Case study of Europeesche

M ASTER THESIS

T HEORETICAL MODEL TO IMPLEMENT EXTRANETS

Case study of Europeesche

Jeroen Baur, s1644459 j.baur@student.rug.nl University of Groningen

Faculty of Economics and Business

MSc Business Administration, Business & ICT specialisation

August 2010

Preface

I would like to thank everyone who has been of assistance in the making of this master thesis.

Particularly Peter Boot, Frank Vrolijk, Marc Reinders, and all the other good people at Europeesche verzekeringen.

Furthermore, I would like to thank Prof. Dr. Egon Berghout and especially Dr. DongBack Seo of the University of Groningen (faculty of Economics and Business) for their feedback and support.

Jeroen Baur

Groningen, August 2010

TABLE OF CONTENTS

1 Introduction ...5

1.1 Research approach ...6

1.2 Research methods... 10

1.3 Structure... 10

2 Development of information systems ... 12

2.1 B2B commerce ... 12

2.2 Information systems ... 14

2.3 Information system evolution ... 16

2.4 Network revolution ... 17

3 B2B electronic commerce ... 18

3.1 Electronic Data Interchange ... 18

3.2 Internet EDI ... 21

3.3 Information availability ... 22

3.4 Intranet ... 23

3.5 Extranet ... 24

3.6 Security ... 25

3.7 EDI, I-EDI or extranet? ... 29

4 Extranet implementation prerequisites ... 31

4.1 Strategy and e-commerce ... 31

4.2 Business strategy and information systems ... 35

4.3 ICT policy & ICT strategy ... 37

4.4 ICT strategy ... 38

4.5 Making the ICT strategy ... 40

4.6 Other extranet prerequisites ... 41

4.7 External factors ... 43

4.8 Conclusions ... 44

5 Extranet implementation process ... 46

5.1 IS decision making factors ... 50

5.2 Model... 52

5.3 Identification ... 53

5.4 Development ... 55

5.5 Selection / Design evaluation ... 58

5.6 Implementation stage ... 60

5.7 Conclusion ... 64

6 Case Europeesche insurance company ... 65

6.1 Europeesche introduction ... 66

6.2 Channels ... 67

6.3 Europeesche extranet ... 72

6.4 Research extranet ASR verzekeringen ... 76

6.5 Transaction systems ... 79

6.6 Projects ... 81

6.7 Interviews at Europeesche ... 82

6.8 Model implementation ... 83

6.9 Improving Europeesche extranet ... 94

7 Conclusions ... 97

7.1 Theoretical implications ... 97

7.2 Managerial implications ... 98

8 References ... 99

Books ... 99

Articles ... 100

Websites ... 105

Other ... 106

Appendices ... 108

Extranet interview ... 108

Davis TAM model ... 112

Signicom extranet preferabels ... 113

Interviews... 115

1 I NTRODUCTION

As conclusion of the path towards the MSc degree in business administration, a master thesis needs to be written. At the business and economics faculty of the University of Groningen is the writing of the master thesis usually combined with an internship. The author got the opportunity to intern at an insurance firm in Amsterdam, Europeesche verzekeringen. This insurance firm has had an extranet for several years. At a certain point in time, the question arose whether the extranet was in need of improvements and, if so, what improvements that would be. That was Europeesche‟s principal research question. The Europeesche‟s research question was however not suitable for academic research, as it could not be generalised.

A way had to be found to meet the demands of both Europeesche and the University of

Groningen. Whilst researching extranets the author encountered disappointingly little research on that subject, the literature that was found was predominantly on the types of extranets (Riggins & Rhee, 1998) and the factors that influence the success of extranets (Kallioranta &

Vlosky (2004),Windrum & de Berranger (2003), Angeles (2001)). Boddy et al. (2005) indicate that the implementation of information systems (of which extranets are an example) often do not yield the results the organisation had expected.

A proper implementation of an extranet reduces the risks of such disappointments. However,

no research could be found on how to implement an extranet within an organisation. This is

why the author feels that there is a ground for developing a framework for integrating an

extranet in an organisation. Kallioranta and Vlosky (2004) started with such a model, but it is

the opinion of the author that their model ignores the actual implementation.

The developments of information systems and the networks that link these information systems have changed the way organisations operate and interact with each other. The speed with which and distance over which communication became possible were unheard of before.

However, for an organisation to successfully integrate an information system, and especially one which is in contact with other organisations (business-to-business), is a daunting task.

Alignment between the organisation and its business-to-business information system(s) is paramount. However, how can an organisation achieve and implement a business-to-business information system? This is the main topic of this master thesis.

1.1 R

In order to conduct this research the author takes the methodological approach as made by de Leeuw (2001) as a basis for analysing and developing the research context for this research.

De Leeuw condensed the methodological aspects of research in his so-called balloon model.

FIGURE 1 BALLOON MODEL, TRANSLATED FROM DUTCH (DE LEEUW, 2001)

Each of the balloons as listed in the model are further explained by question which are answered in the following paragraphs.

1.1.1 P

The problem statement stems from the objective the researcher has set for the research. In a nutshell, the problem statement is: what do you want to know and why? The question encompasses the essence of a research. The problem statement has two sides: the side which faces the practise and a side which faces theory. Another subject, which should be discussed in the problem statement are the conditions under which the research is conducted.

As stated in the introduction the objective of this research is to develop a model that assists organisations in successfully implementing an extranet.

1.1.2 C

The following questions define the concept part of the balloon model:

- What is the theoretical framework?

- Devising methodological questions based on the problem statement and framework

Before the research questions can be stated, a main research question needs to be composed, the main research question is subordinate to the objective. In this research the main research question is:

How can an organisation implement a B2B information system for communications with its

partners?

There are a number of issues with the main research question, among others, establishing what an B2B information system is, why an organisation would want one, what implementing entails, and when communication between an organisation and its partners most effective.

These issues are, in effect, research questions. So written down as research questions these issues are:

 What is a B2B information system?

 What kinds of B2B information systems exist?

 What are the prerequisites for implementing an extranet?

