Homework 12
Ace your studies with our custom writing services! We've got your back for top grades and timely submissions, so you can say goodbye to the stress. Trust us to get you there!
Order a Similar Paper Order a Different Paper
Hello,
Below and attached are the complete instructions to follow. Please see attached documents.
INSTRUCTIONS:
1. Follow the Dissertation Template included.
2. View and get ideas on how to use the (3) attached Dissertation Examples. They serve as
a template on how to write and conceptualize the dissertation.
3. Complete and correct comments on Chapter 3.
4. Change Table of contents for page number changes as needed.
https://library.ncu.edu/c.php?g=1007180&p=7296605
5. Follow the Checklist and corresponding comments.
6. Please follow APA Guidelines, 7th edition.
7. ADD REFERENCES within text and in references section.
8. Please research these areas to gather more information and content. I recommend that you
visit the NCU Dissertation Center for helpful tips at
https://library.ncu.edu/c.php?g=1007179
1. Visit the NCU Dissertation to review approved dissertations to serve as examples and
gain a better understanding of what is expected.
https://www.proquest.com/pqdtlocal1006252/advanced?accountid=28180
2. Visit the NCU Dissertation Center to review helpful tips in writing Chapter 3
https://library.ncu.edu/friendly.php?s=dissertationcenter/home
3. Visit the NCU Academic Success for writing tips and NCU Library to conduct additional
research.
Please do not include your personal opinions and interpretations in your dissertation. You will need to
continue to conduct research and avoid overuse of the same authors. Please visit the NCU Library, NCU
Dissertation Center and academic database search engines.
Please submit a “clean” version without highlighted text, track changes and balloon comments. it should
be a paper ready for submission as an assignment without comments or tracks.
Thank you
12
Dissertation Proposal and Dissertation Manuscript
This cover page and template instructional content should be removed before drafting chapters. Keep the template instructions in a separate location for ongoing reference as you develop chapter content within the manuscript format.
Instructions for how to use this template and guide:
· Type directly into the template at “Begin writing here…” or “Text…”. Doing so should help to ensure the document is properly formatted.
· Use reminders in the comments relating to formatting as well as helpful tips for guidance purposes. Additionally, in each main section, use the checklist relating to content so you know what to include before you begin to organize your thoughts. Refer to the checklist continuously as you develop each section. As you self-evaluate each section, you can actually check off each box by clicking on it to ensure you have met all the requirements. Please note these lists are resources and not meant to be exhaustive, as it is impossible to cover the details of every method and design.
· The length of a section can vary, unless a guideline is provided.
· Once you have developed each section, refer to the comments and checklists one last time to be sure the section matches them as discussed with your Chair, then delete them.
· To delete a comment, right click on the comment, then select “Delete Comment.”. For additional strategies and guidance, click here.
Version: October 2020
© Northcentral University, 2020
Comment by Northcentral University: Ensure every section in the document meets the following requirements:
☐ Use 12-point and Times New Roman font.
☐ Write in the future tense when referencing the proposed study in the dissertation proposal. Write in the past tense when referencing the completed study in the dissertation manuscript.
☐ Use economy of expression to present information as succinctly as possible without oversimplifying or losing the meaning.
☐ Avoid personal opinions and claims.
☐ Support all claims in the document with recent, scholarly, peer-reviewed sources published within 5 years of when the dissertation will be completed, unless they are seminal sources or no other literature exists. For additional information and guidance relating to scholarly and peer-reviewed sources, click here.
☐ Avoid anthropomorphism (i.e., giving human qualities to inanimate objects) such as “The article claims…”, “The study found…,”, or “The research explored…”.
☐ Clearly and precisely define key words upon their first use only.
Title of the Dissertation Comment by Northcentral University: With the exception of articles and prepositions, the first letter of each word should be capitalized. The title should be two single spaces (one double space) from the top of the page. In 10-15 words, it should indicate the contents of the study. The title should be bold.
The title page should include no page number, so please recheck pagination once the template cover page has been removed.
Dissertation XXX Comment by Northcentral University: Insert either “Proposal” or “Manuscript.”.
Submitted to Northcentral University
School of XXX Comment by Northcentral University: Indicate your school name here. Do not include the specialization.
in Partial Fulfillment of the
Requirements for the Degree of
DOCTOR OF XXX Comment by Northcentral University: Insert your degree program in all capital letters (e.g., DOCTOR OF EDUCATION, DOCTOR OF PHILOSOPHY, DOCTOR OF BUSINESS ADMINISTRATION).
by
NAME Comment by Northcentral University: Insert your name in all capital letters (i.e., FIRST MIDDLE LAST).
La Jolla, California
Month Year Comment by Northcentral University: Insert the current month and year. There should be no comma separating them.
Abstract Comment by Northcentral University: The abstract should be included in the dissertation manuscript only. It should not be included in the dissertation proposal.
The word Abstract should be centered, bolded, and begin on its own page.
Begin writing here… Comment by Northcentral University: The text should be left-justified (not indented) and double-spaced with no breaks.
Checklist:
☐ Briefly introduce the study topic, state the research problem, and describe who or what is impacted by this problem.
☐ Clearly articulate the study purpose and guiding theoretical or conceptual framework of the study.
☐ Provide details about the research methodology, participants, questions, design, procedures, and analysis.
☐ Clearly present the results in relation to the research questions.
☐ State the conclusions to include both the potential implications of the results on and the recommendations for future research and practice.
☐ Do not include citations and abbreviations or acronyms, except those noted as exceptions by the American Psychological Association (APA).
☐ Do not exceed 350 words. Strive for one page.
Acknowledgements Comment by Northcentral University: You may include an optional acknowledgements page in normal paragraph format in the dissertation manuscript. Do not include such a page in the dissertation proposal.
The word Acknowledgements should be centered, bolded, and begin on its own page.
Begin writing here…
Table of Contents Comment by Northcentral University: Use the Table of Contents feature in Word. For additional information on creating a table of contents, click here.
For information on updating the table of contents, click here, and for video resources from the Academic Success Center on formatting the table of contents, click here.
Do not manually add headings into the Table of Contents. The headings in the table of contents are populated from the Styles gallery using the APA Level 1 and Heading 2 styles.
Only include APA heading levels 1 and 2 in the table of contents. Use the Heading 2 style from the Styles gallery to add level two headings in the document. Update the table of contents to reflect any new level 2 headings added to document.
Comment by Northcentral University: For Academic Success Center resources on formatting the table of contents, click here. For assistance, use the videos in the Tables and Headers tab and handouts in the Format tab. Comment by Northcentral University: Ensure the headings in the table of contents match those in the document. Please note the place holders are included in this table of contents:
“XXX” under Chapter 2 must be replaced with the themes generated from the integrative critical review of the literature.
If your study is qualitative, “Operational Definitions of Variables” under Chapter 3 must be deleted.
“XXX” under Chapter 4 must be replaced with “Trustworthiness” for a qualitative study, “Validity and Reliability” for a quantitative study, and “Trustworthiness/Validity and Reliability” for a mixed methods study.
The number of research questions listed under Chapter 4 must align with the number of research questions in your study.
Under Appendices, each “XXX” must be replaced with the titles of the appendix.
Introduction to Theoretical or Conceptual Framework
3
Introduction to Research Methodology and Design
4
Chapter 2: Literature Review
7
Theoretical or Conceptual Framework
7
Research Methodology and Design
10
Materials or Instrumentation
11
Operational Definitions of Variables
12
Chapter 5: Implications, Recommendations, and Conclusions
19
Recommendations for Practice
20
Recommendations for Future Research
20
List of Tables Comment by Northcentral University: The words List of Tables should be centered, bolded, and begin on its own page
Use the Table of Figures feature in Word and select “Table” as the caption label. For additional information and guidance, click here.
Tip: For formatting the caption for tables, table headings should be double spaced and placed above the table. The word “Table” and the number should be bolded. The table title is in title case and italics.
Comment by Northcentral University: Click here to review a video from the Academic Success Center on creating the List of Tables.
Begin list of tables here…
List of Figures Comment by Northcentral University: The words List of Figures should be centered, bolded, and begin on its own page
Use the Table of Figures feature in Word and select “Figure” as the caption label. For additional information and guidance, click here.
Tip: For formatting the caption for figures, figure headings should be double spaced and placed above the figure. The word “Figure” and the number should be bolded. The figure title is in title case and italics.
Comment by Northcentral University: Click here to review a video on creating the List of Figures.
Begin list of figures here…
1
1
Chapter 1: Introduction Comment by Northcentral University: When preparing pagination, lowercase Roman numerals are used for the front matter pages prior to the first page of Chapter 1.
The Roman numerals need to be centered and placed in the footer of each front matter page.
Starting in Chapter 1, page numbers need to be placed at the upper right of each page header.
Chapter headings are formatted as Level 1. Review a formatting APA headings video in the Academic Success Center here.
APA Style recommends one space between sentences.
Checklist:
☐ Begin with an overview of the general topic to establish the context of the study and orient the reader to the field. Do not overstate the topic as you will address the topic more fully in Chapter 2.
☐ Describe the larger context in which the problem exists.
☐ Present an overview of why this research topic is relevant and warranted.
☐ Briefly explain what research has been done on the topic and why the topic is important practically and empirically (applied and PhD) as well as theoretically (PhD).
☐ Clearly lead the reader to the problem statement to follow. The reader should not be surprised by the problem described later in the document.
☐ Do not explicitly state the study problem, purpose, or methodology, as they are discussed in subsequent sections.
☐ Devote approximately 2 to 4 pages to this section.
☐ Write in the future tense when referencing the proposed study in the dissertation proposal. Write in the past tense when referencing the completed study in the dissertation manuscript.
☐ There are no personal opinions in the dissertation. All work must come from cited sources.
Statement of the Problem Comment by Northcentral University: Tip: Applied dissertations should be practice-based. The documented problem might be a practical problem or issue in the profession or study context for which there is not already an acceptable solution. When defining the problem, a clear distinction must be drawn between what exists currently and what is desired. An applied study does not necessarily require generalizable results beyond the study site; however, it must address a problem relevant and exists outside of the study site.
Similarly, a PhD dissertation must focus on a problem relevant and exists outside of the study site. Additionally, the study must make a substantive, scholarly contribution to both the research and theory.
Comment by Northcentral University: Tip: Review the limitations and calls for future research in the relevant scholarly literature for guidance in identifying a problem. Comment by Northcentral University: Tip: There are a couple of group sessions in the Academic Success Center per week in which students can engage with a live academic coach as well as other students who share the goal of enhancing their problem statement development skills. Learn more about this session and find the link to register here.
Comment by Northcentral University: Tip: Review the limitations and calls for future research in the relevant scholarly literature for guidance in identifying a problem. Comment by Northcentral University: Tip: There are a couple of group sessions in the Academic Success Center per week in which students can engage with a live academic coach as well as other students who share the goal of enhancing their problem statement development skills. Learn more about this session and find the link to register here.
Checklist:
☐ Begin with “The problem to be addressed in this study is…” This statement should logically flow from the introduction and clearly identify the problem to be addressed by the study (current citations needed).
☐ Succinctly discuss the problem and provide evidence of its existence. Comment by Northcentral University: Tip: A lack of research alone is not inherently problematic. An inability to find research on your topic might indicate a need to broaden your search. It might be helpful to review the resources in the Northcentral University Library, including the Searching 101 Workshop, or schedule a research consultation.
☐ Identify who is impacted by the problem (e.g., individuals, organizations, industries, or society), what is not known that should be known about it, and what the potential negative consequences could be if the problem is not addressed in this study.
☐ Ensure the concepts presented are exactly the same as those mentioned in the Purpose Statement section.
☐ Do not exceed 250-300 words.
Purpose of the Study Comment by Northcentral University: Tip: The Academic Success Center has a weekly group session on Purpose Statements. Learn more about this session and find the link to register here.
Begin writing here…
Checklist:
Begin with a succinct purpose statement that identifies the study method, design, and overarching goal. The recommended language to use is: “The purpose of this [identify research methodology] [identify research design] study is to [identify the goal of the dissertation that directly reflects and encompasses the research questions to follow].”
☐ Indicate how the study is a logical, explicit research response to the stated problem and the research questions to follow.
☐ Continue with a brief but clear step-by-step overview of how the study will be (proposal) or was (manuscript) conducted.
☐ Identify the variables/constructs, materials/instrumentation, and analysis.
☐ For the proposal (DP) identify the target population and sample size needed. For the manuscript (DM), edit and list sample size obtained.
☐ Identify the site(s) where the research will be (proposal) or was (manuscript) conducted using general geographic terms to avoid identifying the specific location. To avoid compromising participants’ confidentiality or anonymity, use pseudonyms.
☐ Do not exceed one paragraph or one page.
Introduction to Theoretical or Conceptual Framework Comment by Northcentral University: Select the heading that reflects whether you are using a theoretical or conceptual framework, but do not keep both words in the title. For PhD – Theoretical Framework, for applied doctorate Conceptual Framework.
Begin writing here…
Checklist:
☐ Identify the guiding framework. Present the key concepts, briefly explain how they are related, and present the propositions relevant to this study. Comment by Northcentral University: Tip: The Academic Success Center has a weekly group session on Theoretical and Conceptual Framework. Learn more about this session and find the link to register here.
☐ Explain how the framework guided the research decisions, including the development of the problem statement, purpose statement, and research questions.
☐ If more than one framework is guiding the study, integrate them, rather than describing them independently. Do not select a separate framework for each variable/construct under examination.
☐ Do not exceed two pages. A more thorough discussion of the theoretical/conceptual framework will be included in Chapter 2.
Introduction to Research Methodology and Design
Begin writing here…
Checklist:
☐ Provide a brief discussion of the methodology and design to include a description of the data collection procedure and analysis. Do not include specific details regarding why the methodology and design were selected over others. More detailed information will be included in Chapter 3.
☐ Cite the seminal works related to the selected methodology and design.
☐ Indicate why the selected research methodology and design are the best choices for the study by explaining how they align with the problem and purpose statements as well as the research questions. Do not simply list and describe various research methodologies and designs.
☐ Devote approximately one to two pages to this section.
Research Questions Comment by Northcentral University: Tip: Research questions beginning with “To what extent…” or “Under what conditions…” yield more meaningful data than questions that generate yes/no responses such as “Is Variable 1 significantly related to Variable 2?”
Begin writing here…
RQ1 Comment by Northcentral University: Sub questions are allowed if you want to examine more in-depth research questions. For example, if the first research question has two sub questions, they would be denoted as RQ1a and RQ1b.
Use APA level 3 headings for each research question. The level 3 heading is flush left, title case, bolded, and italicized. The text begins as a new paragraph. Apply level 3 headings using the Heading 3 style under the Styles gallery.
Review Section 2.27 in the APA 7th edition manual, and locate more information on APA headings here.
Text…
RQ2 Comment by Northcentral University: Repeat this process for each research question.
Text…
Hypotheses Comment by Northcentral University: Hypotheses are only listed in quantitative and mixed methods studies. Comment by Northcentral University: The hypotheses must align with the research questions so RQ1 matches H1, etc.
H10
Text…
H1a
Text…
H20
Text…
H2a Comment by Northcentral University: Repeat this process for each hypothesis.
Maintain Level 3 heading formatting for each hypothesis.
Text…
Checklist:
☐ Present research questions directly answerable, specific, and testable within the given timeframe and location identified in the problem and purpose statements.
☐ Include the exact same variables/constructs, participants, and location mentioned in the problem and purpose statements. No new variables/constructs should be introduced.
Significance of the Study Comment by Northcentral University: Tip: Consider the professional and academic audiences who might be interested in the study results and why.
Begin writing here…
Checklist:
Describe why the study is important and how it can contribute to the field of study.
☐ For applied studies, explain how the results might both be significant to leaders and practitioners in the field and contribute to the literature. For PhD studies, explain how the results advance the guiding framework and contribute to the literature.
☐ Describe the benefits of addressing the study problem, achieving the study purpose, and answering the research questions. Whereas the problem statement should articulate the negative consequences of not conducting the study, this section should highlight the positive consequences of completing the study.
Definitions of Key Terms
Term 1 Comment by Northcentral University: Replace “Term 1” with the first term and provide the definition and citation(s). Repeat this process for all the key terms.
Text… Comment by Northcentral University: Maintain Level 3 heading formatting for each term.
Term 2
Text…
Checklist:
☐ Alphabetize and bold terms directly related to the dissertation topic and not commonly used or understood.
☐ Paraphrase the definitions of the terms using complete sentences and provide a citation for each one.
☐ Do not
define theories, conceptual frameworks, statistical analyses, methodological terms, or the variables/constructs under examination.
Summary
Begin writing here…
Checklist:
☐ Briefly restate the key points discussed in the chapter. Review the headings and/or table of contents to ensure all key points are covered.
Chapter 2: Literature Review Comment by Northcentral University: Tip: Think of Chapter 2 as a funnel and lead the reader from the broad context of the study to an explanation of why this specific study is needed. Comment by Northcentral University: Tip: To ensure your study is relevant and current, continue to expand and update the literature review through the final dissertation manuscript draft. Comment by Northcentral University: Tip: For exemplars on what synthesis and critical analysis look like, try searching for published literature using the following terms “critical review of the literature [school]”, inserting the name of your school.
Comment by Northcentral University: The Academic Success Center has a weekly group session on Synthesis and Analysis. Learn more about this session and find the link to register here.
Begin writing here…
Checklist:
☐ Begin with the first sentence of the purpose statement and problem statement that leads to a brief explanation of the organization of the literature review. Do not simply cut and paste the Purpose Statement section from Chapter 1.
☐ Provide an overview of the sub-headings in the literature that will be discussed.
☐ At the end of this section, indicate the databases accessed and the search engines used. Discuss all the search parameters, including the search terms and their combinations (with more detailed search terms located in an appendix, if appropriate), range of years, and types of literature.
☐ Devote approximately 30 to 60 pages
to this chapter to include citations to at least 50 relevant sources. Comment by Northcentral University: Chapter 2 includes the statement that it is to have 30-60 pages. Depending on the topic this can be shorter. Refer to your Chair for guidance.
Theoretical or Conceptual Framework Comment by Northcentral University: Select the heading that reflects whether you are using a theoretical or conceptual framework, but do not keep both words in the title. For PhD – Theoretical Framework, for applied doctorate Conceptual Framework.
Begin writing here…
Checklist:
☐ Describe the guiding theoretical/conceptual framework of the study, including the definitions of all the concepts, an explanation of the relationships among the concepts, and a presentation of all the assumptions and propositions.
☐ Explain the origin and development of the framework. Demonstrate detailed knowledge of and familiarity with both the historical and the current literature on the framework.
☐ Identify existing research studies that used this framework in a similar way. Mention alternative frameworks, with a justification of why the selected framework was chosen.
☐ Describe how and why the selected framework relates to the present study and how it guided the development of the problem statement, purpose statement, and research questions.
Subtopic Comment by Northcentral University: Replace “Subtopic” with an idea from the integrative critical review of the literature. Repeat this process until each idea is included.
Begin writing here…
Level 3 Heading Comment by Northcentral University: The level 3 heading is flush left, bolded, and italicized. The title should be in tile case, and the text begins as a new paragraph after the heading. Apply additional level 3 headings using the Heading 3 style options under the Styles gallery. Use APA’s Headings guide to assist with proper header formatting. Comment by Northcentral University: If additional subheadings are needed, use this format per APA guidelines.
Text…
Level 4 Heading. Text… Comment by Northcentral University: The level 4 heading is indented and bolded. The title should be in tile case, and the title ends with a period. The text begins directly after the heading in normal paragraph format. Apply additional level 4 headings using the Heading 4 style option in the Styles gallery. Use APA’s Headings guide to assist with proper header formatting.
Checklist:
☐ Critically analyze (i.e., note the strengths and weaknesses) and synthesize (i.e., integrate) the existing research. Rather than reporting on each study independently, describe everything known on the topic by reviewing the entire body of work.
☐ Present a balanced integrative critical review of the literature, ensuring all points of view are included. Cover all the important issues with a discussion of areas of convergence (i.e., agreement) and divergence (i.e., disagreement). Provide potential explanations for areas of divergence. Comment by Northcentral University: Tip: Use the Academic Success Center’s Synthesis and Analysis guide that has several resources, including a synthesis matrix to assist with this section.
☐ Address issues of authority, audience, and/or bias/point of view in the sources used.
Summary Comment by Northcentral University: Tip: In essence, the summary is the “take-home” message of the integrative critical review of the literature with a specific emphasis on how the literature supports the need for your study.
Begin writing here…
Checklist:
☐ Briefly restate the key points discussed in the chapter. Review the headings and/or table of contents to ensure all key points are covered.
☐ Highlight areas of convergence and divergence as well as gaps in the literature that support the need for the study. This discussion should logically lead to Chapter 3, where the research methodology and design will be discussed.
Chapter 3: Research Method
Checklist:
☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim. Comment by Northcentral University: You can copy and paste from your Chapter 1.
☐ Provide a brief overview of the contents of this chapter, including a statement that identifies the research methodology and design.
Research Methodology and Design Comment by Northcentral University: Tip: The Academic Success Center has a weekly group session on Writing Research Design. Learn more about this session and find the link to register here.
Begin writing here…
Checklist:
☐ Describe the research methodology and design. Elaborate upon their appropriateness in relation to the study problem, purpose, and research questions.
☐ Identify alternative methodologies and designs and indicate why they were determined to be less appropriate than the ones selected. Do not simply list and describe research methodologies and designs in general.
Population and Sample Comment by Northcentral University: Tip: Depending on the study design, the population might include but not be limited to a group of people, a set of organizations, documents, or archived data.
Begin writing here…
Checklist:
☐ Describe the population, including the estimated size and relevant characteristics.
☐ Explain why the population is appropriate, given the study problem, purpose, and research questions.
☐ Describe the sample that will be (proposal) or was (manuscript) obtained.
☐ Explain why the sample is appropriate, given the study problem, purpose, and research questions.
☐ Explain the type of sampling used and why it is appropriate for the dissertation proposal methodology and design. For qualitative studies, evidence must be presented that saturation will be (proposal) or was (manuscript) reached. For quantitative studies, a power analysis must be reported to include the parameters (e.g., effect size, alpha, beta, and number of groups) included, and evidence must be presented that the minimum required sample size will be (proposal) or was (manuscript) reached.
☐ Describe how the participants will be (proposal) or were (manuscript) recruited (e.g., email lists from professional organizations, flyers) and/or the data will be (proposal) or were (manuscript) obtained (e.g., archived data, public records) with sufficient detail so the study could be replicated. Comment by Northcentral University: Tip: Many qualitative and mixed methods studies require multiple sources of data. Describe how the data will be (proposal) or were (manuscript) obtained from each source.
Materials or Instrumentation Comment by Northcentral University: Tip: In quantitative studies, the development of a new instrument is discouraged due to the time and skills required to create a valid and reliable instrument. A thorough and extensive search of the literature should be done to locate an appropriate psychometrically sound instrument. However, if such an instrument is not located after a thorough search, and you plan to develop a new instrument, consult survey item and instrument development resources and plan piloting and validation procedures. Describe the development process in detail and provide evidence of the instrument’s validity and reliability. Include the final instrument developed based on those findings. The evidence of validity and reliability should be reported in Chapter 4.
In qualitative studies, using a newly developed interview protocol based on the literature is more common and acceptable. Describe the development process in detail followed by the field testing processes used and subsequent modification made. Comment by Northcentral University: Select the heading that reflects which of the two you will be doing.
Begin writing here…
Checklist:
☐ Describe the instruments (e.g., tests, questionnaires, observation protocols) that will be (proposal) or were (manuscript) used, including information on their origin and evidence of their reliability and validity. OR as applicable, describe the materials to be used (e.g., lesson plans for interventions, webinars, or archived data, etc.).
☐ Describe in detail any field testing or pilot testing of instruments to include their results and any subsequent modifications. Comment by Northcentral University: Verify with the IRB whether permission is needed or a pilot application needs to be completed. Locate IRB resources here.
☐ If instruments or materials are used that were developed by another researcher, include evidence in the appendix that permission was granted to use the instrument(s) and/or material(s) and refer to that fact and the appendix in this section.
Operational Definitions of Variables Comment by Northcentral University: Include this section in quantitative/mixed methods studies only. Comment by Northcentral University: Operational definitions are distinct from the conceptual definitions provided in the Definition of Terms section. Specifically, operational definitions indicate how the variables will be (proposal) or were (manuscript) measured. Comment by Northcentral University: A paragraph is not required to introduce the operational definitions; a single sentence introducing this section is sufficient.
Begin writing here…
XXX Comment by Northcentral University: Replace “XXX” with the first study variable. Repeat this process for all the study variables.
Maintain Level 3 heading formatting for each variable.
Text…
Checklist:
☐ For quantitative and mixed methods studies, identify how each variable will be (proposal) or was (manuscript) used in the study. Use terminology appropriate for the selected statistical test (e.g., independent/dependent, predictor/criterion, mediator, moderator).
☐ Base the operational definitions on published research and valid and reliable instruments.
☐ Identify the specific instrument that will be (proposal) or was (manuscript) used to measure each variable.
☐ Describe the level of measurement of each variable (e.g., nominal, ordinal, interval, ratio), potential scores for each variable (e.g., the range [0–100] or levels [low, medium, high]), and data sources. If appropriate, identify what specific scores (e.g., subscale scores, total scores) will be (proposal) or were (manuscript) included in the analysis and how they will be (proposal) or were (manuscript) derived (e.g., calculating the sum, difference, average).
Study Procedures
Begin writing here…
Checklist:
☐ Describe the exact steps that will be (proposal) or were (manuscript) followed to collect the data, addressing what data as well as how, when, from where, and from whom those data will be (proposal) or were (manuscript) collected in enough detail the study can be replicated.
Data Analysis Comment by Northcentral University: The Academic Success Center has a weekly group session on both Writing Quantitative and Writing Qualitative Analysis. Learn more about these sessions and find the link to register here.
Begin writing here…
Checklist:
☐ Describe the strategies that will be (proposal) or were (manuscript) used to code and/or analyze the data, and any software that will be (proposal) or was (manuscript) used.
☐ Ensure the data that will be (proposal) or were (manuscript) analyzed can be used to answer the research questions and/or test the hypotheses with the ultimate goal of addressing the identified problem.
☐ Use proper terminology in association with each design/analysis (e.g., independent variable and dependent variable for an experimental design, predictor and criterion variables for regression).
☐ For quantitative studies, describe the analysis that will be (proposal) or was (manuscript) used to test each hypothesis. Provide evidence the statistical test chosen is appropriate to test the hypotheses and the data meet the assumptions of the statistical tests.
☐ For qualitative studies, describe how the data will be (proposal) or were (manuscript) processed and analyzed, including any triangulation efforts. Explain the role of the researcher.
☐ For mixed methods studies, include all of the above.
Assumptions Comment by Northcentral University: Tip: Assumptions, limitations, and delimitations are related but distinct concepts. For additional information, click here.
Begin writing here…
Checklist:
☐ Discuss the assumptions along with the corresponding rationale underlying them.
Limitations Comment by Northcentral University: Tip: The study limitations will be revisited in Chapter 5.
Begin writing here…
Checklist:
☐ Describe the study limitations.
☐ Discuss the measures taken to mitigate these limitations.
Delimitations Comment by Northcentral University: Tip: Limited time and resources are not considered to be limitations or delimitations, as all studies are limited by these factors.
Begin writing here…
Checklist:
☐ Describe the study delimitations along with the corresponding rationale underlying them. An example of delimitations are the conditions and parameters set intentionally by the researcher or by selection of the population and sample.
☐ Explain how these research decisions relate to the existing literature and theoretical/conceptual framework, problem statement, purpose statement, and research questions.
Ethical Assurances Comment by Northcentral University: Tip: When research involves human subjects, certain ethical issues can occur. They include but are not limited to protection from harm, informed consent, right to privacy, and honesty with professional colleagues.
Begin writing here…
Checklist:
☐ Confirm in a statement the study will (proposal) or did (manuscript) receive approval from Northcentral University’s Institutional Review Board (IRB) prior to data collection.
☐ If the risk to participants is greater than minimal, discuss the relevant ethical issues and how they will be (proposal) or were (manuscript) addressed. Comment by Northcentral University: Tip: For guidance on ethical considerations in human subjects research, click here.
☐ Describe how confidentiality or anonymity will be (proposal) or was (manuscript) achieved.
☐ Identify how the data will be (proposal) or were (manuscript) securely stored in accordance with IRB requirements.
☐ Describe the role of the researcher in the study. Discuss relevant issues, including biases as well as personal and professional experiences with the topic, problem, or context. Present the strategies that will be (proposal) or were (manuscript) used to prevent these biases and experiences from influencing the analysis or findings.
☐ In the dissertation manuscript only, include the IRB approval letter in an appendix.
Summary
Begin writing here…
Checklist:
☐ Summarize the key points presented in the chapter.
☐ Logically lead the reader to the next chapter on the findings of the study.
Chapter 4: Findings
Begin writing here…
Checklist:
☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim and the organization of the chapter.
☐ Organize the entire chapter around the research questions/hypotheses. Comment by Northcentral University: Tip: Review peer-reviewed research articles to locate examples of how to report results generated using the research design used in your study.
XXX of the Data Comment by Northcentral University: Replace “XXX” with “Trustworthiness” for a qualitative study or “Validity and Reliability” for a quantitative study. For mixed methods studies, replace “XXX” with “Trustworthiness/Validity and Reliability.”.
Checklist:
☐ For qualitative studies, clearly identify the means by which the trustworthiness of the data was established. Discuss credibility (e.g., triangulation, member checks), transferability (e.g., the extent to which the findings are generalizable to other situations), dependability (e.g., an in-depth description of the methodology and design to allow the study to be repeated), and confirmability (e.g., the steps to ensure the data and findings are not due to participant and/or researcher bias).
☐ For quantitative studies, explain the extent to which the data meet the assumptions of the statistical test and identify any potential factors that might impact the interpretation of the findings. Provide evidence of the psychometric soundness (i.e., adequate validity and reliability) of the instruments from the literature as well as in this study (as appropriate). Do not merely list and describe all the measures of validity and reliability.
☐ Mixed methods studies should include discussions of the trustworthiness of the data as well as validity and reliability.
Results Comment by Northcentral University: Tip: Present sufficient information so the reader can make an independent judgment regarding the interpretation of the findings.
Begin writing here…
Checklist:
☐ Briefly discuss the overall study. Organize the presentation of the results by the research questions/hypotheses.
☐ Objectively report the results of the analysis without discussion, interpretation, or speculation.
☐ Provide an overview of the demographic information collected. It can be presented in a table. Ensure no potentially identifying information is reported.
Research Question 1/Hypothesis Comment by Northcentral University: Repeat this process for each research question.
Text…
☐ Report all the results (without discussion) salient to the research question/hypothesis. Identify common themes or patterns.
☐Use tables and/or figures to report the results as appropriate. Comment by Northcentral University: Tip: Tables and figures should not be included on the same page. If you introduce a table or figure in the middle of the page and there is not enough room to include the entire table or figure on the page, it must be placed on the next page. Perform a hard right return (hold down the shift key while hitting the return key) and begin the table on the next page. Comment by Northcentral University: Tip: Tables and figures should be placed with the corresponding research question. The formatting of tables varies, depending on the statistical test. Follow APA formatting requirements for tables, titles, figures, and captions. Comment by Northcentral University: Tip: Tables and figures must be referenced in the text. Please refer to APA guidelines regarding when and how to use tables and figures. Do not fully describe data in the text and also present them in a table.
☐ For quantitative studies, report any additional descriptive information as appropriate. Identify the assumptions of the statistical test and explain how the extent to which the data met these assumptions was tested. Report any violations and describe how they were managed as appropriate. Make decisions based on the results of the statistical analysis. Include relevant test statistics, p values, and effect sizes in accordance with APA requirements.
☐ For qualitative studies, describe the steps taken to analyze the data to explain how the themes and categories were generated. Include thick descriptions of the participants’ experiences. Provide a comprehensive and coherent reconstruction of the information obtained from all the participants. Comment by Northcentral University: Tip: Review published articles that used the same design for examples of how to present qualitative, thematic findings.
☐ For mixed methods studies, include all of the above.
Evaluation of the Findings Comment by Northcentral University: The Academic Success Center has a weekly group session on both Writing Quantitative and Writing Qualitative Analysis. Learn more about these sessions and find the link to register here.
Begin writing here…
Checklist:
☐ Interpret the results in light of the existing research and theoretical or conceptual framework (as discussed in Chapters 1 and 2). Briefly indicate the extent to which the results were consistent with existing research and theory.
☐ Organize this discussion by research question/hypothesis.
☐ Do not draw conclusions beyond what can be interpreted directly from the results.
☐ Devote approximately one to two pages to this section.
Summary
Begin writing here…
Checklist:
☐ Summarize the key points presented in the chapter.
Chapter 5: Implications, Recommendations, and Conclusions Comment by Northcentral University: Tip: A common tendency is to rush through Chapter 5 and fail to develop ideas fully. Take time to remember why the study was important in the first place and ensure Chapter 5 demonstrates and reflects the depth and importance of the study. Refer back to the study problem and significance and consider what professional and academic organizations might be interested in your research findings. As you complete Chapter 5, seek out avenues to present and publish your research.
Begin writing here…
Checklist:
☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim, and a brief review of methodology, design, results, and limitations.
☐ Conclude with a brief overview of the chapter.
Implications
Begin writing here…
Checklist:
☐ Organize the discussion around each research question and (when appropriate) hypothesis individually. Support all the conclusions with one or more findings from the study.
☐ Discuss any factors that might have influenced the interpretation of the results.
☐ Present the results in the context of the study by describing the extent to which they address the study problem and purpose and contribute to the existing literature and framework described in Chapter 2.
☐ Describe the extent to which the results are consistent with existing research and theory and provide potential explanations for unexpected or divergent results.
☐ Identify the most significant implications and consequences of the dissertation (whether positive and/or negative) to society/desired societal outcomes and distinguish probable from improbable implications.
Research Question 1/Hypothesis Comment by Northcentral University: Repeat this process for each research question.
Text…
Recommendations for Practice
Begin writing here…
Checklist:
☐ Discuss recommendations for how the findings of the study can be applied to practice and/or theory. Support all the recommendations with at least one finding from the study and frame them in the literature from Chapter 2.
☐ Do not overstate the applicability of the findings.
Recommendations for Future Research
Begin writing here…
Checklist:
Based on the framework, findings, and implications, explain what future researchers might do to learn from and build upon this study. Justify these explanations.
☐ Discuss how future researchers can improve upon this study, given its limitations.
☐ Explain what the next logical step is in this line of research.
Conclusions
Begin writing here…
Checklist:
☐ Provide a strong, concise conclusion to include a summary of the study, the problem addressed, and the importance of the study.
☐ Present the “take-home message” of the entire study.
☐ Emphasize what the results of the study mean with respect to previous research and either theory (PhD studies) or practice (applied studies).
References Comment by Northcentral University: Tip: Create your reference list as you develop each section. As each citation is included in the paper, insert the reference in this section.
Use the level 1 heading for the References title.
If using a citation software, ensure all information is included and properly formatted. Although such programs can be helpful, they are not always correct. Comment by Northcentral University: For each reference listed, there must be at least one corresponding citation within the body of the text and vice versa.
The References should be alphabetized by the last name of the first author.
Note. Academic Writer, an APA Style resource provided to NCU students, has over 150 sample references. Learn how to register for an account here.
Reference 1
Reference 2
Author, A., & Author, B. (year). Article title. Journal title, X(X), xxx-xxx.
https://doi.org/xxxxx
Appendix A
XXX Comment by Northcentral University: Each appendix referenced in the text should appear in this section at the end of the manuscript. Appendices should be listed in the order referenced in the text.
Remember to include each appendix in your Table of Contents. Apply the level 1 heading for each appendix title and the appendix name. Replace “XXX” with the appendix name.
Insert Appendix A content here… Comment by Northcentral University: Be sure to de-identify all materials so readers cannot identify participants or where data were specifically collected.
Appendix B
XXX
Insert/type Appendix n content here…
17
Knowledge Management Strategies on the Competitive Advantage of Medium-Sized Enterprises: A Qualitative Case Study
Dissertation Proposal
Submitted to Northcentral University
School of Business
in Partial Fulfillment of the
Requirements for the Degree of
DOCTOR OF PHILOSOPHY
by
San Diego, California
January 2022
Abstract
This study is qualitative research on the Impact of Organizational Culture on Knowledge
Management in medium-sized enterprises. The focus of this research is to determine the impact of knowledge management strategies on the competitive advantage of Medium-Sized Enterprises. The research problem for this study is why Medium-Sized Enterprises experience lowered competitive advantage when faced with the inability to utilize organizational cultural strategies that promote knowledge management. Medium-Sized Enterprises face resource constraints in terms of human resources, finances, and time. This inhibits their capability of taking advantage of knowledge management benefits that give them a competitive advantage in the market. The purpose of this qualitative study is to examine the impact of organizational cultural strategies that promote investment in knowledge management within Medium-Sized Enterprises. The guiding theoretical framework for this study is Ecological Knowledge Management Theory that comprises of the four elements knowledge distribution, knowledge competition, knowledge interaction, and knowledge evolution. The research methodology that will be applied in this research is qualitative research. The case study will be the research design that will be used for this research. The research instruments that will be used in this research include interviews, observation, reading, and document review.
Acknowledgments
Table of Contents
Chapter 1: Introduction 1
Statement of the Problem 3
Purpose of the Study 5
Introduction to Theoretical Framework 6
Introduction to Research Methodology and Design 7
Research Questions 8
RQ1 8
RQ2 8
Significance of the Study 8
Definitions of Key Terms 10
Medium-Sized Enterprises 10
Summary 10
Chapter 2: Literature Review 12
Conceptual Framework 12
The Domains of Knowledge Management 13
Leadership 13
Strategies of Leadership 14
Vision 14
Motivation 15
Value of learning 15
Strategic planning 15
Culture 16
Chapter 3: Research Method 17
Research Methodology and Design 17
Population and Sample. 23
Materials or Instruments 25
Assumptions 29
Limitations 30
Delimitations 30
Ethical Assurances 31
Summary 31
Chapter 4: Findings 33
Reliability of the Data 33
Results 34
Research Question 1 34
Research Question 2 35
Evaluation of the Findings 35
Summary 36
References 37
List of Tables
1
vii
Chapter 1: Introduction
Knowledge management is crucial in developing and sustaining organizational strategies. Knowledge management involves the collection, analysis, classification, dissemination, and reuse of data to bolster business activities (Jones & Shideh, 2021). Organizations use knowledge management systems for various reasons. Some purposes of knowledge management are increasing revenues, expanding market shares, creating customer-specific products, targeting messaging and advertisements. Many large corporate organizations have successfully installed knowledge management systems within their operations and gained a competitive advantage within their specialization areas (Hussain et al., 2021). On the contrary, medium-sized enterprises continue to experience challenges of installing knowledge management systems to gain a competitive advantage, meet their strategies, and stay at the top of the pyramid (Mazorodze & Buckley, 2021).
Knowledge management is fundamental to all organizations regardless of the product or industry. These organizations rely on the knowledge and expertise of their employees and stakeholders for them to be successful (Mazorodze & Buckley, 2021). Knowledge is an essential asset for organizations. Organizations need to incorporate processes that grow, store, and share the knowledge between stakeholders to increase effective use of knowledge and stakeholder efficiency. According to Priya et al. (2019) an effective knowledge management system is dependent on employees and what they choose to share. Employees ensure a lasting benefit to the organization by implementing efficient knowledge management strategies. Knowledge management can present challenges to the business if the employees are not able to adequately apply knowledge management strategies. These challenges can be highlighted if the search mechanisms of knowledge management within the organization are not powerful and produce inaccurate results or the organization does not have up to date information (Priya et al., 2019).
Medium-Sized Enterprises encounter resource challenges as opposed to large organizations. These resource constraints hinder medium-sized enterprises from implementing knowledge management strategies in their business operations. Limited finances, human resources, infrastructure, and time characterize resource constraints for Medium-Sized Enterprises (Schropfer et al., 2017). This generally leads to knowledge loss and mismanagement of organizational information (Wei et al., 2017). These outcomes generate loopholes for Medium-Sized Enterprises and the inability to take advantage of information retention and analysis. Failure to implement organizational cultural norms that encourage knowledge management efficacy for Medium-Sized Enterprises minimizes their competitive advantage in the market.
This research topic is relevant because investment in knowledge management is an emergent business tactic that improves the competitive advantage of organizations in their respective industries (Rialti et al., 2020). This research will also help develop a detailed analysis of knowledge management, Medium-Sized Enterprises, and organizational culture. This research will enhance scholar knowledge on the benefits of knowledge management in Medium-Sized Enterprises. Knowledge management allows organizational stakeholders to stimulate cultural changes and innovation which helps the organization to evolve to the dynamic business need in their market.
The study of knowledge management impact on Medium-Sized Enterprises is crucial because there is an increasing number of Medium-Sized Enterprises embracing knowledge management strategies in their business operations. This study will provide information that can be used to assess the positive and negative impact of applying certain knowledge management strategies in Medium-Sized Enterprises. Additionally, scholars and researchers can utilize this study as a knowledge base for future research. This research is aimed at contributing to the field of business and organizational leadership that can be referenced by future scholars
There has been various research conducted on knowledge management. A study conducted on the impact of knowledge management in improving organizational effectiveness determined the link between organizational effectiveness and knowledge management and how competitive advantage is generated in the business world (Finn, 2013). Ngulube (2019) maps the methodological issues that arise during knowledge management research. Researchers have conducted studies to determine the factors that influence knowledge management in practice. Existent research by previous researchers will help to create a balance between individual work and collaborative work from the scholar community.
Statement of the Problem
The problem to be addressed in the study is why Medium-Sized Enterprises experience lower competitive advantage when faced with the inability to utilize organizational cultural strategies that promote knowledge management (Rialti et al., 2020). Medium-Sized Enterprises face financial and resource constraints to invest in business strategies like knowledge management. Few Medium-Sized Enterprises have calculated the cost of knowledge management. They rarely adopt practices targeted at improving knowledge management (Castagna et al., 2020). Medium-Sized Enterprises experience knowledge loss because of financial and resource constraints during investment in knowledge management and failure to integrate organizational cultural strategies that foster knowledge management. Hence, Medium-Sized Enterprises miss out on the benefits of knowledge management in better decision making, improved organizational agility, increased rate of innovation, quick problem-solving, improved business processes, employee growth and development, better communication, and competitive advantage (Yekkeh et al., 2021).
Organizations that apply knowledge management tactics in their business strategies help maximize their gains in multiple ways (Przysucha, 2017). Medium-Sized Enterprise organizational culture is not focused on management investment, strategies, and benefits. (Chen, Liang, & Lin, 2010). According to Hussain et al. (2021), organizational culture is influential in promoting behaviors fundamental to knowledge management. These behaviors include sharing and creating knowledge and mediating the relationships between individual knowledge and organizational knowledge. Organizational culture shapes employee attitude, behavior, and identity. Knowledge is a fundamental resource for all organizations, including Medium-Sized Enterprises (Castagna et al., 2020). The increase in competition and advanced management strategies in companies has heightened the need for organizations to implement knowledge management strategies to gain a competitive edge.
Knowledge management is mostly referred to as a general improvement practice that is used to enhance the effectiveness of knowledge in organizations especially in intensive companies (Peter, 2002). Medium-Sized Enterprises face risks and problems due to immaturity of knowledge management practices and failure to integrate knowledge management in their organizational culture that will ensure consistent knowledge management practices for the organization. A lack of consistency in knowledge management practices for the organization gradually lowers the capability of Medium-Sized Enterprises to maintain a competitive edge in their industries. If this problem is not addressed, Medium-Sized Enterprises face the risk of instability and inability to foster rapid adaptation to the changing market demands and technology in the business environment (Peter, 2002).
Purpose of the Study
The purpose of this qualitative exploratory case study is to examine the impact of organizational culture norms that promote investment in knowledge management strategies in Medium-Sized Enterprises. The aim of this research is systematic management of Medium-Sized Enterprise knowledge assets to meet strategic and tactical requirements and creating value for the organization (Jonsson, 2015). By implementing knowledge management strategies in Medium-Sized Enterprises enhances competitive advantage and improves organizational success. This is possible through effective use of knowledge resources and assets to provide the ability to respond and innovate to changing market demands.
The target population for this research is a medium-sized information technology company located in the northeastern part of the United States. The organization employs at least 50 participants for it to run normally. A sample of 26 participants will be recruited from the target population to participate in the study because a number slightly above half the population will yield comprehensive results. A sample size is selected based on demographics like physical location, availability, and reliability, (Jenkins et al., 2020).
The research instruments that will be used to collect data from the research participants will include individual in-person and video-conferencing interviews. The interviews will take approximately thirty to forty-five minutes. Interviews will be conducted for data collection purposes. During the interviews, the researcher will describe the purpose of the research and inform the participants that they can stop the interview process at any time. The qualitative data collected for this study will be analyzed using descriptive analysis. Descriptive analysis is the investigation of the distribution of complex and critical data into proper numbers and figures by identifying the association between various numerous and data on knowledge management in the Medium-Sized Enterprise.
The research process of this study will incorporate identifying an ideal sample from the target population at the Medium-Sized Enterprise, defining the sampling frame, data collection, data analysis, and the major processes of the research and the results. All participant information collected during this research will be kept confidential and securely stored. Inductive coding will be used to code the dataset used in this research. Thematic analysis will be used to analyze data collected from this research.
Introduction to Theoretical Framework
The theory that will be applicable for this study is the Ecological Knowledge Management theory. The Ecological Knowledge Management theory deals with people, relationships, and learning communities (Martins et al., 2019). Knowledge management research can be traced to the 1970s where the early work focused on sociology of knowledge around organizations and technical work in knowledge-based expert systems. Previous knowledge management frameworks focused on knowledge management from a process view. This includes activities like storage, transfer, retrieval, and application of knowledge from one generation to another. Ecology is used to analyze the relationship among members and how they interact with the environment (Martins et al., 2019).
The Ecological Knowledge Management Theory is a model that comprises knowledge interaction, knowledge distribution, knowledge evolution, and knowledge competition. This model is effective in determining the knowledge management strategies and how they are applied in organizations. The theory will be essential in explaining how the interaction of the human resource, clients, and technology can be used to establish knowledge management systems in organizations. The Ecological Knowledge Management Theory applies to this study because it consists of four elements that interact with each other to evolve and enhance a healthy knowledge ecology within organizations (Raudeliuniene et al., 2018). The four elements are knowledge distribution, knowledge interaction, knowledge competition and knowledge evolution. According to Deng-Neng et al. (2010) maintaining an effective knowledge ecology in organizations is fundamental for the success of knowledge management within the organization. The Ecological Knowledge Management Model will guide the researcher in identifying the impact of knowledge management strategies in Medium-Sized Enterprises.
