Level 5: Optimizing. It is referred to as the stage of continuous process improvement incrementally and innovatively. Developments are anticipated. Processes are constantly challenged in order to stay in line with the objectives.
3.14.5 Committee of Sponsoring Organizations of the Treadway Commission (COSO)
3.15 Urbanization
3.15.1 The Metaphor of the City
3.15.2 The Urbanization of Information System
3.16 Flexibility
3.17 Agility
3.17.1 IS Organizational Design
3.17.2 Competencies and Skills of IS Professionals
3.17.3 IS Development
3.17.4 Design of IT Infrastructure
Summary
Chapter 4-The Conceptual Model for IS Agility
4.1 Introduction
4.2 Literature Review
4.3 Literature Methodology
4.4 IS Agility Frameworks
4.4.2 Gunasekaran and Yusuf (2002)
4.4.3 Crocitto and Youssef (2003)
4.4.4 Lin, Chiu, and Tseng (2006)
4.4.5 Swafford, Ghosh, and Murthy (2008)
4.4.6 Ramesh, Mohan, and Cao (2012)
4.4.7 Atapattu and Sedera (2014)
4.4.8 Park, El Sawy, and Fiss (2017)
4.4.9 Morton, Stacey, and Mohn (2018)
4.4.10 Wu (2019)
4.5 Discussion and Critics
4.5.2 Critics
4.6 Agility Components
4.7 Agility Drivers
4.8 Capability
4.9 The Proposed Conceptual Model to Achieve Strategic Agility
4.9.1 Sensing
4.9.2 DBPA
4.9.3 The Level of Agility Need
4.9.4 Security Policy
4.9.5 The Proposed Model Contribution
Summary
Chapter 5-Strategic Agility for IT Service Management: A Case Study
5.1 Introduction
5.2 IT Service Management ITSM
5.2.1 Agility in ITSM
5.3 The Proposed ITSM Framework
5.3.2 Framework Maturity Profile
5.3.3 The Attainment Model
5.3.4 Agility Management
5.4 Use Case
Summary
Chapter 6-Cloud Computing as a Drive for Strategic Agility in Organizations
6.1 Introduction
6.2 Goals and Objectives of the Research Study
6.3 Literature Review
6.4 The Theoretical Foundation
6.4.1 Combining DOI and TOE
6.5 Research Model and Hypotheses
6.5.1 The Innovation Characteristics
6.5.2 Technological Readiness
6.5.3 The Organization Context
6.5.4 The Environmental Context
6.6 Research Methods
6.7 Quantitative Methodology
6.7.2 Data Collect
6.7.3 Results
6.7.4 Finding
6.7.5 Technology Readiness
6.7.6 Organizational Context
6.7.7 Environmental Context
6.7.8 Discussion and Interpretations
6.7.9 Qualitative Study
6.7.10 Hypobook
6.7.11 Results
6.7.12 Result Discussion
Summary
Appendix 1
Appendix 2
References
Index

Citation preview

Strategic Information System Agility

This page intentionally left blank

Strategic Information System Agility: From Theory to Practices

BY

ABDELKEBIR SAHID University Hassan 1st, Morocco

YASSINE MALEH University Sultan Moulay Slimane, Morocco

MUSTAPHA BELAISSAOUI University Hassan 1st, Morocco

United Kingdom – North America – Japan – India – Malaysia – China

Emerald Publishing Limited Howard House, Wagon Lane, Bingley BD16 1WA, UK First edition 2021 Copyright © 2021 Emerald Publishing Limited Reprints and permissions service Contact: [email protected] No part of this book may be reproduced, stored in a retrieval system, transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without either the prior written permission of the publisher or a licence permitting restricted copying issued in the UK by The Copyright Licensing Agency and in the USA by The Copyright Clearance Center. Any opinions expressed in the chapters are those of the authors. Whilst Emerald makes every effort to ensure the quality and accuracy of its content, Emerald makes no representation implied or otherwise, as to the chapters’ suitability and application and disclaims any warranties, express or implied, to their use. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN: 978-1-80043-811-8 (Print) ISBN: 978-1-80043-810-1 (Online) ISBN: 978-1-80043-812-5 (Epub)

In loving memory of my aunt Essadia Sahid In loving memory of my mother To my family

Abdelkebir Sahid Yassine Maleh Mustapha Belaissaoui

This page intentionally left blank

Contents

List of Figures

xi

List of Tables

xiii

List of Acronyms Preface Chapter 1  Introduction

xv xvii 1

1.1 Context1 1.2  Why Agility Now?2 1.3  The Agility Role3 1.4  IT as a Business Agility Obstacle4 1.5  IT at the Service of Business Agility5 1.6  Research Objective5 1.7  Research Design6 1.8  Contributions and Relevance6 1.9  Book Organization7 Chapter 2  Understanding Agility Concept

9

2.1 Introduction9 2.2  Background of Significant Changes Underlying Agility10 2.3  Production Method Trends13 2.3.1  Lean Manufacturing14 2.3.2  Total Quality Management17 2.4  Agile Management Paradigm Evolution18 2.4.1  Change Management18 2.4.2 Change and Uncertainty Mastering in the Entrepreneurial Organization21 2.4.3 Work on Agility 21 2.4.4 Agile Continuous Delivery Methods25 2.4.4.1 Scrum25 2.4.4.2 Agile Manifesto26

viii   Contents

2.4.4.3 DevOps26 2.4.4.4 Toyota Kata26 Summary27 Chapter 3  Information System Evolution

29

3.1 Introduction29 3.2  Information System Definition and Objective32 3.3  Information System Concept33 3.4  Concepts of Enterprise Application35 3.5  Features of Enterprise Applications35 3.6 Autonomy36 3.7 Distribution37 3.8 Heterogeneity37 3.9 Dynamism38 3.10  EIS and Company Strategy38 3.11  Enterprise Information Systems’ Complexity40 3.12  Complexity Factors40 3.13  Evolution of EISs41 3.14  EIS Governance42 3.14.1 COBIT47 3.14.2 LIBRARY (ITIL) 51 3.14.3 Structure of ITIL v4 52 3.14.4 CMMI 54 3.14.5 Committee of Sponsoring Organizations of the Treadway Commission (COSO)55 3.15 Urbanization57 3.15.1 The Metaphor of the City 57 3.15.2 The Urbanization of Information System59 3.16 Flexibility60 3.17 Agility61 3.17.1 IS organizational Design64 3.17.2 Competencies and Skills of IS professionals65 3.17.3 IS Development65 3.17.4 Design of IT Infrastructure66 Summary66 Chapter 4  The Conceptual Model for IS Agility

67

4.1 Introduction67 4.2  Literature Review68 4.3  Literature Methodology71

Contents    ix

4.4  IS Agility Frameworks72 4.4.1 Zhang and Sharifi (2000)72 4.4.2 Gunasekaran and Yusuf (2002)72 4.4.3 Crocitto and Youssef (2003)73 4.4.4 Lin, Chiu, and Tseng (2006)74 4.4.5 Swafford, Ghosh, and Murthy (2008)75 4.4.6 Ramesh, Mohan, and Cao (2012)75 4.4.7 Atapattu and Sedera (2014)76 4.4.8 Park, El Sawy, and Fiss (2017)78 4.4.9 Morton, Stacey, and Mohn (2018)78 4.4.10 Wu (2019)78 4.5  Discussion and Critic’s79 4.5.1 Discussion79 4.5.2 Critic’s80 4.6  Agility Components81 4.7  Agility Drivers81 4.8 Capability81 4.9  The Proposed Conceptual Model to Achieve Strategic Agility84 4.9.1 Sensing85 4.9.2 DBPA87 4.9.3 The Level of Agility Need88 4.9.4 Security Policy89 4.9.5 The Proposed Model Contribution89 Summary90 Chapter 5  Strategic Agility for IT Service Management: A Case Study 93 5.1 Introduction93 5.2 IT Service Management ITSM95 5.2.1 Agility in ITSM96 5.3 The Proposed ITSM Framework99 5.3.1 Framework Overview99 5.3.2 Framework Maturity profile99 5.3.3 The Attainment Model102 5.3.4 Agility Management103 5.4  Use Case106 Summary115 Chapter 6  Cloud Computing as a Drive for Strategic Agility in Organizations 117 6.1 Introduction117 6.2 Goals and Objectives of the Research Study119 6.3 Literature Review120

x   Contents

6.4 The Theoretical Foundation121 6.4.1 Combining DOI and TOE125 6.5 Research Model and Hypotheses128 6.5.1 The Innovation Characteristics129 6.5.2 Technological Readiness131 6.5.3 The Organization Context132 6.5.4 The Environmental Context133 6.6 Research Methods133 6.7 Quantitative Methodology135 6.7.1  Measurement Model135 6.7.2  Data Collect135 6.7.3  Results135 6.7.4  Finding136 6.7.5  Technology Readiness141 6.7.6  Organizational Context141 6.7.7  Environmental Context142 6.7.8  Discussion and Interpretations142 6.7.9  Qualitative Study142 6.7.10  Hypobook145 6.7.11  Results148 6.7.12  Result Discussion149 Summary150 Appendix153 Reference159 Index185

List of Figures

Fig. 1. The Overall Structure of the Book. Fig. 2. The Production Modes Development and Agility Paradigm. Fig. 3. The Evolution of Production Modes. Fig. 4. The Manufacturing Trilogy of JIT, TQ, and TI. Fig. 5. A Model of a TQM System Source. Fig. 6. The First Strategic Change Process. Fig. 7. The Second Strategic Change Process. Fig. 8. Agile Entreprise. Fig. 9. AM Structure. Fig. 10. The Structure of an AM Enterprise. Fig. 11. A Progression of Manufacturing Paradigms. Fig. 12. Common Attributes and Skills. Fig. 13. The Evolution of Information Systems. Fig. 14. Systemic View of the Company and the Environment. Fig. 15. Information System Structure. Fig. 16. A Systemic View of an IS. Fig. 17. Concept of Application. Fig. 18. Dimensions of Enterprise Applications. Fig. 19. What is the Strategy? Fig. 20. Extended IT Governance Model. Fig. 21. The ERM Model Proposed by COSO. Fig. 22. EIS Urbanization and Alignment. Fig. 23. Factors Influencing Information Systems. Fig. 24. The Proposed Model to Achieve Agility in Manufacturing. Fig. 25. Agile Manufacturing Paradigm. Fig. 26. Model of Organizational Agility. Fig. 27. Conceptual Model for an Agile Enterprise. Fig. 28. Conceptual Model for Supply Chain Agility. Fig. 29. POIRE Agility Evaluation Approach. Fig. 30. Business Agility through CRM for Customer Satisfaction. Fig. 31. Producing Agility through IT Configuration. Fig. 32. A Framework for Executive IT Leaders to Strategic Agility. Fig. 33. IS Integration to Improve Supply Chain Agility. Fig. 34. Agility Types of Research Components. Fig. 35. A Conceptual Model to Achieve IS Agility. Fig. 36. Sensing Phase.

7 12 15 16 17 18 19 22 23 24 24 25 31 32 33 35 36 36 38 45 56 60 71 73 73 74 75 76 77 77 78 79 80 83 84 88

xii    List of Figures Fig. 37. DevOps Agility: Aligning People, Technology, and Process for Continuous Improvement. Fig. 38. DevOps ITSM Maturity Model for Continues the Organization’s Measure and Improvement. Fig. 39. The Proposed Agile ITSM Framework. Fig. 40. Assessment Score. Fig. 41. ITSM Maturity Score. Fig. 42. Continual IT Improvement. Fig. 43. The Proposed Model for Cloud Adoption in Organizations. Fig. 44. Research Design. Fig. 45. Cloud Usage by Type. Fig. 46. Cloud Usage by Deployment Model. Fig. 47. Combined Frequency Distributions for Responses to Aggregated IS Agility Categories.

104 107 108 110 111 114 129 134 148 148 149

List of Tables

Table 1. Research Questions. Table 2. The Dimension of the IT Governance Model. Table 3. IS Agility Research Streams. Table 4. Agility Definitions. Table 5. Agility Drivers Types. Table 6. Sensing Types. Table 7. The Proposed Framework Capabilities. Table 8. New Skills and Attitudes Required for an Efficient ITSM. Table 9. Organization Staff and Turnover. Table 10. Participants’ Demographics. Table 11. Continual Quality Improvement. Table 12. Target Objectives of Phase 1 (Months 0–12) to Achieve the Target Maturity Level. Table 13. Cloud Computing Studies. Table 14. Summary of the Factors Studied Influencing Cloud Adoption. Table 15. Participants’ Demographics. Table 16. Quantitative Factors that Influence the Adoption of Cloud Computing. Table 17. Mean and Standard Deviation of Full and Subsamples. Table 18. Sample Size Calculation Using the G* Power Software. Table 19. The Interview Questions Sample. Table 20. Cloud Computing’s Impact on Information Systems Agility.

6 46 62 69 82 86 100 105 109 109 110 112 122 126 136 137 140 143 144 146

This page intentionally left blank

List of Acronyms

AM Agility Management APO Align, Plan, and Organise BAI Build, Acquire, and Implement BSC Balanced Scorecard ISO/IEC International Standards Organization/International Electrotechnical Commission CEO Chief of Enterprise Officer CG Corporate Governance CIA Confidentiality, Integrity, and Availability CIO Chief of Information Officer CMDB Configuration Management Database CMMI Capability Maturity Model Integration COBIT Control Objectives for Information and related Technology COSO  Committee of Sponsoring Organizations of the Treadway Commission DOI Diffusion of Innovation theory DSS Deliver, Service, and Support DIS Direction of information systems DBPA Data Base Agility Drivers EDA Exploratory Data Analysis EDM Evaluate, Direct, and Monitor EUROSAI European Organization of Supreme Audit Institutions EIS Enterprise Information Systems ERP Enterprise Resources Planning DSR Design Science Research EG Enterprise Governance IT Information Technology ITG Information Technology Governance ITGI Information Technology Governance Institute ITIL Information Technology Infrastructure Library ITSM Information Technology Service Management IS Information Systems SLA Service Level Agreement ISO Information Security Officer ISMS Information Security Management System ISG Information Security Governance

xvi    List of Acronyms ISSP Information Systems Security Policy ITIL Information Technology Infrastructure Library ISACA Information Systems Audit and Control Association JIT Just-in-Time (manufacturing philosophy) KPI Key Performance Indicator MEA Monitor, Evaluate, and Assess MENA Middle East and North Africa NIST National Institute of Standards and Technology OLA Operational Level Agreement OA Organizational Agility PDCA Plan-Do-Check-Act PCM Process Capability Model PMBOK Project Management Body of Knowledge PSIS Policy Security for Information Systems SLM Service Level Management SMEs Small and medium-sized enterprises SOX Sarbanes-Oxley Act SPOC Single Point of Contact TQM Total Quality Management TQC Total Quality Control VE Virtual Enterprise UTAUT Unified Theory of Acceptance and Use of Technology

Preface

In the last decade, the use of information systems as a strategic tool has contributed significantly to the Information Technology revolution. However, the adoption of information systems is rarely successful without adequate precautions and attention. IT systems’ deployment is both a risky and profitable choice for an increasingly rapid and evolving economic context. Nowadays, organizations increasingly require a reactive and proactive response to uncertain internal and external events and opportunities, demonstrating agility of action to reach a company’s operational performance. The issue is that organizations are generally not prepared to deal with significant uncertainties and unpredictability. Likewise, information systems are not developed to cope with change and unpredictability. Consequently, for many companies, IT signifies a constraining factor to business agility requirements. Strategically, agility implied conquering new markets, taking risks, and considering new social and environmental challenges. Thus, in operational strategy, this means integrating stakeholders into the company’s practices and improving its understanding by re-evaluating all links in chain value to create a competitive advantage. In other words, agility necessarily requires strategy and, more specifically, organization, culture, and business model to convey the need for responsiveness as effectively as possible. Faced with the various transformations, and needs of the internal and/or external environment, it is essential to structure the company’s information system (EIS) to facilitate its evolution and modify its positioning, structure, and skills. All this in harmony with the company’s strategic development, while ensuring global consistency in terms of permanent IT alignment with the global strategy, interoperability, integration, autonomy, and flexibility. In other words, the EIS must be agile. The book’s purpose is to analyze and explain the impact of IT systems’ strategic agility on organizations’ business performance in response to highly uncertain and unexpected events potentially significant. The present book aims to create an explanatory framework that illustrates how and under what conditions IT helps organizations to detect and respond to uncertain events supported by learning capabilities. The main question of this book is the following: What is the role and impact of strategic IS agility on the operational agility of organizations in response to uncertain events? This book delivers comprehensive coverage of the elements necessary for the development and the implementation of effective Information systems’ strategic

xviii   Preface agility. The book dissertation includes the concept, theory, modeling, and architecture of an agile information system. It covers state of the art, concepts, and methodologies for developing information system strategies taking into account the environment, the current development of information technologies, and the general trend of IS agility. The book should help companies to formulate the information systems’ processes of the twenty-first century to grow in the competitiveness of its area. Abdelkebir Sahid Yassine Maleh Mstapha Belaissaoui

Chapter 1

Introduction 1.1 Context Nowadays, managers increasingly require a proactive and reactive response to uncertain internal and external events and opportunities, demonstrating flexibility and agility of action to match the company’s operational performance. The issue is that organizations are generally not prepared to deal with significant uncertainties and unpredictability. Usually, business practices were certain and predictable (Kidd, 1995). Likewise, information systems are not developed to cope with change and unpredictability. Consequently, for many companies, information technology (IT) is a significant factor that constraints business agility requirement. A study by Tucci, Mitchell, and Goddard (2007) shows that less than half of chief executive officers’ CEOs trust IT to contribute to the success of their business. An MIT study of 1,500 IT managers shows that 71% of American companies are in phase 1 or 2 of enterprise architecture maturity (Ross & Beath, 2006), which explains why IT is a barrier to business agility in many organizations. The lack of agility hurts the company’s performance, for example, due to delays in the launch of new products. Thus, according to Foster and Kaplan (2001), a sixmonth delay in the product launch in the pharmaceutical and cosmetics industry has decreased the product’s turnover by more than 30% over its lifetime. Another example is General Electric’s plan to save $10 billion with real-time information in its GE cockpits for monitoring the company’s performance and rapidly adapting to changes required (Melarkode, From-Poulsen, & Warnakulasuriya, 2004). There are significant differences between companies’ ability to detect uncertain and unexpected events in different sectors of activity to react quickly by changing their operations and business processes. With this quality, the company can cope with surprising and unavoidable changes by expanding (or reducing) these specific capacities or reducing cycle times beyond current levels of flexibility (Sengupta & Masini, 2008). These two examples highlight the benefits of IT in improving responsiveness and agility. This book analyzes the role and impact of IT agility on operational agility to help organizations deal with uncertain and unpredictable consecutive events. Today, agility has become a necessary quality, especially in an always unstable economic environment, making it mandatory, even indispensable (Conboy, 2009; Imache, Izza, & Ahmed-Nacer, 2012; Sharifi & Zhang, 1999; Zhang & Sharifi, 2000). Strategic Information System Agility: From Theory to Practices, 1–8 Copyright © 2021 by Emerald Publishing Limited All rights of reproduction in any form reserved doi:10.1108/978-1-80043-810-120211002

2    Strategic Information System Agility Likewise, IT agility has become the primary purpose of any information systems’ department, a quality that any company must have, to meet the customers’ needs, face competitiveness challenges and rapid technological evolution. Faced with the various transformations and needs of the internal and/or external environment, it is essential to structure the company’s information system (EIS) to facilitate its evolution and modify its positioning, structure, and skills. All this in harmony with the company’s strategic development, while ensuring global consistency in terms of permanent IT alignment with the global strategy, interoperability, integration, autonomy, and flexibility. In other words, the EIS must be agile.

1.2 Why Agility Now? The following chapter introduces the topic and provides an overview of the research contributions included in this book. We ask, “Why agility now?” We believe there are at least three answers. First, it is becoming increasingly difficult to survive and succeed in today’s business environment. Being agile, able to detect and react to predictable and unpredictable situations is a promising strategy in times of change and uncertainty. Recently, an essential activity on agility has promoted in the form of agile software development, agile manufacturing, agile modeling, and agile iterations. The diffusion of IT is a process that takes time and effort. Many IT projects succeed in developing a product, but fail to achieve goals. The importance of information systems’ agility for rapidly changing business environments was recognized, particularly in the digitalization age. In this field, agility refers to the ability to provide solutions promptly and to adapt quickly to changing requirements. For a long time, the business environment has been relatively stable, with gradual changes. In the event of a radical change, the rate tends to remain relatively slow without being quickly followed by other significant changes. In this relatively stable environment, organizations were not encouraged to be proactive in their response to internal and external events promptly. More specifically, as a communication and transaction infrastructure, the Internet has caused (and will continue to create) turbulence and uncertainty in business and consumer markets, as well as its ability to connect everyone and everything. Changes and events in the economic environment were generally predictable. Nevertheless, technology, innovation, public policy changes, and deregulation are destabilizing the business landscape and redesigning this world (Hagel & Brown, 2003). Friedman (2005) argues that the twenty-first-century globalized world has flattened the world. Radical “non-linear changes,” leading to a different order are becoming more frequent. Moreover, the pace of change is significantly faster. Business-networks are becoming more sophisticated and interconnected. The boundaries of the industry are becoming blurred (finance, media, telecoms, and IT converge) (Bradley & Nolan, 1998). However, re-intermediation has created new stakeholders with new capacities, delivering new services to end clients. Regulatory changes and external requirements for accountability, sustainability, and security have a significant impact on the products, processes, and

Introduction    3 organization’s resources. To maintaining its competitiveness and perseverance over time, a company must be able to detect uncertain events, react quickly, and learn from experience (Dove, 2002). Agility gives organizations the ability to quickly detect and respond to unpredictable events, and meet changing customer demands. This ability is essential in today’s business world. New technologies and business practices are continuously introduced to create or change global market demands (Sengupta & Masini, 2008). Two examples illustrate this. An example to understand the role of agility is the agility of IT services’ companies, which was challenged during the latest financial crisis in 2008. When “IceSafe” Bank, an Icelandic bank, encountered financial problems, its customers no longer had access to their savings’ accounts over the Internet from one day to the next, which caused a major panic among IceSafe and other bank customers in Europe. Consumers are seeking assurance that their funds are always safe and accessible through the Internet. The “IceSafe” bank’s website and account information were no longer accessible to customers, consequently a traffic spike on other banks’ websites. IT firms that provide IT hosting capacity and maintenance services for banks such as “IceSafe” should react quickly to maintain online banking services for their customers. Another example is Volvo’s sales and IT initiative to manage the development and implementation of an agile supply chain in the aftermarket. Volvo has developed a platform, web services and a web portal for selling spare parts on the Internet. Indeed, the difficulties related to the creation and the integration of a new platform are accentuated by the pressure of establishing new relationships in the field of global logistics for Spare Parts. Volvo’s work illustrates agility by continuously working on scenario development and ensuring that projects are deployed correctly to support learning. In the “Icesafe” Bank example, using intelligent agent software helps IT service firms by allowing them to identify a possible disruption of their web hosting services proactively. As a result, a response process was initiated to avoid a possible online banking suspension. Through these two examples, IT can improve IS responsiveness and agility.

1.3 The Agility Role Companies must increase their reactivity levels to cope with globalization and various internal and external challenges. Flexibility allows reactivity into organizations, processes, and systems, on a limited number of measures only. Except for that combined flexibility in a system, from the beginning, becomes costly. A new concept is needed to survive in a turbulent environment and cope with market changes. This concept, called agility, was introduced in the American automotive industry in the early 1990s. The Department of Defense requested that Lehigh University researchers develop a vision, a conceptual framework, and recommendations to create an effective industrial infrastructure. As a result of this work, the report entitled “21st Century Manufacturing Enterprise

4    Strategic Information System Agility Strategy” (Nagel & Dove, 1991) was published by the Iacocca Institute at Lehigh University (Kidd, 1994). Following this first report, the Agility Forum is created to explore the agility concept in more depth. Agile manufacturing was developed as a new manufacturing paradigm to address customer requirements in volatile markets. Agile Manufacturing incorporates the full range of flexible production technologies, the lessons learned from total quality management, “just-in-time” production, and “lean” production (Goldman, 1994). Goldman and Nagel (1993) defined agility as the ability to succeed in a continually changing and unpredictable competitive environment and to react quickly to unforeseen changes in global markets, where demand for low-cost, high-performance, high-quality products, and services is paramount for customers. Several publications on agile manufacturing and agile enterprises (Dove, 2002; Kidd, 1994, 1995) followed the work of Goldman and Nagel (1993) and Goldman, Nagel, and Preiss (1995). Subsequently, the concept was extended to supply chains and business networks (Mason-Jones & Towill, 1999; Swafford, 2004; Towill & Christopher, 2002; Van Hoek, Harrison, & Christopher, 2001; Yusuf, Gunasekaran, Adeleye, & Sivayoganathan, 2004). Recently, many researchers have analyzed how IT can support business agility and how agility can improve information systems performance (Desouza & Awazu, 2006; Sambamurthy, Bharadwaj, & Grover, 2003). IT constitutes a key business agility asset and a significant capability that can hinder or facilitate business agility. Over the years, IT has considerably developed and achieved considerable maturity to optimize the use of limited and costly technological resources, roles and relationships have been defined (Hagel & Brown, 2001). IT has become standardized and shared knowledge through the years, reducing prices due to economies of scale. The literature presents three research streams with different perspectives on the relationship between IT capabilities and organizational agility (performance). According to the first trend, IT capacity is not essential and does not hinder the company’s agility performance. The other view is that IT capabilities contribute to strengthening the company’s agility (performance). For the third stream, IT capabilities contribute to improving the company’s agility (performance), but under certain limited conditions and circumstances. This doctoral book will provide additional research resources related to the third stream.

1.4 IT as a Business Agility Obstacle For decades, many studies have revealed conflicting, sometimes divergent, results regarding IT’s effects on the organization’s responsiveness and flexibility. In a survey of many business process re-engineering cases, Attaran (2004) found that “IT was the main obstacle to rapid and radical change, with the profound transformation of the IS requiring a redesign of the IS.” Cabled IT architectures, where business rules are incorporated into information systems, are a significant obstacle to rapid change. IT departments in large companies seem unresponsive and lacking in agility (Kearney et al., 2005). Among the main barriers to this unreliability are existing information systems, the excessive complexity of the IT architecture, and

Introduction    5 the reduced interaction between the company and IT; (flat Business-IT alignment) moreover, differences between Top Management and IT managers regarding the importance of IT and the appropriate time for new technology adoption. IT infrastructure and application complexity prevents the rapid development and deployment of new systems to support business agility.

1.5 IT at the Service of Business Agility IT can increase organizational agility through open standards-based information systems (which facilitate transformation between partners), involving the best functional areas and being flexible for change, due to lack of time, and low costs (Klapwijk, 2004). IT agility increasingly promotes business adaptability (i.e., business agility). Automation has moved from the back office (the 1980s) to the front office (the 1990s) to the automation of the IT infrastructure’s ability to adapt to each business decision. Also, functional (vertical) IT architectures are replaced by horizontal (Large-enterprise) designs. Over the decades, IT protectionists and vendors have developed concepts and strategies to assist companies in achieving IT and organizational agility. As a result, a variety of organizational models and agile IT solutions were designed to reach business agility and cope with unexpected changes. In the research, many books and papers were addressed the information technologies’ role to promote organizational reactivity. The purpose is to have an agile organization able to configure IT and human resources in a fast and flexible way to detect and respond to evolving demands, through the IS capacity in general and the IT infrastructure in particular (Pearlson & Saunders, 2006). Today, CEOs increasingly recognize the importance of being agile, proactive, or reactive – in responding to internal and external uncertain events and opportunities. However, the challenge is that organizations are generally not designed to cope with severe uncertainty and unpredictability. Economic practices are founded upon certainty and predictability (Kidd, 2000). Also, information systems are not intended to deal with changes and unpredictability.

1.6 Research Objective The objective of the book is to create an explanatory framework that illustrates how and under what conditions IT helps organizations to detect and respond to uncertain events, supported by learning capabilities. The principal research question of this book is: Which are the role and impact of IT systems’ strategic agility in responding to uncertain events? Table 1 presents an overview of the sub-research questions in this study and the chapter(s) in which they are addressed.

6    Strategic Information System Agility Table 1.  Research Questions. Research Question

Chapter Number

How to achieve agility in Enterprise Information Systems?

4

How does agility impact IT service management?

5

How can cloud computing adoption increase IT agility?

6

1.7 Research Design The research plan for this book consists of two Sections. The first section includes an in-depth literature review and analysis of existing case studies in Chapters 2 and 3. The result is a global research model. In the second section, a general analysis of the concept of agility is conducted in different industries and sectors based on the worldwide research model. It will be the subject of Chapters 4 and 5.

1.8 Contributions and Relevance This book aims to serve the scientific and business community. The contributions will allow knowing how IT can improve business agility. Promote understanding of the relationship between IT service management agility and organization responding to uncertainty in the agile era. As a practical contribution, this book purposes providing managers with an overview of events requiring agility, in which conditions IT should assist the organization to respond and learning, to leverage personal and organization capabilities through practice frameworks to reach agility in IT asset and service information systems, management, and strategic. Results should allow decisionmakers to determine perspectives, face compromises, and manage IT to drive Information systems’ strategic agility. As applied research, this study attempts to help address the strategic gap in IT agility that has been identified as a significant, real, global problem. In highlighting the “know and do” gap underlying this study, we have tried to tackle this problem boldly. Research overcomes some challenges in researching new areas of corporate governance and IT agility. The foundations have been laid for industry and scholarly literature in this field to contribute to knowledge. This book makes the following significant contributions to IT agility in the literature: ⦁⦁ The first contribution of this research is the literature review on IT agility. It is

clear that while there is significant literature on IT agility and its forms, there is a shortage of literature on IT agility and the importance of internal and external factors on IT investment decision-making. ⦁⦁ The second contribution is identifying essential aspects that define the agile practical framework for IT service management ITSM. It was gathered from a theoretical and empirical research study that generated answers to secondary level research questions and feedback from the analysis of best practice experience in organizations.

Introduction    7 ⦁⦁ The third contribution identifies the determinants of cloud computing

adoption based on the characteristics of innovation and the technological, organizational, and environmental contexts of organizations, and assesses how cloud computing is changing IS agility.

1.9 Book Organization The overall structure of the book is described in Fig. 1. Chapter 2 presents a review of research related to agility by analyzing the different types of the research proposed, from the craft industry to the emergence of agility. Chapter 3 presents an overview of information systems’ evolution based on three interdependent phases. Chapter 4 gives a combination illustrating the development of agility within information systems and provides a conceptual framework to adopt agility in the organization’s information systems. Chapter 5 proposes an agile IT service management through a case study in a large organization. The proposed framework will impact all aspects of IT-oriented user productivity

Part 1: Introduction General Introduction

Part 2: Review of literature and practice Chapter I Introduction

Chapter II Understanding Agility Concept

Chapter III Information Systems Evolution

Part 3: IS Agility Frameworks

Chapter IV The conceptual model for IS Agility

Chapter V Strategic Agility for IT Service Management: A Case Study

Part 4: Conclusion and Future Works Conclusion and open research

Fig. 1.  The Overall Structure of the Book.

Chapter VI Cloud Computing as a Drive for Strategic Agility in Organizations

8    Strategic Information System Agility and will implement an agile approach to managing all these aspects. Chapter 6 proposes recommendations on when and how cloud computing is a useful tool and outlines the limitations of recent studies and future research perspectives. Its primary objective is to explore how agility influences decision-making to adopt cloud computing technology, and how the cloud can increase IT agility. A survey was conducted in the Middle East and North Africa region covering medium and large organization from the manufacturing and service industries. Finally, we discuss the key findings of this book, the limitations, the contributions to the academic and the business world and some recommendations for future research.

Chapter 2

Understanding Agility Concept Abstract Manufacturers have experienced many stages of evolution and paradigm shift. The paradigm shifts from crafts to mass production, then to lean production, and finally to agile manufacturing (AM). Agility will reduce the time to market for appropriate products and services. Twenty-first century companies must meet a demanding customer base that will increasingly seek high quality, low-cost products adapted to their specific and continually evolving needs. It is time for companies to compete, and “push the boundaries” in response to delivery, product quality, and overall excellence in customer service and satisfaction. For addressing these challenges, a new way to manage businesses was proposed called “Agility,” AM is defined as the ability to survive in a competitive environment characterized by the continual and unpredictable changes, by responding effectively to the changing markets with products and services designed by the customer. This chapter presents a review of research related to the agility concept through an analysis of the variously proposed studies. This analysis was conducted based on a meta-model of three words (Agility, Management, and Organization).

2.1 Introduction Numerous studies have suggested an explanation of the agility concept; they define agility as the ability to operate and compete in a continuous and dynamic change context. The Advanced Research Programs Agency and the Agility Forum define agility as The ability to succeed in continuous and often unexpected environmental change. The agility concept constitutes a part of a program established by a diverse set of industrial companies to improve and maintain the competitive advantage of the U.S. manufacturing base. (Sarkis, 2001) Strategic Information System Agility: From Theory to Practices, 9–27 Copyright © 2021 by Emerald Publishing Limited All rights of reproduction in any form reserved doi:10.1108/978-1-80043-810-120211003

10    Strategic Information System Agility Agility, lean, and flexibility are strategic organizational philosophies that have attracted researchers’ attention recently. ⦁⦁ Lean manufacturing: Eliminates waste and minimizes resource use. ⦁⦁ Flexible manufacturing: This is a structure rather than a strategy to facilitate

the reconfiguration and customization of the production chain.

⦁⦁ Agile manufacturing (AM): A Strategy that includes lean and flexible manu-

facturing to develop world Corporation and competitiveness.

According to these definitions, the Lean and flexibility concepts are a part of agility scope; other researches argue that they constitute distinct and separable philosophies. Also, numerous academic and practical studies have treated flexibility and lean of manufacturing, providing specific elements and definitions with analytical models to assign it (Evans, 1991; Narain, Yadav, Sarkis, & Cordeiro, 2000; Upton, 1994). Lean Manufacturing is the result of various practices. First, it was presented by researchers at the Massachusetts Institute of Technology as part of a fundamental study of international practices in the automotive industry (Womack, Womack, Jones, & Roos, 1990). Links and roles between agility, flexibility, and lean can provide a partial agility definition. To respond to Industry requirements for agility appeared firstly in the report of the twenty-first Century Manufacturing Enterprise Strategy (Nagel & Dove, 1991). Agility includes four main dimensions: inputs, outputs, external influences, and internal operations (Goldman & Nagel, 1993; Yusuf, Sarhadi, & Gunasekaran, 1999): ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

Outputs: “solution” products that enrich the customer. Inputs: cooperate to enhance competitiveness. External influences: unpredictable changes and social values. Internal operations: leveraging on human capital and information impact.

