Abstract
Small or Medium-Sized Enterprises (SMEs) constitute a significant portion with in the world economy, especially for developing countries. In this context, the use of information technologies (IT) brought a leverage to gain competitive advantage in the market. In that regard, effective use of IT is vital to maintain successful business operations. Since assessment bring the improvement with it, assessment of IT use in SMEs would enhance business operations as well as organizational processes. This chapter presents an exploratory study with the practice of a new model for assessment of IT use in SMEs, which is called ITMEM: Information Technology Management Enhancement Model. This model aims to enhance IT management and processes within 5 domains (Identification, Selection, Acquisition, Exploitation and Protection) which brings together the organizational use of IT in a coherent whole. The model was developed upon a three-folded structure including (1) academic studies in technology management, (2) best practices which are developed for control over IT operations and processes including COBIT, CMMI and ITIL, and (3) standards about IT management and IT security. Data was collected by survey method including quantitative and qualitative approaches. Results were statistically tested for reliability and consistency. The findings were presented as strengths and weakness of cases in terms of IT use. In addition to that, implications about IT awareness, its utilization and protection, importance of assessment and relationship between organizational processes and IT use were reported. Interviews have been conducted with senior level personnel of IT departments in companies. The results presented that practicing assessment in companies is encouraging in terms of IT use by employees and increasing quality of business processes. The reported findings would be valuable asset for researchers who are developing a model, and for practitioners who are developing managerial implications about IT management and IT use in SMEs. In addition to that, it is believed that the research will contribute to literature in terms of implementing IT assessment on cases of SMEs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Applegate, L., Austin, R., & Soule, D. (2003). Corporate information strategy and management: Text and Cases (6th ed., pp. 114–151). OH: McGraw-Hill.
Badawy, M. K. (1998). Technology management education: Alternative models. California Management Review, 40(4), 94–116.
Benamati, J., Lederer, A. L., & Singh, M. (1997). Changing information technology and information technology management. Information & Management, 31(5), 275–288.
Boynton, A. C., Zmud, R. W., & Jacobs, G. C. (1994). The influence of IT management practice on IT use in large organizations. MIS Quarterly, 18(3), 299–318.
Carnegie Mellon University Software Engineering Institute. (2006). Appraisal requirements for CMMI (V 1.2). Integration the Vlsi Journal, 2. http://www.sei.cmu.edu/library/abstracts/reports/06tr011.cfm. Accessed 19 Sept 2011.
Carr, N. G. (2003). IT doesn’t matter. Harvard Business Review, 5, 5–12.
Cetindamar, D., Phaal, R., & Probert, D. (2009). Understanding technology management as a dynamic capability: A framework for technology management activities. Technovation, 29(4), 237–246.
Corbin, J., & Strauss, A. (2008). Basics of qualitative research. Basics of qualitative research grounded theory procedures and techniques. London: Sage.
Denzin, N. K. (2006). Sociological methods: A sourcebook (6th ed.). NJ: Transaction Publishers.
Devos, J., Landeghem, H. V., & Deschoolmeester, D. (2008). Outsourced information systems failures in SMEs: A multiple case study. Electronic Journal Information Systems Evaluation, 11(2), 73–82.
European Commission. (2008). eBusiness guide for SMEs. http://ec.europa.eu/enterprise/e-bsn/ebusiness-solutions-guide/docs/eBusiness_Guide_for_SMEs.pdf. Accessed 9 April 2012.
European Commission. (2009). Learning from peers: Best practices among European SMEs. http://ec.europa.eu/enterprise/sectors/ict/files/e-bsn/learning_from_peers_en.pdf. Accessed 2 April 2012.
European Commission. (2010). Internationalisation of European SMEs. http://ec.europa.eu/enterprise/policies/sme/market-access/files/internationalisation_of_european_smes_final_en.pdf. Accessed 20 April 2012.
European Commission. (2011). EU trade policy and SMEs. http://trade.ec.europa.eu/doclib/html/147637.htm. Accessed 27 May 2012.
Forrester, E. C., Buteau, B. L., & Shrum, S. (2011). CMMI for services: Guidelines for superior service (2nd ed.). Pennsylvania: SEI.