Introduction to Research Methodology and Design
The research methodology applied in this study is qualitative research. Qualitative research is a social science research method used to collect data by working with non-numerical data and seeks to interpret meaning from the data collected. An exploratory case study was selected for this research because it demonstrates the significance of this study and provides factual evidence to persuade the reader (Rhee et al., 2015). Qualitative research methodology for this research is aimed at understanding the impact of knowledge management in Medium-Sized enterprises. The exploratory case study research design is fundamental to this research because it will demonstrate the significance of this research to the industry (Rhee et al., 2015).
This study will be conducted on Medium-Sized Enterprises. By implementing a qualitative research method will allow the researcher to analyze Medium-Sized Enterprises, organizational culture, and knowledge management amongst other major concepts in this study. The qualitative research method is applicable for this study because it provides the researcher with qualitative data that will be used to analyze the impact of knowledge management strategies on Medium-Sized Enterprises. The data collection process will characterize the use of research instruments like interviews, reading, and observation. The validity of this research will be determined by the appropriateness of the research instruments applied (Aithal, 2017).
This research will focus on how Medium-Sized Enterprises incorporate these knowledge management strategies into their organizational culture. Case study research design, the in-depth study of a phenomenon method, is pertinent for this study because it requires careful formulation, examination, and listing of assumptions of the research in open-ended problems, (Leung, 2015). The research methodology applied in this study will help identify the impact of knowledge management strategies on Medium-Sized Enterprises and how it affects their competitive capability in the industries that they operate in.
Research Questions
RQ1
How does organizational culture affect knowledge management within the medium-Sized Enterprise?
RQ2
How does investment in knowledge management improve the competitive advantage for the Medium-Sized Enterprise?
Significance of the Study
The findings of this research will contribute to the success of Medium-Sized Enterprises because organizational culture is an essential component in all organizations. This study will aim to identify how organizational culture that promotes knowledge management in Medium-Sized Enterprises can increase competitive advantage. This research is highly significant because the competitive advantage is important to Medium-Sized Enterprises. If organizations generate higher benefits, then Medium-Sized Enterprises could help improve residual value for the same desired value. This will increase the competitive advantage for the enterprise (Jones et al., 2021).
The data collected in will help evaluate how the organizational culture can be used to improve the competitive advantage of Medium-Sized Enterprises. This study will prepare organizational leaders in dealing with competitive advantage issues that are brought about by an organizational culture that does not support knowledge management in Medium-Sized Enterprises. Also, the study will contribute to the body of knowledge in business administration and organizational leadership and business by investigating how the organizational culture of Medium-Sized Enterprises can be used to increase their competitive advantage. The findings of this study will highlight the aspects of knowledge management that enhance competitive advantage for Medium-Sized Enterprises in their industries. The aspects of knowledge management that will be studied include process, people, content information technology, and strategy. The aspects of knowledge management are vital in determining how knowledge is handled, shared, analyzed, and used to make decisions within organizations.
The study’s purpose is to explore and address the challenges that face Medium-sized Enterprises as they work towards establishing knowledge management systems. Medium-sized enterprises have failed to launch knowledge management systems successfully and this research could be a turning point (Hussain et al., 2021, Mazorodze, & Buckley, 2021). The aim of the study is to highlight how the problems associated with implementing knowledge management systems could be solved by the relevant stakeholders. Solutions could include government interventions or a Medium-size Enterprise commitment to Knowledge Management Systems (Mazorodze & Buckley, 2021). Lastly, research on this topic could provide opportunities for future research by other scholars in the field of organizational culture and strategic management.
This research will also be significant to practice because it will enhance the development of organizational leadership. This study will foster a new understanding of knowledge management in Medium-Sized enterprises, enhance concepts, and add to the body of knowledge. The successful completion of this research will provide organizational leaders in Medium-Sized Enterprises with the knowledge management strategies that will lead to quicker problem-solving, improved organizational agility, better and faster decision making, increased rate of innovation, supported employee growth and development, improved business processes, and better communication (Mazorodze et al., 2019).
Definitions of Key Terms
Medium-Sized Enterprises
Medium-Sized Enterprises are enterprises that employ 250 or fewer employees. These enterprises do not exceed an annual turnover of $50 million (Chen, 2006).
Knowledge Management
Knowledge management is the process of structuring, defining, sharing, and retaining knowledge and employee experience within an organization (Maier et al., 2011).
Summary
This research study will focus focused on how Medium-Sized Enterprises incorporate knowledge management in their organizational culture. Knowledge management helps organizations to expand their market share, increase revenues, help with target messaging, create customer specific products, and better organizational advertisements. The statement of the problem for this research is why Medium-Sized Enterprises face lower competitive advantage for their inability to utilize organizational cultural strategies that promote knowledge management. The purpose of this study is to contribute to the success of Medium-Sized enterprises in their specific industries by introducing effective knowledge management strategies in the organizational culture of Medium-Sized enterprises. The theoretical framework Ecological Knowledge Management Theory will guide the development of this research. Chapter 2 of this dissertation will focus on the literature review of this study. The next chapter will entail a discussion on the impact of knowledge management strategies and rationale for lower competitive advantage on medium-sized enterprises.
Chapter 2: Literature Review
In this chapter, relevant literature information related and consistent with the objectives of the study was reviewed. Important issues and practical problems were brought out and critically examined so as to determine the current situation. This section was vital as it determined the information that links the research with past studies and what future studies would need to explore so as to improve knowledge.
Conceptual Framework
The literature review of this study of knowledge management is segmented into four domains: leadership, culture, technology, and measurement. These domains are aligned with research conducted by the American Productivity and Quality Center (2001).
Leadership indicates the ability of the organization to align knowledge management behaviors with organizational strategies, identify opportunities, promote the value of knowledge management, communicate best strategies, facilitate organizational learning, and develop/create metrics for assessing the impact of knowledge. Examples of the outcome of these six processes are strategic planning, hiring knowledge workers, and evaluating human resources. The leadership role is pivotal because leaders convey the messages of organizational change, and they send the signals that portray the importance of adopting knowledge management across an organization.
Culture refers to the organizational climate or pattern of sharing knowledge as related to organizational members’ behaviors, perceptions, openness, and incentive. Various committees and training development programs are examples of the culture process. Shaping an adequate culture is the most significant and challenging obstacle to overcome for successful knowledge management (Davenport et al., 2008).
Technology refers to the infrastructure of devices and systems that enhance the development and distribution of knowledge across an organization. The literature review revealed that most knowledge management researchers address the significant impact of technology and its role in effective knowledge management. However, it is notable that an overemphasis on technology might cause conceptual confusion between information management 24 and knowledge management. Gold, Malhotra, and Sedars (2011) stress that technology includes the structural dimensions necessary to mobilize social capital for the creation of new knowledge. The examples of this process are internal web-based networks, electronic databases, and so on.
Finally, measurement indicates the assessment methods of knowledge management and their relationships to organizational performance. Skyrme and Amidon (2008) suggest that knowledge management can be assessed in four dimensions: customer, internal process, innovation and learning, and financial. Although there has been skepticism regarding this type of measurement, they attempt to measure it in a way that includes benchmarking and allocating organizational resources.
The Domains of Knowledge Management
Leadership
The literature reviewed in this study affirms the pivotal role of leadership in driving organizational change and adopting and implementing knowledge management. Leadership is also essential for knowledge management systems in matters such as decision making, assigning tasks, and integrating and communicating with people. Desouza and Vanapalli (2005) claim that a leader as a knowledge champion initiates and promotes knowledge management. Seagren, Creswell, and Wheeler (2013) specifically stress that leaders need to address complicated and, yet, urgent issues through strategic planning processes that are needed to transform the institution to successfully respond to social demands. Developing quality leadership is critical at all levels 25 of an organization. Higher education leaders, in particular, must pay attention to human resources, the structure, and the cultural and political climate of the institution. Skyrme (2009) emphasizes the roles of leadership in knowledge management by delineating the work tasks of “Chief Knowledge Officer.” Leadership tasks of this role include: help the organization formulate strategy for development and exploitation of knowledge; support implementation by introducing knowledge management techniques; provide coordination for knowledge specialists; oversee the development of a knowledge infrastructure; and facilitate and support knowledge communities.
Strategies of Leadership
The literature review suggests four key characteristics of leadership that are vitally important to knowledge management: vision, motivation, value of learning, and strategic planning.
Vision
Vision is a leading factor in leadership that transforms organizations, both in terms of culture and structure. The leadership literature provides various perspectives about the concept and function of vision. Dierkes (2011) suggests that organizations in an uncertain environment require visionary leadership. In a knowledge-creating organization, Nonaka (2011) also points out that managers with vision provide a sense of direction that helps members of an organization create new knowledge. This literature review portrays vision as a characteristic that enables leaders to set a standard, facilitate the coordination of organizational activities and systems, and guide people to achieve goals. Visionary leaders address uncertainties that pose threats to an organization.
Motivation
A key to the success of knowledge management is to understand how members in an organization come to believe that they can better perform and contribute to continuous improvement. One of the contributing factors of visionary leadership is to motivate people (Dierkes, 2001). In this regard, motivation is a precondition to continuously justify the vision. Incentives designed to encourage people to share their knowledge seem to have a more positive relation with the cumulative nature of knowledge (Cohen & Levinthal, 2010; Organization for Economic Co-operation and Development [OECD], 2004). By offering vision and incentives, leadership can promote knowledge sharing and encourage people to participate in creating knowledge (Nonaka, 2011; Smith, McKeen, & Singh, 2016).
Value of learning
Learning is widely recognized as critical to the successful implementation of knowledge management strategies. Learning, or organizational learning, described in the literature converts individual, un-codified, irrelevant information or knowledge to organized, codified and, therefore, sharable and relevant knowledge (Dierkes, 2011; Nonaka & Takeuchi, 2005). Hamel (2011) posits that core competencies of organizations reside in collective learning. The development of technology reinforces innovation efforts such as facilitating collaboration as well as organizational learning (OECD, 2004).
Strategic planning
In an uncertain environment, specific preferences for the future are difficult to predict. Sanchez (2001) stresses the importance of developing future scenarios and 26 preparing responses for them. In his view, organizational learning plays a pivotal role in identifying organizational capabilities, shaping effective strategies, and creating valued knowledge. Long-term, comprehensive strategic planning involves integrating expectations and technology into a vision that enables an organization to prepare for the future (Kermally, 2002).
In summary, a number of factors contribute to the role of leadership in knowledge management practices. Based on this literature review, leadership refers to the ability that enables higher education leaders to align knowledge management behaviors with organizational strategies, offer an opportunity and a direction, identify and recognize best practices and performances, and facilitate organizational learning in order to achieve the established goals.
Culture
Based on the literature review, culture is defined as an organizational environment and a behavioral pattern that enables people to share their ideas and knowledge. According to Trice and Beyer (2013), culture is reflected in values, norms, and practices. Values are embedded, tacit in nature, and, therefore, difficult to articulate and change. Values inspire people to do something. Norms are formulated by values, but more visible than values. If members in an organization believe that sharing knowledge would benefit them, they are more likely to support the idea of sharing their skills and knowledge. Practices are the most tangible form of culture. These three forms of culture influence the behaviors of members in an organization. Organizational culture provides the context within which organizational strategies and policies are decided. A shift of organizational culture is a precondition to successfully implement knowledge management. Knowledge management must be integrated within an existing culture of an organization (Lam, 2005). Shaping a viable culture is vital to successful knowledge management (Davenport et al., 2018).
Chapter 3: Research Method
Medium-Sized Enterprises face resource constraints in terms of human resources, finances, and time (Mustafa & Elliott, 2019). This inhibits their capability to take advantage of knowledge management benefits that provide them with a competitive advantage in the market (Golinska-Dawson et al., 2021). The research problem to be addressed in this study is why medium-sized enterprises experience lower competitive advantage when faced with the inability to utilize organizational cultural strategies that promote knowledge management. The current challenge is that Medium-sized Enterprise’s experience lower competitive advantage when faced with the inability to utilize organization culture strategies that promote knowledge and management (Li et al., 2022). The purpose of this study is to examine the impact of organizational culture norms that promote investment in knowledge management strategies in Medium-Sized Enterprises. The study will examine the impact of organizational cultural strategies that promote investment in knowledge management within Medium-Sized Enterprises.
The chapter will explain the research methodology, design, and the general research framework using the sample size from which the data will be collected. The chapter will also describe the materials and instrumentations used to collect data from the research participants to identify and gather in-depth insights. The study will involve analysis meant to comprehend the subject problem in order to generate fresh concepts to be used in the research. The chapter shall also assist in understanding various opinions, experiences and concepts as well as non-numerical information or data. The study will outline how data will be collected and analyzed. The assumptions, limitations, delimitations of the study will be outlined to justify the study. Lastly, the chapter will describe the ethical practices and conclude with a chapter summary.
Research Methodology and Design
Checklist:
Describe the research methodology and design. Elaborate upon their appropriateness in relation to the study problem, purpose, and research questions. NOT MET
Identify alternative methodologies and designs and indicate why they were determined to be less appropriate than the ones selected. Do not simply list and describe research methodologies and designs in general. NOT MET
According to Schwardt (2007), Creswell and Tashakkori (2007), and Teddlie and Tashakkori (2007), methodologies explicate and define the kinds of problems that are worth investigating; what constitutes a researchable problem; testable hypotheses; how to frame a problem in such a way that it can be investigated using particular designs and procedures; and how to select and develop appropriate means of collecting data. Based on the analysis, it is important that after identifying the research problem or an area of interest, the researcher must identify appropriate method(s) to approach the problem. To provide direction to this study, the research process ‘onion’ of Saunders et al. (2003) will be adopted. The onion in Figure 1 illustrates the range of choices, paradigms, strategies, and steps followed by researchers during the research process. Comment by Dr. Deanna Davis: Run-on sentence. Please rephrase
Research Process Onion
Note: Within this research, strategies could include interviews, research experimental, research on case studies and systematic literature reviews
.
The research process onion provides a summary of the important issues that need to be taken into consideration and reviewed before undertaking any research. The different layers of the onion serve as a basis from which to consider the following: the philosophical orientation of the researcher; the research approach adopted; appropriate research strategies; the research time lines that are under review; and the data collection techniques employed by the researcher. Comment by Dr. Deanna Davis: Your content is right aligned. Please ensure that your dissertation is Left Aligned.
One of the common challenges that researcher in social sciences studies face is to choose between qualitative and quantitative methods. Goldschmidt & Matthews, (2022) justifies that research design are developed from research questions and purposes. The research questions and purpose of the study will play an essential role in justifying the most appropriate method and design for the research. Cronje (2020) argues that there is not a wrong or right methodology rather focus should be on the appropriateness of the method to the problem being investigated. An appropriate research design and method ensures that the data collected is ideal and relevant towards answering the research questions in place (Dina, 2012). The determination of which research method to use and why fundamentally depends on the research goal.
The study will utilize a qualitative research methodology and will delve into deeper issues of interest to explore nuances related to the problem. Mohajan (2018) defines qualitative research as a research method that focuses on obtaining data through open-ended and broad way of communication. The findings should not only entail what people think about the problem being addressed but also why they think so. The qualitative research method gathers answers on experiences meaning and perspectives, often from the standpoint of the participant. Comment by Dr. Deanna Davis: What do you mean by nuances? Please delete that word because that is not what Chapter 3 does not address nuances.
Qualitative research is defined as a research method that focuses on obtaining data through open-ended and conversational communication (Ormston et al., 2014). This method is not only about “what” people think but also “why” they think so. Qualitative research is based on the disciplines of social sciences like psychology, sociology, and anthropology. Mohajan (2018) defines qualitative research as a research method that focuses on obtaining data through open-ended and broad way of communication. Therefore, theThe qualitative research methods allow for in-depth and further probing and questioning of respondents based on their responses, where the interviewer/researcher also tries to understand their motivation and feelings (Reference). The qualitative research method gathers answers on experiences meaning and perspectives, often from the standpoint of the participant.
Understanding how your audience takes decisions can help derive conclusions in research.
Qualitative research starts from a fundamentally different set of beliefs or paradigms than those that underpin quantitative research. Post-positivist researchers agree with the positivist paradigm, but believe that environmental and individual differences, such as the learning culture or the learners’ capacity to learn, influence this reality, and that these differences are important (Syed & McLean, 2022). Constructivist researchers believe that there is no single reality, but that the researcher elicits participants’ views of reality (Bergman, 2012). Qualitative research generally draws on post-positivist or constructivist beliefs.
Qualitative data method was the best option since the study could reveal how organizational culture affects knowledge management within the Medium-Sized Enterprise and how management improves the competitive advantage for the medium-sized enterprise. The study will use qualitative data from the readings, peer reviewed documents, and interviews. According to Mearsheimer & Walt (2013), the qualitative research unlike to quantitative whereby research is used when confirming or testing something such as a theory or hypothesis. The focus and purpose of the study will be to understand and determine the impact of knowledge management strategies among Medium-Sized Enterprises.
Provide a paragraph that describes quantitative research based on the literature.
One of the alternative methodologies that the research may have adopted is quantitative research method. Quantitative research is based on positivist beliefs that there is a singular reality that can be discovered with the appropriate experimental methods (Ormston et al., 2014). However, quantitative method was considered less appropriate for this specific study because no numerical data will not be gathered for this study. factual data was required. Hammarberg et al., (2016) suggest that quantitative research method is appropriate when information such as probability, attitudes, views, beliefs or preferences is required. Quantitative research method can reveal the percentages of target population demographic information such as their distribution by age, marital status, residential area and others. The study will not focus much on statistical or mathematical analysis thus quantitative research was inappropriate. Comment by Dr. Deanna Davis: Please find additional research within the last five years on Quantitative research. Please add another paragraph based in research on this methodology. You can visit the NCU Library. Comment by Dr. Deanna Davis: A questionnaire can do this which can be qualitative.
Research design allows the research to utilize the evidence obtained to effectively address the research problem logically and unambiguously. The study will employ an exploratory case study research design. A case study is a systematic investigation of a particular group, community or unit to generate an in-depth understanding of a complex issue in a real-life context to generalize other units (Njie & Asimiran, 2014). The appropriateness of a case study is based on its ability to provide factual evidence to persuade during the research process (Rhee et al., 2015). In addition, the research design will enhance the understanding of the variables that knowledge management and organizational cultural norms in Medium-Sized Enterprise.
A case study is a research methodology which helps in phenomenon exploration within some particular context through various data sources. Case studies were one of the first types of research to be used in the field of qualitative methodology. Today, they account for a large proportion of the research presented in books and articles in psychology, history, education, and Amedicine. Much of what we know today about the empirical world has been produced by case study research, and many of the most treasured classics in each discipline are case studies (Flyvbjerg, 2011). Comment by Dr. Deanna Davis: According to who?
Exploration Exploratory case study is employed through diversified lenses for the purposes of revealing multiple facets of the study topic. The design is most appropriate when the researcher is interested in obtaining concrete, contextual in-depth awareness about a specific real word subject (Crowe et al., 2011). Case study helps in exploring the key characteristics meanings, and implications of the case. Exploration will therefore be idea for the study as it will allow research to obtain a deep understanding of knowledge management systems used within medium enterprises. This will facilitate making of elaborate recommendations and conclusion for the research. Comment by Dr. Deanna Davis: Exploratory case study. Please do not use exploration.
Ethnography is a qualitative research methodology whereby researchers are allowed to interact with observers or participants who are taking part in the study in their real-life experience (Parker & Silva, 2013). Ethnography is a methodology which largely, though not exclusively, employs qualitative methods. This research methodology has distinctive approach over and above the particular methods it employs, which could be useful in process evaluations to explore the detail of how complex interventions operate (Jayathilaka, 2021). Through anthropology, the method was popularized. This type of qualitative research is inappropriate for this study since it is time consuming and also demands for a well-trained researcher given that it takes a lot of time for trust to be built with the informants so that the discourse could be honest and fully accounted for. Comment by Dr. Deanna Davis: All research is time consuming. This is not an appropriate reason for ethnography being inappropriate for your study.
Phenomenological research is a qualitative research approach that helps in describing the lived experiences of an individual. The phenomenological method focuses on studying the phenomena that has impacted an individual (Aydoğdu & Yüksel, 2019). This approach highlights the specifics and identifies a phenomenon as perceived by an individual in a situation. Phenomenology can also be used to study the commonality in the behaviors of a group of people (Ravi, 2022). The study focuses on knowledge management strategies rather than individual’s making phenomenological research, given that this methodology has got various challenges with interpretation and analysis, due to the low levels of reliability and validity. Comment by Dr. Deanna Davis: This is inaccurate. Phenomenology focused on the lived experience of the participant and not a group of people. Please research Phenomenology.
A set of systematic inductive methods for methods to perform qualitative research aimed at theory theoretical development is referred to as a grounded theory (Leung, 2015). This method is made of flexible strategies that enhance the inquiry process which aims at establishing theories linking the data collected with applicable theories. One significant aspect that ought to be stressed is that inductive approach does not imply disregarding theories when formulating research questions and objectives. This approach aims to generate meanings from the data set collected in order to identify patterns and relationships to build a theory (O’Kane et al., 2019). However, the inductive approach does not prevent the researcher from using existing theory to formulate the research question to be explored. The methodology is less appropriate in comparison with a case study, because grounded theory method often tends to generate very large amounts of data, making it very complex to manage and come up with the required solution. Comment by Dr. Deanna Davis: You have to write in an academic manner and not a conversational research paper.
Narrative inquiry research design records the experiences of an individual or small group, revealing the lived experience or particular perspective of that individual, usually primarily through interview which is then recorded and ordered into a chronological narrative. Narrative inquiry uses stories to understand social patterns. Stories from the participants and stories created by researchers from information they gather from participants are at the heart of narrative inquiry. Often recorded as biography, life history or in the case of older/ancient traditional story recording – oral history. This method is not appropriate for the research as like phenomenological research design, the focus is on individuals rather than strategies. Another reason is for not using this method is that the place of stories is limited in the loves of people, as well as in the political and social world, which makes this method likely to divert the research from addressing ore intractable and deeper significant concerns. Comment by Dr. Deanna Davis: You have not provided any citations in this entire paragraph.
Population and Sample
Describe the population, including the estimated size and relevant characteristics. NOT MEt
Explain why the population is appropriate, given the study problem, purpose, and research questions. NOT MET
Describe the sample that will be (proposal) or was (manuscript) obtained. NOT MET
Explain why the sample is appropriate, given the study problem, purpose, and research questions. NOT MET
Explain the type of sampling used and why it is appropriate for the dissertation proposal methodology and design. For qualitative studies, evidence must be presented that saturation will be (proposal) or was (manuscript) reached. For quantitative studies, a power analysis must be reported to include the parameters (e.g., effect size, alpha, beta, and number of groups) included, and evidence must be presented that the minimum required sample size will be (proposal) or was (manuscript) reached. NOT MET
Describe how the participants will be (proposal) or were (manuscript) recruited (e.g., email lists from professional organizations, flyers) and/or the data will be (proposal) or were (manuscript) obtained (e.g., archived data, public records) with sufficient detail so the study could be replicated. NOT MET
According to the Organization for Economic Cooperation and Development, most countries define a small business as one with 50 or fewer employees, and a mid-size business as one with between 50 and 250 employees (The Ohio State University National Center, 2015). The Ohio State University’s National Center for the Middle Market defines a mid-size company as one with average annual revenue – not profit, but revenue – of between $10 million and $1 billion. As of 2018, the center estimated that about 200,000 U.S. companies met that definition, making them mid-size companies. The National Center for the Middle Market calculates that mid-size companies account for about one-third of private-sector gross domestic product (The Ohio State University National Center, 2015). Mid-size company income increased almost eight percent in 2017, with seventy-nine percent of companies reporting an increase over the prior year. Even during the financial crisis of last decade, mid-size companies outperformed other sectors by adding over two million jobs.
Ohio State University’s National Center for the Middle Market is one of the leading sources of research on issues of interest to mid-size companies in the United States. The center defines a mid-size company as one with average annual revenue – not profit, but revenue – of between $10 million and $1 billion. As of 2018, the center estimated that about 200,000 U.S. companies met that definition, making them mid-size companies. According to the Organization for Economic Cooperation and Development (2018), most countries define a small business as one with 50 or fewer employees, and a mid-size business as one with between 50 and 250 employees.
The research focuses on medium –sized IT companies located in the northeastern part of the United States. The population will comprise of a medium-sized information Technology Company located in the northeastern part of the United States. The population is therefore appropriate as the research is on such companies. The medium –sized IT companies in the northeastern part of the United States will give a true picture on how these companies can use knowledge management strategies to gain competitive advantage and maybe transition to large size companies. Comment by Dr. Deanna Davis: How many companies fit this criteria in the midwest?
A sample is a smaller group or sub-group obtained from the accessible population (Anokye, 2020). This subgroup is carefully selected so as to be representative of the whole population with the relevant characteristics. Sampling is a procedure, process or technique of choosing a sub-group from a population to participate in the study (Anokye, 2020). A sample of 26 participants will be recruited from the target population to participate in the study because a number slightly above half the population will yield comprehensive results. The type of sampling used is purposive sample, which entails selecting participants within the larger sampling frame since these population has got the right attributes desired by the researcher, making the type of sampling effective (Serra et al., 2018). The sampling entails first of all setting aside the kind of characteristics desired among relevant participants that requires examination associated with the topic of the research, knowledge based, in order to come up with only those that fully cover the range of characteristics required (Etikan, 2016). Purposive sampling often used in qualitative research, where the researcher wants to gain detailed knowledge about a specific phenomenon rather than make statistical inferences, or where the population is very small and specific. Recruitment shall be done through face-to-face contact, which entails providing the potential participants with a clear understanding through explanation about what their contribution in the research entails, as well as an explanation of what the general research project involves. This sample as mentioned above involves a group of people chosen from the larger population, as a representation of the population for easier generalizing of the outcomes acquired from the research (Wu et al., 2016). The sample is appropriate since it belongs to the target population and thus the findings reflect that of the entire population. Comment by Dr. Deanna Davis: What is your eligibility criteria? Comment by Dr. Deanna Davis: How will you recruit participants? Where will you recruit participants?
Materials or Instruments
The research instruments used to collect data from the research participants will include individual in-person and video-conferencing interviews (Khalil & Cowie, 2020). The interviews will take approximately thirty to forty-five minutes. Interviews will be conducted for data collection purposes. During the interviews, the researcher will describe the purpose of the research and inform the participants that they can stop the interview process. The qualitative data collected for this study will be analyzed using descriptive analysis.
An interview guide will be used to structure the way to conduct the research interviews (Ahmad, 2020). This will help the researcher to know what to ask about and in what order and it ensures a candidate experience that is the same for all applicants. The guide will compose of seven elements thus ensuring conclusiveness of the data collection process (Ahmad, 2020). These elements consist of the invitation & briefing, setting the stage, welcome, questions, candidates’ questions, wrap-up and scoring.
The interview questions will be divided into three sections covering general, body and conclusion (Oprit-Maftei, 2019). Under general section, the interview will have five questions in relation to the organizational structure and trajectory over the last two years. Answers to questions under this section will help the researcher get to know how different companies have been fairing and their structural set up (Roberts, 2020). The body will cover seven questions in relation to the existing knowledge management strategies and how the enterprise has incorporated the same to its operations. The answers under this section will be key in establishing which knowledge management strategies different companies have put in place. The conclusion part will have three questions to establish the participants own view of the strategy employed by the respective enterprise (Gilbert et al., 2018). The answers under conclusion section of the interview will allows the research get individual’s perspective on the different knowledge management strategies used by the companies they work for. This cumulatively will give a total of fifteen questions for the interview.
Throughout the interview, the questions will be distributed to open -ended, and semi-structured questions (Walker, 2019). The interview questions will consist of only open-ended questions as they will seek to get participants direct response on the question being asked. The body will be made up of a mixture of closed and open-ended questions. Under this section, the researcher will seek to quickly gain basic information on the strategy being used by the enterprise and the participants understanding of the same.
Data Analysis
· The data analysis strategies used to code data includes
· Thematic analysis- The method will be used to analyze qualitative information details that involve searching along specific data samples like the location of most of the SMEs geographically and what reasons lie behind their existence in such areas. The method will be useful when describing and interpreting data and coming up with themes.
· Qualitative content analysis- This method will be used to gather structure and interpret data in a manner that will be easier to understand. The method is good for non-numerical and unstructured data processing.
· Narrative analysis- Narrative analysis will be also applied in analyzing the different clusters of interpreting visual and text that are verbal.
The software used in analyzing the research data is Nvivo and SPSS software’s
During the data analysis, the qualitative data was coded with numbers that could easily be analyzed. For example, the questionnaires that participants were formulated and given choices where participants would only pick one choice from 1 to 4. These choices were qualitative but once the correct choice was picked, the ending information was numerically registered as to how many participants picked what choice. These choices were then quantified and easily tabled and later graphed into Instagram and scatter diagrams.
The researcher played a major role in formulating the questionnaires and ensuring the questions had choices to pick. The next step the researcher did was to distribute the questionnaires to the sample population of SMEs owners and other relevant participants. The researcher would then inform them to pick a choice from 1 to 4 that best answered a certain question. The last thing the researcher did was to convert this feedback and analyze them using SPSS and Nvivo software’s.
Understanding the NVivo software and how to use it in data analysis.
a) Stage one: I would review my research questions for research questionnaires to ensure they reflect the kind of parameters I am looking for during the research.
b) Stage two: I would go through several summary memos and transcripts that have been formulated before by other researchers to ensure I assimilate to the same when preparing my research questions
c) Stage three: I would create a research journal and thereafter develop my coding techniques
d) Stage five: I would then code the main topic areas and themes of my research
Nvivo software is a programming software applied in mixed method and qualitative research. Basically, it is used in analyzing unstructured audio, text and imaging data. It can also be used to capture social media, journal articles, focus groups and interviews. NVivo is a software program used for qualitative and mixed-methods research. Specifically, it is used for the analysis of unstructured text, audio, video, and image data, including (but not limited to) interviews, focus groups, surveys, social media, and journal articles. It is produced by QSR International
Research coding: Research coding is the manner in which qualitative data is organized and labeled to examine the relationships and different themes that exist among them. The coding comes into two main categories namely the manual coding and automated coding techniques. I would use coding research method when finding concepts and themes which are part of thematic analysis. I would analyze sentences and word structures using thematic analysis to best differentiate the different themes as portrayed by the data
Triangulation: Is the measurement and tracing of a sequence of triangles in efforts to find out the relative position points and distances covered over a certain area. The technique is done by deducing the lengths and sides of one area then observing it from a point of perspective or rather from a baseline point.
Member checking: This is a technique also known as respondent or participant validation. Member checking is a criteria used when exploring the reliability and authenticity of results. This is where the results found are returned back to the participants to check for their resonance and accuracy as it is one of validation techniques used by the researchers.
The collected data will be checked for completeness, coded and captured into Microsoft Excel and NVivo software for analysis. Descriptive statistics to use will include tables, frequencies, weighted mean, and percentages. They will be used to describe the basic features of the data in a study. They provide simple summaries about the sample and the measures. Together with simple graphics analysis, they form the basis of virtually every quantitative analysis of data.
Assumptions are things that researchers and peers who read the dissertation or thesis accept as true or at least reasonable. To understand the study’s findings, it is crucial to know what assumptions and restrictions were used. The decisions researchers make in relation to the research methods have a direct impact on the conclusion and recommendation made at the end of the research. By adopting qualitative research, reality is structured and understood in a particular way. This research relies heavily on the premise of honesty and truthfulness on participants. For instance in this study, an assumption is that the participants will give a true and fair views of their business performance, challenges and future plans. The assumptions is that such views cannot be quantified or analyzed apart from just a general observation by the researcher and see if the feedback reflects the physical outlook of the enterprises. In some scenario, comments by the participants then the researcher can only ask for further verbal clarification which cannot be quantified. When applying the assumption techniques, the content assumed is reasoned to be cross cutting to most of the people that would come across the documentation. For instance, when conducting a qualitative research, an assumption can be that people will assume someone is a nerd if he were glasses but the reality could be different and the person may turn out to be an average person and not as witty as it is depicted by the way of wearing glasses.
Some significant implications will be drawn from this research. Future research may look at the limits of this method. Control factors such as firm size, industry type, process type and technology type will not be considered in this study’s initial restriction. The use of such control variables will have influenced the findings. A second focus is on the influence of knowledge management and product management on organizational performance as measured at the individual level. Organizations, on the other hand, encourage their workers to collaborate.
The study’s findings will have significant ramifications for the suggested paradigm; however, future research may address several limitations. The link between knowledge management and product management will not be considered in the study’s suggested model. Product managers will need to have access to a wealth of knowledge to be successful. Organizations operating in circumstances that demand rapid innovation will benefit greatly from product management efforts that include knowledge management (Hassan, & Raziq, 2019). The product management operations will be centered upon using, creating, and managing knowledge. Researchers should use various data gathering methods and provide specifics on the kind of questionnaires and interview questions they intend to utilize to ensure that any ambiguity is removed.
However, the study’s delimitations is a major concern, the number of organizations participating in the study would have appreciated information that is quantified to help them in making informed financial choices upon data analysis of their financial trends an d future projections.
An IRB approved consent letter will be provided to all participants to ensure confidentiality, a complete explanation of the study goal, and the voluntary nature of participation to prevent any ethical difficulties. While the participants will be adults, the researcher will prepare the following materials for the IRB application; CITI certificate, eligibility criteria, recruitment materials, consent letter, readability report and data collection instruments. To participate in the interviews, each respondent must first consent to be included. There will be no physical or psychological damage inflicted on the respondents or the research assistants during the study. All data will be stored in a secured file to safeguard the privacy and confidentiality of the information for three years. Each participant will be recorded in a pseudonym to enhance privacy and data protection. While the data will be stored in folders, such folders will be password protected in addition to each of the files in the folder having a unique password.
This study looks at organizational culture norms that promote investment in knowledge management strategies in Medium-Sized Enterprises. This research aims to systematically manage Medium-Sized Enterprise knowledge assets to meet strategic and tactical requirements and create value for the organization. Researchers want to look at how well-managed procedures and the generation of fresh ideas help SMEs transform into successful Multinational business enterprises
The study will be a qualitative research, which will use interviews to collect data from the participants. The researcher will use purposive sampling to identify the population sample to use in the study. Individual in-person and video-conferencing interviews will be the main research instruments as they will give the researcher more information on the study. Data will be analyzed using Microsoft Excel and NVivo software. Both tools will allow the research to deduce different descriptive statistics which will be key in making the study conclusion and recommendations as per the results
Some of the data analysis methodologies used to code data are, thematic analysis used to study qualitative data details that entail searching alongside specific data samples such as the geographical location of most SMEs and the reasons for their occurrence in such locations. When describing and understanding data, as well as coming up with themes, the process will be useful. Secondly is qualitative content analysis used to organize and evaluate data in a more understandable manner. The approach works well with non-numerical and unstructured information. Thirdly, is narrative analysis used to analyze the various clusters of visual and verbal text interpretation.
Chapter 4: Findings
This chapter outlines analysis of research data, research findings and finding discussions. The findings were evaluated according to research objectives and methodology to ensure that research questions are answered. The findings contain results related to demographic characteristics, descriptive analysis and inferential statistics. The study was carried out in the three universities based on the defined criteria in the methodology where lecturers, students and e-learning administrators were requested to provide their views & perception regarding management of cyber security on e-learning platforms.
Reliability of the Data
The Knowledge management (KM) strategies were evaluated and categorized by six criteria: KM objectives, processes, problems, content, strategy, and type of knowledge. The purpose was to find similarities among the sample units. Size, industry, and background information of the company, globalization (national, international), knowledge intensity of the industry, products, business processes, importance of innovation, and main audience of the KM initiative (business unit or whole organization) were also taken into account. Thus, the success of the knowledge management strategies was assessed using two criteria referring to organizational impact:
i. Was the identified problem resolved by the KM initiative (i.e. usefulness of knowledge management strategies)?
ii. Can the companies report monetary or non-monetary success stories (i.e. business performance)?
Results
The cases show that knowledge management (KM) strategies do not necessarily apply to the whole organization.
Almost half of the cases supported business units or departments within an organization.
Thus, we considered the business strategy of the company if the KM strategies applies to the whole company and we considered the business strategy of the unit if the KM initiative applies to a business unit. For example, we examined the KM strategies in the audit department of company D. The success of the department is based on the quality and the number of audit reports created by the department. The department delivers the reports directly to the executive board. Thus, its business strategy is to deliver fast and reliable reports to the executives and the goal is to make the audit process as efficient as possible.
The KM strategies can be categorized into four combinations of business strategy and KM strategy:
i. Codification and efficiency
ii. Efficiency and personalization.
iii. Innovation and codification.
iv. Innovation and personalization.
Research Question 1
How does organizational culture affect knowledge management within the Medium-Sized Enterprise?
Conversely, companies who use knowledge management in order to improve the efficiency of operational processes use databases and information systems to disseminate ‘‘best practices’’ independently from the ‘‘human knowledge carrier’’.
Research Question 2
How does investment in knowledge management improve the competitive advantage for the Medium-Sized Enterprise?
The efficiency strategy relies primarily on the re-use of existing knowledge. It is not necessary to bring people together to share their knowledge directly and combine that knowledge by dialogue in order to create new knowledge.
Evaluation of the Findings
The analysis supported the relationship between business strategy and primary KM strategy. It also showed that some companies deploy both approaches – codification and personalization – within the same KM initiative. This supports propositions that codification and personalization are not two extremes but rather dimensions that can be combined. For example, some KM initiatives with the objective to improve process efficiency mainly relied on the codification strategy and also used instruments like discussions forums or newsgroups to give their employees the opportunity to exchange knowledge and best practices directly.
The case studies did not clearly indicate a higher level of success for the companies that used both approaches. But it can be assumed that a sole reliance on one strategy may be too one-sided, e.g. a sole concentration on codification and reuse of knowledge may not be enough to face the dynamic and turbulence of the market. On the other side, bringing people together does not necessarily lead to innovation if the knowledge is not exploited. We argued that the fit between efficiency and codification on the one side and innovation and personalization on the other side enhances the level of success of a KM initiative. However, it is not clear whether the combination of efficiency and personalization or innovation and codification necessarily lead to less performance of the organization in the long run.
Summary
The findings strongly suggest a relationship between the success of KM in terms of improving business performance of the organization or business unit respectively and the alignment of KM strategy and business strategy. The findings show a matching fit between KM strategy and business strategy. An organization whose business strategy requires efficiency of processes should rely primarily on a codification strategy. An organization whose business strategy requires product or process innovation should rely primarily on a personalization strategy. In addition, the KM initiative should support the objective of the business strategy. For the audit department of Company D, it was important to improve the quality and number of audits. It would have been less important for example to improve the process efficiency for booking flights for the auditors. The KM initiative did support the strategy that added the most value to the department. These findings can also be explained by organizational information processing theory that explains the need for processing information in order to reduce uncertainty and equivocality. Uncertainty deals with the problem of absence of information whereas equivocality means ambiguity and the existence of multiple and conflicting interpretations. Organizations that focus on innovations face high equivocality and need communication channels with high media richness such as face-to-face. Organizations with a focus on efficiency may face less equivocality and codification of knowledge is thus adequate for them.
Ahmad, F. (2020). Using video-conferencing for observations and interviews: Gathering data from ‘home’ while studying in New Zealand. Waikato Journal Of Education, 25, 109-117. https://doi.org/10.15663/wje.v25i0.758
Aithal, P. S. (2017). ABCD Analysis as Research Methodology in Company Case Studies. International Journal of Management, Technology, and Social Sciences (IJMTS), 2(2), 40-54.
Abbott, ML. & McKinney, J. (2012). Understanding and Applying Research Design. Hoboken, NJ: John Wiley & Sons.
Asada, A., Basheerb, M. F., Irfanc, M., Jiangd, J., & Tahir, R. (2020). Open-Innovation and knowledge management in Small and Medium-Sized Enterprises (SMEs): The role of external knowledge and internal innovation. Revista Argentina de Clínica Psicológica, 29(4), 80-90.
Aspers, P., Corte, U. What is Qualitative in Qualitative Research. Qual Sociol 42, 139–160 (2019). https://doi.org/10.1007/s11133-019-9413-7
Aydoğdu, B., & Yüksel, M. (2019). Psychological Problems and Needs of Deaf Adolescents: A Phenomenological Research. Journal Of Qualitative Research In Education, 7(3), 1-18. https://doi.org/10.14689/issn.2148-624.1.7c.3s.7m
Bergman E., et al (2012). A guide to research paradigms relevant to medical education. Academic Medication Journal.
Bergold, J., & Thomas, S. (2012). Participatory research methods: A methodological approach in motion. Historical Social Research 191-222.
Chen, D. N., Liang, T. P., & Lin, B. (2010). An ecological model for organizational knowledge management. Journal of Computer Information Systems, 50(3), 11-22.
Cronje, J. (2020). Designing Questions for Research Design and Design Research in eLearning. Electronic Journal Of E-Learning, 18(1). https://doi.org/10.34190/ejel.20.18.1.002
Crowe, S., Cresswell, K., Robertson, A. et al. The case study approach. BMC Med Res Methodol 11, 100 (2011). https://doi.org/10.1186/1471-2288-11-100
Davenport, H. T., DeLong, D. W., & Beers, M. (2008). Successful knowledge management projects. Sloan Management Review, 39(2), 43-57.
Desouza, K. C., & Vanapalli, G. K. (2015). Securing knowledge in organizations. In K. C. Desouza (Ed.), New frontiers of knowledge management (pp. 76-98). NY: Palgrave/Macmillan.
Dierkes, M. (2011). Visions, technology, and organizational knowledge: An analysis of the interplay between enabling factors and triggers of knowledge generation. In J. de la Mothe & D. Foray (Eds.), Knowledge management in the innovation process (pp. 9-42). Boston, MA: Kluwer Academic Publishers.
Etikan, I. (2016). Comparison of Convenience Sampling and Purposive Sampling. American Journal Of Theoretical And Applied Statistics, 5(1), 1. https://doi.org/10.11648/j.ajtas.20160501.11
Gilbert, B., Meister, A., & Durham, C. (2018). RETRACTED: Escaping the Traditional Interview Approach: A Pilot Study of an Alternative Interview Process. Hospital Pharmacy, 54(1), NP2-NP4. https://doi.org/10.1177/0018578718758970
Gold, A. H., Malhotra, A., & Sedars, A. H. (2011). Knowledge management: An organizational capabilities perspective. Journal of Management Information Systems, 18(1), 185-214.
Goldschmidt, G., & Matthews, B. (2022). Formulating design research questions: A framework. Design Studies, 78, 101062. https://doi.org/10.1016/j.destud.2021.101062
Golinska-Dawson, P., Werner-Lewandowska, K., & Kosacka-Olejnik, M. (2021). Responsible Resource Management in Remanufacturing—Framework for Qualitative Assessment in Small and Medium-Sized Enterprises. Resources, 10(2), 19. https://doi.org/10.3390/resources10020019
Grimsdottir, E., & Edvardsson, I. R. (2018). Knowledge management, knowledge creation, and open innovation in Icelandic SMEs. Sage Open, 8(4), 2158244018807320.
Hamel, G. (1991). Competition for competence and inter-partner learning within international strategic alliances. Strategic Management Journal, 12(4), 83-103.
Hammarberg, K., Kirkman, M., & de Lacey, S. (2016). Qualitative research methods: when to use them and how to judge them. Human reproduction, 31(3), 498-501.
Hassan, N., & Raziq, A. (2019). Effects of knowledge management practices on innovation in SMEs. Management Science Letters, 9(7), 997-1008.
Hussain, I., Mujtaba, G., Shaheen, I., Akram, S., & Arshad, A. (2020). An empirical investigation of knowledge management, organizational innovation, organizational learning, and organizational culture: Examining a moderated mediation model of social media technologies. Journal of Public Affairs, e2575.
Jayathilaka, A. (2021). Ethnography and Organizational Ethnography: Research Methodology. Open Journal Of Business And Management, 09(01), 91-102. https://doi.org/10.4236/ojbm.2021.91005
Jones, A., & Shideh, R. (2020). The Significance of Knowledge Management in the Knowledge Economy of the 21st Century. Significance, 13(3). Page numbers?
Kermally, S. (2002). Effective knowledge management: A best practice blueprint. New York, NY: Jon Wiley & Sons.
Lam, W. (2005). Successful knowledge management requires a knowledge culture: A case study. Knowledge Management Research and Practice, 3(4), 206-217.
Leung, L. (2015). Validity, reliability, and generalizability in qualitative research. Journal of family medicine and primary care, 4(3), 324.The article was only one page?
Li, H., Chai, J., Qian, Z., & Chen, H. (2022). Cooperation strategies when leading firms compete with small and medium-sized enterprises in a potentially competitive market. Journal Of Management Science And Engineering. https://doi.org/10.1016/j.jmse.2022.02.003
Lichtman, M. (2013). Qualitative research for the social sciences. SAGE publications.
Martins, V. W. B., Rampasso, I. S., Anholon, R., Quelhas, O. L. G., & Leal Filho, W. (2019). Knowledge management in the context of sustainability: Literature review and opportunities for future research. Journal of cleaner production, 229, 489-500.
Maxwell, J. A. (2012). Qualitative research design: An interactive approach. Sage publications.
Mazorodze, A. H., & Buckley, S. (2019). Knowledge management in knowledge-intensive organizations: Understanding its benefits, processes, infrastructure and barriers. South African Journal of Information Management, 21(1), 1-6.
Mearsheimer, J. J., & Walt, S. M. (2013). Leaving theory behind: Why simplistic hypothesis testing is bad for International Relations. European Journal of International Relations, 19(3), 427-457.
Mohajan, H. K. (2018). Qualitative research methodology in social sciences and related subjects. Journal of Economic Development, Environment and People, 7(1), 23-48.
Mustafa, M., & Elliott, C. (2019). The curious case of human resource development in family‐small‐to‐medium sized enterprises. Human Resource Development Quarterly, 30(3), 281-290. https://doi.org/10.1002/hrdq.21370
Njie, B., & Asimiran, S. (2014). Case study as a choice in qualitative methodology. Journal of Research & Method in Education, 4(3), 35-40.
