Bat Summary Other

lOMoARcPSD|404503
BAT Summary complted
Business Architecture and Transformation (Erasmus Universiteit Rotterdam)
StudeerSnel wordt niet gesponsord of ondersteund door een hogeschool of universiteit

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)
lOMoARcPSD|404503
BM03BIM - Business Architecture and Transformation

Week 1 – IT Strategy ...............................................................................................................................................2
Collis, Rukstad – Can You Say What Your Strategy Is? ....................................................................................2
Simon, Fischbach, Schoder – Enterprise Architecture Management‚ .................................................................2
Venkatraman – IT-Enabled Business Transformation ........................................................................................3
Hilti Case .............................................................................................................................................................4
Lecture 1 (27.10.2020) ........................................................................................................................................6
Week 2 – IT Governance .........................................................................................................................................9
Weill, Ross – A Matrixed Approach to Designing IT Governance .....................................................................9
Sambamurthy & Zmud – Arrangements for IT Governance .............................................................................11
Guest Lecture (03.11.2020) – Not exam relevant..............................................................................................13
Lecture 2 (03.11.2020) ......................................................................................................................................14
Week 3 – IT Project Management .........................................................................................................................19
Napier, Keil & Tan – Construction of successful project management practice ...............................................19
Nelson – IT Project Management: Failures, mistakes, best practices ...............................................................22
Lecture 3 (10.11.2020) – IT Project Management ............................................................................................25
Week 4 – IT Project Management .........................................................................................................................28
Davenport & Short – New industrial engineering .............................................................................................28
Mendling, Reijers & van der Aalst: Seven process modelling guidelines.........................................................29
White – Introduction to BPMN .........................................................................................................................30
Celonis Lecture ..................................................................................................................................................32
Week 5 – IT Risk Management .............................................................................................................................34
Cagliano, Grimaldi & Rafele - Choosing project risk management techniques................................................34
Bandyopadhyay, Mykytyn2 -Framework for integrated risk management in IT...............................................35
Rainer, Snyder & Carr - Risk analysis for information technology ..................................................................36
Lecture 5 (24.11.2020) ......................................................................................................................................37
Week 6 – IT Sourcing (“Make or buy?”) ...............................................................................................................40
Lacity, Khan & Willcocks - A review of the IT outsourcing literature .............................................................40
Lacity, Willcocks & Feeny - IT Outsourcing: Maximize Flexibility and Control ...........................................42
Rottman & Lacity - Proven practices for effectively offshoring IT work .........................................................43
Lecture 6 (01.12.2020) ......................................................................................................................................44
Week 7 – IT Decision Making ...............................................................................................................................49
Dale - Heuristics and biases: The science of decision-making..........................................................................49
Hammond, Keeney & Raiffa - The hidden traps in decision making................................................................50
Schneider, Weinmann & vom Brocke - Digital nudging: Guiding online user choices....................................52
Lecture 7 (08.12.2020) ......................................................................................................................................53

lOMoARcPSD|404503
Week 1 – IT Strategy
Collis, Rukstad – Can You Say What Your Strategy Is?
A significant proportion cannot articulate the objective, scope, and advantage of their business in a simple
statement. How are the employees expected to do so? If you have 10,000 smart employee and everyone heads in
a slightly different direction, no progress is made. Thus, a concise and clear strategy statement should align all
employees similar to a magnet and make their actions exponentially more effective. With a clear definition two
things happen:
1. Formulation becomes infinitely easier because executives know what they are trying to create.
2. Implementation becomes much simpler because the
strategy can be readily communicated and internalised
by the whole organisation.
A proper strategy statement consists of three elements:

1. Objective: definition of the ends that the strategy is
designed to achieve; also include a timeframe
2. Scope/domain: the part of the landscape in which the
firm will operate; the boundaries
3. Competitive advantage: what your business will do
differently or better; how you will achieve the goal
Objective: some companies confuse their statement of value or

mission with the strategic objective.
The basic elements of a strategy statement:
• Objective (ends): the single precise objective that will drive
the business over 5+ years 1
• Scope (domain): encompasses 3 dimensions: customer or

2 3
offering, geographic location, and vertical integration.
Clearly defined boundaries in those areas should make it
obvious to managers which activities they should concentrate
Competitive on and, more important, which they should not do.
• Advantage (means): the most critical aspect of a strategy → not what
statement. Clarity about what makes the firm distinctive is competitors offer
what most helps employees understand how they can
contribute to successful execution of its strategy. The firm’s
competitive advantage includes 1) customer value
proposition (e.g. your value offered relative to competitors) and 2) the complex combination of activities
allowing that firm alone to deliver the customer value proposition.
The figure to the right expresses the firm’s strategic sweet spot: where the firm meet’s the customer’s needs where
the competitor can’t, given the context where it competes.
Simon, Fischbach, Schoder – Enterprise Architecture Management‚

The taxonomy includes the following layers:
• Business motivation: business end (mission, vision, values, goals and objectives) business means (the
: instruments employed to achieve the motivation incl. business strategy), and business influencers (factors
influencing motivation and means i.e. PEST and SWOT).
• Business execution: the organization layer which includes business processes, information entities,
organizational structures (functional, geographical and legal), people, culture, resources, and their
aggregation into ‘‘logical’’ business capabilities. A business capability is an enterprise’s ability to
execute a defined and repeatable pattern of activities and produce a desired outcome (e.g., product,

lOMoARcPSD|404503
service) by deploying specific resources and

expertise and processing information in a
defined organizational and cultural environment
• 2Business model (i.e. a conceptual blueprint of
the business strategy): the fundamental business
logic and therefore represents the entire system
of creating and delivering value to customers,
capturing this value by earning profits from
these activities and sustaining this value capture
Enterprise Architecture (EA) acts as the frame of
reference for corporate strategic management, which
allows modeling of the business from strategy to execution and may thus yield several benefits within key tasks
of corporate strategic management: strategic analyses, strategic choice, business execution design, business
transformation readiness assessment, strategy implementation planning, strategy review, and strategic
governance.
Venkatraman – IT-Enabled Business Transformation

• Level 1 Localized Exploitation: the basic
level for leveraging IT functionality within
Enhance
(
a business. This level is best viewed as the Business
deployment of standard IT applications
1- minimal charges with minimal changes to the business e
(
capabilities Motivation
processes. This underleverages IT’s

-
easy
to copy
potential capabilities and fails to provide
organizations with as many possible
(
a
Business
advantages if the company had attempted
to change the business processes to ✓ Efficiency Execution
leverage the technical functionality. The gains
main weakness is that competitors can

easily imitate standard technical applications with minimal changes to the underlying business processes
to neutralize sources of strategic advantages.
• Level 2 Internal Integration (extension of the 1st level): a more systematic attempt to leverage IT
Integrations : capabilities throughout the entire business process. This level involves two types of integration: technical
interconnectivity (dealing with the interconnectivity and interoperability of the different systems and
technical interconnectivity applications through a common IT platform) and business process interdependence (dealing with the
{ business process inter
-
interdependence of organizational roles and responsibilities across distinct functional lines). Neither type
dependence alone is sufficient.
• Level 3 Business Process Design: a strong view that the benefits from IT functionality are not fully
realized if superimposed on the current business processes — however must be integrated. IT
→ integrate not
,
functionality should not be simply overlaid on existing business processes but should be used as a lever
Superimpose for designing the new organization and associated business processes.
• Level 4 Business Network Redesign: the redesign of the nature of exchange among multiple participants
→ change in network
in a business network through effective deployment of IT capabilities (contrasts with levels 1-3 as they
→ without fin boundaries
assume fixed firm boundaries e.g. fixed distribution of business activities).
• Level 5 Business Scope Redefinition: addresses the question but with an important variant: “What role
—if any — does IT play in influencing business scope and the logic of business relationships within the
extended business network?” Strategy concepts, such as economies of scale (within the hierarchy),
product-line extension through vertical integration, and mergers and acquisitions that led to increased
emphasis on vertical integration, are being replaced by newer concepts such as joint ventures, alliances
and partnerships, and virtual business networks with a marked emphasis toward a more flexible and fluid
corporate scope.

lOMoARcPSD|404503
Hilti Case
1. Business Strategy: What is Hilti’s path to market leadership? (operational excellence, customer intimacy,
product/service leadership)
2. Operating Model: Which operating model uses Hilti? (diversification, replication, coordination,
unification)
3. IT Alignment: How well is Hilti’s digital strategy aligned (with business strategy, organizational
processes, and IT processes)
Introduction
Hilti is a major player in the construction and building-maintenance industry, headquartered in Liechtenstein and
employing more than 22,000 employees. The company operates production facilities, R&D centres and has
diverse technological partnerships. The strategic foundation is a “caring and performance-oriented culture” while
following the company purpose of “passionately creat(ing) enthusiastic customers and build(ing) a better future”.
Hilti focuses on product and service differentiation, direct customer relationships, operational excellence,
and high performing global teams. Of the service department, most employees are involved in direct sales. A
series of initiatives to increase performance were taken to have mobile and real-time business solutions and
advanced analytics tools in place. The resulting technology-enabled opportunities require leveraging holistically
the potential of digital technologies to support process innovation.
The Journey
The company underwent a transformation that was radical in scope. This transformation included, local business
integration, global IT standardisation, achieving IT agility, and establishing balance (IT, business, employees and
customers) that supports digital innovation. First, Global Integration entails the removal of silos to establish
enterprise-wide processes and common data structures. Next, Modularity allows a certain degree of flexibility and
agility, moving to the Digital Take-off when leveraging previous innovation and transformation efforts in new
digital offerings. Finally, Digital Maturity occur when leveraging digital potential is daily business and an
integrated part of the business model.
Decentral Operations (Digital Basis)

Hilti IT infrastructure, processes, and organisation were highly diverse and heterogeneous, with silos between the
components. The more global a business becomes, the more important it is to establish standards and ensure a
unified customer experience and a well working omni-channel concept. The main challenge was the slow and
inconsistent way in which initiatives pursuing operational excellence were followed. Martin Hilti (founder)
supported the undertaking by providing a strong and committed leadership team and acknowledging the need
for global standards at an early stage. He sought global integration for the sake of business opportunities that
were difficult to quantify in the beginning.
Global Integration (Digital Basis)
Basis for Transformation: Global Processes and Data
The journey was started by introducing common data structures, system landscapes, and processes what
eliminated silos, improved decision support, operational efficiency, and customer experiences. Hilti executed the
Global Processes and Data (GPD) program by re-imagining the IT organisation (implementing regional
infrastructure managers [RIM]) and putting enterprise-wide solutions in place. The program required a vision
that was aligned with the company’s business strategy. Communication was key, all stakeholders were on board
and informed, a project management team was built for the implementation. Hilti used cross-fertilization to push
peers from different organisations to synchronise efforts and organise peer visits. In addition, Hilti became a ramp-
up partners of SAP.

lOMoARcPSD|404503
Establishing Employee Support: “Cultural Journey”