Glaser, B. G., & Strauss, A. L. (2009). The discovery of grounded theory: Strategies for qualitative research (4th ed.). Germany: Aldine de Gruyter.
Gregory, M. J. (1995). Technology management: a process approach. Proceedings of the Institution of Mechanical Engineers—Part B Journal of Engineering Manufacture, 209(52), 347–356. doi:10.1243/PIME_PROC_1995_209_094_02.
ISACA. (2011). COBIT-framework for IT Governance and control. http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx. Accessed 19 Sept 2011.
ISO. (2005). ISO/IEC 27002: Code of practice for information security management. http://www.iso.org/iso/catalogue_detail?csnumber=50297. Accessed 20 January 2011.
ISO. (2008). ISO/IEC 38500: Corporate governance of information technology. http://www.iso.org/iso/catalogue_detail?csnumber=51639. Accessed 2 January 2011.
ITIL. (2007). ITIL Version 3 Service Improvement. London: The stationery Office.
Karabacak, B., & Sogukpinar, I. (2005). ISRAM: Information security risk analysis method. Computers Security, 24(2), 147–159.
Kartiwi, M., & MacGregor, R. C. (2007). Electronic commerce adoption barriers in small to medium-sized enterprises (SMEs) in developed and developing countries. Journal of Electronic Commerce in Organizations, 5(3), 35–51.
Kling, R., & Lamb, R. (1999). IT and organizational change in digital economies. ACM SIGCAS Computers and Society, 29(3), 17.
KOSGEB. (2011). 2011–2013 KOBİ Stratejisi ve Eylem Planı (2011–13 SME strategies and action plans). http://www.sanayi.gov.tr/Files/Documents/KOSGEB_Katalog.pdf. Accessed 7 June 2012.
Laudon, J. P., & Laudon, K. C. (2012). Essentials of management information systems. Networks (10th ed., pp. 561–571). Prentice Hall.
Legris, P., & Ingham, J. (2003). Why do people use information technology? A critical review of the technology acceptance model. Information and Management, 40(3), 191–204.
Lindlof, T. R., & Taylor, B. C. (2002). Qualitative communication research methods. London: Sage.
Marquis, H. (2006). ITIL: What it is and what it isn’t? Business Communications Review, 36(12), 49–52.
Martin, E. W., Brown, C. V., Hoffer, J. A., Perkins, W. C., & DeHayes, D. W. (2011). Managing information technology: What managers need to know (7th ed.). NJ: Prentice Hall.
Ministry of Development. (2004). SME Strategy and action plan. http://www.dpt.gov.tr/DocObjects/Download/2297/strateji.pdf. Accessed 21 June 2012.
Ministry of Development. (2006). 9th Nationwide development plan. http://ekutup.dpt.gov.tr/plan/plan9.pdf. Accessed 21 June 2012.
Morimoto, S. (2009). Application of COBIT to security management in information systems development. In Proceedings of Fourth International Conference on Frontier of Computer Science and Technology, pp. 625–630.
Nieto, M. J., & Fernández, Z. (2005). The role of information technology in corporate strategy of small and medium enterprises. Journal of International Entrepreneurship, 3(4), 251–262.
OECD (2004).Türkiye’deki Küçük ve Orta Ölçekli Isletmeler-Mevcut Durum ve Politikalar (SMEs in Turkey-current status and policies). http://www.oecd.org/dataoecd/37/37/33705673.pdf. Accessed 3 May 2012.
Oyelaran-Oyeyinka, B., & Lal, K. (2006). Learning new technologies by small and medium enterprises in developing countries. Technovation, 26(2), 220–231.
Özkan, S., Hackney, R. A., & Bilgen, S. (2008). Process based information systems evaluation: towards the attributes of “PRISE”. Journal of Enterprise Information Management, 20(6), 700–725.
Phaal, R., Paterson, C. J., & Probert, D. R. (1998). Technology management in manufacturing business: process and practical assessment. Technovation, 18(8–9), 541–553.