Nonaka, I., & Takeuchi, H. (2015). The knowledge creating company. New York: Oxford University Press.
Oprit-Maftei, C. (2019). Developing Interview Skills in English: How to Handle Interview Questions. International Multidisciplinary Scientific Conference On The Dialogue Between Sciences &Amp; Arts, Religion &Amp; Education, 3(1), 279-2284. https://doi.org/10.26520/mcdsare.2019.3.279-284
Ormston, R., Spencer, L., Barnard, M., & Snape, D. (2014). The foundations of qualitative research. Qualitative research practice: A guide for social science students and researchers, 2(7), 52-55.
Parker Webster, J., & Marques da Silva, S. (2013). Doing educational ethnography in an online world: methodological challenges, choices and innovations. Ethnography and Education, 8(2), 123-130.
Przysucha, Ł. (2017, August). Knowledge management in corporations–synergy between people and technology. Barriers and benefits of implementation. In IFIP International Workshop on Artificial Intelligence for Knowledge Management (pp. 1-11). Springer, Cham.
Raudeliūnienė, J., Davidavičienė, V., & Jakubavičius, A. (2018). Knowledge management process model. Entrepreneurship and Sustainability Issues, 5 (3), 542-554.
Ravi. (2022). Phenomenological Research: Methods And Examples. Harappa. Retrieved 28 May 2022, from https://harappa.education/harappa-diaries/phenomenological-research/.
Roberts, R. (2020). Qualitative Interview Questions: Guidance for Novice Researchers. The Qualitative Report. https://doi.org/10.46743/2160-3715/2020.4640
Schröpfer, V. L. M., Tah, J., & Kurul, E. (2017). Mapping the knowledge flow in sustainable construction project teams using social network analysis. Engineering, Construction and Architectural Management.
Seagren, A. T., Creswell, J. W., & Wheeler, D. W. (2013). The department chair: New roles, responsibilities, and challenges (Higher Education Report No. 1). Washington, DC: ASHE-ERIC.
Serra, M., Psarra, S., & O’Brien, J. (2018). Social and Physical Characterization of Urban Contexts: Techniques and Methods for Quantification, Classification and Purposive Sampling. Urban Planning, 3(1), 58-74. https://doi.org/10.17645/up.v3i1.1269
Skyrme, D. J. (2009). Knowledge networking: Creating the collaborative enterprise. Woburn, MA: PlantATree.
Syed, M., & McLean, K. (2022). Disentangling paradigm and method can help bring qualitative research to post-positivist psychology and address the generalizability crisis. Behavioral and Brain Sciences, 45. https://doi.org/10.1017/s0140525x21000431
Trice, H. M., & Beyer, J. M. (2013). The cultures of work organizations. Englewood Cliffs, NJ: Prentice Hall.
Walker, S. (2011). The interview process and beyond. The Bottom Line, 24(1), 41-45. https://doi.org/10.1108/08880451111142042
Wang, S., & Wang, H. (2020). Big data for small and medium-sized enterprises (SME): a knowledge management model. Journal of Knowledge Management.
Wei, Y., & Miraglia, S. (2017). Organizational culture and knowledge transfer in project-based organizations: Theoretical insights from a Chinese construction firm. International Journal of Project Management, 35(4), 571-585.
Wu, C., Shu, M., & Liu, S. (2016). A Situationally Sample-Size-Adjusted Sampling Scheme Based on Process Yield Verification. Quality and Reliability Engineering International, 33(1), 57-69. https://doi.org/10.1002/qre.1990
Yekkeh, H., Jafari, S. M., Mahmoudi, S. M., & ShamiZanjani, M. (2021). Designing the adaptive fuzzy-neural inference system to measure the benefits of knowledge management in the organization. Iranian Journal of Information processing and Management, 37(1), 288-303
Issue s in Informing Science and Information Technology Volume 6, 2009
Towards a Guide for Novice Researchers on
Research Methodology:
Review and Proposed Methods
Timothy J. Ellis and Yair Levy
Nova Southeastern University
Graduate School of Computer and Information Sciences
Fort Lauderdale, Florida, USA
[email protected], [email protected]
Abstract
The novice researcher, such as the graduate student, can be overwhelmed by the intricacies of the
research methods employed in conducting a scholarly inquiry. As both a consumer and producer
of research, it is essential to have a firm grasp on just what is entailed in producing legitimate,
valid results and conclusions. The very large and growing number of diverse research approaches
in current practice exacerbates this problem. The goal of this review is to provide the novice re-
searcher with a starting point in becoming a more informed consumer and producer of research.
Toward addressing this goa l, a new system for deriving a proposed study type is deve loped. The
PLD model inc ludes the three common drivers for selection of study type : research-worthy prob-
lem (P), valid quality peer-reviewed literature (L), and data (D). The discussion inc ludes a review
of some common research types and concludes with definitions, discussions, and examples of
various fundamentals of research methods such as: a) forming research questions and hypotheses;
b) acknowledging assumptions, limitations, and delimitations; and c) establishing re liability and
validity.
Ke ywords: Research methodology, reliability, va lidity, research questions, problem directed re-
search
Introduction
The novice researcher, such as the graduate student, can be overwhelmed by the intricacies of the
research methods employed in conducting a scholarly inquiry (Leedy & Ormrod, 2005). As both
a consumer and producer of research, it is essential to have a firm grasp on just what is entailed in
produc ing legitimate, valid results and conclusions. The very large and growing number of di-
verse research approaches in current practice exacerbates this problem (Mertler & Vannatta,
2001). The goal of this review is to pro-
vide the novice researcher with a start-
ing point in becoming a more informed
consumer and producer of research in
the form of a lexicon of terms and an
analysis of the underlying constructs
that apply to scholarly enquiry, regard-
less of the specific methods employed.
Scholarly research is, to a very great
extent, characterized by the type of
M aterial p ublished as p art of this p ublication, either on-lin e or
in p rint, is copy righted by the Informing Scien ce Institute.
Permission to make digital or p ap er copy of p art or all of these
works for p ersonal or classroom use is granted without fee
p rovided that the cop ies are not made or distributed for p rofit
or commer cial advantage AND that cop ies 1) bear this notice
in full and 2) give the full citation on the first p age. It is p er-
missible to abstract these works so long as cred it is giv en. To
copy in all other cases or to rep ublish or to p ost on a server or
to redistribute to lists requires sp ecific p ermission and p ay ment
of a fee. Contact [email protected] gScience.or g to request
redistribution p ermission.
Guide for Novice Researchers on Research Methodology
324
study conducted and, by extension, the specific methods employed in conducting that type of
study (Creswell, 2005, p. 61). Novice researchers, however, often mistakenly think that, since
studies are known by how they are conducted, the research process starts with deciding upon just
what type of study to conduct. On the contrary, the type of study one conducts is based upon three
related issues: the problem driving the study, the body of knowledge, and the nature of the data
available to the researcher.
As discussed elsewhere, scholarly research starts with the identification of a tightly focused, lit-
erature supported problem (Ellis & Levy, 2008). The research-worthy problem serves as the point
of departure for the research. The nature of the research problem and the doma in from which it is
drawn serves as a limiting factor on the type of research that can be conducted. Nunamaker,
Chen, and Purdin (1991) noted that “It is clear that some research domains are sufficiently nar-
row that they allow the use of only limited methodologies” (p. 91). The problem also serves as
the guidance system for the study in that the research is, in essence, an attempt to, in some man-
ner, develop at least a partial solution to the research problem. The best design cannot provide
meaning to research and answer the question ‘Why was the study conducted,’ if there is not the
anchor of a clearly identified research problem.
The body of knowledge serves as the foundation upon which the study is built (Levy & Ellis,
2006). The literature also serves to channel the research, in that it indicates the type of study or
studies that are appropriate based upon the nature of the problem driving the study. Likewise, the
literature provides clear guidance on the specific methods to be followed in conducting a study of
a given type. Although origina lity is of great value in scholarly work, it is usually not rewarded
when applied to the research methods. Ignoring the wisdom contained in the existing body of
knowledge can cause the novice researcher, at the least, a great deal of added work establishing
the validity of the study.
From an entirely practical perspective, the nature of the data available to the researcher serves as
a final filter in determining the type of study to conduct. The type of data available should be
considered a necessary, but certainly not sufficient, consideration for selecting research methods.
The data should never supersede the necessity of a research-worthy problem serving as the anchor
and the existing body of knowledge serving as the foundation for the research. The absence of the
ability to gather the necessary data can, however, certainly make a study based upon research
methods directly driven by a well-conceived problem and supported by current literature com-
plete ly futile. Every solid research study must use data in order to validate the proposed theory.
As a result, novice researchers should understand the centrality of access to data for their study
success. Access to data refers to the ability of the researcher to actually collect the desired data
for the study. Without access to data, it is impossible for a researcher to make any meaningful
conclusions on the phenomena. Novice researchers should be aware that their access to data will
also imply what type of methodology they will be using and what type of research, eventually
they will conduct. Figure 1 illustrates the interaction among the research-worthy problem (P), the
existing body of knowledge documented in the peer-reviewed literature (L), and the data avail-
able to the researcher (D). The research-worthy problem (P) serves as the input to the process of
selecting the appropriate type of research to conduct; the valid peer-reviewed literature (L) is the
key funnel that limits the range of applicable research approaches, based on the body of knowl-
edge; the data (D) available to the researcher serves as the final filter used to identify the specific
study type.
The balance of this paper explores the constructs underlying scholarly research in two aspects.
The first section examines some of the types of studies most commonly used in information sys-
tems research. The second section explores vital considerations for research methods that apply
across all study types.
Ellis & Levy
325
Study type
Data available
Valid peer-reviewed
literature
Research-worthy
problem
Figure 1. The PLD Mode l for De riving Study Type
Types of Research
There are a number of different ways to distinguish among types of research. The type of data
available is certainly one vita l aspect (Gay, Mills, & Airasian, 2006; Leedy & Ormrod, 2005);
different research approaches are appropriate for quantitative data – precise, numeric data derived
from a reduced variable – than for qualitative data – complex, multidimensional data derived
from a natural setting. Of equal importance is the nature of the problem be ing addressed by the
research (Isaac & Michael, 1981). Some problems, for example, are relative ly new and require
Table 1: Ke y Categories of Research
Approach Mos t common type of data Stage of proble m Cate gories of
The ory
Experimental Quantitative Evaluation Testing or
revising
Causal-comparative Quantitative Evaluation Testing or
revising
Historical Quantitative or Qualitative Description Testing or
revising
Developmenta l Quantitative and qualitative Description Building or
revising
Correlational
Quantitative Description Testing
Case study Qualitative Exploration Building or
revising
Grounded theory
Qualitative Exploration Building
Ethnography
Qualitative Descriptive Building
Action research Quantitative and qualitative Applied exploration Building or
revising
Guide for Novice Researchers on Research Methodology
326
exploratory types of research, while more mature problems might better be addressed by descrip-
tive or evaluative (hypothesis testing) approaches (Sekaran, 2003). Table 1 presents an overview
of how the research approaches most commonly used in information systems (IS) are categorized.
The subsections following Table 1 briefly explore each of these major research approaches. In
general, research studies can be classified into three categories: theory building, theory testing,
and theory revising. Theory building refers to research studies that aim at building a theory where
no prior solid theory existed to expla in phenomena or specific scenario. Theory testing refers to
research studies that aim at validating (i.e. testing) existing theories in new context. Theory revis-
ing refers to research studies that aim at revising an existing theory.
Experimental
The essence of experimental research is determining if a cause-effect relationship exists between
one factor or set of factors – the independent variable(s) – and a second factor or set of factors –
the dependent variable(s) (Cook & Campbell, 1979). In an experiment, the researcher takes con-
trol of and manipulates the independent variable, usua lly by randomly assigning partic ipants to
two or more different groups that receive different treatments or implementations of the inde-
pendent variable. The experimenter measures and compares the performance of the participants
on the dependent variable to determine if changes in the independent variables are very like ly to
cause similar changes in performance on the dependent variable. In medical settings, this type of
research is very common. However, in many research fields it is somewhat difficult to control all
the variables in the experiments, especially when dealing with research area that is related to or-
ganizations and institutions. For that reason, the use of experiments in IS it is somewhat limited,
and a less restrictive type of experiments is used. Such type is called quasi-experiment (Cook &
Campbell, 1979). Similar to experiments, in quasi-experiments, the research is attempting to de-
termining if a cause-effect relationship exists between one factor or set of factors – the independ-
ent variable(s) – and a second factor or set of factors – the dependent variable(s). However in
quasi-experiments, the researcher is unable to control a ll the variables in the experimentation, but
most variables are controlled.
An example of an experimental study would be research into which of two methods of inputting
text in a personal digita l assistant, soft-key or handwriting recognition, is more accurate. The in-
dependent variable would be method of text input. The dependent variable might be a count of
the number of entry errors, and the comparison based on the mean of the group using the soft-key
method with the mean of the group that used handwriting recognition input. An example of ex-
perimenta l research can be found at Cockburn, Savage, and Wallace (2005).
Causal-Comparative
As with experimental studies, causal-comparative research focuses on determining if a cause-
effect relationship exists between one factor of set of factors – the independent variable(s) – and a
second factor or set of factors – the dependent variable(s). Unlike an experiment, the researcher
does not take control of and manipulate the independent variable in causal-comparative research
but rather observes, measures, and compares the performance on the dependent variable or vari-
ables of subjects in naturally-occurring groupings based on the independent variable.
An example of a causal-comparative study would be research into the impact monetary bonuses
had on knowledge sharing behavior as exhibited by contributions to a company knowledge bank.
The independent variable would be “monetary bonus,” and it might have two levels (i.e. “yes”
and “no”). The dependent variable might be a count of the number of contributions, and the com-
parison based upon an examination of the mean number of knowledge-base contributions made
per employee in companies that provided a monetary bonus versus the mean number of contribu-
tions made per employee in companies that did not provide a bonus. Since the researcher did not
Ellis & Levy
327
assign companies to the “bonus” or “no bonus” categories, this study would be causal compara-
tive , not experimental. An example of causal-comparative research can be found at Becerra-
Fernandez, Zanakis, and Walczak (2002) who deve loped a knowledge discovery technique using
neural network mode ling to classify a country’s investing risk based on a variety of independent
variables.
Case Study
A case study is “an empirica l inquiry that investigates a contemporary phenomenon within its real
life context using multiple sources of evidence” (Noor, 2008, p. 1602). The evidence used in a
case study is typically qualitative in nature and focuses on developing an in-depth rather than
broad, generalizable understanding. Case studies can be used to explore, describe, or explain phe-
nomena by an exhaustive study within its natural setting (Yin, 1984). An example of a case study
can be found in the study by Ramim and Levy (2006) who described the issues related to the im-
pact of an insider’s attack combined with novice management on the survivability of an e-
learning systems of a small university.
Historical
Historical research utilizes interpretation of qua litative data to explain the causes of change
through time. This type of research is based upon the recognition of a historical problem or the
identification of a need for certain historical knowledge and generally enta ils gathering as much
relevant information about the problem or topic as possible. The research usually begins with the
formation of a hypothesis that tentatively explains a suspected relationship between two or more
historical factors and proceeds to a rigorous collection and organization of usua lly qua litative
evidence. The verification of the authentic ity and validity of such evidence, together with its se-
lection, organization, and analysis forms the basis for this type of research. An example of his-
torical research can be found in the study by Grant and Grant (2008) who conducted a study to
test the hypothesis that a new generation in knowledge management was emerging.
Correlational
The primary focus of the correlationa l type of research is to determine the presence and degree of
a relationship between two factors. Although correlationa l studies are in a superficia l way similar
to causal-comparative research – both types of study focus on analyzing quantitative data to de-
termine if a relationship exists between two variables – the difference between the two cannot be
ignored. Unlike causal-comparative research, in correlationa l studies, there is no attempt to de-
termine if a cause-effect relationship exists (variable x causes changes in variable y). The goal for
correlational studies is to determine if a predictive relationship exists (knowing the value of vari-
able x allows one to predict the value of variable y). At a practical level, there is, therefore, no
distinction made between independent and dependent variables in correlationa l research.
An example of a simple correlationa l study would be research into the relationship between age
and willingness to make e-commerce purchases. The two variables of interest would be age and
number of e-commerce purchases made over a given period of time. The comparison would be
based upon an examination of age of each subject in the study and the number of e-commerce
purchases made by that subject. Since the researcher did not control either of the variables or at-
tempt to determine if age caused changes in purchases, just if age could be used to predict behav-
ior, the study would be correlationa l, not experimental or causal-comparative. An example of cor-
relational research can be found in Cohen and Ellis (2003).
Guide for Novice Researchers on Research Methodology
328
Developmental
Developmenta l research attempts to answer the question: How can researchers build a ‘thing’ to
address the problem? It is especially applicable when there is not an adequate solution to even test
for efficacy in addressing the problem and presupposes that researchers don’t even know how to
go about building a solution that can be tested. Developmenta l research generally entails three
major elements:
• Establishing and validating criteria the product must meet
• Following a formalized, accepted process for developing the product
• Subjecting the product to a formalized, accepted process to determine if it satis-
fies the criteria.
An example of developmental research would be Ellis and Hafner (2006) that detailed the devel-
opment of an asynchronous environment for project-based collaborative learning experiences.
Developmenta l research is distinguished from product development by: a focus on complex, in-
novative solutions that have few, if any, accepted design and development princ iples; a compre-
hensive grounding in the literature and theory; empirical testing of product’s practicality and ef-
fectiveness; as well as thorough documentation, analysis, and reflection on processes and out-
comes (van den Akker, Branch, Gustafson, Nieveen, & Plomp, 2000).
Grounded Theory
Grounded Theory is defined as “a systematic, qua litative procedure used to generate theory that
expla ins, at a broad conceptual level, a process, an action, or interaction about substantive topic”
(Creswell, 2005, p. 396). Grounded theory is used when theories currently documented in the lit-
erature fail to adequately expla in the phenomena observed (Leedy & Ormrod, 2005). In such
cases, revisions for existing theory may not be valid as the fundamental assumptions behind such
theories may be flawed given the context or data at hand. Table 2 outlines the three key types of
grounded theory design. According to Creswell, “choosing among the three approaches requires
several considerations” (p. 403). He noted that such considerations depend on the key emphasis
of the study such as: Is the aim of the study to follow given procedures? Is the aim of the aim of
the study to follow predetermined categories? What is the position of the researcher? An example
of Grounded Theory in the context of information systems inc ludes the study by Oliver, Why-
mark, and Romm (2005). Oliver et al. used Grounded Theory to deve lop a conceptual mode l on
enterprise-resources planning (ERP) systems adoption based on the various types of organiza-
tional justifications and reported motives.
Table 2: Types of Grounde d Theory Des ign (Cres we ll, 2005)
Type of Grounde d Theory
Des ign
De finition
Systematic Design “emphasizes the use of data analysis steps of open, axia l, and
selective coding, and the development of a logic paradigm or a
visua l picture of the theory generated” (Creswell, 2005, p. 397)
Emerging Design “letting the theory emerge from the data rather than using spe-
cific, preset categories” (Creswell, 2005, p. 401)
Constructivist Design “focus is on the meanings ascribed by partic ipants in a
study…more interested in the views, values, beliefs, feelings,
assumptions, and ideologies of individuals than in gathering
facts and describing acts” (Creswell, 2005, p. 402)
Ellis & Levy
329
Ethnography
The study of ethnography aims at “a particular person, program, or event in considerable depth.
In an ethnography, the researcher looks at an entire group – more specifica lly, a group that shares
a common culture – in depth” (Leedy & Ormrod, 2005, p. 151). According to Creswell (2005),
ethnographic research deals with an in-depth qua litative investigation of a group that share a
common culture. He indicated that ethnography is best used to explain various issues within a
group of individuals that have been together for a considerable length of time and have, therefore,
developed a common culture. Ethnographic research also provides a chronological collection of
events related to a group of individuals sharing a common culture. Beynon-Davies (1997) out-
lined the use of ethnographic research in the context of system development. He noted that for IS
researchers, ethnographic research may provide value in the area of IS development, specifically
in the process of capturing tacit knowledge during the system development life cycle (SDLC)
(Beynon-Davies). Crabtree (2003) noted that “ethnography is an approach that is increasing inter-
est to the designers of collaborative computing systems. Rejecting the use of theoretical frame-
works and insisting instead on a rigorously descriptive mode of research” (p. ix). However, criti-
cism for Crabtree’s advocacy of ethnography in information systems research was also voiced
(Alexander, 2003).
Action Research
Action research is defined as “a type of research that focuses on finding a solution to a local prob-
lem in a local setting” (Leedy & Ormrod, 2005, p. 114). Action research is unique in the approach
as the researcher himse lf or herself are part of the practitioners group that face the actual problem
the research is trying to address(Creswell, 2005). Additionally, the aim of action research is to
investigate a localized and practical problem. According to DeLuca, Gallivan, and Kock (2008),
there are five key steps in action research including: a) Diagnosing the problem; b) Planning the
action; c) Taking the action; d) Eva luating the results; and e) Specifying lessons learned for the
next cycle. During the course of all give steps of the action research, “researchers and practitio-
ners collaborate during each step” (DeLuca et al., p. 49).
Fundamentals of Research Methods
For each study type there is an accepted methodology documented in texts (Gay et al., 2006;
Isaac & Michael, 1981; Leedy & Ormrod, 2005; Yin, 1984) and exemplified in the literature
(Levy & Ellis, 2006). As a first step in establishing the value of a proposed study, the novice re-
searcher is well advised to close ly follow the template for the study type contained in the text and
mode l her or his research methods after similar studies reported in the literature. Regardless of the
type of study being conducted, there are a number of important factors that must be accommo-
dated in an effective description of the research methods. In brief, the description must provide a
detailed, step-by-step description of how the study will be conducted, answering the vital “who,
what, where, when, why, and how” questions.
1. What is going to be done
2. Who is going to do each thing to be done
3. How will each thing to be done be accomplished
4. When, and in what order, will the things to be accomplished actually be done
5. Where will those things be done
6. Why – supported by the literature – for the answers to the What, Who, How,
When, and Where
Guide for Novice Researchers on Research Methodology
330
A properly developed description of the research methods would allow the reader to actually con-
duct the study being proposed based upon the processes outlined. Included among those processes
are: forming research questions and hypotheses; identifying assumptions, limitations, and de limi-
tations; as well as establishing reliability and validity.
Form Research Questions and Hypotheses
Research questions
Research questions are the essence of most research conducted and acts as the guiding plan for
the investigation (Mertler & Vannatta, 2001). In general, research questions are “specific ques-
tions that researchers seek to answer” (Creswell, 2005, p. 117). According to Maxwell (2005),
“research questions state what you want to learn” (p. 69). A research investigation may have one
or more research questions regardless of the specific type of the research including qua litative,
quantitative, and mixed method types of research. Most quality peer-reviewed studies will have a
specific section that highlights the research questions investigated. In most other published work
that don’t have a specific section that highlights it, the research questions will appear either at the
end of the problem statement or right after the literature review section. Maxwell suggested that a
good research question is one that will point the researcher to the information that will lead
him/her to understand what he/she set forth to investigate. According to Ellis and Levy (2008),
“in order for the research to be at all meaningful, there has to be an identifiable connection be-
tween the answers to the research questions and the research problem inspiring the study” (p. 20).
However, research questions shouldn’t be created in a vacuum, but be strongly influenced by
quality literature is suggesting about the phenomena (Berg, 1998). Moreover, the exact wording
used to note the research questions is vital as the accuracy and appropriateness of the research
question determine the methodology to be used (Mertler & Vannatta, 2001).
The nature of the research questions will be dependent on the type of study being conducted.
Studies based on quantitative data will generally be driven by research questions that are formu-
lated on the confirmatory and predictive nature, while studies based on qualitative data will be
more like ly driven by research questions that are formulated on the exploratory and interpretive
nature.
Examples of quantitative research questions in the context of information systems inc lude :
– To what extent does users’ perceived usefulness increases the odds of their e-commerce
usage?
– Do computer self-efficacy and computer anxiety have a significant difference for males
and females when using e-learning systems?
– What are the contributions of users’ systems trust, deterrent severity, and motivation to
their misuse of biometrics technology?
– To what degree do team communication and team cohesiveness predict productivity of
system development by virtual teams?
Examples of qualitative research questions in the context of information systems include:
– How does training help the implementation success of enterprise-wide information sys-
tems?
– Why do user involvement and user resistance help in the systems’ requirement gathering
process?
What are the systems characteristics that are valuable to users when using e-learning
systems?
– How do e-commerce users define information privacy?
Ellis & Levy
331
Hypotheses
One must keep in mind that “research questions are not the same as research hypotheses”
(Maxwell, 2005, p. 69). In general, a hypothesis can be defined as a “logical supposition, a rea-
sonable guess, an educated conjecture” about some aspect of daily life (Leedy & Ormrod, 2005,
p. 6). In scholarly research, however, hypotheses are more than ‘educated guesses.’ A research
hypothesis is a “prediction or conjecture about the outcome of a relationship among attributes or
characteristics” (Creswell, 2005, p. 117). By convention, research is conservative and assumes
the absence of a relationship among the attributes under consideration; hypotheses, therefore, are
expressed in null terms. For example, if a study were to examine the impact interactive multime-
dia animations have on the average amount of a purchase at an e-commerce site, the hypothesis
would be stated: The average amount of purchase on an e-commerce site enhanced with interac-
tive animations will not be different that the average amount of purchase on the same e-
commerce site that is not enhanced with interactive animations. Not all types of research entail
establishing and testing hypotheses. Research methods based upon quantitative data commonly
test hypotheses; studies based upon qualitative data, on the other hand, explore propositions
(Maxwell).
Unlink hypotheses, propositions do predict a directiona lity for the results. If, for example, one
were to examine consumer reaction to interactive animation on an e-commerce site, one might
investigate the proposition that: Consumers will express a greater feeling of engagement and sat-
isfaction when visiting e-commerce sites enhanced with interactive animations than similar sites
that lack the enhancement.
Acknowledge Assumptions, Limitations, and Delimitations
For any given research investigation there are underlying assumptions, limitations, and de limita-
tions (Creswell, 2005). According to Leedy and Ormrod (2005), assumptions, limitations, and
delimitations are critical components of a viable research proposal; without these considerations
clearly articulated, evaluators may raise some valid questions regarding the credibility of the pro-
posal. The following three sub-sections provide definition and examples for each term.
Assumptions
Assumptions serve as the basic foundation of any proposed research (Leedy & Ormrod, 2005)
and constitute “what the researcher takes for granted. But taking things for granted may cause
much misunderstanding. What [researchers] may tacitly assume, others may never have consid-
ered” (Leedy & Ormrod, p. 62). Moreover, assumptions can be viewed as something the re-
searcher accepts as true without a concrete proof. Essentially, there is no research study without a
basic set of assumptions (Berg, 1998). According to Williams and Colomb (2003), identifying the
assumptions behind a given research proposal is one of the hardest issues to address, especially
for novice researchers. Such difficulties emerge due to the fact that by nature “we all take our
deepest beliefs for granted, rarely questioning them from someone else’s point of view”
(Williams & Colomb, p. 200). It is important for novice researchers to learn how to explic itly
document the ir assumptions in order to ensure that they are aware of those things taken as givens,
rather than trying to hide or smear them from the reader. Explicitly documenting the research as-
sumptions may help reduce misunderstanding and resistance to a proposed research as it demon-
strates that the research proposal has been thoroughly considered (Leedy & Ormrod, 2005).
To identify the assumption behind a proposa l, the researcher must ask himself the following ques-
tion: “what do I believe that my readers must also believe (but may not) before they will think
that my reasons are relevant to my claims?” (Williams & Colomb, p. 200).
Guide for Novice Researchers on Research Methodology
332
Examples of assumptions researchers make include :
– Participants in the study will make a sincere effort to complete the assigned tasks
– The students participating in the Internet-based course have a basic familiarity with the
personal computer and the use of the World Wide Web.
Limitations
Every study has a set of limitations (Leedy & Ormrod, 2005), or “potential weaknesses or prob-
lems with the study identified by the researcher” (Creswell, 2005, p. 198). A limitation is an un-
controllable threat to the internal va lidity of a study. As described in greater detail below, internal
validity refers to the likelihood that the results of the study actually mean what the researcher in-
dicates they mean. Explic itly stating the research limitations is vita l in order to allow other re-
searchers to replicate the study or expand on a study (Creswell, 2005). Additionally, by explicitly
stating the limitations of the research, a researcher can help other researchers “judge to what ex-
tent the findings can or cannot be generalized to other people and situations” (Creswell, 2005, p.
198).
Examples of limitations researchers may have:
– All subjects in the study will be volunteers who may withdraw from the study at any
time. The participants who finish the study might not, therefore, be truly representative of
the population.
– The members of the expert panel that will validate the proficiency survey instrument will
be drawn from the faculty of … and may not truly represent universally accepted expert
opinion.
Delimitations
Delimitations refer to “what the researcher is not going to do” (Leedy & Ormrod, 2005). In schol-
arly research, the goals of the research outlines what the researcher intends to do; without the de-
limitations, the reader will have difficulties in understanding the boundaries of the research. In
order to constrain the scope of the study and make it more manageable, researchers should outline
in the de limitations – the factors, constructs, and/or variables – that were intentiona lly left out of
the study. Delimitations impact the external validity or generalizability of the results of the study.
Examples of delimitations inc lude :
– Participation in the study was delimited to only males aged 25-45 who had made a pur-
chase via the internet within the past 12 months; generalization to other age groups or
females may not be warranted.
– This study examined attrition rates in MBA programs offered in continuing education de-
partments of public colleges and universities; generalization to other educationa l pro-
grams or similar programs offered in private institutions may not be warranted.
Establish Reliability and Validity
Every study must address threats to validity and reliability (Leedy & Ormrod, 2005). Although
the concepts of validity and reliability originally started in quantitative research approaches, in
recent years validity and reliability are being addressed in qualitative and mixed-methods ap-
proaches as well (Berg, 1998; Maxwell, 2005). According to Leedy and Ormrod (2005), “the va-
lidity and reliability of your measurement instruments influences the extent to which you can
learn something about the phenomenon you are studying…and the extent to which you can draw
meaningful conclusions from your data” (p. 31). The following two sections define and outline
Ellis & Levy
333
the key types of validity and reliability re lated to common research investigation. Establishing an
approach following published methods to address validity and reliability issues in a research pro-
posal may drastically increase the overall acceptance of the research proposal.
Reliability
Reliability is defined as “the consistency with which a measuring instrument yie lds a certain re-
sults when the entity be ing measured hasn’t changed” (Leedy & Ormrod, 2005, p. 31). According
to Straub (1989), researchers should try to answer the following question in an attempt to address
reliability; “do measures show stability across the unit of observation? That is, could measure-
ment error be so high as to discredit the findings?” (p. 150). Reliability can be established in four
different ways: equivalency, stability, inter-rater, and interna l consistency (Carmines & Zeller,
1991).
Equivale ncy re liability. Equivalency reliability is concerned with how close ly measurements
taken with one instrument match those taken with a second instrument under similar conditions.
Equiva lency is often used to certify the reliability of a new measurement instrument or procedure
by comparing the results of using that instrument with those obta ined by using established in-
struments or processes. Equiva lency is usua lly established through the use of a statistical correla-
tion (Pearson’s r for linear correlation or Eta for non-linear correlation).
Stability re liability. Stability reliability – also know as test, re-test reliability – is concerned with
how consistent results of measuring with a given instrument or process are over time. Stability is
based on the assumption that, absent some identifiable explanation, the measurement should pro-
duce the same results today as last month and will produce the same results next month. Stability,
like equiva lency, is usually established through the use of a statistical correlation (Pearson’s r for
linear correlation or Eta for non-linear correlation).
Inte r-rate r re liability. Inter-rater reliability focuses on the extent agreement in the results of two
or more individuals using the same measurement instrument or process. As with stability and
equivalency, inter-rater reliability is usua lly established through the use of a statistical correlation
(Pearson’s r for linear correlation or Eta for non-linear correlation).
Inte rnal cons iste ncy. Unlike the previous methods of establishing reliability which were con-
cerned with comparing the results of using an instrument or process with some external standard
(another instrument, the same instrument over time, or the same instrument used by different
people), internal consistence focuses on the level of agreement among the various parts of the
instrument or process in assessing the characteristic being measured. In a 20-question survey
measuring attitude toward knowledge sharing, for example , if the survey is interna lly consistent,
there will be a strong correlation the responses on all 20 questions. Internal consistency is also
measured by statistical correlation, but with the Cronbach α in place of Pearson r.
Validity
Validity refers to a researchers’ ability to “draw meaningful and justifiable inferences from scores
about a sample or population” (Creswell, 2005, p. 600). There are various types of validity asso-
ciated with scholarly research (Cook & Campbell, 1979). Validity of an instrument refers to “the
extent to which the instrument measures what it is supposed to measure” (Leedy & Ormrod,
2005, p. 31). Thus, researchers when designing the ir study, must ask themselves “how might you
be wrong?” (Maxwell, 2005, p. 105). Additionally, the validity of a study “depends on the rela-
tionship of your conclusions to reality” (Maxwell, 2005, p. 105). This section will define and out-
line the key validity issues. The two most common validity issues are internal validity and exter-
nal validity.
Guide for Novice Researchers on Research Methodology
334
Inte rnal validity. Internal validity refers to the “extent to which its design and the data that it
yie lds allow the researcher to draw accurate conclusions about cause-and-effect and other rela-
tionships within the data” (Leedy & Ormrod, 2005, pp. 103-104). According to Straub (1989),
researchers should try to answer the following question in an attempt to address internal va lidity;
“are there untested rival hypotheses for the observed effects?” (p. 150). Generally, establishing
interna l validity requires examining one or more of the following: face validity, criterion va lidity,
construct validity, content validity, or statistical conclusion va lidity.
Face Validity. Face validity is based upon appearance; does the instrument or process seem to
pass the test for reasonableness. Face validity is never sufficient by itself, but an informa l assess-
ment of how well the study appears to be designed is often the first step in establishing its va lid-
ity.
Crite rion Re lated Validity. Also known as instrumental va lidity, criterion related validity is
based upon the premise that processes and instruments used in a study are valid if they paralle l
similar those used previous, validated research. In order to establish criterion re lated validity it is
necessary to draw strong parallels between as many particulars of the validated study – popula-
tion, c ircumstances, instruments used, methods followed – as possible.
Cons truct Validity. Construct validity “is in essence operational issue. It asks whether the meas-
ures chosen are true constructs describing the event or merely artifacts of the methodology itself”
(Straub, 1989, p. 150). According to Straub, researchers should try to answer the following ques-
tion in an attempt to address construct validity; “do measures show stability across methodology?
That is, are the data a reflection of true scores or artifacts of the kind of instrument chosen?” (p.
150).
Conte nt Validity. In survey-based research, the term content validity refers to “the degree to
which items in an instrument reflect the content universe to which the instrument will be general-
ized” (Boudreau, Gefen, & Straub, 2001, p. 5). According to Straub (1989), researchers should
try to answer the following question in an attempt to address content validity; “are instrument
measures drown from all possible measures of the properties under investigation?” (p. 150).
Statis tical Conclus ion Validity. Statistical conc lusion va lidity refers to the “assessment of the
mathematical relationships between variables and the like lihood that this mathematical assess-
ment provides a correct picture of the covariation …(Type I and Type II error)” (Straub, 1989, p.
152). According to Straub, researchers should try to answer the following question in an attempt
to address statistical conc lusion va lidity; “do the variables demonstrate relationships not expla in-
able by chance or some other standard of comparison?” (p. 150).
Exte rnal validity. External validity refers to the “extent to which its results apply to situations
beyond the study itself…the extent to which the conclusions drawn can be generalized to other
contexts” (Leedy & Ormrod, 2005, p. 105). Additionally, external validity addresses the “gener-
alizability of sample results to the population of interest, across different measures, persons, set-
tings, or times. External validity is important to demonstrate that research results are applicable in
natural settings, as contrasted with classroom, laboratory, or survey-response settings” (King &
He, 2005, p. 882).
Summary
One of the major challenges facing the novice researcher is matching the research she or he pro-
poses with a research method that is appropriate and will be accepted by the scholarly commu-
nity. The material presented in this paper is certainly not intended to be the ending point in the
process of establishing the research methods for a given study. The novice researcher is encour-
Ellis & Levy
335
aged, even expected to augment this material by referring to one or more of the texts and research
examples cited.
This paper does present a foundation upon which such a decision can be based on:
1. Developing the PLD, a model for selection of research approach based upon the
problem driving the study, the body of knowledge documented in peer-reviewed lit-
erature, and the data available to the researcher;
2. Identifying, in brief, several of the research approaches commonly used in informa-
tion systems studies;
3. Exploring several of the important terms and constructs that apply to scholarly re-
search, regardless of the specific approach selected.
References
Ale xander, I. (2003). Designing collaborative systems. A practica l guide to ethnography. European Journal
of In formation Systems, 12(3), 247-249.
Becerra-Fe rnandez, I., Zanakis, S. H., & Walc za k, S. (2002). Knowledge discovery techniques for predict-
ing country investment risk. Computers & Industrial Engineering, 43(4), 787-800.
Berg, B. L. (1998). Qualitative research methods for the social sciences (3rd ed.). Boston, MA: Allyn &
Bacon.
Beynon-Davies, P. (1997). Ethnography and information systems development: Ethnography of, for and
within is development. Information and Software Technology, 39(8), 531-540.
Boudreau, M.-C., Gefen, D., & Straub, D. W. (2001). Validation in information systems research: A state-
of-the-art assessment. MIS Quarterly, 25(1), 1-16.
Cockburn, A., Savage, J., & Wallace, A. (2005). Tuning and testing scrolling interfaces that automatically
zoo m. Proceeding of the Computer-Human Interaction 2005 Conference, Portland, Oregon, pp. 71-80.
Cohen, M. S., & Ellis, T. J. (2003). Predictors of success: A longitudinal study of threaded discussion fo-
rums. Proceeding of the Frontiers in Education Conference, Boulder, Colorado, pp. T3F-14–T13F-18.
Cook, T. D., & Ca mpbell, D. T. (1979). Quasi-experimentation: Design & analysis issues from field set-
tings. Boston, MA: Houghton Mifflin Co mpany.
Crabtree, A. (2003). Designing collaborative systems. A practical guide to ethnography. Berlin: Springer-
Verlag.
Creswe ll, J. W. (2005). Educational research: Planning, conducting, and evaluating quantitative and
qualitative research (2nd ed.). Upper Saddle River, NJ: Pearson.
De Luca, D., Ga llivan, M. J., & Kock, N. (2008). Furthering information systems action research: A post-
positivist synthesis of four dia lectics. Journal of the Association for Information Systems, 9(2), 48-72.
Ellis, T. J., & Ha fner, W. (2006). A co mmunicat ion environment for asynchronous collaborative lea rning.
Proceeding of the 37th Hawaii International Conference on System Sciences, Big Island, Hawa ii, pp.
3a-3a.
Ellis, T. J., & Levy, Y. (2008). A fra mework of proble m-based research: A guide for novice researchers on
the development of a research-worthy proble m. In forming Science: The International Journal of an
Emerging Transdiscipline, 11, 17-33. Retrieved fro m http://inform.nu/Artic les/Vol11/ISJv 11p 017-
033Ellis486.pdf
Gay, L. R., Mills, G. E., & Airasian, P. (2006). Educational research: Competencies for analysis and ap-
plications (8th ed.). Upper Saddle River, NJ: Pearson.
Guide for Novice Researchers on Research Methodology
336
Grant, K. A., & Grant, C. T. (2008). Developing a mode l of ne xt generation knowledge manage ment. Is-
sues in Informing Science and Information Technology, 5, 571– 590. Retrieved fro m
http://proceedings.informingscience.org/InSITE2008/IISITv5p571-590Grant532.pdf
Isaac, S., & M ichael, W. B. (1981). Handbook in research and evaluation. San Diego, CA: EdITS publish-
ers.
King, W. R., & He, J. (2005). Externa l validity in IS survey research. Communications of the Association
for In formation Systems, 16, 880-894.
Leedy, P. D., & Ormrod, J. E. (2005). Practical research: Planning and design (8th ed.). Upper Saddle
River, NJ: Prentice Hall.
Levy, Y., & Ellis, T. J. (2006). A systems approach to conduct an effective literature rev iew in support of
informat ion systems research. Informing Science: The International Journal of an Emerging Transdis-
cipline, 9, 181-212. Retrieved fro m http://inform.nu/Artic les/Vol9/ V9p181-212Levy99.pdf
Maxwe ll, J. A. (2005). Qualitative research design: An interactive approach (2nd ed.). Thousand Okas,
CA: Sage Publication.
Mertler, C. A., & Vannatta, R. A. (2001). Advanced and multivariate statistical methods: Practical appli-
cation and interpretation. Los Angeles, CA: Pyrcza k Publishing.
Noor, K. (2008). Case study: A strategic research methodology. American Journal of Applied Sciences,
5(11), 1602-1604.
Nunama ker, J. F., Chen, M., & Purdin, T. D. M. (1991). Systems development in information systems re-
search. Journal of Management Information Systems, 7(3), 89-106.
Oliver, D., Why mark, G., & Ro mm, C. (2005). Researching ERP adoption: An internet-based grounded
theory approach. Online Information Review, 29(6), 585-604.
Ra mim, M. M ., & Levy, Y. (2006). Securing e-lea rning systems: A case of insider cyber attacks and novice
IT manage ment in a s ma ll university. Journal of Cases on Information Technology, 8(4), 24-35.
Sekaran, U. (2003). Research methods for business (4th ed.). Hoboken, NJ: John Wiley & Sons.
Straub, D. W. (1989). Va lidating instruments in MIS research. MIS Quarterly, 13(2), 147-170.
van den Akker, J., Branch, R. M., Gustafson, K., Nieveen, N., & Plo mp, T. (2000). Design approaches and
tools in education. Norwell, MA: Kluwer Academic Publishers.
Willia ms, J. M ., & Colo mb, G. G. (2003). The craft o f argument (2nd ed.). Ne w Yo rk: Long man Publish-
ers.
Yin, R. K. (1984). Case study research: Design and methods. Ne wbury Park, CA : Sage Publicat ion.
Biographies
Dr. Timothy Ellis obtained a B.S. degree in History from Bradley
University, an M.A. in Rehabilitation Counseling from Southern Illinois
University, a C.A.G.S. in Rehabilitation Administration from North-
eastern University, and a Ph.D. in Computing Technology in Education
from Nova Southeastern University. He joined NSU as Assistant Pro-
fessor in 1999 and currently teaches computer technology courses at
both the Masters and Ph.D. level in the School of Computer and Infor-
mation Sciences. Prior to joining NSU, he was on the faculty at Fisher
College in the Computer Technology department and, prior to that, was
a Systems Engineer for Tandy Business Products. His research interests
inc lude: multimedia, distance education, and adult learning. He has
published in several technical and educational journals inc luding
Catalyst, Journa l of Instructional Delivery Systems, and Journal of Instructiona l Multimedia and
Ellis & Levy
337
Hypermedia. His email address is [email protected] His main website is located at
http://www.scis.nova.edu/~ellist/
Dr. Yair Levy is an associate professor at the Graduate School of
Computer and Information Sc iences at Nova Southeastern University.
During the mid to late 1990s, he assisted NASA to develop e-learning
systems. He earned his Bachelor’s degree in Aerospace Engineering
from the Technion (Israel Institute of Technology). He received his
MBA with MIS concentration and Ph.D. in Management Information
Systems from Florida Internationa l University. His current research
interests inc lude cognitive value of IS, of online learning systems, ef-
fectiveness of IS, and cognitive aspects of IS. Dr. Levy is the author of
the book “Assessing the Value of e-Learning systems.” His research
publications appear in the IS journals, conference proceedings, invited
book chapters, and encyclopedias. Additionally, he chaired and co-
chaired multiple sessions/tracks in recognized conferences. Currently, Dr. Levy is serving as the
Editor-in-Chief of the Internationa l Journal of Doctoral Studies (IJDS). Additionally, he is serv-
ing as an associate editor for the Internationa l Journa l of Web-based Learning and Teaching
Technologies (IJWLTT). Moreover, he is serving as a member of editoria l review or advisory
board of several refereed journals. Additionally, Dr. Levy has been serving as a referee research
reviewer for numerous nationa l and international scientific journa ls, conference proceedings, as
well as MIS and Information Security textbooks. He is also a frequent speaker at national and
international meetings on MIS and online learning topics. To find out more about Dr. Levy,
please visit his site : http://sc is.nova.edu/~levyy/
Issue s in Informing Science and Information Technology Volume 6, 2009
Towards a Guide for Novice Researchers on
Research Methodology:
Review and Proposed Methods
Timothy J. Ellis and Yair Levy
Nova Southeastern University
Graduate School of Computer and Information Sciences
Fort Lauderdale, Florida, USA
[email protected], [email protected]
Abstract
The novice researcher, such as the graduate student, can be overwhelmed by the intricacies of the
research methods employed in conducting a scholarly inquiry. As both a consumer and producer
of research, it is essential to have a firm grasp on just what is entailed in producing legitimate,
valid results and conclusions. The very large and growing number of diverse research approaches
in current practice exacerbates this problem. The goal of this review is to provide the novice re-
searcher with a starting point in becoming a more informed consumer and producer of research.
Toward addressing this goa l, a new system for deriving a proposed study type is deve loped. The
PLD model inc ludes the three common drivers for selection of study type : research-worthy prob-
lem (P), valid quality peer-reviewed literature (L), and data (D). The discussion inc ludes a review
of some common research types and concludes with definitions, discussions, and examples of
various fundamentals of research methods such as: a) forming research questions and hypotheses;
b) acknowledging assumptions, limitations, and delimitations; and c) establishing re liability and
validity.
Ke ywords: Research methodology, reliability, va lidity, research questions, problem directed re-
search
Introduction
The novice researcher, such as the graduate student, can be overwhelmed by the intricacies of the
research methods employed in conducting a scholarly inquiry (Leedy & Ormrod, 2005). As both
a consumer and producer of research, it is essential to have a firm grasp on just what is entailed in
produc ing legitimate, valid results and conclusions. The very large and growing number of di-
verse research approaches in current practice exacerbates this problem (Mertler & Vannatta,
2001). The goal of this review is to pro-
vide the novice researcher with a start-
ing point in becoming a more informed
consumer and producer of research in
the form of a lexicon of terms and an
analysis of the underlying constructs
that apply to scholarly enquiry, regard-
less of the specific methods employed.