 How can an extranet system be implemented?

 What are the issues when implementing an extranet system?

 How can the implementation of an extranet be evaluated?

The following conditions will be taken into account:

- The research focuses on business-to-business information systems, in the form of extranets

1.1.3 D

What data is used and why?

De Leeuw (2001) distinguishes between six sources of data for practise research: Documents, media, reality (perception), simulated reality, databases and the researcher‟s knowledge. This thesis will make use of the following data sources: documents, reality, knowledge, and to a lesser extent databases.

This thesis will include desk research, as well as field research. The desk research will include document, reality and database sources, whereas the field research will include document, knowledge and reality sources, such as interviews.

1.1.4 M

&

How will the data be extracted from the data sources?

After the decision for the sources has been made, the question raises how to extract the data from these sources. This is a process of measuring & observation. There are a number of tools available for getting the most from the sources used in business research: statistics,

simulation, schematics, and careful thinking and consideration. Considering the objective of this thesis and its context statistics is unlikely to be used, the focus of this research will concentrate on careful thinking and consideration with the help of schematics. Simulation would be nice to use, but is not very practical because of the resources necessary (time, money).

1.1.5 A

How will the extracted data be analysed and reported?

There are a number of options for reporting the results of a research: written reports, oral presentations, teaching and conducting research with multiple researchers. Considering that this is a Master thesis and theses are written reports, there is no discussion about the form of reporting. An element of oral presentation is part of finishing this thesis.

1.2 R

The field research part will be conducted using interviews with external users and those responsible for the content and maintenance of Europeesche‟s extranet. The interviews with external users will be conducted during visits with inspectors from Europeesche, these

interviews take 30 to 60 minutes. The interviews are performed on a semi-structured basis, as this sets guidelines along which the interview is taken, without making it too rigid. The interviews are conducted as a way to get real-world data from those who work with the extranet. This input is used as a way to get to know the use and bottlenecks of the current extranet.

1.3 S

Chapter 2 will give an overview of business-to-business (B2B) commerce, information systems and will introduce networks.

Chapter 3 will describe three different B2B electronic commerce systems; EDI, I-EDI and

extranets

Chapter 4 will discuss the prerequisites for implementing an extranet. Implementing an extranet is not straightforward, an organisation and its environment needs to be ready for such a construct. In the past ICT has often been seen as support for the business, but with ICT becoming more important in businesses. ICT becomes of strategic importance.

Chapter 5 will introduce the model that this thesis is about. This model encompasses the process of implementing an extranet system within an organisation from the beginning to the end.

Chapter 6 introduces the case and applies the model to the case. The case concerns a Dutch insurance company, Europeesche.

Chapter 7 is the conclusion with the theoretical and managerial implications of the model with

its limitations.

2 D EVELOPMENT OF INFORMATION SYSTEMS

This chapter will discuss the first sub-question, that question is “what are B2B information systems?” This question includes two terms that need introduction: B2B and information systems.

2.1 B2B

B2B is an abbreviation for Business-to-Business and is usually used in combination with commerce. As the term implies it is the concept that describes commerce between two organisations, as shown by figure 2. This introduces the term commerce, a definition of commerce is: “Commerce is the process of pre-sale, sale execution, sale settlement and after- sale activities (Benyon-Davies, 2004)”

This figure shows the (simplified) relation between suppliers, organisations and consumers.

This is a simplified figure as B2B usually involves more organisations, notably more

suppliers and distributors.

There are a number of other relations within commerce, among others: Business-to-Consumer (B2C), Consumer-to-Business (C2B) and Consumer-to-Consumer (C2C). Figure 2 illustrates the relations between these commerce relations.

Busines-to-Consumer commerce is the commerce between an organisation, say a grocery store, and the individual who purchases his groceries for meals. It is a type of commerce individuals come in contact with every day.

Consumer-to-Consumer business is the commerce that takes place on internet sites such as eBay or Marktplaats or off-line on flea markets.

This thesis will only look at Business-to-Business (B2B) commerce. This is the largest form of commerce both in volume as in revenue. It also has a large influence on the price the consumer pays for a good, for example, the efficiency improvements made in the value chain decrease the costs of production and therefore the price. A value chain is defined by the following:

“The value chain is a tool to disaggregate a business into strategically relevant activities. This enables identification of the source of competitive advantage by

FIGURE 2 RELATIONS BETWEEN B2B, B2C AND C2C (BASED ON BEYNON-DAVIES, 2004)

performing these activities more cheaply or better than its competitors. Its value chain is part of a larger stream of activities carried out by other members of the channel-suppliers, distributors and customers.” (Brown, 1997)

The importance of B2B commerce on the overall economy and the effects on the price of consumer goods make it an interesting subject for research, especially the combination of information systems and B2B commerce. As information systems can increase the

effectiveness of B2B commerce by optimising communications and automating repeating processes.

2.2 I

In order to address B2B information systems, an overview of the concepts of information systems and networks is presented.

Information systems are the actors between the human activity system and the Information Communication Technology (ICT) system. However, what do these terms mean?

FIGURE 3 RELATION BETWEEN ICT, INFORMATION AND HUMAN ACTIVITY SYSTEMS (BEYNON-DAVIES, 2004)

A definition for information systems (Beynon-Davies, 2004) is: “Systems of communication

between people. Information systems are systems involved in the gathering, processing,

distribution and use of information. A system designed to deliver information for some organisation.”

This definition is however very vague and not very practical. A better way of explaining the differences between human activity systems, ICT systems and information systems is by looking at the different types of data these systems process.

Data is stored by the ICT system and is no more than a large collection of unprocessed measurements, activities and other parameters.

In order to process the data stored in the ICT system an information system is needed. The information system uses certain rules and queries to process the raw data into information that has meaning to the person or system receiving that information. Information is subjective and only has a meaning for the recipient.

Human activity systems build on information by placing it in a context of experience and prior learning. As a result, information becomes knowledge. Knowledge triggers action from people.

FIGURE 4 LINKS BETWEEN DATA, INFORMATION AND KNOWLEDGE

The above-mentioned definition of information systems is theoretical. What is the practice?

