M ASTER THESIS
T HEORETICAL MODEL TO IMPLEMENT EXTRANETS
Case study of Europeesche
Jeroen Baur, s1644459 j.baur@student.rug.nl University of Groningen
Faculty of Economics and Business
MSc Business Administration, Business & ICT specialisation
August 2010
Preface
I would like to thank everyone who has been of assistance in the making of this master thesis.
Particularly Peter Boot, Frank Vrolijk, Marc Reinders, and all the other good people at Europeesche verzekeringen.
Furthermore, I would like to thank Prof. Dr. Egon Berghout and especially Dr. DongBack Seo of the University of Groningen (faculty of Economics and Business) for their feedback and support.
Jeroen Baur
Groningen, August 2010
TABLE OF CONTENTS
1 Introduction ...5
1.1 Research approach ...6
1.2 Research methods... 10
1.3 Structure... 10
2 Development of information systems ... 12
2.1 B2B commerce ... 12
2.2 Information systems ... 14
2.3 Information system evolution ... 16
2.4 Network revolution ... 17
3 B2B electronic commerce ... 18
3.1 Electronic Data Interchange ... 18
3.2 Internet EDI ... 21
3.3 Information availability ... 22
3.4 Intranet ... 23
3.5 Extranet ... 24
3.6 Security ... 25
3.7 EDI, I-EDI or extranet? ... 29
4 Extranet implementation prerequisites ... 31
4.1 Strategy and e-commerce ... 31
4.2 Business strategy and information systems ... 35
4.3 ICT policy & ICT strategy ... 37
4.4 ICT strategy ... 38
4.5 Making the ICT strategy ... 40
4.6 Other extranet prerequisites ... 41
4.7 External factors ... 43
4.8 Conclusions ... 44
5 Extranet implementation process ... 46
5.1 IS decision making factors ... 50
5.2 Model... 52
5.3 Identification ... 53
5.4 Development ... 55
5.5 Selection / Design evaluation ... 58
5.6 Implementation stage ... 60
5.7 Conclusion ... 64
6 Case Europeesche insurance company ... 65
6.1 Europeesche introduction ... 66
6.2 Channels ... 67
6.3 Europeesche extranet ... 72
6.4 Research extranet ASR verzekeringen ... 76
6.5 Transaction systems ... 79
6.6 Projects ... 81
6.7 Interviews at Europeesche ... 82
6.8 Model implementation ... 83
6.9 Improving Europeesche extranet ... 94
7 Conclusions ... 97
7.1 Theoretical implications ... 97
7.2 Managerial implications ... 98
8 References ... 99
Books ... 99
Articles ... 100
Websites ... 105
Other ... 106
Appendices ... 108
Extranet interview ... 108
Davis TAM model ... 112
Signicom extranet preferabels ... 113
Interviews... 115
1 I NTRODUCTION
As conclusion of the path towards the MSc degree in business administration, a master thesis needs to be written. At the business and economics faculty of the University of Groningen is the writing of the master thesis usually combined with an internship. The author got the opportunity to intern at an insurance firm in Amsterdam, Europeesche verzekeringen. This insurance firm has had an extranet for several years. At a certain point in time, the question arose whether the extranet was in need of improvements and, if so, what improvements that would be. That was Europeesche‟s principal research question. The Europeesche‟s research question was however not suitable for academic research, as it could not be generalised.
A way had to be found to meet the demands of both Europeesche and the University of
Groningen. Whilst researching extranets the author encountered disappointingly little research on that subject, the literature that was found was predominantly on the types of extranets (Riggins & Rhee, 1998) and the factors that influence the success of extranets (Kallioranta &
Vlosky (2004),Windrum & de Berranger (2003), Angeles (2001)). Boddy et al. (2005) indicate that the implementation of information systems (of which extranets are an example) often do not yield the results the organisation had expected.
A proper implementation of an extranet reduces the risks of such disappointments. However,
no research could be found on how to implement an extranet within an organisation. This is
why the author feels that there is a ground for developing a framework for integrating an
extranet in an organisation. Kallioranta and Vlosky (2004) started with such a model, but it is
the opinion of the author that their model ignores the actual implementation.
The developments of information systems and the networks that link these information systems have changed the way organisations operate and interact with each other. The speed with which and distance over which communication became possible were unheard of before.
However, for an organisation to successfully integrate an information system, and especially one which is in contact with other organisations (business-to-business), is a daunting task.
Alignment between the organisation and its business-to-business information system(s) is paramount. However, how can an organisation achieve and implement a business-to-business information system? This is the main topic of this master thesis.
1.1 R
ESEARCH APPROACHIn order to conduct this research the author takes the methodological approach as made by de Leeuw (2001) as a basis for analysing and developing the research context for this research.
De Leeuw condensed the methodological aspects of research in his so-called balloon model.
FIGURE 1 BALLOON MODEL, TRANSLATED FROM DUTCH (DE LEEUW, 2001)
Each of the balloons as listed in the model are further explained by question which are answered in the following paragraphs.
1.1.1 P
ROBLEM STATEMENTThe problem statement stems from the objective the researcher has set for the research. In a nutshell, the problem statement is: what do you want to know and why? The question encompasses the essence of a research. The problem statement has two sides: the side which faces the practise and a side which faces theory. Another subject, which should be discussed in the problem statement are the conditions under which the research is conducted.
As stated in the introduction the objective of this research is to develop a model that assists organisations in successfully implementing an extranet.
1.1.2 C
ONCEPTSThe following questions define the concept part of the balloon model:
- What is the theoretical framework?
