Conference PaperPDF Available

PhD Research Design - How Can Organisational Learning Be Leveraged to Enable Antifragility of an Organisation?

Authors:

Abstract

The current VUCA worlds demands from organisations to be resilient and sometimes even antifragile. The domain focusing on staying relevant is that of risk management. Information security is a sub-domain of risk management where the threats and response to the threats are very well documented. Within the sub-domain of information security there is an ever going rat-race between the people that want to exploit the threat and the people reacting to the thread by for example mitigating the thread. In this research we want to look into the role of the learning organisation in the resilient behaviour of the organisation. Why the learning organ-isation? Since there are scholars that argue that human resilience is the key to organisational resilience.
PhD Research Design - How Can Organisational
Learning Be Leveraged to Enable Antifragility of
an Organisation?
Edzo A. Botjes1,2[0000000300977375] and
co-supervisor - Tim Huygh2[0000000345647994]
1Xebia Security, Hilversum, the Netherlands, ebotjes@xebia.com
2Open University, Heerlen, the Netherlands, tim.huygh@ou.nl
Abstract The current VUCA worlds demands from organisations to be
resilient and sometimes even antifragile. The domain focusing on staying
relevant is that of risk management.
Information security is a sub-domain of risk management where the
threats and response to the threats are very well documented. Within
the sub-domain of information security there is an ever going rat-race
between the people that want to exploit the threat and the people react-
ing to the thread by for example mitigating the thread.
In this research we want to look into the role of the learning organisation
in the resilient behaviour of the organisation. Why the learning organ-
isation? Since there are scholars that argue that human resilience is the
key to organisational resilience.
Keywords: Organisational Learning ·Resilience ·Antifragility ·Inform-
ation Security
1 The Context
1.1 Unpredictable context threatens business continuity
The increased internal and external hyper-connectivity of organisations lead to
more chaotic behaviour of their internal and external context [12,13,30,26,33].
To deal with this unpredictability, organisations aim to become resilient by
for example implementing the agile way-of-working and/ or the adoption of a
decentralised organisation design [14,15].
1.2 Business Continuity by resilience
Organisations need to adapt since the goal of an organisation is to stay relevant to
its stakeholders [32]. Organisational Resilience is incorporated into the definition
of Risk Management (ISO 31000), since Risk Management is the business func-
tion that aims to optimise the business continuity of an organisation. Business
Continuity is achieved when the organisation stays relevant to its stakeholders.
[3,4,5,6,7,10,29,8,9].
Supported by Xebia Security
Copyright © 2021 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
2 Botjes and Huygh 2021 - CC BY-SA 4.0
1.3 Business Continuity by antifragility
Resilience is the behaviour of the value of a system over time in response to a
stressor event (f(time) = value) [15,31]. Antifragility is the behaviour of the
value of a system in response to stress (f(stress) = value) [15,36]. Resilient
behaviour maximized/ optimized leads to a system with antifragile behaviour.
Antifragile is the antithesis of fragile [36]. In the current Body-of-Knowledge on
antifragility [14,15] it is theorised that the capability of a learning organisation
[34,24,23] is relevant for being resilient as it is relevant to be antifragile.
1.4 Human factor in resilience
In Hoogervorst (2017) [25] it is stated, in the Enterprise Engineering Sigma-
theory, that the freedom of human behaviour is the only way to deal with
the chaotic world. This is a logical deduction based on the theories on Vari-
ety [2,11] and Requisite Variety [11] and organisation behaviour (ref needed).
Taleb (2012) [36] stated that the ideal Antifragile organisation is that of a self-
employed worker.
1.5 One or more humans?
Organisation are complex-adaptive-systems [28,35]. Organisations can be defined
as as “The purpose and function express that enterprises aim to fulfil or address
certain (perceived) wants and needs of (certain) societal member of society at
large by delivering products and/or services.“ [25]. Via these two lenses organ-
isations can exists out of one person or out of more than one person. Therefor
the attributes of an resilient organisation and an antifragile organisation can
be applied to organisations of one or of more humans. This is relevant for the
research (application) domain.
1.6 Extended Antifragile Attributes List (EAAL)
Research has shown that to become antifragile, certain types of resilience are rel-
evant [15]. The relevant attributes to become antifragile and resilient are grouped
in the EAAL. The ordering in the EAAL makes distinction between attributes
relevant to organisation learning as defined by [34] and attributes that are not.