Hilti adopted a “global culture” by sharing corporate values, communicating honestly and clearly and setting
measurable targets. Besides, they spoke a common language at the management and employee level.
Brüggemannn and Riehle (2013) pointed out that interaction and motivation are crucial, this is why Hilti focussed
on commonly shared values and to form a holistic corporate culture supporting the change. Employees are part of
the competitive advantage; thus, an open, knowledge-sharing culture was important for the change. Overcoming
the lack of awareness of the culture and vision was key. Takeaway of the Global Integration Phase:
1. Integrate strong vision with smooth implementation
2. Earn credibility by delivering tangible results
3. Establish peer-to-peer knowledge transfer
Modularity (Digital Basis)
Introduce solid core and flexible boundary: Distinction between business that requires integration and business
that could be more agile. In addition, experiments with new technologies in operations. Controlled flexibility by
achieving agility and stability at the same time.
Balance between complexity (high integration and automation) and simplicity (manual effort): “one size
fits all” replaced by choice among solutions simple for small sales organisations & more complex for large
plants/headquarters.
Context specific governance structures: depending on business area’s nature and strategic role, establish hub
structure. A set of different, well-defined management approaches is implemented.
Digital Take-Off (Leveraging)
Innovate when right technology meets right use context: guide innovation toward most value-creating
scenarios, right combination of new and established technologies can lead to higher levels of innovation.
Innovation process is technology-enabled, not technology-driven: understand strength and weaknesses and
whether it is beneficial to one’s business.
Focus on strength of organisation: digital transformation goes along with re-focusing on organisation’s core
values and strategies (e.g. Hilti’s customer focus).
In this stage, Hilti focussed on digital processes, digital offerings, and digital customer interfaces. RFID chips
inside tools, preventive maintenance, and advanced asset management are some examples of implemented
technologies.
Digital Maturity (Leveraging)
Companies must develop capabilities to sense the environment, identify needed data, create new customer
experiences, offering integrated digitally enable services. In addition, they must ensure that processes are in place
to manage complexity and frame innovation within their socio-technological system.
Conclusion and Key Learnings
• Digital transformation needs a backbone.
• Digital transformation focuses on meeting customer demands and requirements, not trends
• Digital transformation is not a source of income but a means by which to earn money customers
expect digital offerings to come free of charge. Thus, the long-term horizon of these investments should
be communicated clearly.

lOMoARcPSD|404503
Lecture 1 (27.10.2020)
Business architecture:
• Business motivation (why?)
• Business model (what?)
• Business execution (how?)
How to algin business strategy with IT?
Business transformation:
How can we transform businesses? redesign business processes either through:
• Changing the motivation
• Changing the execution
→ we do not redesign through the model
↳ link to article
Covered in this course:
1. Business architecture: IT Strategy, IT Governance
2. Business transformation: IT Process Management, IT Project Management, IT Risk Management
3. Business decisions: IT Sourcing, IT Decision Making
Business IT Strategy
Traditional approach: Strategy > IT > Alignment (IT supports strategy)
Technology-driven approach: IT > Strategy > Alignment (IT is part of the strategy), e.g. Google, Amazing, etc.
Vision and Mission
Breakout room (#11):
• VW’s main competitors?
o Traditional car makers: GM, Ford, BMW, Audi, etc.
o Electric car makers
o Autonomous driving
o Could also be public transport/ride hailing/alternative transport
• What might be its vision (business inspiration) & mission (goal)?
o Vision: Make this world a mobile, sustainable place with access to all citizen.
Uber has a very similar statement
o Mission: Offer vehicles
Uber wants to offer transport Uber and VW have different IT needs
• What strategy might VW follow?
o Making electric cars more reliable/accessible better technology
Strategies to Market Leadership
Competitive strategies for market leadership (excel in one and be good in the others): pleads to cost leadership
• Operational excellence: automate/streamline processes, reduce costs low costs →
business processes
o Toyota, VW, Action, etc.
• Customer intimacy: personalise service, customise, meet different needs differentiation → customer
segmentation
o Uber
• Product leadership: premium market, premium experience for customers differentiation → product
innovation
o Apple
→
production outsourced
Strategy is also influenced by internal/external drivers:
• External:
o Economic environment, market requirements, competitors
• Internal:
o Stakeholder demands, entry assets/capabilities, strategic aspects/capabilities

lOMoARcPSD|404503
Operating Models
How you implement a certain strategy. → CORD knowing what the others are
doing
data
f
↳
access
Business process integration
Coordination
Unification
High
t
(banks,
(Amazon) tf
consultancies)
Diversification Replication
Low
t
(GE, Siemens, (McDonalds,
conglomerates) Starbucks)
""" """ " ""
Low High
Business process standardisation
)
• In the case of VW (it depends on how you think about a company) Diversification
.
.. . . .
.
• In the case of Uber Unification
Once we decide on a strategy and a model, IT can support our model.
Business IT Alignment
Strategic areas need to be aligned:
OKR Method
OKR >> Method
BSC >> Measures
CSF >> Actions

lOMoARcPSD|404503
Tools
Balance Score Card → FILL
use OKR
• We define objectives and how to measure them

• Therefore, we can use the OKR method
critical
Consolidating BSC and CSF analysis
success factors
Problems and barriers for business-IT alignment

lOMoARcPSD|404503
Week 2 – IT Governance
Weill, Ross – A Matrixed Approach to Designing IT Governance
Note: Session 2 required to create write-up based on this article.
Introduction
Weill and Ross studied almost 300 enterprises and found that IT governance is a mystery to most key decision
makers, only one in three senior managers knows how IT is governed at his/her company. Top-performing
enterprises, however, carefully design governance. 60 to 80% of those senior executives have a clear
understanding of IT governance, awareness of IT governance is the single best indicator of its effectiveness.
Effectiveness can be measured with four objectives:
:
1. Cot-effectiveness
2. Asset utilisation
3. Business growth
4. Business flexibility
Superior governance performance is positively correlated with superior financial performance.
How Key IT Governance Decisions Are Made

IT governance encompasses five major decision domains/areas:
1. IT principles: high-level decisions about the strategic role of IT.
2. IT architecture: integrated set of technical choices to guide in satisfying business needs.
3. IT infrastructure: centrally coordinated, shared IT services that provide foundation for IT capability,
typically created before precise usage needs were known.
4. Business application needs: business requirements for purchased or internally developed IT
applications.
5. Prioritisation and investment decisions: how much and where to invest in IT.
These areas can be addressed at the corporate, business unit and functional level.
6 archetypal approaches to IT decision making (from centralised to decentralised):

1. Business monarchy: decisions made by (group of) senior executives.
2. IT monarchy: decisions made by (group of) IT executives.
3. Federal system: c-level executives and representatives of operating groups collaborate with IT
department similar to central government and states.
4. IT duopoly: two-party decision-making approach, IT executives and leaders representing the operating
units.
5. Feudal system: business units or process leaders make separate decisions based on the unit/process
needs.
6. Anarchy: each individual user/small group pursues its own IT agenda.
Governance Mechanisms
Once the types of decisions and archetypes are mapped out, the company designs and implements a set of
governance mechanisms for manager to work on it on a daily basis.
Decision-making Structures
Organisational committees and roles that locate decision-making responsibilities according to intended archetypes
are most visible.
• Anarchies no decision-making structures at all.
• Feudal arrangements local decision-making.
• Monarchy, federal or duopoly structures with the representation and authority to produce enterprise
wide synergies.

lOMoARcPSD|404503
:
Alignment Processes
Management techniques for securing widespread and effective involvement in governance decisions and their
implementation.
• IT investment proposal defining, reviewing and prioritising IT projects.
• Architecture exception formal assessment of the costs and value.
• Service-level agreements & chargebacks clarify costs and discussion what services are required.
• Formal tracking of business value determine the payback on completed projects.
Formal Communications
Lack of understanding of how decisions are made, what processes are implemented and desired outcomes, is a
huge barrier to IT governance. Overcome this by communicating:
• General announcements, institution of formal committees, regular communication, one-on-one sessions,
intranet, etc.
more communication generally means more effective governance.
How Top Performers Govern

Performance was measured with following financial measures:
1. ROE
2. ROI and percent profit margin
3. ROA
4. Growth measured by percent change in revenue per year
Centralised Approaches and Profitability (e.g. UNICEF)

The most profitable companies chose a centralised approach to IT governance with emphasis on efficient
operations and standardisation to pursue low business costs. Key mechanisms:
1. Executive committees for decision making
2. Centralised processes for architecture compliance and exceptions
3. Enterprise wide IT investment decision process
4. Formal post-implementation assessments of IT projects
Decentralised Approaches and Growth (e.g. Manheim Auctions, B2B car actions)
Fastest-growing companies need innovation and time to market, which is achieved by local accountability.
Success is measured through growth in revenues from young products (two/three years after introduction). Key
mechanisms:
1. Maximise responsiveness to local customer needs
10

lOMoARcPSD|404503
2. Minimise constraints on creativity and business unit autonomy few, if any standards for tech and
business processes
3. Few governance mechanisms
4. Investment process identifies high-priority strategic projects and manages risks
Once a company becomes larger, a more centralised approach may be necessary.
Hybrid approaches and Asset Utilisation (J.P. Morgan Chase, ING DIRECT, DuPont, etc.)
This approach is a balance between the two formerly mentioned approaches (profitability, growth and innovation)
and focusses on shared services to achieve responsiveness or/and economies of scale. Emphasis on:
1. Sharing and reuse of processes, systems, technologies and data
2. Hybrid approach mixing elements of centralised and decentralised governance
3. Duopolies and federal governance design
4. Introduce governance mechanisms to address the tension between enterprise wide and local control
Large, global companies require a hybrid model to achieve the benefits of centralised (synergies) and decentralised
(autonomy) models. Also, they attempt to realise cost savings by sharing services to remove duplication or reduce
IT unit cost.
Recommendations to Guide Effective IT Governance Design

IT governance design encompasses four steps:
1. Identify needs for synergy and autonomy.
a. Consider benefits and costs of synergies
b. Make tough decisions and communicate throughout the enterprise
c. Thus, parameters for the design of IT governance and managerial incentives are established
2. Establish role of organisation structure.
a. Pendulum swings between centralised and decentralised matrixed reporting relationships -
complexity is overwhelming
b. Introduce organisational designs and incentive systems that reinforce priorities of autonomy and
synergy
3. Identify desirable IT-relate behaviours that fall outside the scope of organisational structures.
a. Understand what behaviours the organisational structures will enforce and identify additional
behaviours that must be promoted no need for reorganisation when priorities shift
b. Organisational structure and IT governance design can allow companies to achieve seemingly
conflicting objectives (e.g. autonomy and costs savings)
c. Duel oh incentives are necessary for senior manager to cous on enterprise wide and business unit
goals
4. Thoughtfully design IT governance on one page.
a. Outlining governance arrangements and then specify mechanisms that will implement the
intended arrangements
b. Invest in organisational learning if using IT strategically was not effective in past
Sambamurthy & Zmud – Arrangements for IT Governance