- Devising methodological questions based on the problem statement and framework
Before the research questions can be stated, a main research question needs to be composed, the main research question is subordinate to the objective. In this research the main research question is:
How can an organisation implement a B2B information system for communications with its
partners?
There are a number of issues with the main research question, among others, establishing what an B2B information system is, why an organisation would want one, what implementing entails, and when communication between an organisation and its partners most effective.
These issues are, in effect, research questions. So written down as research questions these issues are:
What is a B2B information system?
What kinds of B2B information systems exist?
What are the prerequisites for implementing an extranet?
How can an extranet system be implemented?
What are the issues when implementing an extranet system?
How can the implementation of an extranet be evaluated?
The following conditions will be taken into account:
- The research focuses on business-to-business information systems, in the form of extranets
1.1.3 D
ATA SOURCESWhat data is used and why?
De Leeuw (2001) distinguishes between six sources of data for practise research: Documents, media, reality (perception), simulated reality, databases and the researcher‟s knowledge. This thesis will make use of the following data sources: documents, reality, knowledge, and to a lesser extent databases.
This thesis will include desk research, as well as field research. The desk research will include document, reality and database sources, whereas the field research will include document, knowledge and reality sources, such as interviews.
1.1.4 M
ETHODS FOR MEASURING&
OBSERVATIONHow will the data be extracted from the data sources?
After the decision for the sources has been made, the question raises how to extract the data from these sources. This is a process of measuring & observation. There are a number of tools available for getting the most from the sources used in business research: statistics,
simulation, schematics, and careful thinking and consideration. Considering the objective of this thesis and its context statistics is unlikely to be used, the focus of this research will concentrate on careful thinking and consideration with the help of schematics. Simulation would be nice to use, but is not very practical because of the resources necessary (time, money).
1.1.5 A
NALYTICAL METHODSHow will the extracted data be analysed and reported?
There are a number of options for reporting the results of a research: written reports, oral presentations, teaching and conducting research with multiple researchers. Considering that this is a Master thesis and theses are written reports, there is no discussion about the form of reporting. An element of oral presentation is part of finishing this thesis.
1.2 R
ESEARCH METHODSThe field research part will be conducted using interviews with external users and those responsible for the content and maintenance of Europeesche‟s extranet. The interviews with external users will be conducted during visits with inspectors from Europeesche, these
interviews take 30 to 60 minutes. The interviews are performed on a semi-structured basis, as this sets guidelines along which the interview is taken, without making it too rigid. The interviews are conducted as a way to get real-world data from those who work with the extranet. This input is used as a way to get to know the use and bottlenecks of the current extranet.
1.3 S
TRUCTUREChapter 2 will give an overview of business-to-business (B2B) commerce, information systems and will introduce networks.
Chapter 3 will describe three different B2B electronic commerce systems; EDI, I-EDI and
extranets
Chapter 4 will discuss the prerequisites for implementing an extranet. Implementing an extranet is not straightforward, an organisation and its environment needs to be ready for such a construct. In the past ICT has often been seen as support for the business, but with ICT becoming more important in businesses. ICT becomes of strategic importance.
Chapter 5 will introduce the model that this thesis is about. This model encompasses the process of implementing an extranet system within an organisation from the beginning to the end.
Chapter 6 introduces the case and applies the model to the case. The case concerns a Dutch insurance company, Europeesche.
Chapter 7 is the conclusion with the theoretical and managerial implications of the model with
its limitations.
2 D EVELOPMENT OF INFORMATION SYSTEMS
This chapter will discuss the first sub-question, that question is “what are B2B information systems?” This question includes two terms that need introduction: B2B and information systems.
2.1 B2B
COMMERCEB2B is an abbreviation for Business-to-Business and is usually used in combination with commerce. As the term implies it is the concept that describes commerce between two organisations, as shown by figure 2. This introduces the term commerce, a definition of commerce is: “Commerce is the process of pre-sale, sale execution, sale settlement and after- sale activities (Benyon-Davies, 2004)”
This figure shows the (simplified) relation between suppliers, organisations and consumers.
This is a simplified figure as B2B usually involves more organisations, notably more
suppliers and distributors.
There are a number of other relations within commerce, among others: Business-to-Consumer (B2C), Consumer-to-Business (C2B) and Consumer-to-Consumer (C2C). Figure 2 illustrates the relations between these commerce relations.
Busines-to-Consumer commerce is the commerce between an organisation, say a grocery store, and the individual who purchases his groceries for meals. It is a type of commerce individuals come in contact with every day.
Consumer-to-Consumer business is the commerce that takes place on internet sites such as eBay or Marktplaats or off-line on flea markets.
This thesis will only look at Business-to-Business (B2B) commerce. This is the largest form of commerce both in volume as in revenue. It also has a large influence on the price the consumer pays for a good, for example, the efficiency improvements made in the value chain decrease the costs of production and therefore the price. A value chain is defined by the following:
“The value chain is a tool to disaggregate a business into strategically relevant activities. This enables identification of the source of competitive advantage by
FIGURE 2 RELATIONS BETWEEN B2B, B2C AND C2C (BASED ON BEYNON-DAVIES, 2004)
performing these activities more cheaply or better than its competitors. Its value chain is part of a larger stream of activities carried out by other members of the channel-suppliers, distributors and customers.” (Brown, 1997)
The importance of B2B commerce on the overall economy and the effects on the price of consumer goods make it an interesting subject for research, especially the combination of information systems and B2B commerce. As information systems can increase the
effectiveness of B2B commerce by optimising communications and automating repeating processes.
2.2 I
NFORMATION SYSTEMSIn order to address B2B information systems, an overview of the concepts of information systems and networks is presented.