2.3 I

Usage of information systems (in the form of computers) in business environments started when the first computers became commercially available. The first commercially available computers became available in the 1960s. These computers were used for executing internal business processes more efficiently. The handling of repeating business processes, such as payrolls, stock controls and invoices became faster and with fewer chances for errors. The early computers were however not suited for smaller companies as they were too large, too expensive and required specialists to operate.

Over the years, technological developments allowed computers to shrink in size and price. In addition, they became more user-friendly to operate, allowing smaller companies to take advantage of the efficiency gains offered by the new technology. From the 1980s onwards, companies began using computers to replace all sorts of tools with computers: typewriters, drawing boards, etc. The computers were usually standalone machines that were not in connection to other machines.

Whereas the introduction of computers in organisations changed the speed and efficiency of business process, it did not (necessarily) change the way these processes were performed, it was an evolution. Linking computers and forming networks, did however lead to a revolution as business processes changed, or need to change, to make optimal use of the new

possibilities.

2.4 N

The American government and scientists were, from the 1950s onwards, increasingly

connecting computers to one another, thereby creating networks. Over the years, the creation of various networks connected academic institutions, other research facilities and the military.

As more research and educational institutions were connected a global network developed.

And as the networks grew even larger a common communication standard was developed, leading to the development of the internet. Each device connected to the internet uses the same language (protocol) to talk to the other devices; TCP/IP (Transport Communication Protocol / Internet Protocol), this protocol is integrated in all computer operating systems produced in the last 15-odd years.

The internet is the name for all applications that use TCP/IP to establish public global communication; email, http and a host of various other applications. Today almost every computer is connected to one or more network(s). Business is therefore also increasingly dependable on the internet, as it offers a large number of advantages over the more traditional methods of communication. Businesses are using computer networks to decrease their

communication times with their suppliers and customers. There are however more advantages

for businesses who use computer networks to make their B2B communication run more

efficient, more on that in chapter 3.

3 B2B ELECTRONIC COMMERCE

Before the development of information systems commerce was conducted over mail, telephone, fax or in person. These communication methods relied upon humans in order to function. The development of information systems and networks led to information systems that could communicate between themselves without human involvement. The use of

information systems and networks in combination with commerce has been named electronic commerce or e-commerce. The second sub-question was: “what kinds of B2B information systems are there?” There are various types of B2B electronic commerce information systems.

These will be discussed in the following paragraphs.

3.1 E

D

I

Swatman and Swatman (1992) define Electronic Data Interchange (EDI) as “co-operative inter-organisational systems (IOS) that allow trading partners to exchange structured business information electronically between separate computer applications”. The word structured is the keyword in the definition as this means that every message is compiled using a certain framework that allows computers to understand the message. The National Institute for Standards and Technology (NIST) adds the following to the definition mentioned above

:

“In EDI, the usual processing of received messages is by computer only. Human intervention in the processing of a received message is typically intended only for error conditions, for quality review, and for special situations.”

The NIST definition adds to the Swatman and Swatman (1992) definition the concept that EDI communication is strictly machine-to-machine.

There are however different frameworks which are not inter-changeable. The initiator is the organisation that takes the initiative to implement an EDI system. As an EDI system is based on a hub and spoke model the initiator has a power advantage as all those involved depend on him. A partner cannot use a different message format than the one prescribed by the initiator.

The initiating EDI system is set up to accept a certain message format and cannot handle a different format.

The main advantages of EDI are (Derksen, T., Crins, H, 2001):

- Reduced costs

- Reduced paperwork

FIGURE 5 HUB AND SPOKE MODEL

- Faster turnaround

- Improved control of inventories/suppliers

- Improved customer relationship/service

- Potential of a strategic advantage

There are however also disadvantages:

- High implementation costs

- Difficulties in keeping up with standards, as every EDI system might need different standards

- Rigid message formats

- Need for technologically skilled staff

In the early days of EDI, when there was no internet, the connections between the different participants were direct connections; these were expensive to set up and were billed per character (Asher, 2007), adding to the costs of EDI systems. The costs of participating in an EDI system can run in to the tens of thousands of US Dollars (Angeles, 2000).

The main disadvantages of EDI systems are the costs and the power relation with the initiator.

The power relation between the initiator and the partner is skewed because the initiator

dictates the terms under which the EDI system operates. The initiator is the hub who controls

all information flows to and from its partners (figure 5).

Many of the disadvantages of the original EDI systems have been addressed with I-EDI systems.

3.2 I

EDI

The development of an universal protocol for computers to talk to each other (TCP/IP) and the advent of the internet, have led to the development of a new type of EDI systems; I-EDI (Internet EDI).

Figure 6 illustrates the differences between EDI and I-EDI. As the figure shows the difference between the two are the protocols used. EDI uses proprietary protocols, whereas I-EDI uses technologies which are used as the basis of the internet.

There are initiatives to link EDI systems to the internet by making them accessible through secure web pages. The forms on those web pages are filled in and then translated to the correct EDI standard. This makes for a form of hybrid EDI/I-EDI system. This hybrid system

FIGURE 6 EDI VERSUS I-EDI (BASED ON DERKSEN, T., CRINS, H., 2002)

allows small and mid-sized organisations to participate in EDI systems at much lower costs (up to a tenth of the earlier mentioned costs) (Angeles, 2001)

Costs and security are the main differences between EDI and I-EDI. EDI is more expensive to implement, because of the more specialised knowledge and technology required. However, EDI is considered to be more secure; the X.400 protocol is considered to be more secure as it is better suited for data encryption (Derksen & Crins, 2002)

3.3 I

(I-)EDI systems are closed environments in which it is not possible to participate without authorisation from the initiator. There are various degrees of information accessibility.