Scholarly research is, to a very great
extent, characterized by the type of
M aterial p ublished as p art of this p ublication, either on-lin e or
in p rint, is copy righted by the Informing Scien ce Institute.
Permission to make digital or p ap er copy of p art or all of these
works for p ersonal or classroom use is granted without fee
p rovided that the cop ies are not made or distributed for p rofit
or commer cial advantage AND that cop ies 1) bear this notice
in full and 2) give the full citation on the first p age. It is p er-
missible to abstract these works so long as cred it is giv en. To
copy in all other cases or to rep ublish or to p ost on a server or
to redistribute to lists requires sp ecific p ermission and p ay ment
of a fee. Contact [email protected] gScience.or g to request
redistribution p ermission.
Guide for Novice Researchers on Research Methodology
324
study conducted and, by extension, the specific methods employed in conducting that type of
study (Creswell, 2005, p. 61). Novice researchers, however, often mistakenly think that, since
studies are known by how they are conducted, the research process starts with deciding upon just
what type of study to conduct. On the contrary, the type of study one conducts is based upon three
related issues: the problem driving the study, the body of knowledge, and the nature of the data
available to the researcher.
As discussed elsewhere, scholarly research starts with the identification of a tightly focused, lit-
erature supported problem (Ellis & Levy, 2008). The research-worthy problem serves as the point
of departure for the research. The nature of the research problem and the doma in from which it is
drawn serves as a limiting factor on the type of research that can be conducted. Nunamaker,
Chen, and Purdin (1991) noted that “It is clear that some research domains are sufficiently nar-
row that they allow the use of only limited methodologies” (p. 91). The problem also serves as
the guidance system for the study in that the research is, in essence, an attempt to, in some man-
ner, develop at least a partial solution to the research problem. The best design cannot provide
meaning to research and answer the question ‘Why was the study conducted,’ if there is not the
anchor of a clearly identified research problem.
The body of knowledge serves as the foundation upon which the study is built (Levy & Ellis,
2006). The literature also serves to channel the research, in that it indicates the type of study or
studies that are appropriate based upon the nature of the problem driving the study. Likewise, the
literature provides clear guidance on the specific methods to be followed in conducting a study of
a given type. Although origina lity is of great value in scholarly work, it is usually not rewarded
when applied to the research methods. Ignoring the wisdom contained in the existing body of
knowledge can cause the novice researcher, at the least, a great deal of added work establishing
the validity of the study.
From an entirely practical perspective, the nature of the data available to the researcher serves as
a final filter in determining the type of study to conduct. The type of data available should be
considered a necessary, but certainly not sufficient, consideration for selecting research methods.
The data should never supersede the necessity of a research-worthy problem serving as the anchor
and the existing body of knowledge serving as the foundation for the research. The absence of the
ability to gather the necessary data can, however, certainly make a study based upon research
methods directly driven by a well-conceived problem and supported by current literature com-
plete ly futile. Every solid research study must use data in order to validate the proposed theory.
As a result, novice researchers should understand the centrality of access to data for their study
success. Access to data refers to the ability of the researcher to actually collect the desired data
for the study. Without access to data, it is impossible for a researcher to make any meaningful
conclusions on the phenomena. Novice researchers should be aware that their access to data will
also imply what type of methodology they will be using and what type of research, eventually
they will conduct. Figure 1 illustrates the interaction among the research-worthy problem (P), the
existing body of knowledge documented in the peer-reviewed literature (L), and the data avail-
able to the researcher (D). The research-worthy problem (P) serves as the input to the process of
selecting the appropriate type of research to conduct; the valid peer-reviewed literature (L) is the
key funnel that limits the range of applicable research approaches, based on the body of knowl-
edge; the data (D) available to the researcher serves as the final filter used to identify the specific
study type.
The balance of this paper explores the constructs underlying scholarly research in two aspects.
The first section examines some of the types of studies most commonly used in information sys-
tems research. The second section explores vital considerations for research methods that apply
across all study types.
Ellis & Levy
325
Study type
Data available
Valid peer-reviewed
literature
Research-worthy
problem
Figure 1. The PLD Mode l for De riving Study Type
Types of Research
There are a number of different ways to distinguish among types of research. The type of data
available is certainly one vita l aspect (Gay, Mills, & Airasian, 2006; Leedy & Ormrod, 2005);
different research approaches are appropriate for quantitative data – precise, numeric data derived
from a reduced variable – than for qualitative data – complex, multidimensional data derived
from a natural setting. Of equal importance is the nature of the problem be ing addressed by the
research (Isaac & Michael, 1981). Some problems, for example, are relative ly new and require
Table 1: Ke y Categories of Research
Approach Mos t common type of data Stage of proble m Cate gories of
The ory
Experimental Quantitative Evaluation Testing or
revising
Causal-comparative Quantitative Evaluation Testing or
revising
Historical Quantitative or Qualitative Description Testing or
revising
Developmenta l Quantitative and qualitative Description Building or
revising
Correlational
Quantitative Description Testing
Case study Qualitative Exploration Building or
revising
Grounded theory
Qualitative Exploration Building
Ethnography
Qualitative Descriptive Building
Action research Quantitative and qualitative Applied exploration Building or
revising
Guide for Novice Researchers on Research Methodology
326
exploratory types of research, while more mature problems might better be addressed by descrip-
tive or evaluative (hypothesis testing) approaches (Sekaran, 2003). Table 1 presents an overview
of how the research approaches most commonly used in information systems (IS) are categorized.
The subsections following Table 1 briefly explore each of these major research approaches. In
general, research studies can be classified into three categories: theory building, theory testing,
and theory revising. Theory building refers to research studies that aim at building a theory where
no prior solid theory existed to expla in phenomena or specific scenario. Theory testing refers to
research studies that aim at validating (i.e. testing) existing theories in new context. Theory revis-
ing refers to research studies that aim at revising an existing theory.
Experimental
The essence of experimental research is determining if a cause-effect relationship exists between
one factor or set of factors – the independent variable(s) – and a second factor or set of factors –
the dependent variable(s) (Cook & Campbell, 1979). In an experiment, the researcher takes con-
trol of and manipulates the independent variable, usua lly by randomly assigning partic ipants to
two or more different groups that receive different treatments or implementations of the inde-
pendent variable. The experimenter measures and compares the performance of the participants
on the dependent variable to determine if changes in the independent variables are very like ly to
cause similar changes in performance on the dependent variable. In medical settings, this type of
research is very common. However, in many research fields it is somewhat difficult to control all
the variables in the experiments, especially when dealing with research area that is related to or-
ganizations and institutions. For that reason, the use of experiments in IS it is somewhat limited,
and a less restrictive type of experiments is used. Such type is called quasi-experiment (Cook &
Campbell, 1979). Similar to experiments, in quasi-experiments, the research is attempting to de-
termining if a cause-effect relationship exists between one factor or set of factors – the independ-
ent variable(s) – and a second factor or set of factors – the dependent variable(s). However in
quasi-experiments, the researcher is unable to control a ll the variables in the experimentation, but
most variables are controlled.
An example of an experimental study would be research into which of two methods of inputting
text in a personal digita l assistant, soft-key or handwriting recognition, is more accurate. The in-
dependent variable would be method of text input. The dependent variable might be a count of
the number of entry errors, and the comparison based on the mean of the group using the soft-key
method with the mean of the group that used handwriting recognition input. An example of ex-
perimenta l research can be found at Cockburn, Savage, and Wallace (2005).
Causal-Comparative
As with experimental studies, causal-comparative research focuses on determining if a cause-
effect relationship exists between one factor of set of factors – the independent variable(s) – and a
second factor or set of factors – the dependent variable(s). Unlike an experiment, the researcher
does not take control of and manipulate the independent variable in causal-comparative research
but rather observes, measures, and compares the performance on the dependent variable or vari-
ables of subjects in naturally-occurring groupings based on the independent variable.
An example of a causal-comparative study would be research into the impact monetary bonuses
had on knowledge sharing behavior as exhibited by contributions to a company knowledge bank.
The independent variable would be “monetary bonus,” and it might have two levels (i.e. “yes”
and “no”). The dependent variable might be a count of the number of contributions, and the com-
parison based upon an examination of the mean number of knowledge-base contributions made
per employee in companies that provided a monetary bonus versus the mean number of contribu-
tions made per employee in companies that did not provide a bonus. Since the researcher did not
Ellis & Levy
327
assign companies to the “bonus” or “no bonus” categories, this study would be causal compara-
tive , not experimental. An example of causal-comparative research can be found at Becerra-
Fernandez, Zanakis, and Walczak (2002) who deve loped a knowledge discovery technique using
neural network mode ling to classify a country’s investing risk based on a variety of independent
variables.
Case Study
A case study is “an empirica l inquiry that investigates a contemporary phenomenon within its real
life context using multiple sources of evidence” (Noor, 2008, p. 1602). The evidence used in a
case study is typically qualitative in nature and focuses on developing an in-depth rather than
broad, generalizable understanding. Case studies can be used to explore, describe, or explain phe-
nomena by an exhaustive study within its natural setting (Yin, 1984). An example of a case study
can be found in the study by Ramim and Levy (2006) who described the issues related to the im-
pact of an insider’s attack combined with novice management on the survivability of an e-
learning systems of a small university.
Historical
Historical research utilizes interpretation of qua litative data to explain the causes of change
through time. This type of research is based upon the recognition of a historical problem or the
identification of a need for certain historical knowledge and generally enta ils gathering as much
relevant information about the problem or topic as possible. The research usually begins with the
formation of a hypothesis that tentatively explains a suspected relationship between two or more
historical factors and proceeds to a rigorous collection and organization of usua lly qua litative
evidence. The verification of the authentic ity and validity of such evidence, together with its se-
lection, organization, and analysis forms the basis for this type of research. An example of his-
torical research can be found in the study by Grant and Grant (2008) who conducted a study to
test the hypothesis that a new generation in knowledge management was emerging.
Correlational
The primary focus of the correlationa l type of research is to determine the presence and degree of
a relationship between two factors. Although correlationa l studies are in a superficia l way similar
to causal-comparative research – both types of study focus on analyzing quantitative data to de-
termine if a relationship exists between two variables – the difference between the two cannot be
ignored. Unlike causal-comparative research, in correlationa l studies, there is no attempt to de-
termine if a cause-effect relationship exists (variable x causes changes in variable y). The goal for
correlational studies is to determine if a predictive relationship exists (knowing the value of vari-
able x allows one to predict the value of variable y). At a practical level, there is, therefore, no
distinction made between independent and dependent variables in correlationa l research.
An example of a simple correlationa l study would be research into the relationship between age
and willingness to make e-commerce purchases. The two variables of interest would be age and
number of e-commerce purchases made over a given period of time. The comparison would be
based upon an examination of age of each subject in the study and the number of e-commerce
purchases made by that subject. Since the researcher did not control either of the variables or at-
tempt to determine if age caused changes in purchases, just if age could be used to predict behav-
ior, the study would be correlationa l, not experimental or causal-comparative. An example of cor-
relational research can be found in Cohen and Ellis (2003).
Guide for Novice Researchers on Research Methodology
328
Developmental
Developmenta l research attempts to answer the question: How can researchers build a ‘thing’ to
address the problem? It is especially applicable when there is not an adequate solution to even test
for efficacy in addressing the problem and presupposes that researchers don’t even know how to
go about building a solution that can be tested. Developmenta l research generally entails three
major elements:
• Establishing and validating criteria the product must meet
• Following a formalized, accepted process for developing the product
• Subjecting the product to a formalized, accepted process to determine if it satis-
fies the criteria.
An example of developmental research would be Ellis and Hafner (2006) that detailed the devel-
opment of an asynchronous environment for project-based collaborative learning experiences.
Developmenta l research is distinguished from product development by: a focus on complex, in-
novative solutions that have few, if any, accepted design and development princ iples; a compre-
hensive grounding in the literature and theory; empirical testing of product’s practicality and ef-
fectiveness; as well as thorough documentation, analysis, and reflection on processes and out-
comes (van den Akker, Branch, Gustafson, Nieveen, & Plomp, 2000).
Grounded Theory
Grounded Theory is defined as “a systematic, qua litative procedure used to generate theory that
expla ins, at a broad conceptual level, a process, an action, or interaction about substantive topic”
(Creswell, 2005, p. 396). Grounded theory is used when theories currently documented in the lit-
erature fail to adequately expla in the phenomena observed (Leedy & Ormrod, 2005). In such
cases, revisions for existing theory may not be valid as the fundamental assumptions behind such
theories may be flawed given the context or data at hand. Table 2 outlines the three key types of
grounded theory design. According to Creswell, “choosing among the three approaches requires
several considerations” (p. 403). He noted that such considerations depend on the key emphasis
of the study such as: Is the aim of the study to follow given procedures? Is the aim of the aim of
the study to follow predetermined categories? What is the position of the researcher? An example
of Grounded Theory in the context of information systems inc ludes the study by Oliver, Why-
mark, and Romm (2005). Oliver et al. used Grounded Theory to deve lop a conceptual mode l on
enterprise-resources planning (ERP) systems adoption based on the various types of organiza-
tional justifications and reported motives.
Table 2: Types of Grounde d Theory Des ign (Cres we ll, 2005)
Type of Grounde d Theory
Des ign
De finition
Systematic Design “emphasizes the use of data analysis steps of open, axia l, and
selective coding, and the development of a logic paradigm or a
visua l picture of the theory generated” (Creswell, 2005, p. 397)
Emerging Design “letting the theory emerge from the data rather than using spe-
cific, preset categories” (Creswell, 2005, p. 401)
Constructivist Design “focus is on the meanings ascribed by partic ipants in a
study…more interested in the views, values, beliefs, feelings,
assumptions, and ideologies of individuals than in gathering
facts and describing acts” (Creswell, 2005, p. 402)
Ellis & Levy
329
Ethnography
The study of ethnography aims at “a particular person, program, or event in considerable depth.
In an ethnography, the researcher looks at an entire group – more specifica lly, a group that shares
a common culture – in depth” (Leedy & Ormrod, 2005, p. 151). According to Creswell (2005),
ethnographic research deals with an in-depth qua litative investigation of a group that share a
common culture. He indicated that ethnography is best used to explain various issues within a
group of individuals that have been together for a considerable length of time and have, therefore,
developed a common culture. Ethnographic research also provides a chronological collection of
events related to a group of individuals sharing a common culture. Beynon-Davies (1997) out-
lined the use of ethnographic research in the context of system development. He noted that for IS
researchers, ethnographic research may provide value in the area of IS development, specifically
in the process of capturing tacit knowledge during the system development life cycle (SDLC)
(Beynon-Davies). Crabtree (2003) noted that “ethnography is an approach that is increasing inter-
est to the designers of collaborative computing systems. Rejecting the use of theoretical frame-
works and insisting instead on a rigorously descriptive mode of research” (p. ix). However, criti-
cism for Crabtree’s advocacy of ethnography in information systems research was also voiced
(Alexander, 2003).
Action Research
Action research is defined as “a type of research that focuses on finding a solution to a local prob-
lem in a local setting” (Leedy & Ormrod, 2005, p. 114). Action research is unique in the approach
as the researcher himse lf or herself are part of the practitioners group that face the actual problem
the research is trying to address(Creswell, 2005). Additionally, the aim of action research is to
investigate a localized and practical problem. According to DeLuca, Gallivan, and Kock (2008),
there are five key steps in action research including: a) Diagnosing the problem; b) Planning the
action; c) Taking the action; d) Eva luating the results; and e) Specifying lessons learned for the
next cycle. During the course of all give steps of the action research, “researchers and practitio-
ners collaborate during each step” (DeLuca et al., p. 49).
Fundamentals of Research Methods
For each study type there is an accepted methodology documented in texts (Gay et al., 2006;
Isaac & Michael, 1981; Leedy & Ormrod, 2005; Yin, 1984) and exemplified in the literature
(Levy & Ellis, 2006). As a first step in establishing the value of a proposed study, the novice re-
searcher is well advised to close ly follow the template for the study type contained in the text and
mode l her or his research methods after similar studies reported in the literature. Regardless of the
type of study being conducted, there are a number of important factors that must be accommo-
dated in an effective description of the research methods. In brief, the description must provide a
detailed, step-by-step description of how the study will be conducted, answering the vital “who,
what, where, when, why, and how” questions.
1. What is going to be done
2. Who is going to do each thing to be done
3. How will each thing to be done be accomplished
4. When, and in what order, will the things to be accomplished actually be done
5. Where will those things be done
6. Why – supported by the literature – for the answers to the What, Who, How,
When, and Where
Guide for Novice Researchers on Research Methodology
330
A properly developed description of the research methods would allow the reader to actually con-
duct the study being proposed based upon the processes outlined. Included among those processes
are: forming research questions and hypotheses; identifying assumptions, limitations, and de limi-
tations; as well as establishing reliability and validity.
Form Research Questions and Hypotheses
Research questions
Research questions are the essence of most research conducted and acts as the guiding plan for
the investigation (Mertler & Vannatta, 2001). In general, research questions are “specific ques-
tions that researchers seek to answer” (Creswell, 2005, p. 117). According to Maxwell (2005),
“research questions state what you want to learn” (p. 69). A research investigation may have one
or more research questions regardless of the specific type of the research including qua litative,
quantitative, and mixed method types of research. Most quality peer-reviewed studies will have a
specific section that highlights the research questions investigated. In most other published work
that don’t have a specific section that highlights it, the research questions will appear either at the
end of the problem statement or right after the literature review section. Maxwell suggested that a
good research question is one that will point the researcher to the information that will lead
him/her to understand what he/she set forth to investigate. According to Ellis and Levy (2008),
“in order for the research to be at all meaningful, there has to be an identifiable connection be-
tween the answers to the research questions and the research problem inspiring the study” (p. 20).
However, research questions shouldn’t be created in a vacuum, but be strongly influenced by
quality literature is suggesting about the phenomena (Berg, 1998). Moreover, the exact wording
used to note the research questions is vital as the accuracy and appropriateness of the research
question determine the methodology to be used (Mertler & Vannatta, 2001).
The nature of the research questions will be dependent on the type of study being conducted.
Studies based on quantitative data will generally be driven by research questions that are formu-
lated on the confirmatory and predictive nature, while studies based on qualitative data will be
more like ly driven by research questions that are formulated on the exploratory and interpretive
nature.
Examples of quantitative research questions in the context of information systems inc lude :
– To what extent does users’ perceived usefulness increases the odds of their e-commerce
usage?
– Do computer self-efficacy and computer anxiety have a significant difference for males
and females when using e-learning systems?
– What are the contributions of users’ systems trust, deterrent severity, and motivation to
their misuse of biometrics technology?
– To what degree do team communication and team cohesiveness predict productivity of
system development by virtual teams?
Examples of qualitative research questions in the context of information systems include:
– How does training help the implementation success of enterprise-wide information sys-
tems?
– Why do user involvement and user resistance help in the systems’ requirement gathering
process?
What are the systems characteristics that are valuable to users when using e-learning
systems?
– How do e-commerce users define information privacy?
Ellis & Levy
331
Hypotheses
One must keep in mind that “research questions are not the same as research hypotheses”
(Maxwell, 2005, p. 69). In general, a hypothesis can be defined as a “logical supposition, a rea-
sonable guess, an educated conjecture” about some aspect of daily life (Leedy & Ormrod, 2005,
p. 6). In scholarly research, however, hypotheses are more than ‘educated guesses.’ A research
hypothesis is a “prediction or conjecture about the outcome of a relationship among attributes or
characteristics” (Creswell, 2005, p. 117). By convention, research is conservative and assumes
the absence of a relationship among the attributes under consideration; hypotheses, therefore, are
expressed in null terms. For example, if a study were to examine the impact interactive multime-
dia animations have on the average amount of a purchase at an e-commerce site, the hypothesis
would be stated: The average amount of purchase on an e-commerce site enhanced with interac-
tive animations will not be different that the average amount of purchase on the same e-
commerce site that is not enhanced with interactive animations. Not all types of research entail
establishing and testing hypotheses. Research methods based upon quantitative data commonly
test hypotheses; studies based upon qualitative data, on the other hand, explore propositions
(Maxwell).
Unlink hypotheses, propositions do predict a directiona lity for the results. If, for example, one
were to examine consumer reaction to interactive animation on an e-commerce site, one might
investigate the proposition that: Consumers will express a greater feeling of engagement and sat-
isfaction when visiting e-commerce sites enhanced with interactive animations than similar sites
that lack the enhancement.
Acknowledge Assumptions, Limitations, and Delimitations
For any given research investigation there are underlying assumptions, limitations, and de limita-
tions (Creswell, 2005). According to Leedy and Ormrod (2005), assumptions, limitations, and
delimitations are critical components of a viable research proposal; without these considerations
clearly articulated, evaluators may raise some valid questions regarding the credibility of the pro-
posal. The following three sub-sections provide definition and examples for each term.
Assumptions
Assumptions serve as the basic foundation of any proposed research (Leedy & Ormrod, 2005)
and constitute “what the researcher takes for granted. But taking things for granted may cause
much misunderstanding. What [researchers] may tacitly assume, others may never have consid-
ered” (Leedy & Ormrod, p. 62). Moreover, assumptions can be viewed as something the re-
searcher accepts as true without a concrete proof. Essentially, there is no research study without a
basic set of assumptions (Berg, 1998). According to Williams and Colomb (2003), identifying the
assumptions behind a given research proposal is one of the hardest issues to address, especially
for novice researchers. Such difficulties emerge due to the fact that by nature “we all take our
deepest beliefs for granted, rarely questioning them from someone else’s point of view”
(Williams & Colomb, p. 200). It is important for novice researchers to learn how to explic itly
document the ir assumptions in order to ensure that they are aware of those things taken as givens,
rather than trying to hide or smear them from the reader. Explicitly documenting the research as-
sumptions may help reduce misunderstanding and resistance to a proposed research as it demon-
strates that the research proposal has been thoroughly considered (Leedy & Ormrod, 2005).
To identify the assumption behind a proposa l, the researcher must ask himself the following ques-
tion: “what do I believe that my readers must also believe (but may not) before they will think
that my reasons are relevant to my claims?” (Williams & Colomb, p. 200).
Guide for Novice Researchers on Research Methodology
332
Examples of assumptions researchers make include :
– Participants in the study will make a sincere effort to complete the assigned tasks
– The students participating in the Internet-based course have a basic familiarity with the
personal computer and the use of the World Wide Web.
Limitations
Every study has a set of limitations (Leedy & Ormrod, 2005), or “potential weaknesses or prob-
lems with the study identified by the researcher” (Creswell, 2005, p. 198). A limitation is an un-
controllable threat to the internal va lidity of a study. As described in greater detail below, internal
validity refers to the likelihood that the results of the study actually mean what the researcher in-
dicates they mean. Explic itly stating the research limitations is vita l in order to allow other re-
searchers to replicate the study or expand on a study (Creswell, 2005). Additionally, by explicitly
stating the limitations of the research, a researcher can help other researchers “judge to what ex-
tent the findings can or cannot be generalized to other people and situations” (Creswell, 2005, p.
198).
Examples of limitations researchers may have:
– All subjects in the study will be volunteers who may withdraw from the study at any
time. The participants who finish the study might not, therefore, be truly representative of
the population.
– The members of the expert panel that will validate the proficiency survey instrument will
be drawn from the faculty of … and may not truly represent universally accepted expert
opinion.
Delimitations
Delimitations refer to “what the researcher is not going to do” (Leedy & Ormrod, 2005). In schol-
arly research, the goals of the research outlines what the researcher intends to do; without the de-
limitations, the reader will have difficulties in understanding the boundaries of the research. In
order to constrain the scope of the study and make it more manageable, researchers should outline
in the de limitations – the factors, constructs, and/or variables – that were intentiona lly left out of
the study. Delimitations impact the external validity or generalizability of the results of the study.
Examples of delimitations inc lude :
– Participation in the study was delimited to only males aged 25-45 who had made a pur-
chase via the internet within the past 12 months; generalization to other age groups or
females may not be warranted.
– This study examined attrition rates in MBA programs offered in continuing education de-
partments of public colleges and universities; generalization to other educationa l pro-
grams or similar programs offered in private institutions may not be warranted.
Establish Reliability and Validity
Every study must address threats to validity and reliability (Leedy & Ormrod, 2005). Although
the concepts of validity and reliability originally started in quantitative research approaches, in
recent years validity and reliability are being addressed in qualitative and mixed-methods ap-
proaches as well (Berg, 1998; Maxwell, 2005). According to Leedy and Ormrod (2005), “the va-
lidity and reliability of your measurement instruments influences the extent to which you can
learn something about the phenomenon you are studying…and the extent to which you can draw
meaningful conclusions from your data” (p. 31). The following two sections define and outline
Ellis & Levy
333
the key types of validity and reliability re lated to common research investigation. Establishing an
approach following published methods to address validity and reliability issues in a research pro-
posal may drastically increase the overall acceptance of the research proposal.
Reliability
Reliability is defined as “the consistency with which a measuring instrument yie lds a certain re-
sults when the entity be ing measured hasn’t changed” (Leedy & Ormrod, 2005, p. 31). According
to Straub (1989), researchers should try to answer the following question in an attempt to address
reliability; “do measures show stability across the unit of observation? That is, could measure-
ment error be so high as to discredit the findings?” (p. 150). Reliability can be established in four
different ways: equivalency, stability, inter-rater, and interna l consistency (Carmines & Zeller,
1991).
Equivale ncy re liability. Equivalency reliability is concerned with how close ly measurements
taken with one instrument match those taken with a second instrument under similar conditions.
Equiva lency is often used to certify the reliability of a new measurement instrument or procedure
by comparing the results of using that instrument with those obta ined by using established in-
struments or processes. Equiva lency is usua lly established through the use of a statistical correla-
tion (Pearson’s r for linear correlation or Eta for non-linear correlation).
Stability re liability. Stability reliability – also know as test, re-test reliability – is concerned with
how consistent results of measuring with a given instrument or process are over time. Stability is
based on the assumption that, absent some identifiable explanation, the measurement should pro-
duce the same results today as last month and will produce the same results next month. Stability,
like equiva lency, is usually established through the use of a statistical correlation (Pearson’s r for
linear correlation or Eta for non-linear correlation).
Inte r-rate r re liability. Inter-rater reliability focuses on the extent agreement in the results of two
or more individuals using the same measurement instrument or process. As with stability and
equivalency, inter-rater reliability is usua lly established through the use of a statistical correlation
(Pearson’s r for linear correlation or Eta for non-linear correlation).
Inte rnal cons iste ncy. Unlike the previous methods of establishing reliability which were con-
cerned with comparing the results of using an instrument or process with some external standard
(another instrument, the same instrument over time, or the same instrument used by different
people), internal consistence focuses on the level of agreement among the various parts of the
instrument or process in assessing the characteristic being measured. In a 20-question survey
measuring attitude toward knowledge sharing, for example , if the survey is interna lly consistent,
there will be a strong correlation the responses on all 20 questions. Internal consistency is also
measured by statistical correlation, but with the Cronbach α in place of Pearson r.
Validity
Validity refers to a researchers’ ability to “draw meaningful and justifiable inferences from scores
about a sample or population” (Creswell, 2005, p. 600). There are various types of validity asso-
ciated with scholarly research (Cook & Campbell, 1979). Validity of an instrument refers to “the
extent to which the instrument measures what it is supposed to measure” (Leedy & Ormrod,
2005, p. 31). Thus, researchers when designing the ir study, must ask themselves “how might you
be wrong?” (Maxwell, 2005, p. 105). Additionally, the validity of a study “depends on the rela-
tionship of your conclusions to reality” (Maxwell, 2005, p. 105). This section will define and out-
line the key validity issues. The two most common validity issues are internal validity and exter-
nal validity.
Guide for Novice Researchers on Research Methodology
334
Inte rnal validity. Internal validity refers to the “extent to which its design and the data that it
yie lds allow the researcher to draw accurate conclusions about cause-and-effect and other rela-
tionships within the data” (Leedy & Ormrod, 2005, pp. 103-104). According to Straub (1989),
researchers should try to answer the following question in an attempt to address internal va lidity;
“are there untested rival hypotheses for the observed effects?” (p. 150). Generally, establishing
interna l validity requires examining one or more of the following: face validity, criterion va lidity,
construct validity, content validity, or statistical conclusion va lidity.
Face Validity. Face validity is based upon appearance; does the instrument or process seem to
pass the test for reasonableness. Face validity is never sufficient by itself, but an informa l assess-
ment of how well the study appears to be designed is often the first step in establishing its va lid-
ity.
Crite rion Re lated Validity. Also known as instrumental va lidity, criterion related validity is
based upon the premise that processes and instruments used in a study are valid if they paralle l
similar those used previous, validated research. In order to establish criterion re lated validity it is
necessary to draw strong parallels between as many particulars of the validated study – popula-
tion, c ircumstances, instruments used, methods followed – as possible.
Cons truct Validity. Construct validity “is in essence operational issue. It asks whether the meas-
ures chosen are true constructs describing the event or merely artifacts of the methodology itself”
(Straub, 1989, p. 150). According to Straub, researchers should try to answer the following ques-
tion in an attempt to address construct validity; “do measures show stability across methodology?
That is, are the data a reflection of true scores or artifacts of the kind of instrument chosen?” (p.
150).
Conte nt Validity. In survey-based research, the term content validity refers to “the degree to
which items in an instrument reflect the content universe to which the instrument will be general-
ized” (Boudreau, Gefen, & Straub, 2001, p. 5). According to Straub (1989), researchers should
try to answer the following question in an attempt to address content validity; “are instrument
measures drown from all possible measures of the properties under investigation?” (p. 150).
Statis tical Conclus ion Validity. Statistical conc lusion va lidity refers to the “assessment of the
mathematical relationships between variables and the like lihood that this mathematical assess-
ment provides a correct picture of the covariation …(Type I and Type II error)” (Straub, 1989, p.
152). According to Straub, researchers should try to answer the following question in an attempt
to address statistical conc lusion va lidity; “do the variables demonstrate relationships not expla in-
able by chance or some other standard of comparison?” (p. 150).
Exte rnal validity. External validity refers to the “extent to which its results apply to situations
beyond the study itself…the extent to which the conclusions drawn can be generalized to other
contexts” (Leedy & Ormrod, 2005, p. 105). Additionally, external validity addresses the “gener-
alizability of sample results to the population of interest, across different measures, persons, set-
tings, or times. External validity is important to demonstrate that research results are applicable in
natural settings, as contrasted with classroom, laboratory, or survey-response settings” (King &
He, 2005, p. 882).
Summary
One of the major challenges facing the novice researcher is matching the research she or he pro-
poses with a research method that is appropriate and will be accepted by the scholarly commu-
nity. The material presented in this paper is certainly not intended to be the ending point in the
process of establishing the research methods for a given study. The novice researcher is encour-
Ellis & Levy
335
aged, even expected to augment this material by referring to one or more of the texts and research
examples cited.
This paper does present a foundation upon which such a decision can be based on:
1. Developing the PLD, a model for selection of research approach based upon the
problem driving the study, the body of knowledge documented in peer-reviewed lit-
erature, and the data available to the researcher;
2. Identifying, in brief, several of the research approaches commonly used in informa-
tion systems studies;
3. Exploring several of the important terms and constructs that apply to scholarly re-
search, regardless of the specific approach selected.
References
Ale xander, I. (2003). Designing collaborative systems. A practica l guide to ethnography. European Journal
of In formation Systems, 12(3), 247-249.
Becerra-Fe rnandez, I., Zanakis, S. H., & Walc za k, S. (2002). Knowledge discovery techniques for predict-
ing country investment risk. Computers & Industrial Engineering, 43(4), 787-800.
Berg, B. L. (1998). Qualitative research methods for the social sciences (3rd ed.). Boston, MA: Allyn &
Bacon.
Beynon-Davies, P. (1997). Ethnography and information systems development: Ethnography of, for and
within is development. Information and Software Technology, 39(8), 531-540.
Boudreau, M.-C., Gefen, D., & Straub, D. W. (2001). Validation in information systems research: A state-
of-the-art assessment. MIS Quarterly, 25(1), 1-16.
Cockburn, A., Savage, J., & Wallace, A. (2005). Tuning and testing scrolling interfaces that automatically
zoo m. Proceeding of the Computer-Human Interaction 2005 Conference, Portland, Oregon, pp. 71-80.
Cohen, M. S., & Ellis, T. J. (2003). Predictors of success: A longitudinal study of threaded discussion fo-
rums. Proceeding of the Frontiers in Education Conference, Boulder, Colorado, pp. T3F-14–T13F-18.
Cook, T. D., & Ca mpbell, D. T. (1979). Quasi-experimentation: Design & analysis issues from field set-
tings. Boston, MA: Houghton Mifflin Co mpany.
Crabtree, A. (2003). Designing collaborative systems. A practical guide to ethnography. Berlin: Springer-
Verlag.
Creswe ll, J. W. (2005). Educational research: Planning, conducting, and evaluating quantitative and
qualitative research (2nd ed.). Upper Saddle River, NJ: Pearson.
De Luca, D., Ga llivan, M. J., & Kock, N. (2008). Furthering information systems action research: A post-
positivist synthesis of four dia lectics. Journal of the Association for Information Systems, 9(2), 48-72.
Ellis, T. J., & Ha fner, W. (2006). A co mmunicat ion environment for asynchronous collaborative lea rning.
Proceeding of the 37th Hawaii International Conference on System Sciences, Big Island, Hawa ii, pp.
3a-3a.
Ellis, T. J., & Levy, Y. (2008). A fra mework of proble m-based research: A guide for novice researchers on
the development of a research-worthy proble m. In forming Science: The International Journal of an
Emerging Transdiscipline, 11, 17-33. Retrieved fro m http://inform.nu/Artic les/Vol11/ISJv 11p 017-
033Ellis486.pdf
Gay, L. R., Mills, G. E., & Airasian, P. (2006). Educational research: Competencies for analysis and ap-
plications (8th ed.). Upper Saddle River, NJ: Pearson.
Guide for Novice Researchers on Research Methodology
336
Grant, K. A., & Grant, C. T. (2008). Developing a mode l of ne xt generation knowledge manage ment. Is-
sues in Informing Science and Information Technology, 5, 571– 590. Retrieved fro m
http://proceedings.informingscience.org/InSITE2008/IISITv5p571-590Grant532.pdf
Isaac, S., & M ichael, W. B. (1981). Handbook in research and evaluation. San Diego, CA: EdITS publish-
ers.
King, W. R., & He, J. (2005). Externa l validity in IS survey research. Communications of the Association
for In formation Systems, 16, 880-894.
Leedy, P. D., & Ormrod, J. E. (2005). Practical research: Planning and design (8th ed.). Upper Saddle
River, NJ: Prentice Hall.
Levy, Y., & Ellis, T. J. (2006). A systems approach to conduct an effective literature rev iew in support of
informat ion systems research. Informing Science: The International Journal of an Emerging Transdis-
cipline, 9, 181-212. Retrieved fro m http://inform.nu/Artic les/Vol9/ V9p181-212Levy99.pdf
Maxwe ll, J. A. (2005). Qualitative research design: An interactive approach (2nd ed.). Thousand Okas,
CA: Sage Publication.
Mertler, C. A., & Vannatta, R. A. (2001). Advanced and multivariate statistical methods: Practical appli-
cation and interpretation. Los Angeles, CA: Pyrcza k Publishing.
Noor, K. (2008). Case study: A strategic research methodology. American Journal of Applied Sciences,
5(11), 1602-1604.
Nunama ker, J. F., Chen, M., & Purdin, T. D. M. (1991). Systems development in information systems re-
search. Journal of Management Information Systems, 7(3), 89-106.
Oliver, D., Why mark, G., & Ro mm, C. (2005). Researching ERP adoption: An internet-based grounded
theory approach. Online Information Review, 29(6), 585-604.
Ra mim, M. M ., & Levy, Y. (2006). Securing e-lea rning systems: A case of insider cyber attacks and novice
IT manage ment in a s ma ll university. Journal of Cases on Information Technology, 8(4), 24-35.
Sekaran, U. (2003). Research methods for business (4th ed.). Hoboken, NJ: John Wiley & Sons.
Straub, D. W. (1989). Va lidating instruments in MIS research. MIS Quarterly, 13(2), 147-170.
van den Akker, J., Branch, R. M., Gustafson, K., Nieveen, N., & Plo mp, T. (2000). Design approaches and
tools in education. Norwell, MA: Kluwer Academic Publishers.
Willia ms, J. M ., & Colo mb, G. G. (2003). The craft o f argument (2nd ed.). Ne w Yo rk: Long man Publish-
ers.
Yin, R. K. (1984). Case study research: Design and methods. Ne wbury Park, CA : Sage Publicat ion.
Biographies
Dr. Timothy Ellis obtained a B.S. degree in History from Bradley
University, an M.A. in Rehabilitation Counseling from Southern Illinois
University, a C.A.G.S. in Rehabilitation Administration from North-
eastern University, and a Ph.D. in Computing Technology in Education
from Nova Southeastern University. He joined NSU as Assistant Pro-
fessor in 1999 and currently teaches computer technology courses at
both the Masters and Ph.D. level in the School of Computer and Infor-
mation Sciences. Prior to joining NSU, he was on the faculty at Fisher
College in the Computer Technology department and, prior to that, was
a Systems Engineer for Tandy Business Products. His research interests
inc lude: multimedia, distance education, and adult learning. He has
published in several technical and educational journals inc luding
Catalyst, Journa l of Instructional Delivery Systems, and Journal of Instructiona l Multimedia and
Ellis & Levy
337
Hypermedia. His email address is [email protected] His main website is located at
http://www.scis.nova.edu/~ellist/
Dr. Yair Levy is an associate professor at the Graduate School of
Computer and Information Sc iences at Nova Southeastern University.
During the mid to late 1990s, he assisted NASA to develop e-learning
systems. He earned his Bachelor’s degree in Aerospace Engineering
from the Technion (Israel Institute of Technology). He received his
MBA with MIS concentration and Ph.D. in Management Information
Systems from Florida Internationa l University. His current research
interests inc lude cognitive value of IS, of online learning systems, ef-
fectiveness of IS, and cognitive aspects of IS. Dr. Levy is the author of
the book “Assessing the Value of e-Learning systems.” His research
publications appear in the IS journals, conference proceedings, invited
book chapters, and encyclopedias. Additionally, he chaired and co-
chaired multiple sessions/tracks in recognized conferences. Currently, Dr. Levy is serving as the
Editor-in-Chief of the Internationa l Journal of Doctoral Studies (IJDS). Additionally, he is serv-
ing as an associate editor for the Internationa l Journa l of Web-based Learning and Teaching
Technologies (IJWLTT). Moreover, he is serving as a member of editoria l review or advisory
board of several refereed journals. Additionally, Dr. Levy has been serving as a referee research
reviewer for numerous nationa l and international scientific journa ls, conference proceedings, as
well as MIS and Information Security textbooks. He is also a frequent speaker at national and
international meetings on MIS and online learning topics. To find out more about Dr. Levy,
please visit his site : http://sc is.nova.edu/~levyy/
Chapter 3 – Evaluation Rubric
Criteria Does Not Meet 0.01 points Meets/NA 1 point
Introductory Remarks The section is missing; or some topic areas are not included
in the Introduction or are not explained clearly.
The chapter outline is not provided and/or is unclear.
The reader is adequately oriented to the topic areas
covered. An outline of the logical flow of the chapter is
presented.
All major themes/concepts are introduced.
Research Methodology and
Design
There is a lack of alignment among the chosen research
method and design and the study’s problem, purpose, and
research questions.
There is a lack of justification and alternate choices for
methods.
For Qualitative Studies: Lacks clear discussion of the
study phenomenon, boundaries of case(s), and/or
constructs explored.
Describes how the research method and design are aligned
with the study problem, purpose, and research questions.
Uses scholarly support to describe how the design choice
is consistent with the research method, and alternate
choices are discussed.
For Qualitative Studies: Describes the study
phenomenon, boundaries of case(s) and/or constructs
explored.
Population and Sample Lacks a description of the sample, demographics, and the
representation of the sample to the broader population.
There is little to no description of the inclusion/exclusion
criteria used to select the participants (sample) of the study.
For Quantitative Studies: A power analysis is not
described and appropriately cited.
Provides a description of the target population and the
relation to the larger population.
Inclusion/exclusion criteria for selecting participants
(sample) of the study are noted.
For Quantitative Studies: Power analysis is
described and appropriately cited.
Materials/
Instrumentation
Lacks a description of the instruments associated with the
chosen research method and design used. Details missing
regarding instrument origin, reliability, and validity.
For Quantitative Studies: (e.g., tests or surveys). Lacks
explanation of any permission needed to use the
instrument(s) and cites properly. Instrument permissions are
missing in appendices
For Qualitative Studies: (e.g., observation
checklists/protocols, interview or focus group discussion
Handbooks). Did not clearly explain the process for
conducting an expert review of instruments (e.g., provides
justification of reviewers being credible – reviewers may
include, but not limited to NCU dissertation team members,
professional colleagues, peers, or non-research participants
representative of the greater population); and/or did not
clearly explain use of a field test if practicing the
administration of the instruments is warranted.
For Pilot Study: Does not clearly explain the procedure for
conducting a pilot study (did not conduct pilot) if using a
self-created instrument (e.g., survey questionnaire); does not
include explanation of a field test if practicing the
administration of the instruments is warranted.
Provides a description of the instruments associated with
the chosen research method and design used. Includes
information regarding instrument origin, reliability, and
validity.
For Quantitative Studies: (e.g., tests or surveys).
Includes any permission needed to use the instrument(s)
and cites properly.
For Qualitative Studies: (e.g., observation
checklists/protocols, interview or focus group discussion
Handbooks). Describes process for conducting an expert
review of instruments (e.g., provides justification of
reviewers being credible – reviewers may include, but not
limited to NCU dissertation team members, professional
colleagues, peers, or non-research participants
representative of the greater population); describes use of
a field test if practicing the administration of the
instruments is warranted.
For Pilot Study: Explains the procedure for conducting a
pilot study (requires IRB approval for pilot) if using a
self-created instrument (e.g., survey questionnaire);
explains use of a field test if practicing the administration
of the instruments is warranted.
Operational Definitions
of Variables
(Quantitative Studies
Only)
Discussion of the study variables examined is lacking
information and/or is unclear.
Describes study variables in terms of being measurable
and/or observable.
(Reviewer – mark Meets/NA for Qualitative studies)
Procedures Procedures are not clear or replicable. Steps are missing;
recruitment, selection, and informed consent are not
established. IRB ethical practices are missing or unclear.
Describes the procedures to conduct the study in enough
detail to practically replicate the study, including
participant recruitment and notification, and informed
consent. IRB ethical practices are noted.
Data Collection and
Analysis
Does not clearly provide a description of the data and the
processes to collect data. Lack of alignment between the
data collected and the research questions and/or hypotheses
of the study.
For Quantitative Studies: Does not clearly provide the data
analysis processes including, but not limited to, clearly
describing the statistical tests performed and the
purpose/outcome, coding of data linked to each RQ, the
software used (e.g., SPSS, Qualtrics).
For Qualitative Studies: Does not clearly identify the
coding process of data linked to RQs; does not clearly
describe the transcription of data, the software used for
textual analysis (e.g., Nivo, DeDoose), and does not justify
manual analysis by researcher. There is missing or unclear
explanation of the use of a member check to validate data
collected.
Provides a description of the data collected and the
processes used in gathering the data. Explains alignment
between the data collected and the research questions
and/or hypotheses of the study.
For Quantitative Studies: Includes the data analysis
processes including, but not limited to, describing the
statistical tests performed and the purpose/outcome,
coding of data linked to each RQ, the software used (e.g.,
SPSS, Qualtrics).
For Qualitative Studies: Identifies the coding process of
data linked to RQs. Describes the transcription of data,
the software used for textual analysis (e.g., Nivo,
DeDoose), and describes manual analysis by researcher.
Describes the use of a member check to validate data
collected.
Assumptions/Limitations/
Delimitations
Does not clearly outline the
assumptions/limitations/delimitations (or has missing
components) inherent to the choice of method and design.
For Quantitative Studies: Does not include or lacks key
elements such as, but not limited to, threats to internal and
external validity, credibility, and generalizability.
For Qualitative Studies: Does not include or lacks key
elements such as, but not limited to threats to credibility,
trustworthiness, and transferability.
Outlines the assumptions/limitations/delimitations to the
choice of method and design.
For Quantitative Studies: Includes key elements such as,
but not limited to, threats to internal and external validity,
credibility, and generalizability.
For Qualitative Studies: Includes key elements such as,
but not limited to threats to credibility, trustworthiness,
and transferability.
Ethical Assurances Lacks discussion of compliance with the standards to
conduct research as appropriate to the proposed research
design and is not aligned to IRB requirements.
Describes compliance with the standards to conduct
research as appropriate to the proposed research design
and aligned to IRB requirements.
Summary Chapter does not conclude with a summary of key points
from the Chapter – elements are missing, incomplete,
and/new information is presented.
Chapter concludes with an organized summary of key
points discussed/presented in the Chapter.
Dissertation Chapter 3: Research Method
• Introduction (no subheading)
• Research Methodology and Design
• Population and Sample
• Materials or Instrumentation
• Operational Definitions of Variables (quantitative only)
• Study Procedures
• Data Collection and Analysis
• Assumptions
• Limitations
• Delimitations
• Ethical Assurances
• Summary
Introduction
• Briefly reintroduces the problem and purpose of the study
• Briefly describes the overall intent and components of the chapter
• Leads into the description of the research methodology and design
• Does not add any new or related information
Research Methodology and Design
• Describes the research methodology (i.e., quantitative, qualitative, mixed) and
corresponding specific design
• Elaborates on and defends how the chosen research methodology and design are
appropriate to accurately address the study’s problem, purpose, and research
questions
• Identifies alternative methodologies and designs indicating why they are less
appropriate to accurately address the study’s problem, purpose, and research
questions
Research Methodology and Design
• A quantitative methodology involves the use of variables to measure an effect or
a relationship
• Employs variables to establish cause-and-effect
• Independent/predictor variable is used as an employed effect to be measured
• Dependent/outcome variable is used to measure the employed effect
• Indicates the effect of the independent/predictor variable onto the
dependent/outcome variable
• With the use of descriptive and inferential statistics, a statistically significant/non-
significant effect or relationship involving two or more variables can be established
• Can be used to determine the size of the effect or to what degree/extent the
dependent/outcome variable was changed by the independent/predictor variable
• Can be used to predict future outcomes
• Use what is/are the effect(s) of….. on…..