Phaal, R., Farrukh, C. J. P., & Probert, D. R. (2004). A framework for supporting the management of technological knowledge. International Journal of Technology Management, 27(1), 1–15.
Powell, T. C., & Dent-Micallef, A. (1997). Information technology as competitive advantage: the role of human, business, and technology resources. Strategic Management Journal, 18(5), 375–405.
Ruiz-Mercader, J., Meroño-Cerdan, A. L., & Sabater-Sánchez, R. (2006). Information technology and learning: Their relationship and impact on organisational performance in small businesses. International Journal of Information Management, 26(1), 16–29.
Rush, H., Bessant, J., & Hobday, M. (2007). Assessing the technological capabilities of firms: Developing a policy tool. R&D Management, 37(3), 221–236.
SEI. (2011). Published appraisal results. https://sas.sei.cmu.edu/pars/pars.aspx. Accessed 21 June 2011.
Sezgin, E., & Özkan, S. (2010). ITMEM-information technology management enhancement model: Assessment of information technology use in organizations. Msc. thesis, Middle East Technical University (http://etd.lib.metu.edu.tr/upload/12612353/index.pdf).
Sezgin, E., & Özkan, S. (2011). Assessing information technology use in organizations: Developing a framework. Communications in Computer and Information Science, 220(4), 388–397.
Solms, R. V. (1998). Information security management (2): guidelines to the management of information technology security (GMITS). Information Management Computer Security, 6(5), 221–223.
Tranchard, S. (2008). ISO standard for corporate governance of information technology, ISO management systems, September–October 2008, p. 29 (www.iso.org/ims).
Von Solms, B. (2005). Information security governance: COBIT or ISO 17799 or both? Computers Security, 24(2), 99–104.
Von Solms, R., & Von Solms, S. (2004). From policies to culture. Computers Security, 23(4), 275–279.
Yin, R. K. (2009). Case study research: Design and methods (4th ed.). London: Sage.
Yoo, C., Yoon, J., Lee, B., Lee, C., Lee, J., Hyun, S., et al. (2006). A unified model for the implementation of both ISO 9001:2000 and CMMI by ISO-certified organizations. Journal of Systems and Software, 79(7), 954–961.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A. Sample List of Survey Questions of ITMEM
The actual survey consisted of 64 questions. The following 16 questions are presented to give the idea of how survey questions have been developed.
Appendix A. Sample List of Survey Questions of ITMEM
Survey questions | References | Related section of the references |
---|---|---|
For each question, the first row of references represents the primary reference as the source, and the following rows are supportive references | ||
Identification | ||
To what degree does IT take place in main strategic business goals? | Rush, H. Bessant, J. Hobday, M. Assessing the technological capabilities of firms: developing a policy tool, R&D Management, 2007, vol. 37, pp. 221–36 | Awareness |
COBIT 4.1, IT governance Institute, 2007 | Plan and organize 1.4. | |
ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Strategy | |
CMMI, Software Engineering Institute, 2008 | Strategic service management | |
Please degree the importance of certificate and standards about IT for your company | AIA0109—Technology capability survey, Enterprise Europe Network, 2009 | “What are the certifications that are aimed to acquire by the company?” |
COBIT 4.1, IT governance Institute, 2007 | Plan and organize 3.4. | |
ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Conformance | |
To what degree IT performance and efficiency are measured in the company? | ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Performance: “Does IT support business processes with the required capability and capacity?” |
COBIT 4.1, IT governance Institute, 2007 | Plan and organize 1.3; deliver and support 3.3; monitor and evaluate 1.1–1.6 | |
CMMI, Software Engineering Institute, 2008 | Organizational process performance | |
Selection | ||
To what degree are businesses goals in accordance with IT structure? | ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Strategy: “Does IT align with organizations objectives?” |
COBIT 4.1, IT governance Institute, 2007 | Acquire and implement 1.2 | |
ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Conformance | |
What is the importance of IT outsourcing for your company? | Rush, H. Bessant, J. Hobday, M. Assessing the technological capabilities of firms: developing a policy tool, R&D Management, 2007, vol. 37, pp. 221–36 | Technology acquisition |