• How contingency forces influence the mode of IT governance.
• Contingency forces interact with each other by either amplifying, dampening, or overriding their mutual
influences on the IT governance mode. Three scenarios are found when contingencies interact:
reinforcing, conflicting and dominating. ^
2 3
• Three sets of contingencies: corporate governance, economies of scope and absorptive capacity.
1 • Corporate governance: (1) firms tend to mirror their IT governance practices with corporate governance
e.g. if corporate governance is centralized, then IT governance is centralized, and (2) the size of the firm
determines the structure of IT governance practices e.g. a small firm tends to be centralized, however
due to divisionalization (segmentation amongst individual business or geographical units), more units
require custom information system requirements, hence large firms are likely to decentralize aspects of
their IT governance arrangements in order to be more responsive to individual subunits’ IS needs.
11

lOMoARcPSD|404503
Z• Economies of scope (benefits when a firm can share resources across multiple product types): requires
administrative mechanisms across subunits to ensure exploitation of common synergies i.e. economies
of scope. Feasibility depends upon:
1. Diversification mode: growth strategy driven by internal expansion or external acquisitions. Internal
expansion is done through internal capabilities and product-market expansions. Two determinants:
- The firm is familiar with new markets and adopted new technologies (e.g. to extend
administrative and operating systems to the new business venture).
- The pace of internal expansion is gradual allowing the firm to adopt governance mechanisms to
i
exploit synergies and economies of scop
External expansion faces challenges (cost of integration > economies of scope) when integrating new units for 3
reasons:
- Conflicting organizational designs
- Organizational inertia by management of the new unit new design not done
- Lack of harmony, goal alignment and competitive stance (rather than cooperative stance).
2. Diversification breath (degree of product/market relatedness of a multi-business firm): if a firm’s
operating units are characterized by unrelated product-markets, these operating units require specific
IT needs. Hence local IS staff are better positioned than corporate IS staff.
3. Exploitation strategy (exploit economies of scope through development of enterprise-wide
partnerships or through consolidation of enterprise-wide IT assets): Partnerships signal that relevant
knowledge is dispersed across the enterprise. On the other hand, IT assets must be consolidated and
managed by a centralized entity when dispersed. Note: these exploitation strategies are only possible
if corporate diversification mode or breadth permits leveraging economies of scope
3 • Absorptive capacity: the ability of a firm’s employees to develop relevant knowledge bases, recognize
valuable external information, make appropriate decisions, and implement effective work processes and
structures. If absorptive capacity rises, then there might be greater pressure towards decentralization
(given that managers are knowledgeable about IT)
• Multiple contingencies: 2 issues. First: individual contingency forces will likely be perceived differently
by each unit i.e. relative strength of contingency upon unit work design. Second: the effects of individual
contingency forces are amplified, dampened, or overridden depending on the size and type of
contingency forces (given context).
- Reinforcing: two contingency forces reinforcing a singular effect toward a centralized or
decentralized IT governance mode.
- Conflicting: one contingency force pushes towards a centralized mode, whereas the other favors
decentralization. Consequence: a federal mode of IT governance. The federal mode of
governance allows unbundling the authority for distinct segments of IT activities and vesting
the locus of authority for those segments in response to the effects of distinctive, and conflicting,
contingencies.
- Dominating: despite the presence of multiple contingencies, one or two contingencies impose
significantly higher opportunity costs than others, hence the firm must act as if these are the
only two contingencies present.
12

lOMoARcPSD|404503
Guest Lecture (03.11.2020) – Not exam relevant

Digital Transformation Roadmap – Swiss Wealth Manager
• “Luxury” segments of banking personal relationship is important
• Challenges:
o Drop out of Swiss blue-chip index
o Loss of productivity
o Shrining client base
Shaping the big bet:

• 4-year roadmap
• CHF 1bn investment
• CHF 400m expected run-rate cash benefits
Fuel for growth – new investor story:

• Funding of investment need through cost reduction and revenue uplift program
• Drafting new investor story focussed on (revenue) growth
• New investment governance with rigorous value orientation and management
Creating value for the client:

• Design a new wealth management customer experience, inspired by luxury brands
• Redesign of interaction between clients and bank across touchpoints
• Shift form asset-based to needs-based client servicing
Building a data powered business:

• Deliver business value through data & analytics use cases
• Building the foundation through state-of-the-art data platform
• Creation of data mindset and governance to steer data & analytics across bank
From “we are doomed” to “we are doomed to win in agile”.
13

lOMoARcPSD|404503
1 Architecture → Skeleton
2 Governance
→ Muscle
3 Management -7 Details for functions

Lecture 2 (03.11.2020)
Corporate Governance
IT governance is a subset of corporate governance. →
nowadays also data governance
Key Assets Governance
Six key assets of firms:
1. Human assets
2. Financial assets
3. Physical assets
?
4. IP assets
5. Information and IT assets
6. Relationship assets
Difference governance and management: governance sets the

policies (underlying rules), management executes the rules
governance determines who makes the decision, management
then makes the decision (e.g. actual amount of money, etc.)
Business Architecture and IT
'
→
3
Centralisation vs. Decentralisation

Two extremes:
Centralisation : t economies of scale
• Control (decision-making authority)
• Resources (key assets)
Decentralisation t productivity due to lower set
:
-
up costs for
• Content of an organisational function
understanding Bb requirements
Also, there are two different structures, also: + lower
costs for interacting with
• Functional (smaller firms, centralised corporate governance) users
• Divisional (larger firms, decentralised corporate governance)
IT Governance
Contingency Factors (influencing governance structure) →
related to article
• Corporate governance
o Overall governance mode
o Firm size
• Economies of scope
o Diversification mode
o Diversification breath
o Exploitation mode
• Absorptive capacity
o Line IT knowledge
corporate IT -7 central higher level

Division → decent callsubunits
14

lOMoARcPSD|404503
IT Governance Determinant Framework

1. Reinforcing contingencies: salient contingency forces produce similar influences on locus of decision
making.
2. Conflicting contingencies: multiple contingencies are salient but conflicting influence on the location
of decision making. → Federal
3. Dominating contingencies: one or two factors impose prohibitively opportunity costs on firms that
ignore their effects.
Case A: Reinforcing factors
Case B: Conflicting factors

↳ Federal
Case C: Dominant factor
look at article Sambamurthy
IT Governance Mode
Business monarchy: senior management makes decision.
IT monarchy: IT professionals make decisions.
Feudal model: each local entity makes decisions (anarchy at
s
business unit level).
c.
Federal: joint decision-making between centre and business unit,
maybe IT professionals (might be the most difficult one).
IT duopoly: two-party arrangement between IT and business,
.
latter is represented through central or decentral entity.
Anarchy: no general structure.
↳ most difficult
→
Instant
15

lOMoARcPSD|404503
IT Decision Types
→ strategic
→ business units
→
strategic
IT Governance Performance & Design

1. Centralised approaches and profitability
a. Efficient operation: standardisation and low business cost
2. Decentralised approaches and growth
a. Local accountability: responsiveness to local customers, minimise creativity constraints
3. Hybrid approaches and asset utilisation
a. Sharing and reuse: balance profitability, revenue growth and innovation
Effectiveness of IT governance is measured through four objectives weighted by importance:
1. Cost effective use of IT (survey)→ for all four factors
2. Effective use of IT for asset utilisation
3. Effective use of IT for growth
4. Effective use of IT for business flexibility
148 OO) :
Balance!
I
→ strong CIO
IT principles and investments: most strategic,

better to involve senior management (business
monarchy or IT duopoly)
Business application needs: shared business need

from the enterprise and business units.
( potential
Other decisions: poorer performance of federal
(slow, overly comprise, less effective)
synergy
IT governance design:
1. Identify the company’s needs for synergy and autonomy
a. Benefits and costs
16

lOMoARcPSD|404503
b. Synergy and autonomy

2. Establish the role of organisation structure
a. Centralised and decentralised
3. Identify desirable IT-related behaviours that fall outside the scope of organisational structures
}
a. Achieve objectives
4. Thoughtfully design IT governance on one page
Control Framework for IT Governance

• COBIT (control objectives for information & related technology) → higher
level
o Tells you what you should be doing and why, bridge the gap between control requirements,
technical issues and business risk
to
o Three-level structure (do what)
Business requirement
IT resources
IT processes
o Four domains ( what to dot
PO: plan and organise
AI: acquire and implement
DS: deliver and support
ME: monitor and evaluate
• ITIL (information technology infrastructure library) → handbook
o Tells you how is should be done
o Five service cycles:
Service strategy (define what IT will do)
Service design (defining IT services)
Service transition (plans releases and changes for maximum business benefit)
Service operation (IT resources take ownership of the services)
Service improvement cycle (improve business contribution)
• CMMI (capability maturity model integration)
• FAIR (factor analysis of information risk)
there is no framework to rule them all
Case Reflection and Discussion (not in the slides)

Correct answer: D
C is technically not wrong, but D is definitely

wrong
Correct answer: D
Correct answer: A
you can use multiple frameworks at the same

time, there is not one framework to rule them all
17

lOMoARcPSD|404503
case is from an optional reading, just to

demonstrate the format of the exam.
1. Goal of IT governance is the alignment

between business and IT. How business is
aligned with IT and how IT is aligned with
business.
Answer:
2. Demonstrate which mode is used for which
decision types and then explain the modes a bit
(which ones are strategic and which ones are
slow) and which one would fit.
↳ check answer in WA
18

lOMoARcPSD|404503
Week 3 – IT Project Management

Napier, Keil & Tan – Construction of successful project management practice
• Although effective project management is critical to the success of information technology (IT) projects,
little empirical research has investigated skill requirements for IT project managers (PMs). This study
addressed this gap by describing nine skills that successful IT PMs exhibit. Successful project
management skills are needed to combat the trend of failing Information Technology (IT) projects. The
Standish Group International (2004) reports that 53% of all IT projects are late and/or over budget; an
additional 18% either fail outright or are cancelled prior to completion. An international study found that
US and Finnish project managers listed ‘lack of effective project management skills’ among the top five
risk factors for software projects.
• The PMI’s Project Management Competency Development (PMCD) framework conceptualizes PM
competency as consisting of three components:
o A performance component representing things that the PM knows how to do
o A knowledge component representing explicit knowledge about project management tools and
techniques
o A personal component representing personal attributes and characteristics
• Similarly, Crawford has developed an integrated model of project management competency that
acknowledges two ways of inferring competency: performance-based and attribute-based:
o The attribute-based portion of this model encompasses the PMCD’s knowledge and personal
components. Attribute-based competency focuses on skills-as-attributes: the extent to which
the PM has acquired the necessary set of knowledge and personal characteristics.
o Performance-based competency focuses on skillful practice: the ability of the PM to
demonstrate project management ‘know-how’. In the skillful practice view, competent PMs can
be identified through effective actions that lead to successful projects. This view of competency
is consistent with the epistemology of practice that focuses on ‘work that is done as part of
action or practice’ In the skills-as- attributes perspective, competent PMs can be identified
through their ‘know-what’
• Although acknowledging that both perspectives can contribute to research, for the purposes of this study,
this paper has chosen to adopt the perspective of skills-as-attributes when investigating IT PM
competency. The intent is to provide relevant insights into what IT PMs consider as skills necessary for
successful IT PM practice.
• Skills: successful IT project managers have 9 particular skills:
1. Planning and control: involves planning, monitoring and controlling project tasks to ensure that the
project is completed on time and within the budget.
- The ideal PM intentionally and actively monitors the progress of the plan.
2. General management: encompasses business and interpersonal skills required to appropriately
manage themselves and others.
- The ideal IT PMs know how to negotiate, remain flexible and possesses interpersonal skills that
allow them to get along well with others. Another part of managing others involves prioritizing
tasks, assigning resources and delegating to others.
3. Leadership: grouped skills related to the ability to form and communicate about the future direction
of the project in a way that garners enthusiasm and commitment from others.
- The ideal PMs doesn’t get emotional, just the right emotions if he needs to be forceful with
someone as a project management
4. Communication: refer to the ability of the IT PMs to effectively speak, write and listen to secure
resources, enhance coordination, and ensure that work is completed.
- The ideal IT PM knows how to communicate both with project team members and senior
management.
- IT PMs must be careful to listen to what others say and be responsive.
- IT PMs may also need to interact with other groups within their organization to promote
cooperation across functional silos.
- The ideal IT PMs also make use of their extensive network of contacts to help them find
solutions to problems.
19

lOMoARcPSD|404503
5. Team development: the IT PM with effective team development skills has the ability to create a
productive team environment for those working on the project while demonstrating concern for their
personal and professional growth.
- The ideal IT PM is aware of positive ways of motivating and inspiring team members, which
could involve team-building exercises.
- When assigning tasks to individuals, the ideal IT PM is cognizant of the individual’s current
skill level and whether additional training or mentoring might be required for the person to
complete the assigned task
6. Client management: involve the IT PM’s ability to successfully relate to clients during all phases of
the project.
- PMs need to understand the client’s business environment enough to be able to consult with
them and solve the client’s problems
- Often, the PM needs to be able to look beyond the formally stated requirements.
7. Systems development: refers to the ability to understand and manage the technical aspects of
developing complex, technical systems while controlling for quality.
- The ideal PM understands the big picture of the system and how tasks are related. By contrast,
the incompetent IT PM is too detail oriented and does not have sufficient understanding of the
overall goal and complexity of the system to make good decisions.
8. Problem solving: involves the ability to address problems efficiently and effectively.
- Competent PMs must proactively address problems and know how to analyze the root causes
of problems and be willing to take responsibility for any problems that occur.
- Successful PMs have a high level of awareness about potential issues. When presented with
issues, they gather information about the problem and use their analytical abilities to get to the
root of the problem.
9. Personal integrity: the PM who demonstrates personal integrity acts in a manner consistent with high
ethical standards as opposed to self-interest. PMs who lack personal integrity were most likely to be
considered incompetent.
- Incompetent PMs are often more concerned about their own career advancement than the
success of the project. To that end, they would consider dishonesty and political manoeuvres to
be acceptable techniques.
• IT PM archetypes: During the final stage of data analysis, we examined how participants combined the
skill categories when describing the ideal IT PM. Participants were placed into four groups based upon
how closely their identified skill sets matched. To graphically represent the relative weights of our
categories, we totaled the number of times each category was mentioned by participants in this group.
The star chart shows the percentage of time each skill category was mentioned within the group. In the
following sections, the beliefs that most distinguish each of the four IT PM archetypes are described.
1. General Manager (GM) archetype:

Five dominant skills:
- Communication
- General management
- Planning and control
- Leadership
- Team development
Practices:
- Motivate and inspire team members
- Clearly specify roles and responsibilities
- Interact with respect and concern
- When obstacles occur, engage in
conversation and focus on solutions
- Demonstrate concern for team member needs
by active participation during crisis situations
- Successfully manage relationships with upper management
- Remain calm/level headed, appear professional and positive
Different from other archetypes:
- Little concern for technical competence as represented by the system development and
problem-solving skill categories
- Personal integrity is a more salient characteristic relative to the other three archetypes
→ stick t here on
20

lOMoARcPSD|404503
2. Problem Solver (PS) archetype

Dominant skills: + Problem solving
- Planning and control1leadership
- Team development
- Systems development
Problem solving Practices:
- Hands-on, detail-oriented PM
- Uses technical expertise to actively control
→ solving problems and manage complexity of IT projects
- Serves as a team leader with
+ technical skills responsibilities for motivating and building
the team Distinguishing factors:
- Importance of managing issues: confront
issues proactively and have strong
analytical ability to get to the root cause.
- Importance placed on technical competence. Having a technical background ensures the PM
can communicate with both technical people as well as clients.
3. Client representative (CR) archetype

Dominant skills:
- Planning and control
- Communication
- General management
- Systems development
- Client management
Compared to GM:
- Agrees that communication and general
management skills are important
- Less focus on leading and managing others
internally -> focus on client
Practices:
- Placed at least some importance on systems development skill category
o Emphasize that ideal IT PM combines technical and people skills.
4. Balanced manager archetype:

The remaining four IT PMS took a more balanced view. Three
of them mentioned 7 of the 9 skill categories. This suggests
that successful IT PMs need to possess and draw upon virtually
all of the skill categories.
• Conclusion: This paper contributes to our

understanding of the skills associated with successful
IT PMs. The findings confirm the importance of many
skills previously described in the literature (e.g.
communication, general management, leadership,
planning and control, and systems development) while providing a richer understanding of several other
skills that were narrowly defined previously (e.g. client management, planning and control, and problem
solving). Moreover, the study points to two other skill categories that had not been discussed at all in the
prior literature on IT PM skills: personal integrity and team development. It has also identified four
archetypes that represent beliefs held by experienced IT PMs about the required combination of skills
associated with ideal IT PMs. With four different perspectives presented, it may be tempting to ask the
question: which way is right or best? The paper does not argue that any one way is better than another.
Instead, it focusses on what can be learned from understanding patterns of managerial cognitions. These
archetypes represent a set of beliefs about managerial effectiveness while at the same time identifying a
portfolio of skills that an IT PM could possess. These findings provide a strong foundation for future
research into IT PM skills and the relationship between those skills and managerial effectiveness.
21

lOMoARcPSD|404503
Nelson – IT Project Management: Failures, mistakes, best practices

• In recent years, IT project failures have received a great deal of attention. In an attempt to avoid disasters
going forward, many organizations are now learning from the past by conducting retrospectives (i.e.
project post-mortems or post-implementation reviews). While each individual retrospective tells a unique
story and contributes to organizational learning, even more insight can be gained by examining multiple
retrospectives across a variety of organizations over time. This research aggregates the knowledge gained
from 99 retrospectives conducted in 74 organizations over the past seven years. It uses the findings to
reveal the most common mistakes and suggest best practices for more effective project management
• Infamous failures: The lack of statistical improvement regarding the successes that IT projects have may
be due to the rising size and complexity of projects, the increasing dispersion of development teams, and
the reluctance of many organizations to perform project retrospectives. Though, when looking at project
failures, apart from the size, many don’t have anything in common.
o Reasons for failing projects in the analysed projects were contractor failure, others cited poor
requirements determination, ineffective stakeholder management, research-oriented
development, poor estimation or insufficient risk management.
o A key objective in each post-mortem should be to perform a careful analysis of what went right,
what went wrong, and make recommendations that might help future project managers avoid
ending up in a similar position.
• Classic mistakes: A failure is seldom a result of a chance, more often it is a result of a (series of)
misstep(s) by project managers. Steve McConnell lists 36 classic mistakes over 4 categories…
451
1. People: IT human capital issues
. - Undermined motivation probably has a larger effect on productivity and quality than any other
factor
- After motivation, the largest influencer of productivity is either the individual capabilities of the
team members or the working relationship among team members
- Most common complaint about team leaders is failure to take action to deal with a problem
employee
- Most classic mistake is adding people to a late project, this can take more productivity away
from existing members than it adds
43% 2. Process: includes both management processes and technical methodologies. Common ineffective
practices include:
- Wasting time before the project starts, in the so called ‘fuzzy front end’ (approval, budgeting,
etc.) and then having an aggressive schedule after the start. It is easier to save a few weeks or
months in the fuzzy front and then compress a development schedule.
- Human tendency to underestimate a project leads to undermining effective planning, short-
changing requirements determinations and/or quality assurance.
- Insufficient risk management – failure to proactively assess and control what might go wrong
with a project. Common risks are lack of sponsorship, include lack of sponsorship, changes in
stakeholder buy-in and contractor failure.
- Increase rise of contractor failures alongside the rise of outsourcing.
8%
3. Product: product size is the largest contributor to project schedule, giving rise to heuristics as the
80/20 rule. Common product-related mistakes:
- Requirements gold-plating
- Feature creep
- Developer gold-plating
- Research-oriented development
4% 4. Technology: the use and misuse of modern technology
- Silver-bullet syndrome: a solution for one project does not always work for other projects
- Overestimated savings from new tools or methods
- Switching tools in the middle of a project
• Results of paper: Most classic mistakes were categorized as either process mistakes (45%) or people
mistakes (43%). The remainder were classified as product (8%) or technology (4%) mistakes.
22

lOMoARcPSD|404503
Technology is seldom the reason for failure, hence technical expertise is rarely enough to bring a project
on-schedule
• Avoiding classic mistakes through best practices: In addition to uncovering what went wrong on the
projects studied, the retrospectives also captured what went right. If leveraged properly, these methods,
tools, and techniques can help organizations avoid the classic mistakes from occurring in the first place.
This section describes the top seven classic mistakes (which occurred in at least one-third of the projects)
along with recommendations for avoiding each mistake.
1. Avoiding poor estimating and/or scheduling: sizing or scoping the project, estimating the effort and
time required and developing a calendar schedule:
- Using developer-based estimates (e.g. Delphi approach, historical data) and estimation software
- Make the estimation process a series of iterative refinements
- Timebox development, as smaller and shorter projects are easier to estimate
- Creating a work breakdown structure to help size and scope projects v. Retrospectives to capture
actual size, effort and time data
- A project management office to maintain a repository of project data
- Using agile methods and implementing short release cycles
2. Avoiding ineffective stakeholder management:
- Identify the stakeholders that are in most need of attention and map their power, influence and
control of resources (stakeholder worksheet and assessment graph)
- Use communication plans
- Create a project management office
- Portfolio management
3. Avoiding insufficient risk management:
- Use a prioritized risk assessment table
- Actively managing the top 10 risks
- Conducting interim retrospectives
- Appoint a risk officer to play devil’s advocate
4. Avoiding insufficient planning:
- Create an approved and comprehensive project charter
- Clearly define project governance
- Portfolio management
5. Avoiding short-changing quality assurance:
- Use agile development
- Joint application design sessions
- Automated testing tools
- Daily build-and-smoke test
6. Automated weak personnel and/or team issues:
- Get the right people assigned to the project from the beginning
- Take care of problem personnel immediately
- Co-location of staff (e.g. if you outsource/offshore, send staff there for face-to-face team
meetings)
7. Avoiding insufficient project sponsorship:
- Identify the right sponsor from the beginning
- Securing commitment with a project charter
- Manage the relationship throughout the life of the project (e.g. with communication plans and
well-timed deliverables)
23

lOMoARcPSD|404503
• Leveraging IT project retrospectives: Aggregating retrospective findings across projects and over time
provides benefits, as this research study has demonstrated. Therefore, we encourage managers to
replicate this meta-retrospective process in their organizations. By uncovering patterns of practice, they
should reap higher organizational learning, accumulate benefits over the long term, and, ultimately,
increase business value. Roughly 50% of the projects experienced problems in three areas: estimation
and scheduling, stakeholder management, and risk management, while over one-third struggled with the
top seven classic mistakes. On the front end of a project, we encourage project managers and PMOs to
proactively identify the problems most likely to arise in each project and then use the matrix to help
prioritize their project specific best practices. At a more macro level, PMOs can use such a matrix to
identify practices that should be
incorporated into their organization’s
standard project methodology to avoid
common mistakes across the organization.
In conclusion, the proactive and well-
informed use of best practices is the best
way to steer clear of classic mistakes and
ultimately avoid becoming an infamous
failure. For project managers, best
practices are also the prescription for
avoiding Einstein’s definition of insanity:
doing the same thing over and over and
expecting different results.
• The matrix summarizes the classic mistakes and best practices
24

lOMoARcPSD|404503
Lecture 3 (10.11.2020) – IT Project Management

Part 1: Introduction to PM
PM Definition: temporary endeavour (definite beginning and definite ending) undertaken to create a unique
product or service (something not done before).
• Projects can be considered as the achievement of a specific objective and involve the utilisation of
resources on a series of activities or tasks.
• A Guide to the Project Management Body of Knowledge (PMBOK Guide)
• Chaos study: analysis IT projects if they are on time/budget/target
o Many projects fail or are challenged because of incomplete requirements, lack of user
involvement, lack of planning, lack of IT management last two are especially important for
the course.
PM Life Cycle
• Standard cycle:
o Initiation
o Planning
o Execution
o Termination
today the planning phase is important.
Project Charter
Is a central document that defines the fundamental information about a project and is used to authorise it.
in the initiation phase 1 Description
2 Scope
Part 2: Cost Management
3 Business case
Type of IT Costs
• Benefits
o Tangible: associated with an information system that can be measured in dollars with certainty
Cost reduction
Error reduction
Increased flexibility, etc.
o Intangible: derived from the creation of an information system, cannot be easily measured
Timely information
Better usage of resources, etc.
• Costs
o Tangible: associated with an information system that can be measured in dollars with certainty
Hardware, software, training, etc
o Intangible: associated with an information system that cannot be measured in dollars with
certainty
Employee morale, loss of customer goodwill
o One time: associated with project start-up and development
System development, new hardware and software, user training, data or system
conversion, etc.
o Recurring: resulting from the ongoing evolution and use of a system
Application maintenance, incremental data storage expense, incremental
communications, etc.
Breakeven Analysis → we need tangible benefits hosts
Example of using Trello:
• Benefit of introducing Trello: reduced coordination costs, increased operational efficiency
• What are the costs: subscription fee (recurring), training, implementation fee (one time)
25

lOMoARcPSD|404503
We use the NPV to calculate whether to start the project or not.
PVn = present value of Y dollars and n years from now

based on a discount rate of i.
NPV = sum of PVs.
if NPV is positive, we do the project.
look at Excel sheet for studying.
Part 3: Time Management
Work-Breakdown Structure
• List tasks required to complete project
• Identify dependencies
• PMBOK 5: “hierarchical decomposition of the
total scope…”
• Steps:
o We break tasks down
o Then identify how long a step will take
with PERT
PERT (Program evaluation review technique):