2 Research question
The attributes relevant to organisational learning are applicable to all three types
of resilience as for an organisation with antifragile behaviour. This distinguishes
the attributes relevant to organisational learning from the other attributes in
the EAAL.
PhD Research Design On Antifragility And Organisational Learning 3
2.1 Main Research Question
This leads to the main research question: How can organisational learning
be leveraged to enable antifragility of an organisation?
This question is relevant since the answer will have impact the design of the
organisation. information security as part of risk management.
2.2 Sub-Research Question
This research will firstly limit itself to the application of the research within the
domain of information security.
Information Security is a sub-domain of the risk management domain [17,26].
The exposure to incident in the Information security domain is ever increasing
[17]. Information security recognizes the importance of the human factor in the
response to incidents [1]. Information security recognizes the importance of ab-
sorbing change (conformance) as the enablement of creating value (performance)
[26,27]. The cost of Information security incidents and the information security
investments keep growing [38].
"Worldwide spending on information security products and services will reach
more than $114 billion in 2018, an increase of 12.4 percent from last year, ac-
cording to the latest forecast from Gartner, Inc. In 2019, the market is forecast
to grow 8.7 percent to $124 billion." - Gartner in 2018 [20].
"The stakes are also getting higher. Gartner estimates by 2025, 40% of boards
of directors will have a dedicated cybersecurity committee overseen by a qualified
board member, up from less than 10% today." - Gartner in 2021 [21].
"Worldwide spending on information security and risk management techno-
logy and services is forecast to grow 12.4% to reach $150.4 billion in 2021, ac-
cording to the latest forecast from Gartner, Inc. Security and risk management
spending grew 6.4% in 2020." - Gartner in 2021 [22].
The research sub-question that arise are:
1. When is an organisation resilient and why is this relevant to an organisation?
2. What is the role of the learning organisation in the view of an organisation
as a complex adaptive system?
3. Can personal behaviour be decoupled from organisational behaviour?
4. Is there a link between organisational behaviour and the learning organisa-
tion?
5. What is the best way to influence personal behaviour to influence organisa-
tional behaviour in the optimisation of organisational resilience?
3 Work/ Product breakdown structure
The following products are to be envisioned to be part of this research.
1. Research Tool RDS/Graph to improve the literature research method of
snowballing and maybe even other types of systematic literature research.
4 Botjes and Huygh 2021 - CC BY-SA 4.0
2. Position Paper (Chaos) stating that there is difference between objective and
subjective chaos and identifying the role of learning in this context.
3. Research paper on the role of resilience and antifragility in the domain of
Risk Management and Information Security Management.
4. Research paper on the link between the Learning Organisation and Organ-
isational Behaviour and Personal Behaviour.
5. Research paper on what defines and influences Personal Behaviour.
6. By somebody else: EAAL Framework replication (in the Organisational do-
main)
7. By somebody else: EAAL Framework validation in the IT domain
4 Relevant Theories
1. Variety definition by Asbey and Beer [2,11]
2. Viable Systems Theory by Beer [11]
3. Chaos definition by Lorentz [37]
4. Function and Construction by Dietz and Mulder [19]
5. Holistic view on Learning Organisation defined by Senge [34]
6. Risk Management by Hutchins [26]
7. Enterprise Governance of IT by Haes et al. [18]
5 Domain Lenses
1. Complexity Science in contrast to reductionist science
2. Complex Adaptive Systems in the context of Complexity Science
3. Organisation as Complex Adaptive Systems
4. (Organisational) behaviour of organisations
5. Resilience as specific organisational "behaviour"
6. Human behaviour as specific element of resilience
7. Human as a social being
8. Human as an emotional being.
6 Research Lenses
1. Science through the lens of Karl Popper (Verification & Falsification)
2. Science should be open (FAIR, OSF) otherwise verification and falsification
is very limited.
3. Work will be done under CC BY-SA 4.0
4. Research will be done in public gitlab repositories.
The research notes are versioned in a wiki (https://gitlab.com/edzob/com
plex_adaptive_systems-knowledge_base/-/wikis/home).
The research project files are versioned in a repository (https://gitlab.com
/edzob/complex_adaptive_systems-knowledge_base/-/tree/master/)
This paper is versioned on gitlab (https://gitlab.com/edzob/complex_ada
ptive_systems-knowledge_base/-/tree/master/eewc.dc.2021) and
this paper is versioned on overleaf (https://www.overleaf .com/read/wncj
ywdqdhpc).
