Theoretical Paper Review

Paper Summary
This is a review of “The process of enterprise resource planning implementation and business process re-engineering: tales from two Chinese small and medium-sized enterprises” article on pages 405 to 426 of the Information Systems Journal published by Blackwell Publishing Ltd. in July, 2008 by Mike Newman and Yu Zhao.

The authors set out to study the implementation of ERP information systems in two small and medium Chinese enterprises and show how their outcomes are related to process implementation and Business Process Re-engineering (BPR) while addressing the two underlisted research questions (Newman & Zhao, 2008):

• “What are the major issues associated with accommodating BPR when implementing ERP systems in Chinese SMEs?” and;
• “How can the success or failure of ERP projects be better explained using a socio-technical parallel process model compared with a more conventional factor study”

The research compares the implementations of ERP systems in two Chinese SMEs using the interpretative research principles espoused by Klein & Myers (1999) combined with the Leavitt’s socio-technical model and the punctuated equilibrium theory.

The paper concludes that management support and adequate project management are key to the success of ERP implementations and that without this support these projects tend to drift. Also it states that gaps and issues are common to both successful and failed projects, the difference being that in successful projects these issues are appropriately handled with corrective actions taken.

Furthermore, the study advised researchers to adopt the process model approach against factor studies as they present many insights that are unavailable when using factor studies.

Paper Review
The article commenced with an abstract which presented an outline and a summary of the findings and conclusion as is good practice (Fowler, 2011), and to whet the appetites of readers to read the entire article (Hernon & Schwartz, 2010). This was followed by the introduction which presented a good context for the research (Thrower, 2008).

Despite the appropriateness of the introduction, the following issues are highlighted:

• The introduction states that the number of ERP systems have experienced rapid world-wide growth, however no references are provided to back up the claim. All that is presented is the predicted expenditure by IDC for 2006. Given that this research was published in 2008, this prediction should have been replaced with the actual expenditure.
• The introduction also states that the Chinese entry into the World Trade Organisation in addition to reforms has resulted in massive investments in IT. This is not supported by any references.
• Also, in the introduction, the web site is supplied for SAP but not for Oracle. Same standard should have been maintained.
• Furthermore, in the same introduction, the statement “China is now the third-largest IT market after the US …” is confusing as it is unclear if US is the first or the second IT market.

The article presented two research questions which were well explored in the paper. Definite answers were also provided based an analysis and interpretation of the data presented  (Lipowski, 2008). These questions are of interest and relate closely with current issues faced by organisations which are defining criteria of relevant research questions (Hulley, Cummings, Browner, Grady, & Newman, 2013).

As stated in the summary, the research uses the interpretative research principles espoused by Klein & Myers (1999) combined with the Leavitt’s socio-technical model and the punctuated equilibrium theory. This research method as presented is easily repeatable. However, the study does not employ the factor studies approach, but goes ahead to made recommendations against the method which are not proven in the article.

In conclusion, the article presented an excellent research which made good use of references.

References
Fowler, J. (2011). Writing for professional publication. Part 6: Writing the abstract. British Journal of Nursing, 20(2), 120. Retrieved from https://www-magonlinelibrary-com.salford.idm.oclc.org/doi/pdf/10.12968/bjon.2011.20.2.120

Hernon, P., & Schwartz, C. (2010). Writing an abstract. Library & Information Science Research, 32, 173. Retrieved from https://ac-els-cdn-com.salford.idm.oclc.org/S0740818810000277/1-s2.0-S0740818810000277-main.pdf?_tid=444c5def-3cd6-4e45-8e14-a0f03abb8faa&acdnat=1529528770_8a549b250be0d002b13f24048affed45

Hulley, S. B., Cummings, S. R., Browner, W. S., Grady, D., & Newman, T. B. (2013). Designing Clinical Research. LIPPINCOTT WILLIAMS & WILKINS. Retrieved from http://web.b.ebscohost.com.salford.idm.oclc.org/ehost/ebookviewer/ebook/bmxlYmtfXzE0NzMwNTJfX0FO0?sid=892a5d5a-1d82-410b-bbbd-46fbb0076016@sessionmgr102&vid=0&format=EK&lpid=a010&rid=0

Klein, H. K., & Myers, M. D. (1999, March). A SET OF PRINCIPLES FOR CONDUCTING AND EVALUATING INTERPRETIVE FIELD STUDIES IN INFORMATION SYSTEMS. MIS Quarterly, 23(1), 67–94. Retrieved from https://www-jstor-org.salford.idm.oclc.org/stable/pdf/249410.pdf?refreqid=excelsior%3Afc9549a3882d056838d5a175d6ce26ff