For Dove (1995), agility factors emerge through the relationships between organizational entities. These factors include the relationship between opportunistic customers and adaptable producers, known as opportunity management. Another critical factor for environmental uncertainty is the relationship between flexible producers and the relentless technology defined as innovation management.

2.2 Background of Significant Changes Underlying Agility To explain the agility development, it is necessary to draw up a chronology of production methods’ evolution. Initially, agility was developed in the manufacturing field, and in 1991 the term agility and/or agile spread between management and organizations. Three dominant paradigms have affected industrial production in the modern world (Hormozi, 2001; Tidd & Bessant, 1997). Artisanal production appeared in Europe before the eighteenth century. In this mode, producers, mainly (Craftsmen), contracted and completed individual projects. Consumer demands were generally for unique products and vary around the pre-manufactured product (Hormozi, 2001). This paradigm is characterized by a low production volume and a broad product variety (S. Brown & Bessant, 2003). The second is mass production,

Understanding Agility Concept    11 actively developed in the United States between the nineteenth and twentieth centuries – following the discovery of the steam engine developed at the end of the seventeenth century (Boyer, 2004). This phase recognizes growth amplified with the advent of Taylorism and Henry Ford’s assembly lines, which was the moment when “all-purpose” products left the production line at full speed, thus responding to increasingly intense consumer demands. The latest is Lean Manufacturing, which is developed in Japan, and it was not until the late 1990s that it was accepted as a viable production alternative (Hormozi, 2001), although Boyer (2004) situates the development of Lean as early as 1945. Lean manufacturing attempts to use the benefits of mass production in conjunction with just in time (JIT) principles and waste disposal to minimize the total cost of producing a product (Hormozi, 2001). The latter paradigm is therefore characterized by large quantities produced and more varieties of products than those offered by mass production (Hormozi, 2001). Fig. 2 provides a synopsis of the development of these three paradigms. With each paradigm shift in production methods, pro-active countries toward these significant changes have reaped the benefits of their market leadership (Hormozi, 2001). For example, North America and Europe’s inability to adopt Lean to compete in the 1980s cost them valuable profits and market shares in some vital industries. Examples include the automobile, metal industry, consumer electronics, and household appliances (Boyer, 2004). They have tried to beat their competitors with massive investments in automation, often generating very costly failures (Hormozi, 2001). Based on this observation, many researchers and practitioners gathered in the United States in 1991 to propose a new production method, AM (Nagel & Dove, 1991). Since 1991, many authors have taken this shift by proposing the bases of this new paradigm, or simply by admitting it (Bottani, 2009; Brown & Bessant, 2003; Goldman & Nagel, 1993; Gunasekaran, 1999; Gunasekaran & Yusuf, 2002; Hormozi, 2001; Ramasesh et al., 2001; Ren, Yusuf, & Burns, 2003; Sharifi & Zhang, 1999; Tidd & Bessant, 1997; Yusuf, Gunasekaran, Adeleye, & Sivayoganathan, 2004; Yusuf & Schmidt, 2013; Zhang & Sharifi, 2000). However, while the literature has been massively oriented toward the acceptance of a new paradigm, two articles temper this evolution. Indeed, for Vázquez-Bustelo, Avella, and Fernández (2007), AM is not fundamentally different from previous production paradigms and models. While Lean manufacturing has been perceived as an improvement of the mass production model, Vázquez-Bustelo et al (2007) argue, however, that AM breaks with the mass model due to the production of highly customized products and its focus on operational proactivity rather than reactivity. For Sarkis (2001), agility seems to be a paradigm at the meta-paradigm level. Its engagement for waste disposal. This is achieved by combining work in cross-functional teams dedicated to an activity, sharing information, and focusing on continuous improvement and quality aspects. All unnecessary tasks are eliminated, and all steps are aligned in a continuous flow of activity. This allows the design, development, and distribution of products with a minimum of human effort, tools, and overall expenses. (Sarkis, 2001)

MASS PRODUCTI ON 19th-20th Centry

2001

Agile Manifesto CRAFT PRODUCTI ON Befor 18Centry 2011

INDUSTRY 4.0 2001

END OF 20 Centry

LEAN -JIT

TOYOTA KATA

Fig. 2.  The Production Modes Development and Agility Paradigm.

1995

Scrum

2007

DevOps

12    Strategic Information System Agility

Understanding Agility Concept    13 Therefore, if the emergence of AM is above all correlated with changes in production methods, it is necessary first to characterize them quickly and then to highlight other social phenomena and their consequences in the business world. Indeed, today’s world is undergoing profound changes that need clarification and goes beyond production methods. Over recent years, fast-paced developments in information and communication technologies and their integration into supply chains have led to the advent of the fourth industrial revolution – “Industry 4.0” (Dalenogare, Benitez, Ayala, & Frank, 2018; Frank, Dalenogare, & Ayala, 2019). Business competition has increased as a result of technological innovations and evolving customer requirements. This changing transformation in business ecosystems will deeply influence operational frameworks/models and management strategies to respond and adopt the new challenges in an evolving ecosystem (Barreto, Scheunemann, Fraga, & Siqueira, 2017). Since the emergence of Industry 4.0, a growing number of enterprises have integrated new industrial revolution principles and technologies to improve their productivity and performance (Barreto, Scheunemann et al., 2017; Wagire, Rathore, & Jain, 2019). The main strength of Industry 4.0 lies in its significant impact on many aspects of society. Seen from the perspective of the typical user, the influence of Industry 4.0 is most clearly visible in the professional, domestic, and social spheres. Smart homes, smart cities and offices, and e-health systems are just a few examples of likely scenarios of how the new paradigm will transform the world (Marston, Bandyopadhyay, & Ghalsasi, 2011). Similarly, the most noticeable impact of Industry 4.0 is estimated to be in the areas of industrial manufacturing and management, supply chain, and business process management (Strange & Zucchella, 2017). In today’s competitive and fast-growing business environment (Pereira & Romero, 2017; Wu, Yue, Jin, & Yen, 2016), companies must adopt emerging technologies in their business processes and manage the increasing data flow in their value chain for efficient management. Industry 4.0 includes automated systems that enable the customization, agility, and responsiveness of manufacturing and service operations by providing data from a diverse range of devices, sensors, and tools (Deloitte, 2015; Strange & Zucchella, 2017). This leads to new capabilities in many fields, including new product design, prototyping and development, remote control, testing and diagnostics, preventive and predictive maintenance, traceability, needed health monitoring systems, planning, innovation, real-time applications, and agility (Strange & Zucchella, 2017). Industry 4.0 delivers significant business benefits, including product customization, real-time data analysis, autonomous monitoring and control, development and dynamic product design, and increased productivity (Dalenogare et al., 2018).

2.3 Production Method Trends As previously mentioned, manufacturing methods have evolved over the past 200 years. Also, the research argues that global performance is continuously changing, which requires attention and, above all, constant effort (Hormozi, 2001; Sanchez & Nagi, 2001).

14    Strategic Information System Agility While economies of scale and the permanent quest for maximum efficiency regarding production capacity constitute a rule for organizations to generate profits, this mode of production creates rigid capabilities that lead to difficulties in reconfiguring plants. This rigidity will gradually become a constraint to changing production methods, particularly in Japan with Lean. Indeed, since the early 1980s, organizations have considered the search for flexibility in production, waste disposal, time reduction, and production cycles as priorities. The economic and marketplace conditions have led to an increase in the variety of products and services required. Due to this phenomenon, markets appear, change, and disappear at an alarming rate (Goldman & Nagel, 1993). These changes need organizations to maintain productivity and cost improvement while monitoring emerging demands and being able to re-engineer the production system’s organization (McCarthy & Tsinopoulos, 2003) rapidly. Thus, production has become more than just a transformation of primary materials into marketable products. It is about a transformation of information (customer needs, design data, data production, etc.), geographical transformation (“logistics”), and availability transformation (“stock and deadline control”). Indeed, manufacturing is today the process of transforming an idea into a physical and desirable product (McCarthy & Tsinopoulos, 2003). The concept of AM is first appeared in the Lehigh University report entitled “21st Century Manufacturing Enterprise Strategy”: An Industry-Led View (Nagel & Dove, 1991), then several articles of different types (research and popularization) were published to develop the concept or accept it (Gunasekaran, 1999; Gunasekaran & Yusuf, 2002; Sharifi & Zhang, 1999; Zhang & Sharifi, 2000). In summary, manufacturing systems are complex adaptive systems, whose configurations have evolved through different modes such as artisanal production, mass production, lean manufacturing, and agile production. Fig. 3 proposes a synopsis of the changes in the various production methods and their associated characteristics.

2.3.1 Lean Manufacturing Japanese experts (Ohno, 1988) have taken the world of manufacturing by storm, as well as continuous research since the 1970s that have identified the advantages of lean manufacturing management practices (James-Moore & Gibbons, 1997). As a result, value-added production can provide managers with a way to structure their manufacturing facilities (and the organization as a whole) to become more productive and efficient (Womack et al., 1990). Its engagement for waste disposal. This is achieved by combining work in cross-functional teams dedicated to an activity, sharing information and focusing on continuous improvement and quality aspects. All unnecessary tasks are eliminated and all steps are aligned in a continuous flow of activity. This allows the design, development and distribution of products with a minimum of human effort, tools and overall expenses. (Womack et al., 1990)

Understanding Agility Concept    15

Reconfigurable

Flexible

Specialized

Comprehensive

Fig. 3.  The Evolution of Production Modes. The Lean Manufacturing has been defined by Bamber, Hides, and Sharp (2000) as a set of principles and practices that aim to eliminate all waste from the system and is based on the maximum use of resources by focusing on the reduction or elimination of waste and activities without added value in the system (Bamber, Hides et al., 2000) in a study on reducing lean meat consumption. Many manufacturing players have promoted Japanese manufacturing methods such as JIT, Kaizen, Total Quality Control, and worker incentives such as total employee participation have revolutionized the business world (Csillag, 1988; Dertouzos, Lester, & Solow, 1989; Willmott, 1994). However, Womack et al. (1990) have shown that, based on research on Japanese manufacturing firms, it is clear that the Japanese production paradigm did not happen overnight. Other researchers in the manufacturing field (Bicheno, 1994; Cheng & Podolsky, 1996; Cusumano, 1994) go so far as to assert that the gradual transition between extreme. Tayloristic mindsets in planning material requirements and inspecting buffered systems, a lean manufacturing system structured according to tasks, continuous improvement, JIT and quality assurance, and the multi-skilled worker from one production to another could have predicted. The limitations of lean manufacturing regarding adverse effects, including the lack of young workers willing to work in factories, excessive product variety, and extreme pressure on suppliers, were highlighted by Cusumano (1994). Nevertheless, Japanese experts (Ohno, 1988) have worked closely with major companies such as Toyota, acting as pioneers, to develop lean manufacturing. According to Bicheno (1994), these Japanese experts knew that the organizations should satisfy the JIT, Total Quality (TQ), and Team Involvement (TI) (Sharp, Irani, & Desai, 1999) to become a world-class factory manufacturing. The trilogy is presented in Fig. 4. Where we can see that beyond factory production, a

16    Strategic Information System Agility

THE TRILOGY LEAN

MANUFACTURING JIT

Supply

Distribution TQ

TEAMS

MANUFACTURING

COSTUMER

Fig. 4.  The Manufacturing Trilogy of JIT, TQ, and TI. lean company also requires supplier participation, distribution logistics, efficient design, and attention to service. Therefore, as shown in Fig. 4, JIT can be considered to take place mainly within the plant, and lean manufacturing pushes the boundaries regarding supply chain mechanics. According to Bicheno (1994), the objective of the JIT is to continuously eliminate waste and reduce delays at each stage, from raw material to end customer and from concept to market. On the other hand, lean manufacturing aims to design and produce products and support services that exceed customer expectations regarding quality, cost, and time. Also, Womack et al. (1990) discuss waste reduction using lean thinking as being primarily focused on the following achievable objectives: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

the use of half the space; the use of half of the investment in tools; reduce human effort by half; reduce time less than half; use less than half of the inventory; reduce the defects less than half; increase product variety; and improve customer service.

Understanding Agility Concept    17 To understand the lean production paradigm, Sharp et al. (1999) developed a list of lean production characteristics, based on a review of the lean production literature, as follows: a focus on the client’s interests; collaborate closely with suppliers in all areas; share the gains and benefits of collaboration; respect all functional and operational areas and personnel of the company and its suppliers; ⦁⦁ the skills and contributions of all people are highly rated and valued; ⦁⦁ design and manufacturing functions collaborate on an ongoing basis, in particular, to support, or promote the cause of quality, or to reflect the interests of the customer; and ⦁⦁ the development and operation of production processes are oriented toward the continuous improvement of operational efficiency and the prevention of defects. ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

2.3.2 Total Quality Management The concept of Total Quality Management (TQM) depends on the total commitment of each employee within the company and cannot be achieved through quality systems alone (Atkinson, 1990). This view prevails because quality systems traditionally focus on quality assurance and quality control rather than TQM (Bamber, Hides et al., 2000). Also, Atkinson (1990) added that while it is important to have quality systems, such as the ISO 9000 series of standards on quality management systems, it is essential not to stop there, but to continuously improve quality, beyond the requirements of the standards by creating cultural change. Continuous improvement and culture are therefore defined in TQM’s literature as the key to organizational success. There are diverging views on what constitutes a TQM organization, for example Crosby (1979) defines the four pillars on which a quality program is based, management involvement, professional quality management, original programs, and recognition, while McNally (1993) has defined in more detail a framework, shown in Fig. 5, that includes a more rigorous vision of TQM than Crosby definition. DeToro and Teener (1992) state in their QM model that leadership, quality, policy, communication, recognition, measurement, education, training, and

Fig. 5.  A Model of a TQM System Source.

18    Strategic Information System Agility support structure are key elements of QM. The model also incorporates the concept of three total quality principles: total participation, process improvement, and customer focus, which are universally recognized as catalysts for TQM and are discussed in the literature (Crosby, 1979; Deming, 2000; Ishikawa, 1985; Juran, 1986; Xiao, Ford, & Feigenbaum, 2013). Fig. 5 provides a quality management framework that requires responsible managers and effective leadership, values, attitudes, and behaviors that support quality policy, communication, teamwork, recognition, internships, and training to implement quality management.

2.4 Agile Management Paradigm Evolution In their paper, Rattner and Reid (1994) present increased global competition as the main reason for developing a new approach to production management that integrates agility into work processes. Therefore, in 1969, Skinner (1969) led the way by considering that a manufacturing strategy should be the primary driver of a competitive business strategy and that it was the missing link in the business improvement efforts of many organizations. Beyond the perceived underlying trend of change, the emergence of a new business era has given way to the emergence of a new commercial era.

2.4.1 Change Management Change management has already mentioned as necessary for organizations to remain competitive. Ho (1999b) Argues that a change in an organization would lead to a change in organizational culture in the long term. A typical example is a leading organization, where people are enthusiastic about trying new ideas and recognize that failure is an essential part of success. The traditional process of strategic change that can be summarized in five key steps (Ho, 1999b) and illustrated in Fig. 6 shows the previous relationships of deploying the vision of an organization, whose mission is the vehicle for behavior and changing actions to cultural development in the organization. Fig. 6 presents a new paradigm suggested in a later publication by Ho (1999a), which provides the same elements in the process of cultural change, but the elementary precedents are different, that is, action now becomes the starting point for cultural change. In the same way as this proposed new paradigm for strategic change management, the work of Peters and Waterman (1984) has learned from more than 46 successful companies that most of them choose “action” as the first step in their quest for excellence. The new idea advocated by Ho (1999a), illustrated in Fig. 7, is that action leads to a change in employee’s behavior and a change in culture follows.

Vision

Mission

Behavior

Fig. 6.  The First Strategic Change Process.

Action

Culture

Understanding Agility Concept    19

Action

Behavior

Mission

Vision

Culture

Fig. 7.  The Second Strategic Change Process. This results from the leadership process, and as Revans (1983) said: “There is no learning without action and no action without learning.” This could provide the argument that learning and change are synonymous. Ho (1999b) discusses in more detail that if learning has been successful, organizational behavior will be taken to a dynamic and challenging level, which will give the organization a culture of continuous improvement. The concept of continuous improvement is an example of what strategy theorists have called “dynamic capacity” (Teece & Pisano, 1994). In their paper, Tidd and Bessant (1997) suggest that dynamic capacity through continuous improvement (the advantage of innovation) over price alone is no longer a viable strategy for most companies and, therefore, Meredith and Francis (2000) have suggested that “competitive advantage is increasingly based on a dynamic ability to be competitive, in an environment of frequent difficult, and often unpredictable change.” Also, have a capacity to learning provides mechanisms for a high organizational proportion, participates in its innovation, and adapts to processes supporting competitiveness. Numerous authors consider the ability and capacity of an organization to successfully foster and manage change through innovation and continuous learning to be a significant strategic advantage. For example, Bessant and Francis (1999) explained that when a large proportion of an organization engages in learning and innovation processes: Its strategic advantage is essential as a group of behavioral routines - but this also explains why it offers a considerable competitive potential, because these behavioral patterns take time to learn and institutionalize, and are difficult to copy or transfer. Also, Sharp et al. (1999) and Castka et al. (1991) discussed participation in the change process as a factor in reducing resistance to change and improvement, indicating a strong link between learning and innovation participation and successful organizational change. Rattner and Reid (1994) presented the development of increased global competition as the primary responsibility for developing a new production management approach that integrates agility into work processes (Rattner & Reid, 1994). Therefore, Skinner (1969) had already led the way in 1969 by considering that a manufacturing strategy should be the primary driver of a competitive business strategy and that it was the missing link in the business improvement efforts of many organizations. As mentioned in the previous paragraph, the underlying trend toward perceived change has laid the foundations for the emergence of a new commercial era beyond traditional sectors such as mass production, worldclass manufacturing principles, and lean manufacturing.

20    Strategic Information System Agility A new manufacturing paradigm, known as “agility,” was described in a report published by the Iacocca Institute at Lehigh University in 1991 “21 Century Manufacturing Enterprise Strategy: An industry-led perspective” (Nagel, 1992). The purpose of the twenty-first century Enterprise Manufacturing Strategy Report was to identify the american industry’s needs in terms of restoring manufacturing competitiveness. It concluded that the gradual improvement of current production systems in 1991 would not be sufficient to become competitive in the current global market (Nagel, 1992). Based on this early concept of agility, Lehigh University has led the way in developing the AM paradigm through research, focus groups, and industrial collaboration (Dove, 1995). The Agility Forum’s work, initially focused on agility, has evolved as follows the early developments of agility as a concept and has contributed significantly to AM theory (Kidd, 1996). Being agile means mastering change – and allowing an organization to do whatever it wants to do whenever it wants. The agility is dynamic, contextually appropriate, aggressively changing, and growth-oriented (Dove, 2002). It is not a question of improving efficiency, reducing costs, or blocking the company’s hatches to overcome the fierce storms of competition. The challenge is to succeed and win profits, the market share, and customers at the very heart of the competitive storms that many companies are worried today (Goldman & Nagel, 1993). Agility is the organization ability to respond quickly and effectively to unforeseen opportunities and develop proactive solutions to potential needs. They result from the fact that an organization’s and/or its members cooperate in the interest of the individual, the organization, and their clients (Nelson & Harvey, 1995). Kidd defines Agility as the capacity to prosper and thrive in a competitive environment characterized by continuous and unpredicted change, to react quickly to rapidly changing markets through customer-focused product and/or service evaluation. The upcoming business system will replace today’s mass production companies (Kidd, 1996). These definitions describe agility in terms of results; therefore, do not precisely define agility or how it can be implemented, although the work of the American Forum on Agility has done much to provide operationalized features of agility. According to research conducted by the Agility Forum, “AM” is defined as the ability to thrive in a competitive environment characterized by continuous and unexpected changes to respond quickly to rapidly changing markets with customer-specific products and services (Dove, 2002). Consequently, underlying agility is the ability to adapt or reconfigure quickly in response to changes in the business environment, which involves controlling change as described by the Agile Forum (Goldman & Nagel, 1993); or the ability to change as described in a publication by Kidd (1996) to manage significant uncertainties and unpredictable events. Therefore, researchers at Lehigh University (Sarkis, 2001) have expressed AM as having four main underlying dimensions of ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

a form of change management and uncertainty (an entrepreneurial organization); enrich customers, products, and solutions (provide global solutions); capitalize on people through knowledge and information; and co-operate to improve competitiveness – virtual partnerships (collaboration).

Understanding Agility Concept    21 2.4.2 Change and Uncertainty Mastering in the Entrepreneurial Organization Agile competitiveness requires the ability to thrive on change, unpredictability, and uncertainty. Companies with traditional hierarchical and bureaucratic structures with command and control management were seen as unable to respond quickly to the needs of a changing environment. Many experts argue that for an agile enterprise, the structure should work as flat as possible to be dynamic, progress toward agility and thereby control change and unpredictability. Organizations must learn how quickly mobilize their people by adopting a flatter and more entrepreneurial organizational strategy. To achieve this, people must have broader responsibilities than a traditional line organization and have the authority and empowerment needed to respond to clients’ changing needs. An agile approach to manufacturing faces the reality of a dynamic business environment, where customers and markets are increasingly fragmented and specialized. Companies evolving in turbulent markets have developed an inherent and agile capacity, particularly in the design of manufacturing processes, using rapid prototyping and simultaneous engineering techniques. Therefore, Dove (1995) has demonstrated that rapid prototyping can be used in some cases to provide a strategic competitive advantage, by winning market share through the capacity to reduce at least 75% of the design-to-market time.

2.4.3 Work on Agility The research on agility produced by the Iacocca Institute (Dove, 1995) and subsequently produced and tested an infrastructure framework for AM has continued to develop. This framework was developed from a set of competitive foundations and common characteristics, system elements, and enabling subsystems for agility, which were developed based on industry-led research. These are represented in Fig. 8 as infrastructure for and have been the subject of much research and improvement within the industry (Dove, 1995; Goldman & Nagel, 1993). As illustrated in Fig. 8, the Agility Forum developed the theory of agility in a framework that incorporates concepts from many disciplines into a coherent set of business elements. In her review of these elements of the company, Termini (1996) suggests that they contribute to the core competencies of the: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

appropriate and consistent technological innovation; ability to proactively identify market opportunities; ability to develop and maintain a diverse and educated workforce; enhancement of communication and data processing networks; capacity to provide low-cost and customized market products; and capacity to provide market-oriented products.

In their paper, Hooper and Steeple (1997) draw the structure of AM and its interrelationship with other manufacturing methodologies and, like Fig. 8 of the Agility Forum framework, suggest that AM should be considered as a general expression

22    Strategic Information System Agility

Fig. 8.  Agile Entreprise. that encompasses the integration of several diverse systems, technologies, and philosophies. The structure of AM is a customer-focused manufacturing model and is broadly similar to the TQM; however, the concept of virtual enterprises and decentralized organization are elements. In their paper (Hooper & Steeple, 1997), researchers provide a model structure, for agile enterprise Fig. 9, which seems insufficient as a framework for entrepreneurial activity since the search for opportunities in new markets is not represented. However, it is taken into account in the model of the agility, Fig. 8 as involved enabling subsystems. For an organization, continuous awareness of the operating environment is required to assess the business’s potential risk, as demonstrated by the agile business framework illustrated by Dove (1995) and presented in Fig. 9. In this context, Meredith and Francis (2000) discussed the need for a thorough environmental scan, which organizations need to identify market opportunities. According to Kidd (1996), the fundamental resource of an agile enterprise is “knowledge” and, like the main dimension of the agility of the American agile forum, the “mobilization of human resources through knowledge and information,” he suggests, if people and knowledge are exploited.

Understanding Agility Concept    23 Customer wants and needs

Supplier

Flexible Human Resource Flexible Manufacturing systems

Core Business

Decentralization Organization

Virtual Companies

Competitors

Customer Solutions

Fig. 9.  AM Structure. The resulting agility offers a competitive advantage, responding quickly to market changes while exploiting a fundamental resource: knowledge. It is necessary to bring people together in dynamic teams formed according to clearly focused market opportunities to take advantage of each other’s knowledge. Through this process, we seek to transform knowledge into new goods and services. (Kidd, 1996) In its report, Kidd (1996) suggested that AM can be considered as the integration organization, highly qualified, and knowledgeable personnel and advanced technologies to achieve cooperation and innovation in response to the need to provide customers with high quality customized products. This concept is central to his book “Agile Manufacturing: Forging New Frontiers” and is illustrated in Fig. 10. Therefore (Kidd, 1995), each organization must develop a methodology to integrate the organization, staff, and technology to enable these three primary resources to adapt through a coordinated and interdependent system. Fig. 11 shows the structure of an AM Enterprise. A new manufacturing paradigm, known as “agility,” has been proposed as a winning concept through which companies maintain their competitive advantage into this new era. Agility concept includes two factors:

24    Strategic Information System Agility

Fig. 10.  The Structure of an AM Enterprise.

Lean Craft

Agile

Mass

Past

Present

Future

Fig. 11.  A Progression of Manufacturing Paradigms. ⦁⦁ respond to changes (planned or unexpected) in an appropriate and timely man-

ner and

⦁⦁ leverage change as an opportunity.

Understanding Agility Concept    25

Agility

Lean

Craft Skills

Fig. 12.  Common Attributes and Skills. There are many unities between lean and agility, such as the effective best practice use of tools and techniques, to improve the company’s effectiveness and efficiency, as shown in Fig. 12. Initially, agility focuses on economies of scope rather than economies of scale (Dove, 2002). Lean operations are generally associated with the efficient use of resources. The concept expresses an effective response to a changing environment while being productive. Agile organizations are not just able to implement changes, but also react to premeditate and unforeseen environmental events in just time.

2.4.4 Agile Continuous Delivery Methods 2.4.4.1 Scrum.  Throughout the 1980s and 1990s, the fast-moving and highly competitive world of new commercial product development is essential, as is speed and agility. Companies are increasingly aware that the old sequential approach to new product development is simply inefficient. In contrast, companies in Japan and the United States use a holistic rugby-inspired method, where the ball is passed into the team as it moves up the pitch (Imai, Nonaka, & Takeuchi, 1984; Pittman & Russell, 1998). The research focus started to be attracted by the recognition that there was a new product development game (Takeuchi & Nonaka, 1986) that focused on a more flexible and iterative approach to thinking. The increased use of the Internet in the early 2000s simply increased the pressure for rapid time-to-market, which acted as a further catalyst for a revision of the orientation of alliterative and incremental development with agility. In 1995, Beck and Boehm (2003) presented Scrum for the first time at the OOPSLA conference in Austin, Texas. They were struggling with the status quo in software development, particularly with regard to waterfall project management approaches. At that time, the projects and companies they were involved in were failing and due to the pressure, they felt compelled to move in a different direction. Meanwhile, lean management and control of empirical processes as well as iterative and progressive development practices were beginning to emerge. Influenced by this emergence, the works of Takeuchi and Babatunde Ogunnaike, which described the key elements of success in new product development (self-organized

26    Strategic Information System Agility project teams, overlapping development phases, multiple learning, and transfer of learning) and referred to the game of rugby when they summarized it as “moving the Scrum downfield” Ken and Jeff accordingly labeled their approach “Scrum.” Therefore, Ken and Jeff named their approach “Scrum.” (Maximini, Maximini, & Rauscher, 2018). In 2001, the first book on Scrum entitled “Agile Software Development with Scrum” was published, followed by “Agile Project Management with Scrum” in 2004, which outlines the ideas in more detail. In 2011, as Scrum co-creators, Ken and Jeff are writing and publishing the Scrum Guide. Since then, this 16-page document has become the official guide to Scrum (Maximini et al., 2018). 2.4.4.2 Agile Manifesto.  In 2001, the Agile Manifesto was created by 17 of the world’s leading software development thinkers. Their vision was to establish a set of values and principles lightweight against cumbersome software development processes such as Cascade Development and methodologies as Rational Unified Process. One of the main objectives was to “deliver functional software at regular intervals, ranging from two weeks to two months, favoring the shortest possible lead time,” emphasizing the need for small batch sizes, progressive releases rather than large cascade releases. Other principles highlighted the need to have small, motivated teams working in a high-confidence management framework. Agility is credited with dramatically improving productivity of many development organizations (Maximini et al., 2018). 2.4.4.3 DevOps.  In 2009, at the O’Reilly Velocity Conference, two Flickr employees, John Allspaw, Senior Vice President of Technical Operations, and Paul Hammond, Director of Engineering, delivered a now-famous presentation entitled “10+ Deploys per Day: Co-operation between Developers and Flickr Operations” (Ebert, Gallardo, Hernantes, & Serrano, 2016; Maximini et al., 2018). They emphasis how they created common goals between Dev and Ops and used ongoing integration practices to integrate deployment as part of everyone’s daily work. Later, at 2009 the first DevOpsDays was organized in Ghent, Belgium. There the term “DevOps” was coined. Based on the development discipline of continuous build, test, and integration, Jez Humble and David Farley (2016) have extended the concept to continuous delivery, which defines the role of a “deployment pipeline” to ensure that code and infrastructure are always in a deployable state, and that all code stored in the trunk can be safely deployed into production (Read, Report, and Takeaways). DevOps also extends and develops the practices of the infrastructure as code, which work of Operations is automated and treated as application code, consequently that modern development practices can be applied to the entire development workflow. This further enables a rapid deployment workflow, including continuous integration (Jacobson, Booch, Rumbaugh, 1999) continuous delivery (Humble & Farley, 2010) and continuous deployment. 2.4.4.4 Toyota Kata.  In 2009, Mike Rother authored “Toyota Kata”: Managing People for Improvement, Adaptiveness and Superior Results book, which summarizes his 20 years of experience to understand and codify the Toyota production system (Rother, 2009). Rother concluded that the Lean community lacking the most significant practice of all, which he named the improvement kata. According to Rother, every organization has work routines, and that improvement

Understanding Agility Concept    27 kata requires the creation of a structure for the quotidian and habitual practice of enhancement work, because it is the daily practice that improves results. The continuous cycle of establishing target future states, setting weekly goals and improving daily work is what has driven Toyota’s improvement (Soltero & Boutier, 2017).

Summary Today, changes are faster than ever. Turbulence and uncertainty in the business environment have become the primary cause of manufacturing industry failures (Small & Downey, 1996). The perception of a need for change to initiate the emergence toward a new commercial era goes beyond traditional sectors (mass production and lean manufacturing) (Dove, 1991). A new manufacturing paradigm, known as “agility,” has been proposed as a strategy to maintain a competitive advantage in this era. The paradigm expresses the organization’s ability to cope with crisis times, unexpected changes, survive to modern environmental threats, and take advantage of change as opportunities (Goldman et al., 1995). The concept of agility has emerged from the flexibility and lean manufacturing (Dove, 2002; Kidd, 1995) and was adopted by software organizations in the form of agile system development (Aoyama, 1998; Beck et al., 2001). Until emerging as a key function of information systems. Industry 4.0 is an inevitable revolution covering a wide range of innovative technologies such as cyber-physical systems, Radio Frequency IDentification (RFID) technologies, IoT, cloud computing, big data analytics, and advanced robotics. The Industry 4.0 paradigm is transforming business in many industries; for example automotive, logistics, aerospace, defense, and energy sectors. A growing amount of academic research is focusing on Industry 4.0 technologies and implementation issues (Frank, Dalenogare, & Ayala, 2019; Ghobakhloo, 2018). Industry 4.0 enables real-time planning and control, allowing companies to be flexible and agile in responding to rapidly changing conditions; for example reducing planning cycles and frozen periods by faster reacting to changes in demand, supply, and prices (Oztemel & Gursev, 2020). Business analytics approaches provide the capability of predicting future events and patterns such as customer behavior, delivery time, and manufacturing output. Real-time delivery routing and tracking also enables organization’s flexibility, efficiency, and agility (Barreto, Amaral, & Pereira, 2017; Cui, Kara, & Chan, 2020). In Chapter 3, we discuss the development of information systems until introducing the agility concept.

This page intentionally left blank

Chapter 3

Information System Evolution Abstract This chapter presents an analysis illustrating the evolution of information systems’ development based on three interdependent phases. In the first period, information systems were mainly considered as a strictly technical discipline. Information technology (IT) was used to automate manual processes; each application was treated as a separate entity with the overall objective of leveraging IT to increase productivity and efficiency, primarily in an organizational context. Secondly, the introduction of networking capabilities and personal computers (instead of fictitious terminals) has laid the foundations for a new and broader use of information technologies while paving the way for a transition from technology to its actual use. During the second phase, typical applications were intended to support professional work, while many systems became highly integrated. The most significant change introduced during the third era was the World Wide Web, which transcended the boundaries of the Internet and the conventional limits of IT use. Since then, applications have become an integral part of business strategies while creating new opportunities for alliances and collaborations. Across organizational and national boundaries, this step saw a transformation of IT in the background. These new ready-to-use applications are designed to help end-users in their daily activities. The end-user experience has become an essential design factor.