PhD Research Design On Antifragility And Organisational Learning 5
7 Research dogmatic Statements
1. Replication of scientific experiments in the social domain are impossible due
to the influence of human beings. This impacts the research design.
2. Enterprise Architecture (EA) and Enterprise Engineering (EE) are part of
the social science domain.
3. Organisational Resilience is part of risk management.
4. Risk management aims to "optimise" business continuity.
5. CyberSecurity and Information Security Management are organisational cap-
ability in the domain of risk management.
6. The goal of an organisation is to stay relevant for its stakeholders.
7. Business continuity is about staying relevant.
8. Designing and managing the organisation to stay relevant is the shared goal
of the expertises of risk management, Enterprise Architecture, Enterprise
Engineering and and Enterprise Governance.
8 Produced Work
1. Botjes 2020 - MSc Thesis “Defining Antifragility and the application on Or-
ganisation Design” - peer reviewed by 4 in exam commission, 7 practitioners
and 30 subject matter experts. [14]
2. Botjes 2021a - IEEE Paper “Attributes relevant to antifragile organizations”
- peer reviewed by 4 experts. [15]
3. Botjes 2021b - Whitepaper on objective & subjective chaos “Design for chaos”
- not-peer reviewed [16]
9 Changelog
version 2021-12-09
1. section 9 "changelog" added
2. typo’s fixed
3. added CC BY-SA 4.0 to running author
4. final sentence added to section 1.2 "Business Continuity by resilience"
5. made more clear difference between resilience and antfragility at the begin-
ning of section 1.3 "Business Continuity by antifragility"
6. rewrite of 1.5 section "One or more humans?"
7. replaced "to optimise the resilience" by "to enable antifragility" in section
2.1 "main research question"
8. added reference to the relevance of Information Security in section 2.2 "Sub-
Research Question"
9. extended the description at the beginning of section 3 "Work/ Product
breakdown structure"
6 Botjes and Huygh 2021 - CC BY-SA 4.0
version 2021-12-07
1. added section 1.6 "Extended Antifragile Attributes List (EAAL)"
2. added paragraf at the beginning of section 2 "Research question"
3. added links to wiki, paper and research repositoru in section 6 "Research
lenses"
version 2021-12-02 version submitted to EEWC-DC.
version 2021-10-11 created draft version.
References
1. Ali, R.F., Dominic, P.D.D., Ali, S.E.A., Rehman, M., Sohail, A.: Information secur-
ity behavior and information security policy compliance: A systematic literature
review for identifying the transformation process from noncompliance to compli-
ance. Applied Sciences 11(8) (2021), https://doi.org/10.3390/app11083383
2. Ashby, W.R.: An Introduction to Cybernetics. Chapman & Hall and University
Paperbacks, London, UK (1956)
3. Aven, T.: On some recent definitions and analysis frameworks for risk, vulnerability,
and resilience. Risk Analysis: An International Journal 31(4), 515–522 (2011),
https://dx.doi.org/10.1111/j.1539-6924.2010.01528.x
4. Aven, T.: Foundational issues in risk assessment and risk management. Risk Ana-
lysis: An International Journal 32(10), 1647–1656 (2012)
5. Aven, T.: The risk concept — historical and recent development trends. Reliability
Engineering & System Safety 99, 33–44 (2012), https://dx.doi.org/10.1016/j.ress.