• Do not use “effect” in qualitative research
Research Methodology and Design
• A quantitative methodology involves the use of variables to measure an effect or
a relationship
• Employs variables to establish non-casual relationships
• Can be used to establish a statistically significant/non-significant relationship involving
two variables
• Can be used to only determine the strength and direction of the relationship
• Control variables are held constant throughout the experiment to eliminate/reduce
their potential effect
• Extraneous/confounding/intervening variables hide/alter the true effect of the
intended independent/predictor variable in the experiment, negatively impacting the
true results
Research Methodology and Design
• Quantitative Methodology – involves descriptive and inferential statistical analyses to test
a set of hypotheses for significance
• Instruments used to derive numerical data
• Correlation – attempts to determine to what extent two variables are related
• Regression – attempts to predict the value of one variable from another variable when a
causal relationship exists between the two variables
• Multiple Regression – attempts to predict the value of a one variable based on the value
of two or more other variables.
• Group Comparison – attempts to determine differences between two or more groups
based on the measured effect of an independent variable on to a dependent variable
• Experimental: randomization selection and assignment of participants
• Quasi-Experimental: randomization does not occur
• Non-Experimental: causal comparative/ex post facto (data are obtained from pre-formed
groups without independent variable manipulation, already occurred)
Research Methodology and Design
• Qualitative Methodology – an in-depth exploration to gain a greater understanding; can
also utilize an analysis of numerical data employing descriptive statistics but does not
employ inferential statistical analyses to address a set of hypotheses
• Surveys, individual interviews, focus group interviews, anecdotal records, and
observations are used to derive numerical and/or non-numerical descriptive information
• Phenomenology – an in-depth exploration to gain a deeper understanding of individuals’
perceptions and lived experiences regarding some phenomenon from their perspective
• Ethnography – an in-depth exploration to gain a deeper understanding of a particular
culture or some facet of it from the perspective of the culture’s members
• Grounded Theory – an in-depth exploration to gain a deeper understanding for the
development of a theory to advance, refine, and expand a body of knowledge or ground
a theory in the context of the phenomenon under study
Research Methodology and Design
• Narrative – an in-depth exploration to gain a deeper understanding of individuals’
meanings they assign to their particular experiences, typically derived from one
or a small number of participants involving rich and free-ranging discourse
• Case Study – an in-depth exploration to gain a greater understanding of a single
individual, small group, event, place, phenomenon, or other type of circumstance
from the participant’s perspective utilizing multiple or triangulated data sources;
allows key characteristics, meanings, themes, trends, and implications to be
clarified for application and prediction
Population and Sample
• Population – the entirety from the sample is drawn involving people, objects, events, etc.
• Sample – the smaller more manageable subset representative of the larger population
• Describe the population including the estimated size and characteristics and why it is
appropriate to be used to address the problem, purpose, and research questions
• Describe the sample including how it was derived and why it is appropriate to be used to
address the problem, purpose, and research questions
• Describe the sampling procedure involving how participants will be recruited
• Random and convenience sampling are the most common
Population and Sample
• The purpose of a smaller sample is to develop an inference/conclusion about the
larger population
• In qualitative research, the smaller sample must be representative or
characteristic of the larger population for accuracy in the transferability of the
sample results to the population; the sample size is based on the type of
qualitative design and when data saturation occurs
• In quantitative research, the smaller sample must be representative or
characteristic of the larger population for accuracy in the generalizability of the
sample results to the population
Population and Sample
• A sample size is based on a power analysis to determine the smallest sample size suitable
to detect an effect at the desired level of significance
• A power analysis yields statistical power, ensuring the probability of a statistical test
accurately rejects the null hypothesis
• The higher the statistical power, the lower the probability of making a Type II error (false
negative)
• A type I error occurs when the null hypothesis is rejected but it is actually true (false-
positive) …the intervention really didn’t work… but concluded it did…
• A type II error occurs when the null hypothesis is failed to be rejected but it is actually
false (false negative) …the intervention really did work…but concluded it did not…
• Null Hypothesis: non-significant outcome – failed to be rejected (never accepted) or
rejected
• Alternative Hypothesis: significant outcome – accepted
Materials and Instrumentation
• Describe existing materials and/or instruments used to collect data, including
evidence of reliability and validity
• Note evidence of permission to use existing materials and/or instruments
• Describe any needed field or pilot testing of materials and/or instruments
including evidence of reliability and validity
Operational Definition of Variables
• For the quantitative method only, describe each variable and how it was used in
the study (e.g., independent/dependent, predictor/outcome)
• Describe how each instrument was used to measure each variable
• Describe the level of measurement for each variable (e.g., nominal, ordinal,
interval, ratio) and potential scores for each variable
• Nominal – variables are named or labeled in no specific order, used for classification
with no mathematical value, often used in surveys (e.g., gender)
• Ordinal – variables are used to depict a specific order or ranking, used to determine
order/degree of satisfaction or agreement (e.g., strongly disagree to strongly agree)
• Interval – labels, orders/ranks, combined with an equal interval between each value
(e.g., temperature)
• Ratio – interval data with a natural zero (e.g., weight)
Study Procedures
• Provide a detailed description (recipe) of how the study was precisely conducted
• Describe the exact steps followed to collect data, addressing what data, how it
was collected, when it was collected, where it was collected, and from whom it
was collected within sufficient detail for the study to be replicated with as much
consistency as humanly possible
Data Collection and Procedures
• Describe the collected data followed by the strategies used to analyze the
collected data (e.g., coding, statistical analyses, software)
• For quantitative designs, describe the analysis used to test each hypothesis,
provide evidence the statistical test chosen was appropriate to assess the
hypotheses and the collected data met the assumptions of the statistical tests
(e.g., tests for normality)
• Parametric – collected data resembles a normal distribution (bell-shaped curve),
greater statistical power, more likely to reveal a significant effect when one truly
exists
• Non-Parametric – collected data do not rely on any distribution shape (distribution-
free)
• For qualitative designs, describe how the collected data were processed and
analyzed, including any triangulation efforts, and explain the role of the
researcher during data collection and analysis
Assumptions, Limitations, Delimitations
• Assumptions are beliefs about the study considered to be true but without supportive evidence
• For example: study participants answered all questions honestly without fear of repercussions or what
the researcher may be perceived as desirable
• Assumptions are beyond the researcher’s control
• Limitations are the inherent weaknesses/flaws within the given research design
• For example: insufficient sample size, study time constraints, limited access to data
• Limitations are beyond the researcher’s control
• Delimitations are boundaries established by the researcher to define and limit the scope of the
study, often to support the feasibility of conducting the study
• For example: utilizing students in grade 10 to evaluate a reading achievement improvement strategy
among high school at-risk students, rather than utilizing a sample of high school students in grades 9
though 12
• Delimitations are within the researcher’s control
• Assumptions, limitations, and delimitations can be threats to the accuracy or trustworthiness in
quantitative and qualitative research results
Poll: Assess Your Understanding
Which one of the following portrays the most accurate representation of an
assumption, limitation, and delimitation:
A. Data saturation was unable to be achieved due to the time constraints of the
student’s dissertation completion course timeline.
B. Second grade student participants responded accurately when asked about how
they learn best in school.
C. Participants were only recruited through the use of a Facebook request.
Poll: Assess Your Understanding
A. Data saturation was unable to be achieved due to the time constraints of the
student’s dissertation completion course timeline. Limitation
B. Second grade student participants responded accurately when asked about how
they learn best in school. Assumption
A. Participants were only recruited through the use of a Facebook request.
Delimitation
Poll: Assess Your Understanding
Which one of the following portrays the most accurate representation of an
assumption, limitation, and delimitation:
A. The sample located in one part of a region will be representative of the entire
population in this region.
B. Instrumentation involved only Likert scale responses.
C. Several participants withdrew prior to study completion.
Poll: Assess Your Understanding
A. The sample located in one part of a region will be representative of the entire
population in this region. Assumption
B. Instrumentation involved only Likert scale responses. Delimitation
C. Several participants withdrew prior to study completion. Limitation
Qualitative and Quantitative Trustworthiness
Criteria for Determining Quantitative
Trustworthiness in Research Results
• Internal Validity – Results accurately
represented what the study intended to
address
• External Validity – Results can be
generalized/transferred/applied from the
representative smaller sample to the
larger population
• Reliability – Results are consistently the
same/similar if the study was repeated
• Objectivity – Results were objectively
realized as much as humanly possible
Criteria for Determining Qualitative
Trustworthiness in Research Results
• Credibility – Results are
credible/believable from the perspective
of the participant
• Transferability – Results can be
generalized/transferred/applied to other
related contexts/settings
• Dependability – Results are dependable or
could be repeated
• Confirmability – Results can be
confirmed/corroborated by others
Ethical Assurances
• Confirm the study received approval from NCU’s IRB prior to data collection
• Describe how confidentiality/anonymity was enforced
• Identify how the collected data will be securely stored
• Present strategies used to prevent researcher biases and experiences from
influencing the collection and analysis of the data/findings
Summary
• Summarize major points without providing new information
• Logically lead into the next chapter
Study Feasibility
Is the study specialization related, is it doable, is it needed and will it
add to the research knowledge base?
STUDY FEASIBILITY –
CONSIDERATIONS
Assess whether your study CAN be conducted practicality
• Population
• Accessibility
• Time
• Factors for success
Obtainable, accessible, timely, actionable, reasonable, manageable
Determine objectively and rationally (you may be very passionate
about your overall topic – remember this is a learning process)
FEASIBILITY
Who? How long? What skills?
• Population Identification
• Vulnerable populations
• Population knowledge &
experience
• Access for recruitment
• Recruitment process
• Quantity of participants
• Personal timelines
• Scope & duration
• Scope creep
• Weekly commitment
• Constraining time
factors
• Research methods
• Research design
• Data analysis
• Library research
• Tutoring services
• Editing services
IRB Tip!
Reminder: Students cannot recruit people they already
have a relationship with either personal or professional.
VULNERABILITY
There are two important types of vulnerability:
• “Decisional impairment, whereby potential subjects lack the capacity to make autonomous
decisions in their own interest, perhaps as a result of undue influence/inducement
• Situational/positional vulnerability, whereby potential participants may be subjected to coercion”
[Adam Mrdjenovich, Ph.D, 2016]
IRB Tip!
If you are considering these populations, red lights should go
off and you should dig deeper and talk through the research
with IRB. It’s better to discuss early then go through many IRB
revisions.
VULNERABILITY
Vulnerable under federal regulations:
• Pregnant women, fetuses, and neonates
• Children
• Prisoners
Other vulnerable populations:
• Racial Minorities
• Institutionalized
• Physically Handicapped
Continued:
• Students
• Employees
• Patients
• Educationally/Economically Disadvantaged
• Impaired decision making (mentally ill/
dementia/traumatic brain injury)
• Illiterate or low fluency in language of study
IRB Tip!
If you are considering these populations, red lights should go
off and you should dig deeper and talk through the research
with IRB. It’s better to discuss early then go through many
IRB revisions.
Exploring the Relationship between the Knowledge Quality of an Organization’s Knowledge
Management System, knowledge worker productivity, and employee satisfaction
Dissertation Manuscript
Submitted to Northcentral University
School of Business
in Partial Fulfillment of the
Requirements for the Degree of
DOCTOR OF BUSINESS ADMINISTRATION
by
LAURALY DUBOIS
La Jolla California
June 2021
Approval Page
By
Approved by the Doctoral Committee:
Dissertation Chair: INSERT NAME Degree Held Date
Committee Member: INSERT NAME Degree Held Date
Committee Member: INSERT NAME Degree Held Date
10/04/2021 | 06:45:52 MSTPh.D.
Robert Davis
Leila Sopko
Ph.D., MBA 10/01/2021 | 06:01:14 MST
10/03/2021 | 08:46:21 MSTPh.D.
Garrett Smiley
LAURALY DUBOIS
Exploring the Relationship between the Knowledge Quality of an Organization’s Knowledge Management
System, knowledge worker productivity, and employee satisfaction
Abstract
The problem addressed by this study was that there is often great difficulty encountered in trying
to retrieve knowledge assets about events in the past required for strategic decision-making
without an effective, in-place Knowledge Management System (KMS) (Oladejo & Arinola,
2019). The purpose of this quantitative, correlational study was to explore the relationship
between the knowledge quality of an organization’s KMS, knowledge worker productivity, and
employee satisfaction for software industry organizations in California. The Jennex and Olfman,
Knowledge Management (KM) Success Model served as the basis of the framework resulting in
knowledge quality as the independent variable and knowledge worker productivity and employee
satisfaction as the dependent variables (Jennex & Olfman, 2006). Data collected from 154
participant surveys guided answers to the research questions. A Spearman correlation analysis
between knowledge quality and knowledge worker productivity was assessed for the first
research question. A significant positive correlation was observed (rs = 0.94, p < .001, 95% CI
[0.92, 0.96]). This correlation indicates that as knowledge quality increases, knowledge worker
productivity tends to increase. A Spearman correlation analysis between KMS knowledge quality
and employee satisfaction was assessed for the second research question. A significant positive
correlation was observed (rs = 0.93, p < .001, 95% CI [0.91, 0.95]). This correlation indicates
that as knowledge quality increases, employee satisfaction tends to increase. The most significant
implication from this study was the unexpected strength in the correlation coefficient for each
research question. This study contributed to the Knowledge Management research community
due to the failure of organizations to implement a successful KMS in the workplace. Further
research to include updated Knowledge Management performance indicators may be helpful to
organizations in several industries worldwide.
Acknowledgments
I would like to give thanks and praise to my Lord Jesus Christ for giving me the strength
to do all things! I cannot proclaim enough love and appreciation for my wonderful husband, Bob
as my motivator and cheerleader during this entire journey. I am thankful to my boys Erik, Brian,
and Roby for encouraging me during the rough times. I want to leave a legacy to my
grandchildren Lily, Noah, Elijah, Gideon, Gabriella, and Josiah that if Nana can do it, so can
you. Many famly members also supported me through the years and I love you all.
Hey Mom, I did it!
I would like to give a word of gratitude to my chair, Dr. Garrett Smiley for his guidance
and support that kept me going through the challenging moments. I appreciate very much Dr.
Robert Davis and Dr. Leila Sopko for serving as my Northcentral University dissertation
committee members and the feedback throughout this process.
Table of Contents
Chapter 1: Introduction ……………………………………………………………………………………………………. 1
Statement of the Problem ……………………………………………………………………………………………. 3
Purpose of the Study ………………………………………………………………………………………………….. 4
Theoretical Framework ………………………………………………………………………………………………. 5
Nature of the Study ……………………………………………………………………………………………………. 8
Research Questions ……………………………………………………………………………………………………. 9
Hypotheses ……………………………………………………………………………………………………………….. 9
Significance of the Study ……………………………………………………………………………………………. 9
Definitions of Key Terms …………………………………………………………………………………………. 10
Summary ………………………………………………………………………………………………………………… 12
Chapter 2: Literature Review ………………………………………………………………………………………….. 15
Theoretical Framework …………………………………………………………………………………………….. 20
Knowledge Worker ………………………………………………………………………………………………….. 28
Knowledge Management ………………………………………………………………………………………….. 32
Knowledge Management System ………………………………………………………………………………. 43
Knowledge Worker Productivity ……………………………………………………………………………….. 55
Employee Satisfaction ……………………………………………………………………………………………… 58
Summary ………………………………………………………………………………………………………………… 60
Chapter 3: Research Method …………………………………………………………………………………………… 63
Research Methodology and Design ……………………………………………………………………………. 65
Population and Sample …………………………………………………………………………………………….. 68
Instrumentation ……………………………………………………………………………………………………….. 69
Operational Definitions of Variables ………………………………………………………………………….. 70
Study Procedures …………………………………………………………………………………………………….. 74
Data Analysis ………………………………………………………………………………………………………….. 75
Assumptions ……………………………………………………………………………………………………………. 77
Limitations ……………………………………………………………………………………………………………… 78
Delimitations …………………………………………………………………………………………………………… 78
Ethical Assurances …………………………………………………………………………………………………… 79
Summary ………………………………………………………………………………………………………………… 80
Chapter 4: Findings ……………………………………………………………………………………………………….. 81
Validity and Reliability of the Data ……………………………………………………………………………. 83
Results ……………………………………………………………………………………………………………………. 87
Evaluation of the Findings ………………………………………………………………………………………… 91
Summary ………………………………………………………………………………………………………………… 93
Chapter 5: Implications, Recommendations, and Conclusions ……………………………………………. 95
Implications…………………………………………………………………………………………………………….. 96
Recommendations for Practice ………………………………………………………………………………… 103
Recommendations for Future Research …………………………………………………………………….. 104
Conclusions …………………………………………………………………………………………………………… 105
References ………………………………………………………………………………………………………………….. 107
Appendices …………………………………………………………………………………………………………………. 131
Appendix A ………………………………………………………………………………………………………………… 132
Appendix B ………………………………………………………………………………………………………………… 133
Appendix C ………………………………………………………………………………………………………………… 134
Appendix D ………………………………………………………………………………………………………………… 140
Appendix E ………………………………………………………………………………………………………………… 141
Appendix F…………………………………………………………………………………………………………………. 146
List of Tables
Table 1 Research Study Variables …………………………………………………………………………………. 140
Table 2 Shapiro-Wilk Test Results for all Study Variables Test for Normality ………………………. 87
Table 3 Summary of Descriptive Statistics ……………………………………………………………………….. 89
Table 4 KMS Success Survey Participants by Gender………………………………………………………. 141
Table 5 KMS Success Survey Participants by Age …………………………………………………………… 141
Table 6 KMS Success Survey Years Employed ………………………………………………………………… 142
Table 7 KMS Success Survey Years of KMS Usage ………………………………………………………….. 143
Table 8 KMS Success Survey Education Level ………………………………………………………………… 143
Table 9 KMS Success Survey Employment Position …………………………………………………………. 144
Table 10 KMS Success Survey Industry Employed …………………………………………………………… 145
Table 11 Spearman Correlation Result: KMS KQ and KWP ………………………………………………. 90
Table 12 Spearman Correlation Results: KMS Knowledge Quality and Employee Satisfaction . 91
List of Figures
Figure 1 Scatterplot of KMS KQ and KWP ………………………………………………………………………. 86
Figure 2 Scatterplot of KMS KQ and employee satisfaction ……………………………………………….. 86
Figure 3 G*Power Statistics Analysis…………………………………………………………………………….. 132
Figure 4 Halawi’s (2005) KMS survey permission request/approval ………………………………….. 133
Figure 5 Halawi KMS Survey Questions (2005) ………………………………………………………………. 134
Figure 6 IRB Approval Letter ……………………………………………………………………………………….. 146
1
Chapter 1: Introduction
Harnessing the power of organizational knowledge through Knowledge Management
(KM) activities complemented by an efficient Knowledge Management System (KMS) support
the utilization of knowledge assets to meet strategic objectives aimed to gain and maintain a
competitive advantage (Oladejo & Arinola, 2019). KM activities encompass the accumulation,
retrieval, distribution, storage, sharing, and application of learned knowledge (Al-Emran et al.,
2018; Shujahat et al., 2019). The internal and external learned knowledge leads to valuable
knowledge assets during the transformation of tacit information such as undocumented and
implicit knowledge into documented, explicit information for future consumption (Andrawina,
Soesanto, Pradana, & Ramadhan, 2018; Putra & Putro, 2017). Over twenty years ago,
Knowledge Management’s rapid growth facilitated the need to leverage these knowledge assets
within a KMS, acting as the mechanism to promote management capabilities for organizational
knowledge (Orenga-Roglá & Chalmeta, 2019). KMS appeared out of a specific information
technology system to support knowledge-centric practices to manage organizational learned
knowledge (Orenga-Roglá & Chalmeta, 2019; Wilson & Campbell, 2016).
Knowledge workers utilize an organization’s KMS to store and retrieve knowledge,
improve knowledge sharing, and access knowledge sources promoting Knowledge Management
capabilities (Levallet & Chan, 2018; Orenga-Roglá & Chalmeta, 2019; Surawski, 2019; Wang &
Yang, 2016; Xiaojun, 2017; Zhang & Venkatesh, 2017). Knowledge workers within an
organization represent employees assigned to a classified business position performing tasks
requiring a specific skill set to be productive when performing the assigned job role (Surawski,
2019). When knowledge workers take part in KM activities, these actions contribute to
knowledge assets within the KMS supporting future knowledge work (Shrafat, 2018). The
2
intended flow of knowledge from daily knowledge exchange events between knowledge
workers, the KMS, and organizational management lay the foundation for business leaders to
augment strategic decision-making (Alaarj et al., 2016; Buenechea-Elberdin et al., 2018). An
effective KMS to support KM activities is critical for capturing, retrieving, storing, sharing, and
applying organizational knowledge assets (Al-Emran et al., 2018; Shujahat et al., 2019). The
successful implementation of the organization’s KMS lays the framework for KM activities to
generate knowledge assets to foster future decision-making capabilities (Orenga-Roglá &
Chalmeta, 2019; Putra & Putro, 2017). De Freitas and Yáber (2018) describe three factors
required for the successful implementation of an organization’s KMS, including stakeholders,
technology, and organizational constructs. The need to measure the successful KM activities
within a KMS of an organization resulted in the arrival of the Jennex and Olfman KM Success
Model (Jennex, 2017; Jennex & Olfman, 2006; Karlinsky-Shichor & Zviran, 2016). In this study,
the implementation of the KMS as a tool to support KM activities spotlights the technical aspect
of the KMS from the vantage point of the knowledge worker’s use of the KMS.
The Jennex and Olfman KM Success Model named six performance indicators for
measuring the implementation of an organization’s KMS to support KM activities (Jennex, 2017;
Jennex & Olfman, 2006). Six high-level categories serving as performance indicators include
knowledge quality, system quality, service quality, intent to use/perceived benefit, use/user
employee satisfaction, and net system benefits (Jennex, 2017; Jennex & Olfman, 2006). The
implementation of the KMS affects the knowledge quality component determining the accuracy
and timeliness when knowledge workers retrieve the stored knowledge assets within the correct
context to perform job tasks (Wang & Yang, 2016). The ability to retrieve accurate, timely, and
contextual knowledge assets when knowledge workers query the KMS enables value-added
3
benefits supporting knowledge worker productivity (Kianto, Shujahat, Hussain, Nawaz, & Ali,
2019; Shujahat et al., 2019). The KMS knowledge quality affects knowledge workers’
productivity, enabling value-added activities, and increased business performance (Drucker,
1999; Iazzolino & Laise, 2018).
Scholars report business leaders fail to implement an effective KMS empowering KM
activity necessary to promote knowledge worker productivity (Jennex, 2017; Karlinsky-Shichor
& Zviran, 2016; Sutanto, Liu, Grigore, & Lemmik, 2018; Vanian, 2016; Xiaojun, 2017). The
failure to enable knowledge worker productivity during KM activities influences business
et al., 2019). The
relationship between the knowledge quality of an organization’s Knowledge Management
System, knowledge worker productivity, and employee satisfaction forms the basis of this study.
Statement of the Problem
The problem addressed by this study was that there is often great difficulty encountered
in trying to retrieve knowledge assets about events in the past required for strategic decision-
making without an effective, in-place Knowledge Management System (KMS) (Oladejo &
Arinola, 2019). Knowledge Management (KM) is challenging to implement and requires
exploration and improvement in its’ continued application and development (Putra & Putro,
2017). Additional difficulties associated with the lack of an effective KMS include knowledge
asset unavailability, improper knowledge asset documentation, excessive time consumption
associated with searching for knowledge assets, decision-making overhead, and duplication of
effort (Oladejo & Arinola, 2019). A substantial number of Knowledge Management System
(KMS) implementations have not achieved their intended outcomes, such as employee
performance and employee satisfaction (Zhang & Venkatesh, 2017).
4
Researchers continue to seek additional perspectives on factors preventing knowledge
workers from retrieving expected benefits from an organization’s KMS (Iazzolino & Laise, 2018;
Karlinsky-Shichor & Zviran, 2016; Shujahat et al., 2019; Zaim et al., 2019). This problem is
significant as knowledge systems have infiltrated every aspect of the business process requiring
an organization’s capability to implement and successfully use a KMS (Nusantara, Gayatri, &
Suhartana, 2018). According to Vanian (2016), the continued loss of millions of dollars flows
from businesses’ failure to implement an efficient KMS to support knowledge worker
productivity that requires further research. When organizations fail to implement a successful
KMS, KM strategies depending on the use of knowledge assets for knowledge worker
productivity and employee satisfaction also fail (De Freitas & Yáber, 2018; Demirsoy &
Petersen, 2018; Putra & Putro, 2017; Xiaojun, 2017).
Purpose of the Study
The purpose of this quantitative, correlational study was to explore the relationship
between the knowledge quality of an organization’s KMS, the knowledge worker productivity,
and employee satisfaction for software industry organizations in California. This study is
relevant and contributes to the Knowledge Management research community as millions of
dollars in losses from unsuccessful KMS implementations fail to satisfy expected benefits in
knowledge assets to support business performance (Fakhrulnizam et al., 2018; Levallet & Chan,
2018; Nusantara et al., 2018; Vanian, 2016). Multiple challenges remain toward achieving KM
capabilities and the successful implementation of an organization’s KMS to benefit the use of
knowledge assets for knowledge worker productivity and employee satisfaction (De Freitas &
Yáber, 2018; Demirsoy & Petersen, 2018; Putra & Putro, 2017; Xiaojun, 2017).
5
The researcher conducted this study with an online survey as the research instrument and
gathered data from knowledge workers employed in software industry firms in California. The
independent variable, KMS knowledge quality construct, contains dimensions of the KM
strategy/process, richness, and linkages originating from the Jennex and Olfman KM Success
Model, providing the framework in the theoretical context of performance indicators (Jennex,
2017; Jennex & Olfman, 2006). Knowledge worker productivity and employee satisfaction
within the context of KMS usage represent the dependent variables (Jennex, 2017; Jennex &
Olfman, 2006). Halawi granted permission in writing to extract KMS survey questions to
operationalize the variables within the online survey using a 7-point Likert scale (Halawi, 2005).
An encrypted Microsoft Excel program served as the tool for storing and analyzing the survey
data using IBM SPSS Statistics version 26. G*Power 3.1.9.4 version software produced the
output for a priori power analysis (medium effect size = .0625, error = .05, power = .95,
predictors = 1) resulting in 153 as a required sample size in participants displayed in Appendix A
Figure 3.
Theoretical Framework
Initially, the design of only one information system designated to support management
processes and decision-making considered a reasonable cost for the organization (Carlson, 1969;
Ermine, 2005). At this time, information systems theory (IST) offered connections between
computational logic and the technology used to process data for supplying information known
only as the information system (IS) (Lerner, 2004). The rapid progression of emerging
technologies shifted the business processes needs spawning the separation of information
systems based on the purpose of the system, including Management Information Systems (MIS),
Decision Support Systems (DSS), and Expert Systems (ES) (Devece Carañana et al., 2016;
6
Medakovic & Maric, 2018; Mentzas, 1994). MIS supplied management with the capability to
analyze the business information for the organization related to technology management and the
management of technology use (Devece Carañana et al., 2016). DSS diverged from the primary
information system as a mechanism to supply graphical or logical data analysis for semi-
structured business problems in support of strategic decision-making and support (Medakovic &
Maric, 2018; Mentzas, 1994). ES enabled the gathering and organizing of organizational learned
knowledge toward specific technology applications for all management levels (Medakovic &
Maric, 2018; Mentzas, 1994). The split of an all-encompassing information system into distinct
organizational support systems set up the framework for systems used worldwide.
Answering the call to the evolution of innovative information systems, the DeLone and
McLean Information System (IS) Success Model supplied organizations the context to measure
the performance indicators of their various information systems (DeLone & McLean, 1992;
DeLone & McLean, 2003; DeLone & McLean, 2004). This model provided the approach in
measuring dimensions of information quality, system quality, service quality, system use and
usage intentions, user employee satisfaction, and net system benefits (Liu, Olfman, & Ryan,
2005; Zuama, Hudin, Puspitasari, Hermaliani, & Riana, 2017). The emergence of the KMS
became popular due to the infusion of knowledge-centric practices to manage knowledge assets
giving birth to the Knowledge Management System (Alavi & Leidner, 2001; Wu & Wang, 2006;
Zhang & Venkatesh, 2017). The need to measure Knowledge Management’s success resulted in
the introduction of the Jennex and Olfman KM Success Model to find performance indicators
while using the organization’s Knowledge Management Systems (Jennex, 2017; Jennex &
Olfman, 2006). The transformation of the DeLone and McLean Information System (IS)
Success Model into the Jennex and Olfman KM Success Model brought the Knowledge
7
Management System constructs within an organization’s information system for insertion of
the Knowledge Management processes.
The KM Success Model maintained the six similar categories as the DeLone and McLean
IS Success Model transforming only the measurement components as needed to accommodate
the specific measurement needs of the KMS (DeLone & McLean, 1992; DeLone & McLean,
2003; DeLone & McLean, 2004; Jennex, 2017; Jennex & Olfman, 2006). The knowledge quality
dimension within an organization’s KMS described in the KM Success Model guided the basis of
the theoretical framework in this study (Jennex, 2017; Jennex & Olfman, 2006). The dimensions
of KMS knowledge quality as an independent variable operationalize into three components
defined as KM strategy/process, richness, and linkages as measurements of success within the
KMS (Jennex, 2017; Jennex & Olfman, 2006; Liu et al., 2008). Numerous researchers have
studied how the implementation and maintenance of an organization’s KMS determine the
knowledge workers’ ability to retrieve accurate and timely organizational stored knowledge
(Andrawina et al., 2018; De Freitas & Yáber, 2018; Ferolito, 2015; Xiaojun, 2017; Zhang &
Venkatesh, 2017). The role of the knowledge worker and the outcome of knowledge worker
productivity and employee satisfaction undoubtedly continue to evolve in reaction to future KMS
features and capabilities to address KMS knowledge quality challenges in the workplace
(Fakhrulnizam et al., 2018; Jabar & Alnatsha, 2014). As businesses seek to increase knowledge
worker productivity, this demand for the successful KMS implementation deems an improved
usage of an organization’s KMS (Levallet & Chan, 2018). Therefore, examining the relationship
between the knowledge quality of an organization’s KMS, knowledge worker productivity, and
employee satisfaction assists researchers and business leaders in identifying potential barriers in
the implementation strategies of the organization’s KMS.
8
Nature of the Study
This study is a quantitative, correlational study to explore the relationship between the
knowledge quality of an organization’s KMS, knowledge worker productivity, and employee
satisfaction within the software industry in California. The quantitative research method is
appropriate and applied in this study to explore the relationship between the independent and
dependent variables based on reliable data collection methods and instruments for interpreting
the data analysis to present unbiased results (Hancock et al., 2010). The correlational research
design in this study statistically determined the relationship between the designated study
variables with online survey data (Hancock et al., 2010). The quantitative, correlational study
supported the study’s problem statement, purpose, and research questions as reflected in the
operationalized variables and statistical tests based on the relationship between the variables
(Field, 2013).
Probability sampling to collect data from a random sample of employees with the desired
characteristics evaluated the potential relationship between the variables (O’Dwyer & Bernauer,
2013). The target sample size included at least 153 qualified knowledge worker participants. The
online survey questions were available on the Qualtrics web platform, presenting a 7-point Likert
scale for each question grounded on Halawi’s KMS Success survey (Halawi, 2005). The survey
questions supplied the basis of measurement in the relationship between the designated study
variables after analyzing the collected data from knowledge workers in their natural environment
(O’Dwyer & Bernauer, 2013). IBM SPSS and Microsoft Excel tools analyzed the collected data
with statistical tests to determine if the rejection of the null hypothesis was necessary (Field,
2013).
9
Research Questions
The list of research questions applicable in this survey research method supports the
quantitative method. The research questions support the goal of this study to examine the
relationship between the knowledge quality of an organization’s Knowledge Management
System, knowledge worker productivity, and employee satisfaction. These research questions
form the basis for the research method and design, reflecting the statement of the problem and
purpose of the study. Each research question corresponds with the hypothesis statements.
RQ1. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and knowledge worker productivity?
RQ2. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and employee satisfaction?
Hypotheses
H10. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and knowledge worker productivity.
H1a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and knowledge worker productivity.
H20. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and employee satisfaction.
H2a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and employee satisfaction.
Significance of the Study
The continued failure to manage knowledge assets costs businesses millions of dollars in
10
(IDC) identify the various attempts to harness the knowledge assets by implementing KMS
online systems that have not provided the desired productivity result (Ferolito, 2015; Vanian,
2016). A global attempt to address the lack of standards for implementing KMS resulted in
creating ISO 30401:2018 to support Knowledge Management standards within organizations
(“ISO 30401:2018,” 2018). Researchers continue to seek additional perspectives to identify other
contingency factors preventing knowledge workers from retrieving expected benefits from an
organization’s KMS (Iazzolino & Laise, 2018; Karlinsky-Shichor & Zviran, 2016; Shujahat et
al., 2019; Zaim et al., 2019). This problem is significant as knowledge systems have infiltrated
every aspect of the business process, necessitating the implementation and successful usage of a
KMS (Nusantara et al., 2018). According to Vanian (2016), the continued loss of millions of
dollars from the failure of businesses to implement an efficient KMS to support knowledge
worker productivity requires further research.
Definitions of Key Terms
Data
Data is a fact collected or communicated without a specific meaning until analyzed and
transitioned into information (Becerra-Fernandez et al., 2008).
Employee Satisfaction
Employee satisfaction is one of the components of the KMS knowledge quality
independent variable in showing a successful experience based on the actual use of the KMS
from each use.
Explicit Knowledge
Explicit knowledge is represented in a codified such as words or numbers and easily
shared in any format (Becerra-Fernandez et al., 2008).
11
Information
Information is the transformation of data representing a specific set of values (Becerra-
Fernandez et al., 2008).
KM Strategy/Process
KM Strategy/Process is one of the three components of the knowledge quality
performance indicator is based on the specific actions of the knowledge users to locate the
knowledge asset within the KMS and the process for the knowledge strategy when using the
system (Jennex, 2017; Jennex & Olfman, 2006).
Knowledge
Knowledge is the transformation of information into facts capable of making decisions
and enabling responses (Becerra-Fernandez et al., 2008).
Knowledge Management
KM is the management of knowledge collected within the organization within an
organization for strategic decision-making (Becerra-Fernandez et al., 2008).
Knowledge Work
Knowledge work is the action of creating and using knowledge to perform tasks required
to generate output required for an organization’s products and services (Shujahat et al., 2019).
Knowledge Worker
A knowledge worker is an employee within an organization assigned to a classified
business position performing tasks requiring a specific skill set to perform the job role
(Surawski, 2019).
12
Knowledge Worker Productivity
The productivity of knowledge workers demands the timely completion of the intellectual
task delivering a quality service or product in an efficient manner while exhibiting innovative
methods (Shujahat et al., 2019).
Linkage
Linkage is one of the components of the KMS knowledge quality independent variable
describing the internal mappings of code to provide the results from the search query entered by
the knowledge worker (Jennex, 2017; Jennex & Olfman, 2006; Levallet & Chan, 2018).
Richness
Richness is one of the components of the KMS knowledge quality independent variable
indicating the accuracy and timeliness of the knowledge retrieved from the KMS, and the
applicable context expected by the user of the KMS (Jennex, 2017; Jennex & Olfman, 2006).
Tacit Knowledge
Tacit knowledge of an intangible nature requiring interpretation for contextual
understanding (Becerra-Fernandez et al., 2008).
Summary
The failure of businesses to implement a successful KMS causes them to lose millions of
dollars annually from reduced knowledge worker productivity (Ferolito, 2015; “ISO
30401:2018,” 2018 et al., 2019). International organizations and academic institutions
call for further research to identify factors contributing to the lack of KMS success (Iazzolino &
Laise, 2018; Karlinsky-Shichor & Zviran, 2016; Shujahat et al., 2019; Vanian, 2016; Zaim et al.,
2019). The researcher used the quantitative, correlational research method and design to explore
the relationship between the knowledge quality of an organization’s Knowledge Management
13
System, knowledge worker productivity, and employee satisfaction. The Jennex and Olfman KM
Success Model support the theoretical framework representing the KMS containing knowledge-
centric practices to provide knowledge assets utilized to accomplish an organizational business
purpose (Alavi & Leidner, 2001; Ermine, 2005; Jennex, 2017; Jennex & Olfman, 2006; Wu &
Wang, 2006).
The list of research questions applicable in this correlational design supports the
quantitative method exploring if a relationship exists between the knowledge quality dimension
within the KMS, knowledge worker productivity, and employee satisfaction. This problem is
significant as knowledge systems have infiltrated every aspect of the business process requiring
an organization’s capability to implement and successfully use a KMS (Nusantara et al., 2018).
The continued loss of millions of dollars from the failure of businesses to implement an efficient
KMS to support knowledge worker productivity requires further research (Iazzolino & Laise,
2018; Karlinsky-Shichor & Zviran, 2016; Shujahat et al., 2019; Zaim et al., 2019).
In Chapter 2, a synthesized review studied the relationship between the quality of a
KMS, knowledge worker productivity, and employee satisfaction and examined the historical
and current research for each major theme. The domains contributing to the knowledge of this
topic included knowledge worker (KW), Knowledge Management (KM), Knowledge
Management System (KMS), knowledge worker productivity (KWP), and employee satisfaction.
In chapter 3, descriptions of the research design and method supported the identified population
and sample participant selection. The planned instrumentation for preparing the data collection
and analysis of variables led to the assumptions, limitations, delimitations, and ethical assurances
applicable in this study. In chapter 4, the findings and evaluation from data analysis allowed the
researcher’s presentation summary of the research questions and hypothesis results. In chapter 5,
14
the final implications, recommendations, and conclusions will serve as the basis for this
researcher to present recommendations for future researchers in this domain. The researcher will
present this study to contribute to the body of knowledge contributing to the failure of
organizations to implement a successful KMS to support knowledge worker productivity and
employee satisfaction in the workplace.
15
Chapter 2: Literature Review
Business managers continue to fail in the successful implementation of the organization’s
Knowledge Management System (KMS), causing millions of dollars in annual losses from lack
of knowledge worker productivity (Ferolito, 2015; Levallet & Chan, 2018; Vla
This correlational study examines whether a relationship exists between knowledge worker
productivity and employee satisfaction with the knowledge quality of the organization’s KMS
(Jennex, 2017; Jennex & Olfman, 2006; Liu et al., 2008). The research questions align with the
problem and purpose statements in this study. The researcher used the research questions as a
guide to support the problem statement and purpose statement. The researcher used the first
research question to guide the data collection and analysis and evaluated if a relationship existed
between the knowledge quality of an organization’s KMS and knowledge worker productivity.
Next, the evaluation of employee satisfaction during the usage of the organization’s KMS
supported the second research question.
Organizations implement a KMS expecting a return on investment through improved
performance, quality, and productivity (Fakhrulnizam et al., 2018; Gunadham &
Thammakoranonta, 2019; Jahmani, Fadiya, Abubakar, & Elrehail, 2018). Yet, businesses
continue to report a loss in worker productivity despite efforts in using the KMS to manage
knowledge assets ISO 30401
offered standards and guidance in an attempt to assist organizations across the globe to
implement a successful KMS (Byrne, 2019; Corney, 2018; “ISO 30401:2018,” 2018). Scholars
are asking for continued research to gain additional insight into unknown factors related to
knowledge worker productivity while using the organization’s KMS (Iazzolino & Laise, 2018;
Karlinsky-Shichor & Zviran, 2016; Shujahat et al., 2019; Zaim et al., 2019).
16
Knowledge worker productivity begins by harnessing the power of knowledge assets
within the KMS to retrieve explicit knowledge (Ali et al., 2016; Wilson & Campbell, 2016;
Yuqing Yan & Zhang, 2019). The knowledge worker must have tacit knowledge of the task
subject allowing the worker to seek unknown knowledge assets within the KMS. The knowledge
worker interacts with the KMS applying tacit knowledge to begin searching for the stored,
explicit knowledge within the KMS. Due to the knowledge worker’s tacit knowledge of the
subject, the knowledge worker understands if the retrieved results from the KMS displaying the
explicit knowledge offers the knowledge assets expected. When the KMS search results do not
return the expected explicit knowledge assets, the knowledge worker loses productivity resulting
in financial losses for the organization over the long
Researchers have found that knowledge worker productivity while using the KMS is impacted
by the ability to retrieve knowledge and locate explicit knowledge assets as intended (Andrawina
et al., 2018; Zaim & Tarim, 2019).
There is a lack of research studies investigating knowledge worker productivity with the
specific knowledge quality of the KMS. Researchers with similar studies exploring connections
between the components of the KMS and knowledge worker productivity give attention to the
social and cultural relationships and not the KMS itself (Kianto et al., 2019; Iazzolino & Laise,
2018; Shujahat et al., 2019). Overarching research in the literature reveals there are many
knowledge sharing barriers in the workplace while using the KMS from a social perspective that
produces a hindrance to knowledge worker performance (Alattas & Kang, 2016; AlShamsi, &
Ajmal, 2018; Caruso, 2017; Eltayeb & Kadoda, 2017; Ghodsian, Khanifar, Yazdani, & Dorrani,
2017; Muqadas, Rehman, Aslam, & Ur-Rahman, 2017). Knowledge sharing as a construct does
not apply to this research study due to the social nature connection to knowledge worker
17
productivity. This researcher seeks to generate theoretical constructs toward examining potential
relationships between the dimensions of knowledge quality and employee satisfaction within the
KMS and not from a social aspect.
Knowledge quality as a component of the Jennex and Olfman KM Success Model is
relevant to the success of the knowledge worker’s productivity based on the context of the
explicit knowledge provided by the KMS (Jennex, 2017). The knowledge quality component as
one of six performance indicators of the KMS is operationalized into knowledge quality
constructs from the Jennex and Olfman KM Success Model (2017) to identify potential
relationships between knowledge worker productivity and employee satisfaction in this study.
When knowledge worker productivity becomes linked to financial outcomes, the timeliness of
the results returned by the KMS search query provides a measured value-added based on time
wasted or gained by the knowledge worker to perform their job tasks from the results (Iazzolino
& Laise, 2018). When the search query provides no results or results without the correct context,
the knowledge worker must perform another search query or search for the knowledge assets
using another tool or method (Jennex, 2017; Karlinsky-Shichor & Zviran, 2016; Sutanto et al.,
2018; Zhang, 2017).
Organizations’ consideration of time spent without results could equate to a loss in
potential earned revenue (Levallet & Chan, 2018). The problem faced by organizations using a
KMS realizing financial losses due to knowledge worker productivity presents a problem to the
a review of the literature to examine the relationship between KMS knowledge quality,
knowledge worker productivity, and employee satisfaction. The documentation and search
18
strategy used to accumulate scholarly and peer-review literature relevant to this study completes
the introduction.
A review of the literature included scholarly books, scholarly and peer-reviewed articles
in journals, empirical research, dissertations, and industry-focused Internet publications forming
the foundation of this study. A review in the origins of information systems later split into
various functions such as the KMS to harness knowledge assets and learning to form the
foundation for one dimension of the system. Further review to show the constructs of knowledge
worker productivity connections to KMS yielded the framework to investigate the relationship
between the knowledge quality of an organization’s KMS, knowledge worker productivity, and
employee satisfaction outcomes. The components of KMS knowledge quality as a performance
indicator incorporate KM strategy/process, richness, and linkages within the KMS as facets of
knowledge quality framed the search criteria for this study. Multiple databases accessed through
Northcentral University’s online library, including ProQuest, Sage, EBSCO, and Gale articles
enabled the literature basis for this study. Various searches from scholarly, primary resources
over the past four years using a combination of keywords included Information System Theory,
KMS, Knowledge Management System, information system, DeLone and McLean IS Success
Model, Jennex and Olfman KM Success Model, KM process, KM strategy, Knowledge
Management, KM model, knowledge worker, knowledge worker productivity, knowledge
sharing, information system theory, employee satisfaction, job satisfaction, knowledge theory,
organizational theory, and system quality.
In the next section, a review of the theories for the theoretical frameworks of this study
formulated the applicable knowledge themes based on the research. A brief review of multiple
seminal foundational theories evolving into the current model supported the basis of this study
19
beginning with Information Systems Theory (IST) (Langefors, 1977; Lerner, 2004). IST
supported the infancy of information systems when differing definitions between data and
information caused controversy among scholars and business leaders. The birth of separate
information systems to address separate business needs entreated performance indicators of
success resulting in the DeLone and McLean Information Systems (IS) Success Model (DeLone
& McLean, 1992; DeLone & McLean, 2003; DeLone & McLean, 2004; Liu et al., 2005; Zuama
et al., 2017). The rise in the digital management of knowledge assets resulted in Knowledge
Management Systems disrupting the information system arena resulting in the creation of the
Jennex and Olfman KM Success Model (Jennex, 2017; Jennex & Olfman, 2006). This
progression in specific technology systems to address a specific business need to be functioned
as a segway for each model to supply performance indicators of success for each system. The
need to finish standards and governance of Knowledge Management Systems has not progressed
since the offering of the Jennex and Olfman KM Success Model. Therefore, the context of
knowledge quality as a component of the KMS originates from the Jennex and Olfman KM
Success Model’s definition of knowledge quality, including the constructs. A review of these
models gives the content of the theoretical framework section to support the remaining theme
domains.
The review of each subcategory within each theme domain reveals a historical
perspective of past applications relevant to this research study. Next, current implications
applicable to the study topic became known based on existing research. Research findings on
each domain, including opposing views in the literature, allow a multi-faceted view of each
theme. Evidence of research in each theme forms the basis of this chapter in exploring if a
relationship exists between the knowledge quality of an organization’s KMS, knowledge worker
20
productivity, and employee satisfaction while using the KMS. The relevant knowledge themes
within this study form the major sections, including knowledge workers, Knowledge
Management, Knowledge Management Systems, knowledge worker productivity, and employee
satisfaction. Finally, the summary section of this chapter reiterates key concepts, reviews gaps in
the literature, and establishes the research and design methodology as a segway to chapter 3.
Theoretical Framework
The brief overview of seminal theories supported the selected theoretical framework as
the foundation aligning the purpose of this study, the problem statement, research questions,
and hypothesis. Next, an in-depth description of each framework applicable to this study
examined significant components. The next section describes theories within the management
of engineering and technology discipline and theories applicable to the study topic. Finally, an
introduction to the themes supporting the purpose of this study was included as a prelude to
the remaining Literature Review section and closed with a review of chapter two in the
summary section.
The historical evolution of the selected theoretical framework portrayed the natural
progression within the technology industry concerning the systematic management of
knowledge within an organization. Initially, one information system could support all facets
of the business needs due to the limited processing capabilities (Medakovic & Maric, 2018).