3.1 Introduction First generation information systems were mainly considered as a strictly technical discipline. To automate existing manual processes, each application is considered a separate entity, and its use aims to increase organizational productivity and efficiency. As a result, the primary efforts of IT professionals have been to develop new methods for modeling organizational information; hence, database management was the “killer application” (Chen, 1976; Halpin, 2001). Also, the possibility of networking and advent of personal computers (instead of terminals) has provided the cornerstone for a new and broader use of information technology (IT), which Strategic Information System Agility: From Theory to Practices, 29–66 Copyright © 2021 by Emerald Publishing Limited All rights of reproduction in any form reserved doi:10.1108/978-1-80043-810-120211004

30    Strategic Information System Agility promotes a transition in the use of technology and its use. However, the second phase’s conceptual challenge was to manage the information rather than merely collect it and store it in a central database. (Aiken, Liu Sheng, & Vogel, 1991; Batra, Hoffer, & Bostrom, 1988; Dennis, George, Jessup, Nunamaker, Jr, & Vogel, 1988; Drucker, 1995; Gallupe, DeSanctis, & Dickson, 1988; Olson, 1985; Zwass, 1992). The designation of the services reflected this commitment to support management rather than office work: most IT services became management services and were coordinated by IT system managers (Couger, Zawacki, & Oppermann, 1979). However, during this period, the most of Information System (IS) activities focused primarily on data management, with little attention to information management needs (Goodhue, Quillard, & Rockart, 1988; Senn, 1978). Since the 1980s to the early 1990s, research has focused more on identifying relevant IT applications, which has led to new applications, supported through generic system types, in data processing systems and management information system (MIS). CIOs realized that it is possible to effectively leverage the advanced information content of MIS applications in support of top management’s decision-making processes. Thus, during the second phase, a new concept was developed, including decision support systems (Kasper, 1996), expert systems (Yoon, Guimaraes, & O’Neal, 1995), data warehousing (Chenoweth, Corral, & Demirkan, 2006), intelligent system (Gregor & Benbasat, 1999), knowledge management systems (Alavi & Leidner, 2001), and executive information systems (Walls, Widmeyer, & El Sawy, 1992). The management services were renamed information systems’ services. The primary objective of which was to make information accessible to all departments of the organization. Issues of inter-connectivity, scalability, and reliability of the information system have become essential. Also, enterprise resource planning (ERP) software is emerging with an exponential increase in installations in large organizations (Beatty & Smith, 1987; Hayes, Hunton, & Reck, 2001; Scheer & Habermann, 2000; Sharif, Irani, & Love, 2005). In the third phase, the most critical change introduced was the emergence of global networks and the World Wide Web, which have overcome the traditional limitations of IT use. Since then, applications have become an integral part of business strategies and created new opportunities to develop alliances and collaborations beyond organizational and national boundaries (Lyytinen & Rose, 2003; Walters, 2001). Many researchers perceive Internet computing as a significant computer revolution that has changed previous computer concepts (Isakowitz, Stohr, & Balasubramanian, 1995), in different ways, mainly how a computer service is developed and compiled. A new concept marked this phase: the “digital enterprise” (Bauer, Poirier, Lapide, & Bermudez, 2001). The Internet has enabled new digital relationships to be established through inter-organizational systems, taking advantage of e-commerce and e-business trends (Allen, 2003; Daniel & White, 2005; Shore, 2006), electronic markets (Albrecht, Dean, & Hansen, 2005; Bakos et al., 2005), new application services and Customer Relationship Management (CRM), other services (Currie, Mcconnell, Parr, McClean, & Khan, 2014; Ma, Pearson, & Tadisina, 2005; Susarla, Barua, & Whinston, 2006). The Internet has allowed the emergence of new

Information System Evolution    31 business models that support organizational operations based on the degree of digitization of their products, or services sold, their business processes or the delivery agent (Oetzel, 2004; Turban, 2007). Meanwhile, organizations have become aware of the strategic importance of information systems. While some initially considered IT as “necessary evil,” IT had emerged as a necessary part of staying in business, and most companies see it as an essential source of strategic opportunities, proactively trying to determine in what way it can help them gain a competitive advantage. Strategic information systems have been developed to support strategy formulation and planning, particularly in uncertain and highly competitive environments (Buhalis, 2004; Newkirk & Lederer, 2006). The third phase marks the technological development in terms of miniaturization of the devices and increasing processing capacity, which ultimately allowed them to be commercially exploited in line with their functions. The manifestation of IT devices in physical space makes it possible to offer new applications and services that target a much larger and more diverse group of users. Traditionally, users had to be trained in the functionalities of the information system. This training process could be supplemented either formally or through repeated trial and error. The Vision of “everyday computing” requires that information technologies can be used, literally, by everyone, regardless of their knowledge and experience in computing. Wireless sensors can detect and process information about the individual and trigger the system response based on certain dynamic or predefined events. User-system interactions are extended beyond the desktop concept. Environmentally driven technologies (Hand-gesture recognition) (Alewine, Ruback, & Deligne, 2004; Sawhney & Schmandt, 2000) encourage more realistic communication with the new IS class. Fig. 13 illustrates the evolution of information systems.

Fig. 13.  The Evolution of Information Systems.

32    Strategic Information System Agility

3.2 Information System Definition and Objective Nowadays, organizations are more open to the outside world than ever before, forcing managers to seek the adequacy and coherence between external and internal factors and the content of the company’s strategy. As such, information is the nerve center of war and development. The need to collect, process, and diffuse information, the need for increased coordination of activities inside and between companies, are emerging sources of competitive advantage. Fig. 14 illustrates the systemic view of the company and the environment. The information system must address these needs through new information technologies and the implementation of knowledge management systems (KMS) appropriate to the technologies acquired to put external knowledge to the benefit of the company and facilitate the internal distribution of knowledge (Galliers, 2006). ICT-based

Competitiveness

Politics

Technologies

Demand-

Groupings of Interests

Customers Others

INFORMATION

Partners Supplier

Banks Third-Party

• Monitoring and decision-making information system. • Piloting information system • operational information system

Projectteams

Fig. 14.  Systemic View of the Company and the Environment. Source: Galliers (2006).

Information System Evolution    33 KMSs accelerate information flows, remove non-value-added tasks, enhance process reliability and quality, support tacit and explicit knowledge, promote knowledge sharing across the organization, and facilitate decision-making (Halawi, Aronson, & McCarthy, 2005; Wickramasinghe, 2003). However, new information technologies do not always guarantee the efficiency of modern information systems, which require new critical success factors. Thus, the continuous and coherent evolution of information systems constitutes the major problem facing companies. Organizations are confronted with some issues, including the integration, interoperability, and agility of information systems in the context of their company strategy to ensure evolution in correlation with unpredictable internal and external changes.

3.3 Information System Concept Regardless of its size, purpose, or means, any human organization has an information system to support its internal activities and its exchanges with the outside world, as shown in Fig. 15. Today, the information system is at the heart of the functioning of any organization. It reflects its image through the data it handles, and its efficiency determines its performance. In this way, information systems are associated with the notion of organization. The Information System is the company’s nervous system. As such, it is at the heart of its processes and an essential element of its strategy. On the other hand, the term system indicates that it is a set of interacting elements and not a simple combination of its elements. In this context, Enterprise Information Systems constitute as an interactive set of all informational situations. Even more, the complex interplay of all the exchanges of information necessary for the proper functioning of the company. It is at the heart of the quest for competitive advantage not only in terms of improving the way the company operates and is a tool for serving its users and serving its strategy, where information is considered the vital raw material for its operations. In a company, the information system constitutes a network of dynamic and logical links that support the interactions between the organization’s different elements. People (Users and specialists) Data (Knowledge, models) Materials (Support, Machines)

Information acquisition

Information Systems

Procedures and Softwares (Programs and methods)

Fig. 15.  Information System Structure.

Information storage Information processing Information sharing

34    Strategic Information System Agility Rather than being wiring that passes data between different locations, the information system represents an effective way of connecting people. It capitalizes collective knowledge, actively structures the organization and management, and ensures the availability of relevant information where and when it is needed while ensuring the company’s responsiveness and its communication with the environment (markets, partners, etc.). The objective of the information system is to allow the decision-maker to have information that will enable them to decide a suitable action at the right time (Dove, 1995; van Grembergen & De Haes, 2009a; Zhang & Sharifi, 2000). There are various definitions related to the information system: an information system consists, at least, of a person of a given psychological type who faces a problem in an organized context for which he needs evidence to arrive at a solution, where a presentation method makes the proof available. It determines the main variables of a MIS (Mason & Mitroff, 1973). According to Dove (1995), Van Grembergen and De Haes (2009a), and Zhang and Sharifi (2000), an Information system is an organized set of resources: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

People: users and developers, Data: knowledge and models, Equipment: computer machines and supports, and Software and procedures: data-processing programs, allowing to execute the following functions: acquisition, processing, storage, and communication of information in various forms in an organization.

Information systems are systematically defined as follows: According to Dove (1995), a company information system can be perceived as the company’s subsystem, hence a system that embraces all components with informational-type interactions. The purpose of this database is to provide the information necessary for the company’s operations at various levels. Based on Bernard & Le Moigne (1978), an organization is defined as the composition of three types of systems as shown in Fig. 16. The operating system responds to daily events, coming from the environment, according to defined rules. It is responsible for transforming primary resources or flows (Input Variables) of financial, personnel, material, or information types into finished products or services (output variables). The decision-making or piloting system allows the initiation of the decisionmaking process while defining the objectives, the evaluation criteria, and the management rules in advance. It manages the company and stays focused on his goals. The information system interconnects the two previous systems while acting as a coupler. It is the party responsible for collecting, processing, storing, and disseminating information. This can be seen as a representation of the operating system’s activity and/or the control system. For this IT system view, the typology of information systems is based on the primary purpose: information systems supporting operations (transaction processing, industrial process control, etc.) and MISs supporting management (assistance with report production, decision support, etc.) (Dove, 1995; van Grembergen & De Haes, 2009a).

Information System Evolution    35

information to be memorized

Decision information to be memorized

Information Systems Representation of information Information to be memorized

Information saved

Decision information

Representation of information

Decision-making system

Operating System

Fig. 16.  A Systemic View of an IS.

3.4 Concepts of Enterprise Application An Enterprise Information System (EIS) can contain a multitude of computer applications. An enterprise application is a set of programs, or software, articulated between them, and used to automate or assist information processing tasks in a particular area within the company (Imache, Izza, & Ahmed-Nacer, 2012; Walls et al., 1992). According to Hasselbring (2000), the main characteristics of an application are: ⦁⦁ The application components it contains, which represent the coherency of the

application’s sub-assemblies (modules or software).

⦁⦁ The application field(s) (context of use) defines either structurally (a workstation,

a department) or functionally (a management function: maintenance, orders).

⦁⦁ Functionality that refers to a set of tasks supported by the application. ⦁⦁ The data processing means the various forms of information used and pro-

duced by the application – the different human resources, software, and hardware used by the application. Fig. 17 presents a summary of these characteristics, using the UML notation.

3.5 Features of Enterprise Applications The critical characteristics of enterprise applications are autonomy, distribution, and heterogeneity (Hasselbring, 2000; Roman et al., 2005).

36    Strategic Information System Agility Enterprise application Resource

1

* *

*

Human Resources

Application Component

* provides

Software Resources

*

Functionality

manipulates

*

Hardware Resource

context

Decomposes

Manipulation

*

Data

Fig. 17.  Concept of Application.

Proxy servicess

Distribution

common models, structures, standards, wrappers

Heterogeneity Fig. 18.  Dimensions of Enterprise Applications. The three attributes are mutually perpendicular to each other in the sense that they constitute the application’s independent dimensions. Each of these characteristics can create specific problems to make different applications work together. The objective is to manage these dimensions in order to increase the capacity of applications. To these three dimensions, some authors such as Hasselbring (2000) have added another dimension called dynamism, because applications can evolve according to the evolutions and changes that occur in place in their environment, as shown in Fig. 18.

3.6 Autonomy An organizational application is autonomous, when it is possible to design and execute it independently. In the context of databases, Hasselbring (2000) proposes a classification of autonomy notion by defining several aspects of this concept:

Information System Evolution    37 ⦁⦁ Design autonomy means that an application is independent of other

applications in its intrinsic design (its data model, its processing model, etc.).

⦁⦁ Autonomy of communication means that an application can locally choose

with which applications it can communicate.

⦁⦁ Runtime autonomy means the independence of the application to manage

interactions with its external environment. The level of autonomy depends on the organizational changes implemented to this end.

3.7 Distribution The second characteristic of enterprise applications is the distribution, which refers to the fact that applications are often physically distributed over the enterprise network. This is achieved by distributing the data and/or processing in such a way that specific data and/or processing in the information system can be implemented at the local level. Among the techniques most often used to enable application, distribution is based on the implementation of middleware such as CORBA (Group, 1997), Java/RMI (Newcomer, 2002; Vaughan-Nichols, 2002), and MOM (Hohpe & Woolf, 2004).

3.8 Heterogeneity The heterogeneity is an aspect inherent in the fact that enterprise applications can be developed and deployed independently and according to different approaches and methodologies. There are several reasons why heterogeneity can occur at different levels, and three primary levels of heterogeneity can be distinguished (Wiederhold, 1992): ⦁⦁ Technological heterogeneity which corresponds to the differences present in

the necessary hardware and software used.

⦁⦁ Heterogeneity at the hardware level includes differences related to computers

and networks used.

⦁⦁ Basic software heterogeneity (platform heterogeneity) includes differences

associated with operating systems, database management systems, execution platforms, etc. ⦁⦁ Syntactic heterogeneity refers to the differences in data formats and application interfaces, the signature of functions that can be resolved by syntactic transformations. This heterogeneity expresses the fact that the symbolic name of a concept can be interpreted differently according to the applications considered. These semantic conflicts occur mainly when (1) the same symbolic name covers different concepts (in this case homonymy) or (2) several symbolic names cover the same concept (and in this case synonymy). Semantic problems are a fact in any company. Also, it becomes vital that these conflicts are identified and resolved as soon as possible, preferably during the upstream phases of the project. Many authors (Hasselbring, 2000; Roman et al., 2005) admit that the heterogeneity of applications is the real challenge in the field of integration.

38    Strategic Information System Agility

3.9 Dynamism The dynamism of enterprise applications is another feature introduced by Sarkis (2001). Indeed, as current information systems are open and exposed to frequent changes in response to strategic, commercial, or technological changes affecting the company, the applications of these systems should evolve dynamically to cope with these changes. Dynamism is a dimension that generally manifested in two ways: ⦁⦁ The first aspect concerns the dynamism in the behavior that an application can

display autonomously according to its internal configuration.

⦁⦁ The second aspect concerns the changes that can occur within the application

components of an application, such as the modification of specific components, the arrival of new components, the deletion of specific components considered obsolete, and the temporary lack of some components and the substitution of some components.

3.10 EIS and Company Strategy The information system must be and remain an element that enables the company to carry out and succeed in its strategy while respecting the security, integrity, accuracy, and traceability of data and information. Thus, to make the IS a strategic tool for achieving its strategy, it must be adequately supported by a backbone that corresponds to this strategy. Before explaining the relationship between the information system and the company’s strategy, we begin by defining the notion of strategy and alignment: – What is an information system strategy? – An information system strategy should define a target information system, its priorities, steps, and means necessary for its implementation, as shown in Fig. 19. What company know to do ?

What company can do?

Strategy

Objectives

+

Orientation

+

Resources

Fig. 19.  What is the Strategy?

Information System Evolution    39 What is the organizational strategy? Elaborating on the company’s strategy means choosing the areas of activity, in which the company intends to be present and allocating resources to maintain and develop in them. The strategy is divided into two levels: the group strategy that determines the company’s business areas and the competitive strategy that is implemented in each of these business areas (Bruce, 1998; Conboy & Fitzgerald, 2004; Imache et al., 2012; Sharifi & Zhang, 1999). – What does IS strategic alignment mean? The expression “strategic IT alignment” means first that the IT corresponds to the company’s strategy and that it provides the company’s employees with the tools and means necessary for its implementation. According to Goldman and Nagel (1993), IT alignment is a managerial practice that aims to understand better, create, and strengthen the convergences and synchronizations of the information system with the company’s objectives, trajectories, rhythms, and operations. Also, according to Anthony Byrd, Lewis, and Bryan (2006), strategic alignment is an approach to aligning the information system strategy with the company’s business strategy(s). The objective of this approach is to reinforce the use value of the information system and to make it an advantage for the company. – What does IS strategic alignment mean? The expression “strategic IT alignment” means first of all that the IT corresponds to the company’s strategy and that it provides the company’s employees with the tools and means necessary for its implementation. According to Goldman and Nagel (1993), IT alignment is a managerial practice that aims to understand better, create, and strengthen the convergences and synchronizations of the information system with the company’s objectives, trajectories, rhythms, and operations. According to Anthony Byrd et al. (2006), a strategic alignment is an approach to aligning the information system strategy with the company’s business strategy(s). This approach aims to reinforce the use-value of the information system and make it an advantage for the company. The fundamental challenge of strategic alignment is to make the information system an asset in the service of the company’s strategy. The information system creates value and is a source of competitive advantage, provided that it is aligned with business needs through strategic alignment. The notion of strategic alignment is not specific to the information system: all the company’s businesses and functions must be aligned with the company’s strategy. The relationship between the IS and strategy is described by IS ability to draw strategy’s consequences (Xiaoying, Qianqian, & Dezhi, 2008). However, for this to work, the strategy must be explicit. It is not enough to define an IS to say that you would like to do something: you have to specify how you intend to do it. It should be noted that reflection on the IS contributes to the quality of strategic expression, and this results in initial feedback from the IS on the strategy itself. That we have defined, implemented, and aligned the IS with the strategy, including feedback. The process does not stop there, because the implementation of the IS often opens up strategic opportunities for the company that did not

40    Strategic Information System Agility exist before. It then appears that the IS, first placed at the service of an existing positioning, then modifies the scope of what is possible and opens the prospect of a new positioning for managers. The IS has become a new type of asset, and information asset that the company can value under the same profitability constraint as its other assets. An information system is generally considered a simple support resource for strategy, whereas it can be a strategic weapon capable of giving a sustainable competitive advantage to the organization successfully exploiting it (Kumar & Stylianou, 2014; Swafford, Ghosh, & Murthy, 2008).

3.11 Enterprise Information Systems’ Complexity Over the past 70 years, information technologies have rapidly evolved and revolutionized the company’s tools (high-level programming languages, databases, integrated software packages, Internet, BigData; AI, etc.). However, decisionmakers have difficulty in obtaining appropriate information that will facilitate their decision-making, which remains a challenge. The rapid evolution of the IT infrastructure leads to the creation of “layers” in the IS that make it complicated and rigid by making interventions to develop it costly and risky. The complexity of information systems reduces their flexibility when flexibility, adaptability, interoperability, and agility are essential for the company’s survival. The complexity complicates monitoring progress and building qualified teams, which requires extensive outsourcing and increases the difficulty of overall control (Goldman & Nagel, 1993).

3.12 Complexity Factors Information systems’ complexity is due to three factors: heterogeneity, autonomy, and development, which make it challenging to model and define the engineering methods of the information systems. The purpose is to manage these characteristics to increase the individual and collective capacity of the different EIS parts. Heterogeneity: It is related to the multiplicity and diversity of the models used: various models from different points of view, different levels of abstraction (conceptual, physical, etc.), types of abstraction (data, transactions, etc.), usage categories (managers, users, etc.), domains (study, production, finance, etc.), etc. (Arteta & Giachetti, 2004). Autonomy: A system is autonomous when it is disconnected and independent of other systems. Autonomy is driven by the fact that an information system is never isolated; it is embedded in its environment and consequently into another system with which it interacts through interfaces, technical devices, temporal or factual events, etc. This environment limits an IS’s autonomy (time, material, human, financial resource constraints, etc.) (Arteta & Giachetti, 2004). Evolution and dynamism: Evolution and dynamism constitute the “vital” aspect of an IS. The information system is scalable in response to changes in its environment

Information System Evolution    41 (strategic, business or technological changes that the company is undergoing) (Goldman & Nagel, 1993; Peterson, 2001; Singh, Huhns, & Huhns, 2005). Also, information system complexity increases with the heterogeneity and evolution of its elements and decreases with its autonomy (Goldman & Nagel, 1993).

3.13 Evolution of EISs Since 1960, the evolution of computer science has seen a significant expansion in computer program concepts. Gradually, the concept of the information system was developed by extending a computer system concept through the translation of the strategic and organizational dimensions (Drucker, 1995; Keen, 1978; Mintzberg, 1973; Wiederhold, 1992). In the late 1980s and early 1990s, CIOs faced a situation where it was impossible to develop the system without rebuilding it. This context has led to high complexity, delays, and costs (Pinsonneault & Rivard, 1998; Willcocks, 2013). During the 1990s, a logic of autonomy also emerged (Zviran, 1990). A company is composed of several subsystems with customer/supplier interactions — these developments are enriching the information system with a considerable number of programs. Certain organizations then have an IS composed by a stack of applications. Evolutionary pressures often imposed on IS weaken it by the lack of a coherent infrastructure (Robson, 1998). Early in the 2000s, information systems became increasingly complex through outsourcing and the emergence of fusions (West, Jr & Hess, 2002). This has complicated the management and monitoring of EIS’s evolution, mainly through inter-organizational integration, which has led to the emergence of the agility concept to address this need (West, Jr & Hess, 2002). Also, the consequences of IT extend beyond the company’s borders, which requires redefining the network of relationships with partners, suppliers, customers, subcontractors, etc. to ensure inter-organizational integration that will improve its exchanges through the network. IT affects the selection parameters of internal and external coordination structures. In particular, their use reduces communications’ time and costs, and production costs. Generally, the impact depends mainly on the structure of the value chain and the characteristics of the business: ⦁⦁ Extension of the market’s role in externalization: the existence of common

databases encourages supplier searches and the decision to outsource.

⦁⦁ Company-internal solution: coordination within the company and possibly

synergy allowing the production of services and/or products at a competitive cost.

Information technologies facilitate internal and external communication and, therefore, coordination internally and externally, regardless of the distance between the partners (Sharifi & Zhang, 1999; Zhang & Sharifi, 2000). Industry 4.0 was created in Germany around 2012 and is being exhibited to the general public by the Association of German Manufacturers of Production

42    Strategic Information System Agility Machinery and Equipment. It is the digitization of industry in the broadest sense of the word. Digital technology is being integrated into product design and also into the associated means of production. The author states from the outset that this concept: also integrates physical assets (machines, equipment, etc.), optimized and connected and keeping a constant link with the products they manufacture, in order to adapt in real-time to variations in customer demands and to respond to changes in end-consumer demand: massproduced but customized products, meeting their exact needs, offering a higher level of quality and giving rise to new services. It is easy to conclude that there are many components to enable the manufacturing company to be digitized from one end to the other. Robotics are therefore used for manufacturing activities, but also sometimes elsewhere. The Internet of Things (IoT) is also in place to ensure communication between heterogeneous objects. The company may also have an ERP System and a CRM to manage customer relations. Dashboards are set up to allow the company to monitor its main KPIs (Key Performance Indicators) constantly. We also talk about mobility. Mobile devices are used in many of the company’s processes. The use of cloud-hosted services is also required for several activities. Gone are the days when the company had to have an infrastructure with several local servers. The flexibility brought to new digital technologies allows us to put the customer back at the heart of the information system. It is a form of return to craftsmanship thanks to p ersonalized services, combined with lower costs and quality made possible by automation. The whole relationship between the industry and its ecosystem is rethought. The digital factory thus makes it possible to imagine new products collaboratively thanks to new processes and materials in a close relationship with customers and suppliers. It also links R&D and design, operators, and support services. Company information systems thus benefit from rapid implementation, low costs, and better information circulation at all levels of the company. Specific products can be manufactured and customized much more efficiently than mass production. Machines, products, and systems can be configured, optimized, and controlled independently of each other. Small Medium Enterprises (SMEs) can thus break free from the limitations of a small factory by taking advantage of processes and material flows more quickly and efficiently.

3.14 EIS Governance Governance, whatever the level at which it operates (management control, project portfolio, data administration, COBIT alignment, Capability Maturity Model Integration (CMMI), IT Service Management (ITSM) by ITIL, etc.) must be situated

Information System Evolution    43 with a trajectory of the evolution of the information system toward its progressive overhaul. The renovation of information systems tends toward the addition of devices that promote agility. It is necessary to be able to modify systems more quickly and more reliably in order to take into account business and technical developments (Valentine, 2016). To achieve quality objectives and ensure the continuous improvement of the enterprise information system, the company must be managed according to a governance framework based on a set of good practices and standards combined with agile practices. A comprehensive enterprise information system program should include IT governance. IT governance is the primary means by which stakeholders can ensure that IT investments create business value and contribute to the achievement of business objectives. This strategic alignment of IT with business is both challenging and essential. IT governance programs go further and aim to improve IT performance and deliver optimal business value while meeting regulatory compliance requirements (Benaroch & Chernobai, 2017). While the CIO is generally responsible for the implementation of IT governance, the CEO and Board of Directors must receive reports and updates to fulfil their IT governance responsibilities and to ensure that the program is working well and delivering business benefits (Turel & Bart, 2014). In recent decades, board members have generally not been involved in overseeing IT governance. Computer science was a mysterious and frightening art, and they did not want to dive in and get shot down by a smart-alec technology genius. However, today, it is a critical and inevitable responsibility, and frameworks have been put in place to manage IT efforts. Several IT governance frameworks can guide the implementation of an IT governance program. Although frameworks and guidelines such as CobiT, ITIL, ValIT, and ISO 38500 (Simonsson & Johnson, 2006) have widely adopted, there is no comprehensive standard IT governance framework; the combination that works best for an organization depends on business factors, corporate culture, IT maturity, and staffing capacity. The level of implementation of these frameworks will also vary by organization. IT governance is a relatively new term, first coming into general use in the late 1990s (Hansen-Magnusson, 2010). Until about 2009, definitions of IT governance tended to primarily focus on creating the right settings for the effective internal management of technological infrastructure and IT department (Ali & Green, 2012; Weill & Ross, 2004; Xue, Liang, & Boulton, 2008). IT departments were expected to deal with a multitude of different issues, including rapid technological change over a brief period. “Boards needed little or no understanding of technical issues because the technology was simply a tool to implement a strategy” (Carter & Lorsch, 2004). Thus the role of IT governance originally had an internal and primarily operational focus. From around 2003, however, a growing range of scholars began to consider IT governance as deserving board attention (CaterSteel, 2009). Perhaps awareness of the need to distinguish between governance and management arose because “new technologies are themselves creating strategic choice for businesses worldwide” (Carter & Lorsch, 2004). Others brought the

44    Strategic Information System Agility integration of corporate governance and ITG closer, suggesting IT governance involving boards needed to be integral to overall enterprise or corporate governance (De Haes & Van Grembergen, 2013). Every company or organization is structured around its missions to achieve the objectives it has set itself. Its activity defines its orientations. It gathers and coordinates a set of means to carry them out and defines itself as a system: that is to say, as a set of interacting elements, grouped within a piloted structure, having a communication system to facilitate the circulation of information, to respond to needs and achieve specific objectives. Some researchers have sought to develop a more comprehensive ITG framework by combining a variety of existing definitions and approaches. In general, frameworks designate the structure of a set of objects within a given domain, besides describing the relationships among those objects (Brown, Grant, & Sprott, 2005). The organizing effect of frameworks is especially useful during the early stages of research in a domain in delineating a research area, providing a foundation for the description of knowledge, and uncovering or highlighting opportunities for more specific theory development and testing within the domain in question (Dibbern, Goles, Hirschheim, & Jayatilaka, 2004). Having uncovered some of the IT governance concepts and challenges, including the lack of a mutually agreed definition of IT governance, it is now useful to discuss the mechanisms that lead to realizing the anticipated benefits of IT governance. In general, IT governance can be deployed using a mixture of structures, processes, and relational mechanisms (Ali & Green, 2012; Weill & Ross, 2004). By integrating the work of (Brown et al., 2005; Cadete & da Silva, 2017; Heeks, Foster, & Nugroho, 2014; Van Grembergen, 2004; Weill & Ross, 2004) developed a conceptual model that describes a comprehensive view of the core elements of IT governance as depicted in Fig. 20. The model is considered well matured as it covers the contingency, multidimensionality, and dynamic nature of IT governance in addition to incorporating the significant elements (structure and processes) and the four objectives (IT value delivery, strategic alignment, performance, and risk management) that drive IT governance (Grant, Brown, Uruthirapathy, Mcknight, & Grant, 2007). Similarly, each dimension of the model (structures, processes, and relational mechanisms) consists of the necessary mechanisms for the implementation of IT governance, as presented in Table 2 (van Grembergen & De Haes, 2009b). Even though several mechanisms exist within this model, the decision on what to implement is influenced by the context and contingencies within the organization and the interacting environment (Nfuka & Rusu, 2011). In recent years, many organizations have undertaken a process of implementing IT governance mechanisms based on a single IT governance framework or a combination of frameworks. In general, frameworks can be categorized into groups, namely: business-oriented frameworks, such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO), technology-focused frameworks (e.g., ITIL), and frameworks that aim at aligning business and technology

Information System Evolution    45

Structures

Rights

Levels

Configuration

External Influence Organizational Competitive Economic Political Legal Regulatory Socio-Cultural Technological Environmental

Accountability

Relational Mechanism

Process

Control and Compliance

Market

Performance Management

Transformation Management

Direction Setting

Timing

Maturity

Fig. 20.  Extended IT Governance Model. goals (e.g., COBIT) (Warland & Ridley, 2005). Predominantly, IT governance frameworks enable executives and practitioners alike to make decisions, direct as well as evaluate and monitor governance-related activities using a standard and unified approach. Adopting appropriate IT governance frameworks assists executives in better understanding the critical role they play in governing IT (Marrone & Kolbe, 2011). For instance, executives’ commitment, strategic objectives, and resource allocation influence the adoption and selection of a particular framework (Benaroch & Chernobai, 2017; Murphy, Lyytinen, & Somers, 2018). From an evaluation perspective, many organizations use frameworks or integrate multiple governance frameworks to improve their compliance with specific regulatory requirements (i.e., Sarbanes-Oxley (SOX)), while also enhancing the internal controls environments (Nianxin Wang, Yajiong Xue, Huigang Liang, & Shilun Ge, 2011). Some of the general frameworks within the IT governance sphere include COSO, ITIL, ISO 38500, and COBIT (Brown, Grant, & Sprott, 2005). The ISO standard addresses the corporate governance of IT and is concerned with governing management processes and decision-making. On the other hand, ITIL is a framework that focuses mainly on IT service management, which enables IT departments to apply strong systematic execution of operations with stringent controls (Marrone, Gacenga, Cater-Steel, & Kolbe, 2014). COBIT is generally accepted as a standard and as a common framework for IT governance that, in comparison with COSO, provides more guidance regarding control over IT (Dahlberg & Kivijärvi, 2006; De Haes, Van Grembergen, & Debreceny, 2013; Oliver & Lainhart, 2012).

46    Strategic Information System Agility Table 2.  The Dimension of the IT Governance Model. Dimension

Definition

Structures

This dimension is concerned with the planning and organizational elements outlined in the high-level governance strategy of organizations. Four main governance structures are included, namely: rights, accountability, configuration, and levels

Processes

Processes refer to the tools used for the control and evaluation of IT governance. There are eight core elements in the processes dimension, as displayed in Fig. 20, that organizations should enact for effective IT governance. Processes are fundamental elements of IT governance frameworks

Relational mechanisms

Relational mechanisms refer to the internal and external relationship management required to ensure the successful implementation of IT governance. Three relational mechanisms are identified, namely: network, hierarchy, and market

Timing

The timing dimension addresses the temporal aspects associated with IT governance implementation, namely: maturity, life cycle, and rate of change

External influences

Different external influences shape the mix of mechanisms used by organizations and should be taken into consideration when implementing IT governance. The external influences include organizational, competitive, economic, political, legal or regulatory, sociocultural, technological, and environmental factors

Despite their established usefulness, Otto (2010) suggests that IT governance frameworks cannot be considered merely off-the-shelf solutions. They cannot be implemented without any customization due to factors such as organizational structure, business objectives, and company size (Raghupathi, 2007). Highlight an urgent need for IT governance models and frameworks that can be expanded and transformed from generic frameworks into something more relevant and applicable to businesses and organizations. The COBIT framework (Neto, CGEIT, Assessor, & de Luca Ribeiro, 2014) states that frameworks, best practices, and standards are useful only if they are adopted and adapted effectively. Accordingly, Dahlberg and Lahdelma (2007), Simonsson and Johnson (2006), and Webb, Pollard, and Ridley (2006) draw attention to the very little academic research that guides how to turn theories on IT governance frameworks and structures into practice. No real framework thoroughly covers IT governance. From standards, the information system is approached according to very different facets: production service and management (Library for IT Infrastructure – ITIL), project development and organization (Integrated Maturity Level Model – CMMI, Guide to the body of knowledge – ITIL), project management (ITIL), project management (ITIL), and project management (ITIL).

Information System Evolution    47 In project management PMBOK, technology and process management (Information control objectives and associated technologies – CobiT and ISO 38500), security (ISO 27000). Each standard tends to extend its field of competence so that it may overlap or duplicate each other. Therefore, the key is integration and adaptation by choosing to build an effective approach and implementing some parts of the standards rather than having the goal of implementing everything (van Grembergen & De Haes, 2009b). Defines the governance objectives through three questions: How are decisions made? About the information system? How to improve and gain acceptance of the making of these decisions? How to ensure that these decisions will be made implementations appropriately? Thus, the implementation of governance must allow the ascent of understandable performance indicators used by management to assess the proper functioning of IT services, in response to the strategic business needs (Beloglazov, Banerjee, Hartman, & Buyya, 2014). The most common IT governance standards are presented below.

3.14.1 COBIT The Information Systems’ Audit and Control Association (ISACA) and the ITGI have founded COBIT in 1992. The first edition of COBIT was published in 1996, and the fifth and latest edition was published in April 2012. The framework has grown to be, and still is, one of the most significant global frameworks for IT governance (Omari, Barnes, & Pitman, 2012). COBIT was initially built as an IT audit guideline (ISACA, 2012), because the framework contained a comprehensive set of guidelines to improve audit and compliance, provided detailed guidance on governance practices, and offered auditors several customized checklists for various aspects of controls assessment (Hiererra, 2012). These aspects make COBIT a perfect framework for establishing control over IT, facilitating performance measurement of IT processes, and allowing executives to bridge the gap between control requirements, technical issues, and business risks (Brustbauer, 2016). Also, COBIT has significant business value in terms of increased compliance, corporate risk reduction, and proper accountability, and is proven to be a useful tool to establish a baseline for process maturity (Wang et al., 2011). Moreover, the framework is growing to be universally applicable due to its full implementation as an IT governance framework (Ribeiro & Gomes, 2009; van Grembergen & de Haes, 2009). From an IT governance perspective, the primary objective of COBIT is to enable value creation through ensuring benefits are realized, risk reduced, and resources optimized. It is also proclaimed to provide business stakeholders with an IT governance model that improves the management of risks associated with IT and leverages a top-down structure to ensure systematic management of the detailed processes to achieve proper IT governance (Von Solms, 2005). The COBIT framework is considered to be a generic, comprehensive, independent, and large body of knowledge designed to measure the maturity of IT processes within organizations of all sizes, whether commercial, not-for-profit, or in the public sector (Elhasnaoui, Medromi, Chakir, & Sayouti, 2015; Wang et al., 2011).

