IN 320 Strategic Use of Information Technology: Class 4

Judith A. Molka-Danielsen
email: molka@hiMolde.no

January 19, 1999

1 Value Chain Analysis

This framework is by Porter and Miller, 1985. It seeks to identify areas where value is created for the customer. Here is a 5 step approach to executing the analysis.

1. Assess the Information Intensity of each link. You can use the Strategic Impact Grid to determine high intensity in business units, and to identify opportunity.
2. Determine the Role of IT in the industry structure. Indetify presures from buyers, suppliers, and competitors. Can use the Forces model.
3. Identify and rank ways that IT can create a competitive advantage. (If IT's effect on links are high cost or they are critical to areas of business activity, then focus on these areas. Anticipate the effect of applying IT on market position, products and services.
4. Investigate how IT might spawn new businesses. (What information can be sold? What processing capacity exists internally to start new businesses? Does IT make it possible to produce new products and services?)
5. Develop a plan for taking advantage of IT. The plan should be business driven, not technology driven.

2 The Strategic Impact Grid

The Strategic Impact Grid by F.W. McFarlan (1983), identifies how important IT is to the firm, and tries to assess the level of attention needed to manage current and new IT systems.

A firm can use the grid to compare its business units or divisions.

• The grid can be used to observe changes in IT importance over time.
• The grid does not suggest when changes between quadrants are appropriate.
• The grid looks at current and planned operations, so it does not identify SIS opportunities.
• It is used to evaluate the business value of current or planned IT in the firm.

Organizations can be classified in these categories:

• Support Category - organization is well established manufacturing related firms. Success hindges on efficiency of operations. Concerned with present operations. A well positioned firm should maintain steady support of IS at minimal cost. If firm is missing IS opportunities the IS manager will need to move the firm to the Turnaround category, perhaps through education of employees.
• Turnaround Category - organizations can move from the support category to here. New IT or industry changes are external factors. Firms in this category often offer information services. This is a temporary category. Firms may move to Factory category if strategic developments are not followed up. If follow up occurs, the company may move into the Strategic category. Changes with strategic value are encouraged here. IS manager should be flexible and receptive to additional opportunities. Joint efforts with users, research, demonstrations, news reports are recommended.
• Factory Category - organizations have implemented systems with a strategic impact, but there are no new developments planned. Characteristic of service companies, who depend on a few information intensive activities, ie. airlines. Activities of the IS department are more sophisticated than in the support category, but IS dept. role is still operational. Here the IS dept. should maintain and improve existing systems. Do this by sustaining strategic value of IT through education programs and efficiency/effectiveness programs. Sometimes invest in new technology if it improves effectiveness and efficiency of existing systems. Can move to Turnaround category.
• Strategic Category - organizations that are the most dependent on information, ie. finance, banks, insurance, stock brokerage firms. Here IS dept. works with senior management to set strategy. The IS manager is one of the top management. Planning is pro-active. Risks are high. IT is integrated into the firms organizational functions and business activities.

• In what part of the Strategic Grid is firm X located?
• What is the classification of IT system that firm X needs?
• What section of the Strategic Grid will the firm move to?

3 Five Questions by McFarlan

Warren McFarlan suggests 5 questions be used with the Strategic (Impact) Grid. He says if the firm answers "yes" to any of these questions, then IT as a resource should be given attention. The idea is also to locate SIS opportunities and assess the impact of IT in the market.

1. Can IS Technology Build Barriers to Entry? (electronic links are expensive to build, can they be easily duplicated?)
2. Can IS Technology Build in Switching Costs for Customers? (build electronic dependencies, maintenance and callback.)
3. Can the Technology Change the Basis of Competition? (how can IT help with Porter's strategies?)
4. Can IS Change the Balance of Power in Supplier Relationships? (ie. JIT delivery systems?)
5. Can IS Technology Generate New Products? (repackage old products)

4 Critical Success Factors

Areas that the firm must be successful in, in order to compete. This is a top-down analysis. Management must decide what areas are critical. These areas must be measured for their business value. These areas are then target areas for control.

Where to find CSFs:

• Industry: factors common to all firms in the industry.
• Competitive Strategy and Industry Position: size, location, market niche.
• Environmental factors: balance of trade, exchange rate.
• Temporal factors: relevant only for a period of time.
• Managerial Position: functional units of the organization.

The procedure to identify CSF involves 2 or 3 interviews with top management or company employees.

1. First Interview: identify managers goals and discuss information or actions that are needed to meet these goals.
2. Second Interview: results of the first session are reviewed. The list of CSF is tidied up by adding or subtracting CSF.
3. Third Meeting: obtain final agreement on overall goals. Specify actions that will assure goals.
4. Focus on three to six CSF.