• Uses optimistic (o), pessimistic (p) and realistic (r) time estimates
• Formula for expected time ET= (o + 4*t /+ p)/6
Next, we proceed to the critical path analysis. v
Critical Path Analysis (scheduling technique)
• Order and duration of a sequence of activities directly affect the completion.
• Critical path: shortest time a project can be completed.
• Slack time: time an activity can be delayed without delaying the whole project.
Determining the critical path:
1. Earliest competition time summing the times in the longest path to the activity total expected
project time.
a. Forward pass
2. Latest possible completion time subtracting activity times in the path following the activity from the
total expected time gives slack time for activities.
a. Technique is slack time
3. Calculate slack time. → Backward pass
26

lOMoARcPSD|404503
Network diagram:
slack
p
27

lOMoARcPSD|404503
Week 4 – IT Project Management

Davenport & Short – New industrial engineering
Two new tools are changing the way that companies operate: IT (the capabilities of computers, software, etc.) and
Business Process Redesign (the analysis and design of workflows and processes within and between
organizations).
At that point in time (1990), IT mainly affected manufacturing process redesign, and had yet to make productivity
gains in offices. There, it was mainly used to hasten work, rather than to gain productivity. IT has to be seen as a
tool which can be used for more than efficiency: it can change the entire way in which business is done.
The authors compile their view into the term “new industrial engineering”, where IT supports processes, and
business processes and process improvements should be considered in terms of capabilities that IT can provide.
Companies should no longer focus on maximizing the capabilities of one function. Instead, they must maximize
the performance of the flows between interdependent activities. IT can greatly reduce the cost of this coordination.
Business process is defined in this paper as a set of tasks which produce an outcome. They have
recipients/customers (someone who receives this outcome), and they cross organizational boundaries. An example
could be to develop a new product. Most processes (1990) were not measured at the time. The authors saw IT as
a great way to start improving the overall efficiency of firms. They found that there were five major steps that
successful firms undertook:
- Develop the vision and objectives. An overarching idea helps see the potential objectives and
opportunities. Such objectives may be cost reduction, time reduction, output quality, and
learning/empowerment/quality of life improvement. A firm can set multiple objectives that it would like
to improve on.
- Identify the processes to be redesigned. There are two approaches:
o Exhaustive. List all tasks, prioritize them.
o High-impact. Identify the most important processes and/or those which differ from the new
vision too much.
- Understand and measure the existing processes. This is necessary to understand the problem, and create
a baseline for future improvements.
- Identify IT levers at this point, before finishing the process redesign, as it will have an influence.
- Design and build a prototype of the new process. The design is not the end of the process. Key factors in
designing and building a prototype:
o IT as a design Tool: Can be used to support the design.
o Generic Design Criteria: Can be used to create alternative designs. Make sure that the criteria
support the designing of the process (e.g. make it clearer).
o Organizational Prototypes: can be implemented on a pilot basis, examined, and modified if
necessary, to achieve the best gains.
The five steps fit for every organization. However, the specifics of redesign vary greatly, and processes have
different types. By subdividing them, managers can isolate such a process and analyze and redesign it. Processes
can be divided by three dimensions, which each have three/two different types:
- Entities:
o Interorganizational process: take place between two or
more business organizations. It relates to all processes
between the buyer and supplier. For example, the
delivery process, the procurement process, and so on.
o Interfunctional: Cross several functional and divisional
boundaries, and are used to reach major operational
objectives, such as designing a new product. Supporting
the full process (so everything that’d be included when
designing the process for that product) is key.
28

lOMoARcPSD|404503
o Interpersonal: Involve tasks within small teams. It usually helps integrating tasks, or supporting
communication for heavily dispersed teams.
- Objects: the types of objects manipulated. Often, the two categories below are combined.
o Physical: real tangible things are created, such as a product. The flexibility of outcomes
increases, and there is more control over the process itself.
o Informational: create or manipulate information. Can make complex decisions easier, and
support high-skilled workers in their decision-making.
- Activities:
o Operational: day-to-day processes in a business.
o Managerial: control, plan, or provide resources for operational processes. The potential of these
had yet to be realized, as the processes themselves were supported by IT systems, but had yet
to be analyzed and redesigned using IT. This should lead to some form of standardization. By
doing so, analysis could be improved, and participation could be increased.
Once a process has been redesigned, there are still some key management issues:
- Management roles: it is difficult to keep management committed. In order to prevent problems, process
:3
redesign teams should involve stakeholders, and even be composed partly of the stakeholders. For
example, the team should be headed by a senior executive, the affected divisions should be used, and the
customer should also be part of the team. Senior management has to show that it finds the redesigning
critical in order to gather employee support.
- Process redesign and organizational structure: Redesigning processes affects the company structure
greatly. Companies may choose to step away from their traditional structure (e.g. geographical), and
move towards a process-based structure. However, there are risks to this approach. Using a matrix
structure could also be a possibility according to the authors.
- New skill requirements: Managers have to develop facilitation and influence skills, in order for
employees to accept the changes.
4 - An ongoing organization: a group that’s well-versed in IT and business is necessary to redesign and make
the changes in the organization.
5 - Process redesign and the IT organization: IT professionals will have to start developing for the entire
organization, and gain senior management support to get the Industrial Engineering started properly
within their respective organization.
6 - Continuous process improvement: IT processes are dynamic. They must be constantly improved.
Mendling, Reijers & van der Aalst: Seven process modelling guidelines
Process modelling is incredibly important. However, it’s problematic, too, as the guidelines are either too difficult
to follow for beginners, or anecdotal at best. Therefore, the authors wrote 7 process modelling guidelines which
are empirically supported. They will be clear to stakeholders and contain few syntactical errors. The example in
this paper is an Event-Driven Process Chain. Here, functions correspond to specific tasks. Events describe a
situation before and after it is executed.
Important factors for model comprehension are:
- Process model understanding: the degree to which a process model can easily be understood.
- Error probability of process models: captures to what extent a modeler is still able to extend a process
without introducing errors.
- Ambiguity of activity labels.
The 7 guidelines (P means prioritization according to paper):
- G1: (P3) Use as few elements as possible. Large models are more difficult to understand.
- G2: (P5) Minimize the routing paths per element: more paths lead to more errors.
- G3: (P6) Use one start and one end event. This is easier to understand.
- G4: (P1) Model as structured as possible: everything should be connected.
- G5: (P7) Avoid OR routing elements, but use XOR (exclusive choices) or AND (concurrent). This makes
it less ambiguous and less prone to errors.
- G6: (P4) Use verb-object activity labels. Using verbs makes clearer what should be done at each stage.
- G7: (P2) Decompose models if it has more than 50 elements, to prevent errors.
29

lOMoARcPSD|404503
Old model New model
New model:
G3: Only one start and ending point.
G6: Use verbs (registration vs. register call).
G2: Referring customers was simplified immensely.
G1: Remove most of the red (situation before and after a task).
G4: Improved model structure overall, but particularly on the referral side, with increased understandability and
structure.
G5: Removed some OR decisions (e.g. around follow-up).
White – Introduction to BPMN

The primary goal of the BPMN effort was to provide a notation that is readily understandable by all business
users, from the business analysts who create the initial drafts of the processes, to the technical developers
responsible for implementing the technology that will perform those processes, and to the business people who
will manage and monitor those processes.
A business process model is a diagram which is a network of objects with activities and information flows. The
models are trying to balance the complexity of the processes with the simplicity required to understand them.
There are four important categories of elements:
- Flow objects.
o Event: start, intermediate, end. Affect the flow of the process, and often have a trigger or cause
an impact. (Empty circle with colored edge)
o Activities: work that the company performs. They can be tasks, or sub-processes. Sub-processes
are indicated by a little plus in the right corner bottom. (rectangle)
o Gateway: controls divergence and convergence. (Diamond)
- Connecting objects.
o Sequence flow: solid line with solid arrowhead. Shows the order in which activities/decisions
are made in the sequence.
o Message flows: dashed line with an open arrowhead.
o Association: dotted line with a line arrowhead.
- Swimlanes: organize activities into separate visual categories. They’re used, e.g. when participants are
separate entities/businesses.
o Pool: acts like a graphical container for partitioning a set of activities from other pools. Often
in the context of B2B categories.
o Lane: a sub-partition in a pool, which will extend the
entire pool, either vertically or horizontally (e.g. still on
one entity, but parts of the entity (e.g. Web server,
management, etc.).
- Artifacts: flexibility, extend basic notation
o Data object: show how data is required or produced by
activities.
30

lOMoARcPSD|404503
o Group: does not affect sequence flow, but can be used for e.g. documentation. Rounded corners,
dashed lines.
o Annotation: mechanism for a modeler to provide additional text.
Two types of models are generally created with BPD:

- Collaborative B2B Processes: depicts interactions between two or more business entities. The activities
can be considered to be touch-points between the two.
- Internal business processes: these may interact with other business entities. Activities that are not visible
to the public are also part of such internal processes. High-level activities are created, and then, they are
extended in smaller diagrams.
The BPMN helps bridge the gap between technical modelling and business modelling.
31

lOMoARcPSD|404503
Celonis Lecture
Process Mining Theory
Process: A business process or business method is a collection of related, structured activities/tasks that in a
specific sequence produces a service or product (serves a business goal).
Event Logs: Stores data that is required for process mining. At minimum this is
case ID, activity name, timestamp.
Process mining techniques:

1. Discovery:
a. Theoretical model from processes
b. Uncovers how processes are executed by replicating a process
model from the event log
2. Conformance checking:
32

lOMoARcPSD|404503
a. Compare reality and process model

b. Conformance checking compares the “as-is” process from the log data with the “to-be” model
3. Enhancement
a. Enhance or extend an a priori model
b. Insights from discovery and conformance to improve the process
Case: Pizzeria Mamma Mia (Room #1)
• Dissatisfied (0 points) ordered via phone or at the counter 17/18 times.