48    Strategic Information System Agility The COBIT framework has been steadily achieving worldwide recognition as the most effective and reliable tool for the implementation and audit of IT governance, as well as for assessing IT capability. It is regarded as the leading standard to adopt for organizations striving to comply with regulations such as SOX in the United States. It is also considered a trusted standard that has been adopted globally, as it provides extensive sets of predefined processes that can be continually revised and customized to support different organizational objectives. Whether for private or public industries, governments, or accounting and auditing firms (Cadete & da Silva, 2017; Guldentops, 2002; Maes, De Haes, & Van Grembergen, 2013; van Grembergen & De Haes, 2009a; Warland & Ridley, 2005; Wood, 2010), COBIT is viewed as an exhaustive framework that encompasses a complete lifecycle of IT investment (De Haes et al., 2013) and supplies IT metrics to measure the achievement of goals (Williams, Hardy, & Holgate, 2013). It is also defined as the best framework to balance organizational IT goals, business objectives, and risks (Warland & Ridley, 2005). This is achieved by making use of (Kaplan, Kaplan, Norton, & Norton, 1996) Balanced Scorecard (BSC) dimensions – Financial, Customer, Internal; and Learning and Growth – to introduce a goals cascade mechanism that translates and links stakeholders’ needs to specific enterprise goals, IT-related goals, and enabler goals (COBIT processes). A set of 17 enterprise goals has been developed and mapped to 17 IT-related goals and sequentially to the COBIT processes (ISACA, 2012). In addition to providing a set of IT governance processes, COBIT also facilitates the appropriate implementation and effective management of these processes through establishing clear roles and responsibilities using a detailed Responsible, Accountable, Consulted, and Informed (RACI) matrix (Simonsson, Johnson, & Wijkström, 2007). The fifth version of COBIT is built on five basic principles: Meeting Stakeholder Needs, Covering the Enterprise End-to-End, Applying a Single, Integrated Framework, Enabling a Holistic Approach, and Separating Governance from Management. Further, the COBIT 5 Process Reference Model (PRM) divides IT into five domains: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

Evaluate, Direct, and Monitor (EDM); Align, Plan, and Organize (APO); Build, Acquire, and Implement (BAI); Deliver, Service, and Support (DSS); and Monitor, Evaluate, and Assess (MEA)

The COBIT 5 domains are broken into 37 high-level IT processes, and over 300 detailed IT controls covering aspects of IT management and governance (ISACA, 2012). Another distinctive feature within COBIT lies in its ability to identify seven categories of enablers (or factors): ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

principles, policies, and frameworks; processes; organizational structures; culture, ethics, and behavior;

Information System Evolution    49 ⦁⦁ information; ⦁⦁ services, infrastructure, and applications; and ⦁⦁ availability.

Thus, it is considered the most appropriate framework to facilitate the alignment between business and IT goals (Oliver & Lainhart, 2012). COBIT 5 transformed into a more business-oriented framework by establishing one integrated framework that consisted of different models (e.g., Val IT and Risk IT). This amalgamation was mainly due to the recognized need to provide a comprehensive basis for options, not only for users and auditors but also for senior managers and business process owners in order to cover all aspects of business and functional IT responsibilities leading to effective IT governance and management outcomes. Moreover, COBIT 5 has been aligned with the ISO/IEC 15504 Process Capability Model (PCM) (ISACA, 2012). From an IT governance evaluation perspective, the shift from the Capability Maturity Model (CMM), or the more recent CMMI, developed by the Software Engineering Institute (SEI) to the new PCM has revolutionized COBIT, giving it a cutting edge in assessing capability at the process level instead of assessing maturity at the enterprise level (ITGI, 2007). This new approach is more consistent and repeatable, but it is also verifiable and can demonstrate traceability against objective evidence gathered during the evaluation process (Basson, Walker, McBride, & Oakley, 2012). The PCM has been used extensively by financial institutions in Europe to conduct internal controls audits to assess the need for improvement. It adds to the advantages organizations should expect from implementing COBIT as the partnership between the framework and the PCM delivers a measurement scale to quantitatively evaluate the existence, adequacy, effectiveness, and compatibility of IT governance processes. Recently, COBIT 2019 was published in November 2018. It contains several new, amended, and updated elements (Steuperaert, 2019). Practical information and technology governance is essential to the business success of any organization. This new version further cements COBIT’s continued role as an essential driver of business innovation and transformation. COBIT 2019 (De Haes, Van Grembergen, Joshi, & Huygh, 2020) is an evolution of the previous version of ISACA’s governance framework. Building on the foundation of COBIT 5, it incorporates the latest developments affecting business information and technology. COBIT 2019 offers greater flexibility and openness to improve the timeliness of COBIT. Below are reflections on the significant changes brought by COBIT 2019: ⦁⦁ The introduction of new concepts such as focus areas and design factors allows

the company to propose good practices to adopt a governance system to its needs.

⦁⦁ Updating the alignment with standards, frameworks, and best practices

improve the relevance of COBIT.

⦁⦁ An open-source model will allow the global governance community to con-

tribute to future updates by providing feedback, sharing applications, and

50    Strategic Information System Agility

⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

proposing improvements to the framework and derivatives in real-time. In this way, new COBIT developments can be published on a cyclical basis. New guidelines and tools support the development of an optimal governance system. It makes COBIT 2019 more prescriptive. COBIT 2019 reference model with now 40 governance management objectives (processes) instead of 37 processes in COBIT 5. Enabler Guidance: has been removed to simplify COBIT. The COBIT Principles for the Governance System and the Governance Framework have been renamed and changed. The IT Related Goals have been renamed to Alignment Goals. The process guide is now structured in “Governance / Management Goals,” the process guide being (only) part of it, supplemented by other governance components. COBIT 2019 introduces three new governance and management objectives:

⦁⦁ APO14 - Managed Data; ⦁⦁ BAI11 - Managed Projects; and ⦁⦁ MEA04 - Managed Assurance.

COBIT 2019 now explicitly integrates DevOps. DevOps illustrates both a component variant and a focus area. It is a current topic in the market and certainly requires specific guidance. DevOps includes several generic governance and management objectives of the central COBIT model, as well as many process variants and organizational structures related to development, operations, and monitoring. DevOps also requires establishing a specific culture and attitude of openness, sharing of skills, and taking teams out of their comfort zone. Similarly, DevOps requires a certain level of automation (services, infrastructure, and applications). DevOps is an area of interest, prioritized among the first and under development. A focus area describes a governance topic, area, or problem that can be addressed by a set of governance and management objectives and their components. Focus areas may contain a combination of generic governance components and variants. The four areas of interest currently prioritized and in the process of being published are: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

small and medium enterprises; cybersecurity; risks; and DevOps.

The number of areas of interest is practically unlimited. That is what makes COBIT open. The addition of new areas of interest will occur at the request or with the input of experts and practitioners.

Information System Evolution    51 3.14.2 LIBRARY (ITIL) ITIL is a framework of best practices, based on a process-based approach, with the objective to improve the delivery of high quality IT services at a low cost. Before its creation, agencies and private sector contractors were independently creating their own IT management practices and duplicating efforts. The content of ITIL is independent of tools, vendors, or industry in which the service is executed, and can be applied to organizations of any size. However, it is not intended to be applied as-is; organizations are motivated to adapt it to meet their own business needs. According to ITIL, service management is a set of specialized organizational capabilities for providing value to customers in the form of services. The act of transforming resources into valuable services is at the core of service management. Without these capabilities, a service organization is merely a bundle of resources that by itself has relatively low intrinsic value for customers. However, ITIL considers service management as more than just a set of capabilities. It is also a professional practice supported by an extensive body of knowledge, experience, and skills. ITIL also defines the distinction between functions and processes. Functions are specialized organizations with certain types of work and responsible for specific outcomes. Such organizations are self-contained, with all the necessary capabilities and resources available for their performance and outcomes. For example, the Service Desk is a function of the role to be the primary point of contact for customers when there is a service disruption. Processes, on the other hand, can be assumed as closed-loop systems, providing changes and transformations toward a specific goal and using feedback for self-reinforcing and self-corrective actions. Processes are measurable, have specific results delivered to customers, and respond to specific events. For example, Event Management is a process responsible for monitoring all the events that occurred throughout the IT infrastructure. Up to version 2, the ITIL focus was on processes, but since its version 3, the focus changed to business value. This change occurred as an attempt to strengthen the relationship between the organization’s business needs and operational IT processes. Version 3 also recognizes the value and applicability of other standards, such as COBIT and CMMI. The ITIL v3 structure is composed of two components: the ITIL Core, which provides best practices applicable to organizations of all sizes and types; and the ITIL Complementary Guidance, which comprises a complementary set of publications with guidance specific to industry sectors, operating models, and technology architectures. The focus on Change Management Advisory Boards (CABs) in previous ITIL versions has led to a misperception of ITIL as not being agile or hindering rapid deployment. However, ITIL was never designed to be implemented in such a way that the IT department would evaluate or fine-tune all changes. To reinforce this and help organizations develop flexible service management strategies, ITIL 4 now incorporates agile and DevOps practices into the framework. ITIL 4 encourages collaboration and communication within the organization and guides how to implement change quickly (Woo, Lee, Huh, & Jeong, 2020).

52    Strategic Information System Agility 3.14.3 Structure of ITIL v4 ITIL 4 comprises the following subdivisions: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

key concepts(key concepts) of service management; the four dimensions of service management; service Value System (SVS); and management Practices. Below is a brief explanation for each of these four subdivisions.

⦁⦁ Key concepts: value, cocreation, and outcomes

ITIL Foundation introduces some key concepts that are important for a good understanding of the framework. These concepts include standard terms such as service providers, stakeholders, and risks. Nevertheless, new concepts are also emerging. ITIL 4 does not focus on service delivery, as was the case in version 3, but rather on value creation. It is not up to the service provider alone to provide this value. Instead, it is a co-creation, the result of a partnership with the customer. This version does not aim at respecting processes, but rather at pursuing objectives: outcomes and improved customer experience as one of the main objectives. ⦁⦁ The four dimensions of service management

Where v3 focused primarily on how the 26 IT processes can be arranged, ITIL 4 goes further. The new version’s spirit also involves taking into account the four dimensions of service management for each service designed or delivered: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

organizations and individuals; information technology; partners and suppliers; and value flows and processes.

⦁⦁ Service Value System and Service Value Chain

With a value-oriented perspective, we will no longer speak of “process models” but instead of “value systems” or “value chains.” The value chain (ITIL Service Value Chain, SVC) is an overview of all the activities you can do to generate value. These activities are Plan, Improve, Engage, Design, and Transition, Obtain/build, Deliver, and support. It is unnecessary to perform all these activities for each service, and there is no set order. Fixing a bug and replacing a server farm involve different activities. This value chain (SVC) is part of a more extensive value system (Service Value System, SVS). ITIL SVS describes all the factors that influence the value chain. These are referred to as guiding principles, governance, and the improvements that the organization performs.

Information System Evolution    53 ⦁⦁ The guiding principles

The guiding principles, introduced in ITIL Practitioner, take on a prominent role in version 4. The nine Practitioner Principles have been revised to seven principles: ⦁⦁ Focus on Value: everything the organization does must, in some way, provide

value to customers or other stakeholders.

⦁⦁ Start Where You Are: when an organization wants to improve something, it

⦁⦁

⦁⦁ ⦁⦁ ⦁⦁

⦁⦁ ⦁⦁ ⦁⦁

should not eliminate all current methods, but should keep the good things and change what does not work. Progress Iteratively With Feedback: The organization should implement improvement processes in small steps, even if they are large projects. Immediately evaluate each step and start over where necessary. Collaborate and Promote Visibility: The organization must work closely with other parties such as customers and suppliers to promote its visibility. Think and work Holistically: Do not think of the IT organization as an island, but as part of a network where the sum of all parts creates value for customers. Keep it Simple and Practical: The organization must ensure that its work and processes remain as simple as possible and remove any steps that do not provide value. Optimize and Automate: Whenever possible, optimize or automate tasks, unless it means higher costs or a poorer customer experience. The underlying ITIL Service Management processes remain – but are now called “practices.” The underlying processes from Release 3, such as Incident Management, Service Level Management, and Capacity Management, remain fundamentally unchanged. However, the 26 processes of v3 are replaced by the 34 practices of ITIL 4.

Why practices? Because ITIL 4 not only describes how a process works, but also, for example, for each of the practices, looks in more detail at the skills the team needs, how they can work with the suppliers and the technology that can be used to do this. ⦁⦁ One Response to Agile, Lean, and DevOps?

ITIL itself has become more agile. This can be seen mainly in the seven guiding principles. The emphasis on value generation, improvement in small steps, the importance of process simplicity, etc., is all part of this. There is a clear perception of agile thinking. These agile ITIL guidelines also facilitate collaboration with agile teams. To demonstrate that version 4 is adapted to the agile philosophy, Axelos recently published a case study of Spotify, which is known to be one of the most agile companies. However, this version does not provide a complete answer to the agile, lean and DevOps aspects. Admittedly, Foundation mentions the terms agile and DevOps. There are few concrete solutions on the possibilities of combining ITIL with more agile methods. Example: how should a helpdesk that has to comply with strict service level agreements collaborate with an agile back office team? How do IT Ops and DevOps work best together?

54    Strategic Information System Agility 3.14.4 CMMI The CMMI is a model for assessing the level of maturity of an organization’s systems, product and/or software development. Its objective is to control engineering processes and consequently, the quality of the products and services resulting from these processes. It provides a reference for best practices in software development. The CMMI is an extension of the CMM (Capability Maturity Model), presented by the SEI (Software Engineering Institute) in the 1980s. At the US Department of Defense (DoD) request, the SEI developed a set of criteria to determine whether a project would be completed on time, on budget, and to specifications. In 2001, the SEI created a new version of the CMM, incorporating all the advances of other models that had emerged to fill specific gaps in the CMM. The latest version of the CMMI (version 2.0) was released in 2018. It allows the model to be applied to the development of hardware, software, and services in all industries. CMMI proposes a set of objectives aimed at guaranteeing the quality of projects (Ramírez-Mora, Oktaba, & Patlán Pérez, 2020). It is accompanied by a repository of good practices expected to achieve these objectives. CMMI provides a framework for the definition of the organization’s key processes, including project management (planning, resource management, risk management, etc.), engineering (requirements management, technical solutions, product integration, etc.), and support (configuration management, quality assurance, measurement, analysis, etc.). It is a tool to help define and improve processes. The need to implement a CMMI model in an organization arises when the company detects recurring problems such as late deliveries, budget overruns, customer dissatisfaction, and lack of management visibility. CMMI, therefore, aims to: ⦁⦁ ⦁⦁ ⦁⦁ ⦁⦁

improve the quality of the delivered product and the productivity of the project; increase customer satisfaction by better meeting their requirements; reduce costs and meet deadlines; and give better visibility to management and allow better risk management.

The good practices recommended by the model are grouped into 25 key processes (Process Area), themselves grouped into five levels of maturity/capacity: Level 1: Initial.  Every organization defaults to level 1. Project management is not defined within the organization. Effectiveness relies on the skills and motivation of individuals. No control is carried out. The project can succeed but with cost and time overruns. Success factors are not identified, and the project does not build on experience. Level 2: Managed.  Project management is defined at the organization level and is applied by default to all projects. All projects meet the CMMI level 2 model’s objectives with the processes proposed by the organization, or by default with processes defined at the project level. The project builds on what has been done previously, thanks to better discipline. Successes are repeatable.

Information System Evolution    55 Level 3: Defined.  Project management processes are extended to the entire organization through standards, procedures, tools, and methods also defined at the organizational level. The entire organization has a discipline that is applied consistently. The organization monitors and manages the improvement of these processes. Level 4: Quantitatively Managed.  The success of projects is quantified. The causes of deviations can be analyzed. Process performance is predictable in terms of quantity and quality. Level 5: Optimizing.  It is referred to as the stage of continuous process improvement incrementally and innovatively. Developments are anticipated. Processes are constantly challenged in order to stay in line with the objectives. The latest version of CMMI is written in non-technical language, making it more user-friendly and comfortable to implement. Organizations can explore CMMI online and configure it according to their specific goals for performance improvement and organizational success. Tools such as Visure Requirements improve maturity by monitoring and tracking requirements and helping to standardize and harmonize the application of business processes.

3.14.5 Committee of Sponsoring Organizations of the Treadway Commission (COSO) The US Congress convened the COSO in response to well-publicized financial irregularities that occurred in the late 1980s. COSO formulated an internal control framework designed to help organizations reduce the risk of asset loss, ensure the reliability of financial statements and compliance with laws and regulations, and promote efficiency. COSO is recognized by many public sectors and professional bodies as a standard for the evaluation of internal control and the risk environment (Chiu & Wang, 2019). Under the COSO framework, the effectiveness of an internal control system is measured by its capacity to provide reasonable assurance to management and the board of directors of their bank’s achievement of its objectives in three categories: ⦁⦁ effectiveness and efficiency of operations; ⦁⦁ reliability of financial reporting; and ⦁⦁ compliance with applicable laws and regulations.

The emphasis on behavior in the COSO model is a recognition of reality, namely that policies specify what management wants to happen, what happens, and which rules are obeyed, bent, or ignored, is determined by corporate culture. The COSO “internal control model” consists of five interrelated components that are inherent in the way management runs the organization. The components are linked and serve as criteria for determining whether or not the system is active. The COSO components include control environment, risk assessment, control activities, monitoring and learning, and information and communication. The COSO enterprise risk management framework and critical components of the operational risk approach.

56    Strategic Information System Agility

Fig. 21.  The ERM Model Proposed by COSO. Another critical theme addressed by COSO is enterprise risk management. COSO divides the enterprise risk management (ERM) framework into eight interrelated components, as shown in Fig. 21, including the following: ⦁⦁ Internal environment – Internal environment describes the work environment

⦁⦁

⦁⦁

⦁⦁

⦁⦁

and risk preferences of an organization and sets the framework for how risk is viewed and addressed by its management and employees. The internal environment includes risk management philosophy, risk appetite, integrity, and ethical values, and the environment in which they operate. Objective setting – Objectives must be set up-front. Risk management function should ensure that corporate management has a process to set the objectives, that the chosen objectives support and align with the entity’s mission, and that they are consistent with its risk appetite. Event identification – Internal and external events affecting the achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes. Risk assessment – Risks are analyzed, considering the likelihood of occurrence and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and continuing basis. Risk response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.

Information System Evolution    57 ⦁⦁ Control activities – Policies and procedures should be established and

implemented to help ensure the risk responses are effectively carried out.

⦁⦁ Information and communication – Relevant information is identified, captured,

and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense – flowing down, across, and up the entity. ⦁⦁ Monitoring – The entirety of enterprise risk management must be monitored, and modifications made as necessary.

3.15 Urbanization The dynamism of enterprise applications is another feature introduced by Singh et al. (2005). Indeed, since current information systems are open and subject to frequent changes in response to strategic, business, or technological changes affecting the company, the applications of these systems must then be able to evolve dynamically to cope with these changes.

3.15.1 The Metaphor of the City Indeed, urban planning is generally based on geographical invariants. A city is structured into zones, districts, and blocks. Planning rules are then established and applied for each area. These divisions must be stable over time, and the city actor will, therefore, consider them as invariant. Similarly, IS urbanization is based on the assumption that stable, functional blocks can be determined, at least for a long time, if not forever (Imache et al., 2012). Urbanization challenges are: ⦁⦁ cost-saving: ways to eliminate redundancies, reduce costs without disrupting

critical business processes;

⦁⦁ providing more value: how to introduce new technology to bring more value

to the business;

⦁⦁ flexibility: ability to design an architecture that facilitates the evolution of busi-

ness processes;

⦁⦁ cost-effective and efficient production: the question is whether new technol-

ogy can be implemented at a lower cost without having to rebuild the existing information system? ⦁⦁ interoperability: how to integrate existing applications and data blocks and make them interoperable? ⦁⦁ opening: how to build the foundations for applications that interact with the ecosystem (Internet, WEB, etc.); and ⦁⦁ ensure quality of service: the ways to manage and control the quality of the service offered. Accordingly, urbanization provides an information system that is better adapted to serve the company’s strategy and anticipate changes in the environment. Corporate information system managers want to satisfy the demands of

58    Strategic Information System Agility technological solutions; however, they face several challenges: costs, budgets, applications that are often not well known, resulting in difficulties in integrating new projects and evolving the information system. Management of these problems leads to dramatic failures. Organizations first wanted reliable and open information systems while maintaining a high level of security. The company’s master plan, which is a strategic plan designed to steer the development of IT in the company, by translating its strategy into IS-related actions (Byrd & Turner, 2000; Knapp, Morris, Marshall, & Byrd, 2009), has mostly met these expectations. In addition to these two required qualities, agility is nowadays defined as a necessary and indispensable tool to face economic instability (Conboy, 2009; Dove, 1995; Knapp et al., 2009; Sharifi & Zhang, 1999). Thus, IT agility becomes the primary objective of any IT department and must be a quality that any company must have within its reach to satisfy customer needs, competition and rapid technological change (H. T. Goranson & Goranson, 1999). Currently, the company’s roadmap does not address this issue; it replaces it with the concept of urbanization of the enterprise’s information system. In order to align the IS with the company’s strategy, there needs to be sufficient flexibility. Nevertheless, it is difficult for the company to cope with increasing and random changes in the environment. In this way, when it comes to finding a new course for the company to face random and unexpected changes, the urbanization project of its information system becomes an adapted and essential compass. The aim of the urbanization process consists in simplifying the vision of the EIS and promoting its use as a factor of value creation and a source of innovation for the company in order to ensure its evolution and competitiveness. The urbanization of the company will enable it to become a highperformance, efficient and fulfilling environment. The organization will then become agile; in other words, able to react to external and internal constraints. According to Cumps, Viaene, Dedene, and Vandenbulcke (2006), an urbanized company has an exceptional response capacity and structures that can be quickly mobilized. Within the framework of the POIRE approach, the purpose of this phase is to improve the agility and characteristics of the EIS: coherence, flexibility, agility, proactivity, interoperability, adaptability, scalability, stability, and efficiency. This will facilitate management of unpredictable changes; while maintaining the coherence of the EIS basis of good practices set that allow corporate governance alignment with new financial requirements and globalization legislation. The information systems have several dimensions that can be analyzed with the typologies of the company (Izza & Imache, 2010), and a complexity that reflects the human organization they must serve. Urbanization is necessary for two reasons: to manage and maintain an asset until it is effectively obsolete, and to have an agile information system that can evolve quickly and effectively to meet changing needs (Sassone, 1988; Willcocks, 2013). In this aim, we first define what the target information system should be, the one that will best serve the company’s strategy and satisfy business processes, that

Information System Evolution    59 is, an aligned information system (Sassone, 1988). Then, establish construction rules to avoid inheriting old information system failures and anticipate changes, in other word, an agile information system (Stein, Galliers, & Whitley, 2016); and finally, determine the path of the current IS to obtain the target, which requires a knowledge of the old IS, to define criteria in order to know when to start and when to finish. Flexibility is essential to align EIS with the company’s strategy. Nevertheless, there are difficulties for companies coping easily with increasing and random changes in their environment. Thus, urbanization has emerged as an essential and appropriate way to deal with random and unexpected changes. The urbanization approach consists in simplifying the vision of the EIS and promoting its use as a factor of value creation and source of innovation for a company in order to ensure its evolution and competitiveness (Sassone, 1988). Urbanization will enable the company to become more efficient, more effective, and more rewarding. It makes it agile, which means it can react adequately to external and internal constraints.

3.15.2 The Urbanization of Information System The complexity of information systems complicates company integration and can be compared to that of human cities or urban systems that are urbanized. As a result, the urbanization of information systems contributes to improving agility. Urbanization is the driving force behind a company’s evolution, whose key to success is the effective use of information. It addresses the evolution of information systems by providing a framework for the system evolving in response to changes in the business environment (Trabelsi & Abid, 2013). The urbanization process has three main phases: (1) – determine the business strategy required to satisfy the need; (2) – definition of functional requirements and specific mapping; and (3) – identification of technological orientations. As illustrated in Fig. 22, based on Izza and Imache (2010) proposes an urbanization approach, in which Urbanization contributes to the various dimensions of the EIS. The design of the EIS, considering their interactions, and the alignment process will be implemented according to the governance guidelines defined by the company’s strategy. Thus, the approach to urbanization and alignment is first from top to bottom (analysis and strategic design), and then from bottom to top (execution and validation), which will increase EIS flexibility and alignment, enhancing its agility. Through the urbanization process, the architecture of the EIS can be structured more efficiently. In this regard, the rules of urbanization and rules of good practice are used, which lead to a digressive decomposition of the overall EIS dimensions: Zone, Neighborhood, and Block.

60    Strategic Information System Agility

IS Strategy EIS Governance

Process dimension alignment

Organizati onal dimension alignment

Informatio n dimension alignment

Resource dimension alignment

Environme ntal dimension alignment

Urbanization Fig. 22.  EIS Urbanization and Alignment. ⦁⦁ Zone: An area forms a homogeneous family of neighborhoods with the same

construction rules and linkage.

⦁⦁ Neighborhood: An information system neighborhood is a fraction of an area

that is itself a fraction of a processed information system. A neighborhood corresponds to what is called a subsystem. A neighborhood forms a homogeneous family of blocks that obey the same rules of construction and coupling. ⦁⦁ Block: A block is a set of homogeneous data and processing. The block is the basic unit of urban planning. A block forms a similar data and processing family, which follows the same construction, and coupling rules.

3.16 Flexibility The significant of IT organizational infrastructure capacity as a critical component of the organization’s survival and competitiveness continues to grow. Sharing IT infrastructure considered widely as the basis for shared IT capabilities used to develop IT applications and support business processes (Chung, Rainer Jr, & Lewis, 2003; Darke, Shanks, & Broadbent, 1998). IT infrastructures are generally the foundation of shared IT capabilities that enable the development of IT applications and support business processes (Lim, 2014). According to Zhu (2004), IT infrastructure as a set of IT organizational resources and capabilities that are shared across the organization and form the foundation on which IT applications are developed and business processes are supported. IT infrastructure capabilities are usually provided by IT/IS (service) organizational functions, but may also

Information System Evolution    61 include public or outsourced facilities used by organizations (Chin, Marcolin, & Newsted, 2003). The main reason for developing IT infrastructure capabilities is to support similarities among different applications or uses, through facilitating information sharing across organizations for cross-functional integration (Broadbent & Weill, 1997). Literature defines flexibility as the react ability to the environmental change, in the areas of information systems, organizational theory, and strategic management or operational management (Lee & Xia, 2005). However, many researchers have characterized IT flexibility as the organizational capacity to support a variety of information technologies and services based on four dimensions: compatibility, connectivity, modularity, and IT staff flexibility. Compatibility is the ability for sharing any information between any technological components. The connectivity is the ability of technology to interact with other technological components. In other words, connect each person, functional area, and application in organizations. Modularity means that software applications facilitate management by a processed routine in separate modules. It also allows the company to quickly create or modify software applications to support product development changes. IT staff flexibility refers to the capability to work collaboratively in cross-functional teams embracing various technologies types (Byrd & Turner, 2000). Weill (1994) found that the IT flexibility is linked to the efficiency and implementation of IT/IS (i.e., business transaction processing systems, information management systems, decision support systems, network management, etc.). Other research indicates that IT flexibility is essential in determining IS/IT effectiveness or operational performance. IT capabilities are usually provided by IT/IS organizational functions (department); they may also include public or external used by organizations. One of the main reasons for developing IT infrastructure capabilities is to support commonalities between different applications or uses, by facilitating information sharing between organizations and cross-functional integration (Izza & Imache, 2010; Maas, 1998; Weill & Ross, 2004). Generally, literature confuses agility with flexibility. However, agility is a combination of speed and flexibility. Agility means the ability to respond to unexpected environmental changes, while flexibility refers to responses to risk situations or anticipated unforeseen events (e.g., scenario planning) (Adams et al., 2009; Izza & Imache, 2010). Mårtensson notes that It is important to not confuse agility, or agile information system, with flexibility or flexible IT Systems. Apparently, the two concepts are related but different. Indeed, the researcher also considers that agility involves using flexibility and proposes a curve that illustrates, at the conceptual level, the relationship between agility and flexibility/complex.

3.17 Agility In the field of IS research, the concept of agility is often associated with terms such as flexibility, dynamic and organic. As previously mentioned, the concepts of flexibility and agility have been linked to the broader challenge of combining

62    Strategic Information System Agility complex IT systems with unexpected, and sometimes surprising, changes in user needs, business processes, corporate structure, strategy, and markets. Early in the 1990s, the concept of agility was introduced into IS research (Bamber, Sharp, & Hides, 2000; Ciborra, 2009; Markus & Benjamin, 1996; Sharifi & Zhang, 1999; Sharp et al., 1999; Zhang & Sharifi, 2000) after agile methods success in computer development. In 2000, the IS search focused on other attributes of explanatory agility (IS) through IT, development methods (IS), and (IS) outsourcing practices. Also in the literature, we deduced that is a lack of a unique definition of the agility concept; The Agility Research in (IS) Agility was devised on several streams. Table 3 highlights the main IS agility research streams. Table 3.  IS Agility Research Streams. IS Agility Research Streams Authors IS design and governance

Rockart, Earl, and Ross (1996) Parger (1996) Clark et al. (1997) Boar (1998) Truex, Baskerville, and Klein (1999) Tan and Sia (2006) Gerth and Rothman (2007) Sia, Koh, and Tan (2008) Stettina and Kroon (2013)

Strategic IS management

Lacity, Willcocks, and Feeny (1996) Sia et al. (2008) Schmidt and Buxmann (2011) Tiwana, Konsynski, and Bush (2010) Joachim, Beimborn, and Weitzel (2013) Alaceva and Rusu (2015) Kale, Aknar, and Başar (2018) Kaur, Kumar, and Kumar (2017)

Competencies and skills of IS professionals

Markus and Benjamin (1996) Butler and Gray (2006) McCann, Selsky, and Lee (2009) Chamanifard, Nikpour, Chamanifard, and Nobarieidishe (2015) Lengnick-Hall, Beck, and Lengnick-Hall (2011) Saha, Gregar, Van der Heijden, and Sáha (2019)

Information System Evolution    63 Table 3.  (Continued) IS Agility Research Streams Authors IS development

Baskerville and Pries-Heje (2004) Lee and Xia (2005) Holmqvist and Pessi (2006) Lyytinen and Rose, 2003 Conboy (2009) Saonee Sarker and Suprateek Sarker (2009) Zheng, Venters, and Cornford (2011) Hong, Thong, Chasalow, and Dhillon (2011) Ramesh, Mohan, and Cao (2012) Wang, Conboy, and Pikkarainen (2012) McAvoy, Nagle, and Sammon (2013) Moy (2018) Shein, Robinson, and Gutierrez (2018)

Methods of software development

Overby, Bharadwaj, and Sambaurthy (2006) Börjesson, Martinsson, and Timmerås (2006) Dybå and Dingsøyr (2008) Tanriverdi, Rai, and Venkatraman (2010) Stettina and Kroon (2013) Hobbs and Petit (2017) Saha et al. (2019)

Design of IT vinfrastructure

Allen and Boynton (1991) Duncan (1995) Byrd and Turner (2000) Benamati and Lederer (2001) Wenzler (2005) Overby, Bharadwaj, and Sambamurthy (2006) Dybå and Dingsøyr (2008) Kim, Park, Kang, and Seo (2008) Fink and Neuman (2009) Tan, Pan, Lu, and Huang (2009) Tanriverdi et al. (2010) Schmidt and Buxmann (2011)

64    Strategic Information System Agility Table 3.  (Continued) IS Agility Research Streams Authors Schapiro and Henry (2012) Celen and Djurdjanovic (2012) Joachim et al. (2013) Li, Jia, Chen, and Yin (2014) Murphy et al. (2018) Morton et al. (2018) Business agility and the value of IS applications

Broadbent, Weill, and St.Clair (1999) Rockart et al. (1996) Lee and Xia (2005) Gerth and Rothman (2007) Gebauer and Lee (2008) Fink and Neuman (2009) Tanriverdi et al. (2010) Bhatt, Emdad, Roberts, and Grover (2010) Chiang, Grover, Liang, and Zhang (2018) Queiroz, Tallon, Sharma, and Coltman (2018) Benlian, Kettingaer, Sunyaev, Winkler, and Editors (2018) Ashrafi, Ravasan, Trkman, and Afshari (2019)

In this section, we briefly describe research related to the agility of the IS in four well-established research areas: IT infrastructure, IS development, IS organization, and IS personnel.

3.17.1 IS Organizational Design Various researchers have also recognized the role of IS organizational structures and governance mechanisms for internal functions and IS outsourcing relationships (Clark, Cavanaugh, Brown, & Sambamurthy, 1997). Define change readiness as the ability of information systems’ (IS) organization to provide strategic IT applications in short development cycles using a highly skilled internal IT workforce. IS organization requirements have been addressed in several conceptual documents. One of the primary antecedents of a flexible IS organization is a partnership relationship between the IS organization and the company. IT departments are advised to adopt a matrix organizational structure – a structure that manages

Information System Evolution    65 technical knowledge as a competence center while simultaneously supporting customer-focused development and service processes. Often referred to as a center of excellence structure (Clark et al., 1997; Gerth & Rothman, 2007), it distinguishes technical and control tasks from business development tasks. Generally, an IT organization should aim to become an emerging organization and create virtual teams to promote close collaboration with business units (Prager, 1996).

3.17.2 Competencies and Skills of IS Professionals IT staff skills and abilities were recognized as essential elements of information system flexibility and adaptability. IT infrastructures and agile IT development. However, two studies in our sample reveal that to approach the capabilities of IS professionals more broadly than in the field of IT infrastructure alone, or information systems development ISD. The starting point for these documents is that IS professionals will need change agent capabilities (Markus & Benjamin, 1996). Also, the consideration of surprising events (Butler & Gray, 2006). In their documents, researchers argue (Butler & Gray, 2006) that organizational structures and the standardization of work roles and practices can prevent IS professionals to taking on a more effective change agent role or acting cautiously in the following areas unexpected situations.

3.17.3 IS Development In information systems development (ISD), research related to agility has focused on the use of agile methods. Conceptual research helped to define the key variables of the research (Lee & Xia, 2005). Developed measurement scales for the two central components of ISD flexibility: response effectiveness and the effectiveness of the response. Later, based on an exhaustive review of the use of the concepts of flexibility, agility, and leanness in business studies, Conboy (2009) defines the agility of an ISD method as follows: The continuous readiness of an ISD method to create change quickly or inherently, to adopt it proactively or reactively, and to learn from the change while contributing to the perceived value of the client (economy, quality, and simplicity), through its common components and its relationship to its environment (Conboy, 2009). Several case studies then attempted to identify a history of flexibility or agility in IST. A central book is that companies should follow the principles of the so-called agile ISD methods (Baskerville & Pries-Heje, 2004; Saonee Sarker & Suprateek Sarker, 2009)). However, it was acknowledged that adoption of such methods is a slow learning process (Berger & Beynon-Davies, 2009; Cao, Mohan, Xu, & Ramesh, 2009; Wang, Li, Sun, & Yang, 2012). Many other variables, such as the organizational context, the various attributes of the project, and collective and individual consciousness, define the ability of project teams to effectively deploy agile principles (Cao et al., 2009; Kalle & Rose, 2003; Ramesh, Singh, & Sharma, 2011; Zheng, Ng, & Sripanidkulchai, 2011).

66    Strategic Information System Agility 3.17.4 Design of IT Infrastructure Research on IT infrastructure flexibility has benefited from early conceptual work, first by Duncan (1995) and then by Byrd and Turner (2000). Although Duncan does not provide a precise definition, the following description provides a starting point for understanding the flexibility of the IT infrastructure: Infrastructure flexibility determines ISD’s ability to respond quickly and costeffectively to system demands, which evolve as business practices or strategies change. Ideally, flexible infrastructure would be an infrastructure designed to evolve itself with emerging technologies and would support the ongoing restructuring of related activities and processes (Duncan, 1995). Subsequently, Byrd and Turner (2000) developed an instrument to measure computer flexibility. The instrument was based on the assumption that the flexibility of the IT infrastructure has eight dimensions: four in the technical base (IT connectivity, application functionality, IT compatibility, and data transparency), and four in the human component (technology management, business knowledge, management knowledge, and technical knowledge). New technological trends can be both a means (Fink & Neumann, 2009) and a challenge (Benamati & Lederer, 2001) for the flexibility of IT infrastructures.