Lipowski, E. E. (2008, September 1). Developing great research questions. Americal Journal of Health-System Pharmacy, 65(17), 1667-1670. Retrieved from http://web.b.ebscohost.com.salford.idm.oclc.org/ehost/pdfviewer/pdfviewer?vid=1&sid=b97b7d65-6a04-42d8-9a5e-550d49c12c7f%40sessionmgr102

Newman, M., & Zhao, Y. (2008). The process of enterprise resource planning implementation and business process re-engineering: tales from two Chinese small and medium-sized enterprises. Information Systems Journal, 405–426. Retrieved from https://onlinelibrary-wiley-com.salford.idm.oclc.org/doi/epdf/10.1111/j.1365-2575.2008.00305.x

Thrower, P. A. (2008). Writing a scientific paper: II. Introduction and references. Carbon, 46, 183-184. Retrieved from https://ac-els-cdn-com.salford.idm.oclc.org/S0008622308000122/1-s2.0-S0008622308000122-main.pdf?_tid=dab3b767-48b8-4d98-9d90-e38a0cc68c75&acdnat=1529616206_c5d8a4094ec441c02f2d64ba3933c0c1

White Paper Review

Paper Title:	State of IT Security Study of Utilities & Energy Companies
Authors:	Ponemon Institute
URL:	https://www.automationworld.com/sites/default/files/securityutilities.pdf
Publication Date:	April, 2011
Issue:	State of organisational readiness to information security and data protection risks.
Purpose:	To gain an understanding of how energy and utility companies determine their preparedness for the many information security and data protection risks together with those from Supervisory Control And Data Acquisition (SCADA) networks and smart grid communications (Ponemon Institute, 2011). This purpose is not in tune with the paper as the report explored organisational readiness for IT Security exploits rather than how organisations determine their readiness state.
Conclusion:	The report concluded that Energy and Utility companies do not have a firm understanding of the information security risks they face as they do not treat IT security as a priority and believe that physical security is of much more importance. The report also concludes that these organisations either do not know or are not sure of the existing IT solutions that can solve their IT security issues. The report further concludes that these companies need to urgently address these IT Security issues to prevent disruption to their installations by making IT a strategic initiative in the whole organisation.
Abstract:	The paper does not present an abstract that would have presented an outline of the white paper with a summary of the findings and conclusion (Fowler, 2011) which in turn may have attracted more readers (Hernon & Schwartz, 2010).
Introduction:	The paper does not include an introduction. In the absence of an abstract, the introduction would have presented the context of the research (Thrower, 2008) and filled the void left by the absence of an abstract.
Report Summary:	The paper presents the results of a survey of USA energy and utility companies on their readiness to handle information security risks affecting their organisations. The survey covered 17 areas listed below: 1.      Organisational view of security 2.      Perceived view of compliance of industry related regulations 3.      Top organizational IT objectives 4.      Data breach frequency 5.      Probability of successful exploit 6.      Core systems compromised due to security exploits 7.      Average cost of due to IT security issues 8.      Average time to discover malicious insider activity 9.      Top IT security threats affecting companies 10.  Who has responsibility of ensuring top IT objectives are achieved? 11.  Opinion on if existing security controls present sufficient controls against security exploits arising from smart meters and smart grid systems 12.  Percentage of network points outside control of security operations 13.  Perceived levels of concern about third party vendors connected to the smart grid 14.  New steps deployed to protect smart grid 15.  Organisational view on which of physical or IT security is more important 16.  Comparison of IT and Physical security costs in the current fiscal year 17.  Ranking of six security priorities The paper concludes by stating that the lack of their readiness is because IT is not seen as strategic to their businesses. It then recommends a rethink to enable them to achieve high security posture which will help them handle emerging security threats and fulfil regulatory and legal requirements.

A: Quality of the Research

Item	Comments
Is the research question or objective clearly stated?	Poneman Institute (2011) states the research questions as: ·         “Do global energy organizations view IT security as a strategic initiative across the enterprise?” ·         “Is compliance with industry-related regulatory initiatives a priority?” ·         “How frequent do these organization experience data breaches?” ·         “Are existing controls designed to protect against exploits and attacks through smart grid and smart meter-connected systems?” While these objectives are well stated, no categorical answers on the research questions were provided in the report except for the first question. Readers were presented with an analysis of the survey and left to make their own conclusions rather than providing definite answers based on analysis and interpretation of the data presented (Lipowski, 2008)
Is the research question interesting and important?	The research questions are important as they explored very relevant, interesting and crucial issues relating to critical national infrastructure which if attacked can be disastrous which are defining criteria of relevant research questions (Hulley, Cummings, Browner, Grady, & Newman, 2013).
Is the work original?	The research is original and relevant.
Are there any ethical problems?	There are no ethical problems as risks to participants are low and acceptable (Patino & Ferreira, 2016)
Are there errors of fact and interpretation?	No errors were found.
Are References used properly?	Though references are made to some publications, no list of references is provided at the end.
Underlying assumptions	The paper assumed that the reader was conversant with the operations of energy and utility organisations and their technicalities.