• Dissatisfied (1 points)
o ordered via website 5 times and there were problems with the payment three times
o 3 out 6 times, they has to call again when ordered by phone
• Satisfied (3 points) ordered via phone or website 50 vs 50
• Online payment many calls to customers (6 out of 9)
Profittability:
• It seems that delivery man 2 is less efficient (2: 25%; 1: 38% and still 750$ cheaper)
• Ordering by phone is also more expensive, especially when making mistakes
33

lOMoARcPSD|404503
Week 5 – IT Risk Management

Cagliano, Grimaldi & Rafele - Choosing project risk management techniques
Risk management is a crucial determinant of the success of a project, as there is a lot of pressure on finding the
right combination of performance, time, and cost. However, this increasing pressure leads to more complexity in
projects. There is a strong need for assessing and controlling risk throughout all phases of a project.
Three dimensions were taken into account in order to choose the best project risk management techniques:
- The phase of the risk management process. The phases are as follows:
o Planning
I o Identification
3 o Analysis
¥
o Response
o Monitoring and control
The different controls and levels of detail of each phase require the application of the appropriate techniques, also
according to the nature of the information in each phase.
- The phase of the life cycle of the project: different phases to assure better management control. The life
cycle phases are as follows:
1 o Conceptualization: opportunity/need is identified a Novice
2 Normalised
2 o Planning: design a project + KPIs
3 o Execution: coordinate, control, and adjust the project as necessary 3 Naturel
4 o Termination: commissioning, reviewing the learned lessons. →
- The corporate maturity of risk: the degree of maturity towards risk of an organization is dependent on
its risk culture. Companies that are aware of risk, and proactively manage it have reached natural
maturity. Companies that are naïve still are unaware of risk management and do not manage it at all.
During the process, the nature and the quantity of available information determine which tools should be used for
which combination of the life cycle/risk process management phases.
In the conceptualization phase, the amount of information on the

project is still fairly limited, and uncertainty is high. The chosen
techniques, therefore, have to be adjusted to this, in order to control
for the risk associated with this phase.
More clarity is created in the project planning phase, as the amount
of information should have been increased through the techniques
used in the conceptualization phase.
In the execution phase, a high number of decisions will have already
been made. Therefore, the project is clear, but risk management will
be unable to make effective change at this point. New risks may be
accounted for at this stage, but real changes won’t be made.
The level of maturity in an organization is connected to the level of

communication in the organization, and the amount of available
information on the project. The higher the maturity, the more
techniques can be used in order to assess and deal with risk.
The numbers in the charts present certain techniques that can be
applied in the phases, depending on the life cycle and the level of
maturity. It also indicates which techniques are appropriate for certain
phases. The framework contributes to an increased understanding of
projects, which in return gives a better control over resources,
provides a support to develop and monitor strategies, and stimulates
a better use of means to identify and assess risk with an inherent
positive impact on the evaluation of contingency factors.
34

lOMoARcPSD|404503
Bandyopadhyay, Mykytyn2 -Framework for integrated risk management in IT

The usage of IT in organizations can lead to different risks. This paper provides a framework to identify, control
and mitigate these risks. As spending on IT has been rising steeply, so has the risk, as organizations become
technology dependent.
The objective of IT risk management is to protect IT assets from internal and external threats, so that the losses
are minimized. Four major components of risk management have been identified:
• Risk identification. The first step is to define the risks in IT environment, which consists of three levels:
o Application: this concentrates on the risks of technical implementation failure of IT
applications. These may arise due to two reasons:
External threats: Natural disasters, acts of competitors, hackers, computer viruses.
Internal threats: authorized or unauthorized physical access (e.g. accidental employee
actions)
o Organizational: the impact of IT on all functional levels throughout the organization. Consists
of three types of risk:
Sustainability of competitive advantage risk of IT applications.
Data security risk: data is used throughout the organization to create a competitive
advantage. Losing/corrupted data can be a huge issue.
Legal risk: the probability of loss due to violation of the rights of competitors and
customers through the use of IT.
o Interorganizational: the focus on the IT risks of organizations operating in a networked
environment (e.g. shared IS between organizations). The three major risks are:
Natural disasters
Intrusion by hackers
Weak and ineffective control
• Risk analysis
o The authors prefer a combined approach of qualitative and quantitative measures
for determining the risks inherent in alternative uses of IT.
• Implementing Risk-reducing measures
o Natural Disasters: Disaster recovery planning: can support IT systems and employees
in case of a natural disaster.
o Data security risks: may arise from authorized/unauthorized access either on the
organizational or interorganizational level.
7 On the organizational level, it can be circumvented through backup files and
introducing controls for using certain features (passwords, biometrics, etc.).
On the interorganizational level, data encryption and call-back modems can
÷ be useful.
Measures to prevent issues with computer viruses could be passwords,
employee education, audit processes, virus-scanning/removing software,
consistent security policies, and monitoring computer usage.
o Strategic risks: the organization’s inability to sustain its competitive advantage. Can
be prevented by:
Patents
Searching for new ways to compete through innovation
o Legal risks:
Policies and procedures
• Risk monitoring: ensures that effective countermeasures to control risks are appropriately
implemented.
The framework provides a comprehensive sequential framework for risk management. The
application of the framework should take place as early as the planning stage, and always be used by
managers when implementing a risk strategy. Training may be necessary so managers can
appropriately assess and mitigate risk.
35

lOMoARcPSD|404503
Rainer, Snyder & Carr - Risk analysis for information technology

IT assets are becoming increasingly more important for the firm’s daily operations and strategic objectives. The
consequences of losing IT capabilities, in turn, can be extremely problematic for firms. Every company has to try
and find the right combination of loss prevention and reasonable cost. There are many types of risk methodologies.
However, many of these are useful for certain threats and situations. Therefore, a combination of methodologies
is more effective. The authors propose a risk analysis process which does exactly that:
- Enumerate organizational value activities: the activities which are essential actions that bring a
product/service to the customer (Porter’s value framework: inbound, operations, outbound).
- Enumerate IT component of each of these value activities: helps managers understand how IT can
be used to support business activities. Each activity has a physical and informational component: IT
may be part of either, but is used most often in the informational part.
- Enumerate the linkages between value activities and IT components that support each other: the
organization may notice that IT assets in some areas which may seem uncritical are critical for success
when including the linkages. The reason why IT is often critical here, is because IT provides much of
the coordination necessary to make these linkages useful.
- Determine IT assets that support interorganizational linkages. E.g. EDI, legacy systems, and so on.
- Determine value of IT assets
- Enumerate Possible threats: characterize all possible threats
- Determine vulnerability of assets to threats: here, any asset may be vulnerable to more than one
threat. Therefore, creating different pairs and comparing the effect is key.
- Determine the overall IT risk exposure: after gathering all information, the overall risk can be
assessed.
For each step, the appropriate methodologies are specified in the table below:
36

lOMoARcPSD|404503
Lecture 5 (24.11.2020)
IT Risk Management
What is risk? lecture Leads to some sort of negative impact
Why do we take risk? lecture positive impact

1. Risk identification: types of threats (ii by lecturer) → also 1 Internal:
a. Application level 2 External

i. Breaches, bugs, downtime, user resistance
ii. Natural disasters, hacker, virus 3 Technical
b. Organisational level
i. IT too complex, business secrets
ii. Fraud, unauthorised access, legal risk, sustainability
c. Interorganisational level
i. Interoperability, substitutes
ii. Hardware, software, network, data
2. Risk analysis (assessment of risk):
a. Measure impact
i. Tangible: e.g., dollars
ii. Intangible: e.g., rating scale
b. Measure likelihood→
Tangible s %
1.2
-
c. Create risk matrix

.
Intangible → scale
3. Risk reducing measures → examples on 526

a. Controls:
i. Username + Password + Firewall + Encryption + …
37

lOMoARcPSD|404503
ii. Stop when costs > benefit

b. Other controls:
i. Backup, monitor computer usage, etc.
4. Risk monitoring
→ ( RISC Certification
Breakout Room #10
Matrix:
Negligible Minor Moderate Serious Major
Very unlikely
Unlikely
Possible
Likely Data breach
Probable
Depends on type of organisation and data.
Remedies:
• Two-factor authentication
• Penetration tests
• Force regular password changes
• Length, symbols, numbers of password
• Hacker rewards also events
• Encryption
• Employee security
IT Auditing
Typical Audit Process Phases
Planning:
1. Determine audit subject
a. Identify area to be audited (e.g., business function, system, physical location)
b. Example: VPN
2. Define audit object
a. Provide management with independent assessment of the VPN implementation and ongoing
monitoring/maintenance of effectiveness of supporting tech.
3. Set audit scope
a. Identify specific systems, function or unit to be included.
] examples
i. Security management and awareness
ii. Information security management
iii. Governance and management practices of IT and business units
4. Perform preaudit planning
a. Conduct risk assessment to set final scope of a risk-based audit.
5. Determine steps for data gathering
a. Select audit approach, identify key internal controls
i. VPN governance
ii. VPN policy
iii. VPN configuration
iv. VPN maintenance and monitoring
38

lOMoARcPSD|404503
39

lOMoARcPSD|404503
Week 6 – IT Sourcing (“Make or buy?”)

Lacity, Khan & Willcocks - A review of the IT outsourcing literature
The authors extracted insights from six key IT outsourcing topics:
- Determinants of IT outsourcing. It answers which types of firms are more likely to outsource IT. It
consists of a multitude of attributes:
o Financial attributes: IT outsourcing correlates significantly with bad financial situations.
o Size attributes: the findings are mixed
o Industry attributes: most often, client firms were the type that outsourced. Although
outsourcing differs per industry, how industries are classified differs so much that it is difficult
to draw conclusions.
- IT outsourcing strategy: what is the strategic intent, and what are the strategic effects?
o Intent: Cost reduction is used most often as the intent. However, more strategic reasoning is
also suggested, such as improving IS, business impact, and commercial exploitation. These
have yet to prove to be useful in practice, as they require a lot of managerial attention.
o Performance: Generally, the results are mixed. However, the stock prices tend to go up when
assets are not too specific, the contracts are to reduce costs, and are small, and/or contracts that
are signed with larger supplier firms. Overall, the influence on stock prices are significant, but
small.
- IT outsourcing risks: what are the risks, and how are they mitigated?
o There are many risks and ways to mitigate risks (as is clarified in week 5’s papers). However,
what is key is that a company is able to manage specific IT services before they actually
outsource them. In addition, when choosing outsourcing, they must anticipate that mistakes
are likely to be made, and experience is one of the best ways to mitigate risk.
- Determinants of IT outsourcing success: which practices lead to successful outsourcing ventures?
o The ITO decision:
The degree of spending of the total IT budget on ITO has to be lower than 80% for a
higher probability of success.
Top management support is critical.
A thorough evaluation of the possible ITO partners is vital, as well.
o Contractual Governance
Contract detail: number of detailed clauses
Contract type: different forms of contracts, such as customized, fixed, or time and
materials.
Contract duration: shorter contracts had higher success rates.
Contract size: larger contracts (in $) had higher success rates.
o Relational Governance: covers softer issues, such as managing the client-supplier relationship,
trust, norms, open communication, etc. Higher RG leads to higher ITO success.
The combination of the ITO decision and contractual governance leads to higher ITO
success.
The combination of contractual governance and relational governance leads to higher
ITO success. Success increases RG (trust), and thereby, the overall chance for future
success in projects as well.
- Client and Supplier Capabilities: which capabilities do client firms need to successfully engage with
ITO suppliers? Which capabilities do client firms seek?
o The most important capability for clients is to be able to manage their suppliers.
o The most important capability for suppliers is to be able to manage their IS human resources
well.
- Sourcing varietals: how do practices differ between different ITO types?
o Application service provision/netsourcing (e.g. salesforce): clients tend to want custom
solutions, even if the products are standardized. The probabilities of risk with ASP increase if
40

lOMoARcPSD|404503
suppliers, technologies, and clients are immature. Most often, ASP is not perceived as a
strategic advantage, and firms become better at using it through increased experience.
o Business process outsourcing: suitable for well-defined, self-contained, modular IT- enabled
and easily measurable processes. Process standardization, contract completeness, relational
governance, consensus and coordination are associated with success.
41

lOMoARcPSD|404503
Lacity, Willcocks & Feeny - IT Outsourcing: Maximize Flexibility and Control