2011.11.006
6. Aven, T.: The concept of antifragility and its implications for the practice of risk
analysis. Risk Analysis 35(3), 476–483 (2015), https://dx.doi.org/10.1111/risa.12
279
7. Aven, T.: Risk assessment and risk management: Review of recent advances on
their foundation. European Journal of Operational Research 253(1), 1–13 (2016)
8. Aven, T.: Fundamental principles of risk management and governance: Review of
recent advances. Japanese Journal of Risk Analysis 29(1), 3–10 (2019)
9. Aven, T., Thekdi, S.: Enterprise Risk Management: Advances on Its Foundation
and Practice. Routledge (2019)
10. Aven, T., Zio, E.: Knowledge in risk assessment and management. John Wiley &
Sons (2018)
11. Beer, S.: The heart of enterprise: the managerial cybernetics of organization, Ma-
nagerial cybernetics of organization, vol. 2. John Wiley & Sons, Chichester, West
Sussex, UK (1979)
12. Bennett, N., Lemoine, G.J.: What a difference a word makes: Understanding
threats to performance in a vuca world. Business Horizons 57(3), 311 – 317 (may
2014), https://dx.doi.org/10.2139/ssrn.2406676
13. Bennett, N., Lemoine, G.J.: What vuca really means for you. Harvard Business
Review 92(1/2) (feb 2014)
PhD Research Design On Antifragility And Organisational Learning 7
14. Botjes, E.: Defining Antifragility and the application on Organisation Design. Mas-
ter’s thesis, Antwerp Management School (may 2020), https://dx.doi.org/10.5281
/zenodo.3719389
15. Botjes, E., van den Berg, M., van Gils, Bart Mulder, H.: Attributes relevant to
antifragile organizations. In: 2021 IEEE 23nd Conference on Business Informatics
(CBI) (2021), https://dx.doi.org/10.1109/CBI52690.2021.00017
16. Botjes, E.A., Eusterbrock, T., Nouwens, H., van Steenbergen, M.: Design for chaos
- a dya white paper by sogeti. https://labs.sogeti.com/wp-content/uploads/2021/
11/Design-for-Chaos-a-DYA-white-paper-by-Sogeti-version-20211008-v1.pdf (11
2021), (Accessed on 12/02/2021)
17. Culot, G., Nassimbeni, G., Podrecca, M., Sartor, M.: The iso/iec 27001 inform-
ation security management standard: literature review and theory-based research
agenda. The TQM Journal (2021), https://doi.org/10.1108/TQM-09-2020-0202
18. De Haes, S., Van Grembergen, W., Joshi, A., Huygh, T.: Enterprise Governance
of IT, Alignment, and Value. Springer International Publishing, Cham (01 2020),
https://doi.org/10.1007/978-3-030- 25918-1_1
19. Dietz, J.L., Mulder, H.B.: Enterprise Ontology: A Human-Centric Approach to
Understanding the Essence of Organisation. The Enterprise Engineering Series,
Springer International Publishing (2020), https://www.springer.com/de/book/9
783030388539
20. Gartner: Information security spending to exceed $124b 2019 | gartner. https:
//www.gartner.com/en/newsroom/press- releases/2018-08- 15-gartner-forecast
s-worldwide-information-security-spending-to-exceed- 124-billion-in-2019 (aug
2018), (Accessed on 12/08/2021)
21. Gartner: Cybersecurity presentation guide for security and risk leaders. https:
//www.gartner.com/en/articles/the-15-minute-7-slide-security-presentation-for-
your-board-of- directors (dec 2021), (Accessed on 12/08/2021)
22. Gartner: Gartner forecasts worldwide security and risk management spending to
exceed $150 billion in 2021. https://www.gartner.com/en/newsroom/press-rele
ases/2021-05-17-gartner- forecasts-worldwide-security-and-risk-managem (may
2021), (Accessed on 12/08/2021)
23. Garvin, D.A.: Building a learning organization. Harvard business review 71(4),
78–91 (jul 1993)
24. Garvin, D.A., Edmondson, A.C., Gino, F.: Is yours a learning organization? Har-
vard business review 86(3), 109–116 (apr 2008)
25. Hoogervorst, J.A.: Foundations of Enterprise Governance and Enterprise Engin-
eering. Presenting the Employee-Centric Theory of organisation. Springer (2017),
https://doi.org/10.1007/978-3-319- 72107-1
26. Hutchins, G.: ISO 31000: 2018 Enterprise Risk Management. CERM Academy
Series on Enterprise Risk Management, Certified Enterprise Risk Manager(R)
Academy (nov 2018)
27. Huygh, T., Steuperaert, D., Haes, S., Joshi, A.: The role of compliance requirements
in it governance implementation: An empirical study based on cobit 2019. In:
Proceedings of Hawaii International Conference on System Sciences (HICSS 55)
(01 2022), https://www.researchgate.net/publication/354718657
28. Jackson, M.C.: Critical Systems Thinking and the Management of Complexity.
Wiley, 1 edn. (2019)
29. Jensen, A., Aven, T.: A new definition of complexity in a risk analysis setting.
Reliability Engineering & System Safety 171, 169–173 (2018)