Information systems are the actors between the human activity system and the Information Communication Technology (ICT) system. However, what do these terms mean?
FIGURE 3 RELATION BETWEEN ICT, INFORMATION AND HUMAN ACTIVITY SYSTEMS (BEYNON-DAVIES, 2004)
A definition for information systems (Beynon-Davies, 2004) is: “Systems of communication
between people. Information systems are systems involved in the gathering, processing,
distribution and use of information. A system designed to deliver information for some organisation.”
This definition is however very vague and not very practical. A better way of explaining the differences between human activity systems, ICT systems and information systems is by looking at the different types of data these systems process.
Data is stored by the ICT system and is no more than a large collection of unprocessed measurements, activities and other parameters.
In order to process the data stored in the ICT system an information system is needed. The information system uses certain rules and queries to process the raw data into information that has meaning to the person or system receiving that information. Information is subjective and only has a meaning for the recipient.
Human activity systems build on information by placing it in a context of experience and prior learning. As a result, information becomes knowledge. Knowledge triggers action from people.
FIGURE 4 LINKS BETWEEN DATA, INFORMATION AND KNOWLEDGE
The above-mentioned definition of information systems is theoretical. What is the practice?
2.3 I
NFORMATION SYSTEM EVOLUTIONUsage of information systems (in the form of computers) in business environments started when the first computers became commercially available. The first commercially available computers became available in the 1960s. These computers were used for executing internal business processes more efficiently. The handling of repeating business processes, such as payrolls, stock controls and invoices became faster and with fewer chances for errors. The early computers were however not suited for smaller companies as they were too large, too expensive and required specialists to operate.
Over the years, technological developments allowed computers to shrink in size and price. In addition, they became more user-friendly to operate, allowing smaller companies to take advantage of the efficiency gains offered by the new technology. From the 1980s onwards, companies began using computers to replace all sorts of tools with computers: typewriters, drawing boards, etc. The computers were usually standalone machines that were not in connection to other machines.
Whereas the introduction of computers in organisations changed the speed and efficiency of business process, it did not (necessarily) change the way these processes were performed, it was an evolution. Linking computers and forming networks, did however lead to a revolution as business processes changed, or need to change, to make optimal use of the new
possibilities.
2.4 N
ETWORK REVOLUTIONThe American government and scientists were, from the 1950s onwards, increasingly
connecting computers to one another, thereby creating networks. Over the years, the creation of various networks connected academic institutions, other research facilities and the military.
As more research and educational institutions were connected a global network developed.
And as the networks grew even larger a common communication standard was developed, leading to the development of the internet. Each device connected to the internet uses the same language (protocol) to talk to the other devices; TCP/IP (Transport Communication Protocol / Internet Protocol), this protocol is integrated in all computer operating systems produced in the last 15-odd years.
The internet is the name for all applications that use TCP/IP to establish public global communication; email, http and a host of various other applications. Today almost every computer is connected to one or more network(s). Business is therefore also increasingly dependable on the internet, as it offers a large number of advantages over the more traditional methods of communication. Businesses are using computer networks to decrease their
communication times with their suppliers and customers. There are however more advantages
for businesses who use computer networks to make their B2B communication run more
efficient, more on that in chapter 3.
3 B2B ELECTRONIC COMMERCE
Before the development of information systems commerce was conducted over mail, telephone, fax or in person. These communication methods relied upon humans in order to function. The development of information systems and networks led to information systems that could communicate between themselves without human involvement. The use of
information systems and networks in combination with commerce has been named electronic commerce or e-commerce. The second sub-question was: “what kinds of B2B information systems are there?” There are various types of B2B electronic commerce information systems.
These will be discussed in the following paragraphs.
3.1 E
LECTRONICD
ATAI
NTERCHANGESwatman and Swatman (1992) define Electronic Data Interchange (EDI) as “co-operative inter-organisational systems (IOS) that allow trading partners to exchange structured business information electronically between separate computer applications”. The word structured is the keyword in the definition as this means that every message is compiled using a certain framework that allows computers to understand the message. The National Institute for Standards and Technology (NIST) adds the following to the definition mentioned above
1:
“In EDI, the usual processing of received messages is by computer only. Human intervention in the processing of a received message is typically intended only for error conditions, for quality review, and for special situations.”
The NIST definition adds to the Swatman and Swatman (1992) definition the concept that EDI communication is strictly machine-to-machine.
There are however different frameworks which are not inter-changeable. The initiator is the organisation that takes the initiative to implement an EDI system. As an EDI system is based on a hub and spoke model the initiator has a power advantage as all those involved depend on him. A partner cannot use a different message format than the one prescribed by the initiator.
The initiating EDI system is set up to accept a certain message format and cannot handle a different format.
The main advantages of EDI are (Derksen, T., Crins, H, 2001):
- Reduced costs
- Reduced paperwork
FIGURE 5 HUB AND SPOKE MODEL
- Faster turnaround
- Improved control of inventories/suppliers
- Improved customer relationship/service
- Potential of a strategic advantage
There are however also disadvantages:
- High implementation costs
- Difficulties in keeping up with standards, as every EDI system might need different standards
- Rigid message formats
- Need for technologically skilled staff
In the early days of EDI, when there was no internet, the connections between the different participants were direct connections; these were expensive to set up and were billed per character (Asher, 2007), adding to the costs of EDI systems. The costs of participating in an EDI system can run in to the tens of thousands of US Dollars (Angeles, 2000).
The main disadvantages of EDI systems are the costs and the power relation with the initiator.
The power relation between the initiator and the partner is skewed because the initiator
dictates the terms under which the EDI system operates. The initiator is the hub who controls
all information flows to and from its partners (figure 5).