The grandfather of this framework developed by Borje Langefors originated from the
disagreement in definition and purpose between data and information within technological
systems progressed into Information Systems Theory (IST) (Langefors, 1977; Lerner, 2004).
Multiple information systems sprang quickly to life fostering the need for a framework
measuring information system performance met by the DeLone and McLean IS Success
21
Model (DeLone & McLean, 1992; DeLone & McLean, 2003; DeLone & McLean, 2004; Liu
et al., 2005; Zuama et al., 2017). Innovative technology later manifested the need to clarify
the definition, purpose, and value between information and knowledge within the business
units. The Jennex and Olfman KM Success Model repurposed the DeLone and McLean IS
Success Model performance indicators to address the flood of knowledge becoming readily
available throughout the organization derived from new innovative technology (Jennex, 2017;
Jennex & Olfman, 2006). The Jennex and Olfman KM Success Model support the purpose of
this study aligning the specific system component of knowledge quality within an
organization’s KMS to determine if a relationship exists based on the measurement of the
system component to the outcome of knowledge worker productivity and employee
satisfaction.
Information Systems Theory (IST)
The seminal foundational framework of the study originates from the information
systems theory (IST), historically addressing the underlying computational logic and the
technology used to process data for providing information known only as of the information
systems (Langefors, 1977; Lerner, 2004). Langefors (1977) developed the Information Systems
Theory to address the lack of theoretical framework distinguishing information as a separate
construct from data. During this era, the terms data and information had become synonymous
leading Langefors (1977) to develop the Information systems theory to identify the specific
output of information through multiple, distinct technology systems. Volkova and Chernyi
(2018) describe applications to Information Systems Theory within current systems to magnify
theoretical implications in an efficient information flow throughout the workplace, creating a
new cultural existence (Volkova & Chernyi, 2018). The emergence of the Management
22
Information Systems (MIS), Decision Support Systems (DSS), and Expert Systems (ES) now
served distinct functional purposes within the organization (Devece Carañana et al., 2016;
Medakovic & Maric, 2018; Mentzas, 1994). A standard method to measure the performance
indicators of these various information systems did not exist until DeLone and McLean (2006)
surveyed the literature to identify six main components.
DeLone and McLean IS Success Model
As these innovative technology systems gained popularity within the business arena, the
DeLone and McLean IS Success Model provided a framework for measuring individual
information systems success (DeLone & McLean, 1992; DeLone & McLean, 2003; DeLone &
McLean, 2004). Regardless of the purpose of the organization’s information system, the high-
level categories to measure performance indicators included information quality, system quality,
service quality, system use and usage intentions, user employee satisfaction, and net system
benefits (DeLone & McLean, 1992; DeLone & McLean, 2003; DeLone & McLean, 2004; Liu et
al., 2005; Zuama et al., 2017). The first component of the DeLone and McLean IS Success
Model offered information quality as a performance indicator serving as the foundation of the
system’s capabilities such as the storage of information and capability to deliver the stored
information (DeLone & McLean, 1992; DeLone & McLean, 2003; DeLone & McLean, 2004).
DeLone and McLean describe system quality as the second component acting as an indirect
capability of the system based on the benefits during usage of the system (DeLone & McLean,
2004). The third component, service quality, represents the user of the system’s initial intent to
use the system and monitor user employee satisfaction (2004). Next, DeLone and McLean
(2004) outline the system use/usage intentions as the fourth component are dependent on the
previous experience from using the same system and user allowing indication of future intent to
23
use the system based on the previous quality of results received from the system. DeLone and
McLean (2004) present user employee satisfaction as the fifth component focusing on the result
of the user’s experience upon completion of using the system. The final component of the
DeLone and McLean IS Success Model (2004) called net system benefits offers a combined
overall performance indicator of the information system based on the perceived value as a direct
result of the previous components’ performance indicator outcomes. Upon the evolution of
leveraging information into knowledge, quality as a performance indicator would necessitate a
performance indicator for the quality of knowledge addressed within in the offering of the
Jennex and Olfman KM Success Model (Jennex & Olfman, 2006).
Jennex and Olfman KM Success Model
Upon the birth of the KMS as an individual system encapsulating knowledge assets, the
Jennex and Olfman KM Success Model transformed the DeLone and McLean IS Success Model
(2004) to address the additional knowledge component of the organization’s Knowledge
Management System (Jennex, 2017; Jennex & Olfman, 2006). The six high-level performance
indicator categories within the Jennex and Olfman KM Success Model remained similar to the
DeLone and McLean IS Success Model (2004) except for replacing information quality with
knowledge quality specific to the KMS (Jennex, 2017; Jennex & Olfman, 2006). However,
Jennex and Olfman (2006) determined the underlying components of each performance indicator
category in the KM Success Model specifically support the needs of the KMS. The six high-level
categories comprising knowledge-specific performance indicators include knowledge quality,
system quality, service quality, intent to use/perceived benefit, use/user employee satisfaction,
and net system benefits (Jennex, 2017; Jennex & Olfman, 2006).
24
Knowledge quality as the first component of the Jennex and Olfman KM Success Model
transforms the DeLone and McLean IS Success Model’s first component of information quality
based on the differentiation of the knowledge system needs (Jennex, 2017; Jennex & Olfman,
2006). Jennex and Olfman (2006) incorporated subcategories within the knowledge quality
component containing three performance indicators: knowledge strategy/process, richness, and
linkages. KM strategy/process as a component of the knowledge quality performance indicator
focuses on the user’s specific actions and the process for the knowledge strategy when using the
system, according to Jennex and Olfman (2006). Richness, as the next performance indicator
within knowledge quality and one of the KMS knowledge quality components of this study,
indicates the accuracy and timeliness of the knowledge retrieved from the KMS, as well as the
applicable context expected by the user of the KMS (Jennex, 2017; Jennex & Olfman, 2006).
The third indicator of knowledge quality offered by Jennex and Olfman (2006) is the linkage
supplying the internal mappings of code to provide the results from the search query entered by
the user (Levallet & Chan, 2018).
The second component of the model includes system quality ascribing three performance
indicators as technological resources, the form of KMS, and levels of KMS tying performance
indicators to the organization’s specific KMS technology frameworks (Jennex, 2017; Jennex &
Olfman, 2006). Next, service quality as the third component describes management support, user
KM service quality, and information system KM service quality as indicators of performance
from the organization’s management and governance perspective (Jennex, 2017; Jennex &
Olfman, 2006). System use/usage intentions represent the fourth component in the Jennex and
Olfman KM Success Model (2006). These intentions become dependent on the previous
experience using the same system and user, allowing indication of future intent to use the system
25
based on the previous quality of results received from the system (2006). Similar to the DeLone
and McLean IS Success Model, Jennex and Olfman (2006) describe use/user employee
satisfaction as the fifth component of a performance indicator referencing a successful
experience based on the actual use of the KMS and employee satisfaction from each use. The
final component of the Jennex and Olfman KM Success Model (2006), similar to the DeLone
and McLean IS Success Model (2004), is called net system benefits as an indicator of the KMS
based on perceptions of value.
Frameworks out of Scope
A review of the literature found information-based theories out of scope, including the
Technology Acceptance Model (TAM) and Task Technology Fit Theory (TFF). The Technology
Acceptance Model (TAM) focuses on the user perspective from a social facet during interaction
with the technology system and not the system component (Nugroho & Hanifah, 2018). The
Task-Technology Fit (TTF) theory incorporates system components within the theoretical
constructs yet bases the outcome measurement on the relationship from the social perspective
(Wipawayangkool & Teng, 2016). These two frameworks do not align with the purpose of this
study based on the emphasis from the user perspective and not from the knowledge quality
component of the system. Organizational theories in the cited research denote the framework
evident in the collective behaviors, attitudes, and norms (Hamdoun et al., 2018; Mousavizadeh et
al., 2015; Nuñez et al., 2016; Ping-Ju Wu et al., 2015). Dynamic capabilities theory incorporates
the actions an organization must take to integrate competencies within business practices to
ensure competencies within the market, including knowledge-sharing processes (Meng et al.,
2014). Resource-based view within the literature further proposes an approach in supporting
business performance when knowledge sharing behaviors align with business processes (Meng et
26
al., 2014; Oyemomi, Liu, Neaga, Chen, & Nakpodia, 2018). The resource-based view provides
the framework of an organization’s capability to strategically manage the resources on an implicit
and explicit level to achieve a competitive advantage and often correlate with the organizational
culture comprised of the behaviors, and attitudes of the collective group within the organization
(Mousavizadeh et al., 2015; Nuñez Ramírez et al., 2016; Oyemomi et al., 2018; Ping-Ju Wu et
al., 2015). These organizational theories lean toward the social-cultural constructs which do not
align with the purpose of this study.
Relevant Knowledge Domains
Knowledge workers, Knowledge Management, Knowledge Management Systems,
knowledge worker productivity, and employee satisfaction comprise the five major themes
encircling subdomains forming the context of this research. A review of the literature provides
the basis for the theoretical framework included in each subdomain. The introduction of a
knowledge worker as a significant theme throughout the literature review introduces the
construct of knowledge work, knowledge workers in the technology industries, and the 21st-
century role of knowledge workers (Drucker, 1999; Iazzolino & Laise, 2018; Karlinsky-Shichor
& Zviran, 2016; Moussa et al., 2017; Shrafat, 2018; Shujahat et al., 2019; Surawski, 2019;
Turriago-Hoyos et al., 2016; Zhang, 2017; Zaim et al., 2019). The topic of Knowledge
Management within the literature includes the role of KM in an information technology industry,
the business leader’s use of KM, and KM utilization within the KMS (Banerjee et al., 2017;
Iazzolino & Laise, 2018; Karlinsky-Shichor & Zviran, 2016; Martinez-Conesa et al., 2017;
Shrafat, 2018; Shujahat et al., 2019; Zaim et al., 2019). KMS as the third major theme includes
the digital management of knowledge assets, implementation strategies of the KMS, and the
components of the KMS and the measurement of the components (Karlinsky-Shichor & Zviran,
27
2016; Nusantara et al., 2018; Shrafat, 2018; Shujahat et al., 2019; Surawski, 2019; Zhang, 2017;
Zaim et al., 2019). Knowledge worker productivity is the fourth theme in this study incorporates
research exploring the financial costs related to knowledge worker productivity using the KMS
and the promotion and enablement of knowledge worker productivity using the KMS (Drucker,
1999; Karlinsky-Shichor & Zviran, 2016; Iazzolino & Laise, 2018; Shrafat, 2018; Shujahat et al.,
2019; Zhang, 2017; Zaim et al., 2019). A review of the literature supports employee satisfaction
as a final theme in this study identifying user satisfaction during KMS use, and KMS knowledge
quality constructs including KM process/strategy, richness, and linkage to indicate performance
success of KM activities (Jennex, 2017; Jennex & Olfman, 2006; Zamir, 2019; Zhang &
Venkatesh, 2017).
The historical evolution in the separation of data, information, and knowledge into a
unique asset within organizations led to the natural progression of framework models. The
Information System Theory (Langefors, 1977), DeLone and McLean IS Success Model
(DeLone & McLean, 1992; DeLone & McLean, 2003; DeLone & McLean, 2004), and the
Jennex and Olfman KM Success Model (Jennex & Olfman, 2006) arose from the need to offer
business performance indicators to assess the organization’s successful utilization of these
assets from an information system perspective. The theoretical framework supports the five
major knowledge domains as subtopics: knowledge workers, Knowledge Management,
Knowledge Kanagement Systems, knowledge worker productivity, and employee satisfaction.
Each major theme incorporates subdomains supported by literature throughout the literature
review’s remaining body through the lens of the Jennex and Olfman KM Success Model
(Jennex, 2017; Jennex & Olfman, 2006).
28
Knowledge Worker
Researchers point to Peter Drucker as the creator of the term knowledge worker in
response to the innovation of technology and changes in workforce needs (Archibald et al., 2018;
Banerjee et al., 2017; Ebert & Freibichler, 2017; Surawski, 2019; Turriago-Hoyos et al., 2016).
Drucker (1999) predicted that knowledge workers would become the most valuable asset within
an organization in the 21st century. Though a review of the literature does not set one definitive
characteristic for all knowledge workers, a common prerequisite theme indicates intellectual and
cognitive job tasks as acceptable requirements (Moussa et al., 2017; Surawski, 2019; Turriago-
Hoyos et al., 2016). Knowledge workers shift from previous expectations to produce a quantity
of work to results-based output and the ability to self-govern and generate knowledge (Turriago-
Hoyos et al., 2016). Today, knowledge workers exist in technical and nontechnology industries
(Surawski, 2019).
Researchers describe additional characteristics of the knowledge worker to contain self-
sufficiency in planning, managing, and auditing the quality of the knowledge work tasks to
complete the intended business process (Iazzolino & Laise, 2018; Shrafat, 2018; Surawski, 2019;
Zhang, 2017). Surawski (2019) describes multiple references to knowledge workers within the
business and education with labels comprising information workers, data workers, professionals,
specialists, experts, white-collar workers, and office workers. Surawski believes white collar is
synonymous with present-day knowledge workers with subcategories of office workers,
information workers, and data workers. Some authors delineate professionals as a type of skilled
knowledge worker often associated with a management role within the business or education
industry (Lee et al., 2019; Surawski, 2019; Vuori et al., 2019). Specialists contained within the
category of a knowledge worker are associated with staff possessing a specific skill set, not
29
within a management position (Nikolopoulos & Dana, 2017; Surawski, 2019). On the other
hand, subject matter experts possess a skill set within a non-management role obtained through
experience often sought after by their peers in a specific knowledge area (Surawski, 2019; Vuori
et al., 2019). Knowledge worker themes found in the literature incorporate knowledge work,
knowledge workers in the technology industry, and the 21st-century role of knowledge workers
in support of this study.
Knowledge Work
To operationalize knowledge workers, one must distinguish knowledge work as the act of
creating and using knowledge to perform organizational tasks required to generate output
necessary for an organization’s products and services (Drucker, 1999; Moussa et al., 2017;
Shujahat et al., 2019). The role of knowledge workers requires the self-management of tasks to
perform these expected deliverables as knowledge work. In direct contrast to manual labor
workers dependent upon the completion of another co-worker’s laborious tasks, the knowledge
worker possesses an intellectual aptitude necessary for performing each task to complete their
work based on their skillset (Costas & Karreman, 2016; Drucker, 1999; Shujahat et al., 2019).
Costas and Karreman (2016) further describe knowledge work on a higher level as a fulfillment
aspect, inspiring innovation, and autonomy for the knowledge worker. Knowledge work, as
performed by qualified knowledge workers, often allows independence creating connectivity
between the knowledge worker and the organization through ownership of knowledge work tasks
according to Costas and Karreman. These tasks require performance by experienced knowledge
workers possessing specific skillsets to create, transfer, and utilize knowledge to perform the
assigned knowledge work task (Costas & Karreman, 2016; Surawski, 2019). Knowledge work
tasks often heed quality over quantity to retrieve the desired outcome fostering the organization’s
30
challenge to measure the output of knowledge worker tasks due to the intangible nature of
knowledge work (Iazzolino & Laise, 2018; Shrafat, 2018).
Knowledge Workers in the Technology Industries
A review of the literature reveals knowledge workers span across multiple industries
while much of the research denotes the majority attributed to technology roles or industries
(Nikolopoulos & Dana, 2017; Surawski, 2019; Zelles, 2015). Within our digital age, technology-
based businesses require the employment of knowledge workers possessing a specific skill set to
perform the intellectual knowledge work (Surawski, 2019). The technical skill sets of knowledge
workers across a variety of industries within the technology-focused industries (Zelles, 2015).
Businesses within the technology industry fall within the “Information Sector” industry,
according to the U.S. Bureau of Labor Statistics spanning a wide range of technology-specific
products and services (“Industries at a Glance,” 2020). Software-specific industry firms
publishing software to market these products for installation or offerings of services for
installation of software fall within the software industry category of NAICS code #51121
(“Banner Reports,” 2019). Knowledge workers in the technology industries become
organizational assets offering intellectual capabilities to ensure firm innovation through the
creation of value without physical labor (Vuori et al., 2019; Zelles, 2015). Just as innovation
burst onto the scene with the emergence of the 21st Century, knowledge workers’ role
exponentially experienced a shift of knowledge work due to a growing digital era (Vuori et al.,
2019; Shujahat et al., 2019).
21st Century Role of Knowledge Workers
Changes in the knowledge workers’ role in the workplace influenced the activities needed
to perform expected business outcomes (Turriago-Hoyos et al., 2016; Vuori et al., 2019; Wessels
31
et al., 2019). Surawski (2019, p. 114) outlines the progression of standard terms to describe
present-day knowledge workers described as “knowledge age workers,” “professionals,”
“specialists,” and “intellectual workers.” Generating knowledge for contributions to
organizational innovation and value-added activities toward the business’s successful
performance has become the norm in the 21st Century knowledge worker. The advancements in
technology continue to impact the knowledge worker’s role through improved tools to produce
knowledge more efficiently and enhanced work conditions for the knowledge worker (Wessels et
al., 2019). Regardless of the industry, multiple employment titles meet the definition of
knowledge worker found within the occupational employment code “15-0000 Computer and
Mathematical Occupations,” according to the Bureau of Labor Statistics (“Occupational
Employment Statistics,” 2018). However, the role of knowledge workers in the 21st Century will
not be limited to only technical and intellectual work tasks, rather the proficiencies in creativity,
visionary, and collaborative insights will embody the very nature of knowledge work in this
digital era (Archibald et al., 2018; Vuori et al., 2019). Challenges faced by businesses throughout
the sequence of knowledge workers coinciding with technological advancements include
managing the knowledge assets and processes (Shujahat et al., 2019).
Knowledge worker themes found in the literature incorporate knowledge work,
knowledge workers in the technology industry, and the 21st-century role of knowledge workers
in support of this study. Current findings indicate knowledge as the foundation for innovation
requiring knowledge workers to generate knowledge assets (Costas & Karreman, 2016;
Turriago-Hoyos et al., 2016). Researchers want future research to incorporate the office space
and conditions of knowledge workers to support knowledge work activities (Krozer 2017;
Surawski, 2019). Additionally, researchers seek contributions in the role of organizational
32
management impacts on knowledge workers (Turriago-Hoyos et al., 2016; Ullah et al., 2016;
Wei & Miraglia, 2017).
Knowledge Management
Knowledge management allows business leaders to leverage the accumulation of
knowledge assets originating from people, processes, and technology acting as sources for
strategic decisions, innovation, and competitive advantage (Koc et al., 2019; Shujahat et al.,
2019; Yuqing Yan & Zhang, 2019). Business leaders must assimilate multiple facets of
knowledge assets to determine strategic business decisions aimed to leverage innovation and
ensure a competitive advantage in the marketplace (Martinez-Conesa et al., 2017). Knowledge
management supports an organization’s innovation capabilities based on processes encouraging
knowledge exchange activities inspiring new products and services unique to the business
(Martinez-Conesa et al., 2017). The way knowledge becomes capitalized determines the
organization’s innovative ability during the Knowledge Management process cycle in the
capture, creation, storage, retrieval, sharing, and utilization of knowledge (Al-Emran et al., 2018;
Shujahat et al., 2019).
Innovative products and services require support from the restructuring of business
processes integrated with Knowledge Management to address emerging technologies and
et al.
facilitate improved business performance, laying the foundation for the competitive advantage
based on effective Knowledge Management practices (Martinez-Conesa et al., 2017; Roldán et
al., 2018). Researchers Al Ahbabi et al. (2019) found a significant positive relationship between
the Knowledge Management processes and the organization’s performance, proposing future
research in the information sector and inclusion of additional contexts within Knowledge
33
Management processes. Additional subdomains surrounding Knowledge Management found in
the literature incorporate the history of Knowledge Management, components of Knowledge
Management, and organizational units of Knowledge Management within the Knowledge
Management theme.
History of Knowledge Management
The first efforts to connect the management of knowledge assets to the firm’s ability to
achieve business goals and impact performance originated three decades ago by knowledge
experts Ikujiro Nonaka and Hirotaka Takeuch (Hoe, 2006; Nonaka, 1991). Early developments
in Knowledge Management efforts pursued asset management of skilled employee knowledge,
business processes, and all organizational learned knowledge for capturing intellectual capital
(Koc et al., 2019). As technology systems evolved, the capability to digitally manage knowledge
covering all facets of the organization set the stage using the Knowledge Management System
et al., 2018; Yuqing Yan & Zhang, 2019). The capability to manage knowledge assets
cultivated by innovative technology in the workplace gave life to Knowledge Management in
supporting an improved competitive advantage (Yuqing Yan & Zhang, 2019). Researchers’
descriptions of these components of Knowledge Management have changed although the end
goal is the same in managing the organization’s knowledge in a manner leading to a net benefit
for the organization (Hashemi et al., 2018; Hoe, 2006; Mousavizadeh et al., 2015; Oyemomi et
al., 2018; Shujahat et al., 2019).
Components of Knowledge Management
Knowledge management represents the organization’s capabilities to create, capture,
share, store, and consume knowledge assets as the gateway to prevent loss of knowledge, inspire
innovation, and gain a competitive advantage (Caruso, 2017; Costa & Monteiro, 2016; Intezari et
34
al., 2017; Martinez-Conesa et al., 2017; Navimipour & Charband, 2016; Shujahat et al., 2019;
Yuqing Yan & Zhang, 2019). Standard components of Knowledge Management listed in the
research represent the creation of knowledge assets, capturing knowledge assets, sharing
knowledge assets, storage of knowledge assets, and the consumption of knowledge assets
necessary to promote the successful management of knowledge (Hashemi et al., 2018; Hoe,
2006; Mousavizadeh et al., 2015; Oyemomi et al., 2018; Shujahat et al., 2019). Each component
contributes to the cyclical phases within Knowledge Management processes organizations’
follow contributing to innovation and competitive advantage (Caruso, 2017; Costa & Monteiro,
2016; Intezari et al., 2017; Martinez-Conesa et al., 2017; Navimipour & Charband, 2016;
Shujahat et al., 2019; Yuqing Yan & Zhang, 2019).
The creation of knowledge assets as a component of Knowledge Management supports
the overarching goal of acquiring knowledge and distributing it across the organization to
improve business performance (Caruso, 2017; Levallet & Chan, 2018). The creation of
knowledge assets begins during the synthesis of tacit and explicit knowledge creating new
perspectives and significance of new knowledge through collaborative efforts (Al Ahbabi et al.,
2019; Cannatelli et al., 2017; Shujahat et al., 2019). This generation of new knowledge requires
the harmonious blend of tacit and explicit knowledge as a natural process within a conducive
workplace environment (Hoe, 2006; Oyemomi et al., 2018). Researchers believe the creation of
knowledge assets sets the stage for innovative opportunities and future capabilities supporting
business value assets and performance (Caruso, 2017; Hashemi et al., 2018; Mousavizadeh et al.,
2015; Shujahat et al., 2019). The creation of new knowledge requires collaboration across
organizational boundaries to stimulate creative mixtures of new and existing knowledge contexts
(Al Ahbab et al., 2019; Cannatelli et al., 2017). Researchers relay the benefits of continuous
35
knowledge creation may improve innovative capacities fostering new innovative services and
products, KM activities, and improved business performance (Cannatelli et al., 2017; Costa &
Monteiro, 2016). The use of technology offering multiple tools for generating new knowledge
may also aid in the flow of knowledge assets creation (Roldán, Real, & Ceballos, 2018).
Once knowledge assets are acquired or created, the capturing of this knowledge requires
cooperation from business units in the deliberate collection of explicit knowledge for the desired
purpose to improve business performance and innovation (Muqadas et al., 2017; Rutten et al.,
2016; Shujahat et al., 2019). The capturing of new knowledge assets progresses through a
lifecycle of collection, organization, and defining of explicit knowledge for reuse within the
organization (Al Ahbabi et al., 2019). Knowledge workers may capture new organizational
explicit knowledge gained through the performance of work tasks and processes (Al Ahbab et
al., 2019; Shujahat et al., 2019). Al Ahbab et al. note that capturing tacit knowledge stemming
from individual knowledge workers’ job experience and skillsets is difficult yet possible to
achieve new knowledge assets. Once new knowledge becomes captured, the process of
codification ensures the reuse of the knowledge as a tangible asset throughout the organization
and accessible within the KMS (Al Ahbab et al., 2019; Cannatelli et al., 2017). The capturing of
new knowledge assets is a continuous process invoking the remaining components of the unit’s
Knowledge Management efforts (Cannatelli et al., 2017; Costa & Monteiro, 2016; Mao et al.,
2016; Roldán et al., 2018).
Researchers describe knowledge sharing as a critical component of the Knowledge
Management process due to the distribution of knowledge assets through technology tools or
people across the business units (Al Ahbabi et al., 2019; Al Shamsi & Ajmal, 2018; Loebbecke,
van Fenema, & Powell, 2016; Muqadas et al., 2017; Oyemomi et al., 2018; Shujahat et al.,
36
2019). This critical component in Knowledge Management hinges upon the unlimited collection
of internal knowledge not yet known to others within the organization dwelling within the minds
of knowledge workers (Shujahat et al., 2019). Knowledge workers participating in the capturing
and creating of new knowledge remain essential to the successful sharing of knowledge in an
organization while fostering improved process standards, innovation capabilities, and business
performance (Muqadas et al., 2017).
Influences in workplace knowledge sharing derive from diverse sources within the
organization, including workplace culture, technology, organizational leadership, and knowledge
workers (Al Shamsi & Ajmal, 2018; Shujahat et al., 2019; Wei & Miraglia, 2017). However,
several researchers pose organizational culture as a leading facilitator in the promotion of
knowledge sharing within the organization (AlShamsi & Ajmal, 2018; Caruso, 2017; Costa &
Monteiro, 2016; Mao et al., 2016; Muqadas et al., 2017; Oyemomi et al., 2018). The role of
technology tools and systems toward knowledge sharing as a component of Knowledge
Management is unclear due to varying types of technology and implementation strategies
impacting measuring outcome success (Al Shamsi & Ajmal, 2018; Costa & Monteiro, 2016;
Mao et al., 2016; Oyemomi, 2018). Nevertheless, some researchers reflect the influence of
leadership as a determinant in the compliance of knowledge sharing of this component within the
Knowledge Management process based on the support or lack thereof from business
management (Al Shamsi & Ajmal, 2018; Cannatelli et al., 2017; Costa & Monteiro, 2016).
Ultimately, knowledge workers within the organization determine when to share knowledge
through social interaction and technology or when to withhold knowledge to use as leverage for
personal gain (Costa & Monteiro, 2016; Koenig, 2018; Muqadas et al., 2017).
37
Al Shamsi and Ajmal (2018) conducted a study to examine direct influences on the
knowledge sharing of service organizations within the technology industry. Data collection
efforts retrieved a total of 222 manager-employee responses in service organizations for the
identification of knowledge-sharing behaviors. The results show that organizational leadership is
an essential factor that impacts knowledge sharing in technology-intensive organizations,
followed by organizational culture, organizational strategy, corporate performance,
organizational process, employee engagement, and organizational structure. According to the
results, the least impactful factor is human resource management (Al Shamsi & Ajmal, 2018).
In contrast, many scholars seek to understand the barriers in knowledge sharing within
the workplace from the aspects of the knowledge worker, organization, and management as
barriers (Intezari et al., 2017; Muqadas et al., 2017; Orenga-Roglá & Chalmeta, 2019; Shrafat,
2018). Knowledge workers may function as a barrier agent preventing knowledge sharing within
the organization from a personal fear of job loss or loss of power or control (Intezari et al., 2017;
Muqadas et al., 2017; Orenga-Roglá & Chalmeta, 2019). Recent studies describe organizational
barriers to knowledge sharing based on the corporate culture and behavioral norms formulating
the knowledge worker’s motivation to share knowledge (Intezari et al., 2017; Shrafat, 2018;
Zimmermann et al., 2018). Within the digital arena, barriers to knowledge sharing evolve from
the technology employed by the organization aimed to share knowledge hinders the free flow of
awareness among the workplace (Al Shamsi & Ajmal, 2018; Costa & Monteiro, 2016; Mao et
al., 2016; Oyemomi, 2018).
The storage of knowledge assets requires a continuous cycle in Knowledge Management
as tacit knowledge becomes converted to explicit knowledge and stored using the organization’s
t
38
may encompass various forms of documents, digital media, databases, or data warehouses
selected by the organizational unit. Oftentimes, organizations offer multiple forms of storage
differing by the type of knowledge and knowledge worker skillsets (Hashemi et al., 2018). In
addition to the storage of knowledge assets, Knowledge Management Systems offer convenience
in managing the creation, capture, sharing, and retrieval of knowledge (Santoro et al., 2018;
Zhang, 2017; Yuqing Yan & Zhang, 2019). Regardless of the knowledge storage mechanism,
storage knowledge assets enable the consumption of this knowledge within the Knowledge
Management lifecycle to support innovation and business performance (Al Ahbabi et al., 2019;
Hashemi et al., 2018).
The retrieval of stored knowledge assets impacts knowledge workers’ capability to
consume the knowledge required to perform assigned tasks (Hashemi et al., 2018). The
successful cycle of Knowledge Management as an ever-evolving process in an endless stream of
creating, capturing, sharing, storing, and consuming knowledge assets embodies the goals of an
organization’s Knowledge Management strategy (Shujahat et al., 2019). The consumption of
knowledge produces a value-added asset that allows knowledge workers to apply new
knowledge to inspire innovation, the intellectual capability, and skillset to utilize this knowledge
toward problem-solving or new knowledge (Al Ahbabi et al., 2019; Shujahat et al., 2019).
Overall, the application of new knowledge promotes improved business processes, innovation
competencies, and business performance enabling the knowledge creation process across the
organization to continue (Al Ahbabi et al., 2019; Costa & Monteiro, 2016). Koc et al. (2019)
describe differing organizational units of Knowledge Management within the organization as
information management, process management, people management, innovation management,
and asset management assisting leadership in successful governance. Business leaders ascribe to
39
a variation of these organizational units of Knowledge Management based on organizational
needs (Koc et al., 2019; Shujahat et al., 2019; Yuqing Yan & Zhang, 2019).
Organizational Units of Knowledge Management
The continual demand for effective management of knowledge throughout the
organization formulated the maturity of the approach known today as Knowledge Management
(Koc et al., 2019; Shujahat et al., 2019; Yuqing Yan & Zhang, 2019). Knowledge management
perspectives continue to evolve as technology disruptions emerge. Knowledge management
encompasses cross-functional sectors within the firm requiring business leader oversight into the
management of the organization’s processes, the knowledge workers, and the workspace acting
as an essential business strategy (Al-Emran et al., 2018; Shujahat et al., 2019). Researchers Koc
et al. (2019) present current organizational units within Knowledge Management into categories
encompassing the management of information, processes, people, innovation, and assets within
the organization. These organizational unites of Knowledge Management subcategories are
described below.
Information management as a unit of Knowledge Management encapsulates the explicit
and recorded knowledge transformed from the organization’s intangible knowledge assets (Koc
et al., 2019). The management of information supports the organization’s knowledge strategy by
awareness and utilization of critical information transformed into knowledge suitable for the
organization (García-Alcaraz et al., 2019; Ramayani et al., 2017). Tacit and explicit knowledge
derives from the transformation of information into a useable form captured and stored for the
express purpose of reutilizing the knowledge for the benefit of the organization and preventing
loss of unique knowledge assets (Koc et al., 2019; Martinez-Conesa et al., 2017; Ramayani et al.,
2017; Shrafat, 2018). Information management is the key to unlock the door to initiate
40
Knowledge Management processes aimed at creating, capturing, storing, sharing, and processing
knowledge within the organization (García-Alcaraz et al., 2019; Ramayani et al., 2017).
Process management ensures the embedded knowledge unique to the organization
required to perform business processes reflects the operational knowledge and workflows of
procedures needed to perform knowledge work tasks (Koc et al., 2019; Steinau et al., 2019).
Knowledge management strategies seek process management efforts by putting the
organization’s data activities front and center regardless of the technology tools used to capture
the knowledge (Steinau et al., 2019). Organizations implement multiple business process
management approaches complimenting current business strategies, process tools, and
technology systems in place to support automation of processes, innovation capabilities, and
business performance (Nikiforova & Bicevska, 2018; Steinau et al., 2019).
Managing employees through a Knowledge Management lens encourages knowledge
workers to capture and share tacit and explicit knowledge, further supporting learning and future
access to the organization’s knowledge assets (Koc et al., 2019). The management of converting
tacit knowledge embedded in the knowledge worker’s understanding and expertise gained
through experience, research, and communication requires consistent people management efforts
(Yuqing Yan & Zhang, 2019). People management in the promotion of Knowledge Management
business processes must emphasize the knowledge worker cooperation in transcending tacit into
explicit knowledge because of workplace activities (Andrews & Smits, 2019; Olaisen & Revang,
2018). Management support of an environment fostering a cohesive workplace mindset
encourages new knowledge generation (Andrews & Smits, 2019; Koc et al., 2019).
The innovation management in Knowledge Management represents knowledge
conversion enabled from singular and collaborative learned knowledge, leading to discoveries
41
and development, and guiding improved business performance (Koc et al., 2019; Yuqing Yan &
Zhang, 2019). Innovation management relies upon the continual flow of knowledge creation and
innovation processes to increase business performance (Briones-Peñalver et al., 2019; Leopold,
2019). Leopold (2019) reviews innovation processes as the key ingredient to innovation
management, including shared Knowledge Management elements through transforming
organizational employees’ tacit knowledge into explicit knowledge, spurring innovation from a
combination of this knowledge, and the promotion of knowledge sharing. Managing innovation
within an organization falls within the Knowledge Management cycle flowing from the
transformation of tacit knowledge into explicit knowledge and, ultimately, into reusable
knowledge to support the innovation efforts within the organization (Sánchez-Segura et al.,
2016). Leopold describes the initial creation of knowledge through the end product requires a
full circle of the Knowledge Management cycle upheld by the collaboration of knowledge
workers within the organization. Collaboration empowers the creation and attainment of internal
knowledge assets supporting the formation of new products and services, facilitating continued
Briones-Peñalver
et al., 2019).
The asset management component reflects managing the intellectual capital of the
organization utilizing the intangible assets as leverage to gain a competitive advantage (
et al., 2019; Bacila & Titu, 2018; Koc et al., 2019; Prusak, 2017). The components of intellectual
capital within an organization consist of human, internal, and external capital assets supporting
the firm’s business performance and competitive capabilities (Prusak, 2017). Human capital
contributions to the intellectual capital of an organization impacted by the workplace culture and
knowledge worker capabilities to produce new knowledge and develop distinctive products or
42
2017). Internal or organizational capital stems from the knowledge captured within the
organization as explicit knowledge in technology applications and systems later formulated into
et al., 2019; Prusak, 2017). External capital includes the intellectual capital based on marketing
strategies through offerings of select products and services aimed to gain new customers and
demand for these products and services (Prusak, 2017). Asset management is a component of an
organization’s Knowledge Management strategy. It exploits the human, internal, and external
capital comprising the intellectual capital aimed to gain a competitive advantage within the
market (Junior et al., 2019).
A review of Knowledge Management themes applicable to this study supported by the
literature included the history of Knowledge Management, components of Knowledge
Management, and organizational units of Knowledge Management. Regardless of the
organization’s Knowledge Management unit strategies, researchers’ findings report the capture,
creation, transfer, storage, and consumption of knowledge assets contribute to the successful
management of knowledge aimed to prevent loss of knowledge and inspire innovation and gain a
competitive advantage (Costa & Monteiro, 2016; Shujahat et al., 2019; Yuqing Yan & Zhang,
2019; Zaim et al., 2019). Nevertheless, differing research within the literature reports
organizational leadership and organizational culture supporting successful Knowledge
Management contributing to innovation (AL Shamsi & Ajmal, 2018; Intezari et al., 2017;
Mousavizadeh et al., 2015). Intezari et al. (2017) call for future exploration into factors
supporting successful Knowledge Management outcomes. In contrast, other researchers seek to
contribute organizational cultural factors toward knowledge workers’ impacts on Knowledge
43
Management success. (Ullah et al., 2016; Wei & Miraglia, 2017). The emergence of
sophisticated technology systems supports the management of knowledge assets within a
Knowledge Management System (Nurulin et al., 2019; Zhang, 2017). Managers seek Knowledge
Management tools, including Knowledge Management Systems, to capitalize on the creation,
storage, sharing, and utilization of knowledge within the organization (Mao et al., 2016; Peng et
al., 2017; Roldán et al., 2018).
Knowledge Management System
An introduction to Knowledge Management System (KMS) as a significant theme within
the literature provides the history of KMS, types of KMS, implementation of KMS, knowledge
worker use of KMS, and KMS performance indicators as the constructs of this domain
contributing to this study. Zhang (2017) describes the Knowledge Management System as a type
of information system specifically aimed to manage knowledge assets. Innovative technologies
spurred Knowledge Management capabilities through new software and hardware offerings,
leading to a variety of KMS technology platforms and offerings (Demirsoy & Petersen, 2018;
Schwartz, 2014). The development of Knowledge Management Systems evolved throughout the
decades in response to Knowledge Management’s role within organizations (Nurulin et al.,
2019). Initial features of the KMS allowed knowledge workers the capability to search the
system for knowledge, additional access knowledge articles internal or external to the
organization, create or edit knowledge artifacts, and label existing artifacts assisting
collaborators for reuse of contextual knowledge (Orenga-Roglá & Chalmeta, 2019; Zhang &
Venkatesh, 2017). KMS tools continue to evolve, enhancing new capabilities assisting in
collaborative effectivity, encourage knowledge exchange, social, and sharing (Lee et al., 2019;
Orenga-Roglá & Chalmeta, 2019; Zhang, 2017).
44
Business leaders leverage KMS as a structured tool to manage knowledge assets and
enable Knowledge Management processes, including capturing, creating, sharing, and applying
knowledge (Santoro et al., 2018). The type of KMS system becomes selected based on the
perceived support toward the needs of the Knowledge Management processes with supportive
features and tools (Demirsoy & Petersen, 2018; Lee et al., 2019). Organizations often find value
in adopting a KMS comprised of collaboration tools allowing the users to communicate
efficiently, exchange knowledge, and manage the stored knowledge and communication
mechanisms (Del Giudice & Della Peruta, 2016; Orenga-Roglá & Chalmeta, 2019; Zhang,
2017). Shrafat (2018) conducted a study of small and medium-sized businesses to identify
additional influences contributing to successful Knowledge Management practices and realized
benefits from implementing KMS. Shrafat analyzed survey results from 247 participants from
multiple small to mid-sized businesses incorporating the adoption of a KMS. Results from the
study indicated that various organizational readiness and capabilities encompassing Knowledge
Management, knowledge sharing, organizational learning, and technology contribute to the KMS
success outcome (Shrafat, 2018). In contrast, researchers conclude there remain barriers to
effective use of an organization’s KMS due to the ever-growing storage of multiple media
formats of knowledge within the system, the semantics of finding data within context, and lack
of standard system features (Kimble et al., 2016; Peng, Wang, Zhang, Zhao, & Johnson, 2017).
History of KMS
In 1978, the first rudimentary Knowledge Management System featured hyperlinks
within internal organizational groupware connecting remote workers across geographical
locations as a method to collaborate and share knowledge (Ceptureanu et al., 2012). The
popularity of internal Knowledge Management Systems within the business arena extended to
45
external networks upon the emergence of the internet, launching Knowledge Management
conferences and associations in the 1990s (Ceptureanu et al., 2012; Koenig, 2018). Multiple
types of Knowledge Management System product offerings soon materialized on the market
equipped with new features promising to provide successful management of knowledge assets
(Koenig, 2018). Initially, technological capabilities drove the type of Knowledge Management
Systems available to organizations and the features offered for the utilization of knowledge
assets (Koenig, 2018; Zhang, 2017).
Types of KMS
Several types of information systems exist for collaboration within the workplace among
knowledge workers aimed to support daily work tasks and share knowledge (Centobelli et al.,
2018; Dong et al., 2016; Lee et al., 2019; Zhang & Venkatesh, 2017). However, a review of the
literature revealed studies with multiple types of Knowledge Management Systems to support
Knowledge Management processes that exist within the workplace (Dong et al., 2016; Lee et al.,
2019; Zhang & Venkatesh, 2017). Therefore, discussions denoting types of KMS within an
organization referred to these types based on the purpose of the KMS and the categories
referenced in the literature. Classifications of the KMS are held dependent upon the use of the
system usage, including codified systems encompassing expert coding knowledge and
knowledge exchange systems aimed to share knowledge among employees (Venters, 2010;
Zhang, 2017).
The goal of the codification systems within the KMS domain is to capture tacit
knowledge from subject matter experts into the system, becoming codified explicit knowledge
available to knowledge workers within the workplace (Zhang, 2017). The codification process
within the KMS supports Knowledge Management efforts capturing multiple inputs of
46
information into a well-defined meaningful knowledge asset capable of reuse among knowledge
workers (Kimble et al., 2016). The progression of transforming data into knowledge, known as
semantics, is the basis of the KMS as a codification tool for retrieving varying forms of explicit
knowledge (Kimble et al., 2016). The KMS classification encompassing knowledge exchange
systems covers a wide range of systems supporting the organization’s Knowledge Management
activities and governance (Centobelli et al., 2018; Dong et al., 2016; Lee et al., 2019; Zhang &
Venkatesh, 2017). These systems encourage the exchange of knowledge, the transfer of tacit and
explicit knowledge, and the application of learned knowledge leading to the creation of new
knowledge (Zhang & Venkatesh, 2017). Zhang and Venkatesh explain the encouragement of
employee learning through interactive KMS offering knowledge workers numerous options to
interact and share knowledge within the workplace.
An organization’s KMS may belong to several categories depending on the features and
capabilities of the system purchased by the business to address specific business needs
(Centobelli et al., 2018; Del Giudice & Della Peruta, 2016; Dong et al., 2016.; Koenig, 2018;
Lee et al., 2019; Zhang, 2017; Zhang & Venkatesh, 2017). Koenig (2018) designates these
categories as content management, enterprise location, lessons learned, and communities of
practice A KMS with the sole purpose of warehousing knowledge assets for retrieval by
knowledge workers without collaboration features fall into the category of content management
(Koenig, 2018; Zhang, 2017). The KMS, as an enterprise location tool, provides built-in lookup
capabilities to find organizational subject matter experts possessing both tacit and explicit
knowledge needed by the knowledge worker required to complete a work task (Centobelli et al.,
2018; Zhang & Venkatesh, 2017). Database systems designed to contain and share knowledge
47
assets reflecting business expertise categorized as best practices or lessons learned systems
(Koenig, 2018).
Zhang (2017) expounds on additional features of KMS as lessons learned systems
provide knowledge workers the ability to create ‘how-to’ processes and knowledge-based articles
based on experiences in exercising tacit and explicit knowledge within the workplace meant to
share these experiences with co-workers. The recent development within the KMS domain
includes the emergence of communities of practice enhancing the capture of knowledge through
social means and the advancement of technology, including Web 2.0 tools (Del Giudice & Della
Peruta, 2016; Dong et al., 2016; Orenga-Roglá & Chalmeta, 2019). KMS inclusive of
communities of practice provides advanced technology features to capture tacit knowledge using
Web 2. 0 technologies such as video and audio intended for social collaboration (Del Giudice &
Della Peruta, 2016). Emerging technologies in the marketplace have revolutionized the
capabilities of KMS, incorporating multiple communication tools to support the Communities of
Practice platform (Lee et al., 2019).
Common characteristics of the KMS include a database providing a repository of
captured knowledge, access to the intranet, and or internet, aimed to support the creation,
capture, storage, and consumption of knowledge assets (Centobelli et al., 2018; Dong et al.,
2016; Lee et al., 2019; Zhang & Venkatesh, 2017). Powerful KMS containing several
capabilities to support all aspects of the organization’s Knowledge Management processes also
offer collaboration spaces for editing of knowledge within the system, conferencing capabilities,
and automation of knowledge flow within the system (Dong et al., 2016; Lee et al., 2019; Zhang
& Venkatesh, 2017).
48
Implementation of KMS
The implementation of KMS may include both the initial installation of the KMS within
an organization by setting up a technology system and the application of the Knowledge
Management procedures and knowledge worker expected use of the KMS (Intezari & Gressel,
2017; Zhang, 2017; Zhang & Venkatesh, 2017). Kimble et al. (2016) suggest that organizations
identify the business needs before selecting the technology platform for the KMS. On the other
hand, researchers Orenga-Roglá and Chalmeta (2019) emphasize recognizing the organizational
culture and technology impacts the KMS will generate. Organizations may select the
functionality of the KMS as single-threaded seen in a content management system or the
selection of multi-functional capabilities as experienced with a community of practice
incorporating advanced system features for an enhanced experience within the KMS (Orenga-
Roglá & Chalmeta, 2019; Zhang & Venkatesh, 2017). Researchers agree that a systematic
approach for implementing the KMS is essential to knowledge worker job performance and
successful Knowledge Management while strategies to conduct this task lack within the literature
(Orenga-Roglá & Chalmeta, 2019; Zhang & Venkatesh, 2017).
Researchers describe key benefits from KMS implementations that deliver enhanced
Knowledge Management capabilities, financial gains, increased learning opportunities, and
competitive advantage for the organization (Intezari & Gressel, 2017; Zhang, 2017). Intezari and
Gressel (2017) relay the benefits of this implementation also transforms daily employee
knowledge encounters into new explicit experiences leading to innovative products and services.
Wang and Wang (2016) analyzed completed surveys from 291 Taiwanese businesses and found
relationships between innovation, organizational influences, and environmental factors within
49
KMS implementation. The researchers suggested future studies should include additional
performance indicators between the KMS and implementation factors (Wang & Wang, 2016).
Knowledge Worker Use of KMS
Regardless of the type of KMS or implementation strategies organizations employ to
manage knowledge, innovative technologies continue to improve knowledge worker utilization
of the KMS (Demirsoy & Petersen, 2018; Özlen, 2017). Business leaders desire knowledge
workers to contribute learned knowledge to the content of the KMS, utilize the KMS as a
knowledge-based source, and support knowledge work task efficiency (Sutanto et al., 2018).