FIGURE 7 INFORMATION ACCESSIBILITY IN ORGANISATIONS (BASED ON LOSHIN, 1997)

The illustration given above (figure 7) is a representation of the information contained within

an organisation and the ability of external parties to access this information. The blue (outer)

ring indicates the publicly available information as published on, for example, the website.

this group can access the information by means of, for example, an extranet or (I-)EDI system. This leaves the orange (inner) ring that is information available for internal use, and not accessible for external users. Intranets are the methods of choice for the distribution of information contained within the orange circle. These distinctions between these levels of information access are not always that clear (especially between the orange and green rings), but the illustration gives the larger picture. The next paragraphs will introduce the terms intranet and extranet further.

3.4 I

The technologies used for the internet are also used to develop closed networks within organisations, so called intranets. The access to intranets is restricted to those connected to that organisations‟ network. According to Benyon-Davies (2004) companies have

implemented intranets with the following results:

- Better communication

- Access to more accurate information

- Better coordination and collaboration

- Easy to implement and use

- Scalable

- Flexible

When an intranet is made accessible for users from outside the organisation, it is no longer an intranet, but an extranet.

3.5 E

Extranets share information with suppliers, especially in a B2B environment. Due to the nature of an extranet is the communication is also faster than more traditional methods. An extranet should also lead to a better relation between the customer and the organisation.

Angeles (2001) lists three extranet-based ecommerce strategies:

1. Channel expansion, using extranets to open new sales channels

2. Channel enablement, sales and distribution channels can deploy extranets to deliver customer service or customer self-service.

3. Supply Chain Management, segments of the supply chain are streamlined through extranet links.

Lederer, Mirchandani and Sims (1998) have identified the top ten benefits of extranets.

FIGURE 8 TOP 10 BENEFITS EXTRANETS (LEDERER, MIRCHANDANI AND SIMS, 1998)

The disadvantages of extranets are primarily operational; extranets can be expensive to set up and maintain; extra hardware is needed and so is extra training for the users. The security of the extranet is also a point of attention, only the people who are granted access to the extranet should be able to access the extranet, especially when the extranet contains information that should not be publicly available. To achieve this level of security, investments are necessary and security protocols need to be in place.

3.6 S

The security of the parties involved in e-business is of utmost importance. If one of the parties does not feel safe whilst conducting e-business the whole system collapses. The involvements of multiple information systems from various organisations make extranets even more

susceptible for foreign intrusions. Ensuring the data integrity and keeping alien users from

entering the extranet is something that needs to be taken care of during the implementation

process.

Schneier (2000) introduced three conditions for conducting secure electronic commerce:

- Privacy, only the persons involved in the transaction should be allowed access to the data transferred

- Authentication, all parties involved in a transaction should be the ones allowed

- Non-repudiability, there should be no option for deniability of sending or receiving messages. In other words, there should be a record when sending or receiving a message

FIGURE 9 COMPONENTS OF DATA & INFORMATION SECURITY (BASED ON BENYON-DAVIES, 2004)

Figure 9 gives an idea of how a secure connection over the internet is set up. The first step is

authorisation, as mentioned before; authorisation is the process of making sure that all parties

involved have the right to be part of the transaction. Once all parties are involved a secure

connection is set up. This connection is secure by encryption of all the data that passes

of encryption are beyond the scope of this thesis; keywords in encryption are block ciphers, stream ciphers and hashes.

The figure also mentions a digital signature. A digital signature serves as an identification of the sender and can serve as a means of checking whether the content of the message has been altered (cryptographic hash function).

The firewall is a system that checks every packet send to and from the organisation. It checks data packets on numerous rules. If data packages do not fit in these rules they are discarded.

This system is meant as the first line of defence against malicious traffic, such as hackers.

Figure 9 illustrates the security of the communication between the parties. The security of the data stored is important as well. Examples of threats for data are mentioned below (Benyon- Davies, 2004):

- Theft and fraud, the unauthorised editing of information or extracting corporate information without permission

- Confidentiality, an authorised person accesses information that is confidential and discloses that information to an external party

- Privacy, an unauthorised person accesses information held by the organisation on other persons

- Integrity, computer viruses can cause data to be unusable, so can the malfunctioning of

computer hardware

- Availability, when a system becomes unreachable due to natural or human causes

It is often said that the largest threat for information is the person accessing that information, albeit authorised or unauthorised. Preventing data threats such as mentioned above are countered by using computer-based security measures as well as non-computer-based

measures. Some computer-based measures are mentioned above, such as data encryption and user authentication. This usually exhibits in username and password combinations or similar constructs.

Non-computer-based measures are often based on protocols and division of responsibility.

Examples of such measures are (Benyon-Davies, 2004):

- Establishing and enforcing a security policy

- Establishing suitable personnel controls

- Making the computer hardware that stores the data physically less accessible

- Storing back-ups off-site and fire-proof

Data security is a matter of both electronic and non-electronic measures. Neither should be neglected, because the whole security system would be compromised.

When considering EDI and I-EDI systems, the level of security offered differs slightly. EDI is

more secure because of more secure communication protocols. That however does not mean

on what the initiator wants and expects. These are however dependent on systems used and the requirements of the initiator. The security can range from username/password

combinations up to fully encrypted tunnels (point-to-point connections) over the internet.

It is not possible to give a best solution, as securing extranet connections is dependent on the intentions of the initiating organisation.

3.7 EDI, I-EDI

?

The question that pops up after this chapter is whether one the described IOS‟s can be

considered better than the others or is the successor of the other. Even though EDI has served its purpose over the last decades, the internet has proven to be a much more versatile and open environment. As Chan and Davis (2000) put it: “Extranets are less expensive and offer more functionality than EDI systems.” The openness of the internet together with its low entry threshold makes it much more cost-effective to use a basis for value-chain cooperation. That discards EDI systems, and leaves I-EDI systems and extranets. The author is of the opinion that I-EDI systems are aimed more towards transactions, whereas extranets are aimed more towards providing information. An I-EDI system can be part of an extranet, or even

considered being the extranet, whereas an extranet cannot be considered an I-EDI system.

Both extranet and I-EDI use the same technologies and serve the same purpose; increase the cooperation within a value chain. The term extranet will be used further in this thesis, but one can interchange it with I-EDI.