Example: 3 Health Clinics choose different sets of CSFs and different order of importance.

Clinic 1:

• government regulation
• efficiency of operations
• patients view of practice
• relation to hospital
• malpractice insurance effects
• relations to community

• quality and comprehensive care
• federal funding
• government regulation
• efficiency of operations
• patients view of practice
• other providers
• relation to hospital

• efficiency of operations
• staffing occupation mix
• government regulation
• patients view of practice
• relations to community
• relation to hospital

What would be the Critical Success Factors of an Internet Access Provider company? In what areas would the company have to succeed in order compete?

5 Risk Assessment

Corporate Risk is unanticipated variation in corporate outcome variables. The outcome variables include performance items such as: return on investment, stock returns volatility, deviations from financial analysis of stock values, sales, market share,etc.

There are many sources of Uncertainty (or unpredictability) that increase the total risk to the corporation. Some of the sources of uncertainty are Environmental, external to the organization, and some are Operational, internal to the organization. The corporation often does not have control over external uncertainties. These uncertainties become restraints. The corporation should have control over many internal uncertainties. These internal uncertainties are decision points that can be viewed as Strategic Options.

Laudon and Laudon talk about redesigning the organization in Chapter 11. They have 4 levels of reorganization: automation, rationalization, reengineering, and paradigm shift. Some authors distinguish further the third type of redesign, which is "reengineering".

• They say, First that "reengineering" or Business Process Redesign is about changing the quality or efficiency of existing business systems for support the firms strategy. (This is still different from rationalization of procedures. It can also involve combining steps to be more efficient.)
• Second, Process Innovation is about changing the firms processes to create more value, but to keep the firms vision or strategy the same.

• Finally, they use the term Business Revisioning, which is equivalent to Laudon and Laudon's "Paradigm Shift". This is when the company changes its vision or strategy, its whole way of competing. This third level also involves changes in systems to support the new vision.

Five components of risk in re-engineering efforts are:

• Financial Risk (not completing project on time and within budget),
• Technical Risk (limited capabilities of technology cannot support complex system design),
• Project Risk (projects must have phases properly sequenced, transition from one working system to another),
• Functional Risk (the completed systems do not have the right capabilities because the organization misunderstood its needs or their needs changed) and
• Political Risk (systems not being completed because of resistance to change or loss of support).

The following is a sample of Risk Assessment frameworks. There are many ways in which a business can assess risks. I will add some newer references in class. However, the basic elements presented here are still valid.

• Integrated Risk Management (Kent Miller, 1991)
• Strategic Planning with Risk Management (F.J.Kakis,1994)
• Scenario Analysis (E.K.Clemons, P.J.H.Schoemaker,1995)
• Project Risk Analysis (Pfleeger, 1991)

6 Integrated Risk Management

IRM views risks as coming from 3 Levels of sources. Uncertainty tradeoffs can only be made by considering all three levels of uncertainties.

Categories of Uncertainties:

• General Environment Uncertainties
  • Political Instability: war, revolution, democratic change, etc.
  • Government Policy Instability: fiscal and monetary reforms, price controls, trade restrictions, government commitment to existing statutes, inadequate provision of public goods, communications infrastructure, etc.
  • Macroeconomic Uncertainties: inflation, changes in relative price, foreign exchange rates, interest rates, purchasing power, etc.
  • Social Uncertainties: social unrest, riots, demonstrations, or society bypassing government by going to business for reform.
  • Natural Uncertainties: natural disasters (hurricanes, floods, etc.)
• Industry Variables Uncertainties
  • Input Market Uncertainty: quality uncertainty, shift in market supply, changes in quality used by other buyers;
  • Product Market Uncertainty: change in consumer tastes, availability of substitute goods, scarcity of complementary goods;
  • Competitive Uncertainty: rivalry among competitors, new entrants, product or process innovation.

• Firm-Specific Variable Uncertainties
  • Operational: labor changes in productivity, employee safety, input supply, raw material shortages, quality changes, production uncertainties, machine failures, production errors, etc.
  • Liability: product liability, emission of pollutants.
  • Research and Development: lack of foresight, uncertain results, risk of sharing know how and trust.
  • Credit: problems with collectibles.
  • Behavioral: managerial or employee self interest behavior.

Here is a summary of some responses to Uncertainties.