Whether outsourcing or not was the right choice used to be dependent on whether what was being outsourced was
a strategic asset or not. However, such decisions were made with the underlying assumption that managers had
access to all possible knowledge, even though this was not the case, and led to disappointment.
Because of this, this theory should be second to another objective, namely, optimizing control and flexibility. In
addition, the decision to outsource should not be made only once, but constantly be up for discussion. The IT
needs of an organization can be split into pieces, and be awarded to different providers. Parts of systems that are
both strategic and critical stay in-house. Those that are not strategic can still be outsourced, even if they are critical,
depending on the specific context. In addition, it is better to choose short contracts. If one proves to be
disappointing, switching costs will be low.
To maximize flexibility and control, managers should seek bids from many suppliers, let their own IT departments
compete for parts of the business, negotiate short-term contracts, postpone investment decisions if no great method
can be found, and retain control of business-critical strategic operations. This approach significantly reduced
failures.
The disappointing results from the other approach are likely to be caused by two reasons:
- Many managers don’t understand how IT serves business and operations.
- The belief that suppliers can be strategic partners that can be trusted with long-term contracts is often
wishful thinking.
The following questions can help a manager understand how to make IT sourcing decisions:
- Is the system truly strategic? Even if certain company functions are strategic, the IT supporting them
does not have to be.
- Are we certain our IT requirements won’t change? As technology changes, and the organization
changes (e.g. market entry), it might be better to postpone changes.
- Even if a system is a commodity, can we break it off? Many systems are integrated in the company.
In addition, data from one system may be necessary again for another.
- Could the internal IT department provide this system more efficiently than an outsider could?
Let IT departments bid for systems.
- Do we have the knowledge to outsource an emerging or unfamiliar technology? Companies need
to understand it to be able to negotiate contracts, and assess what the best choice is.
- What pitfalls should we avoid when hammering out the details of a contract? Look for hidden costs
and clauses, and do not accept standardized supplier contracts.
- How can we design a contract that minimizes risk and maximizes control and flexibility? Use a
measurable partnership, where the company and the supplier have complementary shared goals.
Another way to mitigate risk is to let one supplier compete for another contract that they might be able
to get if they perform well on the current one. Lastly, contracts should be short-term.
- What in-house staff do we need to negotiate contracts? IT specialists and the IT executive are key
here. CEOs have to be onboard, but not be part of the actual negotiations if they lack knowledge about
IT.
- What inhouse staff do we need to make sure that we can make the most of our contract?
A contract administrator and service integrator team, to ensure that the contract can be
carried out to the best extent. In addition, they also ensure that their own managers don’t
ask too much of suppliers.
- What inhouse staff do we need to exploit change? A team of technical experts that can stay on top of
emerging technologies which could proof interesting for the firm, and look at the gap between the firm’s
needs and what it already has. They can see which supplier services would be useful, and which are not
necessary whatsoever easily.
42

lOMoARcPSD|404503
Rottman & Lacity - Proven practices for effectively offshoring IT work

Offshoring has higher transaction costs than outsourcing domestically, as the learning curve is steeper, and the
risk higher. This article provides companies principles to deal with these transaction costs:
- Escalate the learning curve with an aggressive, integrated program of pilot projects. Instead of giving
I one piece of IT to one supplier, and waiting until results come in, it is quicker to spread different IT
projects to different suppliers with different contract terms in order to quickly learn all that the company
needs to know.
- Select an offshore outsourcing destination based on business objectives. It is important to have
2 commitment to a certain country: it should fit with strategic objectives, as costs and benefits in a certain
country may shift overtime.
- Use offshore supplier competition to lower domestic supplier rates. A global network should see
3 offshore competitors as actual competition, especially as companies move away from domestic IT
services.
- Diversify the supplier portfolio to minimize risk and maximize competition. At least two suppliers per
4 country are necessary, as this ensures that suppliers try to actively compete for contracts.
- Allow business users to share in the benefits of offshoring to motivate adoption. You cannot force them
5 to comply with offshoring without sharing in the benefits. Therefore, making it optional and reducing
the costs gives business users a choice.
67
- Break projects into segments to protect intellectual property to mitigate risk.
- Ready the infrastructure. Integrating offshore-supplier employees into the processes and work flows is
difficult, and has to be ready before the offshoring contract. New policies may be necessary.
8 - Understand how different contracts give suppliers different incentives. There are two major types:
±
o Fixed price contracts: useful for clear requirements, so suppliers can give realistic bids.
o Time-and-materials contracts: the work that is done is better, but the costs are often also a lot
higher. Capability Maturity Madd
Elevate your own organization’s CMM ,
q
(maturity) certification to close the process gap
between you and your supplier. Working together
is easier if you are both certified. The level of
certification that’s necessary differs between
others.
- Bring in a CMM expert with no domain
expertise to flush out ambiguities in
:
requirements. This can reduce the number of
iterations necessary to make the requirements
work.
- Negotiate flexible CMM: ensure that
documentation is only provided for options which
you actually need it for.
- Factor in the use of an on-site engagement manager into the staffing models and ratios. Initially, it is
important to keep more staff at the suppliers location, as the cultural differences/other differences are
12 great. An on-site engagement manager is one of those who can support integration. This can increase
transparency and employee morale.
- Give offshore suppliers domain-specific training to protect quality and lower development costs. This
13 will increase initial transaction costs, but lead to lower costs.
- Overlap onshore presence to facilitate supplier-to-supplier knowledge transfer. When switching
14 suppliers, the predecessor needs to train the other supplier.
- Create a balanced scorecard matrix to keep track of all of the costs and metrics that are important to
15 the company. The metrics that are used have to fit the strategy of the company, and the objective of
the offshoring.
43

lOMoARcPSD|404503
Lecture 6 (01.12.2020)
Part 1: IT Outsourcing Decision
Sourcing Tasks and Modes (what and how)
Depends on three elements:
1. Task What tasks do I source?
7 2 3 4 5
Characteristics determining outsourcing decisions:

1. Asset specificity
a. Physical complex, custom-built
b. Human specialised skills
c. Site natural resource only available at certain location
2. Uncertainty
3. Frequency
2. Mode Do I outsource?
I
a. Internal market: internal IT department
Hoi:: naked b. Internal market: subsidiary

c. Mixed arrangement: Joint venture
d. External market: outsourcing
44

lOMoARcPSD|404503
Theories on Outsourcing (when)

3. Costs when do we outsource?
a. Neoclassical production cost economics (NPCE)
i. Production costs influenced by
1. Economies of scale → quantity
2. Economies of scope
→ shared assets
ii. Assumption
1. Rationality → all info available
2. Homogeneous services
iii. Implication: firms outsource if
1. production cost (service provider) < production cost (inhouse)
I
✓
iv.
b. Transaction cost economics
i. There are costs of using the price mechanism Coase (1937), these are transaction
pu↳uism
costs
ii. Production costs transforming, assembling, etc.
iii. Transaction costs → costs of the
using
1. Initiation costs
2. Negotiation costs
3. Monitoring costs
4. Adaption costs
iv. Often difficult to measure!
v. Why do they exist? → assumptions
1. Bounded rationality:
a. Inability to foresee future
b. Inability to develop complete contract
45

lOMoARcPSD|404503
2. Opportunistic behaviour: involved parties take advantage at expense of others
vi.
most important factor

✓
vii.
Part 2: IT Outsourcing Success Factors
46

lOMoARcPSD|404503
Asset Specificity
Extra/Hidden costs in offshore outsourcing
1. Specification/design costs
2. Knowledge transfer costs
3. Control costs
4. Coordination costs
I
✓
→ the higher the client specific
-
knowledge ,
the higher the cost
Contract Type
1. Time and materials
2. Fixed price
Hypotheses in Gopal (2003)

Software development risks Ta M
Client knowledge FP
Bargaining power EP
Market conditions Tam
Result:
• High risk projects time and material
• Higher clients’ IS experience is associated with fixed price
• Bargaining power promotes fixed price
Recommended contracts:
1. Agile development for new line of business t&m
2. New electronic cash register package in canteen fixed price
Governance/Control Mechanism
1. Formal contracts specific task requirements and obligations in written form contractional
governance
2. Psychological contract parties’ social norms such as commitment and trust, which enable them to
enforce reciprocal obligations relational governance
47

lOMoARcPSD|404503
according to some research, the two contracts are complements.
Projects with external suppliers are more successful if:

• Knowledge specificity is low
• Contract type fits the risk
• Clients combine detailed formal contracts and a relational approach
48

lOMoARcPSD|404503
Week 7 – IT Decision Making

Dale - Heuristics and biases: The science of decision-making
A heuristic is a mental shortcut that helps us make decisions and judgements quickly without having to spend a
lot of time researching and analyzing information. Heuristics can help us speed-up our problem and decision-
making process. However, they can also introduce errors and biased judgments. Heuristics can make it difficult
to also take into account alternatives. Being aware of the limits of heuristics allows us to see through our own
biases when making decisions. This paper lists a number of relevant heuristics:
- Availability heuristic: This is the tendency to judge the frequency or likelihood of an event by the ease
with which relevant instances come to mind. The easier it is to recall a certain event, the greater and
more probable we automatically assume such consequences to be. For example, being killed by a shark
is one of the most feared ways to die, but is actually very unlikely. More probable causes of death are
much less feared.
- Anchoring and adjustment heuristic: This is the tendency to judge the frequency or likelihood of an
event by using a starting point called an anchor and then making adjustments up or down. This then
leads to different outcomes, which may be either negative or positive (see summary article before for
more explanation).
• Representative heuristic: helps us make decisions by looking at our stereotypes or mental prototypes.
For example, expecting that if a coin was heads first, it will be tails next time if we toss it. However,
these events are independent from each other.
• Simulation heuristic: tendency to judge the frequency/likelihood of an event by the ease with which
you can imagine an event. For example, you are likely to be more upset when you lose the lottery by
only one number, rather than losing because all numbers were wrong.
- Peak-and-end heuristic. Heuristic in which we judge our past experiences almost entirely on how they
were at their peak (whether pleasant or unpleasant) and how they ended. The peak and end are what we
remember for experiences. What’s at the start of in between is less important.
- Base rate heuristic: we calculate the likelihood of a situation without taking into account all relevant
data. Judgments and instincts may lead us astray. For example, calculating whether a test for a disease
is correct without taking into account how many people (the base rate) actually contract this disease on
average. This leads to many false positives, and therefore, the actual probability of having a disease is
much smaller than test accuracy may lead us to believe.
- Affect as information (AIM) heuristic: when the situation is complex, and we make a quick decision,
our feelings about a situation (often based on previous experiences with some emotions attached) lead
our decision. For example, you act differently towards a strange dog if you have recently been bitten by
one.
- Other heuristics:
o Consistency heuristic: always trying to act consistently.
o Educated guess: make guesses without too much research.
o Absurdity heuristic: when a situation is absurd, this is applied in order to deal with something
that defies common sense. (A little vague, but there’s no more explanation given about it in
the paper).
o Common sense: often used when a situation is relatively clear-cut
o Contagion heuristic: avoid things that seem to be contained/negative
o Working backward: work backward from a proposed/wanted solution to see how it might have
been reached.
o Familiarity heuristic: act the same way as one did before in a familiar situation.
o Scarcity heuristic: if something becomes scarce, it is more desirable to obtain
o Rule of thumb: make an approximation based on some preset rules/ideas in order not to have
to do exhaustive research.
49