If an organisation decides to implement an extranet, it is not just installing the system; the

organisation needs to be prepared for this new way of contact with suppliers and customers.

This new way of contact necessitates prerequisites that are adapted to the use of extranets in

the organisation.

4 E XTRANET IMPLEMENTATION PREREQUISITES

The previous chapters introduced the concept of B2B electronic commerce and the

information system associated with this. B2B electronic systems, i.e. extranets, offer many advantages for organisations. However, implementing an extranet is not straightforward. An organisation needs to be prepared before it can implement an extranet. This chapter will discuss the prerequisites for an organisation before successfully implementing an extranet.

The third research question was: “what are the prerequisites for implementing an extranet?”

This chapter will give an answer to that question.

The next chapter (five) will discuss the actual steps necessary for successfully implement the extranet.

4.1 S

-

According to Porter (2001) strategy has become even more important since the commercial use of the internet has taken shape from the second half of the 1990s on. He regards

information systems and the internet as excellent tools for achieving operational excellence.

As information systems are increasingly becoming the basis of around which business processes are set up, their strategic importance increases. This strategic importance has its consequences on the strategy of the organisation. Achieving a fit between an organisation and its information system(s) starts with the organisations‟ business strategy. Without a proper strategy, an organisation is directionless. Research conducted in the past have revealed that the business strategy has at least some influence on business performance (Croteau &

Bergeron, 2001).

“Strategy is the creation of a unique and valuable position, involving a different set of activities” (Porter, 1996). This is the essence of strategy in one sentence. It is however not as straightforward as it might sound. Creating a unique and valuable position is very difficult in an environment that moves at increasing speeds and over ever larger distances. These

developments allow the world to turn into one large market; commerce has evolved from local through national to global. As the communication methods have improved in speed and decreased in costs, their importance for organisations have increased. A strategy should therefore incorporate some flexibility to handle the technical, social and economical

consequences of these developments, especially as strategies are designed for the long(er) run.

Defining a strategy

A strategy requires discipline and a strong focus on profitability and not (just) growth. An organisation can have the largest market share in one area but if it is not profitable, it will not survive. The discipline and focus are however not enough, an organisation should have an unique value proposition, it should ask itself continuously what makes the organisation stand out from the competition and does the buyer know that or doesn‟t (s)he care?

Without a properly designed strategy and execution, an organisation has a much harder time

surviving, point in case is the dot-com crash in the early 2000s. The question remains on how

to produce a proper strategy. The business strategy design process consists of three phases

(Johnson & Scholes, 2000):

- Strategic analysis

- Strategic choice

- Strategic implementation

These phases and their hierarchy are expanded in figure 10.

The first step when designing a strategy is thinking about the mission of the organisation. The mission is a list of a limited number of statements for future intentions. A number of goals are set for each mission statement. An example of a mission statement is: “become the industry cost leader”. The goal accompanying that mission statement might be; “reduce production costs with 5% in the next three years”.

Based on the mission statements and goals, a strategy is developed to achieve these goals.

Once the strategy is developed the more practical policies are developed and executed.

FIGURE 10 STRATEGY MAKING PROCESS (BENYON-DAVIES, 2004)

Developing a strategy is not just based on a mission which some manager came up with. It is a process of getting to understand both the internal as well as the external environments of the organisation. Based on these environmental analyses the position of the organisation can be determined, which is the basis for the strategic positioning of the organisation. Porter‟s five forces model is a tool for assessing an organisations‟ environment

.

The business strategy should answer the following question: “Where is the business going and how?” It should be a compact and to-the-point document.

2 Porter, M.E., How competitive forces shape strategy, Harvard Business Review, March – April 1979, pp. 137-

The business strategy is aimed at the longer term. It does not contain goals for the near future.

Neither should it vague, such as by stating the organisation will “offer the best service”. The internal and external analyses have indicated the position of the strategy-making organisation compared with competitors. And that should give ample indications for designing a strategy.

As Information and Communication Technologies (ICT, often abbreviated to IT in the USA) have gained increasingly more influence over business processes, their strategic impact is therefore increased. It is therefore logical that a separate ICT strategy is developed. However, it is not as straightforward as it might sound. This chapter will continue by expanding on that subject.

4.2 B

As said before, Information systems are becoming increasingly important in supporting business processes and the general management of organisations. This increasing importance has led to the development of a separate ICT strategy or policy. There are two approaches to the collaboration between ICT and business processes; ICT policy and ICT strategy. The choice between the two depends on how ICT is used in the organisation and what the intentions are.

Ross (2003) states, just like Henderson and Venkatraman (1993), that ICT policy has often

been used as a means to support the business strategy. However, as organisations have

become increasingly dependent on ICT, the role changes from supporting the business to a

direction giving role, therefore becoming strategically important. In order to support this

change process, organisations must develop organisational competencies. Ross identified four

stages in the alignment between business and ICT, these stages are illustrated in the figure below.

The main difference between the stages is the relation between the ICT department and business management. The more to the right, the more strategically important ICT becomes.

Accompanying these stages, Ross (2003) also gives six lessons from her model:

1. Focus on alignment of core business processes, when attempting to link all business processes the implementation will almost certainly fail.

2. Don‟t skip or rush through stages, skipping stages leads the organisation into unknown waters, resulting in failures or delayed benefits. Benefits are best reaped when

improving the current stage.

3. Recognise that complex organisations have multiple architectures, which may be at

FIGURE 11 THE FOUR STAGES OF IT AND ORGANISATIONAL ALIGNMENT (ROSS, 2003)

4. Institutionalise learning about architecture in appropriate governance mechanisms.

5. Continue the dialog; the alignment process is never complete. Ongoing dialog enables management to continuously zero in on issues.

6. Keep the alignment capabilities in-house, aligning the business and ICT require a close link between the two.

These stages indicate the development of information systems in organisations and how they grow with them. The more an information system is intertwined with an organisation the more strategically important it becomes. The result of a properly executed IT planning is a strategic alignment between IT and the business, and because of that a higher return on IT investments.

There will also be more focus on the strategic impact of initiatives.