Frequent interaction with the KMS encourages knowledge sharing and integration of knowledge
assets for the reuse of knowledge among knowledge workers (Martins et al., 2019; Özlen, 2017;
Shujahat et al., 2019). As knowledge workers utilize the system, these KMS activities enable the
continuous knowledge life cycle to create, capture, store, access and share knowledge (Demirsoy
& Petersen, 2018; Jahmani et al., 2018; Surawski, 2019). Participation within this cycle
contributes to transforming tacit knowledge into explicit knowledge in a reusable format (Tserng
et al., 2016). Knowledge workers then become motivated to seek solutions within the KMS by
searching stored knowledge to retrieve explicit instruction within their work tasks (Demirsoy &
Petersen, 2018; Zhang, 2017).
Researchers have pursued motives contributing to knowledge worker use of the KMS,
such as ease of using the system and collaboration capabilities (Del Giudice & Della Peruta,
2016; Dong et al., 2016; Lee et al., 2019; Zhang & Venkatesh, 2017). The knowledge worker
assesses the ease of using the KMS forms based on experiences resulting from interaction with
the system and perceived success (Del Giudice & Della Peruta, 2016; DeLone & McLean, 2003;
Dong et al., 2016). Based on the features available during the use of the KMS, knowledge
50
workers may be willing to interact with the system to seek available knowledge to perform a
work task or contribute learned knowledge to the KMS (Zhang & Venkatesh, 2017). Also,
knowledge workers continue to rely upon the KMS when the interaction with the system
produces expected results (Del Giudice & Della Peruta, 2016; Lee et al., 2019). Researchers
speculate the degree of utilization of the organization’s KMS contributes to Knowledge
Management success due to contributing factors encumbering organizational culture, the KMS
infrastructure, and knowledge worker impression of the KMS technology infrastructure (Lee et
al., 2019; Özlen, 2017).
Xiaojun (2017) performed a study reviewing the implementation features of one
organization’s KMS to identify potential factors influencing knowledge worker tasks, KMS
usage, and user experience. Xiaojun retrieved surveys and interviews from 1,441 knowledge
workers in finance and budgeting, accounting, personnel, customer management, sales,
advertising, and public relations business units. Xiaojun’s findings from the study signified a
positive relationship for knowledge workers based on the moderating influences from the
specific task, KMS, knowledge worker, and leadership.
KMS Performance Indicators
Jennex and Olfman (2006) outlined six key performance indicators within the Jennex
and Olfman KM Success Model as specific components utilized to measure the performance of
the KMS. These knowledge-specific performance indicators remain intact since the original
model known as knowledge quality, system quality, service quality, intent to use/perceived
benefit, use/user employee satisfaction, and net system benefits (Jennex, 2017; Jennex &
Olfman, 2006). The Jennex and Olfman KM Success Model (2006) are very similar to the
DeLone and McLean IS Success Model (1994) to address Knowledge Management dimensions
51
within each category. These categories include information/knowledge quality, system quality,
service quality, intent to use, use/user employee satisfaction, and net benefits (Jennex & Olfman,
2006). Jennex and Olfman presented the KM Success Model to address the growing need to
measure an organization’s KMS key performance indicators and knowledge dimensions updating
the construct of captured information into reusable knowledge assets (Jennex, 2017; Jennex &
Olfman, 2006; Liu et al., 2008).
Karlinsky-Shichor and Zviran (2016) reveal that scholars continue to interchange
information quality and knowledge quality as the same KMS component. This exchange is
evident as researchers continue to use theoretical constructs within the DeLone and McLean IS
Success Model when analyzing the dimensions of an organization’s KMS in conjunction with the
Jennex and Olfman KM Success Model (Liu et al., 2008; Nusantara et al.2018; Wu & Wang,
2006). Karlinsky-Shichor and Zviran (2016) presented a model in their study similar to both the
DeLone and McClean (2003) IS Success Model the Jennex and Olfman (2006) KM Success
Model analyzing only the information quality, system quality, and service quality. Instead, the
researchers added moderators in the user competence during usage of the system based on the
organization’s Knowledge Management capabilities (Karlinsky-Shichor & Zviran, 2016). In this
study, the researcher’s results based on 100 participants belonging to a knowledge-focused role
within the software industry indicated business leaders must consider both technical and cultural
influences of the KMS to foster acceptance from knowledge workers (Karlinsky-Shichor &
Zviran, 2016).
Alarming IDC survey results reveal the need for performance metrics to identify KMS
impact on business performance. The IDC reported that organizations with at least 1,000
employees would comprise at least 45% of global technology spending in 2020 (Vanian, 2016).
52
Medium-sized businesses consisting of 100 to 999 employees, intend to spend the most on
improving business performance (Vanian, 2016). The ISO recently created ISO 30401:2018 to
support organizations in developing a KMS for promotion and enablement of knowledge worker
productivity (“Knowledge Management Systems,” 2018). This evidence supports the application
of the Jennex and Olfman (2006) KM Success Model for organizations seeking key performance
indicators of KMS success based on the original six critical success factors. The performance
indicators include knowledge quality, system quality, service quality, intent to use/perceived
benefit, use/user employee satisfaction, and net system benefits (Jennex, 2017; Jennex &
Olfman, 2006). A reciprocal stream of influence often flows between the KMS and KM
capabilities within an organization leveraging the ability to harness the effective management of
knowledge, thereby leading to increased KMS acceptance and use (Shrafat, 2018).
Several authors supplement Knowledge Management capabilities with knowledge
sharing and KMS usage, further influencing business performance (Martinez-Conesa et al., 2017;
Meng et al., 2014; Nahapiet & Ghoshal, 1998; Zhang et al., 2018). However, other authors
present the effect of Knowledge Management capabilities incorporating knowledge sharing and
KMS usage as a direct stimulus on increased innovation within the organization (Hamdoun et al.,
2018; Hock, Clauss, & Schulz, 2016; Martinez-Conesa et al., 2017; Oparaocha, 2016). The
Jennex and Olfman KM Success Model (2006) key performance indicators offer the organization
a mechanism to measure the performance of the KMS into individual components and
dimensions as markers of knowledge sharing often connected to business performance. In this
model, the knowledge worker’s perspective of the reliability and accuracy of the retrieved results
within the KMS encouraging knowledge sharing measured by the richness dimension of
knowledge quality serving as the focal of this study.
53
KMS Knowledge Quality. Knowledge quality as the first of six components in the
Jennex and Olfman KM Success Model (2006) holds the spotlight as the performance indicator
in examining a potential relationship between KM process/strategy, richness, and linkage as a
dimension of knowledge quality within the KMS. Researchers agree the deficits in knowledge
quality stored within an organization’s KMS prevents knowledge workers from retrieving
accurate information (Jennex, 2017; Karlinsky-Shichor & Zviran, 2016; Sutanto et al., 2018;
Zhang, 2017). Researchers attempt to operationalize the knowledge quality of a KMS from the
knowledge worker perception during utilization of the system (Jennex, 2017; Jennex & Olfman,
2006; Karlinsky-Shichor & Zviran, 2016; Sutanto, Liu et al., 2018; Zhang, 2017). In this study,
the construct of information quality and knowledge quality within a KMS synonymously contain
dimensions of the Knowledge Management processes/strategies, the richness of the retrieved
results, and the linkage of the KMS from the KMS knowledge quality construct (Karlinsky-
Shichor & Zviran, 2016). Knowledge workers expect to easily recover knowledge within the
organization’s KMS within the context of the search query in a timely and accurate fashion
(Jahmani et al., 2018). This expected knowledge content quality allows the knowledge worker to
combine current knowledge with the explicit knowledge system to generate new knowledge
assets available for reuse within the system (Jahmani et al., 2018).
The KMS incorporates the foundation of the Information Systems Theory (IST), bridging
the interaction with the system the underlying computational logic based on the models
embedded within the system to return expected results (Langefors, 1977; Lerner, 2004). These
results impact the knowledge worker experience using search queries to retrieve knowledge
determined by the relevant content (Demirsoy & Petersen, 2018; Karlinsky-Shichor & Zviran,
2016). Demirsoy & Petersen (2018) describe the Bayes classifier model and vector space model
54
as existing computational logic used as a framework for systems, including the KMS. These
models search only the vocabulary meanings of each word complicated by word vagueness, and
multiple definitions of one word may return irrelevant query results (Demirsoy & Petersen,
2018). Advanced queries logic often incorporates classifying and clustering combined with
statistical word frequencies to rank the sequence of assumed relevant results (Demirsoy &
Petersen, 2018).
In contrast, semantic information searches combine the computational logic of the KMS
based on the underlying semantic logic model to interpret the definition of words contained in
the search query with continued knowledge worker use of the system to improve the relevancy of
the results (Demirsoy & Petersen, 2018). As a component of knowledge quality within a KMS,
the linkages represent the structure of retrieved results returned after performing a search within
the KMS (Karlinsky-Shichor & Zviran, 2016). The richness as a component of knowledge
quality within a KMS signifies the accuracy and timeliness impacting the context of retrieved
results within the KMS (Karlinsky-Shichor & Zviran, 2016). The technology infrastructure of the
KMS, the continued use of the KMS, and the constant update of knowledge with the system
contribute to the knowledge quality of the KMS (Demirsoy & Petersen, 2018). Therefore, the
Knowledge Management processes and strategies as an element of knowledge quality within a
KMS comprise the unique methods, activities, and procedures the business sets in place to
manage knowledge assets (Demirsoy & Petersen, 2018; Karlinsky-Shichor & Zviran, 2016).
The degree of knowledge content quality retrieved from the KMS impacts the knowledge
worker’s perceived usefulness of the system (Jahmani et al., 2018; Zhang, 2017). This perceived
usefulness produces attitudes and behaviors related to knowledge workers’ motivation to utilize
the KMS for knowledge sharing within the organization (Jahmani et al., 2018; Zhang, 2017).
55
However, (Sutanto et al., 2018) maintain the knowledge worker efficiency during the use of the
KMS does not improve based on the perception of the quality of retrieved results. Jahmani et al.
(2018) concluded a study from multiple hospitals surveying healthcare staff regarding KMS
components finding that knowledge content quality retrieved from the knowledge worker is a
functional requirement for the perceived usefulness of KMS. Eltayeb and Kadoda (2017)
performed semi-structured interviews with experts, managers, and employees from multiple
organizations in the region to identify connections between Knowledge Management and
business performance. The researchers concluded a significant relationship between Knowledge
Management practices, future business strategies, and business performance and request future
researchers to explore the quality of knowledge information stored within the KMS (Eltayeb &
Kadoda, 2017).
Knowledge Worker Productivity
Knowledge worker productivity (KWP) as the fourth major theme within this study was
discussed as KWP measurement challenges, KWP enablement, and the KWP financial
implications while using the organization’s Knowledge Management System. Peter Drucker
rationalized the productivity capability of knowledge workers led to increased business
performance and financial gains (Drucker, 1999; Iazzolino & Laise, 2018). Productivity efforts
may benefit by empowering knowledge workers, instilling autonomy, enacting continuous
improvement for innovation, allowing self-governance of quality, and treating knowledge
workers as assets and not merely resources (Drucker, 1999; Iazzolino & Laise, 2018).
KWP Measurement Challenges
Challenges in measuring knowledge worker productivity arise from capturing potential
intangible tasks aimed to assign a metric for comparison of changes in productivity (Iazzolino &
56
Laise, 2018; Karlinsky-Shichor & Zviran, 2016). Productivity is one of the perceived KMS
benefits often cumbersome to measure (Karlinsky-Shichor & Zviran, 2016; Turriago-Hoyos et
al., 2016). The underlying activities impacting knowledge worker productivity and measurable
outcomes become intertwined with current Knowledge Management processes and knowledge
worker perceptions (Turriago-Hoyos et al., 2016). Iazzolino and Laise (2018) reviewed Drucker
and Public’s model to identify the meaning and measurement of productivity surrounding the
knowledge workers, management, and stakeholders. Iazzolino and Laise perceived like Drucker;
Public believed the measure of knowledge workers was comparable to manual workers based on
the value-added of activities and the ways of the employees. Public’s proposal to translate
knowledge worker’s activities into value-added metrics aligns with the purpose of the income
statement. Identifying the investment of human capital supports the notion of workers as
investments and not merely a line-item cost (Iazzolino & Laise, 2018). Methods rating the
measurement of knowledge worker productivity as a ratio calculation between the value-added
metric of each knowledge worker and the total number of employees and the differences in
productivity vary among the research (Duarte, 2017; Iazzolino & Laise, 2018).
KWP Enablement
The enablement of knowledge worker productivity begins with the effective use of the
KMS by knowledge workers within an organization supporting the Knowledge Management
capabilities (Shrafat, 2018). KMS usage as a dimension of Knowledge Management capabilities
is often noted as the most desired capability an organization strives to achieve expressed as an
exchange of organizational information, knowledge, and skills (Caruso, 2017; Intezari et al.,
2017; Navimipour & Charband, 2016). The knowledge worker productivity may easily be
measured when operationalized into variables measuring the number of times a user successfully
57
retrieved knowledge within an existing KMS (Dey & Mukhopadhyay, 2018). Researchers link
Knowledge Management activities as contributors to increased business performance and
productivity stemming from knowledge capturing, sharing, and application of knowledge assets
(Shrafat, 2018).
KWP Financial Implications
The failure of businesses to implement a successful KMS to retrieve knowledge assets
reported productivity losses well over 5.7 million published by Fortune 500 organizations
(Ferolito, 2015). The International Organization for Standardization (ISO) developed ISO
30401:2018 as the standard for the KMS organization followed for the promotion and
enablement of knowledge creation. The creation of the ISO 30401:2018 certification for
organizations with existing KMS supports organizations’ efforts to empower knowledge worker
productivity through efficient retrieval of organization knowledge for knowledge sharing (ISO
30401, 2018). Losses in knowledge worker productivity continue to plague businesses incapable
of leveraging the organization’s KMS to sustain knowledge sharing activities supporting
increased business performance (Ferolito, 2015; “ISO 30401:2018,” 2018; ).
Scholars report business leaders fail to ensure the organization’s KMS incorporates Knowledge
Management processes necessary for the promotion of knowledge worker productivity (Jennex,
2017; Karlinsky-Shichor & Zviran, 2016; Sutanto et al., 2018; Vanian, 2016; Xiaojun, 2017).
While utilizing the organization’s KMS, knowledge worker productivity then requires the
capability to accomplish the knowledge work task in an efficient and timely manner (Shujahat et
al., 2019). According to Vanian (2016), the continued loss of millions of dollars flows from the
failure of businesses to implement an efficient KMS to support knowledge worker productivity
that necessitates further research.
58
Employee Satisfaction
Employee satisfaction is one of the desired outcomes after implementing the
organization’s KMS in support of KM activities (Zhang & Venkatesh, 2017). The specific KM
capabilities realized within the organization lead to employee satisfaction as an outcome through
employee empowerment to perform assigned job tasks (Zamir, 2019). Employee satisfaction as
the final major theme in this study is based on literature in context from the KMS usage
perspective (Jennex, 2017; Jennex & Olfman, 2006; Zamir, 2019; Zhang & Venkatesh, 2017). A
review of the literature further reveals subthemes related to this study as the user satisfaction
during the usage of the organization’s KMS and the KMS knowledge quality constructs defined
as KM strategy/process, richness, and linkage (Jennex & Olfman, 2006; Jennex, 2017; Kumar,
2018; Zamir, 2019; Zhang & Venkatesh, 2017).
User Satisfaction
The Jennex and Olfman KM Success Model describe the user satisfaction dimension in
this model as an indicator of the employee’s satisfaction with their interaction with the KMS
(Jennex & Olfman, 2006; Jennex, 2017). The user’s experience during the successful retrieval of
knowledge assets performing KM activities has linked these results with employee satisfaction to
gain the desired knowledge (Popa et al., 2018). During the employee’s use of the organization’s
KMS to support KM activities, user satisfaction comes from the capability to retrieve the
knowledge asset from the system to complete assigned job tasks as noted in the Jennex and
Olfman KM Success Model (Jennex & Olfman, 2006; Jennex, 2017). Employee satisfaction
varies based on the KMS user’s experience evidenced in the knowledge outcome determined by
the user’s specific job task (Khanal and Raj Poudel, 2017).
59
KM Strategy/Process. The KM Strategy/process construct is the first indicator of KMS
knowledge quality described as the KM strategies determining the KM processes for knowledge
workers while performing KM planned activities (Jennex & Olfman, 2006; Jennex, 2017). The
organization’s KM strategy determines the processes upheld for the flow of knowledge assets
within the KMS and affects the KMS knowledge quality (Popa et al., 2018). Research study
results connect employee satisfaction with KM’s capabilities and KMS strategies, allowing the
knowledge worker to perform tasks because of KM activities(Khanal and Raj Poudel, 2017).
Richness. The richness constructs depicted as the second indicator of the organization’s
KMS knowledge quality was described as the result of the accuracy and timeliness retrieval of
the knowledge asset within the KMS (Jennex, 2017; Jennex & Olfman, 2006). Richness is an
indicator of retrieving the desired results from performing a search within the KMS and the
success of those results (Zhang & Venkatesh, 2017). Employee satisfaction within the context of
KMS use becomes a consequence of the knowledge worker’s expectations from the KMS to
perform knowledge work (Jennex, 2017; Jennex & Olfman, 2006; Zhang & Venkatesh, 2017).
Linkage. The internal codification of the stored knowledge assets creates an internal
mapping within the KMS. Behind the scenes, codification impacts the knowledge worker based
on the search query contributing as the third indicator of the organization’s KMS knowledge
quality (Jennex, 2017; Jennex & Olfman, 2006). During the implementation of the KMS, the
internal structure originates in an internal network of logic from the available KMS features and
capabilities (Karlinsky-Shichor & Zviran, 2016). Employee satisfaction becomes affected by the
internal link competencies supporting the additional constructs of KMS knowledge quality
(Jennex, 2017; Jennex & Olfman, 2006).
60
Summary
The literature review followed the lens of the Jennex and Olfman KM success model’s
knowledge quality within a Knowledge Management System as one of the components (Jennex,
2017; Jennex & Olfman, 2006; Liu et al., 2008). Information systems theory served as the
seminal foundation of this model relevant to the underlying technology influencing the
knowledge quality of the KMS (Langefors, 1977; Lerner, 2004). The Jennex and Olfman KM
Success Model (2006) allowed the appropriate framework for this study. This model adds
specific knowledge aspects asserting comparative dimensions of performance indicators detailed
in the DeLone and McLean IS Success Model (DeLone & McLean, 1992; DeLone & McLean,
2003; DeLone & McLean, 2004; Liu, Olfman, & Ryan, 2005; Zuama et al., 2017). Related
knowledge domains listed within the literature review include knowledge workers, Knowledge
Management, Knowledge Management Systems, knowledge worker productivity, and employee
satisfaction as the five major themes encompassing subdomains forming the context of this
research.
Additional subcategories documented within the knowledge worker domain section
included knowledge work, knowledge workers in the technology industries, and the 21st-century
role of knowledge workers. Researchers Eltayeb and Kadoda (2017) concluded a significant
relationship between Knowledge Management practices, future business strategies, and business
performance upon analysis from interviews with experts, managers, and employees in the region.
Eltayeb and Kadoda request future researchers to explore the quality of knowledge information
stored within the KMS. Within the Knowledge Management major theme, the subcategories are
the history of Knowledge Management, components of Knowledge Management, and
organizational units of Knowledge Management. Additional dimensions within the components
61
of the Knowledge Management subcategory included the creation of knowledge assets, capturing
knowledge assets, sharing knowledge assets, storage of knowledge assets, and consumption of
knowledge assets. The organizational unit Knowledge Management also contains additional
dimensions within the subcategory supported by the literature, including information
management, process management, people management, innovation management, and asset
management. AlShamsi and Ajmal’s (2018) report result from a study investigating the critical
success factors to promote knowledge sharing identifying leadership, culture, and strategy as
leading indicators. AlShamsi and Ajmal encourage future studies to review additional essential
elements of success in new industries. The third major theme in this literature review is the
Knowledge Management System. This theme incorporates five subcategories comprised of the
history of KMS, types of KMS, implementation of KMS, knowledge worker use of KMS, KMS
performance indicators, and KMS knowledge quality. Iskandar et al. (2017) accumulated top
research articles to request future studies to identify additional features of the KMS supporting
the organization’s Knowledge Management processes.
The fourth domain supported within the literature is knowledge worker productivity,
including the subcategories KWP measurement challenges, KWP enablement, and KWP
financial implications. Shujahat et al. (2019) collected data from 369 knowledge workers within
the IT industry to identify potential relationships between the knowledge worker productivity
and Knowledge Management processes. The results indicated significant linkages between
knowledge creation and knowledge utilization to increased innovation influenced by
productivity. Shujahat et al. (2019) request future research to include additional Knowledge
Management process influences.
62
Employee satisfaction as the final theme in this study supported by a review of the
literature encompasses user satisfaction, and the three constructs of the KMS knowledge quality
dimension of the Jennex and Olfman KM Success Model (Jennex, 2017; Jennex & Olfman,
2006). Researchers agree the common thread to employee satisfaction within the context of KM
activities while using the KMS is the enablement for the knowledge worker to retrieve
knowledge assets required to perform job tasks (Jennex, 2017; Jennex & Olfman, 2006; Zamir,
2019; Zhang & Venkatesh, 2017). Employee satisfaction is one of the desired outcomes after the
implementation of the organization’s KMS in support of KM activities (Zhang & Venkatesh,
2017). The specific KM capabilities realized within the organization lead to employee
satisfaction as an outcome through the empowerment of the employees to efficiently perform
assigned job tasks (Zamir, 2019).
Employee satisfaction as the final major theme in this study is based on literature in
context from the KMS usage perspective (Jennex, 2017; Jennex & Olfman, 2006; Zamir, 2019;
Zhang & Venkatesh, 2017). A review of the literature further reveals subthemes related to this
study as the user satisfaction during the usage of the organization’s KMS and the KMS
knowledge quality constructs defined as KM strategy/process, richness, and linkage (Jennex &
Olfman, 2006; Jennex, 2017; Kumar, 2018; Zamir, 2019; Zhang & Venkatesh, 2017).
Researchers identified correlations between the successful implementation of an organization’s
KMS to promote KM activities, employee performance, and satisfaction (Zamir, 2019; Zhang &
Venkatesh, 2017).
63
Chapter 3: Research Method
A thorough review of the literature in chapter two revealed that the Jennex and Olfman
KM Success Model supports the appropriate theoretical framework in this study (Jennex, 2017;
Jennex & Olfman, 2006; Liu et al., 2008). Five domain sections within the literature review in
support of this framework included knowledge workers, Knowledge Management, Knowledge
Management Systems, knowledge worker productivity, and employee satisfaction, forming the
background of this research. The literature review supports the research method and design
implemented in this study to examine the relationship between KMS knowledge quality,
knowledge worker productivity, and employee satisfaction.
The failure of business leaders to implement a KMS capable of providing knowledge
quality reduces knowledge worker productivity and results in millions of dollars in annual losses
(Ferolito, 2015; Vanian, 2016). Numerous researchers have studied how the implementation and
maintenance of an organization’s KMS affect the knowledge workers’ ability to retrieve
knowledge assets (Andrawina et al., 2018; De Freitas & Yáber, 2018; Ferolito, 2015; Xiaojun,
2017; Zhang & Venkatesh, 2017). Deficiencies in the quality of information stored within an
organization’s KMS prevents knowledge workers from retrieving these knowledge assets,
thereby reducing knowledge worker productivity and employee satisfaction (Jennex, 2017;
Jennex & Olfman, 2006; Karlinsky-Shichor & Zviran, 2016; Khanal & Raj Poudel, 2017; Popa
et al., 2018; Sutanto et al., 2018; Xiaojun, 2017; Zhang & Venkatesh, 2017). The International
Data Corporation (IDC) reports that one-third of a knowledge worker’s daily responsibilities will
require the searching for and acquiring of information needed across several knowledge systems,
and only 56% of the time, the information becomes found (Ferolito, 2015; Vanian, 2016).
64
The purpose of this quantitative survey research method is to explore the relationship
between the knowledge quality of an organization’s Knowledge Management System, knowledge
worker productivity, and employee satisfaction for firms in the software industry in California.
The theoretical concept to measure the KMS knowledge quality stems from the Jennex and
Olfman KM Success Model adapted after the DeLone and McLean IS Success Model
incorporating the knowledge quality expectations from an organization’s KMS (DeLone &
McLean, 1992; DeLone & McLean, 2003; DeLone & McLean, 2004; Jennex & Olfman, 2006).
The research questions support the statement of the problem and purpose of the study, forming
the basis for the research method and design.
RQ1. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and knowledge worker productivity?
RQ2. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and employee satisfaction?
The remainder of this chapter includes details of this quantitative research methodology
and correlational design supporting the study’s defined problem and purpose. Next is a
description of the population and sample participants intended for this study. This is followed by
the questionnaire and survey as the planned instrument and tool deliver the gateway for the
remainder of the chapter. The details of the independent and dependent variables used in this
study served as the operational definitions of variables supported by research. In the study
procedures section of this chapter, a description of actions used to gather the data for the number
of sample participants provided researchers a clear understanding when replicating this study.
The intended strategies to test the hypotheses when answering the research questions were listed
in this section also used to address the problem in this study based on participant data collection.
65
A description of the assumptions with supporting rationale, limitations, delimitations, and ethical
assurances finalized the sections enclosed in this chapter, supplemented the reader’s
understanding of this study’s goals. Finally, the significant points of this study listed in summary
conveyed the foundational concepts supporting the study topic in this chapter.
Research Methodology and Design
This quantitative, correlational research study explored if a relationship exists between
the KMS knowledge quality, knowledge worker productivity, and employee satisfaction. This
quantitative research method was the most relevant to this study and accomplished the goal of
exploring the relationship between the identified variables supporting the problem, purpose, and
research questions from the same participant sample (Mellinger & Hanson, 2016). This
correlational research design applied correlational statistical methods and identified the
relationship between variables (Cavenaugh, 2015). The Pearson’s Correlation test was planned to
be used to examine if a positive, negative, or zero association existed between the variables;
however, the assumption of the normal distribution was not met and replaced by the Spearman’s
coefficient of rank correlation test as the distribution was not normal (Field, 2013). The
quantitative research questions in this study assisted the researcher in devising this study’s
structure, allowed the researcher to answer questions tested by using the hypotheses statements
as a guide during the collection and analysis of the data (Punch, 2013). The quantitative research
design in this study assisted the researcher in implementing the research questions and identify
the relationship between the independent variable identified as KMS knowledge quality and the
dependent variables determined as knowledge worker productivity and employee satisfaction
(Jennex & Olfman, 2006; Jennex, 2017).
66
Descriptive, causal-comparative/quasi-experimental, and experimental quantitative
research designs were considered inappropriate for this study due to the noncausal relationship-
focused method (Mellinger & Hanson, 2016; Punch, 2013). Since the descriptive design does not
form a hypothesis until after the participant data collection, this design was determined as
irrelevant as this study’s hypothesis was based on current literature. Causal-comparative/quasi-
experimental design aims to identify cause-effect between identified variables and do not
manipulate the dependent variable. An experimental design that utilizes the scientific method to
manipulate the independent variable to identify the outcome of the dependent variable in a
controlled environment did not apply to this study.
Qualitative and mixed methods research methods determined the least desired as the
methodology due to the purpose of this study to analyze potential relationships between the
independent and dependent variables (Mukhopadhyay & Gupta, 2014). Qualitative research
methods did not meet the goal of the proposed research study due to the variables of the study
identified and the planned statistical measurement (Mukhopadhyay & Gupta, 2014). Another
constraint when considering qualitative research includes the time and cost of gathering and
interpreting the data. Qualitative research includes conducting interviews, observing participants,
and facilitating focus groups to categorize and codify based on the prerequisites to data analysis
(Johnson & Onwuegbuzie, 2004). Mixed methods as a research method did not deem appropriate
for this study based on the variables requiring validity and reliability efforts when reporting the
analysis of the relationships (Johnson & Onwuegbuzie, 2004). Researchers utilize qualitative
designs based on unknown variables and problem generalization, guiding the purpose of the
study and not applicable based on known variables in this study (Flick, 2018). An experimental
design was not amiable for this study. The correlational research design was best suited for this
67
study in support of the research questions to determine if a relationship exists between the KMS
knowledge quality as the independent variable and the dependent variables identified as
knowledge worker productivity and employee satisfaction.
Researchers agree that the knowledge quality within an organization’s KMS proves a
vital performance indicator of success within the digital management of knowledge assets
(Jennex, 2017; Jennex & Olfman, 2006; Karlinsky-Shichor & Zviran, 2016). The knowledge
quality of the KMS system comprises multiple dimensions of KM strategy/process, richness, and
linkage working in the background within the KMS knowledge quality construct as the focus of
this study (Jennex, 2017; Jennex & Olfman, 2006). Jennex and Olfman (2006) further describe
knowledge quality as a component of the KM Success Model, signifying the success of the
knowledge worker’s productivity and user satisfaction based on the context of the explicit
knowledge retrieved within the KMS. Researchers also describe correlational ties of knowledge
worker productivity based on interaction activities with the organization’s KMS to innovation
and financial outcomes (Drucker, 1999; Karlinsky-Shichor & Zviran, 2016; Iazzolino & Laise,
2018; Shrafat, 2018; Shujahat et al., 2019; Zhang, 2017; Zaim et al., 2019). Within the Jennex
and Olfman KM Success Model (2006), the productivity outcome of knowledge workers points
to dimensions of KMS knowledge quality. At the same time, researchers report that lack of
knowledge quality within an organization’s KMS affects knowledge workers during the retrieval
of knowledge within the KMS (Jennex, 2017; Karlinsky-Shichor & Zviran, 2016; Sutanto et al.,
2018; Zhang, 2017).
According to Bloomfield and Fisher (2019), quantitative research methods enlist the
positivism paradigm approach adopting research guided by logistical collection and analysis to
generate the reality of the phenomena. This study follows the same practices of current research
68
employing a quantitative research method collecting data from participants by anonymous online
survey techniques. Next, the researcher plans to identify the population and sample participants,
noting the estimated size and characteristics supported by evidence of this population reflecting
the problem, purpose, and research questions in this study.
Population and Sample
The identified population for this study includes businesses classified within the software
industry. The focus of this study further narrowed the population to businesses within California
within the software industry with headquarters in California. Requirements for participants in
this study introduced as those employed in the software industry referred to as the knowledge
worker category (Moussa et al., 2017; Surawski, 2019; Turriago-Hoyos et al., 2016). Using the A
priori power analysis within the G*Power software allows the identification of the sampling
sizes needed for this correlational study indicating a sample size of 153 participants because of
the output for the priori power analysis (medium effect size = .0625, error = .05, power = .95,
predictors = 1) in Appendix A Figure 3. These factors used an alpha level of p = .05, allowed the
researcher to achieve an 80% probability of accurately finding a significant result supported by
the alpha level indication of a significant difference among the groups. The target sample size
included 153 qualified knowledge worker participants. Survey questions included the constructs
of KMS knowledge quality, knowledge worker usage, knowledge worker productivity, and
employee satisfaction questions for data collection efforts. The data collection efforts for this
study began by contracting Qualtrics panel services to solicit online participation for knowledge
workers in the software industry in California. Qualtrics panel services allowed the targeting of
participants from several organizations for full and part-time employees within the existing
69
technology-based departments, considered knowledge workers, to complete an anonymous
online survey.
Instrumentation
The Jennex and Olfman KM Success Model served as the basis for selecting the KMS
knowledge quality as the independent variable and knowledge worker productivity and employee
satisfaction during the use of the KMS as the dependent variables (Jennex, 2017; Jennex &
Olfman, 2006). The researcher gained permission to use Halawi’s (2005) KMS Success survey
instrument for data collection that formulated the research questions as shown in Appendix B
Figure 4. The online survey for this study required a conversion of Halawi’s (2005) original
printed KMS Success survey as an instrument in Appendix C Figure 5 to an online survey
questionnaire using Qualtrics panel services. The online KMS Success survey offered the same
survey questions as the original KMS Success survey. The online KMS Success survey questions
ensured the capture of KMS usage in terms of the knowledge quality of the KMS, knowledge
productivity, employee satisfaction, and six demographic questions using the same 7-point Likert
scale (Halawi, 2005). According to Halawi (2005), the validity of the KMS Success survey
instrument confirmed the measurement of the variables in context, and the reliability of the
survey instrument held consistent as a result of thorough preliminary methods implementing a
documented pre-test, pilot test, factor analysis, and internal consistency validations (Halawi,
2005).
Data collected from the online survey instrument served as the mechanism that provided
the researcher answers to the study research questions and guidance for the acceptance or
rejection of the null hypothesis (Wright, 2017). The researcher implemented the research
questions as a guide to the survey questions and response choices. Advantages exist when using
70
a survey to collect data articulating answers representing the data from the population (Kelley-
Quon, 2018). If the sample size is large enough to represent the population, collected data should
yield answers like those received if the entire population took the same survey. Another
advantage of administering online surveys to collect data is the removal of researcher
subjectivity in the participant’s answers (Kelley-Quon, 2018). Disadvantages during the sole use
of online surveys as instruments to collect data may introduce the offending of participants due
to the general question format aimed toward the entire population (Wright, 2017). Another
disadvantage to online surveys prevents capturing the participant’s emotional response to
questions which generally provides the researcher with the depth of the emotion attached to the
question (Wright, 2017).
The researcher contracted the use of Qualtrics panel survey services and implemented
Halawi’s (2005) KMS Success survey online in the collection of desired data to answer the
research questions in this study. The reliability and validity of the survey instrument were
confirmed by using Halawi’s proven KMS Success instrument based on the Jennex and Olfman
KM Success Model (2017) in previous studies. Knowledge workers, Knowledge Management,
Knowledge Management Systems, knowledge worker productivity, and employee satisfaction
comprise the five major themes based on the review of the literature to answer the research
questions. Halawi (2005) performed Cronbach’s alpha to measure internal consistency reliability
and confirmed the variables’ accurate measurement (Allen, 2017). In this study, the researcher
entered the collected data into IBM SPSS
Operational Definitions of Variables
This quantitative, correlational research study consisted of one independent variable,
KMS knowledge quality, and two dependent variables, knowledge worker productivity and
71
employee satisfaction, displayed in Appendix D Table 1. The Jennex and Olfman KM Success
Model served as a guide for the context and operational definitions of these variables (Jennex,
2017; Jennex & Olfman, 2006; Liu et al., 2008). Halawi’s (2005) KMS Success survey
instrument was the tool used to answer the research questions further supported by the
independent and dependent variables in the Jennex and Olfman KMS Success Model context. A
7-point Likert scale within the online survey instrument included the same questions based on
Halawi’s (2005) KMS Success survey instrument. The independent variable and dependent
variables utilizing the Likert 7-point scale model followed the standard scores of 1 = Strongly
Disagree, 2 = Moderately Disagree, 3 = Somewhat Disagree, 4 = Neutral, 5 = Somewhat Agree,
6 = Moderately Agree, and 7 = Strongly Agree. Peer-reviewed research articles regarding KMS
knowledge quality, knowledge worker productivity, and employee satisfaction facilitated the
appropriate variable constructs and definitions of each variable. The independent and dependent
variables calculated score comprised the average results from the Likert scale representing
interval scale measurements from each question answered on the KMS Success survey
instrument and formed the transformed independent and dependent variables.
KMS Knowledge Quality
This independent, interval variable was transformed from a subset of ordinal 7-point
Likert scale question objects representing the three levels comprising KMS knowledge quality
defined as KM strategy/process, richness, and linkages as supported within the Jennex and
Olfman KM Success Model (Jennex, 2017; Jennex & Olfman, 2006; Liu et al., 2008).
Researchers have found the implementation of the organization’s KMS to affect the knowledge
worker’s ability to retrieve knowledge assets (Andrawina et al., 2018; De Freitas & Yáber, 2018;
Ferolito, 2015; Xiaojun, 2017; Zhang & Venkatesh, 2017).
72
KM Process/Strategy
KM process/strategy is one of three dimensions within KMS knowledge quality serving
as the independent variable contributing to the research questions in this study. As an indicator of
KMS knowledge quality, the KM strategies and processes determine how the knowledge worker
will use the KMS during planned KM activities (Jennex & Olfman, 2006; Jennex, 2017). The
direct result of the KM strategies and processes establishes the capability of retrieving
knowledge assets within the KMS, directly affecting the KMS knowledge quality (Popa et al.,
.2018). Researchers link the capability of the knowledge worker to perform KM activities and
employee satisfaction (Khanal and Raj Poudel, 2017).
Richness
Richness is one of three dimensions within KMS knowledge quality, serving as the
independent variable contributing to the research questions in this study. The knowledge worker
performs search queries within the KMS, expecting successful results of the knowledge assets
within the context of each search (Zhang & Venkatesh, 2017). This indicator of knowledge
quality reflects the accuracy and timeliness of the knowledge assets retrieved from the KMS and
within the context of the expected knowledge return (Jennex, 2017; Jennex & Olfman, 2006). In
KMS use, employee satisfaction becomes a consequence of the knowledge worker’s realized
outcomes from the KMS to complete knowledge work tasks (Jennex, 2017; Jennex & Olfman,
2006; Zhang & Venkatesh, 2017).
Linkage.
Linkage is one of three dimensions within KMS knowledge quality, serving as the
independent variable contributing to the research questions in this study. As an indicator of KMS
knowledge quality, the internal codification of the stored knowledge assets enables an internal
73
mapping within the KMS (Jennex, 2017; Jennex & Olfman, 2006). During the implementation of
the KMS, the initial structure of these mappings became revealed to the knowledge worker after
retrieving the knowledge assets based on the internal logic to create those mappings (Karlinsky-
Shichor & Zviran, 2016). Employee satisfaction becomes affected by the internal linkage of
knowledge asset mappings supporting the additional constructs of KMS knowledge quality
(Jennex, 2017; Jennex & Olfman, 2006).
Knowledge Worker Productivity
Knowledge worker productivity as the first dependent, interval variable became
represented by the knowledge worker’s value-added activities resulting from interaction with the
organization’s KMS (Kianto et al., 2019; Shujahat et al., 2019). Researchers link knowledge
worker productivity concerning KM activities as influencers on business performance and
financial results (Shrafat, 2018; Vanian, 2016; ). Knowledge worker
productivity becomes operationalized as a mechanism to the ability of the user to successfully
retrieving knowledge assets within an existing KMS (Dey & Mukhopadhyay, 2018). The
analysis of data collected using the survey instrument measured the first research question to
determine if a statistically significant relationship existed between the knowledge quality of an
organization’s KMS and knowledge worker productivity.
Employee Satisfaction
Employee satisfaction as the second dependent, interval variable depicted the successful
experience based on the knowledge worker’s actual use of the KMS while performing KM
activities (Zamir, 2019; Zhang & Venkatesh, 2017). Similarly, Jennex and Olfman (2006)
describe use/user employee satisfaction as a component of the performance indicator, referencing
a successful experience based on the actual use of the KMS and employee satisfaction from each
74
use. The analysis of data collected using the survey instrument measured the second research
question and identified if a statistically significant relationship existed between the knowledge
quality of an organization’s KMS and employee satisfaction.
Study Procedures
The following steps describe the completed actions ensuring this study may be replicated.
Northcentral University’s Institutional Review Board (IRB) approved the study before data
collection efforts began as displayed in Appendix F Figure 6. The questions from the original
printed KMS Success survey instrument created and validated by Halawi (2005) were used for
this study displayed in Appendix C Figure 5. The researcher converted Halawi’s (2005) KMS
Success survey printed questions into an online Qualtrics survey. The online KMS Success
survey offered the same survey questions as the original KMS survey, including the KMS
Success questions. The online survey tabulated KMS usage in terms of the knowledge quality of
the KMS, knowledge productivity, employee satisfaction, and six demographic questions using
the 7-point Likert scale (Halawi, 2005). Once collected, the researcher used the online survey
data to align the 7-point Likert scale responses to the independent and dependent variables for
statistical analysis. Using the transform tool in SPSS, the mean of the KMS knowledge quality
survey question objects computed into the independent variable. Similarly, the SPSS transform
tool was used to convert the mean of the survey question objects into each applicable dependent
variable, knowledge worker productivity and employee satisfaction within the context of KMS
usage (Jennex, 2017; Jennex & Olfman, 2006). As shown in Appendix D Table 1, the
independent and dependent variables were a result of the average calculations from the ordinal
Likert scale questions representing interval scale measurements from each question answered on
the KMS Success survey instrument.
75
The researcher contracted Qualtrics panel services to solicit responses from knowledge
workers employed in the software industry residing in California. The survey link was active for
two weeks until the required 153 survey responses were collected. The first webpage of the
online survey listed the purpose of the study and the risks and benefits of participating in the
online survey, and efforts to ensure anonymous participation. On the first page of the survey, the
participant was required to click the ‘I agree’ button to begin the survey registering their consent
to the outlined risks. Once the participants clicked the button, the indication of informed consent
to collect data from each answered survey question was logged. The second page of the online
survey further prequalified the participants listing questions to confirm the participant’s
classification as knowledge workers in the software industry. The researcher stored the data on a
password-protected Microsoft Excel spreadsheet using an alphanumeric labeling system for each
participant’s set of survey responses to secure the participants’ identity. After uploading the
survey data into SPSS, the researcher removed the participants identifying information and
assigned a generic alpha ID for each participant’s responses. Statistical tests were performed on
the collected data, and the production of tables and charts were interpreted and described in the
chapter 4 findings.
Data Analysis
The instrument for data collection was an online survey from Qualtrics with pre-validated
survey questions from the original Halawi’s (2005) KMS Survey in Appendix C Figure 5. Data
collection for this study originated from the survey contracted by Qualtrics panel services that
utilized pre-recruited surveys from knowledge workers in California using the probability
sampling framework. The online KMS Success survey questions matched the same survey
questions as the original printed KMS Success survey. The online survey included the KMS
76
questions tabulating KMS usage in terms of the knowledge quality of the KMS, knowledge
productivity, employee satisfaction, and six demographic questions on a 7-point Likert scale
(Halawi, 2005). The research questions examining KMS knowledge quality, knowledge, worker
productivity, and employee satisfaction were measured using an acceptable medium effect size
of .0625 (Field, 2013). The assumption in using an alpha level of p = .05 for the Type 1 error
probability rejecting the null hypothesis when it is true applies to this quantitative, correlational
survey research method. The researcher performed the analysis with IBM SPSS after
transforming the survey question ordinal objects into the interval variables. These statistical tests
supported the researcher’s ability in answering the research questions that determined the type of
relationship among the variables.
Research integrity represents the threats to internal validity when incorrect data collection
procedures introduce unknown biases during data collection (Dewitt et al., 2018; Siedlecki,
2020). External validity ensures the study methodology is repeatable on the more significant
applicable population requiring the sample data to be a representation of the applicable
population (2020). In this way, future studies to repeat the study design and methodology.
Ethical considerations for this study require receiving informed consent by each participant after
initial contact to participate in the study survey. Informed consent reduces the potential pressure
applied by management to complete the survey in a manner expected by the employee’s
management (Rawdin, 2018; Vehovar & Manfreda, 2017). Care to ensure the employee’s
responses cannot become an identifiable method from the management personnel. Upon the
return of the required 153 surveys, the survey was considered open for participation for pre-
qualified survey partakers. Each response then became coded using an alphanumerical system
for identification purposes only and the initial responses were permanently deleted. Informed
77
consent was acquired by providing the risks and benefits on the first page of the survey with an ‘I
Agree’ button clicked by each participant.
The support for this research design reflected the ability to quantify the variable
measurements determining the relationship between the knowledge quality within a KMS,
knowledge worker productivity, and employee satisfaction through Likert scale data collection.
The vulnerability of this research design included self-reported data and potential outlier
variables (Hughes, 2012). The verification of reliability and validity of the research variables for
confirmation factor analysis (CFA) was achieved through structural equation modeling fully
validated by Halawi (2005). Validity efforts of the research variables utilized survey questions
evident in research studies, including a pre-test, pilot, and complete analysis performed by
Halawi’s KMS Success survey. Pre-qualification efforts used by Qualtrics panel services guided
each participant using questions confirming job classification type and assigned department. This
researcher conducted ethical assurances to ensure the anonymous data collection was performed
without risking the employees’ confidentiality, preventing social status and job safety concerns
based on collected responses.
Assumptions
On of the assumptions of this study was that California businesses utilize one type of
electronic Knowledge Management System to capture, store, and share knowledge. Next, this
study presumed that each participant answered honestly to each survey question. A final
assumption is that knowledge workers employed in California make use of an organization’s
KMS to search for knowledge assets. Most organizations have a robust organizational structure
preventing outliers and allowing research data to capture information toward knowledge worker
productivity.
78
Limitations
The researcher identified many limitations in this research study. Data collection methods
when using online surveys limit the ability of the researcher to determine if the participant
answered the online questions honestly (Siedlecki, 2020). Halawi’s (2005) KMS Success survey
comprised multiple questions and asked the same context as was validated by Halawi that
performed Cronbach’s alpha reliability tests for each variable (Allen, 2017). The researcher
contracted Qualtrics panel services for data collection that administered the online survey to
increase participation rates and reduce the study limitations. These limitations included a lack of
control to verify participants lived in California participating in the online survey. Finally, the
respondents in the survey may not have represented the desired knowledge worker employed in
the software industry. The Qualtrics panel services prequalified each survey response and
ensured each participant was identified as a knowledge worker employed in the software
industry living in California before the survey closed with over 153 qualified responses
collected.
Delimitations
The purpose of this quantitative, correlational study was to determine if a relationship
exists between KMS knowledge quality, knowledge worker productivity, and employee
satisfaction. A review of the research revealed that knowledge workers using the organization’s
KMS represent employees performing tasks requiring a specific skill set to be productive when
the assigned job role tasks were executed (Levallet & Chan, 2018; Orenga-Roglá & Chalmeta,
2019; Surawski, 2019; Wang & Yang, 2016; Xiaojun, 2017; Zhang & Venkatesh, 2017). While
knowledge workers exist across the globe, the researcher selected only employees in the software
industry in California that ensured a large enough sample size was acquired for this study. The
79
researcher selected only the KMS knowledge quality as one of six components in the Jennex and
Olfman KM Success Model (2006) that identified the relationship between knowledge worker
productivity and employee satisfaction. A review of the literature identified KMS knowledge
quality may enable Knowledge Management capabilities and business performance, yet business
leaders continue to fail to implement an effective KMS (Drucker, 1999; Iazzolino & Laise,
2018); Jennex, 2017; Karlinsky-Shichor & Zviran, 2016; Sutanto et al., 2018; Vanian, 2016;
Xiaojun, 2017).