Summary The company’s master plan, which is a strategic plan designed to pilot IT development in the company, by translating its strategy into actions relating to the information system, has mostly satisfied these needs. However, today, agility has become a necessary quality, especially in a constantly unstable economic environment, making it necessary, even indispensable (Conboy, 2009; Imache et al., 2012; Sharifi & Zhang, 1999; Zhang & Sharifi, 2000). IT agility has become the primary purpose of any information systems department, more than that; it is a quality that any company must have, to meet the customers’ needs, face competitiveness challenges, and rapid technological evolution. Faced with the various transformations and needs of the internal and/or external environment, it is essential to structure the EIS to facilitate its evolution and modify its positioning, structure, and skills, all in harmony with the strategic evolution of its company, while ensuring overall consistency in terms of permanent IT governance with the global strategy, interoperability, integration, autonomy, and flexibility. In other words, the EIS must be agile.

Chapter 4

The Conceptual Model for IS Agility Abstract In the current era, multiple factors have driven the IS information system to be able to cope with changes caused by internal and external factors that affect the organization’s strategy. A variety of environmental factors can influence organizational capacity and performance and tend to change organizational strategy, including political, socio-economic, financial, and technological changes. At the beginning of the twenty-first century, other changes are expected, such as those associated with cybercrime and artificial intelligence. In this chapter, the authors discuss the concept of agility, the dimension of agility, relevant literature studies, proposed agility models, and the authors propose their conceptual model of strategic agility for IS.

4.1 Introduction Today, the Department of Information Systems has more than ever the need to manage better their company’s IT policy, which must not only make it possible to offer service availability or continuous business improvement but above all offer competitive advantages linked to the use of information technology. In such a context, IT Departments must be based on the best approaches and practices to offer maximum agility to adapt to functional and technical evolutions and to open up in order to better connect to partners’ processes, while safeguarding and reusing existing IT assets without calling into question the technologies used for several years. Within this framework, a new type of information system, a natural evolution of current systems, will have to be defined and developed and which must be capable of being recycled over time, of being reconfigured effectively without generating new difficulties. In our opinion, this is a significant opportunity to define and use a tool-based approach based on a rigorous methodological approach to guide architects and decision-makers in their process of development, redesign, and modernization of corporate information systems. To cope with the internal and external pressures that the company is undergoing, to control changes with the necessary reactivity, and to reduce costs, it is Strategic Information System Agility: From Theory to Practices, 67–91 Copyright © 2021 by Emerald Publishing Limited All rights of reproduction in any form reserved doi:10.1108/978-1-80043-810-120211005

68    Strategic Information System Agility essential to manage its information system rigorously and coherently, bringing about essential and rapid changes at all levels and in all dimensions of its information system. The changes concern technologies, applications, processes, organization, and human resources. All these elements influence the company’s strategy and vice versa. Thus, there must be sufficient agility in an information system so that it is aligned with the company’s strategy. However, the information systems deployed within companies are not always profitable and efficient, which can be explained by their lack of agility in an evolving environment, as well as by unexpected changes, a situation in which their development is often forced, more than expected. Today, the concept of agility is recognized as a means of maintaining consistency and improving the efficiency of IS. Therefore, the challenge is to keep information systems as open as possible while preserving the company’s information assets; information systems must be able to respond quickly and effectively to changes. Recently, the subject of IS agility has increasingly attracted the interest of IT researchers and practitioners. According to Lee, Sambamurthy, Lim, and Wei (2007) and Sharifi and Zhang (1999), the transformation of uncertainty in the business environment is a significant topic of management research. The transformation of uncertainty requires that the essential functions of any IS can cope with uncertainties. In the current era, multiple factors have driven IS to be able to cope with changes caused by internal and external factors that affect the organization’s strategy. Various environmental factors can influence organizational and performance capacity and tend to modify organizational strategy, including political, socio-economic, financial, and technological changes. At the beginning of the twenty-first century, other changes are expected, such as those associated with cybercrime and artificial intelligence. In this chapter, we discuss the concept of agility, the dimension of agility, relevant literature reviews, and have proposed a conceptual model and conclusions.

4.2 Literature Review Several authors in the past and more recently have given an immense interest on the agility concept (Cai et al. 2013; Chen et al. 2014, 2015; Lu & Ramamurthy, 2011; Mao et al. 2014, 2015; Nazir & Pinsonneault, 2012; Overby et al. 2006; Ragin-Skorecka, 2016; Rai et al. 2006; Sambamurthy et al. 2003; Tallon, 2008; Tallon & Pinsonneault, 2011). At its central, agility entails the ability to react rapidly and flexibly to face change emerged by the technical domains and environment business. Also, agility is defined as “the capacity of an interoperable system to detect its potential unsuitability versus environmental changes and to perform an appropriate adaptation according to its component systems, reactively and effectively” (Zhang & Sharifi, 2000). In other words, we define agility as the ability to perceive, analyze, and respond to changes in a turbulent environment based on competence, knowledge, and learning, to take advantage of opportunities created by environmental change (driver) through technical and organizational infrastructure. In Table 4, some popular definitions of organizational and IS agility are briefly presented.

The Conceptual Model for IS Agility    69 Table 4.  Agility Definitions. Authors

Definitions

Goldman, 1995

For the company, agility means being capable of having a competitive advantage and continually predict the unpredictable requirements of customers

Zhang and Sharifi, 2000

Agility means the capacity of an organization to detect, analyze, and understand changes emerged by business environment, in the aim to face these changes (by changing its internal and external activities) and to perform appropriate solutions in fastest time

Helo, 2004

Agility means the capacity of the organization to respond to a change in a flexible way

Power, 2005

Agility means a combination of market knowledge and virtual corporation to take advantage of opportunities in a volatile marketplace

White, Daniel, and Supply chain managers must admit change but still need to Mohdzain, 2005 improve a strategy that allows them to match supply and demand at an adequate cost. The capacity to accomplish this has been named supply chain agility. Information and more precisely an agile information systems were recognized as being a critical factor in achieving agility in the supply chain Swafford, Ghosh, and Murthy, 2008

An organization supply chain agility directly influences its capacity to create and deliver innovative products to its consumers in a brief time and cost with effective manner

Holmqvist and Pessi, 2006

Agility permits organizations to be able to sense and respond rapidly to unpredictable events and thus satisfy customer requirement changes. This capability is critical in today’s business world. New technologies and the new manners of management of the business are presented continuously to create or change the global requests of the market

Lee et al., 2006

The company needs to address the specificities of the sites covering the activities of the global business. Companies must have the capacity (that is agility) to develop and deploy systems quickly to answer to the new business needs

Desouza, 2007

Agility as a result of routines and quotidian practices that support strategizing between owners, senior management, and other essential strategy processes participants, such as managers, consultants, and staff

Braunscheidel and Suresh, 2009

Agility for supply chain is set as the company capability to more effectively collaborating with distribution partners to face market changes rapidly

70    Strategic Information System Agility Table 4.  (Continued) Authors

Definitions

Mithas et al., 2011

Postulate that knowledge management and agility are two important intermediaries that help implemented

Yi, Ngai, and Moon, 2011

Agility for the supply chain is considered as a basic type of operational capability required for the high performance of the company

Kryvinska, 2012

The agility supply chain is regarded as a crucial type of operational ability required for highly company performance

Sørensen and Landau, 2015

Defining academic agility as the ability of an academic field to examine quickly and ingeniously environmental changes in its central academic debate

Liu, Yang, Qu, and Liu, 2016

Nowadays nearly all organizations count on information systems to operate. Agility in Information systems can be considered as critical to achieving overall agility in business

Park, El Sawy, and Fiss, 2017

A combination of sensing agility, decision-making agility, and acting agility

Ravichandran, 2018

Agility is a competence that allows firms to adapt to contingencies posed by the environment

Zhou et al., 2018

The capability to detect and respond to demands embedded in online customer reviews

Dave and Arthur, 2019

Agility can be defined across four dimensions (creating the future, anticipating opportunities, adapting quickly, and learning continuously); agility occurs with four stakeholders (strategy, organization, leader, and individual); and agility is supported by four human resources (HR) tools (people, performance, information, and work)

The agility notion was introduced in the literature of organizational manufacturing strategic management at the beginning of the 1990s, as a methodology to deal with the instability of the industrial environment and benefit from new opportunities produced through the environment changes to own competitiveness. How can firms become agile? How can they acquire the needed capacities? What exactly are these capacities? Many researchers in the strategic and organizational management fields approached these questions, by referring to the theoretical works and theories preceding the initiation of agility concept. These theories and methods were adopted as a reference to Information Systems agility research.

The Conceptual Model for IS Agility    71 As concerns, the agility concept was increasingly used in union with other terms such as the flexibility, the adaptability, and the reactivity. Inspired by the success of the agile methods in the field of the IT programming at the beginning of the 1990s, the practitioners interpreted the idea of the agile methods used in programming, an interpretation that still influences the adoption of the agility concept of many IS professionals. In the research literature, the concept of agility was attached to the way, which the system information reacted to face unpredictable changes such as the increase user’s requirements, the process business changes, the strategic changes, the competitiveness, the organizational structure, the market changes, and the future changes. In summary, various facets of agility were underlined by diverse authors who led to varied points of view. Therefore, the IS agility research was divided into several sub-domains such as (infrastructure, strategic IS, IT skills of IS professionals, governance of the IS, IS development methods, and software development). Though there is a difference in agility definition in the literature, these definitions are not opposite. However, the disadvantage is related to the lack of the global view of IS agility, lack of theoretical clarity, and conceptual parsimony in a different IS agile research areas, as shown in Fig. 23.

4.3 Literature Methodology In our literature review, we adopted an exhaustive approach relative to the research objective. To achieve that, all appropriate and highly cited academic publications are included in the examination process of our literature review based on several databases and research engines, such as (ProQuest, (Abi/inform), Elsevier, Emerald, Atypon, ACM digital library, ScienceDirect, IEEE Xplore, and Gale Cengage computer), by using keywords as: “IS agility model,” “agile IS,” “achieving

Strategy Changes Technology & Innovation

People

IS Legal Changes

R&D

Future

Fig. 23.  Factors Influencing Information Systems.

72    Strategic Information System Agility agility in information systems.” The combination of used keywords depends on the review or the database. We viewed and treated identified articles; also, examined articles were identified through news citations and bibliographic references.

4.4 IS Agility Frameworks 4.4.1 Zhang and Sharifi (2000) Because changes and the pressures on firms can be different, the agility level need by the manufacturing organizations will also be different. This level is cited with the term “the level of agility needed,” depending on various drivers such as the turbulence of the business environment, the company context, and the characteristics of the company, once “the necessary level of agility” is determined for the company, and the following step is to evaluate the agility level acquired by the organization. The difference between “the agility required level” and the level of agility that the company has already, is the level that the organization must meet in order to be agile. The detection, recognition, and classification are the actions needed to identify different changes faced by the company, in order to reduce the level of impact of each agility trigger individually. The level of agility capabilities required can be determined from the trigger of changes. In the final stage, a conceptual model comprises three steps: The first identifies agility providers that could bring about the required capabilities. The implementation of the identified providers is determined by the second step level of agility achieved. As a measure of performance, and in the third step, the formulation of corrective actions to further enhance performance is performed. Different tools must be developed to support firms in the aim to achieve an above process that has already cited. In summarizing, the researchers (Zhang & Sharifi, 2000) have proposed a methodology to detect a different change in the business environment, in which the company must have the ability to determine the desired agility level. The strategies are available to the company in the aim to determining the unpredictable changes, which influences its strategy and sometimes even threaten its existence and define the capabilities and priorities in order to implement the capabilities needed by the firm to face changes and identify the ways that could support the company to intercept change. The model proposed by Zhang and Sharifi (2000) is presented in Fig. 24.

4.4.2 Gunasekaran and Yusuf (2002) The researchers (Gunasekaran & Yusuf, 2002) have developed their agility management (AM) adequate to firms that work in an aerospace, industrial firm context. This survey evaluated the company’s agility by taking a technical study with the assistance of a suitable questionnaire. The objective is to revise agility prospects in the manufacturing sector to identify key AM strategies and technologies. Also, the authors have proposed a framework to become agile for Industrial Systems based on four keys: strategy, people, technology, and systems, as shown in Fig. 25.

The Conceptual Model for IS Agility    73 Strategy Formulation Identification of Missing Capabilities

Agility Drivers

Assessment of Agility Needs

Changes/Pressures Marketplace

Identification of Agility Providers

Technology

Analysis

Customer Req

Implementation

Assessment of Agility level

Competition Basis Social Factors

Performance Measurement

Fig. 24.  The Proposed Model to Achieve Agility in Manufacturing. STRATEGIES Reconfigurability, Flexible People, Virtual Enterprise, Strategic Alliances, Core Competencies, Reengineering, Supply Chain Integration, Responsive Logistic, STEP, Heterogeneous, Computer Systems, Concurrent Engineering. VIRTUAL ENTREPRISE

RAPID PERTNERSHIP

TECHNOLOGIES

SYSTEMS MRPII, Internet, WWW, Electronic Commerce, CAD, CAE, ERP, TOC System, Kanban, (CIM, ABC/ABM, JIT).

Agile Manufacturing Systems

RECONFIGURABILITY

Rapid hardware, Flexible Part Feeders, Modular Grippers, Real time control Information, Technology (CAD/CAE, CAPP, CAM), Multimedia, Graphical Simulator.

MASS CUSTOMIZATION

Flexible Work force, Knowldge Workers, Skills in IT, Multi-lingual, Empowered Workers, Top Management Support

PEOPLE

Fig. 25.  Agile Manufacturing Paradigm.

4.4.3 Crocitto and Youssef (2003) The authors (Crocitto & Youssef, 2003) consider organizational agility (OA) as the combination of organizational processes, characteristics, and people with advanced

74    Strategic Information System Agility technology. Agility improves the Capability of the organization to provide products and services with high quality to increase organizational competitiveness. They propose an integrated production/operations, general management, and socio-technical opinions in order to develop a model of OA. The proposed model is based on agile suppliers, members of the organization, and united customers through information technology. It is suggested that these connections are based on essential leadership, a culture of the organization, and employee reward systems that create a relationship between technology and people. These relationships include the involvement of people in the process of decisionmaking, the creative process, and product with high quality, by proposing enhanced jobs, technological training, and reward system that increases the OA level. In summary, the authors propose a model based on the integration of the human element to achieve OA and get a competitive advantage as shown in Fig. 26.

4.4.4 Lin, Chiu, and Tseng (2006) The agile organization aims to enhance/satisfy employees and clients. Change is the principal cause behind agility. Even though change is nothing new, today’s change is taking place at a much quicker speed than ever earlier. Turbulence and unpredictability in the market environment have become the principal reasons for failure in the manufacturing industry.

ORGANIZATIONAL AGILITY

QUALITY

COST

SPEED

MANUFACTURING AGILITY

RESPONSIVENESS

FLEXIBILITY

Advanced Manufacturing And Information Technologies

Suppliers

Organizational Memberships

Fig. 26.  Model of Organizational Agility.

Culture leadership reward system

Customer

The Conceptual Model for IS Agility    75 Customer Requirement Competition criteria Market

Technology Social Factors

AGILITY DRIVERS AGILE ENTREPRISE

Cost Time

Enrisch and satisfy Customer

Robustness Function

Quickness Responsiveness

Agility capabilities

Competency Flexibility

AGILITY ENABLERS/PILLARS Leverage people information technology

(Foundation)

Master change Uncertainty

(Control)

Collaborative relationships

(Strategy)

Fig. 27.  Conceptual Model for an Agile Enterprise. In short, the number of changes and their type, specification or feature, cannot be readily shaped and are probably indefinite. Therefore, the authors (Lin et al., 2006) have evolved a model containing four aspects to be agile. The first prospect is that customer requirement, competition criteria, market, technology, and social factors are changing competition in business environments (Agility drivers). In the second aspect, the agile organization tries to enrich and satisfy customers based on components such as cost, time, purpose, and hardiness. Agility capabilities involved in the third facet are flexibility, responsiveness, quickness, and competency. The proposed model is presented in Fig. 27.

4.4.5 Swafford, Ghosh, and Murthy (2008) The authors proposed a process based on a framework of agility in an organization’s supply chain. Three key factors that define the flexibility of the attributes of three fundamental processes of the supply chain in a firm of logistics or distribution, procurement or sourcing, and manufacturing are presented in their framework. Also, they emphasized the factors that constitute the history of its supply chain agility; they also develop the structures and assumptions for the supply chain agility, as presented in Fig. 28.

4.4.6 Ramesh, Mohan, and Cao (2012) According to Ramesh et al. (2012), the strategy of the company is influenced by different elements like environment, socioeconomic, legislative, technological, and globalization changes, which increases the complexity of its information

76    Strategic Information System Agility

SUPPLY CHAIN FLEXIBILITY

INFORMATION TECHNOLOGY INTEGRATION

Increased supply chain flexibility increases supply chain agility

COMPETITIVE BUSINESS PERFORMANCE

SUPPLY CHAIN AGILITY

Fig. 28.  Conceptual Model for Supply Chain Agility. system and the ferocity of competition. For a company to be sure of its position in a context characterized by a rapid and a random change in external environments, it must have a fast adaptation policy, a strategy to rapidly make significant changes for all systems to align it with its strategy and conversely; which means, it must always be agile. Therefore, to achieve enterprise agility, it is necessary to consider the information system agility as an objective. In their papers, the researchers discuss the assessment of agility in the POIRE (Process, Organization, Information, Resource, and Environment). According to the authors, first of all, we must define the target IS, which will best serve the company’s strategy, and satisfy the business process, in short, an aligned information system; Second, to lay down construction rules that allow the system to avoid repeating gaps in the old information system and anticipate changes, in short, an Agile IS. Finally, determining the trajectory transformation from the present IS to the target IS, it needs to emphasize the current information system in order to define appropriate criteria for achieving the restructuring phase. This model is presented in Fig. 29.

4.4.7 Atapattu and Sedera (2014) The authors (Atapattu & Sedera, 2014) propose a research model for detection, response, and customer satisfaction, as shown in Fig. 30. The authors argue that “customer satisfaction” will be at its highest level when a company’s detection

The Conceptual Model for IS Agility    77

Fig. 29.  POIRE Agility Evaluation Approach.

AGILITY Mobile CRM

Sense (Customer’s use of mobile CRM )

Response (customer perceived Responsiveness )

Firm performance

Fig. 30.  Business Agility through CRM for Customer Satisfaction. and response capabilities are aligned. Starting from the argument that increased CRM use by customers enhances an organization’s opportunities to detect customer needs, CRM becomes a substitute measure for corporate perception.

78    Strategic Information System Agility According to this agility alignment module, the company can execute these projects in response to the client’s changing demands since the company’s actions are based on CRM information. Through CRM use, customers can recognize that the company meets their specific needs through the real experience they perceive. In other words, a company’s responsiveness is reflected in the company’s responsiveness as recognized by the customer. The actual customer experience then determines the level of customer satisfaction, as customers perceive that the company is meeting their unique needs. Through CRM use, customers can recognize that the company meets their specific needs through their perceived real experience. In other words, a company’s responsiveness is reflected in its reactivity with its customers.

4.4.8 Park, El Sawy, and Fiss (2017) The authors (Park et al., 2017) propose a configurative approach to support OA and maintain competitiveness by explaining how IT, corporate, and environmental elements combine to achieve the desired results. Fig. 31 illustrates the components and suggests specific, rather than general, prescriptive causal recipes for producing OA in specific organizational and environmental contexts.

4.4.9 Morton, Stacey, and Mohn (2018) In their study, Morton et al. (2018) propose a framework for IT executives. This framework brings these practitioners together with episodes of practice and associated practices to build and maintain strategic agility, as shown in Fig. 32. The frame includes practical and theoretical strategy work to conceptualize IT executives as strategy practitioners. It demonstrates their role in strategy development, that is, building and maintaining strategic agility through the interaction of distinct sets of practices in episodes of strategic practice. The results emphasize that IT executives contribute, through their practices, to strategic agility in several ways.

4.4.10 Wu (2019) In their work, Wu (2019) proposes an IS integration to improve supply chain agility, based on four key elements. First, on customer sensitivity, for a rapid response

Fig. 31.  Producing Agility through IT Configuration.

The Conceptual Model for IS Agility    79 LEADING BALANCING MONITORING

APPLIYING BALANCING

Executive IT-leaders Strategic Agility Practices

FOSTERING CONSOLIDATING

ADABTING EVOLVING LEVERAGING MONITORING DEVELOPING REPORTING

Building And Strengthening Maintaining Strategic Strategic Agility Influence

Explore Internal And External Organizational Domains

Effectively Communicate And Collaborate

Manage Tensions Within Organizations

Episodes Of Strategy Praxis Over Time

Executive IT-leaders As Strategy Practitioners

E.g CIO, CTO, Vice-President of IT

Fig. 32.  A Framework for Executive IT Leaders to Strategic Agility. to customer needs. Secondly, by delivering real-time information to detect changes, at the customer level and market developments, to improve product and volume flexibility. Third, cooperation within the organization for synchronization between staff and organizational sub-units, which are essential in the implementation of necessary actions to meet the continually evolving needs of customers. IS integration enables communication by real-time synchronization of information across the entire supply chain. Fourth, virtual integration facilitates a process of improving agility by encouraging the free flow of information and exchange of ideas, such as collaborative organizational work. Systems’ integration leverages the value of information by crossing internal and external organizational boundaries, thereby providing the necessary information. Systems’ integration leverages the amount of information by crossing internal and external organizational borders, thus providing essential information, as shown in Fig. 33.

4.5 Discussion and Critics 4.5.1 Discussion The IS Agility has attracted the attention of researchers since the 1990s with articles proposing many approaches and concepts for organizations and their information systems in order to respond off the new requirements of organizations, information systems, employees, and customers. At the beginning of the twenty-first century, agility research has evolved from the general explanation of the agility paradigm to the explanation of agility through the attributes of the computer system, the development methods, and practices of outsourcing, and the (IS) staff. Research on IS agility was therefore

80    Strategic Information System Agility

Fig. 33.  IS Integration to Improve Supply Chain Agility. divided into different sub-areas such as Strategic IS Management, Business agility and the value of IS applications, IT Infrastructure, Skills of IS Professionals, Governance of the IS, Methods used in IS development, and Methods used in Software Development, which give diversity in research presented to date. The strategic agility of IS presents a severe challenge for researchers. The agility notion still not clearly defined and conceived, although the primary and the principal drivers of agility such as People, R&D, Legal changes, Strategy changes, technology change, and Future changes have been cited in the literature review. Nowadays, the above agility requirement constitutes a significant preoccupation of organizations, which seeks more flexibility and reactivity to cope with several changes. In other words, SI must have the capacity to modify its structure, after a pertinent analysis of the existing IS, and their requirements.

4.5.2 Critics We do not find a general definition of agility; there are various opinions about the meaning of agility concept. In research, the term of agility is used to define the way that (IS) can be adapted to cope with the unpredictable change emerging from internal or external the organization. No one of the above models has cited IS security, such as a driver for agility. Also, the proposed models and methodologies do not get up any systemic process for the implementation of agility except (Zhang & Sharifi, 2000). Also, the proposed models are primarily based on manufacturing area and do not give a holistic and comprehensive approach to agility measurement and improvement in another organizational context, such as the organization operating in the public or service sectors.

The Conceptual Model for IS Agility    81 These models proposed a methodology for enhancement of flexibility, but no one of them suggests a practical method for agility assessment and improvement.

4.6 Agility Components As mentioned in the literature section, one of the most interpretations to define the agility concept is “the capacity to adapt to changes” (Conboy, 2009). Information technology is thought to be an essential ability for increasing OA (Woodard, Ramasubbu, Narayan, Tschang, & Sambamurthy, 2013). According to Lu and Ramamurthy, IS agility is generally considered as an enabler of a firm’s agility. Acknowledges that, which IT capability as an underlying component reflected in three dimensions: ⦁⦁ IT infrastructure capability (the technological foundation); ⦁⦁ IT business capability (business-IT strategic thinking and partnership); and ⦁⦁ IT proactive stance (opportunity orientation). In this perspective, IS must first

identify agility drivers to determine the required level of IS agility. To define the current level of IS agility, we must identify the agility providers. This latter helps IS to improve their existing capabilities and specify the capabilities to promote the ability to face changes.

4.7 Agility Drivers According to Markus and Robey (1988), conceptual models are generally derived from process theories or variance (factor); also, researchers have cited several factors about drivers, capabilities, and providers. According to Zhang, the drivers of agility are the changes/pressures emerging from the business environment, which are necessaries for a company to find new solutions in order to maintain its competitiveness. Also, Susarla et al. (2012) argue that new emerging operational priorities require new IS capabilities. In Table 5, we have listed seven different categories of drivers change relevant to information systems: Strategy, Technology, Legal changes, People organizational, Security and, finally Research and development (R&D).

4.8 Capability The literature has indicated three types of IS capability: ⦁⦁ Technical capability: Refers not only to the specific technical specialities

(including programming, understanding software development processes and knowledge of operating systems, database systems, and other such areas), but is also concerned with the understanding of where and how to deploy IT effectively in order to support the strategic goals and objectives of an organization (Lee et al., 2006). IT personnel with robust technical capability are more likely to provide practical technical solutions faster.

82    Strategic Information System Agility Table 5.  Agility Drivers Types. Type

Drivers

Authors

Technology

IT architecture Planning and development The introduction of new technologies

Zhang and Sharifi (2000) Felipe, Roldán, and LealRodríguez (2016) Fink and Neumann (2009) Schmidt and Buxmann (2011) Joachim et al. (2013)

Strategy

Business value (IT investments) Assessment framework Analysis and planning Governance Migration planning Development Managing strategic changes

Overby, Bharadwaj, and Sambaurthy (2006)

People

Client satisfaction Personnel skills and competencies Customer requirement Interpersonal and management skills

Avital et al. (2006)

Security

Attacks Vulnerability Incidents Intrusions Breaches

Kankanhalli, Teo, Tan, and Wei (2003) Pereira and Santos (2010) Soares and Sá-Soares (2014) Polónia and de Sá-Soares (2013)

R&D

Best practices Management IS Work process Rules

Weill, Subramani, and Broadbent (2002) Hugoson, Magoulas, & Pessi (2008) Zheng, Venters, and Cornford (2011) Wang, Conboy, and Cawley (2012)

Organization environment

Competitors’ actions Economic shifts

Sambamurthy, Bharadwaj, and Grover (2003) Overby, Bharadwaj, and Sambaurthy (2006)

Legal

Regulatory/legal changes

Overby, Bharadwaj, and Sambaurthy (2006)

The Conceptual Model for IS Agility    83 ⦁⦁ Business capability: Relates to the ability of IT personnel to comprehend the

business processes they support as well as the organizational consequences associated with the practical solutions they implement. Such ability requires general business knowledge, organization-specific knowledge, and knowledge to learn about business functions (Byrd, Pitts, Adrian, & Davidson, 2008; Fink & Neumann, 2009; Lee et al., 2006). ⦁⦁ Personnel capability: Means a set of interpersonal and management knowledge and skills which are especially critical to IT personnel who habitually assume a boundary spanning role in their organizations (McCann et al. 2009). Such capability includes project management, team collaboration, planning, presentation and communication, organizing and leading projects, etc. (Fink & Neumann, 2009). IT personnel with strong behavioral capability are often sensitive to organizational culture and politics, which makes them work efficiently and effectively across business functions. Researchers suggest three main phases to agility: drivers, capabilities, and enablers or providers. Several factors have been emphasized on the capacities of drivers and enablers in the IS fields. Here, we combine those elements to form a new and complete model of OA areas. Fig. 34 describes the different component to achieve agility.

Fig. 34.  Agility Types of Research Components.

84    Strategic Information System Agility

4.9 The Proposed Conceptual Model to Achieve Strategic Agility In Fig. 35, we proposed a model for a practical methodology of IS strategic agility. This model suggests that any IS requires to examine external and internal IS environment. At the first step, IS must sensing diverse internal and external drivers. These factors represent the organizational strategy, technology, people, legal changes, intra-organizational context, technology, security, R&D, organizational environment, and so on. At the second stage, it is essential to identify the drivers that press on IS to change or challenge the IS life and survive. Therefore, it needs to resolve rapidly and efficiently agility’s drivers as they meet with those factors, which require the identification, categorization, valorization, and prioritization

Sensing

TREATMENT & ANALYSIS

Strategy

D RI VERS

Ogranizational Technology

Security People Legal

R&D

IDENTIFICATION

CATEGORIZATION

VALORIZATION

PRIORITIZATION

Results communication & Readjustment

Determined Capacity

DBPA

Determined / Update PSIS

Strategy Formulation

Analyse & Diagnostic Agility Level need

Implementation Gap Analysis Measuring Agility level

Fig. 35.  A Conceptual Model to Achieve IS Agility.

Current Agility Level

The Conceptual Model for IS Agility    85 of changes faced by the company, as well as the analysis of the impact individual changes will bring to the company. The results of this and previous stage can be analyzed in order to determine the strong and weak point. At this position is should determine an agility level needed to react with an efficient way to the changes or pressures. The IS needed agility level is considered equivalent to the degree of drivers change impact. The difference between the required level of agility and the existing constitutes a supplementary pillar of decision-making after its analysis. In this work, the results of the examination are typically classified into four types: ⦁⦁ The IS does not need to respond. ⦁⦁ The IS agility level is satisfactory to answer to changes as might be encountered

in the future.

⦁⦁ The IS must be agile but not in an emergency. ⦁⦁ The IS must be agile effectively and urgently.

The next step following the measuring of needs agility is to define the necessary agility capabilities in the aim to become agile. The last stage of the model requires determining the agility Drivers, which could provide the necessary capabilities, implement the identified providers, determine the current agility level, and finally formulate corrective actions in order to enhance performance. It should be noted that some tools must be developed to support appropriately carry out the above model.

4.9.1 Sensing Recall that the allied forces of environmental change include competitor actions, strategic changes, and changes in consumer preferences or IS staff skills, economic changes, regulatory and legal changes, and technological advances. These different changes require a standby to detect any potential changes regarding each of these types. For example, an organization needs the capacity to sense market changes, track competitors’ actions, consumer preferences change, and economic changes. Furthermore, sensing regulatory and legal changes that have an impact on a company is a necessity and this is through government relations’ department or legal service. Finally, practical research, development, and IT capabilities will be required to detect technological progress and how an organization can exploit them to take competitive advantage. According to Brynjolfsson and Mendelson (1993), the information system is the core of the company. Viewing its role, the IS must have a strategic intelligence sensing on all elements influencing the company and its strategy. According to Brynjolfsson and Mendelson (1993), the information system is the company core. Viewing its role IS must have sensing on all elements, influencing the company and its strategy. Today an essential flow of information requires a daily listening on Aggregators, alerts, RSS feeds, networks social, ERP, and so on, to detect an opportunity or anticipate a menace. Table 6 illustrates the types of sensing which organization can adopt.

86    Strategic Information System Agility Table 6.  Sensing Types. Sensing Types

Temporal Horizon

Target

Actors

Scientific

Permanent long-term

Scientific database Scientific congress Journals and scientific reviews

Department of Prospective Department Strategy R&D

Societal

Permanent long term

Political actors Study of cultural, political, social, and historical factors Public opinion

Department of perspective Department strategy R&D

Analysis of competitive movements Alternatively, the introduction of new products Analysis of a market event

Responsible Operational Divisions

Commercial Permanent and competitive Short Term

Strategic sensing

Short Terms Detection of incongruities; Conferences, fairs, and Symposiums

Social media Sensing

Permanent long-term

Product Manager Division of Product

Top management Agility team

Analyze information Marketing managers on current topics related to their companies

⦁⦁ Scientific sensing, which covers all areas that could give the company a com-

petitive advantage based on scientific evolution (science, technology, processes, and methods). ⦁⦁ Societal sensing: This sensing consists of discerning among a certain number of changes “demographic evolution, cultural changes, ...” the significant changes, which are taking place in society and which risk transforming or disrupting the company and its environment. Through the study of cultural, political, social, and historical factors, institutional, political actors (state, administrations, local authorities, trade unions), public opinion, the evolution of regulations, and the environment. ⦁⦁ Commercial and competitive sensing, which includes the business aspects (centered on markets, customers, business methods, etc.), moreover, competitive (about competitors and new entrants, products, and especially new alternative products, relations with suppliers, consumer relations, etc.).

The Conceptual Model for IS Agility    87 ⦁⦁ The strategic sensing, which benefits from the coordination of the various

existing watch structures. Another way to segment the various forms of what is to distinguish them according to their time horizons, their fields of application, and the nature of the actors required: sensing is a “continuous and largely activity to sense a different change driver such as the technological societal, commercial and competitive environment. That is mean to permit an organization to anticipate changes.” ⦁⦁ Social media sensing: Nowadays, Social Media sensing has become a necessity for any companies that want to plan and manage their communication on social networks or keep an eye on competitors. Marketing managers can analyze information on current topics related to their company. Also, it is possible to monitor exchanges of opinions, discussions, and trends in real time. The Social Media monitoring allows having a vision on the influencing Web exchanges. Also, identify and react at real-time to the critics.

To describe and specify the subjects that interest the organization and for which it is required to collect data or information, it is necessary to define the sensing axes and the purposes that should concern the strategic factor, commercial, competitive, technological, legal, regulatory, economic, societal, etc. On the other hand, identifying the objectives targeted by the decision-makers means the strategic objectives of the company. The sensing phase must carry out on a regular or variable data sources, giving the right level of pertinence to the information corresponding directly or indirectly to the sensing axes. In the phase of identifying, processing, and analyzing the collected data, it is a question of analyzing the collected information and organizing it in such a way as to make it exploitable. Finally, the phase of validation and readjustment after the communication of the results allowed the adjustment by deepening or reorientation of the objectives and means of sensing as shown in Fig. 36.

4.9.2 DBPA DBPA (Agility DataBase Provider) will allow managing agility providers for each organization and critical information. The establishment of a reference is necessary to improve the level of agility of the SI and to be able to exploit it in the future. By centralizing the various information available after the communication phase of the results, this will make it possible to manage all the characteristics of all the providers managed and listened. Building a database is necessary to improve agility. In an approach based on the results communicated and the relevance of the information, the DBPA will allow managing all the characteristics on all the agility triggers that press on the IS as: ⦁⦁ identification of the configuration items CIs and attributes associated with

each provider;

⦁⦁ the complete history of all activities related to a provider;

88    Strategic Information System Agility Definition / Redefinition Of The Aims And The Axes Of Surveillance Determining Types Of Useful Information Identification And Selection Of Sources Of Information

SENSING

Treatment / Analysis Of Collected Information

Synthesis And Perspective

Communication Of The SENSING Results

Validation and Readjustment

DBPA

Consultation

Fig. 36.  Sensing Phase. ⦁⦁ intuitive modeling of relationships between providers; ⦁⦁ impact analysis on IS, on users; and ⦁⦁ possible solutions and actions.