This paragraph mentioned the business strategy and the role of ICT within that. The next paragraph will expand on that.

4.3 ICT

& ICT

The difference between the ICT policy and ICT strategy is that the ICT policy is subordinate

to the business strategy, whereas the ICT strategy is on the same level or even leading the

business strategy. The ICT policy is also more aimed at executing the strategy, whereas the

ICT strategy has a higher abstraction level. Figure 12 illustrates the connections between the

various strategies and policies.

FIGURE 12 ORGANISATIONAL DESIGN AND INFORMATION SYSTEMS DESIGN ACTIVITIES (BASED ON HENDERSON

& VENKATRAMAN, 1993)

The choice for an ICT policy or strategy depends on the current stage (Ross, 2003) of ICT use in an organisation and the policies for the future.

4.4 ICT

Peppard and Ward (1999) conducted research into the gap that exists between an organisation and their ICT. Their conclusion is that building a high performance ICT infrastructure is not only about the ICT department‟s ability to build, maintain and deliver systems, but it is an organisational wide activity requiring a strong business/ICT partnership (alignment). This is in line with Ross (2003). This alignment can be achieved by implementing an ICT strategy.

The main difference between business strategy and ICT strategy is the scope of the ICT

strategy. Where the business strategy regards the entire business, the ICT strategy is focused on the ICT systems and their role within the organisation.

Henderson and Venkatraman (1993) have made four alignment perspectives based on figure 12. These alignment perspectives give different causalities between the various domains in the figure. Alignment is the process of getting the business and ICT working on achieving the same goals.

The first perspective, the strategy execution alignment perspective, assumes a business strategy has been developed. This business strategy is the driver of both the organisational design choices and the design of the ICT infrastructure. This perspective is closest to the classical hierarchical view of strategic management. Top management formulates the business strategy, the ICT management designs and implements the ICT infrastructure. The

implemented ICT infrastructure is reviewed by using financial parameters.

The second perspective, the technology transformation alignment perspective, also uses the business strategy as the driver, but delegates the ICT part of the business strategy to a separate ICT strategy. The aim is to identify the best possible ICT competencies and through

positioning in the ICT marketplace, as well as identifying the corresponding ICT internal ICT architecture.

The third perspective is the competitive potential alignment perspective. This perspective

looks at how emerging ICT capabilities can be used for new products and services, influence

the key attributes of strategy and develop new forms of relationships. This perspective uses

the emerging ICT capabilities as a basis for changes in the business strategy. The idea is to

identify the best set of strategic options and the corresponding set of decisions pertaining to organisational infrastructure and processes.

The final perspective is the service level alignment perspective, this perspective focuses on building a top IS service organisation. Understanding the external environment of the ICT strategy and the internal design of the ICT infrastructure is key. This strategic fit takes the IS customers as a starting point. The business strategy is seen a document for providing the direction for stimulating customer demand.

These four alignment perspectives are all proper perspectives, one is not better than the other.

It all depends on the role executive and ICT management have within an organisation. It is something which might have grown unconsciously, without intent. It is also something that cannot be changed without a long-term plan.

ICT strategy plays an important role in three of the perspectives. That indicates the importance of this strategy.

4.5 M

ICT

The ICT strategy making process is similar to the business strategy making process (Figure

10). The difference is the scope of the process. Where the business strategy concerns the

entire organisation, the ICT strategy concerns the ICT capability developments and the

alignment with the organisation and its goals. The ICT strategy and business strategy are

effectively two different strategies, but both are also interdependent. Nowadays, it is almost

impossible to run an organisation without ICT. Even though applications of ICT vary a lot between (or even within) organisations, as Ross (2003) showed.

4.6 O

Now that the organisation has adapted its policies and strategy to contain its information systems and the future goals of these systems the implementation of an extranet is a step closer. The prerequisites are however not only the inclusion of ICT in the business strategy or a separate ICT strategy, but also a number of other factors. Chan and Davis (2000) list a number of concerns of which organisations should be aware before implementing an extranet:

- An extranet should not be implemented because the competitors have one.

- Successful implementations start by asking “what are the strategic applications of the new technology” and “how can a competitive advantage be achieved by installing an extranet?”

- An organisation that has problems with its information system(s) should improve its current situation before implementing an extranet. As current problem(s) will be magnified by implementing an extranet.

- The ICT department should have protocols in place for dealing with system failure.

Failures of systems can cost a lot of money, especially if business is conducted

through these systems

- Extranet applications should start small and build on successful projects. The idea is that small successful projects are more easily extended to other parts of the business and therefore improving the integration of the extranet in the business.

- The information security of the extranet is very important. The involvement of ICT and non-ICT departments is necessary for making protocols and solving technical issues.

- Most costs incurred in extranet implementation are „people costs‟. Costs that are generated while training employees and external users in using the extranet.

- External users might not have the technological knowledge, fluency in the corporate language or committed to the extranet. Therefore, the design of the extranet should take the „ease of use‟ into account.

Armstrong and Sambamurthy (1999) conducted research into the influence of (1) the quality

of senior leadership, (2) the sophistication of the ICT infrastructure and (3) the organisational

size, on ICT assimilation in firms. They concluded that the top management team (which

includes the CEO, CFO, CIO, etc) is of critical influence on the ability of an organisation in

assimilating ICT. Their second conclusion was that the knowledge of a CIO of both the ICT

and business sides of an organisation is essential for an enhanced assimilation of ICT. Their

third conclusion was that sophisticated ICT architectures foster greater ICT assimilation. In

contrast with organisation size, which does not seem to be of influence on ICT assimilation.

4.7 E

Kallioranta and Vlosky (2004) made the model stated below (figure 13) as their framework for extranet implementation. The author of this thesis wants to fill in the space of the extranet implementation part of the Kallioranta and Vlosky framework. Based on an earlier article by Vlosky et al. (2000), a number of factors are listed that influence the implementation success of an extranet from a supplier‟s perspective.