B: The Research Method

Item	Comments
Summary of research method	The research method consisted of conducting a survey of IT security professionals in the USA and analysing their replies to form an opinion. The initial sample size was 8,220. However, only 363 individuals completed the survey from which 46 were considered unreliable and rejected before screening. A further 47 were eliminated through screening procedures thus leaving 291 as the final sample size.
Does the research method seem appropriate for the research question?	Based on the research questions highlighted above, the research method is appropriate.
Are the methods adequately described, appropriate and repeatable?	The methods were adequately described and can easily be repeated.
Were the analyses done correctly?	Analysis was done in line with the data collected.
Are the conclusions supported by the data?	The responses collected supported the final conclusion reached.

C: Quality of Presentation

Item	Comments
Is the work well presented?	The research is well presented with tables, charts and explanations.
Is the paper well structured?	The paper could have been improved with an introduction, a brief discussion on the methodology adopted and perhaps an abstract.
Are symbols, terms, and concepts adequately defined?	Some terms and abbreviations like SCADA were used without any explanation.

D: Additional Notes

Additional notes

This topic is particularly useful as it keys in with the issue of ensuring security which was handled in the blog post on “Securing the Retailer Information Systems”.

References
Fowler, J. (2011). Writing for professional publication. Part 6: Writing the abstract. British Journal of Nursing, 20(2), 120. Retrieved from https://www-magonlinelibrary-com.salford.idm.oclc.org/doi/pdf/10.12968/bjon.2011.20.2.120
Hernon, P., & Schwartz, C. (2010). Writing an abstract. Library & Information Science Research, 32, 173. Retrieved from https://ac-els-cdn-com.salford.idm.oclc.org/S0740818810000277/1-s2.0-S0740818810000277-main.pdf?_tid=444c5def-3cd6-4e45-8e14-a0f03abb8faa&acdnat=1529528770_8a549b250be0d002b13f24048affed45

Hulley, S. B., Cummings, S. R., Browner, W. S., Grady, D., & Newman, T. B. (2013). Designing Clinical Research. LIPPINCOTT WILLIAMS & WILKINS. Retrieved from http://web.b.ebscohost.com.salford.idm.oclc.org/ehost/ebookviewer/ebook/bmxlYmtfXzE0NzMwNTJfX0FO0?sid=892a5d5a-1d82-410b-bbbd-46fbb0076016@sessionmgr102&vid=0&format=EK&lpid=a010&rid=0

Lipowski, E. E. (2008, September 1). Developing great research questions. Americal Journal of Health-System Pharmacy, 65(17), 1667-1670. Retrieved from http://web.b.ebscohost.com.salford.idm.oclc.org/ehost/pdfviewer/pdfviewer?vid=1&sid=b97b7d65-6a04-42d8-9a5e-550d49c12c7f%40sessionmgr102
Patino, C. M., & Ferreira, J. C. (2016). Developing research questions that make a difference. Jornal Brasileiro de Pneumologia, 42(6), 403. Retrieved from http://www.scielo.br/pdf/jbpneu/v42n6/1806-3713-jbpneu-42-06-00403.pdf

Ponemon Institute. (2011). State of IT Security Study of Utilities & Energy Companies. White Paper. Retrieved June 15, 2018, from https://www.automationworld.com/sites/default/files/securityutilities.pdf

Thrower, P. A. (2008). Writing a scientific paper: II. Introduction and references. Carbon, 46, 183-184. Retrieved from https://ac-els-cdn-com.salford.idm.oclc.org/S0008622308000122/1-s2.0-S0008622308000122-main.pdf?_tid=dab3b767-48b8-4d98-9d90-e38a0cc68c75&acdnat=1529616206_c5d8a4094ec441c02f2d64ba3933c0c1

Securing the Retailer Information Systems

The different information systems discussed thus far rely on the capture and exchange of information to achieve user expectations. However, when such information is compromised due to unethical practices (Guragai, Hunt, Neri, & Taylor, 2017), serious consequences can result for both the shoe retailer and the customer (Mollick, 2014).