• Financial risk management
  • forward or futures contracts
  • insurance
• Strategic management
  • Avoidance
    • divestment from market
    • delay new market entry
    • enter in only low uncertainty niche markets
  • Control
    • political activities, lobbying
    • exchange market threats with competitors
    • try to deter new entrants
    • vertical integration
    • horizontal mergers
  • Cooperation
    • long term contract with suppliers or buyers
    • voluntary restraint of competition
    • alliances or joint ventures
    • franchising agreements
    • licensing and subcontracting agreements
    • participation in consortium
    • sharing executive board members
    • exchanging or sharing personnel
  • Imitation
    • imitate product or process technologies
    • follow other firms moving into new markets
  • Flexibility
    • widen scope of products offered or geographic area served
    • operational flexibility in: input sourcing, work force size, work force skills, flexible general equipment (computers), multinational equipment (inter-connectivity through standards)

Examples of uncertainty trade-offs would be:

• Forward contract: Exchanging foreign currency for home currency will reduce uncertainty about the future exchange rate, but the firm must instead worry about home fiscal policy changes.
• Research and Development: Investing in new technology research may be needed to work against competitive threats, however, the value of the research may not match the investment. It can be unclear whether to be a leader or quick follower.
• Backward integration: can insure industry input supplies, but can make the supplier firm less responsive to quality demands because the supplier firm no longer has competitive pressures.
• Cooperative strategies: working with other competitors can remove uncertainty about their production plans and their use of future technology. However, the exposure is in both directions.

12 Step Strategic Planning with Risk Management

1. Outline the broad objectives of the firm. Objectives should be measurable and limited in number.
2. Identify environmental and operational uncertainty factors.
3. Breakdown risk management plan to department level.
4. Audit available resources: people, equipment, information.
5. Analysis Environmental and Operational constraints, like regulations, budgets, understaffing.
6. Create a timetable for the period the plan will cover.
7. Describe the review process: who will review the plan, what are the decision points, what will be used to monitor the effectiveness of the plan, what are the criteria for evaluation?
8. Create a list of action items, prioritise strategic actions.
9. Consider alternative actions, and analysis the risks, resources and rewards.
10. Set strategies for implementing the plan.
11. Assign who will do what task.
12. Assign chain of authority and responsibility.

8 Scenario Analysis

Scenario Analysis will acknowledge uncertainties, and highlight critical sources of uncertainty. It will develop a range of possible future scenarios and strategies, and acknowledge when data becomes meaningless. Scenario Analysis will NOT hide or remove uncertainty, develop one solution, or obtain unavailable market information. This approach helps firms to be more reponsive to different futures, but does not select a future.

The steps are as follows:

1. Discuss key uncertainties: environmental and operational.
2. Rank the environmental uncertainties. Pick the ones that have the greatest potential future impact on the firm.
3. Use the selected uncertainties as driving uncertainties. Combine these into future scenarios. So, if you have 2 driving uncertainties, there are 4 future scenarios to consider. If you have 3 driving uncertainties, there are 8 future scenarios to consider.
4. Try out the firms strategic choices under each future scenario. Actions can be classified as: no-brainers (beneficial in all futures), no-regrets (valuable in some futures, but not harmful in any), contingent (valuable in some futures but harmful in others), and no-ways (outcome in some futures is unacceptable, and firm may want to prevent the actions and avoid that possible future, perhaps by lobbying.)

9 Risk Analysis for Network Support Systems

An accounting approach can be used to observe the cost benefit tradeoffs of some material investments in Risk Management. This is Not a Cost-Benefit Analysis. It is a way of looking at the risk of losing company assests which can include: people, materials or information.

• Materials, such as network components are at risk for failure to function or be accessed. This can be address through adding components to increase the redundancy in the system, to increase network system reliability.
• Information is at risk due to security risks, or information handling errors. Information can be duplicated or security controls can be adopted.
• People can be lost from a firm by being hired by other firms, or through accidents. The loss of skill or information that an employee has may be difficult to quantify.

Here are some steps if you can estimate replacement costs and identify frequency of events.

1. Compute the Loss Per Incident (LPI). Determine the replacement cost of the network element, information or person. You can also consider future losses of sales, credibility to the firm, customers effected. Current loss and future loss are useful measures if the information is possible to obtain.
2. Determine the expected frequency of the incident, Pr(I), from public data or case studies or experience.
3. Compute the Annual Loss Expectancy, ALE = LPI * Pr(I)
4. List control points and possible control actions. Each control action has a cost. Cost(Action). For example, the cost of buying insurance.
5. Match control points with exposure points.
6. Try to quantify the percentage of effectiveness of each action (Eff.Per.)
7. Compute the Total Value (savings) of your actions. Tot.Val. = ALE - (Eff.Per. * ALE) + Cost(Action).