Threat of New Entrants:
The barriers to entry like data networks mean that it is very difficult for major competitors to enter the market. Small businesses which provide some of the solutions D Company provides do exist, but on the whole these are not a threat because they cannot service the large clients as D Company can.
Threat of Substitute Product:
Firms are moving away from in-house provision of IT, to a more outsourcing model of business. A substitute for D Company’s offerings would be the in-house servicing of these specialized systems, which would be expensive to install in money, time, infrastructure and maintenance, and would be unlikely to occur. D Company also ensures that they access the latest technologies available through alliances with large software companies like Microsoft, so they are able to offer customers more than they would be able to get if they waited for technologies to come to market.
Bargaining Power of Suppliers:
For IT solution services, the supplier includes both hardware and software providers. In the hardware industry, there are countless brands and famous suppliers in this highly competitive market which grants D Company price and bargaining advantages. However, for the software industry, there are a few giant companies like Microsoft which monopolize the global market. To overcome this, D Company has established itself as a “Gold Partner” of Microsoft, meaning they have the closest possible relationship with the company, with the best prices and earliest release of their software which is a form of competitive advantage for D Company.
Bargaining Power of Customers:
With such a small market in New Zealand, the customer quantity is limited, and the growth rate of customer is slow, so the customer has a good deal of bargaining power, especially when D Company has a few giant accounts which make up the bulk of their earnings. However, the switching costs apparent in these relationships act to neutralize this power.
IS management and organizational structure
D Company’s IS management and organizational structure are reflective of its size, diverse locations and many areas of specialty. It would be fair to describe D Company’s IS management systems as decentralized to the point of fragmentation (Symons, 2005), and Petrides (2004) describes this as the emphasis on the role of technology within a company taking over the importance of using technology to enhance a company’s organizational structures and institutional processes which compromises confidentiality, integrity and technological compatibility.
During our interview we found that D Company’s IS management was project based. For example, employees working on Project A were able to interact with those working on Project A, accessing the same files and sharing the same data. On a larger scale, all employees have the same access to the internet and email, and there were no restrictions on any of these activities. They could also download any data to their workstations. All workstations are installed with standard software and are configured as per D Company’s requirements. They are very flexible in using software’s and generally purchase the rights to use it throughout the organization.
Daily stand-up meetings take place where all team members are encouraged to ask questions on an ongoing basis about the effective use of services and processes. The organizational structure follows a scalable model where it uses its excellence in IT as a strategic differentiator and builds its corporate strategy around strategic flexibility (Agarwal & Sambamurthy, 2009). As per the Hirschheim model, “the organizations that had begun to realize that information systems are vital to their business began moving through three evolutionary phases (‘delivery’, ‘reorientation’ and ‘reorganization’) in their management of the IS function” (Hirschheim, Earl, Feeny, & Lockett, 1988).
D Company evolved its IS system along these lines. It began with an emphasis on the ‘delivery’ of information systems in the organization, with the IS functions complementing the needs of the organization.
During the ‘reorientation’ phase, the IS managers changed their focus from the basic delivery of IS services (payroll & webhosting) to the exploitation of IT for competitive advantage. D Company began providing data centers for web hosting, outsourcing and hardware maintenance services to gain a competitive advantage. The focus here was on the external environment of the enterprise and in extending the value chain through inter-organizational systems (Cash & Konsynski, 1985).
In the final stage, ‘reorganization’, senior management is concerned with managing the relationships between the IS function and the remaining organization. The majority of our recommendations are related to implementing this.
IT concerns at D Company
We used Westerman’s (2004, pg.3) Sources of Risk table to identify the potential risks to D Company through its existing IT policies, and found the areas of concern were:
- Skills planning
There is a lack of knowledge management planning in the company, as there is no formal training and skills structure. This may affect the ability of the firm to remain competitive in the industry in the long term.
- Recruiting and training
Employees are offered incentives to acquire skills externally (paid study, pay rises and promotions), but these skills are not organized or prescribed, as shown in the skills planning above, and this may affect the company in the future. Currently the company overcomes skills shortages through the hiring of recent graduates; however this comes at a cost as they would lack valuable work experience.