lOMoARcPSD|404503
Hammond, Keeney & Raiffa - The hidden traps in decision making

Making decisions well is difficult: humans are bounded by their own ability to process information, and sometimes
fall for biases or traps. In addition, sometimes it is not possible to get the right information in the decision-making
process itself. This article illustrates some of the most common traps, and how to guard against them:
- Anchoring (often used in negotiations, but also relevant for other situations): the first information that
you are fed about a certain topic gets most of the weight. Initial impressions anchor subsequent thoughts
and judgments. Using this approach leads to giving too much weight to the first thing you see/hear, and
not to other factors which may have an effect, which can lead to misinformed choices. Managers can
become aware on how to reduce the impact of anchoring through the following techniques:
o View a problem from different perspectives.
o Think about a problem on your own, before consulting others.
o Be open-minded: ask/search for a variety of opinions, from different sources.
o Be careful to avoid anchoring those around you, or your own preconceptions will be returned
back to you, leading to mistakes.
o Be wary of anchoring in negotiations: always think through your position before any
negotiation begins in order to avoid being anchored by the other party’s initial proposal.
- Status Quo Trap. The status quo is often the safest option and relieves use of taking responsibility, and
feeling psychological stress on what to do. It is extra strong when there are many alternatives, because
having to choose between them is more difficult than if there were fewer. The status quo can be the best
option, but it should not be chosen because it is more comfortable. There are ways to deal with the
status quo pull:
o Always remind yourself of your objectives, and see whether the current status quo creates any
barriers.
o Always identify and evaluate your other alternatives, next to the status quo. The status quo is
never the only option.
o Ask yourself whether you would choose the status quo if it weren’t the status quo, but another
alternative that took effort to implement.
o Avoid exaggerating the switching costs.
o Keep the future in mind when evaluating alternatives: is the status quo still going to be the
right decision in a year from now? What about five years?
o If you have several alternatives which are superior to the status quo, force yourself to pick one
of them even if that is difficult.
- The Sunk Cost trap. Here, people make decisions based on decisions that were made priory, even though
those have no effect on current investments. This lead sto an increasingly higher loss, unnecessarily so.
There are ways to manage this specific trap:
o Listen carefully to people who were not involved in earlier decisions, and are therefore not
committed to them.
o Examine why admitting to an earlier mistake distresses you, and realize that even the best
managers make mistakes at times.
o Be on the lookout for such biases with your subordinates. Reassign responsibilities if
necessary.
o Don’t cultivate a failure-fearing culture, as already failing projects will be dragged on forever.
Instead, look at the quality of the decision-making to evaluate instead.
- The confirming-evidence trap: people seek and give argumentation that fits with their own decisions
and views.
o Examine all evidence with rigor. Always question evidence if it is doubtful to you.
o Have someone play the devil’s advocate.
o Be honest with yourself about your own motives.
- Don’t ask leading questions, and do not surround yourself with yes-men.The framing trap: framing a
question/option in certain ways can lead to widely different results. This is often related to the status
quo trap/anchoring trap. A particularly important notion here is that people are risk-seeking when it’s
about losses, and risk avoidant when it’s about gains.
50

lOMoARcPSD|404503
o Always reframe the question in different ways, no matter who it was formulated by.
o Try posing the problems in a neutral way.
o Think critically about the way you framed the problem throughout the decision- making
process.
o Examine the way others framed the problem when they make recommendations to you.
- Estimating and forecasting traps: it is difficult to know whether your estimates were right/wrong in
uncertain situations, and probabilities of occurrences cannot always be measured overtime. There are
three uncertainty traps:
o Overconfidence trap: people tend to be overconfident, and set estimates which are too narrow,
leading to errors in judgment.
o Prudence trap: overcautious, just to be safe, can lead to entirely wrong estimations, especially
if done by several people on the same decision on a sequential basis.
o Recallability trap: people recall probabilities of certain events to be more dramatic than they
are if they actually experienced them, or if a greater impression was made on them.
The way to avoid these traps:
o When making estimates and trying to avoid the overconfidence trap, first consider the
extremes. Then, challenge these estimates in order to avoid anchoring
o To avoid the prudence trap, ask for input from others in your estimates.
o To avoid the recallability trap, always check your own assumptions.
51

lOMoARcPSD|404503
Schneider, Weinmann & vom Brocke - Digital nudging: Guiding online user choices
Heuristics and biases affect how we make decisions every day. Due to these heuristics and biases, the interface
design affects how we shop online. This is something that can be employed by companies to gain more profit, and
achieve the intended behavioral effects.
Interface designs offer no neutral way in order to present information. This article gives designers insight in how
to consider the effects of certain nudges when designing their user interfaces and choice environments, no matter
what the objective is (e.g. sales, honesty when filing taxes, and so on).
The authors present three effects that may be useful when designing interfaces:
- Decoy effect: Increase an option’s attractiveness by presenting an unattractive option thatno one would
reasonably choose.
- Scarcity effect: scarce items are more attractive. By suggesting a reward is limited, people are more
likely to choose it, no matter whether it is really attractive or not.
- Middle option bias: People presented with 3 options tend to choose the middle option.
There are four steps that designers need to follow when implementing a nudge:
- Define the goal: consider the goals, and their ethical implications, especially if a nudge might be
detrimental to their well-being. In addition, consider the type of choice: is it binary, discrete (e.g. two
products), continuous, or any other type of choice?
- Understand the users: understand heuristics and users biases (such as the ones from the prior two
articles) and how these might affect the users’ behavior in making certain decisions.
- Design the nudge: choose the nudge that fits with the heuristics and goals which can guide the users’
decisions. This does not have to be limited to only one nudge: designers can combine different
nudges. However, it is important that usability is not reduced by this, as users have to be able to use a
platform/product the same was as they did before.
- Test the nudge: a nudge that works in one place might not work in another, dependent on the context
and the target audience. Thankfully, nudges can be tested quickly and removed/adapted relatively
quickly as well, through, for example, A/B testing. If a nudge does not work, reexamining the
implementation should be the first step. If the nudge is hidden, or just not hidden enough, it may not
work.
There is not a one-size-fits-all approach, due to the differences in target audiences and how they respond to
certain nudges. Therefore, nudges have to be tailored to these groups. This way, the intended effects can be
maximized, and the unintended effects minimized.
52

lOMoARcPSD|404503
Lecture 7 (08.12.2020)
Part 1: Decision Making Theories
⑦
Dual-Process Theory
choices consume working memory
• We can only store 7 items and 15-20 seconds
• System 1: intuition & instinct (95%)
o Unconscious, fast, associative, automatic pilot
• System 2: rational thinking (5%)
o Takes effort, slow, logical, lazy, indecisive
Bounded rationality:
• No sufficient information to make fully informed judgements
: • We opt to satisfice rather maximising
3 • Decisions are as rational as possible given the context
9 • We use rules of thumb (heuristics)
② Prospect Theory
Assume two options:
1. Option 1 give you $100
2. Option 2 gives you $200 but takes away $100
option 1 is preferred as you avoid pain.
\
Losses loom larger than gains. Low
• Reference point matters

-
High
• Certainty effect
• Loss aversion
Part 2: Heuristics & Biases in Decision Making

Examples Dual-process Theory
Middle-option bias: we tend to go for the middle option if three options are available.
Anchoring and adjustment: we provide a very high anchor.
• Mental reference points some establish a high, some a low price.
• Big price drops, recommendations, etc.
Default/status quo bias: option is preselected.
• Repeat choices become automatic.
• To change our behaviour requires compelling incentives.
• Daily choices, political preferences.
Attraction effect: change in preference between two options when presented with a third one that is
asymmetrically dominated.
→ To make an offering more attractive
Availability bias:
• Judge likelihood by:
o Ease with examples coming to mind
o Personal experience
o Intensity of experience
o Vividness of memory
o Frequency
• Xxx
→ We are poor
at risk assessment
crash
f} Plane
shark
53

lOMoARcPSD|404503
Examples Prospect Theory

Endowment Effect (loss aversion): free trail, conversion rates are relatively high
• Value our possession more highly than the one of tother
• Higher value to product once we own it
• Examples: free trials, money back, etc.
Framing (loss aversion): positive or negative connotations
• Tend to avoid risk within positive frame, seek risk within negative frame
• Investment decisions, messages
Scarcity effect (loss aversion): e.g., 5 items left
Sunk costs fallacy: developing a second screen app and Apple announces a free version before development is
finished stop
• Sunk cost should not matter
• We continue investing despite negative outcomes
• IT software projects, prestigious projects
Regression Effects
If you win an award, your performance might go down after Madden Cover Curse
Regression to the mean natural law that performance varies around certain mean
Insensitivity to sample size/clustering illusion
small sample size
fac¥ judge
Outcome bias
\ people ignore
on
missed this one
Part 3: Debiasing Strategies that led to decision

Hot hand fallacy belief that
→ success lead to
f-
.
Decision Tree, Pugh Matrix, MaxDiff ""

"
" """ " ' outcomes
Debiasing approaches
virus outcomes : ,
Tools:
1. Weighted decision matrix/Pugh matrix
a. Note baseline
checklist b. Identify alternatives
c. Identify criteria
I d. Assign weights
e. Populate (+1 better, 0 same, -1 worse)
2. Maximum difference scaling
a. Prioritisation of a list of items
b. Procedure:
i. Identify one (or two) dimensions
ii. Identify (number of) alternatives/attributes
↳ come
up
with matrix
54

lOMoARcPSD|404503
3. Algorithms
a. Linear regression (observational data available)
i. Use past performance data
b. Model of the judge (judgement data available)
i. Let experts judge future performance and run a regression on the models
c. Unit weighting model (no data available)
i. Assign +1 or -1 to each attribute
55

Bat Summary Other

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bat Summary Other

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|404503

BAT Summary complted

Business Architecture and Transformation (Erasmus Universiteit Rotterdam)

StudeerSnel wordt niet gesponsord of ondersteund door een hogeschool of universiteit

BM03BIM - Business Architecture and Transformation

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

A proper strategy statement consists of three elements:

Objective: some companies confuse their statement of value or

• Scope (domain): encompasses 3 dimensions: customer or

Simon, Fischbach, Schoder – Enterprise Architecture Management‚

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

service) by deploying specific resources and

Venkatraman – IT-Enabled Business Transformation

processes. This underleverages IT’s

main weakness is that competitors can

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

Decentral Operations (Digital Basis)

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

Establishing Employee Support: “Cultural Journey”

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

Business process standardisation

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

• We define objectives and how to measure them

Problems and barriers for business-IT alignment

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

How Key IT Governance Decisions Are Made

6 archetypal approaches to IT decision making (from centralised to decentralised):

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

How Top Performers Govern

Centralised Approaches and Profitability (e.g. UNICEF)

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

Recommendations to Guide Effective IT Governance Design

Sambamurthy & Zmud – Arrangements for IT Governance

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

Guest Lecture (03.11.2020) – Not exam relevant

Shaping the big bet:

Fuel for growth – new investor story:

Creating value for the client:

Building a data powered business:

From “we are doomed” to “we are doomed to win in agile”.

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

3 Management -7 Details for functions

Difference governance and management: governance sets the

Centralisation vs. Decentralisation

• Divisional (larger firms, decentralised corporate governance)

corporate IT -7 central higher level

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

IT Governance Determinant Framework

Case A: Reinforcing factors

Case B: Conflicting factors

Case C: Dominant factor

look at article Sambamurthy

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

IT Governance Performance & Design

IT principles and investments: most strategic,

Business application needs: shared business need

Gedownload door anne Schermerhorn (anne.ftale@gmail.com)

b. Synergy and autonomy

Control Framework for IT Governance

there is no framework to rule them all

Case Reflection and Discussion (not in the slides)

C is technically not wrong, but D is definitely