Many of the disadvantages of the original EDI systems have been addressed with I-EDI systems.
3.2 I
NTERNETEDI
The development of an universal protocol for computers to talk to each other (TCP/IP) and the advent of the internet, have led to the development of a new type of EDI systems; I-EDI (Internet EDI).
Figure 6 illustrates the differences between EDI and I-EDI. As the figure shows the difference between the two are the protocols used. EDI uses proprietary protocols, whereas I-EDI uses technologies which are used as the basis of the internet.
There are initiatives to link EDI systems to the internet by making them accessible through secure web pages. The forms on those web pages are filled in and then translated to the correct EDI standard. This makes for a form of hybrid EDI/I-EDI system. This hybrid system
FIGURE 6 EDI VERSUS I-EDI (BASED ON DERKSEN, T., CRINS, H., 2002)
allows small and mid-sized organisations to participate in EDI systems at much lower costs (up to a tenth of the earlier mentioned costs) (Angeles, 2001)
Costs and security are the main differences between EDI and I-EDI. EDI is more expensive to implement, because of the more specialised knowledge and technology required. However, EDI is considered to be more secure; the X.400 protocol is considered to be more secure as it is better suited for data encryption (Derksen & Crins, 2002)
3.3 I
NFORMATION AVAILABILITY(I-)EDI systems are closed environments in which it is not possible to participate without authorisation from the initiator. There are various degrees of information accessibility.
FIGURE 7 INFORMATION ACCESSIBILITY IN ORGANISATIONS (BASED ON LOSHIN, 1997)
The illustration given above (figure 7) is a representation of the information contained within
an organisation and the ability of external parties to access this information. The blue (outer)
ring indicates the publicly available information as published on, for example, the website.
this group can access the information by means of, for example, an extranet or (I-)EDI system. This leaves the orange (inner) ring that is information available for internal use, and not accessible for external users. Intranets are the methods of choice for the distribution of information contained within the orange circle. These distinctions between these levels of information access are not always that clear (especially between the orange and green rings), but the illustration gives the larger picture. The next paragraphs will introduce the terms intranet and extranet further.
3.4 I
NTRANETThe technologies used for the internet are also used to develop closed networks within organisations, so called intranets. The access to intranets is restricted to those connected to that organisations‟ network. According to Benyon-Davies (2004) companies have
implemented intranets with the following results:
- Better communication
- Access to more accurate information
- Better coordination and collaboration
- Easy to implement and use
- Scalable
- Flexible
When an intranet is made accessible for users from outside the organisation, it is no longer an intranet, but an extranet.
3.5 E
XTRANETExtranets share information with suppliers, especially in a B2B environment. Due to the nature of an extranet is the communication is also faster than more traditional methods. An extranet should also lead to a better relation between the customer and the organisation.
Angeles (2001) lists three extranet-based ecommerce strategies:
1. Channel expansion, using extranets to open new sales channels
2. Channel enablement, sales and distribution channels can deploy extranets to deliver customer service or customer self-service.
3. Supply Chain Management, segments of the supply chain are streamlined through extranet links.
Lederer, Mirchandani and Sims (1998) have identified the top ten benefits of extranets.
FIGURE 8 TOP 10 BENEFITS EXTRANETS (LEDERER, MIRCHANDANI AND SIMS, 1998)
The disadvantages of extranets are primarily operational; extranets can be expensive to set up and maintain; extra hardware is needed and so is extra training for the users. The security of the extranet is also a point of attention, only the people who are granted access to the extranet should be able to access the extranet, especially when the extranet contains information that should not be publicly available. To achieve this level of security, investments are necessary and security protocols need to be in place.
3.6 S
ECURITYThe security of the parties involved in e-business is of utmost importance. If one of the parties does not feel safe whilst conducting e-business the whole system collapses. The involvements of multiple information systems from various organisations make extranets even more
susceptible for foreign intrusions. Ensuring the data integrity and keeping alien users from
entering the extranet is something that needs to be taken care of during the implementation
process.
Schneier (2000) introduced three conditions for conducting secure electronic commerce:
- Privacy, only the persons involved in the transaction should be allowed access to the data transferred
- Authentication, all parties involved in a transaction should be the ones allowed
- Non-repudiability, there should be no option for deniability of sending or receiving messages. In other words, there should be a record when sending or receiving a message
FIGURE 9 COMPONENTS OF DATA & INFORMATION SECURITY (BASED ON BENYON-DAVIES, 2004)
Figure 9 gives an idea of how a secure connection over the internet is set up. The first step is
authorisation, as mentioned before; authorisation is the process of making sure that all parties
involved have the right to be part of the transaction. Once all parties are involved a secure
connection is set up. This connection is secure by encryption of all the data that passes
of encryption are beyond the scope of this thesis; keywords in encryption are block ciphers, stream ciphers and hashes.
The figure also mentions a digital signature. A digital signature serves as an identification of the sender and can serve as a means of checking whether the content of the message has been altered (cryptographic hash function).
The firewall is a system that checks every packet send to and from the organisation. It checks data packets on numerous rules. If data packages do not fit in these rules they are discarded.
This system is meant as the first line of defence against malicious traffic, such as hackers.