FIGURE 13 SUPPLIER PERSPECTIVE MODEL OF EXTRANET IMPLEMENTATION SUCCESS AND PERFORMANCE (KALLIORANTA AND VLOSKY, 2004)

- Corporate culture, corporate culture in the extranet context is predominantly the way knowledge is shared internally and with external partners.

- Corporate structure, according to Hamill (2000) the following factors restrict extranet implementation: lack of commitment, management fear, and user resistance.

- Corporate strategy, the relation between corporate (business) strategy and extranets has been discussed in this chapter and does not need to be repeated.

- Information / technical resources, Varadarajan and Yadav (2002) argue that the ability

of an organisation to collect and process information on partners and customers is of

influence on the competitive advantage of the organisation. The better an organisation is at that, the better its competitive advantage.

- Environment, the macro environment of an organisation consists of the following factors: law, politics, regulations, social structure, culture, economy and technology (Varadarajan and Yadav, 2002). The desire to implement an extranet must fit within the context as set by the factors influencing the macro environment.

- Competitors, as said before, an extranet should not be implemented because competitors have done so. However, not doing so might lead to a competitive disadvantage.

- Exchange partners, organisations should carefully consider implementing an extranet when they cannot be sure whether the extranet implementation is mutually beneficial and profitable for both the initiating organisation as its partners.

4.8 C

The main question for this chapter was: “what are the prerequisites for implementing an extranet?” This question will be answered by giving the main results of this chapter by bullet points.

1. The implementation of an extranet should fit within a larger strategy.

2. The ICT goals and ways to achieve these goals of the originating organisation should be formalised in an ICT policy or strategy.

3. An extranet should align with the existing information system(s).

4. Internal and external factors have large influence on the originating organisation and its information system(s) and the use of the extranet

Chapter 5 will introduce the implementation model that will guide an organisation in

developing and implementing an extranet.

5 E XTRANET IMPLEMENTATION PROCESS

The assumption is made that an organisation has decided to implement an extranet and the organisation suited for the implementation. In addition, the organisation has a clear idea of what the role of the extranet is within the larger context of the business strategy. An

organisation should therefore have a clear idea of what it wants and what it should expect in return. Information systems are not „magic bullets‟ that shoot and solve everything they hit

.

This chapter will answer three of the research questions developed in the beginning of this thesis:

 How can an extranet or I-EDI system be implemented?

 What are the issues when implementing an extranet or I-EDI system?

 How can the implementation of an extranet be evaluated?

Anatomy of an implementation process

The implementation of an extranet is the process that starts when the need for an extranet is recognised and ends with extranet being taken in use. In order to implement an extranet successfully a number of steps need to taken.

3 Markus, M.L., Benjamin, R.I., The magic bullet theory in IT-enabled transformation, Sloan management

These steps are described by Mintzberg (1976) and further by Boonstra (2003). They both describe decision making processes, where Boonstra primarily focuses on IS decision-making processes. These processes can be used as bases for the model to describe how to implement an extranet. The author was unable to find models specifically aimed at implementing

information systems. Kallioranta and Vlosky (2004) have started developing one specifically aimed at extranets, but don‟t seem to have finished it, they do give factors that influence the implementation of an extranet. Other authors (Vlosky (2000), Armstrong and Sambamurthy (1999)) also give areas of attention when implementing an extranet.

Every decision is the result of a decision-making process. The decision to invest in an

information system is the result of such a process. A decision-making process is however not straightforward and can contain many different steps. The research area is illustrated in the following figure.

FIGURE 14 INFORMATION SYSTEM DECISION MAKING PROCESS (A. BOONSTRA, 2003)

A. Boonstra (2003) conducted research in the decision making processes that take place in organisations concerning information systems. The difference between Boonstra and other researches in the IS decision-making field is that Boonstra uses a wider context. Most previous researches assume a mainly rational view. The rational view assumes that

stakeholders agree on the reason for existence of the organisation and its capabilities. Another

view of looking at decision-making processes is rooted partly in psychology and partly in political science and sociology. Researchers in these fields conclude that decision-making processes are often influenced by:

 The limited ability of people to process information

 Disagreement among stakeholders

 Change, uncertainty and indistinct objectives

 Psychological barriers of individuals and groups to adapt information and act in a rational way

 The tendency towards incrementalism and arbitrariness in decision-making

In order to model these processes and take the influences mentioned above into account Mintzberg made a number of path configurations.

There are quite a number of different decision-making patterns or path configurations (Mintzberg et al, 1976, based on Simon, 1960):

 Simple impasse, there is a readymade solution

 Political design, there is repetition in the design, analysis and negotiations

 Basic search, the choice is between various readymade solutions

 Modified search, the solutions available need to be customised

 Basic design, a customised, complex and innovative solution is developed

 Dynamic design, the steps in the decision-making process are repeated multiple times

The above mentioned configurations follow different paths in the figure placed below.

FIGURE 15 GENERAL MODEL OF A DECISION-MAKING PROCESS (MINTZBERG ET AL., 1976)

A simple impasse for example will go straight from diagnosis to evaluation choice to authorisation. In such cases there is little need for complex decision making models (figure 16).

FIGURE 16 GRAPHICAL REPRESENTATION OF A SIMPLE IMPASSE (A. BOONSTRA, 2003)

As the list of configurations is followed the complexity increases. The figure for Dynamic design looks like this (figure 17).

FIGURE 17 GRAPHICAL REPRESENTATION OF A DYNAMIC DESIGN (A. BOONSTRA, 2003)

It is clear that the more complex the decision making process gets, the higher the need for structure becomes. The time frame for each configuration also differs; a simple impasse can be dealt with in a couple of weeks or maybe even days, whereas a dynamic design‟s time frame will be months or even years.

The implementation of an extranet is a complicated process, as it influences both the internal organisation as well as the communication with external users. The complexity is however dependent on what an organisation wishes to achieve with the extranet. This is the first question an organisation should ask itself.