- IT/Business relationships
D company follows a “platform” model (Agarwal and Sambamurthy, pg. 193), which suits it well as Mr. T expressed that the company is not looking to invest in the innovation of new technology as they are partners with the large software providers like Microsoft, and that their managers are knowledgeable in IT. However, D Company and its IT structure are very decentralized, the offices are spread out over Australia, New Zealand and Asia, with several locations in key cities (Auckland has three offices for example), which makes communication and integration across the company a problem, as shown in their lack of IT planning.
- Controls architecture
“IT risk can be defined as any threat to your information technology, data, critical systems and business processes” (Bentley, 2010). We have identified gaps in the IS policy roll-out process which can be explained using Bentley’s 2010 framework:
-
Indentify: We found that although D Company had support teams and confidentiality polices externally, internally there was no email filtering software in place to avoid phishing and social engineering via the internet.
-
Access: D Company has security restrictions on staff access in its database, meaning staff working on project A can only access data related to project A. However, we found inconsistency on IS policy awareness and governance, which states that each employee should be aware of IT governance in an organization (Agarwal & Sambamurthy, 2009), and Mr. T is not aware whether or not such policy existed and what this was if it did.
-
Remediate IT risks – This refers to the remediation of detected deficiencies or vulnerabilities. Unfortunately, this was not covered in the interview.
-
Manage: Senior management in D Company’s IS department is responsible for monitoring the risk management framework for the company. Mr. T said that senior management did access IT histories of employees whenever there was a problem, but as is seen with the open access to the internet, this could provide a huge risk to the company’s integrity. Risk management should be a proactive rather than a reactive approach (Larson & Gray, 2011).
Suggestions for improvement
To remain the leading provider of information systems in New Zealand, Australia and Southeast Asia, we suggest D Company addresses the issues outlined in the previous section in the following ways:
Skills Planning and Training
There needs to be an alignment in place between IT strategy and vision, and employee’s knowledge and skills base. Once senior management has articulated the company’s future strategy, they need to assess the company’s IT needs and put measures in place to ensure they will have the skill sets they need in the future from within the company wherever possible. This needs to be carried out on an ongoing basis.
IT/Business relationship
D Company is so decentralized that, as shown in the above point, they have do not have a very good overriding IT/business relationship. To improve on this fragmentation, they need to create formal processes across their business units that help optimize information sharing and expertise across the business. This would also need to be done by senior management.
Controls architecture
- D Company needs to improve its IT security by installing email and website filtering software.
- IS policy needs to be communicated to each employee on a regular basis through numerous avenues like email, posters, meetings and training.
- Senior management should be proactive in their approach to monitoring the IS structure. They could set aside a few minutes each week to go over website and email activity, and this combined with the email and website software we suggest installing above, will help D Company manage IT risk problems before they arise.
References
Agarwal, R., & Sambamurthy, V. (2009). Information Management Strategy - Principles and models for organizing the IT functions. In D. R. Galliers, & E. D. Leidner, Strategic Information Management (pp. 203-04). New York: Routledge.
Bentley, A. (2010). Effective IT risks management
Cash, J. I., & Konsynski, B. R. (1985). IS Redraws competitive boundaries. Harvard Business Review, 134-142.
Hirschheim, R., Earl, M., Feeny, D., & Lockett, M. (1988). An exploration into the management of the information system functions: Key issues and an evolutionary model. Information Technology Management for Productivity and Strategic Advantage. Singapore: IFIP TC-8 Open Conference.
Larson, E. W., & Gray, C. F. (2011). Project Management: The Managerial Process. Singapore: McGraw-Hill.
Petrides, L. A. (2004). Knowledge Management, Information Systems, and Organizations. Colorado: Centre for Applied Research.
Symons, B. (2005). IT Governance Framework. Retrieved February 11, 2011, from
Westerman, G. (2004). Understanding the Enterprise’s IT Risk Profile. Retrieved February 11, 2011 from
Page