Figure 9 illustrates the security of the communication between the parties. The security of the data stored is important as well. Examples of threats for data are mentioned below (Benyon- Davies, 2004):
- Theft and fraud, the unauthorised editing of information or extracting corporate information without permission
- Confidentiality, an authorised person accesses information that is confidential and discloses that information to an external party
- Privacy, an unauthorised person accesses information held by the organisation on other persons
- Integrity, computer viruses can cause data to be unusable, so can the malfunctioning of
computer hardware
- Availability, when a system becomes unreachable due to natural or human causes
It is often said that the largest threat for information is the person accessing that information, albeit authorised or unauthorised. Preventing data threats such as mentioned above are countered by using computer-based security measures as well as non-computer-based
measures. Some computer-based measures are mentioned above, such as data encryption and user authentication. This usually exhibits in username and password combinations or similar constructs.
Non-computer-based measures are often based on protocols and division of responsibility.
Examples of such measures are (Benyon-Davies, 2004):
- Establishing and enforcing a security policy
- Establishing suitable personnel controls
- Making the computer hardware that stores the data physically less accessible
- Storing back-ups off-site and fire-proof
Data security is a matter of both electronic and non-electronic measures. Neither should be neglected, because the whole security system would be compromised.
When considering EDI and I-EDI systems, the level of security offered differs slightly. EDI is
more secure because of more secure communication protocols. That however does not mean
on what the initiator wants and expects. These are however dependent on systems used and the requirements of the initiator. The security can range from username/password
combinations up to fully encrypted tunnels (point-to-point connections) over the internet.
It is not possible to give a best solution, as securing extranet connections is dependent on the intentions of the initiating organisation.
3.7 EDI, I-EDI
OR EXTRANET?
The question that pops up after this chapter is whether one the described IOS‟s can be
considered better than the others or is the successor of the other. Even though EDI has served its purpose over the last decades, the internet has proven to be a much more versatile and open environment. As Chan and Davis (2000) put it: “Extranets are less expensive and offer more functionality than EDI systems.” The openness of the internet together with its low entry threshold makes it much more cost-effective to use a basis for value-chain cooperation. That discards EDI systems, and leaves I-EDI systems and extranets. The author is of the opinion that I-EDI systems are aimed more towards transactions, whereas extranets are aimed more towards providing information. An I-EDI system can be part of an extranet, or even
considered being the extranet, whereas an extranet cannot be considered an I-EDI system.
Both extranet and I-EDI use the same technologies and serve the same purpose; increase the cooperation within a value chain. The term extranet will be used further in this thesis, but one can interchange it with I-EDI.
If an organisation decides to implement an extranet, it is not just installing the system; the
organisation needs to be prepared for this new way of contact with suppliers and customers.
This new way of contact necessitates prerequisites that are adapted to the use of extranets in
the organisation.
4 E XTRANET IMPLEMENTATION PREREQUISITES
The previous chapters introduced the concept of B2B electronic commerce and the
information system associated with this. B2B electronic systems, i.e. extranets, offer many advantages for organisations. However, implementing an extranet is not straightforward. An organisation needs to be prepared before it can implement an extranet. This chapter will discuss the prerequisites for an organisation before successfully implementing an extranet.
The third research question was: “what are the prerequisites for implementing an extranet?”
This chapter will give an answer to that question.
The next chapter (five) will discuss the actual steps necessary for successfully implement the extranet.
4.1 S
TRATEGY AND E-
COMMERCEAccording to Porter (2001) strategy has become even more important since the commercial use of the internet has taken shape from the second half of the 1990s on. He regards
information systems and the internet as excellent tools for achieving operational excellence.
As information systems are increasingly becoming the basis of around which business processes are set up, their strategic importance increases. This strategic importance has its consequences on the strategy of the organisation. Achieving a fit between an organisation and its information system(s) starts with the organisations‟ business strategy. Without a proper strategy, an organisation is directionless. Research conducted in the past have revealed that the business strategy has at least some influence on business performance (Croteau &
Bergeron, 2001).
“Strategy is the creation of a unique and valuable position, involving a different set of activities” (Porter, 1996). This is the essence of strategy in one sentence. It is however not as straightforward as it might sound. Creating a unique and valuable position is very difficult in an environment that moves at increasing speeds and over ever larger distances. These
developments allow the world to turn into one large market; commerce has evolved from local through national to global. As the communication methods have improved in speed and decreased in costs, their importance for organisations have increased. A strategy should therefore incorporate some flexibility to handle the technical, social and economical
consequences of these developments, especially as strategies are designed for the long(er) run.
Defining a strategy
A strategy requires discipline and a strong focus on profitability and not (just) growth. An organisation can have the largest market share in one area but if it is not profitable, it will not survive. The discipline and focus are however not enough, an organisation should have an unique value proposition, it should ask itself continuously what makes the organisation stand out from the competition and does the buyer know that or doesn‟t (s)he care?
Without a properly designed strategy and execution, an organisation has a much harder time
surviving, point in case is the dot-com crash in the early 2000s. The question remains on how
to produce a proper strategy. The business strategy design process consists of three phases
(Johnson & Scholes, 2000):
- Strategic analysis
- Strategic choice
- Strategic implementation
These phases and their hierarchy are expanded in figure 10.
The first step when designing a strategy is thinking about the mission of the organisation. The mission is a list of a limited number of statements for future intentions. A number of goals are set for each mission statement. An example of a mission statement is: “become the industry cost leader”. The goal accompanying that mission statement might be; “reduce production costs with 5% in the next three years”.
Based on the mission statements and goals, a strategy is developed to achieve these goals.
Once the strategy is developed the more practical policies are developed and executed.
FIGURE 10 STRATEGY MAKING PROCESS (BENYON-DAVIES, 2004)
Developing a strategy is not just based on a mission which some manager came up with. It is a process of getting to understand both the internal as well as the external environments of the organisation. Based on these environmental analyses the position of the organisation can be determined, which is the basis for the strategic positioning of the organisation. Porter‟s five forces model is a tool for assessing an organisations‟ environment
2.