ISO 17799, Information Security Management BS 7799.2:2002 -Audit Check List, Sans Institute, 2002 | 12.5 Security in development and support processes | |
COBIT 4.1, IT governance Institute, 2007 | Deliver and support 2 | |
To what extent does IT investments take place in your long term plans? | “AIA0109 Technology Capability Survey 2009” | |
COBIT 4.1, IT governance Institute, 2007 | Plan and organize 5 | |
ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Acquisition | |
ITIL, Office Of Government Commerce, 2007 | Financial management | |
Acquisition | ||
To what extent is IT used in project management? | COBIT 4.1, IT governance Institute, 2007 | Plan and organize 10.2, 10.5 |
CMMI, Software Engineering Institute, 2008 | Project management | |
To what extent is IT used to determine risks and alternatives in investments? | ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Acquisition: “Does the organization have IT investment system to assess the risk, alternatives by documentation” |
COBIT 4.1, IT governance Institute, 2007 | Plan and organize 10 | |
Does your company use service level agreement for provided IT services? Degree | COBIT 4.1, IT governance Institute, 2007 | Plan and organize 1.1, 10.1; deliver and support 2.2 |
CMMI, Software Engineering Institute, 2008 | Supplier agreement management | |
ITIL, Office Of Government Commerce, 2007 | Service design -service level management | |
Exploitation | ||
To what extent does IT used to create new advantages in your future businesses? | Rush, H. Bessant, J. Hobday, M. Assessing the technological capabilities of firms: developing a policy tool, R&D Management, 2007, vol. 37, pp. 221–36 | Building core competence |
COBIT 4.1, IT governance Institute, 2007 | Plan and organize 3.3 | |
Does the IT responsibilities allocated in the company which is resulted effectively? Degree. | ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Responsibility: “Does the IT responsibilities allocated in the company which is resulted effectively?” |
COBIT 4.1, IT governance Institute, 2007 | Plan and organize 4 | |
ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Responsibility | |
To what extend does your company use IT capabilities to create strategic advantage in the market? | Rush, H. Bessant, J. Hobday, M. Assessing the technological capabilities of firms: developing a policy tool, R&D Management, 2007, vol. 37, pp. 221–36 | Building core competence |
ITIL, Office Of Government Commerce, 2007 | Continual service improvement | |
ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Performance | |
Protection | ||
To what extent IT security management and its concept are placed in your company’s corporate culture? | COBIT 4.1, IT governance Institute, 2007 | Deliver and support 5 |
ISO 17799, Information Security Management BS 7799.2:2002 -Audit Check List, Sans Institute, 2002 | 5.1 Information security policy | |
ITIL, Office Of Government Commerce, 2007 | Service design -security management | |
ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Conformance | |
Does your company maintain copyright protection policies and plans for intellectual properties? Degree the importance. | Rush, H. Bessant, J. Hobday, M. Assessing the technological capabilities of firms: developing a policy tool, R&D Management, 2007, vol. 37, pp. 221–36 | Building external linkages |
ISO 17799, Information Security Management BS 7799.2:2002 -Audit Check List, Sans Institute, 2002 | Compliance with legal requirements | |
To what extent does your company use IT-based monitoring in production? | ISO 38500—Cooperate Governance of Information Technology, ISO/IEC, 2008 | Performance |
COBIT 4.1, IT governance Institute, 2007 | Deliver and support 3.1 | |
ITIL, Office Of Government Commerce, 2007 | Capacity management | |
ISO 17799, Information Security Management BS 7799.2:2002 -Audit Check List, Sans Institute, 2002 | 8.2.1 Capacity planning |
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Sezgin, E., Özkan, S. (2014). Assessment of Information Technology Use in Small and Medium-Sized Enterprises: Empirical Investigation in Five Cases. In: Devos, J., van Landeghem, H., Deschoolmeester, D. (eds) Information Systems for Small and Medium-sized Enterprises. Progress in IS. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38244-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-38244-4_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38243-7
Online ISBN: 978-3-642-38244-4
eBook Packages: Business and EconomicsBusiness and Management (R0)