5.1 IS

Boonstra (2003) identified five relevant factors for IS decision making processes, formulated

in questions:

1. The question whether there is scope to design a solution (readymade, modified or customised);

2. The question whether a search must be made to distinct IS alternatives (one, few or many alternatives);

3. The degree of urgency and necessity from the perspective of the decision-makers (crisis, problem or opportunity);

4. The question whether the IS decision can be subdivided in order to follow a more gradual process path (planned vs. incremental) if the direction is unclear;

5. The number and influence of stakeholders involved in the process and the extent that their interests vary and contrast

These questions help in choosing the right path to follow. There is however no universal right path, every problem requires its own solution and above stated questions guide the quest for the right solution. It is likely that a problem can be solved in different ways, using different paths. Once the proper solution is found and authorisation is given the solution can be implemented. This implementation process is also not without pitfalls, if not controlled carefully the costs and time involved can still spiral out of control.

5.2 M

Based on the groundwork laid by Boonstra, The author would like to add two steps to broaden this model from a model of decision-making processes (figure 15) to an information system implementation model (figure 18). These two steps are (1) an extended identification stage and (2) the implementation stage. A smaller addition is the programming step. The additions are boxed in red in the IS implementation model.

The reason that the decision-making process is taken as a base and is such a large part is that once the preparation is correctly executed the implementation and evaluation should be relatively straightforward. Alternatively, as a Dutch saying goes: “een goede voorbereiding is het halve werk”. Or to cite Kallioranta and Vlosky (2003): “

technologies as a source of competitive advantage derives from successful execution and potential to impact value chain activities”

. Value chain activities are different from organisation to

organisation and can therefore not easily be included in a model. The execution of information technologies is, in the perception of the author, the implementation of the information system. And the how and why decisions are made is paramount for the

implementation process, in other words the decision-making process. The development of an

implementation model is therefore of great importance for the success of an extranet. And as

no models exist that guide organisations in this process great gains can be made.

FIGURE 18 PROPOSED MODEL FOR IMPLEMENTATION

5.3 I

5.3.1 R

There are a number of reasons why an organisation would want an extranet. These can be driven from within the organisation (operational effectiveness) or from external factors.

Factors that influence organisations in implementing an extranet have been discussed in

chapter four (Chan and Davis (2000), Kallioranta and Vlosky (2004)). Mintzberg et al. (1976)

distinguish three stimuli types that trigger decision recognition routines: opportunity, crisis

and problem decisions.

 The opportunity trigger is often dormant in someone‟s mind until he is in a position that allows him to act to that trigger. The opportunity is often based on an idea or a single stimulus.

 The crisis decision is triggered by an event that requires immediate action or the organisation might suffer serious damage. There is no time for planning or decision making processes.

 The problem decision is usually triggered by multiple stimuli and as they are less prone to pressure in time, a decision making process is followed.

The decision to implement an extranet can originate from either an opportunity or problem. It is highly unlikely that an extranet is implemented from a crisis situation.

5.3.2 D

Once the threshold level for stimuli is reached, the decision for an extranet is made, but what kind of extranet to implement. It depends, among other factors, on the current information systems of the organisation and the communication that is expected from the external users.

Considering the evolution of internet presence (Sharma, 2002) and the stages of ICT and

organisational alignment (Ross, 2003) an organisation should not and cannot implement a

system that is ahead of the abilities of the current information system use within an

organisation. A part of the diagnosis step is establishing ground rules by which search for

solutions. These ground rules are the criteria by which the possible solutions should be

scrutinised.

Angeles (2001) also states, rightfully, that the initiating organisation should take a proactive role in organising and motivating its partners in participating in the design of the extranet.

5.4 D

5.4.1 S

The organisation has chosen the aim of the extranet and now has to find a solution that fits the aim. There are a number of options:

- (Commercial) Off The Shelf ((C)OTS) software - Customise the ((C)OTS) software

- Built your own software

(C)OTS software is software which is ready to go. Customisation of software is adapting existing software to the wishes of the customer beyond the extent of the standard

configuration options of the software. It can be as “small” as changing the user interface to adding or removing functionalities to the software. Customising software is usually faster than building your own and less costly, because less time is needed. On the other hand is the customised software still not completely adapted to the organisation. There will always be an element of the base software visible.

Building your own software can be difficult and time-consuming. However, it allows for software that is fully optimised for the environment in which it will operate. It can also create a strategic advantage as the competition is not able to copy the software, or at least not easily.

The main drawbacks are the costs and time involved. Costs are high because of the time

programmers need to spend on the design and programming of the software.

The pricing is almost certainly an issue when deciding which software to use. Generally, the conclusion can be drawn that the more time is necessary for the software the more expensive it is. Off the shelf software is the cheapest option as it doesn‟t need much labour. The

difference between customisation and own software can be small as it all depends on the requirements, the amount of labour that is put in, and the amount of testing that is done.

The choice for one of the three types of software also depends on the business process(es) it needs to support. Generic business processes, such as email, can do with OTS software, such as Microsoft Outlook One could say that the closer a business process is to the core business processes of an organisation the more customised the software needs to be.

5.4.2 S

A screening is performed to make sure the right choice is made. It is an integral part of the search process that the alternatives are reflected upon. This process matches the requirements set by the organisation to the results of the search process, eliminating the least matching options.

5.4.3 D

Depending on the choices made in the search and screen processes a system is to be designed, customised or installed.

A designed solution is a much more complex process as there is no basis from which to build.

This process usually starts with a vague idea of what the system should look like. They then

go through the decision-making processes a number of times so that an increasingly clearer image of a solution is formed.

The customisation of existing software follows a similar pattern, but as the result is (assumed to be) much clearer there is less repetition.

The result of the design phase can take two directions; the first is to evaluation and the second is to programming. The decision between the two depends on the stage in which the design is.

It is not very efficient to start programming from the beginning. It is better to wait with programming until a basis is designed which can be improved upon, unless an organisation uses a program design method such as prototyping. It is a matter of approach.

5.4.4 P

Once a decision has been made on the design of the application the programming can start.

There are a number of system development methodologies, prototyping has been mentioned

before. Other approaches are waterfall, parallel, phased, throwaway prototyping and xp. Each

of these methodologies has its own properties that make it suited for particular applications.