8 Botjes and Huygh 2021 - CC BY-SA 4.0
30. Mack, O., Khare, A., Krämer, A., Burgartz, T.: Managing in a VUCA World.
Springer, Cham, Switzerland (jul 2015), https://dx.doi.org/10.1007/978-3-319-1
6889-0
31. Martin-Breen, P., Anderies, J.M.: The bellagio initiative, background paper, resi-
lience: A literature review. In: Resilience: A Literature Review. Brighton:IDS (11
2011), http://opendocs.ids.ac.uk/opendocs/handle/123456789/3692
32. Op’t Land, M., Proper, E., Waage, M., Cloo, J., Steghuis, C.: Enterprise Ar-
chitecture: creating value by informed governance. The Enterprise Engineering
Series, Springer Science & Business Media, Berlin, Germany (oct 2008), https:
//doi.org/10.1007/978-3-540-85232- 2
33. O’Reilly, B.M.: No more snake oil: Architecting agility through antifragility. Pro-
cedia Computer Science 151, 884–890 (2019), https://dx.doi.org/10.1016/j.procs
.2019.04.122
34. Senge, P.M.: The Fifth Discipline: The Art and Practice of the Learning organisa-
tion. A Currency book, Doubleday/Currency, New York, NY, USA (mar 1990)
35. Stacey, R.D.: Strategic management and organisational dynamics: The challenge
of complexity to ways of thinking about organisations. Pearson education (2007)
36. Taleb, N.N.: Antifragile: Things That Gain from Disorder. Random House, New
York, NY, USA (nov 2012)
37. Wikipedia contributors: Chaos theory — Wikipedia, the free encyclopedia. https:
//en.wikipedia.org/w/index.php?title=Chaos_theory&oldid=944540733 (2020),
(Online; accessed 12-March-2020)
38. Yaqoob, T., Arshad, A., Abbas, H., Amjad, M.F., Shafqat, N.: Framework for
calculating return on security investment (rosi) for security-oriented organizations.
Future Generation Computer Systems 95, 754–763 (2019), https://doi.org/10.101
6/j.future.2018.12.033
ResearchGate has not been able to resolve any citations for this publication.
Conference Paper
Full-text available
Rooted in the conformance perspective of IT governance, this paper sets out to research the role of compliance requirements in IT governance implementation, and to shed light on what aspects (i.e., processes) of IT governance are important under different levels of compliance requirements. Based on a large and diverse sample of organizations (N=2566), our results indicate that IT governance implementation level (over five different process domains) consistently goes up with increasing compliance requirements, and that these jumps in IT governance implementation levels are always statistically significant. Moreover, we identify the IT governance processes that are of primary importance for each level of compliance requirements.
Preprint
Full-text available
Organizations operate in a socioeconomic context, and alignment with this context is key for business success. The rate of change and impact of these changes on the operating model of the organization appears to be increasing. Major trends are the aftermath of the financial crisis of 2008, the "VUCA" aspects (volatility, uncertainty, complexity, ambiguity), and the Covid-pandemic. The challenge for organizations is to become resilient or even antifragile to survive (unexpected) external stressors. Antifragility refers to a class of systems that do not deteriorate (fragile) or withstand (robust) stressors, but actually improve as a result of stressors. Our objective is to find attributes that are relevant for an organization to be(come) antifragile. The list of attributes found is based on an extensive survey of available literature, and is validated with domain experts and leaders of various organizations. We dub the list of attributes found the Extended Antifragile Attribute List (EAAL). Considering the current economic and social impact on organizations and people of the Covid-pandemic, the EAAL is relevant as well timely. The EAAL turns out to be extensive and holistic. We consider the EAAL to be a stepping stone in setting the scene of the domain of antifragility. We suspect that the EAAL might also be applied to generic system design including technology infrastructure and software systems. This exploration is part of future research.
Article
Full-text available
A grave concern to an organization’s information security is employees’ behavior when they do not value information security policy compliance (ISPC). Most ISPC studies evaluate compliance and noncompliance behaviors separately. However, the literature lacks a comprehensive understanding of the factors that transform the employees’ behavior from noncompliance to compliance. Therefore, we conducted a systematic literature review (SLR), highlighting the studies done concerning information security behavior (ISB) towards ISPC in multiple settings: research frameworks, research designs, and research methodologies over the last decade. We found that ISPC research focused more on compliance behaviors than noncompliance behaviors. Value conflicts, security-related stress, and neutralization, among many other factors, provided significant evidence towards noncompliance. At the same time, internal/external and protection motivations proved positively significant towards compliance behaviors. Employees perceive internal and external motivations from their social circle, management behaviors, and organizational culture to adopt security-aware behaviors. Deterrence techniques, management behaviors, culture, and information security awareness play a vital role in transforming employees’ noncompliance into compliance behaviors. This SLR’s motivation is to synthesize the literature on ISPC and ISB, identifying the behavioral transformation process from noncompliance to compliance. This SLR contributes to information system security literature by providing a behavior transformation process model based on the existing ISPC literature.