The business strategy should answer the following question: “Where is the business going and how?” It should be a compact and to-the-point document.
2 Porter, M.E., How competitive forces shape strategy, Harvard Business Review, March – April 1979, pp. 137-
The business strategy is aimed at the longer term. It does not contain goals for the near future.
Neither should it vague, such as by stating the organisation will “offer the best service”. The internal and external analyses have indicated the position of the strategy-making organisation compared with competitors. And that should give ample indications for designing a strategy.
As Information and Communication Technologies (ICT, often abbreviated to IT in the USA) have gained increasingly more influence over business processes, their strategic impact is therefore increased. It is therefore logical that a separate ICT strategy is developed. However, it is not as straightforward as it might sound. This chapter will continue by expanding on that subject.
4.2 B
USINESS STRATEGY AND INFORMATION SYSTEMSAs said before, Information systems are becoming increasingly important in supporting business processes and the general management of organisations. This increasing importance has led to the development of a separate ICT strategy or policy. There are two approaches to the collaboration between ICT and business processes; ICT policy and ICT strategy. The choice between the two depends on how ICT is used in the organisation and what the intentions are.
Ross (2003) states, just like Henderson and Venkatraman (1993), that ICT policy has often
been used as a means to support the business strategy. However, as organisations have
become increasingly dependent on ICT, the role changes from supporting the business to a
direction giving role, therefore becoming strategically important. In order to support this
change process, organisations must develop organisational competencies. Ross identified four
stages in the alignment between business and ICT, these stages are illustrated in the figure below.
The main difference between the stages is the relation between the ICT department and business management. The more to the right, the more strategically important ICT becomes.
Accompanying these stages, Ross (2003) also gives six lessons from her model:
1. Focus on alignment of core business processes, when attempting to link all business processes the implementation will almost certainly fail.
2. Don‟t skip or rush through stages, skipping stages leads the organisation into unknown waters, resulting in failures or delayed benefits. Benefits are best reaped when
improving the current stage.
3. Recognise that complex organisations have multiple architectures, which may be at
FIGURE 11 THE FOUR STAGES OF IT AND ORGANISATIONAL ALIGNMENT (ROSS, 2003)
4. Institutionalise learning about architecture in appropriate governance mechanisms.
5. Continue the dialog; the alignment process is never complete. Ongoing dialog enables management to continuously zero in on issues.
6. Keep the alignment capabilities in-house, aligning the business and ICT require a close link between the two.
These stages indicate the development of information systems in organisations and how they grow with them. The more an information system is intertwined with an organisation the more strategically important it becomes. The result of a properly executed IT planning is a strategic alignment between IT and the business, and because of that a higher return on IT investments.
There will also be more focus on the strategic impact of initiatives.
This paragraph mentioned the business strategy and the role of ICT within that. The next paragraph will expand on that.
4.3 ICT
POLICY& ICT
STRATEGYThe difference between the ICT policy and ICT strategy is that the ICT policy is subordinate
to the business strategy, whereas the ICT strategy is on the same level or even leading the
business strategy. The ICT policy is also more aimed at executing the strategy, whereas the
ICT strategy has a higher abstraction level. Figure 12 illustrates the connections between the
various strategies and policies.
FIGURE 12 ORGANISATIONAL DESIGN AND INFORMATION SYSTEMS DESIGN ACTIVITIES (BASED ON HENDERSON
& VENKATRAMAN, 1993)
The choice for an ICT policy or strategy depends on the current stage (Ross, 2003) of ICT use in an organisation and the policies for the future.
4.4 ICT
STRATEGYPeppard and Ward (1999) conducted research into the gap that exists between an organisation and their ICT. Their conclusion is that building a high performance ICT infrastructure is not only about the ICT department‟s ability to build, maintain and deliver systems, but it is an organisational wide activity requiring a strong business/ICT partnership (alignment). This is in line with Ross (2003). This alignment can be achieved by implementing an ICT strategy.
The main difference between business strategy and ICT strategy is the scope of the ICT
strategy. Where the business strategy regards the entire business, the ICT strategy is focused on the ICT systems and their role within the organisation.
Henderson and Venkatraman (1993) have made four alignment perspectives based on figure 12. These alignment perspectives give different causalities between the various domains in the figure. Alignment is the process of getting the business and ICT working on achieving the same goals.
The first perspective, the strategy execution alignment perspective, assumes a business strategy has been developed. This business strategy is the driver of both the organisational design choices and the design of the ICT infrastructure. This perspective is closest to the classical hierarchical view of strategic management. Top management formulates the business strategy, the ICT management designs and implements the ICT infrastructure. The
implemented ICT infrastructure is reviewed by using financial parameters.
The second perspective, the technology transformation alignment perspective, also uses the business strategy as the driver, but delegates the ICT part of the business strategy to a separate ICT strategy. The aim is to identify the best possible ICT competencies and through
positioning in the ICT marketplace, as well as identifying the corresponding ICT internal ICT architecture.
The third perspective is the competitive potential alignment perspective. This perspective
looks at how emerging ICT capabilities can be used for new products and services, influence
the key attributes of strategy and develop new forms of relationships. This perspective uses
the emerging ICT capabilities as a basis for changes in the business strategy. The idea is to
identify the best set of strategic options and the corresponding set of decisions pertaining to organisational infrastructure and processes.
The final perspective is the service level alignment perspective, this perspective focuses on building a top IS service organisation. Understanding the external environment of the ICT strategy and the internal design of the ICT infrastructure is key. This strategic fit takes the IS customers as a starting point. The business strategy is seen a document for providing the direction for stimulating customer demand.