A major concern associated with online shopping is that of pecuniary fraud and misapplication of personal data (Phillips Consulting, 2014). This has become more pronounced with rise in cybercrime. Additionally, sensitive information may also fall into the wrong hands through acts of sabotage leading to unintended consequences (Allen & Fisher, 2015). While some retailers have introduced some measures like pay on delivery that does not require card details of buyers during purchase to mitigate such consequences especially those of financial fraud (Gabriel, Ogbuigwe, & Ahiauzu, 2016), such preventive actions are not always possible. Furthermore, even when such actions are taken, the information that has fallen into the wrong hands may be used for other harmful purposes.

Moreover, because security determines customers attitude towards online purchases (Limbu, Wolf, & Lunsford, 2014), the shoe retailer must ensure that security issues are eliminated or kept to a minimum at the least. This is particularly crucial as lack of security can lead to less trust of an online shopping site (Al-Debei, Akroush, & Ashouri, 2015).

Figure 3 | Information Systems Security | Source: profstewards.com

 
To safeguard information assets of the online retailer, it is necessary to implement information systems that will detect and prevent security exploits. However, if an exploit has happened before it could be prevented, these systems should also have capabilities to respond.

One of such systems is an Information Security Management System (ISMS) which is a systematic approach including people, processes and IT Systems to help organisations protect information assets from occurrences such as natural disasters, unauthorised access, and social engineering attacks by applying a risk management process (International Organization for Standardization, 2018). These occurrences usually target confidentially, integrity, availability, authenticity and accountability elements of information (Singh, Vaish, & Keserwani, 2014).

Though it must be noted that there is nothing like perfect or absolute security, a common technique applied to improve the security of information systems is cryptography which is used to protect information in transit and storage by changing the information into an unusable state except by an authorized user (encryption). This information can be decrypted to the original state with the appropriate cryptographic keys usually by an authorized user. Cryptography is also applied to user authentication as well to ensure that connection between the user and the online store is secured (Singh, Vaish, & Keserwani, 2014).

Additionally, other controls such as the implementation of anti-malware and anti-phishing solutions are applied to stop malware from compromising the retailer’s systems thus leading to a denial of service as witnessed with the incidences of denial of service occasioned by ransomware attacks like WannaCry which affected about 160,000 unique IP addresses worldwide with financial loss of just over $100,000 (Dahlberg, 2017).

References
Dahlberg, D. (2017). Assessing the Global Impact of WannaCry Ransomware. Bitsight. Retrieved June 17, 2018, from https://www.bitsighttech.com/blog/assessing-the-global-impact-of-wannacry-ransomware

Guragai, B., Hunt, N. C., Neri, M. P., & Taylor, E. Z. (2017). Accounting Information Systems and Ethics Research: Review, Synthesis, and the Future. JOURNAL OF INFORMATION SYSTEMS, 31(2), 65-81.

Mollick, J. S. (2014). How are concerns about errors and ethics related to demands for information systems audits? Communications of the IIMA, 14(1-2), 63-73.

Phillips Consulting. (2014). Online Shopping Report 2014. Retrieved June 14, 2018, from http://www.phillipsconsulting.net/files/online_shopping_report.pdf

Allen, C., & Fisher, W. (2015). Road warriors and information systems security: risks and recommendations. Journal of Management Information and Decision Sciences, 18(1), 84-96.

Gabriel, J. M., Ogbuigwe, T. D., & Ahiauzu, L. U. (2016, October 11). Online Shopping Systems in Nigeria: Evolution, Trend and Prospects. Asian Research Journal of Arts & Social Sciences, 1(4), 1-7.

Limbu, Y. B., Wolf, M., & Lunsford, D. (2014, June 01). Perceived ethics of online retailers and consumer behavioral intentions: The mediating roles of trust and attitude. Journal of Research in Interactive Marketing, 133-154.

Al-Debei, M. M., Akroush, M. N., & Ashouri, M. I. (2015). Consumer attitudes towards online shopping: The effects of trust, perceived benefits, and perceived web quality. Internet Research, 707-733. doi:https://doi.org/10.1108/IntR-05-2014-0146

International Organization for Standardization. (2018). Standards. Retrieved from International Organization for Standardization: https://www.iso.org/isoiec-27001-information-security.html

Singh, A., Vaish, A., & Keserwani, P. K. (2014). Information Security: Components and Techniques. International Journal of Advanced Research in Computer Science and Software Engineering, 4(1), 1072-1077.