4.9.3 The Level of Agility Need Assess the level of agility needed is essential with the aim to determine the contexts, in which agility is necessaries and those in which agility may represent wasteful of resources.

The Conceptual Model for IS Agility    89 We estimate that environmental conditions become increasingly turbulent for firms across success; organization agility will be necessary for firm success. The needed agility level for an IS is considered equal to the level of IS internal and external changes. ⦁⦁ Assessment of current agility level

It is necessary to consider the change generated by factors being marked in the model include general actors such as Strategy, Technology, people, R&D, Security, and organization environment. To evaluate a current IS level agility, the IS must sense proactively the needs of an organization and its external environment and take advantage of unexpected opportunities. Because each of these general factors is divided into some sub-factors, the evaluation tool should also take structure layers. A top layer corresponds to the general areas to be evaluated and a second layer corresponds to specific agility driver of each information systems and organization.

4.9.4 Security Policy When an organization decides to make a change in its information systems, a security assessment related to this change becomes a necessity otherwise an obligation. In order to study each possible vulnerability, this evaluation must include an explicit analysis of the security policy and the existing procedures. Emphasize should be placed on detecting vulnerabilities that may or may not be used to infiltrate or get data. Ideally, we should start by defining a comprehensive cybersecurity strategy and/or a cyber-risk assessment. These will give an important starting point. Failing that, we should consider the cyber standards of security that the organization must adopt, such as risks, and contractual relationships that we must respect. We must ensure conformity of the security policy with the standards of IS security; we need essentially write entirely new security policies which are determined from new requirements (new capacity). Maintain accurate registers of system files, Software, hardware problems, and service requirements. Good knowledge and support of the technologies and elements to be introduced to the Information systems, preserve adequate support for the end-user support process, back-office, and a backup for any application in IS. It should be noted that it is essential to reach a substantial agreement from the Top management of the organizations. Otherwise, this will be the first obstacle to non-compliance with the new policy thing that will undoubtedly affect the security level of the organization.

4.9.5 The Proposed Model Contribution The purpose of this chapter is to provide a conceptual model for assessing and enhancing IS agility in order to respond effectively to any internal and external changes in the organization.

90    Strategic Information System Agility None of the models or methodologies previously described in the literature proposes a systematic model for the implementation of agility except Zhang (Zhang & Sharifi, 2000). Although these models designate three parts of agility as drivers, capacities, and enablers, but do not agree on the elements of these fundamental parts. Also, many steps, such as the strategy formulation, the external and internal environmental evaluation, the agility measurement process, and the development of action plans, are not identified and articulated. As we have seen in the agility’s approach section, the authors have set out many different definitions for the agility concept, but they do not agree on a unique definition. We define agility as the ability to cope with driver changes by using enablers in order to gain beneficial capabilities. In summary, the main characteristics of this methodology than previous models are: ⦁⦁ The proposed model has a systematic approach to guide information systems’

direction to implement agility easily and successfully.

⦁⦁ Internal and external drivers of change are considered and determined in this

model.

⦁⦁ Many factors, capabilities, and providers have been identified in this model. ⦁⦁ Strategy formulation and action plans are mentioned in order to move away

from the traditional IS to the Agile IS.

⦁⦁ Provide many approaches to measure a level of agility that IS has gained to

re-analysis conditions and design improvement initiatives.

⦁⦁ A security policy for IS (PSIS) formulation or an update in the case of existing

PSIS must be applied in order to consider the new changes and preserve the information patrimony. ⦁⦁ Some agility frameworks attempt to present a more integrated and holistic model still has a vision mainly centered on production and technological aspects of the company, but this model can be applied to any organization (whether profit, nonprofit, service, public, and private). ⦁⦁ This model shows the need for a knowledge-based system for further distinguished the new changes. ⦁⦁ Finally, a method to measure agility must be adopted and applied frequently to maintain the synergies of IS and Agility level, in the aim to intercept the changes evolving from inside and/or outside the organization.

Summary From a strategic point of view, agility lies in the conquest of new markets, in risk-taking, in the apprehension of new social and environmental issues. Thus, at the level of the operational strategy, it consists of an ability to integrate the stakeholders into the business practices and a better understanding of the business by re-estimating all the links of the chain of value in a logic of creating a competitive advantage. In other words, talking about agility is necessarily about strategy and, more specifically, about the organization, culture, and management model that will make it possible to best relay the need for reactivity.

The Conceptual Model for IS Agility    91 This chapter introduced the concept of agility in enterprise information systems and the frameworks for producing and evaluating agility. Although these frameworks are relevant, they are still at the conceptual stage and therefore of limited scope and maturity. To be able to define new methods and improve existing ones, integrated methodologies and tools to take into account the concept of agility throughout the life cycle of the information system would be a considerable contribution for companies, which must find effective ways to survive and evolve serenely in the current economic environment characterised by fierce competition and rapid and random changes.

This page intentionally left blank

Chapter 5

Strategic Agility for IT Service Management: A Case Study Abstract In order to support transformational business change, IT needs to streamline the process of bringing new IT processes to life. In today’s ever-changing business world, nobody knows what is around the corner, so improving agility is the best way to the future-proof organization. IT Service Management is the ability to collect data, analyze it, to make reports, and to implement improvements in agile mode, sometimes make it challenging to manage all these informational organization assets effectively. To perform real-time monitoring of these activities, manage, and be able to involve the final user in the heart of the IT process, or reduce operating cost, agility is the ideal solution. In this chapter, the authors propose a global strategic model to improve Information Technology Service Management service management processes with the additions of two drivers: agility management and security management.

5.1 Introduction According to Brooks (2006), IT service management tools deal with many IT service management measurements, and most of it will be attractive to people in the related departments with the same activities. Metrics are identified to show development and the performance of the system. Therefore, there are three types of metrics to improve the quality level of the evaluation framework such as effectiveness, capabilities, and efficiency. These elements could be matched into any technology, process, or service that focuses on Operational Level (Service Support Domain), Tactical Level (Service Delivery Domain), and Strategic Level. This chapter aims to identify the crucial aspects that propose a comprehensive framework for Information Technology Service Management (ITSM) efficiency. It was collected from a theoretical and empirical research study that Strategic Information System Agility: From Theory to Practices, 93–116 Copyright © 2021 by Emerald Publishing Limited All rights of reproduction in any form reserved doi:10.1108/978-1-80043-810-120211006

94    Strategic Information System Agility generated answers to the sub-level research questions. The author tried to extract a framework based on the literature review and various sources from the practical environment. The framework was used within the far-reaching empirical study to find ways to compare and identify different corporation metrics. The organizations were becoming more reliant on a comprehensive framework to control IT service management in organizations; how Information Technology Infrastructure Library (ITIL)-ITSM best practices affect organization efficiency and problem-solving. The IT department’s responsibility for maintaining and securing the IT environment now includes all devices’ employees use, but budgets and IT resources are limited. The framework ITSM proposed exploits the good practices of ITIL and ISO 2000 and integrated new strategic axes such as agility and security in order to propose an efficient and agile IT service management. It replaces the traditional IT services of the “control and control” type, oriented peripherally by a complete integrated, user-oriented approach with the integration of four disciplines of IT management (Service management, Security management, Agility management, and Asset management). The IT department’s responsibility for maintaining and securing the IT environment now includes all devices employees’ use, but budgets and IT resources are limited. Agility is the right solution for IT departments to streamline IT processes and manage all aspects of end-user productivity. The objective is to reinforce the traditional IT services of the “control and control” type, oriented peripheral by a complete integrated approach, oriented user. ITSM increases the level of the communication efficiency between business departments and provides a structure to plan, research, and implement IT services. The needs of IT service management in organizations can be changed in the ways they do business, communicate, and also develop and innovate, gain market advantage and differentiate themselves to their customers (Brooks, 2006). Also, ITSM allows companies to internally govern and follow the set of global standards. For a better understanding of the ITSM concept in the organization, reviewing the ITSM component would be useful. ITSM components consist of Process, Technology, Manpower (people), Organization, and Security, which is recently added to the organization construction to improve the system security (McNaughton, Ray, & Lewis, 2010; Park, Kim, Choi, & Jun, 2008). As mentioned earlier, the IT service is connected to the four fundamentals of ITSM. Therefore, when IT is aligned with the business strategy and the organization, it can do what it wants to do. Furthermore, IT and new technologies enable the organization to do new things that were never possible before (Silva Molina, Plazaola, Flores, & Vargas, 2005). The strategic outcome is that the overall business benefits from active IT-related service and IT benefits that are integral to the company’s business plans will be delivered to the maximum economic value. In the literature and even references such as ITIL, ISO 20000, and Cobit (van Grembergen & De Haes, 2009a), there is no practical, concrete, and agile model for the implementation of IT services and assets management in organizations. In this work, we propose a global, practical, and agile framework for supporting IT Service management ITSM. The proposed framework surpasses the limitations of existing methods/referential and meets the needs of international standards regarding flexibility and agility to improve ITSM processes. This generic

Strategic Agility for IT Service Management    95 framework will help any organization in the implementation of an agile, secure, and optimal IT Service Center. We measure the proposed framework by adopting a continuous improvement process based on DevOps (DevOps is the concatenation of the first three letters of the word “development” and the usual abbreviation “ops” of the word “operations”) and the PDCA Deming cycle.

5.2 IT Service Management ITSM During the last two decades, the ITSM related frameworks have provided a better systematic approach to the management of IT services in the fields of IT operation to continual improvement, implementation, and design (Marrone & Kolbe, 2011). For example, different studies have concentrated on the adoption of IT Service Management (ITSM) as a “particular service-oriented best practice.” According to Winniford, Conger, and Erickson-Harris (2009), about 45% of US corporations are operating an ITSM, while 15% are preparation its usage. IT service management is somehow the quality customer service that tries to ensure that customer needs and expectations are met at all times (Tan, Cater-Steel, & Toleman, 2009). In “ITIL: What It Is, And What It Is Not,” Hank (2006) examined in the measuring techniques of successful companies when implementing the ITIL-best practice. He describes Service Support and Service delivery and explains its stress on an ITSM-ITIL best practice that it does not stand alone, and it could be successful when applying to other practices. The authors define three significant tasks, which define appropriate goal setting through a Process Maturity Framework (PMF), rigorous auditing and reporting through a Quality Management System, and Project Management, and a Continuous Service Improvement Program, to support ITIL-usage. Furthermore, he also provided more information about business-aligned IT process and continuous improvement of the tactical and operational components, especially those processes that focused on service quality by clients and users (Hank, 2006). Apart from the other works on improving the efficiency of IT service management field, there is a real-life example of a case study, which is focusing on IT framework, and Service Strategy process of Steel Manufacturing Enterprise (SMC). In a manufacturing enterprise, Yao and Wang (2010) used integration of COBIT and ITIL best practice to implement and improve the ITSM framework. They introduced an approach to service strategy evaluation framework in SMC by providing indicators for the different evaluation process to improve the result from ITIL implementation and to increase the improvements on changed IT processes; they use different approaches to find the problem of Business-IT-alignment in SMC. The approach aims at minimizing the difficulty of business-IT-alignment in importance within the IT community. In the same article, Bartolini, Sallé, and Trastour (2006) has suggested an IT Management by Business Objectives method, which is a unique way to ensure business strategic objectives-IT alignment, by defining a new system for decision support in ITSM. It is closely related to the ITIL component in operational level and tactical level of theoretical. In “E-government: ITIL oriented Service Management Case Study,” Meziani and Saleh (2010) developed a service management self-assessment plans for the government agency to support the continuous quality improvement of IT processes

96    Strategic Information System Agility based on ITIL governance – gap analysis methods concerning ITIL standards (Meziani & Saleh, 2010 ). In their work entitled “Managed IT-Services: The role of IT standards,” Kumbakara (2008) argues the practical issues based on standards and the management of IT services delivered by external or outsourced service providers. Here, the purpose of the authors is to assist IT organizations to recognize the significance of having a mutual standard for managing IT services. van Grembergen and De Haes (2009b) illustrated a set of best guides and practices (COBIT Framework) for IT management control and assurance of information technology, and categorized them around a logical framework based on 34 IT processes. Marrone and Kolbe (2011) studied the benefits of both operational and strategic of IT Service Management. The research outcome indicates that as the implementation of ITIL increased the number of realized benefits, like the levels of maturity of the Business-IT-Alignment. Wilcocks in his book entitled “Information management: the evaluation of information systems investments” (Willcocks, 2013), the author proposes different approaches to evaluating practice at strategic levels and during the prepurchase phase of IS assessment. In the book “Asset management: A systematic approach to factor investing,” the authors (Ang, 2014) introduce a comprehensive and new approach to the secular problem of where to place your money in IT Asset Management. In recent works “Reducing the cost of test through strategic asset management” (Lowenstein & Slater, 2016). The authors explore the balance of the three fundamental aspects that make up asset management and will focus on how to implement strategies to reduce the total cost of ownership for the test. Most of the ITSM Organizations consider Service Support process as a difficult task. Difficulties are mainly due to the following reasons: ⦁⦁ IT organizations do not have a structured approach to measuring IT service

and service management processes.

⦁⦁ Different tools exploited by IT Support Service Teams do not enable useful

measurement.

⦁⦁ IT service management standards and frameworks do not provide practical

examples of how to measure the support process (Lahtela, Jäntti, & Kaukola, 2010). ⦁⦁ Therefore, the IT organization needs a structured approach for measuring IT service support process such as ITIL 4 or the other reliable sources to increase IT quality of services. So, implementations of the service support process are chosen as a priority to help as a result of continuous improvement in ITSM.

5.2.1 Agility in ITSM As discussed in Chapter 4, in IS research, the agility concept has been introduced in early 1990 (Ciborra, 2009; Clark, Cavanaugh, Brown, & Sambamurthy, 1997; Markus & Benjamin, 1996; Sharp, Bamber, Desia, & Irani, 1999). After the

Strategic Agility for IT Service Management    97 success of agile methods in computer development, in research, the concepts of flexibility and agility have been associated with the broader challenge of combining complex computer systems with unexpected changes, sometimes surprising in user needs, business processes, company structure, strategy, markets, and society in overall. At the beginning of the year 2000, the emphasis was on other attributes of Information System (IS) explain agility through IT, development methods (IS), and IS outsourcing practices. In the literature, we deduced that is a lack of a unique definition of the agility concept. The Agility Research in (IS Agility) was devised on several axes (Fink & Neuman, 2009; Holmqvist & Pessi, 2006; Hong, Thong, Chasalow, & Dhillon, 2011). However, there is a lack of research regarding agility in IT Management Systems. Although the IT function, in all its dimensions, gains in flexibility, and reactivity, the IT system function is at stake and must have the capability to accelerate its adaptation to business needs, market requirements, and the strategic alignment of the IS and the organization. Agility is the best solution to cope with different internal/external changes. DevOps is a set of best practices and changes guidance that ensures development, assurance, and quality improvement and operations to respond effectively better to customer needs. Patrick Debois invented the w``ord DevOps during the organization of the first DevOps days in Ghent, Belgium, in October 2009. The organization must accelerate the delivery of new functionalities and software features to ensure competitiveness. This is the idea behind agile application/software development processes that are now widely used by application delivery teams to reduce delivery cycle times. DevOps can be applied in the ITSM field, in order to benefit from it and to ensure an efficient and flexible ITSM in the organization. In recent work (Gene, Jez, Patrick, & John, 2016), the authors argue that more than ever, effective technology management is essential for business competitiveness. For decades, technology leaders have struggled to balance agility, reliability, and security. The book does not focus on tools such as infrastructure for example code, containers, or configuration management. These are people, culture, and processes. The book creates a language to describe DevOps and a common understanding. The authors show leaders/practitioner how to reproduce these incredible results, showing how to integrate IT operations, development, product management, quality assurance, and information security to raise your business and win in the market. DevOps helps the organization to bring together key players (companies, applications, and ops) with a focus on collaboration, automation, and monitoring, resulting in better application delivery speed with quality. Here are some of the ways DevOps helps to generate business value: ⦁⦁ Obtain a competitive advantage. Accelerate the output of applications in pro-

duction – faster response to business demand.

⦁⦁ Increase the efficiency of IT resources. Automate provisioning and deploy-

ment. Delete the manual processes.

98    Strategic Information System Agility ⦁⦁ Enable better and faster decisions. Create an immediate feedback loop.

Identify problems earlier in the process.

⦁⦁ Hang on to business requirements. Bring new applications and updates to the

market quickly to create satisfied customers.

In recent work, Abdelkebir, Maleh, and Belaissaoui (2019) proposed a holistic and practical strategic framework to improve ITSM service management processes with the additions of two drivers Agility management based on DevOps, and an agility PMF. There are no instructions to follow to adopt an agile way of working. This one requires a change of culture, knowing that change. The most important thing is to get the company to embrace change with open arms. Traditionally, we will try to limit change: we create a schedule and then try to stick to it as much as possible. In the Agile spirit, we assume that plans will eventually change, and we forget about immutable patterns. The goal is clear, but the path to it can change. Being Agile means following a process of continuous improvement. Axelos, the organization that owns ITIL, published in 2019 the new version of the ITIL repository, called ITIL 4 Edition. This new edition redesigned the already well-established principles of ITSM by taking into account new technological challenges and new operating modes, such as agility, Lean, or DevOps. This new version encourages organizations to break down silos, foster collaboration, and communication within organizations, and adapt to new IT trends. ITIL also encourages its practitioners to keep practices pragmatic and straightforward, which can result in a recognition that too many organizations have tried in the past to implement ITIL to the letter, making ITSM complex and inflexible. New concepts have emerged from this new opus, such as the Service Value System, which is a co-creative value system adapted to the concepts of Agility, DevOps, and Lean. ITIL 4 proposes a continuous improvement model that can be applied to all elements of the Service Value System (SVC) (practices, etc.). This model is intended to be a high-level guide to support improvement initiatives, with a strong focus on customer value, and ensuring consistency with the organization’s vision. The model, based on the principles of agility, introduces an iterative approach and divides tasks into incrementally achievable objectives. ITIL 4 reinforces this proximity by offering a framework adapted to recent trends such as agility, Lean IT, DevOps, and Cloud Computing. It builds on ITIL’s initial philosophy: to draw inspiration from best practices and apply them so that they are best suited to organizations. ITIL 4 does not provide a practical framework for merging agility with IT service management. The main objective of this chapter is to propose a practical agile framework for IT service management based on best practices of ITIL 4 and agility concept. The proposed framework surpasses the limitations of existing methods/referential and meets the needs of international standards in terms of agility and flexibility to improve and enhance ITSM processes. This generic framework will help any type of organization in the implementation of an

Strategic Agility for IT Service Management    99 agile, secure, and optimal IT Service Center. The proposed framework adopts a continuous improvement process based on DevOps and the quality management method PDCA (plan-do-check-act) PDCA.

5.3 The Proposed ITSM Framework 5.3.1 Framework Overview ITSM increases the communication effectiveness of business units and provides a structure for planning, reviewing, and implementing IT services. The needs of ITSM in organizations can be changed in the way they operate, communicate, and do business, but also in the ways they develop and innovate (Brooks, 2006). The proposed ITSM framework exploits best practices (ITIL, COBIT, and ISO 2000) and incorporates new strategic directions such as agility and security management to deliver an efficient and a flexible ITSM (Sahid, Maleh, & Belaissaoui, 2018). It replaces the traditional IT services oriented devices with a completely integrated and user-oriented approach based on four disciplines of IT management (service management, asset management, agility management, and security management). The proposed maturity framework is a comprehensive suite of proven management practices, assessment approaches, and improvement strategies covering 4 IT capabilities, 22 objectives, and 80 controls. The proposed framework classifies IT activities across the following four highlevel activity categories: ⦁⦁ IT service management provides oversight structures to support services.

Implement IT service strategy, process, and controls. Manage incidents, problems, and changes. Define service levels. Optimize the availability and manage supplier capacity and requirements. ⦁⦁ IT asset management provides resource management provides asset budgets, tools, and resources, and measures the resource efficiency of asset investments. Manage assets and data throughout its lifecycle. ⦁⦁ IT security management implements measures to manage IT security services, risk control profiles, security threats and assesses prioritizes, handles, and monitors security-related risks. ⦁⦁ Agility provides the ability to respond to frequent and unpredictable changes by implementing fast and effective changes without disrupting everything. The approach is based on DevOps with three components (People, Process, and Technology). As Table 7 shows, these high-level activity categories are decomposed into 22 IT control objectives.

5.3.2 Framework Maturity Profile In the significant modern organizations, it is no longer possible to manage IT service and assets on an ad hoc basis, or by deploying only technical solutions. Instead,

100    Strategic Information System Agility Table 7.  The Proposed Framework Capabilities. ITSM Functions IT Service Management

Control Objectives

Description

Self-service desk

Give a single point of contact (SPOC), allowing users to contact IT support

Incident management

Ensure that the normal exploitation of services is restored as soon as possible and that the business impact is minimized

Problem management

Manage problems. Identification and classification of problems

Change management

Manage changes. Change status tracking and reporting

Release and deployment management

Install and accredit solutions and changes

Experience level management

Define and manage service levels, Monitoring and reporting of service level Agreements based on client experience

Availability management Optimize the availability and reliability of IT services and of the supporting IT infrastructure and organization, in order to meet the business requirements

IT Asset Management

Capacity management

Ensure that IT infrastructure is delivered at the right time, at the right price and in the right quantity to maintain the quality of service aligned with business needs

Configuration management database CMDB

Support IT complexity management by refocusing the IT organization on business services

Asset discovery and inventory

Define the capacity to discover assets across the enterprise network, whether they are at the corporate site or in remote locations

Configuration management

Manage all changes made during the system lifecycle

IT financial management Helping the business to assess whether its IT Service is doing the best it can with the money it has

Strategic Agility for IT Service Management    101 Table 7.  (Continued) ITSM Functions

IT Security Management

Control Objectives

Description

Asset lifecycle

Track IT assets such as laptops, desktops, printers, and other consumables within the organization

IT service security management

Develop and train incident response teams to identify and limit exposure Manage user access rights to information throughout its lifecycle, including granting, denying, and revoking access privileges

IT asset management

Implement measures to protect all IT components, both physical and virtual, such as client computing devices, servers, networks, storage devices, printers, and smartphones

Vulnerability and risk management

Identify exposures to securityrelated risks, and quantify their likelihood and potential impact

Compliance management Compare security assessment results with standards’ requirements IT Agility Management

Strategy and process

Define the clarity of business plans, values, and goals of the organization

Flexibility of structure

Manage the organization resources when business needs arise, and define if the size of the organization is adaptable to need that arises

Up-to-dateness of technology systems

Use state-of-the-art technologies, and advanced systems to improve processes

Staff competency and skills

Develop organization employee’s skills through training. Motivate and maintain proficient employees, whether the organization has appropriate communication, technical, and managerial skills

Organizational agility

Define the ability and flexibility to aligned capabilities with business needs

102    Strategic Information System Agility these organizations need a holistic approach that applies agile management and good governance across the organization, and through which all levels share the fundamental values of visibility, accountability, and responsibility. For each ITSM functions, the framework defines four maturity levels that serve as the basis for understanding an organization ITSM capability. The assessment scope would cover only the critical processes of the service operation and the service transition. Data collected through interviews, workshops, literature review, and site visits. A timebased assessment aims to determine the maturity level of each ITIL process. Based on the collected answers, the scores are tabulated using a spreadsheet tool (more details in the research methodology section).

5.3.3 The Attainment Model Level 0 – None: No process/documentation in place. No standards and Tool. As far as asset management is concerned, it is non-existent. We do not spend much time characterizing this level, because service and asset management do not happen systematically. Other attributes of an ITSM program, such as governance, staffing, processes, policy, and parameters, are not considered at this level. As a result, costs and risks are high, delays are extended, and the quality of service is low. The ITSM is not agile in the face of different environmental changes. Level 1 – Initial: Maturity is characterized by an ad hoc definition of the IT service strategy, process, and standards. Physical environments and IT asset components are only locally addressed. The organization has a weak capacity that does not meet operational requirements. There is no explicit consideration of budget requirements for information security activities, and no systematic management of security risks. Security incidents are managed in an ad hoc manner. The ITSM is static, not agile and flexible. This initial level is the place where we attend the majority of companies that undertake an ITSM program. At this level, costs and risks are high, delays are extensive, and the quality of service is deficient. In general, it is difficult for end-users to do their job effectively when they do not have the resources to support their work. Since there is a well-documented skill-shortage of skilled ITSM professionals, most companies succeed by training internal staff to fill open roles. There are no magic numbers to organize a program, but it tends to be higher in the early stages of program implementation so that stakeholder support is essential if the workforce needs to be shared. Level 2 – Basic: Maturity reflects the linkage of a core business strategy, IT strategies, and risk appetite in response to individual needs. It also includes the development and review of ITSM policies and standards, usually after significant incidents. IT component and asset environment guidelines are emerging. Processes for managing the IT service, asset, and data security throughout its life cycle are emerging. Major incidents, problems, and changes are tracked and recorded. The process is developed, implemented, and managed satisfactorily as a whole. The management process is identified and documented, but IT organizations as a whole do not recognize its role. Level 3 – Defined: Maturity reflects a detailed IT service strategy that is regularly aligned with both business and IT strategies. IT service policies and

Strategic Agility for IT Service Management    103 standards are developed and revised based on a defined process and regular feedback. IT and some other business units have agreed-on IT component and physical environment security measures. IT budget processes identify and provide the most significant information security budget requests for the IT Department and some other business units. The security risk-management process is proactive. Access rights are granted based on a formal and audited authorization process. Detailed lifecycle data of security management processes are implemented. Security incidents are managed on an emergency basis, as agreed on by IT and some other business units. The IT Department has ad hoc involvement in budget setting. Some ad hoc staff awareness and training. Investment is using short-term payback criteria only. Level 4 – Managed: A regular improvement characterizes maturity. ITSM management strategy is aligned with the company’s IT strategies and compliance requirements. However, policies generally target the behavior of end-users, for example, by informing them of acceptable business practices regarding the physical security of hardware devices, software downloads, software evaluation copies, etc., and by informing them of acceptable business practices. These policies must be applied to both IT users and end-users, as IT staff with administrator rights must be informed that they could create a risk in the same way as end-users. In some organizations, for example, in highly regulated industries, it will be easy to create a corporate culture to adhere to policies. However, other companies, such as engineering and IT companies, will never be able to control user behavior. At this level, costs and risks are visible because they can be scheduled annually. Also, delays are modest, and the quality of service is increasing. The company has confidence in IT, and end-users feel they have the resources to be effective. Organizational agility is managed. Regular staff training, awareness-raising, and advertising campaigns are well defined. Level 5 – Optimized: Maturity is characterized by a high level of efficiency in IT service management. Organizations have already solved many problems that keep IT managers from waking up at night. Previous reactive problems have been resolved so that both governance and policies are no longer an issue. At this level, the focus is on aligning the IT financial management provided by the ITSM data to enable a variety of strategic decision-making activities that are not necessarily related to ITSM but that support business agility. At best, business units do not even realize that the calculation takes place in the background. Achieving this level of agility requires close alignment between business services through an operational ITSM program. At this level, costs and risks are monitored and planned monthly, delays are short-term, and the quality of service is high. Business and IT are now linked to the same objectives.

5.3.4 Agility Management Companies realize that they need to deliver strategic responses more quickly and efficiently, to take advantage of the digital age, which requires pervasive agility throughout the company. ITSM teams are already focused on improving or constructing consistent, repeatable processes that reduce downtime and improve

104    Strategic Information System Agility

Fig. 37.  DevOps Agility: Aligning People, Technology, and Process for Continuous Improvement. productivity (Anderson & Bishop, 2018). Effective initiatives within the ITSM framework can extend the delivery and management of business services beyond the areas of computing. Service management teams become an advisory model for the company, and the integrated process-driven ITSM enables agility that supports the company’s strategy (Adalı, Özcan-Top, & Demirörs, 2016). Along with the development solutions and processes, ITSM plays a crucial role in supporting DevOps practices and objectives such as incident management, application deployment, and performance management, to name just a few. The conception and implementation of new agile ITSM are a real challenge. The proposed DevOps model connects people, process, and technology to ensure continuous improvement of IT services, as shown in Fig. 37. Process management: While technology management has been the central element of IT, most IT organizations realize that poor service delivery pretty much with technology. IT should be prepared to restore services as quickly as possible in the event of a problem. Well-defined roles and responsibilities are essential for service disruptions. Anyone involved in the delivery and support of the service must perform without confusion or delay. This ability can be the critical difference between the success and failure of an IT organization trying to establish credibility as a service provider. These situations are examples of process problems. Triumphant commercial success is complicated to achieve until they are processed. People: Clearly, improved processes are useless without people. Nevertheless, the people component of IT refers to more than a simple understanding of how process re-engineering and process management affect IT, staff. It also refers to skill sets, attitudes, and the new roles and responsibilities staff must assume

Strategic Agility for IT Service Management    105 to be successful. Each of these people aspects must be transformed in order for IT organizations to evolve from technology to service providers. IT staff skills must change in support of new or modified jobs that result from process engineering and changing or improving skills requires education and training. However, the proper performance of new skills alone does not necessarily result in successful IT transformation. Attitudes also need to be transformed to make the entire IT Department more client-centric, service-oriented and aligned with the organization’s business objectives as shown in Table 8. In practice, this means that IT organizations must: ⦁⦁ display consumers of their services as clients; ⦁⦁ expand their attention to technology to include an emphasis on service

solutions;

⦁⦁ implement measurable and accountable processes; ⦁⦁ balance development of internal solutions with outsourcing; ⦁⦁ define and develop organizational, service-oriented structures, roles, and

responsibilities; and

⦁⦁ strengthen the traditional skills of the IT system with client-centered skills.

Achieving these changes in skills and attitudes throughout an IT organization requires a well-defined educational program that addresses processes and technology. In most cases, organizations benefit from hiring a consultant who understands these needs and can develop a tailor-made plan. Generally, once new processes are implemented, and there are measurable and reportable outcomes, people’s attitudes move toward service and customer focus. However, the tone set by IT leadership also has a significant impact on staff attitudes. Table 8.  New Skills and Attitudes Required for an Efficient ITSM. From

To

Users

Customer

Inward-looking

Outward-looking

Technology focus

Process focus

Ad hoc processes

Rationalized, streamlined processes

Best efforts

Measured, accountable processes

Entirely in-house

Balanced in-/outsourcing

Fragmented, silos

Integrated, end-to-end

Reactive

Proactive

Operations manager

Service management

System skills

Listening skills

106    Strategic Information System Agility Technology: The proper functioning of new or improved IT processes often requires significant changes to existing technologies and the integration of new technologies into the existing IT environment. IT also requires enabling technologies with special tools to automate processes and streamline integration and interprocess communications for the enterprise IT management. In addition to enabling technologies, other tools may be required for a global ITSM solution, such as tools that: ⦁⦁ allowing companies to view their Internet infrastructure, simulate, and moni-

tor business activity;

⦁⦁ monitor and analyze the impact and quality of the telecommunication service;

and

⦁⦁ provide accurate and timely service reports or create portal views giving clients

visibility into their services.

IT departments need to identify tools that require minimal customization. To simplify implementation, reduce costs and improve processes. For example, consider the benefits of purchasing a change management system that is already integrated with configuration management, incident management, support system, and service management systems. As change orders are processed, the past, current, and future data on the IT infrastructure can be retrieved automatically from configuration and update management. Data from past incidents can be collected immediately, which considerably reduce the time for review and approval for a specific change. The same data, when also available for problem management, allow specialists to analyze trends and avoid future service disruptions. At the same time, change management and incident management personnel can access problematic data to improve quality and decision-making. Support staff can quickly determine the levels of service applied and escalation settings for callers, which improve customer satisfaction. To understand the DevOps maturity of the core development and IT operations processes, we propose a proven DevOps maturity model based on a return to the experience of the adoption of DevOps model of agility in their business strategy to accelerate innovation and meet market demands, as shown in Fig. 38. This model looks at DevOps from three viewpoints, IT service, process, assets, IT automation, and IT collaboration, and spans a series of clearly defined states on the path to anoptimized DevOps ITSM environment. The DevOps maturity model described in Fig. 39 below represents a roadmap to achieve organization’s maturity level regarding ITSM standardization, IT automation tools, IT collaboration approaches, and end-IT-user security management, along with insights into the opportunities for continuous IT service operations and organizational change improvement.

5.4 Use Case In this section, we will study a case of application of our model to a company, and a case study was conducted as a pilot project to identify relevant ITSM practices in the organization. The capability maturity framework is implemented in

Strategic Agility for IT Service Management    107 Level 5 : Optimized Level 4 : Measured Level 3 : Managed Level 2 : Defined Level 1 : Initial • • • • • • • • •

Poor Ad hoc Undocumented Unpredictable Uncontrolled No automation Multiple help desks Minimal IT operations User/customer call notification

• • • • • • •

Fight fires Some shared decisionmaking Process are managed but not standardized No central infrastructure Desktop software distribution Initiate problem management Alert and event management

• • • • • • •

Collaboration Shared decisionmaking Analyze trends Set thresholds Central automated process across ITSM lifecycle Mature problem, configuration, change, assets management Process are standardized across the organization

•

• • • • • •

• •

Collaboration based process are measured to identify bottlenecks and inefficiencies IT as service provider Measured Services and Assets costs Guarantee SLAs/ OLAs Measure and report service availability Predictability and Visibility of entire IT process and Performance The impact of IT services and assets security is

• • • • •

•

IT as a strategic business partner Effective knowledge sharing and individual empowerment Self-Servicing Self-remediation Self-Learning IT and business metric linkage IT Business improves business process risk and cost optimization The impact of IT services and assets security is optimized

ITSM Agility Maturity Model based on Devops

Fig. 38.  Devops ITSM Maturity Model for Continues the Organization’s Measure and Improvement. the service center of a leading port sector organization in Morocco. The organization manages more than 30 ports and sites with more than 1,000 users. The Information System department has 40 employees with different profiles. The purpose is to study IT service practices and assess the organization’s ability to transform traditional IT support into a global and agile IT service center through the implementation of the proposed framework. Fig. 39 shows the ITSM framework architecture proposed for an eventual implementation in the organization. Data Collection: The questionnaire was carried out in several stages. A first version has been developed to take into account the different theoretical assumptions. This first version has been tested with IT service managers and consultants. This pre-test allowed rephrasing some questions to improve the comprehension of the questionnaire and to improve the quality of the given answers. In the end, the questionnaire consists of 100 questions divided into four topics: IT service management maturity, IT asset management maturity, IT security management maturity, and IT agility maturity level. Table 9 shows the organization ataff and Turnover, and Table 10 describes participants’ semographics.