Article
Full-text available
Purpose After 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field. Design/methodology/approach The study is structured as a systematic literature review. Findings Research themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors. Originality/value The study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.
Article
Full-text available
The confusion surrounding the role of architecture when aiming for Agility isn’t simply a labored talking point – it’s part of the reason Agile initiatives fail, and architecture teams are losing influence. In a recent survey conducted by IASA Global of 260 organizations, greater than 75% were implementing some form of Agile practice, 50% of the 260 were implementing agile at scale. Of those who responded, less than 50% have integrated architecture into their agile process. As it stands, it appears agile & architecture are struggling to find a fit. This paper considers the possible impacts of a third way – Agility through Antifragility. Rather than aiming to control, or to remove control, we seek to build systems, both technical and business, that aim to be Antifragile to change. This allows the production of business and technical architectures that actually enable Agility through design rather than process or ‘mindset’. Taking ideas from Systems Engineering, and Complexity Science, and data from IASA’s 2018 Architecture Survey, we explore how the inherent interconnectedness of architecture and Agility can be leveraged to make the management of complexity something all organizations can do.
Book
Enterprise ontology is one of the conceptual pillars of enterprise engineering, next to enterprise design and enterprise governance, together accomplishing the goals of intellectual manageability, organisational concinnity and social devotion. By revealing the essence of an enterprise’s organisation, enterprise ontology addresses business processes, data and rules in a fundamental and truly integrated way. In addition, it provides deep insight into and broad overview over complex organisational transformations. The book is divided into three parts. Part A is an introduction in enterprise engineering and enterprise ontology. Part B explores the theories underlying enterprise ontology, explaining the foundations of each theory, the elaborations in practical methods and techniques, and the relationships with other comparable approaches. Part C presents the practical application of the theories. It includes a comprehensive summary of the DEMO methodology and the DEMO specification language, as well as exercises and applications of DEMO in various business areas. It also features a chapter on combining DEMO with comparable approaches to modelling business processes, data and rules, to the benefit of the latter. Discussing the theoretical foundations of enterprise ontology and its practical applications in equal measure, this book is the principal textbook in courses on enterprise engineering. Since it unites elements from management science and information systems engineering, it is also relevant to students and professionals in either field.
Chapter
The main title of this book refers to the concept of “Enterprise Governance of IT,” a concept that addresses the definition and implementation of processes, structures, and relational mechanisms that enable both business and IT stakeholders to execute their responsibilities in support of business/IT alignment and the creation and protection of IT business value. The subtitle of this book refers to these two other important concepts, namely “business/IT alignment” and “IT business value.” In this introductory chapter, these three core concepts are defined and the relationship between them is introduced. Each of these concepts will then be discussed more in-depth in the subsequent chapters.
Book
The world has become increasingly networked and unpredictable. Decision makers at all levels are required to manage the consequences of complexity every day. They must deal with problems that arise unexpectedly, generate uncertainty, are characterised by interconnectivity, and spread across traditional boundaries. Simple solutions to complex problems are often inadequate and risk exacerbating the original issues. What is to be done? Leaders of international bodies such as the UN, OECD, UNESCO and WHO — and of major business, public sector, charitable, and professional organizations — have all declared that systems thinking is an essential leadership skill for managing the complexity of the economic, social and environmental issues that confront decision makers. Systems thinking must be implemented more generally, and on a wider scale, to address these issues. An evaluation of different systems methodologies suggests that they concentrate on different aspects of complexity. To be in the best position to deal with complexity, decision makers must understand the strengths and weaknesses of the various approaches and learn how to employ them in combination. This is called critical systems thinking. Making use of over 25 case studies, the book offers an account of the development of systems thinking and of major efforts to apply the approach in real-world interventions. Further, it encourages the widespread use of critical systems practice as a means of ensuring responsible leadership in a complex world. (See supplementary material/linked data for the preliminary Table of Contents, Preface and Publisher's Information)