These four alignment perspectives are all proper perspectives, one is not better than the other.
It all depends on the role executive and ICT management have within an organisation. It is something which might have grown unconsciously, without intent. It is also something that cannot be changed without a long-term plan.
ICT strategy plays an important role in three of the perspectives. That indicates the importance of this strategy.
4.5 M
AKING THEICT
STRATEGYThe ICT strategy making process is similar to the business strategy making process (Figure
10). The difference is the scope of the process. Where the business strategy concerns the
entire organisation, the ICT strategy concerns the ICT capability developments and the
alignment with the organisation and its goals. The ICT strategy and business strategy are
effectively two different strategies, but both are also interdependent. Nowadays, it is almost
impossible to run an organisation without ICT. Even though applications of ICT vary a lot between (or even within) organisations, as Ross (2003) showed.
4.6 O
THER EXTRANET PREREQUISITESNow that the organisation has adapted its policies and strategy to contain its information systems and the future goals of these systems the implementation of an extranet is a step closer. The prerequisites are however not only the inclusion of ICT in the business strategy or a separate ICT strategy, but also a number of other factors. Chan and Davis (2000) list a number of concerns of which organisations should be aware before implementing an extranet:
- An extranet should not be implemented because the competitors have one.
- Successful implementations start by asking “what are the strategic applications of the new technology” and “how can a competitive advantage be achieved by installing an extranet?”
- An organisation that has problems with its information system(s) should improve its current situation before implementing an extranet. As current problem(s) will be magnified by implementing an extranet.
- The ICT department should have protocols in place for dealing with system failure.
Failures of systems can cost a lot of money, especially if business is conducted
through these systems
- Extranet applications should start small and build on successful projects. The idea is that small successful projects are more easily extended to other parts of the business and therefore improving the integration of the extranet in the business.
- The information security of the extranet is very important. The involvement of ICT and non-ICT departments is necessary for making protocols and solving technical issues.
- Most costs incurred in extranet implementation are „people costs‟. Costs that are generated while training employees and external users in using the extranet.
- External users might not have the technological knowledge, fluency in the corporate language or committed to the extranet. Therefore, the design of the extranet should take the „ease of use‟ into account.
Armstrong and Sambamurthy (1999) conducted research into the influence of (1) the quality
of senior leadership, (2) the sophistication of the ICT infrastructure and (3) the organisational
size, on ICT assimilation in firms. They concluded that the top management team (which
includes the CEO, CFO, CIO, etc) is of critical influence on the ability of an organisation in
assimilating ICT. Their second conclusion was that the knowledge of a CIO of both the ICT
and business sides of an organisation is essential for an enhanced assimilation of ICT. Their
third conclusion was that sophisticated ICT architectures foster greater ICT assimilation. In
contrast with organisation size, which does not seem to be of influence on ICT assimilation.
4.7 E
XTERNAL FACTORSKallioranta and Vlosky (2004) made the model stated below (figure 13) as their framework for extranet implementation. The author of this thesis wants to fill in the space of the extranet implementation part of the Kallioranta and Vlosky framework. Based on an earlier article by Vlosky et al. (2000), a number of factors are listed that influence the implementation success of an extranet from a supplier‟s perspective.
FIGURE 13 SUPPLIER PERSPECTIVE MODEL OF EXTRANET IMPLEMENTATION SUCCESS AND PERFORMANCE (KALLIORANTA AND VLOSKY, 2004)
- Corporate culture, corporate culture in the extranet context is predominantly the way knowledge is shared internally and with external partners.
- Corporate structure, according to Hamill (2000) the following factors restrict extranet implementation: lack of commitment, management fear, and user resistance.
- Corporate strategy, the relation between corporate (business) strategy and extranets has been discussed in this chapter and does not need to be repeated.
- Information / technical resources, Varadarajan and Yadav (2002) argue that the ability
of an organisation to collect and process information on partners and customers is of
influence on the competitive advantage of the organisation. The better an organisation is at that, the better its competitive advantage.
- Environment, the macro environment of an organisation consists of the following factors: law, politics, regulations, social structure, culture, economy and technology (Varadarajan and Yadav, 2002). The desire to implement an extranet must fit within the context as set by the factors influencing the macro environment.
- Competitors, as said before, an extranet should not be implemented because competitors have done so. However, not doing so might lead to a competitive disadvantage.
- Exchange partners, organisations should carefully consider implementing an extranet when they cannot be sure whether the extranet implementation is mutually beneficial and profitable for both the initiating organisation as its partners.
4.8 C
ONCLUSIONSThe main question for this chapter was: “what are the prerequisites for implementing an extranet?” This question will be answered by giving the main results of this chapter by bullet points.
1. The implementation of an extranet should fit within a larger strategy.
2. The ICT goals and ways to achieve these goals of the originating organisation should be formalised in an ICT policy or strategy.
3. An extranet should align with the existing information system(s).
4. Internal and external factors have large influence on the originating organisation and its information system(s) and the use of the extranet
Chapter 5 will introduce the implementation model that will guide an organisation in
developing and implementing an extranet.
5 E XTRANET IMPLEMENTATION PROCESS
The assumption is made that an organisation has decided to implement an extranet and the organisation suited for the implementation. In addition, the organisation has a clear idea of what the role of the extranet is within the larger context of the business strategy. An
organisation should therefore have a clear idea of what it wants and what it should expect in return. Information systems are not „magic bullets‟ that shoot and solve everything they hit
3.
This chapter will answer three of the research questions developed in the beginning of this thesis:
How can an extranet or I-EDI system be implemented?