Fig. 39.  The Proposed Agile ITSM Framework.

108    Strategic Information System Agility

Strategic Agility for IT Service Management    109 Table 9.  Organization Staff and Turnover. Year

Frequency

Size of the Company (# of Employees)

2019

More than 1,000

Position

Senior Executives

366

Executives

95

Supervisory Officers

415

Qualified non-supervisory 146 Evolution of Turnover and Revenue of the Company for the last 5 years in $

Non-supervisory

79

2014

More than $1,4 million

2015

More than $1,5 million

2016

More than $1,7 million

2017

More than $1,8 million

2018

Less than $2 million

Table 10.  Participants’ Demographics. Participants

Frequency

Percent (%)

Male

68

68.42

Female

36

31.58

Top manager personnel

17

14.91

Senior Manager

23

20.18

7

6.14

Consultant/Engineer/ Analyst

13

11.40

IT Technical Staff

19

16.67

7

6.14

Quality Assurance/Quality Control

15

13.16

Other entities staff

13

14.91

IT Manager

Helpdesk Technician

Data Analysis: We used the questionnaire in Appendix 1 to drive data analysis. The questionnaire includes the different objectives and controls of the proposed ITSM framework. We attempted to validate each answer through the developed maturity software that was used to automate the process and determine the maturity score. The treatment consists of calculating a weighted average of the scores obtained based on the selected responses and the coefficient of efficiency of each function in the organization. Questions also changed from Yes/No to five options

110    Strategic Information System Agility Table 11.  Continual Quality Improvement. Discover

Do

Act

Optimize

Vision and strategy

Assessment

Organization

Performance management

Auditing

Strategic plan

Processes

Benchmarks

Key performance indicators

Roadmap

Tools and technology

Continuous improvement

related to maturity levels as shown in Fig. 40. The toolbox worksheet contains contextual answers for each question in the assessment. The formulas in the toolbox will average the answers to calculate the score for each practice. The score is a numerical result (zero to five or expressed as a percentage) representing the maturity level of the audited ITSM. Case Description: To be able to meet the requirements of the proposed ITSM Framework, all employees must feel concerned and involved. To this end, the quality department has undertaken a series of strategic actions. These actions are planned following an agile model based on DevOps. Inspired by Deeming wheel and DevOps, the authors organize the reports into four phases DDAO: Discover Do, Act, and Optimize, as shown in Table 11. Our goal is to develop a quality approach to a continuous IT improvement. Starting with the auditing of all the functional and practical aspects of the management of the organization’s services and the desired need, including the implementation of a roadmap for the desired organizations levels of maturity in terms of management of services, assets, and IT security. The authors define an agile approach based on DevOps, to guarantee a continuous improvement of the processes, services, security and organization, and contribution to the business of the organization. Discover: The following section presents the part of the empirical study that identifies the current status of the organization ITSM. IT managers described yhat different parts of ITIL are incorporated in the fields of IT Support, service desk Service Level Agreements (SLAs), incident and problem management, and deployment fields, asset business, activities, operational maintenance, etc. Another aspect that could be measured is the service improvement by providing surveys based on a yearly basis (on process and maintenance object level) to improve and monitor the overall performance of the systems. ITSM audit score: The ITSM audit was piloted based on the maturity model described in Appendix 2, in order to identify the current levels of maturity and

Fig. 40.  Assessment Score.

Strategic Agility for IT Service Management    111 Organizational Agility Staff competency and skills Up-to-Dateness of Technology Systems Flexibility of Structure Strategy and process Compliance Management Vulnerability and Risk Management IT Asset Security IT Service Security Management Asset lifecycle IT Financial Management Asset Discovery and inventory Configuration management database CMDB Capacity Management Availability Management Service Level Management Configuration Management Release and Deployment Management Change Management Problem Management Incident Management Self-Service Desk 0

0.5

Maturity Score Target

1

1.5

2

2.5

3

3.5

4

4.5

Maturity Score

Fig. 41.  ITSM Maturity Score. to define the desired level to be attained by the organization. Fig. 41 below shows the current ITSM maturity level. The maturity score 1 indicates the initial level (ad hoc), and the score 5 indicates the high score of maturity level (optimized). As shown in Fig. 42 above, the ITSM maturity level still at the initial and reproducible levels 1 and 2. The objective is to set up service management and achieve level 4. The result of the organization’s ITSM audit is at the initial level. Asset management is done manually, which negatively influences costs and increases risk and weakens the quality of service. The target objective is to define an improvement strategy enabling the organization to automate and efficiently manage their IT assets in order to position the organization in the managed level of maturity (level 3). The IT security maturity runs between the basic and intermediate level, which proves that the organization is aware of IT security issues. The target objective is to achieve an improved level of ITSM security and to be part of the overall governance of the organization’s information security. The current level of maturity of agility shows a huge lack of organizational commitment. Managing the aspects of flexibility, technology, processes, and people are characterized by a basic and fundamental level. The IT department cannot cope with environmental and technological changes. Our objective is to implement a continuous improvement strategy based on DevOps in order to reach the level of control (level 3) in term of maturity and deliver a flexible and agile ITSM. Developing Improvement Action Plans: The output from the framework’s assessment supports understanding the actions necessary to drive improvement

112    Strategic Information System Agility and enable the organization to move systematically from its current state to its target maturity. This is achieved by implementing a series of industry-validated practices that allow organizations to improve incrementally, and monitoring and tracking progress over time using a number of industry-validated metrics. Table A1 (Appendix 1) includes sample practices and metrics for the four objectives highlighted for prioritized improvement. For each of these objective practices, the figure outlines the currently reported maturity and the practices required to transition to the next maturity state. Note that additional practices are available to support transitioning to the desired maturity state as described in Table A2 (Appendix 2). To reach the desired level of maturity. The organization implemented some programs during each phase of the rollout. During this phase of the project, the following initiatives were adopted for the first phase (months 0–12) as shown in Table 12. Table 12.  Target Objectives of Phase 1 (Months 0–12) to Achieve the Target Maturity Level. ITSM Functions Target Goals (Months 0–12) IT Service Management

– Control the support center with fundamental processes – Improve service and support performance, and reduced unforeseen costs and business risks – Improve user satisfaction through the self-service portal – Improve visibility of operations through reports and dashboards: Quickly evaluate the performance against the company’s goals, for continuous improvement

IT Asset Management

– Reduce operational expenses and audit control – Create lifecycle processes around your IT asset – Use discovery and inventory processes

IT Security Management

– Establish and maintain the insurance and protection program roadmap – Ensure asset management system and process for hardware and software – Identify, inventory, and classify all assets required for data management – Ensure that standards are implemented on all machines, and they are up-to-date with current definitions and appropriate parameters – Ensure documented control processes are used to ensure data integrity and accurate reporting

Strategic Agility for IT Service Management    113 Table 12.  (Continued) ITSM Functions Target Goals (Months 0–12) – Ensure that periodic system self-assessments, risk assessments, and audits are conducted – Ensure identification and monitoring of external and internal compliance factors IT Agility Management

– Implement a self-portal service Desk to allow users to solve incidents themselves – Automates standard version and changes and provides control and visibility – Develop and implement end-to-end IT integrated processes, avoiding process silos – Define and develop organizational service-oriented structures, roles, and responsibilities – Improve traditional IT skills with customer-centric skills – Evaluate the ITSM performance based on user or client experience through the adoption of XLAs (X for Experience)

Act: This step will evaluate the decisions taken and the approach was taken. The quality department and management will study the results and judge the relevance of the decisions made. Moreover, this stage is required to reduce the gaps and dysfunctions deployed during each review or audit. The planned management review each year takes into account the steps taken during the year or the last six months in trying to define opportunities for improvement. The authors exploit DevOps approach to set up this step. DevOps brings fundamental changes to how application and execution teams interact and execute processes. It requires changes in technology, processes, and culture. The authors measure the organization agility level by the proposed ITSM maturity framework for further measurement and improvement of the organization. The organization’s level of agility is initial; our objective is to orient the ACT part toward an agile approach, in order to ensure a delicate change management and consequently a continuous improvement by supporting people, process, and technology drivers. To create an agile IT service center that delivers quicker resolutions increases user satisfaction and evolves with rapidly changing technologies, the authors suggest following these steps described in Fig. 42 below. The obtained results can be improved agile by adopting our agile approach based on DevOps. This approach will allow any organization to measure, control, and manage IT services, asset and endpoint security costs and process. Optimize: The most important thing that organizations adopt agile practices is that there is no end to the journey and that they need to improve and remain leaders continuously. Customers always expect more, and competitors will always be there to deliver it if you don’t do it first. Remaining a leader requires adapting

114    Strategic Information System Agility

Fig. 42.  Continual IT Improvement. to customer feedback and continually improving products and practices, and recognizing when it’s time to pivot. New metrics are defined to measure and manage improvement, as well as value delivered. Framework efficacy from organization benefices: The proposed framework is currently being adopted by the IT department of the National Port Agency in Morocco. We highlight some benefits after the implementation of the proposed ITSM framework. User and client expectations have changed, and the IT department has to develop other ways of communicating with them. The goal is to provide IT service management with a tool to anticipate their requests, optimize productivity, reduce downtime, and have all the necessary ITSM processes, including incident management, problem management, changes, requests, self-service, as well as SLA management, etc. The benefits of the adoption of the practical ITSM framework are: ⦁⦁ 95% success rate on XLAs; ⦁⦁ involve the end user in the incident management process (self servicing); ⦁⦁ SSO password management policy (fewer passwords);

Strategic Agility for IT Service Management    115 ⦁⦁ increase the satisfaction rate of computer users by 75%–90% since 2016, ensur-

ing the quality of the services delivered through a survey quality system;

⦁⦁ make the profiles versatile (admin driver) internal or for client projects; ⦁⦁ continue to improve the management of releases (business case, decision,

planning, monitoring, deliverables, etc.);

⦁⦁ continue to improve the configuration management process in accordance with

operational practices (car inventory, life sheets, and ITSM tool);

⦁⦁ with the Quality Manager, continue to strengthen reporting; ⦁⦁ making the management system more efficient; ⦁⦁ replace the performance evaluation based on user experience XLA instead of

complex SLA documents;

⦁⦁ review the incident/problem relationship (status of the incident after opening

a problem);

⦁⦁ formalize any type of structure to manage all goods, regardless of the type of

goods, business applications, or equipment, etc.;

⦁⦁ provide decision-makers with detailed information on the allocation, cost, and

forecast of assets;

⦁⦁ reduce risk by avoiding penalties and expensive litigation due to regulatory or

contractual non-compliance, especially in software licensing;

⦁⦁ implement asset responsibility with management reporting to optimize the use

of assets and protect against the malicious use and/or theft;

⦁⦁ reduce costs by eliminating unnecessary acquisitions if the property already

exists;

⦁⦁ proactively manage the warranty and support and maintenance contracts for

optimal utility;

⦁⦁ negotiate better contracts by properly managing assets and suppliers; ⦁⦁ improve productivity by automating the movement of goods in the business

environment;

⦁⦁ ensure that assets and services meet the baseline configuration for vulnerability

patches, antivirus policies, and user security are well-addressed to meet compliance standards such as PCI and ISO 2700x; ⦁⦁ facilitate data-based internal compliance and accountability audits to continuously improve processes; and ⦁⦁ implement a continuous improvement strategy DDAO.

Summary In the age of digitization, the world is evolving at a constant pace. Companies need to respond to changing conditions and often agility is the only guarantee of survival. Globalization means more competition. The product life cycle is shorter than ever. Disruptive technology can change markets overnight. A company faces significant challenges in maintaining security and compliance while achieving its business objectives, ensuring compliance with applicable regulations, and managing its people and technology. IT staff must be able to respond quickly to changing business needs while maintaining the existing infrastructure. The oft-cited management goal, “Doing more with less,” is not just a

116    Strategic Information System Agility goal; it is a corporate commitment. The management of the IT department is at the heart of the company’s information system. ITSM must be able to respond effectively to customer expectations and deal with unforeseen changes. Agility has become an essential brick in the construction of an efficient and flexible service management strategy. This chapter aims to propose a global framework for agile IT service management. This framework goes beyond the limits of existing methods/references and meets the needs of international standards in terms of flexibility and agility to improve ITSM processes.

Chapter 6

Cloud Computing as a Drive for Strategic Agility in Organizations Abstract Since 2007, the cloud computing term had been introduced to the information technology (IT) dictionary. The theme is attracting growing interest from both the IT world and the business players, who need to enhance information systems agility, reduced costs, or even less dependence on internal IT teams when they are judged too slow. However, the fact that cloud computing, as presented by providers, increases the agility, is unclear. Business Managers; IT professional, and academics are querying about relationship between cloud computing and IT agility. This chapter aims to answer two major concerns: Factors that influence cloud computing adoption in medium and large organizations, and the cloud computing role to improve the agility of information systems. This chapter argues that cloud computing impacts Information System (IS) performance by organizational capabilities (agility). One of the primary motivations of this chapter is the lack of fieldwork when considering how cloud computing improves the information systems’ agility.

6.1 Introduction Since 2007, the two leaders in cloud computing, IBM and Google, have invested in the construction of large data centers that can be used by students over the Internet to remotely program and research, known as cloud computing (Lohr, 2007). The cloud infrastructure was also recognized as a cost-effective model for delivering information services, reducing information technology (IT) management complexity, promoting innovation, and improving real-time responsiveness. For many organizations (Buxmann, Diefenbach, & Hess, 2015) and countries (Changchit & Chuchuen, 2018), cloud infrastructure has served as a platform for developing innovation and a highly qualified human resource capacity. In 2011, the US federal government estimated that 20 billion dollars of the IT investment

Strategic Information System Agility: From Theory to Practices, 117–151 Copyright © 2021 by Emerald Publishing Limited All rights of reproduction in any form reserved doi:10.1108/978-1-80043-810-120211007

118    Strategic Information System Agility budget, which is 80 billion dollars, would be a potential target for cloud computing solutions migration (Metheny, 2013). Cloud Computing has had a significant impact on IT during recent decades as leading companies such as Google, Amazon, and Microsoft have focused on providing more efficient, secure, and cost-effective cloud platforms for organizations that are trying to redefine their business models using the concept. Cloud Computing is one of the major technologies that has revolutionized the world of computing. The IT service delivery model provides significant benefits, which enables today’s organizations to adapt their IT infrastructure proactively to face a rapidly changing environment and business requirements. Importantly, it significantly reduces the complexity of IT management, enabling more use of IT. Cloud-based services also offer interesting reuse opportunities and design challenges for application developers and platform providers. Cloud Computing has, therefore, generated much enthusiasm among technologists and researchers in general. For many organizations, cloud computing can be a driving factor of change, enabling them to make optimal use of information and communication technologies without investing massively at the outset and avoiding the risks of getting stuck with obsolete technologies. With cloud computing, providers can provide an information and communication technology infrastructure as a service to end customers (Fernando, Loke, & Rahayu, 2013; Kim, Beloglazov, & Buyya, 2009). By using cloud computing, organizations can reduce the cost of information and communications technology acquisition and maintenance, attracting new customers, increasing revenue, preserving profitability, and improving agility (Goyal & Dadizadeh, 2009; Marston, Li, Bandyopadhyay, Zhang, & Ghalsasi, 2011). Companies that have made lower investments in information and communications technology infrastructure are more apt to adopt and use cloud computing (Bhat, 2013). Large enterprises are increasingly adopting cloud computing (Alshamaila, Papagiannidis, & Li, 2013; Gupta, Seetharaman, & Raj, 2013). In 2017, the situation changed radically. Forty-eight companies of the fifteen “Fortune Global 50” (Brinda & Heric, 2017), companies have publicly announced their cloud adoption plans. Today, cloud computing is increasingly becoming the leading technology to do business for the next generation. The agility of the cloud enables enterprises to accelerate time to the marketplace by reaching various parts of the development chain. Due to promises of IT efficiency and business agility, they are integrating cloud computing into their IT strategies (Lynn et al., 2018). Cloud computing is a combination of two fundamental IT tendencies: IT efficiency, where IT performance is used more efficiently, and business agility, where IT is a competitive tool through rapid deployment, batch parallelism, and business intensive analytics (Avram, 2014). Cloud computing infrastructures can improve the efficiency with which companies can use their investments in information technologies through the unification of separate systems and automation of the management of the group of systems as a unified entity. Cloud infrastructure can be a cost-effective model for delivering information services, reducing IT management complexity, promoting innovation, and increasing responsiveness through real-time.

Cloud Computing as a Drive for Strategic Agility    119 Many customers are interested in cloud infrastructure as a platform for innovation, particularly in countries that want to foster the development of a highly skilled and high-tech workforce. Reduce operating costs: The resources of a cloud environment can be rapidly assigned and unallocated according to demands. Therefore, a service provider can achieve significant operating cost savings through resource liberation when service demand is low. Cloud Computing is a combination of two trends in IT, IT efficiency and commercial agility, through information technologies, which provide a competitive factor by rapid and parallel deployment, batch processing, etc. It is noted that the number of organizations adopting cloud computing continues to increase (Gartner, 2017). The purpose of this chapter is to provide recommendations for decision-makers in IT and to explain cloud computing technology in agility terms. Cloud computing is a growing technology, and its strengths and weaknesses have not yet been adequately studied, documented and tested. This chapter proposes recommendations on when and how cloud computing is a useful tool and outlines the limitations of recent studies and the perspectives for future research.

6.2 Goals and Objectives of the Research Study The agility that the cloud brings lies in the speed with which IT resources can be provisioned (Sawas & Watfa, 2015). This accelerates innovation by enabling the rapid deployment of new services with minimal constraints. Indeed, the cloud is flexible and adaptable; its implementation and infrastructure require no investment, and it is accessible everywhere. It is a revolution that allows companies to overcome the constraints of past deployment models. The cloud provides all the tools that companies need to exploit ever-increasing volumes of data or to create applications that allow employees and customers to interact with this data. It allows organizations to address market issues flexibly and experimentally. This research focuses on factors related to the cloud computing adoption process and in particular, the impact of agility on how to integrate cloud-computing technology into information systems. It mainly aims to explore how agility is charging influences decision-making, and how cloud computing will increase the agility of information systems. The research question addressed is how adopting cloud computing improve IS agility? Previous research (Yang, Huff, & Tate, 2013) provides preliminary empirical evidence that agility and one of the factors influencing decision-making concern the adoption of cloud computing technology as well as its role in increasing the agility of information systems. Our study builds on these studies by theorizing and empirically validating the factors influencing the decision to adopt cloudcomputing technology. The two research questions of interest to this study are: ⦁⦁ What factors drive cloud computing technology adoption and why? ⦁⦁ To what extent are cloud-computing adoption improve information systems

agility?

120    Strategic Information System Agility To address these questions, we draw the technology acceptance model and prior diffusion of innovation (DOI) research to propose a cloud adoption model and framework to improve IS agility through cloud technology. The chapter proceeds as follows. The following section looks at the literature on factors influencing cloud computing adoption deaths in order to construct a theoretical model for cloud technology adoption. The second section describes empirical studies that test the proposed model. The third section describes the construction and validation of a framework to increase IS agility through cloud computing. This framework is the subject of a qualitative study.

6.3 Literature Review This literature reviews synthesized current cloud research from the perspective of organizations. It integrates results using an established framework; our results are structuring according to the following four aspects: cloud-computing properties, adoption characteristics, governance process, and impact on the information system agility. This section highlights a shift in focus from technology issues to a broader understanding of cloud computing as a new IT concept. There is a growing recognition of its characteristics and fundamentals of the concept. However, research on the factors that drive or limit cloud adoption of services, as well as empirical research on agility through the cloud, is rare. It can be due to that cloud computing is a recent and relatively new research topic (Adamson, Wang, Holm, & Moore, 2017). Research on the different phases of service cloud deployment is also at a developmental stage. Although this concept is not entirely new, there is no universal or standard definition of cloud computing (Foster, Zhao, Raicu, & Lu, 2008; Gong, Liu, Zhang, Chen, & Gong, 2010; Sultan, 2010). It has evolved with recent advances in virtualization technology, cloud computing, and Internet-based service delivery. The “cloud” metaphor refers to the ubiquitous availability and accessibility of computer resources through Internet technologies (Sultan, 2010; Vouk, 2008). With cloud solutions, enterprises and consumers can easily access large amounts of computing performance at negligible cost (Wu, Lan, & Lee, 2011). Transferring IT capabilities such as storage, applications, and services toward the cloud offer companies the ability to potentially reduce the cost of overall IT (Goscinski & Brock, 2010; Martens & Teuteberg, 2012; Stanoevska, Wozniak, & Ristol, 2009). Cloud computing thus offers financial advantages that organizations could certainly not ignore. Typically, there are three types of cloud computing services (Chang, De Roure, Wills, & Walters, 2011). In Infrastructure as a Service (IaaS), the computing and storage power base units are cloud-based and available on demand (e.g., Amazon Elastic Compute Cloud (EC2), Rackspace, Amazon Simple Storage Service (S3), and GoGrid). Among the advantages of this model are pay-for-use and resource elasticity to satisfy computation needs (Thomas, Redmond, & Weistroffer, 2009). In the case of Platform as a Service (PaaS), the service provider offers a stack of integrated solutions to create and deploy applications from the cloud (e.g., Salesforce, Google AppEngine, and Microsoft Azure). This model has the advantage

Cloud Computing as a Drive for Strategic Agility    121 of being able to provide all the elements of software development (design, testing, version control, maintenance, and hosting) via the Internet (Stanoevska et al., 2009). SaaS (“Software as a Service”) is necessarily the ability to access cloudbased applications using a thin client (such on a web browser or mobile application) instead installing software to their computer (e.g., Joyent and SalesForce CRM). Among its advantages are centralized configuration and hosting, updates to current software versions without the need for reinstallation, and accelerated feature delivery (Dillon, Wu, & Chang, 2010). Cloud computing represents the intersection of IT effectiveness and business agility (Kim, 2009). IT performance results from the use of scalable hardware and software resources (Marston, Bandyopadhyay, & Ghalsasi, 2011), improved work efficiency and coordination between firms (Abdollahzadehgan, Che Hussin, Gohary, & Amini, 2013), and highly available services (Armbrust et al., 2010). The business agility of cloud computing is the ability to rapidly deploy computing tools, reduce initial capital expenditures (Hoberg, Wollersheim, & Krcmar, 2012; Lin & Chen, 2012), and respond quickly to changing market needs (Armbrust et al., 2010; Hoberg et al., 2012). Cloud Computing removes traditional boundaries between enterprises. This ability to seamlessly, deliver IT functions as cloud-based solutions has proven to be viable and cost-effective, as demonstrated by its growing adoption. Li, Zhang, O’Brien, Cai, and Flint (2013) aimed at evaluating and comparing commercial cloud services, compiled a de facto metrics catalogue using a systematic literature review of current cloud services assessment work. Yang et al. (2013) looked at conceptualizing IS agility based on previous research to assess the contribution of different cloud computing services to IS agility. From the reduced complexity and unlimited scalability to the on-demand capacity and cost savings of CapEx, Cloud Computing delivers all the promise. While there are still many unanswered questions about cloud computing, many companies are optimistic about their ability to deliver on these promises. Regardless of how well cloud-computing delivers on its promise, one thing is sure: organizations are not willing to sacrifice security, visibility, and control to move to the cloud. They need to know what is happening in the cloud, how their applications are delivered, and how traffic is controlled and directed. A must-have in cloud computing is agility: the capacity that enables enterprises to respond rapidly and accurately to unexpected and changing business demands. Agile enterprises, those that can provide on-demand IT services under all workload conditions, can seize new opportunities and remain competitive. This fact prompted us to continue this research in order to verify whether cloud computing can improve IT agility. Table 13 summarizes our literature review, highlighting the different methodologies and contributions.

6.4 The Theoretical Foundation Tornatzky, Fleischer, and Chakrabarti (1990) outline the Technology Organization Environment (TOE) framework in order to understand the innovation process in an enterprise context. It addresses three factors that influence the adoption of an innovation: technology, organization, and the environment.

Intention to adopt cloud computing

Cloud computing

Nkhoma and Dang (2013)

Lin and Chen (2012)

Hsu, Ray, and Li-Hsieh (2014)

Using secondary data

Qualitative and quantitative methodology

Survey of 200 Taiwanese firms.

Survey N = 94 SMEs in Spain

Semi-structured 19 IT professionals, Qualitative interview Taiwan

Partial least squares (PLS)

Cloud adoption Perceived benefits, business concerns, and Quantitative IT capability aresignificant determinants of methodology, PLS cloud computing adoption,while external pressure is not.

Trigueros-Preciado Cloud adoption Barriers and benefits et al. (2013)

Relative advantage, compatibility, complexity, Trial-ability, observability

Adopter’s style as moderator of perceived technology barriers, perceived environmental barriers, perceived benefits

Confirmatory factor An e-mail survey analysis, multiple of N = 289 firms in regression analysis Manufacturing and retail

Cloud computing

Wu et al. (2013)

Business process complexity, entrepreneurial culture, compatibility, application functionality

Technology (relative advantage, complexity, Factor analysis (FA), An e-mail survey of 111 compatibility) logistic regression firms belonging to the high tech

Conceptual Model

Data and Context

Cloud computing

Methods

Low, Wu, and Chen (2011)

Constructs/Factors (Independentvariables) Variables)

Technology (relative advantage, Conceptual complexity, compatibility), Organization (top management support, firm size, technology readiness), and Environment (competitive pressure, trading partner pressure)

IT Adoption (Dependent Variable)

Abdollahzadehgan Cloud et al. (2013) computing

Author

Table 13.  Cloud Computing Studies.

122    Strategic Information System Agility

Relative advantage, compatibility, complexity, organizational readiness, top management commitment, and training and education.

Cloud adoption

Cloud adoption

Cloud adoption

Hemlata, Hema, and Ramaswamy (2015)

Kshetri (2013)

Sharma, Gupta, and Acharya (2017)

Relative advantage, quality of service and awareness, ecurity, privacy and flexibility)

Cost effectiveness, security and privacy

Senarathna, Cloud Wilkin, Warren, adoption Yeoh, and Salzman (2018)

Agile cloud adoption

Cloud adoption Complexity, security, top management support and prior IT experienc

Butt et al. (2019)

Skafi, Yunis, and Zekri (2020)

IT service cost, time to market and organization size

Regulative, normative, cognitive

Sata security, perceived technical competence, cost, top manager support, and complexity.

Lian, Yen, and Wang (2014)

The total of seven IT industries and many professionals from software industries-related to cloud-agile adoption

Survey of 149 Australian SMEs

Experts from 13 organizations (including 8 cloud service providers (CSPs) and 5 cloud service users (CSUs))

Survey of Cloud Vendors in China N = 7

A questionnaire was used to collect the data from 280 companies in IT, manufacturing and finance sectors in India

Survey of 106 CIOs of hospitals.

Confirmatory factor Data collected from 139 analysis and logistic respondents working in regression SMEs in Lebanon

Excel Sheet, Questionnaires

Quantitative methodology

qualitative and quantitative

Conceptual

Exploratory, confirmatory factor analysis, and structuralequation modeling

ANOVA

Cloud Computing as a Drive for Strategic Agility    123

124    Strategic Information System Agility Technology context means the internal and external technologies pertinent to the organization and those that could be adopted. Organizational context relates to company descriptive characteristics (i.e., size, organizational structure, and level of centralization), resources (human and insufficient resources), and communication process (formal and informal) among employees. Concerning the environment, this context includes environmental market elements, competitors, and the regulatory framework (Oliveira & Martins, 2010, 2011; Tornatzky et al., 1990; Zhu & Kraemer, 2005). Several research studies have examined technical and operational issues related to cloud computing, involving topics such as selecting cloud computing services in terms of cost and risk (Martens & Teuteberg, 2012), secure storage audit protocol, and computing in the cloud. Cost of cloud computing ownership models (Mazhelis & Tyrväinen, 2012; Tan & Ai, 2011; Walterbusch, Martens, & Teuteberg, 2013), and security issues, privacy risks, and information loss (Chong, Ooi, Lin, & Raman, 2009; Wang, 2010). Our search of scholarly databases found only a few published journal articles addressing cloud computing adoption from an organizational perspective, as shown in Table 13. Abdollahzadehgan et al. (2013) used the DOI and TOE framework to study the adoption of cloud computing in Taiwan’s high-tech industry. Their research model was not expansive, because it did not address critical factors such as cost savings and security concerns that are critical to the enterprise’s adoption of cloud computing. They also assessed cloud adoption as a dynamic dependent variable rather than a continuous process. Lin and Chen (2012) interviewed 19 IT professionals in Taiwan using a semi-structured interview format. According to their qualitative assessment, IT organizations are hesitant to adopt cloud computing until the uncertainties associated with cloud computing (e.g., security and standardization) are further resolved, and useful business models emerge. Trigueros-Preciado, Pérez-González, and Solana-González (2013) use a qualitative and quantitative analysis methodology to identify barriers to cloud adoption. They surveyed 94 Spanish Small Medium Enterprises and concluded that knowledge of cloud computing was low among companies and that companies knew nothing about cloud computing. Our search of scholarly databases found only a few published journal articles that assess cloud-computing adoption from an organizational perspective as shown in Table 13. Abdollahzadehgan et al. (2013) used the DOI and TOE framework to study the adoption of cloud computing in Taiwan’s high-tech industry. Their research model was not expansive, because it did not address critical factors such as cost savings and security concerns that are critical to the enterprise’s adoption of cloud computing. They also assessed cloud adoption as a dynamic dependent variable rather than a continuous process. Lin and Chen (2012) interviewed 19 IT professionals in Taiwan using a semi-structured interview format. According to their qualitative assessment, IT organizations are hesitant to adopt cloud computing until the uncertainties associated with cloud computing (e.g., security and standardization) are further resolved, and useful business models emerge. Trigueros-Preciado et al. (2013) used a qualitative and quantitative analysis methodology to identify barriers to cloud adoption. They surveyed 94 Spanish SMEs and concluded that knowledge of cloud computing was low among companies and that companies knew nothing about cloud computing adoption.

Cloud Computing as a Drive for Strategic Agility    125 Nkhoma, and Dang (2013) used secondary data from the survey of a large services company to study the drivers and barriers to cloud computing adoption. Wu, Cegielski, Hazen, and Hall (2013) investigated whether the information processing requirements and capacity affect the firm’s intention to adopt cloud computing; they used the DOI theory and information processing view to conduct their study in the supply chain domain. Abdollahzadehgan et al. (2013) proposed using the TOE framework to evaluate the barriers to cloud computing adoption in SMEs; their study did not include hypobook testing or empirical validation. Kshetri (2013) used the institutional theory to investigate the perception and security issues based on the context provided by formal and informal institutions; no empirical assessment was provided. The review of published journal articles indicates that most studies empirically evaluate the direct effects of innovation, contextual factors or conduct analysis using qualitative methods or secondary data on the adoption of cloud computing. No study has taken a holistic approach to empirically validate the direct and indirect effects of the innovation characteristics and the underlying technology, organization, and environmental contexts. Yang and Tate (2012) voice similar concerns by classifying the published journal articles on cloud computing into four research themes: technological, business issues, domains, and applications, and conceptualization. Based on a descriptive literature review of 205 refereed journal articles, their study indicates that research on cloud computing is skewed mostly toward technological issues. They highlight the paucity of cumulative research to address the social, organizational, and environmental perspectives of cloud computing. In this study, we address this crucial research gap by developing an integrative research model that combines the theoretical perspectives of the DOI and the technology, organization, and environmental contexts.

6.4.1 Combining DOI and TOE To determine the concepts of the integrative search model, an extensive search was conducted using the DOI and TOE framework, including EBSCO Academic Search, all ProQuest databases (e.g., ABI/INFORM Global), PsycNet databases, Springer, Science Direct, and Google scholar. Subsequently, the well-cited studies have been consolidated to identify the most representative factors evaluated in the published literature on adoption studies. Finally, we also examined each construction to identify its applicability in adopting cloud computing. The factors identified by this systematic approach and the dependent variable measured by them are summarized in Table 14. Many research calls for an approach that combines more than one theoretical perspective to understand the adoption of new innovative technologies by information systems (Fichman, 2004; Oliveira, T., & Martins, 2011; Wu et al., 2013). As such, to better comprehend the organizational decisions that relate to the adoption of technological innovation, the study context must be global and the variables adapted to the specificity of the innovation (Adams et al., 2009). DOI, moreover, TOE methods are widely used in many IT adoption studies and

TOE DOI DOI & TOE DOI & TOE DOI & TOE DOI

Ringle, Sinkovics, and Henseler (2009)

Chong et al. (2009)

Alam (2009)

Adams et al. (2009)

Azadegan and Teich (2010)

Tsai, Lee, and Wu (2010)

Ghobakhloo, Arias-Aranda, and Benitez- TOE Amado (2011) TOE

*

TOE

Kuan and Chau (2001)

Abdollahzadehgan et al. (2013)

*

TOE

*

*

TOE

H.-F. Lin and Lin (2008)

*

Zhu and Kraemer (2005)

*

TOE & Others

Agility

Zhu, Dong et al. (2006)

*

Security, Privacy and Trust

TOE

Cost-Saving

Zhu, Kraemer, and Xu (2006)

Factors

*

*

*

*

*

*

* *

*

*

*

*

Top Management Support Competitive pressure

Model/ Theory

*

*

*

*

*

*

*

*

Firm Size

Sources

*

*

*

*

Technological Readiness

Table 14.  Summary of the Factors Studied Influencing Cloud Adoption.

