Purpose -The purpose of this paper is to critically rethink the concepts and the theoretical foundations of IT governance in small and medium-sized enterprises (SMEs).Design/methodology/approach -The paper is based on multiple case studies. Eight cases of outsourced information system projects where failures occurred were selected. An outsourced information system failure (OISF) is suggested as a failure of governance of the IT in a SME environment. A structure for stating propositions derived from two competing theories is proposed (Agency Theory and Theory of Trust). Findings -The results reveal that trust is slightly more important than control issues like output-based contracts and structured controls in the governance of IT in SMEs.Practical implications -The world of SMEs is significantly different from that of large companies, and therefore, the concept of IT governance in SMEs needs reconsideration. For researchers and practitioners, it would be more meaningful to focus on actual, working SMEs instead of on a version of their activities derived from those of large companies.Originality/value -The paper offers two contributions. First, it elaborates the limited research on IT in SMEs and second, it brings theoretical foundations for their IT governance. The value of IT governance in SMEs is explained.Keywords: small and medium-sized enterprise (SME), IS failures, IT governance, Agency Theory, trust, case study Paper type: Research paper RETHINKING IT GOVERNANCE FOR SMES IntroductionSmall and medium-sized enterprises (SMEs) play a significant role as engines of economic and social development all over the world. Many scholars argue that a small and medium-sized enterprise cannot be seen through the lens of a large firm (Ballantine et al., 1998). Therefore, the limited theories explaining IT (Information Technology) governance in large organizations cannot be linearly extrapolated to SMEs, since we are dealing with a completely different economic, cultural and managerial environment. Notwithstanding the efforts to develop guidelines for governing IT in SMEs, such as the Cobit QuickStart method, the results of applying these frameworks in SMEs are rather disappointing (IT Governance Institute, 2007). Scholars and practitioners are too grounded in their way of thinking, and maintain a simple vision of a SME as a scale model of a large firm (Raymond, 1985). There is also a lack of genuine SME-centred theories that can lead to general inferences about how SMEs should govern their IT. Riemenschneider et al. stated that, "...organizational theories and practices, such as bureaucratic structure and organizational behaviour applicable to large organizations, may not be valid in small ones" (Riemenschneider et al., 2003: 269). SMEs seldom have a dedicated IT staff or a well-defined and formal IS (Information Systems) function (Adam and O'Doherty, 2000). Due to their small scale, and hence a lack of in house IT skills, SMEs depend more on IT vendors than large companies (Thong, 2001;Thong et al., 1997). Howev...
Nowadays, many people are losing considerable wealth due to online scams. Phishing is one of the means that a scammer can use to deceitfully obtain the victim's personal identification, bank account information, or any other sensitive data. There are a number of anti-phishing techniques and tools in place, but unfortunately phishing still works. One of the reasons is that phishers usually use human behaviour to design and then utilise a new phishing technique. Therefore, identifying the psychological and sociological factors used by scammers could help us to tackle the very root causes of fraudulent phishing attacks. This paper recognises some of those factors and creates a cause-andeffect diagram to clearly present the categories and factors which make up the root causes of phishing scams. The illustrated diagram is extendable with additional phishing causes.
Prior studies have shown that the behaviours and attitudes of Internet users influence the likelihood of being victimised by phishing attacks. Many scammers design a step-by-step approach to phishing in order to gain the potential victim's trust and convince them to take the desired actions. It is important to understand which behaviours and attitudes can influence following the attacker in each step of a phishing scam. This will enable us to identify the root causes of phishing and to develop specific mitigation plans for each step of the phishing process and to increase prevention points. This study investigates to what extent people's risk-taking and decision-making styles influence the likelihood of phishing victimisation in three specific phishing steps. We asked participants to play a risk-taking game and to answer questions related to two psychological scales to measure their behaviours, and then conducted a simulated phishing campaign to assess their phishability throughout the three phishing steps selected. We find that the attitude to risk-taking and gender can predict users' phishability in the different steps selected. There are however other possible direct and indirect behavioural factors that could be investigated in future studies. The results of this study and the model developed can be used to build a comprehensive framework to prevent the success of phishing attempts, starting from their root causes.
Abstract. It is believed by many scholars that a small and medium-sized enterprise (SME) cannot be seen through the lens of a large firm. Theories which explain IT governance in large organizations and methodologies used by practitioners can therefore not be extrapolated to SMEs, which have a completely different economic, cultural and managerial environment. SMEs suffer from resource poverty, have less IS experience and need more external support. SMEs largely contribute to the failure of many IS projects. We define an outsourced information system failure (OISF) as a failure of IT governance in an SME environment and propose a structure for stating propositions derived from both agency theory and theory of trust. The theoretical question addressed in this paper is: how and why do OISFs occur in SMEs? We have chosen a qualitative and positivistic IS case study research strategy based on multiple cases. Eight cases of IS projects were selected. We found that trust is more important than control issues like output-based contracts and structured controls for eliminating opportunistic behaviour in SMEs. We conclude that the world of SMEs is significantly different from that of large companies. This necessitates extra care to be taken on the part of researchers and practitioners when designing artefacts for SMEs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.