What are the issues when implementing an extranet or I-EDI system?
How can the implementation of an extranet be evaluated?
Anatomy of an implementation process
The implementation of an extranet is the process that starts when the need for an extranet is recognised and ends with extranet being taken in use. In order to implement an extranet successfully a number of steps need to taken.
3 Markus, M.L., Benjamin, R.I., The magic bullet theory in IT-enabled transformation, Sloan management
These steps are described by Mintzberg (1976) and further by Boonstra (2003). They both describe decision making processes, where Boonstra primarily focuses on IS decision-making processes. These processes can be used as bases for the model to describe how to implement an extranet. The author was unable to find models specifically aimed at implementing
information systems. Kallioranta and Vlosky (2004) have started developing one specifically aimed at extranets, but don‟t seem to have finished it, they do give factors that influence the implementation of an extranet. Other authors (Vlosky (2000), Armstrong and Sambamurthy (1999)) also give areas of attention when implementing an extranet.
Every decision is the result of a decision-making process. The decision to invest in an
information system is the result of such a process. A decision-making process is however not straightforward and can contain many different steps. The research area is illustrated in the following figure.
FIGURE 14 INFORMATION SYSTEM DECISION MAKING PROCESS (A. BOONSTRA, 2003)
A. Boonstra (2003) conducted research in the decision making processes that take place in organisations concerning information systems. The difference between Boonstra and other researches in the IS decision-making field is that Boonstra uses a wider context. Most previous researches assume a mainly rational view. The rational view assumes that
stakeholders agree on the reason for existence of the organisation and its capabilities. Another
view of looking at decision-making processes is rooted partly in psychology and partly in political science and sociology. Researchers in these fields conclude that decision-making processes are often influenced by:
The limited ability of people to process information
Disagreement among stakeholders
Change, uncertainty and indistinct objectives
Psychological barriers of individuals and groups to adapt information and act in a rational way
The tendency towards incrementalism and arbitrariness in decision-making
In order to model these processes and take the influences mentioned above into account Mintzberg made a number of path configurations.
There are quite a number of different decision-making patterns or path configurations (Mintzberg et al, 1976, based on Simon, 1960):
Simple impasse, there is a readymade solution
Political design, there is repetition in the design, analysis and negotiations
Basic search, the choice is between various readymade solutions
Modified search, the solutions available need to be customised
Basic design, a customised, complex and innovative solution is developed
Dynamic design, the steps in the decision-making process are repeated multiple times
The above mentioned configurations follow different paths in the figure placed below.
FIGURE 15 GENERAL MODEL OF A DECISION-MAKING PROCESS (MINTZBERG ET AL., 1976)
A simple impasse for example will go straight from diagnosis to evaluation choice to authorisation. In such cases there is little need for complex decision making models (figure 16).
FIGURE 16 GRAPHICAL REPRESENTATION OF A SIMPLE IMPASSE (A. BOONSTRA, 2003)
As the list of configurations is followed the complexity increases. The figure for Dynamic design looks like this (figure 17).
FIGURE 17 GRAPHICAL REPRESENTATION OF A DYNAMIC DESIGN (A. BOONSTRA, 2003)
It is clear that the more complex the decision making process gets, the higher the need for structure becomes. The time frame for each configuration also differs; a simple impasse can be dealt with in a couple of weeks or maybe even days, whereas a dynamic design‟s time frame will be months or even years.
The implementation of an extranet is a complicated process, as it influences both the internal organisation as well as the communication with external users. The complexity is however dependent on what an organisation wishes to achieve with the extranet. This is the first question an organisation should ask itself.
5.1 IS
DECISION MAKING FACTORSBoonstra (2003) identified five relevant factors for IS decision making processes, formulated
in questions:
1. The question whether there is scope to design a solution (readymade, modified or customised);
2. The question whether a search must be made to distinct IS alternatives (one, few or many alternatives);
3. The degree of urgency and necessity from the perspective of the decision-makers (crisis, problem or opportunity);
4. The question whether the IS decision can be subdivided in order to follow a more gradual process path (planned vs. incremental) if the direction is unclear;
5. The number and influence of stakeholders involved in the process and the extent that their interests vary and contrast
These questions help in choosing the right path to follow. There is however no universal right path, every problem requires its own solution and above stated questions guide the quest for the right solution. It is likely that a problem can be solved in different ways, using different paths. Once the proper solution is found and authorisation is given the solution can be implemented. This implementation process is also not without pitfalls, if not controlled carefully the costs and time involved can still spiral out of control.
5.2 M
ODELBased on the groundwork laid by Boonstra, The author would like to add two steps to broaden this model from a model of decision-making processes (figure 15) to an information system implementation model (figure 18). These two steps are (1) an extended identification stage and (2) the implementation stage. A smaller addition is the programming step. The additions are boxed in red in the IS implementation model.
The reason that the decision-making process is taken as a base and is such a large part is that once the preparation is correctly executed the implementation and evaluation should be relatively straightforward. Alternatively, as a Dutch saying goes: “een goede voorbereiding is het halve werk”. Or to cite Kallioranta and Vlosky (2003): “
Importance of informationtechnologies as a source of competitive advantage derives from successful execution and potential to impact value chain activities”
. Value chain activities are different from organisation to
organisation and can therefore not easily be included in a model. The execution of information technologies is, in the perception of the author, the implementation of the information system. And the how and why decisions are made is paramount for the
implementation process, in other words the decision-making process. The development of an
implementation model is therefore of great importance for the success of an extranet. And as
no models exist that guide organisations in this process great gains can be made.
FIGURE 18 PROPOSED MODEL FOR IMPLEMENTATION