Relative advantage *

Competence and Awareness *

Compatibility *

*

*

*

*

*

*

*

*

*

Complexity *

*

*

*

*

*

126    Strategic Information System Agility Data Sovereignty

TOE DOI – DOI & Others – DOI & TOE DOI & TOE

Rimienė (2011)

Siegel and Perdue (2012)

Klein (2012)

Lin and Chen (2012)

Alshamaila, Papagiannidis, and Li (2013)

Wu et al. (2013)

Yang et al. (2013)

Oliveira, Thomas, and Espadanal (2014)

Amini and Bakri (2015)

DOI & TOE

Senarathna (2016) TOE TOE DOI & TOE

Chemjor and Lagat (2017)

Sandu and Gide (2018)

Amron, Ibrahim, Abu Bakar, and Chuprat (2019)

Prerna and Shah (2016)

–

Abolfazli et al. (2015)

Cho and Chan (2015)

DOI & TOE

Low et al. (2011)

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

Cloud Computing as a Drive for Strategic Agility    127

128    Strategic Information System Agility had received ongoing empirical support. Also, The value of context integration (TOE) to reinforce DOI theory is recognized (H.-F. Lin & Lin, 2008; Oliveira & Martins, 2011; Wu et al., 2013). Implicitly, the technological context is the same idea as Rogers (2003). The DOI has the same internal and external organizational characteristics as the TDE organizational context (Hsu, Kraemer, & Dunkle, 2006). There are also significant differences between the two theories. The TOE does not specify the role of individual characteristics (e.g., senior management support). At this point, DOI suggests that executive support is included in the context of the organization. Likewise, the DOI ignores the impact of the environmental context. As a result of the limitations of DOI, TOE provides more insight into IT adoption by including technology, organizational and environmental contexts (Zhu, Dong, Xu, & Kraemer, 2006). Consequently, the two theories significantly complement each other (Oliveira & Martins, 2011). Of the five DOI attributes, there are three innovation characteristics applicable to cloud adoption: relative advantage, complexity, and compatibility. Experimentation and observational capacity are not widely used in IT innovation studies (Chong et al., 2009). Thus, by following general information and systems research guidelines, we ignore these two attributes because they are not relevant to cloud computing technology. Rogers (2003) states that “the nature of the innovation determines the type of relative benefit that is important to the adopter” and that the relative benefit of the innovation can be “expressed in terms of economic profitability, social prestige or by other means.” In our study, we postulate that cloud computing can lead to an economic advantage in terms of cost reduction (Ifinedo, 2011a) that it is capable of improving IS agility (Yang et al., 2013). Similarly, security concerns can reduce the relative benefits of cloud computing. We, therefore, include two additional attributes, namely cost savings, and security as antecedents to the relative advantage of cloud computing. They determine whether cloud computing can be relatively beneficial in achieving cost savings, improving IT agility to meet change, seize new opportunities, and remain competitive. Table 14 below studied the fatcors influencing cloud adoption.

6.5 Research Model and Hypotheses From the DOI and TOE models, we invistigate the organizations decision making regarding the adoption of cloud computingthe. Factors specific to the organizational context are top management support and firm size. The extent to which the environmental context may influence the firm’s decision to adopt cloud computing is identified by two variables, competitive pressure, and regulatory support. The integrative research model is illustrated in Fig. 43. By associating the innovation characteristics of cloud computing with the technological, organizational, and environmental contexts of the TOE framework, we are acting on researchers’ call to build a more holistic model to understand the diffusion of IT innovation (Kalle & Rose, 2003; Oliveira & Martins, 2011; Wu et al., 2013). Linking this theoretical positioning to our literature review described in Table 13, we identify the key characteristics of cloud adoption in terms of technological, organizational, environmental and innovation factors.

Cloud Computing as a Drive for Strategic Agility    129 TECHNOLOGICAL READINESS INNOVATION CHARACTERISTICS

Technological readiness

Agility

H5 ORGANIZATIONAL CONTEXT H1

Top Management Support H6

H4

Firm Size

CLOUD COMPUTING ADOPTION DECISION

H7 Competence and Awareness

Compatibility

H2a

H2 Relative Advantage

H8 H3

ENVIRONMENTAL CONTEXT

Security Issues

H2b Cost-Saving

H9 Complexity

Competitive Pressure

H10

Data Sovereignty

Fig. 43.  The Proposed Model for Cloud Adoption in Organizations.

6.5.1 The Innovation Characteristics ⦁⦁ Agility

The most important advantage of Cloud computing is that it adds to the agility of an organization. With the use of cloud computing, enterprise systems are being transformed, allowing organizations greater flexibility in the use of services, greater flexibility, and higher productivity (Kunio, 2010). According to Sitaram and Manjunath (2012), agility and innovation are considered the main growth drivers offered by cloud computing. Companies willing to reconfigure around cloud computing would be more adaptable to changing external markets and better positioned to exploit new opportunities by leveraging the scalability and agility of cloud computing (Altaf & Schuff, 2010; Weinhardt et al., 2009). Thus, H1. Agility can positively influence the relative benefits of cloud computing.

130    Strategic Information System Agility ⦁⦁ Relative Advantage

Relative advantage is defined as the measure to which an innovation is considered more beneficial than the idea replaced (Rogers, 2003). Innovations with a clear and unequivocal advantage in strategic effectiveness (e.g., improved revenues) and operational efficiency (e.g., cost savings) have a stronger incentive to adopt (Greenhalgh, Robert, Macfarlane, Bate, & Kyriakidou, 2004). In the case where the advantages of technology (in this case cloud computing) outweigh existing processes and practices (Ifinedo, 2011b), the benefits will impact positively on its adoption. Therefore, H2. The relative advantage will have a positive influence on cloud computing adoption. ⦁⦁ Security, privacy, and trust

The term security breach refers to an incident in which a company or government organization loses sensitive information, personal data, or other confidential information (Bishop, 2002). Cloud computing is a convergence of storage and computing in a multi-user shared environment. Which increases security risks (Schneiderman, 2011; Shen & Tong, 2010), because organizations are not aware of and uncertain about potential security risks (Benlian & Hess, 2011). Also, the lack of mature security protocols and identity management standards means that organizations will be reluctant to adopt a cloud computing solution. Migration to the cloud adds new layers of complexity to data security, which significantly influences the company’s decision to adopt an innovation. Hence; H2a. The security and privacy issues will have a negative impact in terms of cloud computing’s relative advantage. ⦁⦁ Cost-Savings

Cloud computing technology offers opportunities for innovation, reduces IT spending, and reduces the total cost of computing (Cervone, 2010). By allowing companies to focus on their core business rather than being stifled by technological change, cloud computing fosters innovation. By choosing cloud computing, an enterprise can reduce the time spent on system maintenance and the time required for routine upgrades. Cloud computing also reduces infrastructure costs, reduces energy consumption, and reduces maintenance costs (Mazhelis & Tyrväinen, 2012). Thanks to vendor specialization, cloud computing service providers can offer IT functions at lower cost and deliver economies of scale to the end user (Benlian & Hess, 2011). As a catalyst for the rapid adoption of changing technologies, the cloud offers cost-effective ways to transform businesses by reinventing an organization’s way goods, and services are sold and used. Hence H2b. Cost-savings would positively influence the relative benefits of cloud computing.

Cloud Computing as a Drive for Strategic Agility    131 ⦁⦁ Complexity

Complexity is a stage where innovation is considered relatively difficult to understand and implement. The easier the technology is to integrate into business operations, the higher the likelihood of its adoption. Cloud environments provide the ability to instantly pool resources to meet workloads. However, moving to a cloud solution can be a challenge for organizations that lack technical expertise and IT specialists. For example, integrating existing applications with a specialized cloud infrastructure (e.g., Oracle’s Elastic Cloud or HP’s Cloud System) may require a level of expertise which is not available easily within the enterprise. Also, the use of cloud-based solutions presents challenges when defined limits for securing business processes and data privacy in a multi-tenant, shared environment are not sufficiently refined (Crook & Kumar, 1998). Hence, H3. Complexity will have a negative influence on cloud adoption. ⦁⦁ Compatibility

Compatibility is the degree to which the innovation corresponds to the existing values, past practices, and current needs of the potential adopter ers. Compatibility is an important determinant of innovation adoption (Azadegan & Teich, 2010; Chong & Bauer, 2000; Dedrick & West, 2004; Sila, 2010). For example, if the purpose of cloud adoption is to take advantage of the scalability benefits of low-security applications, transferring capacity to cloud infrastructure makes economic sense. For example, business capacity and operability are factors that will determine whether an organization should adopt cloud computing. So, H4. Compatibility can positively affect the cloud adoption.

6.5.2 Technological Readiness The technology context refers to the technological characteristics available in the organization for the adoption of technology. It includes both the structural aspects and specific human resources. The structural aspects refer to the platform or the technological infrastructure (e.g., installed network technologies and enterprise systems) within the firm that the cloud-computing services can complement or replace (e.g., implementing a collaborative document sharing solution using cloud-based storage). The specific human resources are the people within the organization who have the knowledge and skill to implement the cloud-computing services (e.g., employees with computer skills, IT specialists) (Lim, 2009). Together they enhance the technological readiness of an organization. Therefore, firms with a higher degree of technological readiness are better positioned for the adoption of cloud computing. Hence, H5. Technological readiness will positively influence cloud-computing adoption.

132    Strategic Information System Agility 6.5.3 The Organization Context ⦁⦁ Top management support

Organizational context refers to the availability of resources that support the adoption of an innovation (Lippert & Govindrajulu, 2006); that is, organizational characteristics which facilitate or limit a firm’s adoption and implementation of the innovation. Many factors affect the relationship with the organizational structure and innovation adoption, such as the level of centralization, distribution of power and control, information linkages, availability of insufficient resources, lateral communication, firm size, and senior management support (Tornatzky et al., 1990; Xu & Quaddus, 2012). Among these, senior management support and enterprise size are the most critical factors in assessing cloud adoption (Lippert & Govindrajulu, 2006). Senior management support plays an essential role in the adoption of IT in the cloud by supporting the decision to allocate the necessary resources, integrate services, and re-engineer processes (Abdollahzadehgan et al., 2013). When senior management fails to recognize the benefits of cloud computing to the business, one must wait for the opposition to adoption. So, H6. Top management support will have a positive influence on cloud adoption. ⦁⦁ Firm size

Another organizational factor can influence cloud adoption. Indeed, large firms have an advantage over small firms, because they have more resources and can take more risks associated with adopting the innovation (Thiesse, Staake, Schmitt, & Fleisch, 2011; Zhu, Kraemer, et al., 2006). Research has shown that small firms while more versatile, do not readily adopt new technologies (Lippert & Govindrajulu, 2006). As a result, enterprise size is a determining factor in the adoption of cloud computing (Abdollahzadehgan et al., 2013). Hence H7. Firm size will have a positive influence on cloud adoption. ⦁⦁ Competence and Awareness

One of the main challenges of the adoption of cloud computing is the lack of competent cloud profiles. These issues are crucial today for companies that want to stand out from the crowd in order to recruit and retain the best candidates and meet the expectations of new generations. The university’s role is crucial to continue the evolution and help companies in educating and training on cloud computing concepts and application (Abolfazli et al., 2015). Hence H8. Firm size will have a positive influence on cloud adoption.

Cloud Computing as a Drive for Strategic Agility    133 6.5.4 The Environmental Context ⦁⦁ The competitive pressure

The environmental context is the framework in which a company operates and depends on the nature of the industry, its competitors, and its ability to access resources provided by others and government relations (Lippert & Govindrajulu, 2006). Among these, the drivers that have an impact on cloud adoption are business competition and the regulatory environment (Zhu, Kraemer, & Xu, 2003). In the literature on the DOI, competitive pressure has long been seen as an essential driver for technology diffusion. It refers to the pressure exerted by competitors in the industry (Abdollahzadehgan et al., 2013; Zhu et al., 2003). Adopting new technologies is often a strategic necessity to compete in the marketplace. Cloud Computing enables enterprises to benefit from greater operational efficiency, better market visibility, and more accurate access to real-time data (Misra & Mondal, 2011). That is why H9. The competitive pressure will influence the adoption of cloud computing positively. ⦁⦁ Data Sovereignty

Data sovereignty is the respect of rights associated with data based on the location of the entity that has control over it. Governments generally apply data sovereignty to limit the cross-border storage of (sensitive) data, limiting organizations to operating local data centers only when external services may be more efficient and affordable (Abolfazli et al., 2015). Guaranteeing the ownership, security, and sovereignty of data has become a vital issue for companies, especially governments, which have decided to dematerialize their information systems in the cloud (Zhu, Kraemer et al., 2006). Several organizations are still asking questions about the storage and sovereignty of data in the cloud. Answering these questions and clarifying misunderstandings around data sovereignty promote better cloud adoption. H10. Data Sovereignty have an impact on the cloud adoption.

6.6 Research Methods Two types of research methods can be used in this exploratory study: qualitative and quantitative. A qualitative method allows participants to answer specific questions from their perspectives. Qualitative data are generally collected using open-ended questions. In this method, researchers can obtain more information on the current situation, human attitudes, opinions and decisions (Tashakkori & Creswell, 2007). This approach can provide more in-depth information on the subject of the study (Anderson, 2010). The second type of research method is a quantitative method. In this approach, data are collected through closed-ended questions and participants are

134    Strategic Information System Agility not allowed to explain their responses (Tashakkori & Creswell, 2007). There are various ways to collect quantitative data, such as questionnaires and scientific experiments. Using this approach, researchers can measure participants’ opinions, and decisions and different strategies can be used to analyze numerical data (Venkatesh & Brown, 2013). Mixed methods are a combination of quantitative and qualitative methods. By combining the two methods, researchers can gain more knowledge and more accurate results and provide a clearer picture of the problem (Venkatesh & Brown, 2013; Zhu, 2004). According to Mack, Woodsong, MacQueen, Guest, and Namey (2005), some researchers have used qualitative methods to gain an overview of the problem and an in-depth understanding of the results obtained using quantitative methods. In this study, different techniques can be used to collect qualitative and quantitative data. Our research focuses on various aspects that influence the adoption of cloud computing in information systems and their impact on IT agility. We have therefore chosen a research methodology that integrates several methods, as shown in Fig. 44. A combination of research methods, especially in both cases, qualitative and quantitative paradigms have been proven in the IS discipline to be active LITERATURE REVIEW PROPOSED MODEL QUANTITATIVE SUDY

Data Analysis

Data Analysis

FINDING

Exploratory Study Interview: Semi-Structured

Data Analysis

Evaluation Study

Fig. 44.  Research Design.

FINDING

Cloud Computing as a Drive for Strategic Agility    135 and contribute to a broad and deep understanding (cf. Galliers, 1991; Kaplan & Duchon, 1988; Landry & Banville, 1992; Mingers, 2001). The qualitative study was used to obtain additional information on the results of a quantitative study (Venkatesh & Brown, 2013).

6.7 Quantitative Methodology 6.7.1 Measurement Model A survey was conducted in the MENA region, with 200 medium and large organizations in covering manufacturing and service industries, to assess theoretical constructions. These organizations are from both the public and private sectors. To be consistent with sources, constructions (agility, safety issues, cost savings, relative advantage, complexity, compatibility, technology readiness, senior management support, competitive pressure, and regulatory support) were measured using a five-point Likert scale on a Likert scale at intervals ranging from “strongly disagree” to “strongly agree.” The questionnaire was carried out in several stages. A first version has been developed to take into account the different theoretical assumptions. This first version has been tested with IT managers and consultants. This pre-test allowed rephrasing specific questions to improve the comprehension of the questionnaire and to improve the quality of the given answers. The questionnaire was written in the three most widely spoken languages in the organizations, namely English, French, and Arabic.

6.7.2 Data Collect As mentioned earlier, the focus of the field survey was arge organizations in the MENA region. An online version of the questionnaire was sent by e-mail to decision-makers and qualifiied individuals having an important position in the organization. Data were collected using an online questionnaire administered in two stages from mid-2017 to early 2018. These data have been updated with responses collected during the last quarter of 2019. The study used the “key informant” approach to data collection (Benlian & Hess, 2011) to identify the respondents in the organization who are most involved and knowledgeable about cloud computing. To target key informant respondents, we provided a clear description of cloud computing and examples. In order to increase the validity of the content, we indicated that the organization’s most familiar member should complete the survey. The final version of the questionnaire was written in English, comprised of 34 questions, in which several elements measured each factor. The participants’ demographics are shown in Table 15.

6.7.3 Results The purpose of this study (Table 17) is to assess the determinants of cloud adoption using a methodology that combines the innovative characteristics of cloud

136    Strategic Information System Agility Table 15.  Participants’ Demographics. Variable Organization size

Industry

Market scope

Adoption stage

Frequency

Percentage (%)

100–500 employees

30

15

500–1000 employees

50

25

1000–2000 employees

80

40

More than 2000 employees

40

20

Manufacturing

31

15.5

Petrochemical

10

5

Chemicals

22

11

Engineering

33

16.5

Energy

15

7.5

Financial services

34

17

IT

50

25

Retail

2

1

Other

3

1.5

International

112

56

Local

25

12.5

National

63

31.5

Yes

128

64

No

72

36

computing with the organization’s technological, organizational, and environmental perspectives. We found that ten factors influence cloud adoption: agility, complexity, Competitive pressure, technological readiness, top management support, regulatory, competence and awareness, compatibility, firm size, and data sovereignty. An integrative approach combines innovation in cloud computing characteristics with organizational, technological, organizational, and environmental perspectives. The results indicate that five factors represent a major influence on the adoption of the cloud: Agility, cost-saving, security, privacy and trust, technological readiness, and data sovereignty, as shown in Table 16.

6.7.4 Finding ⦁⦁ Innovation characteristics

Of the four innovation characteristics, Agility (H1) is positively influencing cloudcomputing adoption. This finding is consistent with similar studies reported in the literature (Hsu et al., 2006; Tan & Ai, 2011; Y.-M. Wang, Wang, & Yang, 2010).

Adapted Source

Compatibility

Complexity

CT4 – Cloud computing will be compatible with existing company hardware and software

CT3 – Cloud computing is compatible with your company’s culture and value system

CT2 – Cloud computing is fully compatible with today’s business operations

CT1 – Cloud Computing can accommodate a company’s work style

CP4 – For firm employees, the skills required to adopt cloud computing are too complicated

CP3 – Using cloud computing is too complicated for business operations

CP2 – Using cloud computing is frustrating

CP1 – Using cloud computing requires lots of mental effort

CS3 – Level of concern about privacy in cloud computing

CS2 – Level of customer concern about data security in cloud computing

Ifinedo (2011b) Thiesse et al. (2011)

Ifinedo (2011a) Thiesse et al. (2011)

Thiesse et al. (2011) Sangle (2011)

Cost savings

CS1 – Enterprise-level concerns about data security in cloud computing

Zhu, Dong et al. (2006), Luo, Gurung, and Shim (2010), and Wu (2011)

A4 – The use of cloud computing offers new opportunities

A3 – Using cloud computing helps you get the job done faster at specific

A2 – Cloud computing services improve the quality of operations

A1 – Cloud computing allows you to manage your business activities efficiently Yang et al. (2013)

Items

Security, privacy, S1 – Degree of company’s concern with data security on the cloud computing and trust S2 – Degree of concern for customers with data security in cloud computing concerns S3 – Degree of concern about privacy in cloud computing

Agility

Constructs

Table 16.  Quantitative Factors that Influence the Adoption of Cloud Computing.

Cloud Computing as a Drive for Strategic Agility    137

Competitive pressure

Competence and awareness

CP3 – Some competitors have already started using cloud computing

CP2 – Competition is putting pressure on our site firm to adopt cloud computing

CP1 – The company believes that cloud computing can influence competition in their industry

CA2 – The level of awareness and adoption of cloud computing by the organization staff

CA1 – The competencies needed to manage and adopt cloud computing

Ifinedo (2011a) Oliveira and Martins (2010)

Abolfazli et al. (2015) Cragg, Caldeira, and Ward (2011)

Zhu et al. (2003) Chwelos et al. (1890) Premkumar and Roberts (1999)

FS1 – The number of company employees

Firm size

FS2 – Annual business volume

Chwelos, Benbasat, & Dexter (1890) TS2 – Company management demonstrates strong leadership and commitment Shah Alam, Ali, and Mohd Mohd Jani (2011) to the process when it comes to information systems Zhu, Li, Wang, and Chen TS3 – Business leaders are prepared to take risks (financial and organizational) (2010) in the adoption of cloud computing

Ifinedo (2011a) Oliveira and Martins (2010)

Adapted Source

TS1 – Enterprise management supports the implementation of cloud computing

TR3 – In the enterprise, there are the skills needed to implement cloud computing

TR2 – The company knows how IT can be used to support operations

TR1 – Percentage of employees with Internet access

Items

Top management support

Technology readiness

Constructs

Table 16.  (Continued)

138    Strategic Information System Agility

Items Zhu and Kraemer (2005) Shah Alam et al. (2011) Abolfazli et al. (2015)

Adapted Source

CCA2 – If you think in future you will embrace cloud computing. How do you think that will happen? Do not consider; More than 5 years; Between 2 and 5 years; Between 1 and 2 years; Less than 1 year; Already-adopted Cloud Computing services, infrastructure or platforms

CA1 – In terms of cloud adoption, at what stage is your organization currently Thiesse et al. (2011) engaged in cloud adoption I do not think about it; Being evaluated (e.g., as part of a pre-pilot study); Evaluating this technology, but not planning to adopt it; Evaluating and planning for adoption of this technology; Already adopted cloud computing services, infrastructure or platforms

Note: All questions are based on a 5-point scale unless otherwise indicated.

Cloud computing adoption

DS2 – As regulations become more stringent, companies storing data in the public cloud must ensure that they comply with data sovereignty laws

Data Soverignty DS1 – There is legal protection in the use of cloud computing

Constructs

Cloud Computing as a Drive for Strategic Agility    139

140    Strategic Information System Agility Table 17.  Mean and Standard Deviation of Full and Subsamples. Factors

Mean

SD

Agility

3.33

0.87

Security, privacy, and trust concerns

3.76

1.11

Cost savings

3.14

0.79

Complexity

2.26

0.80

Compatibility

2.90

0.80

Technology readiness

4.27

1.19

Top management support

2.89

0.96

Firm size

2.54

0.86

Competence and awareness

2.72

1.02

Competitive pressure

2.30

0.86

Regulatory support

2.58

0.85

Data Sovereignty

3.81

0.81

Cloud computing adoption

2.40

1.61

Table 17 presents the Mean and Standard Deviation of Full and Subsamples. The survey confirms that organizations realize the benefits of cloud computing agility. The benefits identified by the study include improved quality of business operations, faster task execution, increased productivity, and the creation of new business opportunities. Concerning the two variables that constitute advantages related to cloud technology, security concerns (H2a) do not prevent cloud adoption due to recent advances in privacy technologies, surveillance, and encryption systems to ensure confidentiality, integrity, and data protection in the cloud (Muñoz, Gonzalez, & Maña, 2012; Sonehara, Echizen, & Wohlgemuth, 2011; Wang, 2010). Also, new federal standards and regulations such as the GDPR (Tankard & Pathways, 2016) and FedRampt (Montalbano, 2012). Act help build trust and organizational control over data when adopting cloud-based solutions which can explain why security and privacy are not a concern when a cloud computing strategy is considered. Cost savings (H2b) is confirmed as an essential factor to explain the relative advantage of cloud computing. This finding is consistent with studies that have shown that cost savings are a powerful driver of cloud-based solutions adoption in sectors such in technology, manufacturing, financial, logistical, services and educational industries (Benlian & Hess, 2011; Garrison, Kim, & Wakefield, 2012; Lyytinen & Damsgaard, 2011). The compatibility (H4) is considered a factor that was facilitating the adoption of cloud computing for the service sector, but not significant for the manufacturing sector. Its importance in the service industry can be explained by the work style preferences and Internet business transactions that prevail among companies in this sector(Lee & Kim, 2007). In the case of manufacturing, the lack

Cloud Computing as a Drive for Strategic Agility    141 of importance of compatibility may be due to the nature of the applications (e.g., the critical role of in-house software solutions such as resource planning software and computer controlled machining) and the limited requirements for Internet solutions in the industry (Grandon & Pearson, 2004; Ramdani, Kawalek, & Lorenzo, 2009). Therefore, the compatibility results are also mixed compared to previous research, and further research is needed to reach a definitive conclusion. Also, the complexity factor (H3) is a barrier to the adoption of cloud computing in the service sector. The concept of complexity associated with cloud computing is no different from other disruptive technologies and appears to be an essential deterrent to the adoption of cloud computing. Complexity can be associated with perceived change, which is known to be an unsatisfactory and frustrating source (Kets de Vries & Balazs, 1998). The results indicate that complexity is not a blocking factor for firms in the manufacturing sector. Complexity has been judged insignificant by some researchers (Low et al., 2011), while others have said the opposite (Borgman, Bahli, Heier, & Schewski, 2013). As a result, previous studies are not clear-cut on the role of complexity, implying that further researches are needed before a definite conclusion.

6.7.5 Technology Readiness Technology readiness (H5) is a driver for cloud computing adoption. According to the study, companies with established technology infrastructure and a technically skilled workforce will be better suited to integrating cloud computing. However, our study indicates that the implementation of cloud computing can disrupt services and create management challenges in both IT and non-IT organizations. The finding indicates that organizations must ensure that the technology infrastructure and availability of IT specialists are adequate for integrating cloud solutions into business operations within minimal downtime. Unlike previous studies, which have suggested that technological readiness does not necessarily influence cloud adoption(Low et al., 2011). Moreover, that technological readiness is not relevant for technology companies (Wu et al., 2013), and that for organizations with the capacity to more information processing is less apt to embrace cloud computing.

6.7.6 Organizational Context In our study, we found empirically that top management support (H6) is essential in explaining the adoption of cloud computing. According to the results of the study, senior management has an influence on the adoption of cloud computing by demonstrating its support through the commitment of financial and organizational resources and by engaging in the process. These findings are consistent with the results of previous research on technology adoption and use (Ifinedo, 2011a; Luo et al., 2010; Ramdani et al., 2009). The enterprise size factor (H7) is a predictive variable of cloud adoption. This conclusion is consistent with the literature that large firms have the necessary resources needed to address investment risk and cost associated related to emerging technology (Chong & Chan, 2012; Crook & Kumar, 1998; Wang et al., 2010).

142    Strategic Information System Agility In contrast, small businesses generally lack the resources to build knowledge and to implement and test cloud computing (Thiesse et al., 2011). The competence and awareness (H8) is a very critical factor in the adoption of the cloud in different organizations. The adoption of the cloud by organizations is well underway worldwide (Abolfazli et al., 2015; Cragg et al., 2011). This trend is expected to continue through talent attraction and retention, and performance management. These issues are crucial today for companies that want to stand out from the crowd in order to recruit and retain the best candidates and meet the expectations of new generations.

6.7.7 Environmental Context Few studies have addressed the importance of the environmental context in cloud computing. According to Low et al. (2011), competitive pressure has pushed hightech companies to adopt cloud computing more quickly. Also, Ifinedo (2011a) has determined that competitive pressure has a positive impact on the adoption of technologies that support e-commerce. While pressures from customers, business partners and government support have not played a significant role. Data sovereignty (H10) is a crucial factor in the adoption of the cloud, the challenge for businesses to manage the growing sovereignty of data is increased due to the different approaches governments are taking to ensure the privacy of citizens’ data (Abolfazli et al., 2015).

6.7.8 Discussion and Interpretations Results of our survey indicate that the pressure of competition is not determinative of cloud adoption. Firms are likely to be aware of cloud benefits, but specific technology factors and organizational contexts prevent cloud benefits from translating to a competitive advantage. It was also found that regulatory support for cloud computing adoption was not available at significant, this does not necessarily mean that firms do not take into account current standards and regulations, on the contrary, legislation protecting the use of cloud computing has not been seriously adopted by the organization’s decision makers. Regulatory processes are essential to instilling the confidence needed at firms to turn innovation into business opportunities. Without commercially sound economic incentives, technological advances, evolving cloud standards, and federal regulations may not be able to overcome the barriers to cloud adoption. The findings of our study suggest that Agility, cost-saving, security, privacy and trust, technological readiness, and data sovereignty influence the adoption of cloud computing by enterprises.

6.7.9 Qualitative Study The second study focuses more on how cloud computing affects the agility of information systems. Data were collected through semi-structured interviews with 20 experts from 10 large organizations in MENA that have already adopted cloud technology.

Cloud Computing as a Drive for Strategic Agility    143 ⦁⦁ The Sample Size

It was essential to identify the sample size before conducting this study. In order to determine the minimum sample size, G*Power software was used. G*Power is software that enables researchers to compute the required sample size and increase the accuracy of their results (Bourque & Fielder, 2003). The parameters identified to compute the minimum sample size were as follows: ⦁⦁ Effect size: According to Faul, Erdfelder, Lang, & Buchner (2007), there are

three parameters of effect size small, medium and large. The appropriate effect size for this exploratory study is 0.8 (i.e., large). ⦁⦁ Type I error, also known as alpha (α for 95% confidence level α=0.05. This means the probability of rejecting the null hypobook when it is true is 5% (0.05). Type one error means false rejection of the null hypobook. ⦁⦁ Type II error (i.e., 1-β err prob): Type two error indicates that the null hypobook will not be rejected when it is false (Banerjee, Ghosh, & Banerjee, 2012). In other words, type two error means false acceptance of the null hypobook. This is conventionally set at 20%.; so (1-β err prob) = 0.8. In this study, the calculation was performed under a t-test family (one sample case). The results indicated that the minimum sample size for the questionnaire was 15 participants. Table 18 illustrates the statistical calculation of the sample. In terms of interviews, there is no typical sample size for data collection from interviews; thus, there is no set number for participants in interviews. However, Tashakkori and Creswell (2007) recommend that from 5 to 25 interviewees are acceptable, while Morse (1994) suggests that six is the minimum for participants in interviews. Furthermore, Thomson (2010) conducted a review of one hundred studies regarding sample size in interviews and found that the point at which any increase in some interviews will lead to repeated material, and data saturation occurs between 10 and 30 interviews(Thomson, 2010). Strauss and Corbin (1998) also state that the saturation of data is dependent on a researcher’s decision. In this present study, the researcher has taken into account these suggestions and conducted interviews until there was no new data to be added to the study. Table 18.  Sample Size Calculation Using the G* Power Software. Statistical Test

Means: Difference from Constant (One Sample Case)

Tails

Two

Effect size d

0.8

α error prob.

0.05

Power (1–β err prob)

0.8

Minimum sample size

15

144    Strategic Information System Agility ⦁⦁ Interview Design

The purpose of the semi-structured interviews was to examine the extent to which the adoption of cloud computing will increase information systems agility. Interview questions were prepared before the interviews and included closed and open-ended questions. According to W. Foddy and Foddy (1994), the five-point Likert scale is the optimal choice for cases that require decisions; Lietz (2008) also mentioned that this scale could increase reliability and validity of results. Therefore, in this study the closed-ended questions were designed using a five-point Likert scale: (very important = 5; important = 4; may be important = 3; not important = 2; and not relevant = 1). The other questions were open, which helped the researcher to understand an organization’s requirements and attitude toward cloud adoption. Table 19 presents an outline of the interview questions. The interview questions are developed in English to verify the clarity of the questions. Adjustments based on the pilot interviews were made to the interview questions, including rephrasing and deleting some wrong questions. ⦁⦁ Questionnaire Design

To confirm the proposed cloud adoption model, a self-administered questionnaire was developed for this study. The purpose of the questionnaire was to confirm Table 19.  The Interview Questions Sample. Number Questions Q1

• Cloud computing has enabled the organization to manage business activities in an efficient and flexible way?

Q2

• Do Cloud computing services improve the quality of operations?

Q3

• The employee have the possibility to quickly access applications data and the possibility of recovering them rapidly?

Q4

• The compatibility with the cloud provider has a negative impact on the cloud adoption?

Q5

• The organization has the ability to respond to the growing demand of customer in terms of computing ressources?

Q6

• Using cloud-computing helps the organzation to adapt the change in information systems through system development, implementation, modification, and maintenance activities?

Q7

• Using cloud-computing helps the organzation facilitate planning process in the organization?

Q8

• IT staff are well trained and agile to follow technical advances, and have the ability to deal with unexpected changes?

Q9

• The adoption of cloud increases the organization’s ability to cope with unexpected changes?

Q10

• The organization has the ability to remain competitive?

Cloud Computing as a Drive for Strategic Agility    145 factors that already exist in the cloud adoption model, as well as other factors that were identified in interviews with IT experts. The questionnaire was divided into two sections: demographic information and 28 closed-ended questions concerning 17 factors. These factors are security, relative advantage, agility, compatibility, complexity, senior management support, organizational size, technological readiness, regulatory compliance, and competitive pressure. The reason there were 28 closed-ended questions was that some factors were measured by more than one question. For example, Agility has two questions, one measuring the impact of agility on cost by predicting changes and the other on responsiveness. Closedended questions were designed based on interview results and using a five-point Likert scale: (strongly agree = 5; Agree = 4; neutral = 3; neutral = 3; Disagree = 2; and strongly disagree = 1): The questions used were as follows: ⦁⦁ Demographic Information

The interviews were conducted with twenty IT experts at different organizations in the MENA region. All the participants were working in IT departments in different sectors, such as manufacturing, engineering, and energy. All participants had at least five years’ working experience so that they could understand the current situation of their organization and future trends. The interviews were carried out between March and May 2018, at the experts’ workplaces (i.e., face-to-face or visio conference interviews), and they were recorded using a recording device with the permission of the experts. The purpose of the questionnaire was to confirm which factors influence an organization’s decision to use cloud services and the impact of adopting cloud computing on information systems agility. The SPSS software was used to analyze data collected. Parametric tests analyse measured data by scale and interval ratio, while nonparametric tests analyze ordinal and classified data. Overall, parametric tests are more flexible and powerful than non-parametric tests and are therefore preferred by most researchers. Therefore, the data collected were tested using the parametric test (t-test on a sample) and the test value was defined as three on the five-point Likert scale, which ranged from 5 (strongly agree) to 1 (strongly disagree). Table 20 illustrates the results of the questionnaire analysis.

6.7.10 Hypobook In the aim to response a second research question, the following assumptions were made and tested at a 90% confidence level. The hypotheses (H1) include the different associations between agility categories and cloud computing models formulated as follows: H1: There is an association between the use of a software model as a cloud service model and the improvement of the IS Agility category where the cloud model is either (IaaS, PaaS, or SaaS) and the IS Agility category is either (Technical Infrastructure Agility, IT Processes Agility, Human Characteristics, or Business Aspects).

IT Process Agility

IT Agility

Factors

– An organization needs to improve the sharing of application data for all stakeholders and organization partners

Information Agility

Ability to adapt to change in information systems through system development, implementation, modification, and maintenance activities. An organization with such IT agility can effectively modify its system, enabling it to respond more effectively to changing market opportunities

• Reduction of time and effort for application support and maintenance

Maintenance Process Agility

Planning Process Agility

Monitoring & Assessment Process Agility

The organization must manage these expansions to the growing demand of customers and have the ability to accelerate the necessary increase in bandwidth allocation and computing resources from the cloud service provider

Elasticity

Recall that the essential forces of environmental change include competitor actions, strategic changes, and changes in consumer preferences or IS staff skills, economic changes, regulatory and legal changes, and technological advances. These different changes require a standby to detect any potential changes regarding each of these types

• IT should easily assess and prioritize proposed changes

• The integration of new branches in the company must be less complicated

The organization will need to deploy an application migration process, to link the local environment to the cloud environment while maintaining a level of security

Compatibility & interoperability

– An employee will have a possibility to quickly access applications data and the possibility of recovering them rapidly

The organization will have the capacity to add a new product or service with efficiency. In this aims organization

Application Agility

Statements

Table 20.  Cloud Computing’s Impact on Information Systems Agility.

4.17

3.23

4.03

3.90

3.60

4.60

4.67

Mean