Ethical Assurances
The researcher gained approval from the Northcentral University Institutional Review
Board (IRB) before the data collection began as displayed in Appendix F Figure 6. The
researcher minimized the risk to the participants of the online survey by briefly documenting the
process of the data collection, the storage procedures of the participant data, took steps to ensure
the participant identity and answers remained protected, and the planned destruction of the data
process within the survey (Dewitt et al., 2018). Each participant agreed to informed consent
when the “I Agree” button was clicked on the information page and confirmed the outlined risks
were accepted for participation in the online survey. The researcher stored the data from the
online survey on a password-protected Microsoft Excel spreadsheet followed by an
alphanumeric labeling system for each participant’s set of survey responses which secured the
identity of the participants. The researcher took additional steps that prevented bias during the
data collection and the analysis of data. The researcher contracted with Qualtrics panel services
and retrieved an unbiased collection of data applicable for this research study. Submitted online
surveys with missed answers to the KMS question sections were not used for data analysis to
remove unknown participant bias (Siedlecki, 2020).
80
Summary
In summary, this quantitative, correlational study aligned with the problem, purpose, and
research questions that examined if a relationship exists between the knowledge quality
component of the KMS, knowledge worker productivity, and employee satisfaction. The
selection of the quantitative research method and correlational survey design resulted from the
support of research also supported by the framework comprised of knowledge workers,
Knowledge Management, Knowledge Management Systems, knowledge worker productivity,
and employee satisfaction (DeLone & McLean, 1992; DeLone & McLean, 2003; DeLone &
McLean, 2004; Liu, Olfman, & Ryan, 2005; Zuama et al., 2017). Online surveys hinged upon the
direction of the Jennex and Olfman KM Success Model served as the basis for selecting
variables for content validity (Jennex, 2017; Jennex & Olfman, 2006). The operational
definitions of the KMS knowledge quality, knowledge worker productivity, and employee
satisfaction variables were transformed and computed by the means from the collection of the
Likert scale question objects.
The specific study procedures describe the steps taken during data collection and allowed
an informed decision from each participant to complete the survey agreeing to informed consent.
Assumptions, limitations, delineations, and ethical assurances supported the validity and ethical
considerations of this study. Data collection intentions and analysis of the collected data
supported the research method and design of this study. In chapter 4, the findings on the analysis
of collected data were reported and segregated by each research question that identified patterns
in the findings. Descriptive information and explanations for each statistical test allowed the
reader to interpret the results, including inferred assumptions.
81
Chapter 4: Findings
The problem addressed in this study was that there is often great difficulty encountered in
trying to retrieve knowledge assets about events in the past required for strategic decision-
making without an effective, in-place Knowledge Management System (KMS) (Oladejo &
Arinola, 2019). Knowledge Management (KM) is challenging to implement requires exploration
and improvement in its’ continued application and development (Putra & Putro, 2017).
Additional difficulties associated with the lack of an effective KMS include knowledge asset
unavailability, improper knowledge asset documentation, excessive time consumption associated
with searching for knowledge assets, decision-making overhead, and duplication of effort
(Oladejo & Arinola, 2019). A substantial number of Knowledge Management System (KMS)
implementations have not achieved their intended outcomes, such as employee performance and
employee satisfaction (Zhang & Venkatesh, 2017).
The purpose of this quantitative, correlational study was to explore the relationship
between the knowledge quality of an organization’s KMS, the knowledge worker productivity,
and employee satisfaction for software industry organizations in California. This study is
relevant and contributes to the Knowledge Management research community as millions of
dollars in losses from unsuccessful KMS implementations fail to satisfy expected benefits in
knowledge assets to support business performance (Fakhrulnizam et al., 2018; Levallet & Chan,
2018; Nusantara et al., 2018; Vanian, 2016). When organizations fail to implement a successful
KMS, KM strategies depending on the use of knowledge assets for knowledge worker
productivity and employee satisfaction also fail (De Freitas & Yáber, 2018; Demirsoy &
Petersen, 2018; Putra & Putro, 2017; Xiaojun, 2017).
82
The research questions of this study were used to examine the relationship between the
knowledge quality of an organization’s Knowledge Management System, knowledge worker
productivity, and employee satisfaction. These research questions formed the basis for the
research method and design, reflected the statement of the problem and purpose of the study.
Each research question corresponded with the null and alternative hypothesis as follows:
RQ1. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and knowledge worker productivity?
H10. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and knowledge worker productivity.
H1a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and knowledge worker productivity.
RQ2. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and employee satisfaction?
H20. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and employee satisfaction.
H2a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and employee satisfaction.
In the remaining sections of this chapter, the researcher organized the sections based on
their relevance to the research questions, including the validity and reliability of the data.
Descriptions in this chapter also include the assumptions of statistical tests, results from the data
analysis to answer the research questions, and the hypothesis outcomes. Next, the evaluation of
the findings based on existing research and theory are provided, followed by a summary of the
research findings and Chapter 5.
83
Validity and Reliability of the Data
The KM Success survey instrument established by Halawi (2005) to measure the success
of Knowledge Management Systems was converted to an online survey using the same questions
and a 7-point Likert scale. In this study, this researcher performed statistical tests on data
gathered from the online Qualtrics survey and explored if a statistically significant relationship
existed between the knowledge quality of an organization’s KMS, knowledge worker
productivity, and employee satisfaction. Halawi (2005) initiated a pre-test to confirm the survey
question’s clarity among the small set of participants, followed by a pilot study in further
confirmation of modified survey questions to represent identified variables. The evaluation for
the validity of the final KMS Success survey instrument reported by Halawi (2005) consisted of
discriminant, construct, and convergent validity measures.
Throughout the discriminant validity tests, Halawi (2005) dropped constructs based on
factor loading values with correlations lower than 0.5 ensured no overlap of factors existed.
Also, construct validity tests were performed using factor analysis to examine the relationship
between the survey items supporting variables described within the study’s theoretical context of
Halawi’s (2005) study. Halawi also performed convergent validity tests by analyzing the survey
items to the total correlation based on each survey item’s correlation summed by the additional
survey items. Halawi (2005) measured the reliability of the final survey instrument using
Cronbach’s Alpha tests for internal consistency across the study’s constructs. Halawi (2005)
reported that the Pearson’s correlation coefficients test to identify the strength and direction for
the study’s variables were statistically significant at the .01 level.
84
KMS Success Survey Instrument
In this study, the same questions from Halawi’s (2005) KMS Success survey instrument
were converted from printed form to an online survey hosted in the Qualtrics web platform
included in Appendix C Figure 5. Halawi’s (2005) survey instrument was used to test the
dimensions of the Delone and McLean model (1992, 2002, 2003) for measuring the success of
an organization’s KMS and the relationship among the dimensions. The online KMS Success
survey for this study served the purpose of data collection in answering the research questions
and explored the relationship between the knowledge quality of an organization’s KMS, the
knowledge worker productivity, and employee satisfaction. According to Halawi (2005), the
validity of the KMS Success survey instrument confirmed the measurement of the variables in
context, and the reliability of the survey instrument was held reliable.
Common Construct Measures
The questions in Halawi’s (2005) original survey measured the six construct dimensions
in the transformed Delone and McLean model (1992, 2002, 2003) contained within the Jennex
and Oflman KMS Success Model (2003). The survey questions and constructs applied to this
study’s variables remained relevant to the same construct dimensions within the Jennex and
Oflman KMS Success Model (2003) identified as knowledge quality, employee satisfaction (user
satisfaction), and knowledge worker productivity (net system benefits). This researcher
combined the common survey question items representing each construct into one specific
variable as specified in this study to answer the research questions. Multiple survey items
representing each dependent variable, employee satisfaction, and knowledge worker productivity
were combined into one variable for each dependent variable construct. Although several
dimensions exist within KMS knowledge quality as the independent variable as discussed in
85
Chapter 2, for this study, the independent variable as a single construct was measured against the
dependent variables to answer the research questions and test the null hypothesis.
Assumptions
Spearman’s correlation coefficient was used to answer each of the research questions
assessing the statistical assumptions, including the level of measurement and monotonic
relationship. Pearson’s correlation coefficient was eliminated as the statistical measure due to the
violation of normality and further recommendation to use Spearman’s test for survey ordinal data
(de Winter et al., 2016).
Monotonic Relationship. A Spearman correlation requires that the relationship between
each pair of variables does not change direction (Schober et al., 2018). Schober et al. state that
this assumption is violated if the points on the scatterplot between any pair of variables appear to
shift from a positive to negative or negative to a positive relationship. Figure 1 presents the
scatterplot of the correlation between the KMS knowledge quality independent variable and the
dependent variable knowledge worker productivity. Figure 2 presents the scatterplot of the
correlation between the KMS knowledge quality independent variable and the dependent
variable employee satisfaction.
86
Figure 1 Scatterplot of KMS KQ and KWP
Scatterplot of KMS KQ and KWP
Figure 2 Scatterplot of KMS KQ and employee satisfaction
Scatterplot of KMS KQ and employee satisfaction
87
Level of Measurement. The level of measurement when using the Spearman
correlational coefficient test is more relaxed than that of Pearson’s correlation coefficient
assumptions (Schober et al., 2018). Schober et al. state the internal, ratio or ordinal levels of
measurement meet the assumption for the Spearman correlational coefficient test.
Test for Normality. The Shapiro-Wilk tests were conducted to identify if the
distributions of KMS knowledge quality, knowledge worker productivity, and employee
satisfaction resulted as significantly different from a normal distribution. The variables had
distributions that significantly differed from normality based on an alpha of 0.05: KMS
knowledge quality (W = 0.90, p < .001), knowledge worker productivity (W = 0.88, p < .001),
and employee satisfaction (W = 0.89, p < .001). The results are presented in Table 2.
Table 2 Shapiro-Wilk Test Results for all Study Variables Test for Normality
Shapiro-Wilk Test Results for all Study Variables Test for Normality
Variable W p
KMS knowledge quality 0.90 < .001
knowledge worker productivity 0.88 < .001
employee satisfaction 0.89 < .001
Results
In this section, results from the data analysis used to answer the research questions and to
test the hypothesis are presented, describing the overall study sample size, descriptive statistics,
and demographic summary. The target sample size of N = 153 was determined using G*Power
software displayed in Appendix A Figure 3. An online survey with eighty-three questions about
the employees’ current KMS was distributed using Qualtrics panel services for two weeks until a
88
total of at least 153 valid responses from knowledge workers employed in software industry
firms in California were fulfilled. A total of 154 valid participant responses were recorded and
analyzed for this study. Survey questions were transformed into the independent variable KMS
knowledge quality and the two dependent variables, knowledge worker productivity, and
employee satisfaction.
Descriptive Statistics
Descriptive statistics were calculated for the KMS knowledge quality, knowledge worker
productivity, and employee satisfaction. The results for KMS knowledge quality as the
independent variable were calculated using SPSS as an average of 5.30 (SD = 1.35, SEM = 0.11,
Min = 1.09, Max = 7.00, Skewness = -1.15, Kurtosis = 1.09). The results for knowledge worker
productivity were calculated as an average of 5.35 (SD = 1.39, SEM = 0.11, Min = 1.00, Max =
7.00, Skewness = -1.25, Kurtosis = 1.22). The results for employee satisfaction were calculated
as an average of 5.25 (SD = 1.55, SEM = 0.13, Min = 1.00, Max = 7.00, Skewness = -1.03,
Kurtosis = 0.40). In a comparison of the means, all three variable values were close in value to
one another whereas the employee satisfaction variable with a higher standard deviation was
interpreted as more dispersed from the mean than the KMS knowledge quality or knowledge
worker productivity. The summary of descriptive statistics can be found in Table 3.
89
Table 3 Summary of Descriptive Statistics
Summary of Descriptive Statistics
Variable M SD n SEM Min Max Skewness Kurtosis
KMS knowledge quality 5.30 1.35 154 0.11 1.09 7.00 -1.15 1.09
Knowledge worker productivity 5.35 1.39 154 0.11 1.00 7.00 -1.25 1.22
Employee satisfaction 5.25 1.55 154 0.13 1.00 7.00 -1.03 0.40
Demographic Summary
Demographic information was voluntary and collected from participants completing the
online KMS Success survey. Frequencies and percentages were calculated for each participant’s
voluntary demographic data for gender, age, years employed, years of KMS usage, education
level, employment position, and industry in Appendix E. The most frequently noted category of
gender was Male (n = 132, 86%). The noted frequencies for age had an average of 41.07 (SD =
7.90, Min = 20.00, Max = 68.00). The most frequently noted category of years employed was
greater than ten years (5) (n = 57, 37%). The most frequently noted category of years of KMS
usage was greater than five years (5) (n = 51, 33%). The most frequently noted category of
education level was master’s degree or beyond (4) (n = 110, 71%). The most frequently noted
category of employment position was Sr. Manager/Director (3) (n = 63, 41%). Frequencies and
percentages tables and values are presented in Appendix E Tables 4 – 10.
Research Question 1/Hypothesis
RQ1. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and knowledge worker productivity?
90
H10. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and knowledge worker productivity.
H1a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and knowledge worker productivity.
A Spearman correlation analysis was conducted between KMS knowledge quality and
knowledge worker productivity for the first research question to assess if a significant statistical
relationship exists between KMS knowledge quality and knowledge worker productivity. The
minimum required sample size of N = 153 according to the G*Power analysis in Appendix A
Figure 3 was collected over two weeks resulting in 154 valid participant survey responses. The
result of the correlation was examined based on an alpha value of 0.05. A significant positive
correlation was observed between KMS knowledge quality and knowledge worker productivity
(rs = 0.94, p < .001, 95% CI [0.92, 0.96]). The correlation coefficient between KMS knowledge
quality and knowledge worker productivity was .94, indicating a large effect size (Cohen, 1988).
This correlation indicates that as KMS knowledge quality increases, knowledge worker
productivity tends to increase. Table 11 presents the output of the correlation test.
Table 11 Spearman Correlation Result: KMS KQ and KWP
Spearman Correlation Result: KMS Knowledge Quality and Knowledge Worker Productivity
Combination rs 95% CI p
KMS knowledge quality-knowledge worker productivity 0.94 [0.92, 0.96] < .001
Note. n = 154.
Research Question 2/Hypothesis
RQ2. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and employee satisfaction?
91
H20. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and employee satisfaction.
H2a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and employee satisfaction.
A Spearman correlation analysis was conducted between KMS knowledge quality and
employee satisfaction for the second research question to assess if a significant statistical
relationship exists between KMS knowledge quality and employee satisfaction. The minimum
required sample size of N = 153 according to the G*Power analysis in Appendix A Figure 3 was
collected over two weeks resulting in 154 valid participant survey responses. The result of the
correlation was examined based on an alpha value of 0.05. A significant positive correlation was
observed between KMS knowledge quality and employee satisfaction (rs = 0.93, p < .001, 95%
CI [0.91, 0.95]). The correlation coefficient between KMS knowledge quality and employee
satisfaction was 0.93, indicating a large effect size. This correlation indicates that as KMS
knowledge quality increases, employee satisfaction tends to increase. Table 12 presents the
output of the correlation test.
Table 12 Spearman Correlation Results: KMS Knowledge Quality and Employee Satisfaction
Spearman Correlation Results: KMS Knowledge Quality and Employee Satisfaction
Combination rs 95% CI p
KMS knowledge quality-employee satisfaction 0.93 [0.91, 0.95] < .001
Note. n = 154.
Evaluation of the Findings
The assessment of the findings in this study was interpreted based on the Jennex and
Olfman KM Success (2017) forming the theoretical framework discussed in chapter 1 and
92
chapter 2. As presented in existing research, the findings support the theoretical framework
representing the importance in the success of the KMS knowledge-centric practices providing
knowledge assets utilized to accomplish an organizational business purpose (Alavi & Leidner,
2001; Ermine, 2005; Jennex, 2017; Jennex & Olfman, 2006; Wu & Wang, 2006). The theoretical
framework in this study was the basis for the research questions and interpretation of the results
using the Jennex and Olfman KM Success Model as performance indicators while using the
organization’s Knowledge Management Systems (Jennex, 2017; Jennex & Olfman, 2006).
Research Question 1
To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and knowledge worker productivity?
The null hypothesis for this research question was that there is not a statistically significant
relationship between the knowledge quality of an organization’s KMS and knowledge worker
productivity and was rejected. The results of the inferential test analysis using Spearman’s
correlation resulted in a significant strong positive correlation between the knowledge quality of
an organization’s KMS and knowledge worker productivity. There was an indication between the
variables in that when KMS knowledge quality increases, knowledge worker productivity tends
to increase.
Research Question 2
To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and employee satisfaction? The null hypothesis for
this research question was that there is not a statistically significant relationship between the
knowledge quality of an organization’s KMS and employee satisfaction and was rejected. The
results of the inferential test analysis using Spearman’s correlation resulted in a significant strong
93
positive correlation between the knowledge quality of an organization’s KMS and employee
satisfaction. There was an indication between the variables in that when KMS knowledge quality
increases, employee satisfaction tends to increase as seen in the hypothesis testing results for the
first research question.
Summary
The purpose of this quantitative, correlational study was to explore the relationship
between the knowledge quality of an organization’s KMS, the knowledge worker productivity,
and employee satisfaction for software industry organizations in California. The researcher
conducted this study using an online survey as the research instrument and collected data from
knowledge workers employed in software industry firms in California. The data collected were
analyzed based on the research questions from the 154 completed participant responses in this
study. Halawi’s (2005) past validity and reliability efforts for the KMS Success survey
instrument were considered appropriate to support this study.
Two research questions were tested against the null hypothesis, and both were rejected
based on the statistical significance results. The Spearman’s correlational nonparametric test was
used to investigate if a relationship existed between the KMS knowledge quality, knowledge
worker productivity, and employee satisfaction. Descriptive statistics results were noted for the
independent and dependent variables with similar results. A demographic summary of voluntary
participant information was captured for gender, age, years employed, years of KMS usage,
education level, employment position, and type of software industry as displayed in Appendix E.
An evaluation of the findings shows the null hypothesis for both research questions was rejected
as the significant relationship test results were evident between the KMS knowledge quality and
the knowledge worker productivity and the KMS knowledge quality and employee satisfaction.
94
The findings in this chapter will be used as the basis for the implications, recommendations, and
conclusions of this study in chapter 5.
95
Chapter 5: Implications, Recommendations, and Conclusions
This chapter continues the study topic that explored the relationship between the quality
of a KMS, knowledge worker productivity, and employee satisfaction. The problem addressed
by this study was that there is often great difficulty encountered in trying to retrieve knowledge
assets about events in the past required for strategic decision-making without an effective, in-
place Knowledge Management System (KMS) (Oladejo & Arinola, 2019). The purpose of this
quantitative, correlational study was to explore the relationship between the knowledge quality
of an organization’s KMS, the knowledge worker productivity, and employee satisfaction for
software industry organizations in California. The quantitative research method achieved the
goal of exploring the relationship between the identified variables supporting the problem,
purpose, and research questions from the same participant sample (Mellinger & Hanson, 2016).
This correlational research design using correlational statistical methods identified the
relationship between independent and dependent variables (Cavenaugh, 2015). The results from
the assumption of the normal distribution compelled Spearman’s coefficient of rank correlation
test as the statistical method of choice (Field, 2013). Statistical tests on data gathered from the
online Qualtrics survey were used to explore if a statistically significant relationship existed
between the knowledge quality of an organization’s KMS, knowledge worker productivity, and
employee satisfaction. The results of this study were based on two research questions tested
against the null hypothesis. both research questions’ null hypothesis were rejected based on the
statistical significance results. A significant positive correlation was observed between KMS
knowledge quality and knowledge worker productivity. Likewise, a significant positive
correlation was observed between KMS knowledge quality and employee satisfaction. The
researcher identified limitations in this research study beyond control. The Qualtrics panel
96
services acquired 154 participants responses self-identifying as meeting the requirements over 18
years old, read/understand English, interact with the organization’s KMS, live in California, and
currently employed in the software industry. Another limitation impacting this study arises from
the lack of additional research similar to the Jennex and Olfman KM Success Model (2006)
addressing recent KMS applications.
The research questions and corresponding hypothesis served as a guide for the basis of
this study, supported by the research method and design alignment with the statement of the
problem and purpose. The researcher used the first research question to determine if a
statistically significant relationship existed between the knowledge quality of an organization’s
KMS and knowledge worker productivity. The researcher used the second research question to
determine if a statistically significant relationship existed between the knowledge quality of an
organization’s KMS and employee satisfaction. Each research question was used to test the
hypothesis. The remainder of this chapter will include a review of the implications of this study,
recommendations for practice based on the results of this study, and recommendations for future
research to further explore the results of this study. Finally, the conclusion will summarize the
problem, purpose, and importance of the study, finalizing this section discussing applications for
future professional and academic stakeholders based on the findings of this study.
Implications
The findings reflected in chapter 4 guided the implications of this study. These findings
align with the study’s theoretical framework based on the Jennex and Olfman KM Success
Model. The Jennex and Olfman KM Success Model (2006) supported KMS knowledge quality
as the independent variable followed by knowledge worker productivity and employee
satisfaction during the use of the KMS as the dependent variables for this study (Jennex, 2017;
97
Jennex & Olfman, 2006). Five significant themes formed the context of this study’s theoretical
framework supported by a review of the literature, including knowledge workers, Knowledge
Management, Knowledge Management Systems, knowledge worker productivity, and employee
satisfaction. In following this model, two research questions were used to guide this study to
explore the relationship between the knowledge quality of an organization’s KMS, the
knowledge worker productivity, and employee satisfaction. Within each research question
section below, the researcher will discuss results relative to the literature review in chapter 2, the
problem and purpose of the study supported by the theoretical framework, and the significance.
Each research question will include the findings and how the study results contribute to the
existing body of research.
Research Question 1/Hypothesis
RQ1. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and knowledge worker productivity?
H10. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and knowledge worker productivity.
H1a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and knowledge worker productivity.
The first research question guided the analysis of the data to determine if a significant
relationship between the knowledge quality of an organization’s KMS and knowledge worker
productivity existed. The null hypothesis was tested and rejected based on the findings indicating
a significant positive correlation was observed between KMS knowledge quality and knowledge
worker productivity. The results indicated that as KMS knowledge quality increases, knowledge
worker productivity tends to increase. Table 11 presents the output of the correlation test.
98
Factors that might have influenced the interpretation of the results originate from the
contextual implications regarding the knowledge quality of KMS and the knowledge worker
productivity definition derived within the literature (Jennex 2017; Jennex & Olfman, 2006). The
knowledge quality of the organization’s KMS served as the independent variable within the first
research question. Jennex and Olfman (2006) outlined six key performance indicators within the
Jennex and Olfman KM Success Model as specific components utilized to measure the
performance of the KMS, noting knowledge quality as the first key indicator applicable to this
study. Additional researchers describe the degree of knowledge content quality retrieved
determines the knowledge worker’s perceived usefulness of the system (Jahmani et al., 2018;
Zhang, 2017). Knowledge worker productivity was identified as the dependent variable within
the first research question. Researchers describe knowledge worker productivity as the value-
added activities resulting from the knowledge worker’s interaction with the organization’s KMS
(Kianto et al., 2019; Shujahat et al., 2019).
The study results address the problem in the difficulty encountered in trying to retrieve
knowledge assets about events in the past. The knowledge quality dimensions comprised of KM
process/strategy, richness, and linkage impact the knowledge worker’s capability to retrieve the
desired knowledge assets within the organization’s KMS (Jennex & Olfman, 2006). The study
results support the purpose of exploring the relationship between the knowledge quality of an
organization’s KMS and the knowledge worker productivity for software industry organizations
in California. Data collected from 154 participant surveys representing knowledge workers
employed in the software industry living in California answered questions regarding KMS
knowledge quality, productivity, and perceived satisfaction during usage of the KMS. The results
99
indicated a significant positive correlation observed between KMS knowledge quality and
knowledge worker productivity.
The study results contribute to the existing literature and theoretical framework based on
the accepted KMS knowledge quality and knowledge worker definitions within the literature and
framework derived by the Jennex and Olfman KM Success Model (2006). Also, this researcher
converted the written Halawi’s (2005) KM Success survey into an online survey based on the
foundation of the Jennex and Olfman KM Success Model (2006) used as the basis of the data
analyzed in this study. The researcher determined the existing literature supported the need for
this study as the continued financial losses from unsuccessful KMS implementations fail to
satisfy expected benefits in knowledge assets to support business performance (Fakhrulnizam et
al., 2018; Levallet & Chan, 2018; Nusantara et al., 2018; Vanian, 2016). The study results are
consistent with existing research as discussed by Jahmani et al. (2018) from study conclusions
surveying healthcare staff from multiple hospitals regarding KMS components finding that
knowledge content quality retrieved from the knowledge worker as a functional requirement
perceived usefulness of KMS. Also, several researchers report that the failure to ensure the
organization’s KMS incorporates successful KM process outcomes impact knowledge worker
productivity (Jennex, 2017; Karlinsky-Shichor & Zviran, 2016; Sutanto et al., 2018; Vanian,
2016; Xiaojun, 2017).
The study results are also consistent with existing Jennex and Olfman KM Success
(2006) theory for KMS implementation success indicators as to the degree of knowledge content
quality retrieved during usage of the KMS impacted the knowledge worker’s perceived
usefulness of the system (Jahmani et al.,2018; Zhang, 2017). The study results provided an
unexpectedly large effect size in the correlation strength between the independent variable KMS
100
knowledge quality and the dependent variable knowledge worker productivity. While not a
causal relationship, the implications associated with the strength of the correlation coefficient
when measuring the relationship between the variables indicate that as the KMS knowledge
quality improves, the knowledge worker productivity may also improve.
Research Question 2/Hypothesis
RQ2. To what extent, if any, is there a statistically significant relationship between the
knowledge quality of an organization’s KMS and employee satisfaction?
H20. There is not a statistically significant relationship between the knowledge quality of
an organization’s KMS and employee satisfaction.
H2a. There is a statistically significant relationship between the knowledge quality of an
organization’s KMS and employee satisfaction.
The second research question guided the data analysis to determine if a significant
relationship between the knowledge quality of an organization’s KMS and employee satisfaction
existed. The null hypothesis was tested and rejected based on the findings indicating a significant
positive correlation between KMS knowledge quality and employee satisfaction. The results
indicated that as KMS knowledge quality increases, employee satisfaction tends to increase.
Table 12 presents the output of the correlation test.
Factors that might have influenced the interpretation of the results originate from the
contextual implications regarding the knowledge quality of KMS and the employee satisfaction
definition derived within the literature. The knowledge quality of the organization’s KMS served
as the independent variable within the second research question. The Jennex and Olfman KM
Success Model (2006) describes knowledge quality within the KMS as the performance indicator
of KMS success comprised of KM process/strategy, richness, and linkage dimensions. The
101
Jennex and Olfman KM Success Model (2006) describes the employee ‘users’ satisfaction as one
component of the KM Success performance indicators, noted as a successful experience based on
the actual use of the KMS and employee satisfaction from each use. Employee satisfaction was
identified as the dependent variable within the second research question. Employee satisfaction
is also portrayed as a successful experience based on the knowledge worker’s actual use of the
KMS while performing KM activities (Zamir, 2019; Zhang & Venkatesh, 2017).
The study results speak to the difficulty retrieving the knowledge asset due to the KMS
knowledge quality impacting the employee satisfaction and potentially the intent not to use the
KMS in the future (Jennex and Olfman, 2006; Oladejo & Arinola, 2019). The study results
support the purpose of exploring the relationship between the knowledge quality of an
organization’s KMS and employee satisfaction for software industry organizations in California.
Data collected from 154 participant surveys representing knowledge workers employed in the
software industry living in California answered questions regarding KMS knowledge quality,
productivity, and perceived satisfaction during usage of the KMS. The results indicated a
significant positive correlation observed between KMS knowledge quality and employee
satisfaction. The study results contribute to the existing literature and theoretical framework
based on the accepted KMS knowledge quality and employee satisfaction definitions within the
literature and framework derived by the Jennex and Olfman KM Success Model (2006). Also,
this researcher converted the written Halawi’s (2005) KM Success survey into an online survey
based on the foundation of the Jennex and Olfman KM Success Model (2006) used as the basis
of the data analyzed in this study. The researcher determined the existing literature supported the
need for this study as the continued financial losses from unsuccessful KMS implementations
102
fail to satisfy expected benefits in knowledge assets to support business performance
(Fakhrulnizam et al., 2018; Levallet & Chan, 2018; Nusantara et al., 2018; Vanian, 2016).
The study results are consistent with existing research for employee satisfaction reviewed
by Zamir ( 2019) as realized through employee empowerment to perform assigned job tasks.
Several researchers concur the employee satisfaction is a desired outcome during the usage of the
organization’s KMS based on the successful retrieval of knowledge assets (Jennex & Olfman,
2006; Jennex, 2017; Kumar, 2018; Zamir, 2019; Zhang & Venkatesh, 2017). The study results
are also consistent with existing Jennex and Olfman KM Success (2006) theory for KMS
implementation success indicators as a link between the user’s experience during the successful
retrieval of knowledge assets performing KM activities and employee satisfaction in achieving
the desired knowledge within the KMS (Popa et al., 2018). The study results provided an
unexpectedly large effect size in the correlation strength between the independent variable KMS
knowledge quality and employee satisfaction as the dependent variable. While not a causal
relationship, the implications associated with the strength of the correlation coefficient when
measuring the relationship between the variables indicate that as the KMS knowledge quality
improves, employee satisfaction may also improve.
The most significant implications of this study are the unexpected strength in the
correlation coefficient when examining the relationship for each research question. The
implications from both research questions indicate that as the KMS knowledge quality improves,
the knowledge worker productivity may improve. As the KMS knowledge quality improves,
employee satisfaction may also improve. The consequences of the study results support the
continued efforts to identify indicators to effectively manage the knowledge assets within an
organization’s KMS to achieve the desired productivity result (Ferolito, 2015; Vanian, 2016).
103
This study was presented to contribute to the body of knowledge due to the failure of
organizations to implement a successful KMS to support knowledge worker productivity and
employee satisfaction in the workplace. The results of this study found a statistically significant
relationship between the knowledge quality of an organization’s KMS and knowledge worker
productivity and between the knowledge quality of an organization’s KMS and employee
satisfaction. The study results contribute to the existing body of research as the continued
unsuccessful KMS implementations failing to efficiently manage knowledge assets have resulted
in millions of dollars in loss of employee productivity to support business performance
(Fakhrulnizam et al., 2018;
et al., 2019).
Recommendations for Practice
The literature review based on the Jennex and Olfman KM Success Model (2006)
framework sought to address organizations need to implement an effective KMS to retrieve
knowledge assets (Fakhrulnizam et al., 2018; Levallet & Chan, 2018; Nusantara et al., 2018;
Oladejo & Arinola, 2019; Vanian, 2016). The recommendations for practice are based on the
study findings guided by the research questions to explore the relationship between the
knowledge quality of an organization’s KMS, knowledge worker productivity, and employee
satisfaction.
Knowledge Management Business Leaders
Organizational business leaders responsible for the Knowledge Management strategies
should follow ISO 30401:2018 Knowledge Management guidelines due to the global problem of
KMS implementation failures (“ISO 30401:2018,” 2018). Attempts to implement KMS online
systems have not provided the desired productivity result across the globe based on the lack of
104
organizational standards (Ferolito, 2015; Vanian, 2016). The results showed a significant
positive correlation between KMS knowledge quality and knowledge worker productivity
displayed in Table 11. Also, a significant positive correlation was observed between KMS
knowledge quality and employee satisfaction displayed in Table 12. Business leaders should note
the results of this study as the survey participants included 63% of participants who had
interacted with the organization’s KMS for at least three or more years. Moreover, 94.2 % of
participants held the position of manager or higher.
Recommendations for Future Research
Several recommendations for future research are provided based on the limitations noted
in this study and gaps realized within the literature. A change in the participant requirements is to
open the online survey to participants on a global scale and not just in California. Also, the
online survey should allow participants to translate into any supported language and not just
English. Finally, the survey should be expanded to allow participants employed in health and
education in addition to the software industry. A new survey instrument is recommended
creating a new pilot survey further approved by subject matter experts in each industry updating
the existing survey questions to capture newer KMS capabilities. Two options to include
additional performance indicators are recommended. First, this study only analyzed some of the
Jennex and Olfman KM Success Model (2006) performance indicators. Future research should
include all performance indicators to replicate all Jennex and Olfman KM Success Model (2006).
Second, an updated KM Success Model includes changes in the Knowledge Management
strategies and KMS performance indicators. The next logical short-term step for future
researchers could be to expand the participant requirements, as previously noted. Next, a
modification of the current online survey should include the key performance indicators as
105
mentioned in the Jennex and Olfman KM Success Model (2006) or additional key performance
indicators as supported by the literature.
Conclusions
This quantitative, correlational study explored the relationship between the knowledge
quality of an organization’s KMS, knowledge worker productivity, and employee satisfaction
within the software industry in California. These findings align with the study’s theoretical
framework based on the Jennex and Olfman KM Success Model (2006). The Jennex and Olfman
KM Success Model supported KMS knowledge quality as the independent variable followed by
knowledge worker productivity and employee satisfaction during the use of the KMS as the
dependent variables for this study (Jennex, 2017; Jennex & Olfman, 2006). The study results
supported the difficulty encountered in retrieving knowledge assets about events in the past and
the KMS knowledge quality impacting employee satisfaction (Jennex and Olfman, 2006;
Oladejo & Arinola, 2019). The most significant implication from this study was the unexpected
strength in the correlation coefficient when measuring the relationship for each research
question. The study results support the importance of continuing efforts to identify performance
indicators to effectively manage the knowledge assets within an organization’s KMS to achieve
the desired productivity result (Ferolito, 2015; Vanian, 2016). This study contributed to the body
of knowledge and future research efforts for Knowledge Management business leaders due to the
failure of organizations to implement a successful KMS to support knowledge worker
productivity and employee satisfaction in the workplace. Further research to include updated KM
performance indicators for the KM Success for organizations with an existing KMS may be
helpful to organizations in several industries worldwide. Efforts to identify key KM performance
indicators may provide helpful information for business leaders to improve the successful
106
retrieval of knowledge assets, improve the knowledge quality of the KMS, and improve
knowledge worker productivity.
107
References
Al Ahbabi, S.A., Singh, S.K., Balasubramanian, S. and Gaur, S.S. (2019). Employee perception
of impact of Knowledge Management processes on public sector performance. Journal of
Knowledge Management, 23(2), 351-373. https://doi.org/10.1108/JKM-08-2017-0348
Al Shamsi, O., & Ajmal, M. (2018). Critical factors for knowledge sharing in technology-
intensive organizations: Evidence from UAE service sector. Journal of Knowledge
Management, 22(2), 384-412. https://doi.org/10.1108/JKM-05-2017-0181
Alaarj, S., Zainal, A. M., & Bustamam, U.S.B.A. (2016). Mediating role of trust on the effects of
Knowledge Management capabilities on organizational performance. Procedia – Social
and Behavioral Sciences, 235(2016), 729–738.
http://doi.org/10.1016/j.sbspro.2016.11.074
Alattas, M., & Kang, K. (2016). The relationship between organizational culture and knowledge
sharing towards business system success. arXiv.org. https://arxiv.org/abs/1606.02460.
Alavi, M., & Leidner, D. E. (2001). Knowledge Management and Knowledge Management
Systems: Conceptual foundations and research issues. MIS Quarterly, 25(1), 107–136.
https://doi.org/10.2307/3250961
Allen, M. (2017). In the SAGE Encyclopedia of Communication Research Methods (Vol. 1-4).
SAGE. https://doi.org/10.4135/9781483381411
Al-Emran, M., Mezhuyev, V., Kamaludin, A., & Shaalan, K. (2018). The impact of Knowledge
Management processes on information systems: A systematic review. International
Journal of Information Management, 43, 173–187.
https://doi.org/10.1016/j.ijinfomgt.2018.08.001
108
Ali, N., Tretiakov, A., Whiddett, D., & Hunter, I. (2016). Knowledge management systems
success in healthcare: Leadership matters. International Journal of Medical
Informatics, 97, 331–340. https://doi.org/10.1016/j.ijmedinf.2016.11.004
A literature study. Business Management Dynamics, 8(12), 1–12.
https://doi.org/10.1016/j.chb.2016.03.075
Andrawina, L., Soesanto, R. P., Pradana, S. I., & Ramadhan, G. (2018). Measuring Knowledge
Management System implementation readiness. Pertanika Journal of Social Sciences &
Humanities, 26, 219.
Andrews, M., & Smits, S. (2019). Using tacit knowledge exchanges to improve teamwork. ISM
Journal of International Business, 3(1), 15–23. doi.org/10.1201/
1078/43194.18.1.200101
Archibald, T., Sharrock, G., Buckley, J., & Young, S. (2018). Every practitioner a “knowledge
worker”: Promoting evaluative thinking to enhance learning and adaptive management in
international development. New Directions for Evaluation, 2018(158), 73–91.
https://doi.org/10.1002/ev.20323
of R&D spillovers in innovation development. Journal of Security & Sustainability, 9(2),
409–420. https://doi.org/10.9770/jssi.2019.9.2(1)
Bacila, M. L., & Titu, M. A. (2018). Structural capital and organizational culture – an approach
regarding the development of valuable intellectual capital. Review of General
Management, 28(2), 66–74. https://doi.org/10.1007/s11135-015-0183-3
109
Banerjee, P., Gupta, R., & Bates, R. (2017). Influence of organizational learning culture on
knowledge worker’s motivation to transfer training: testing moderating effects of learning
transfer climate. Current Psychology: A Journal for Diverse Perspectives on Diverse
Psychological Issues, 36(3), 606. https://doi.org/10.1007/s12144-016-9449-8
Barnes Reports: Software Publishing Industry (NAICS 51121). (2019). United States
remediation services industry report, 1–196. https://www.barnesreports.com
Becerra-Fernandez, I., Leidner, D. E., & Leidner, D. (2008). Knowledge management: An
evolutionary view. https://ebookcentral.proquest.com
Bloomfield, J., & Fisher, M. J. (2019). Quantitative research design. Journal of the Australasian
Rehabilitation Nurses’ Association (JARNA), 22(2), 27–30.
https://doi.org/10.33235/jarna.22.2.27-30
Briones-Peñalver, A. J., Bernal-Conesa, J. A., & de Nieves Nieto, C. (2019). Knowledge and
innovation management model. Its influence on technology transfer and performance in
Spanish Defense industry. International Entrepreneurship and Management Journal, 1.
https://doi.org/10.1007/s11365-019-00577-6
Byrne, B. (2019). Return on Expectations: An Academic Assessment of a Large KM
Project. Proceedings of the European Conference on Knowledge Management. Journal of
Knowledge Management Application and Practice, 1, 201. Retrieved from
http://www.naturalspublishing.com/
Cannatelli, B., Smith, B., Giudici, A., Jones, J., & Conger, M. (2017). An expanded model of
distributed leadership in organizational knowledge creation. Long Range Planning, 50(5),
582–602. https://doi-org.proxy1.ncu.edu/10.1016/j.lrp.2016.10.002
110
Carlson, A. (1969). Information Systems: Theory and Practice. Accounting Review, 44(4), 852–
854. Retrieved from http://www.jstor.org/stable/243690
Caruso, S. J. (2017). A Foundation for Understanding Knowledge Sharing: Organizational
Culture, Informal Workplace Learning, Performance Support, and Knowledge
Management. Contemporary Issues in Education Research, 10(1), 45–52.
https://doi.org/10.19030/cier.v10i1.9879
Cavanagh, R. (2015). A unified model of student engagement in classroom learning and
classroom learning environment: one measure and one underlying construct. Learning
Environments Research, 18(3), 349–361. https://doi.org/10.1007/s10984-015-9188-z
Centobelli, P., Cerchione, R., & Esposito, E. (2018). How to deal with Knowledge Management
misalignment: a taxonomy based on a 3D fuzzy methodology. Journal of Knowledge
Management, 22(3), 538. https://doi.org/10.1108/JKM-10-2016-0456
Ceptureanu, S.I., Ceptureanu, E. G., Zgubea, F., & Tudorache, A. (2012). Economic Survey on
Knowledge Based Management in Romanian Companies. Review of International
Comparative Management. Revista de Management Comparat International, 13(2), 325–
336. Retrieved from https://www.ceeol.com/
Corney, P. J. (2018). As KM evolves, so will the ISO standard. Business Information
Review, 35(4), 165. https://doi.org/10.1177/0266382118810825
Costas, J., & Karreman, D. (2016). The bored self in knowledge work. Human Relations, 69(1),
61–83. https://doi.org/10.1177/0018726715579736
-Sikora, A., Sikora, J., Rorat, J., & Niemiec, M.(2018). Information
technology tools in corporate Knowledge Management. Ekonomia i Prawo, 1(1), 5.
https://doi.org/10.12775/EiP.2018.00. (2018).
111
De Freitas, V., & Yáber, G. (2018). Information management as a determinant of success in
Knowledge Management Systems. Journal of Business, 10(2), 88.
https://doi.org/10.1590/s1984-296120180034
DeLone, W. H., & McLean, E. R. (1992). Information systems success: The dependent variable.
Information Systems Research, 3(1), 60–95. https://doi.org/10.1287/isre.3.1.60
DeLone, W. H., & McLean, E. R. (2003). The DeLone and McLean Model of Information
Systems Success: A Ten-Year Update. Journal of Management Information Systems,
19(4), 9–30. https://doi.org/10.1080/07421222.2003.11045748
DeLone, W. H., & McLean, E. R. (2004). Measuring e-commerce success: Applying the DeLone
& McLean Information Systems Success Model. International Journal of Electronic
Commerce, 9(1), 31–47. https://doi.org/10.1080/10864415.2004.11044317
Demirsoy, A. & Petersen, K. (2018). Semantic Knowledge Management System to support
software engineers: Implementation and static evaluation through interviews at Ericsson.
E-Informatica Software Engineering Journal, 1(1), 237. https://doi.org/10.5277/e-
Inf180110
Dewitt J., Capistrant B., Kohli N., Rosser B., Mitteldorf D., Merengwa E., West W. (2018).
Addressing participant validity in a small internet health survey (The Restore Study):
Protocol and recommendations for survey response validation. Journal of Medical
Internet Research, 20(4), 1. https://doi.org/10.2196/resprot.7655
Dey, T., & Mukhopadhyay, S. (2018). Linkage between contextual factors, knowledge-sharing
mediums, and behaviour: Moderating effect of knowledge-sharing intentions. Knowledge
& Process Management, 25(1), 31–40. https://doi-org.proxy1.ncu.edu/10.1002/kpm.1558
112
Dong, T.-P., Hung, C.-L., & Cheng, N.-C. (2016). Enhancing knowledge sharing intention
through the satisfactory context of continual service of Knowledge Management
Systems. Information Technology & People, 29(4), 807. https://doi.org/10.1108/ITP-09-
2014-0195
Drucker, P. F. (1999). Knowledge-Worker Productivity: The biggest challenge. California
Management Review, 41(2), 79–94. https://doi.org/10.2307/41165987
Duarte, C. H. (2017). Productivity paradoxes revisited: Assessing the relationship between
quality maturity levels and labor productivity in Brazilian software companies. Empirical
Software Engineering: An International Journal, 22(2), 818.
https://doi.org/10.1007/s10664-016-9453-5
Dun&Bradstreet. (2020). Business Directory. D&B. https://www.dnb.com/business-
directory.html
Duvall Antonacopoulos, N. M., & Serin, R. C. (2016). Comprehension of online informed
consents: Can it be improved? Ethics & Behavior, 26(3), 177–193.
https://doi.org/10.1080/10508422.2014.1000458
Ebert, P., & Freibichler, W. (2017). Nudge management: applying behavioural science to
increase knowledge worker productivity. Journal of Organization Design, 6(1), 1.
https://doi.org/10.1186/s41469-017-0014-1
Eltayeb, S. & Kadoda, G. (2017). The impact of Knowledge Management practices on business
strategies and organizational performance. (2017). 2017 Sudan Conference on Computer
Science and Information Technology (SCCSIT), Computer Science and Information
Technology (SCCSIT), 2017 Sudan Conference On, 1.
https://doi.org/10.1109/SCCSIT.2017.8293062
113
Ermine, J.L. (2005). A theoretical and formal model for Knowledge Management Systems. St.
Louis: Federal Reserve Bank of St Louis.
Fakhrulnizam, M., Rusli, A., Marzanah, J., Rozi Nor, H., & Nor Aida, A. R. (2018). Towards the
integration of Quality Management Systems and Knowledge Management System in
Higher Education institution: Development of Q-Edge Kms Model. Acta Informatica
Malaysia, 1(2), 4. https://doi.org/10.26480/aim.02.2018.04.09
Ferolito, D. (2015). Unlocking the hidden value of information | AI-driven intelligent enterprise
search software. https://www.bainsight.com/
Field, A. (2013). Discovering statistics using IBM SPSS statistics. Washington D.C.: Sage
Publications, Inc.
Flick, U. (2018). The SAGE handbook of qualitative data collection. (2018). SAGE Publications,
Ltd. https://doi.org/10.4135/9781526416070
Fortune. (2019). Fortune.com. Retrieved from https://fortune.com/fortune500
García-Alcaraz, J. L., Montalvo, F. J. F., Avelar-Sosa, L., Pérez de la Parte, M. M., Blanco-
Fernández, J., & Jiménez-Macías, E. (2019). The importance of access to information and
knowledge coordination on quality and economic benefits obtained from Six Sigma.
Wireless Networks: The Journal of Mobile Communication, Computation, and
Information, 1. https://doi.org/10.1007/s11276-019-02180-7
Ghodsian, N., Khanifar, H., Yazdani, H., & Dorrani, K. (2017). The effective contributing
factors in knowledge sharing and knowledge transfer among academic staff at Tehran
University of Medical Sciences: A Qualitative Study. Journal of Medical Education,
1(2). https://doi.org/10.22037/jme.v16i2.18038
114
Gunadham, T. & Thammakoranonta, N. (2019). Knowledge Management Systems
Functionalities Enhancement in Practice. In Proceedings of the 5th International
Conference on Frontiers of Educational Technologies (ICFET 2019). Association for
Computing Machinery, 83–88. https://doi.org/10.1145/3338188.3338213
Halawi, L. A. (2005). Knowledge management system success in knowledge-based
organizations: An empirical validation utilizing the DeLone and McLean IS
success model (Publication No. 3169717) [Doctoral dissertation, Northcentral
University]. ProQuest Dissertations Publishing.
Hamdoun, M., Jabbour, C. J., & Ben Othman, H. (2018). Knowledge transfer and organizational
innovation: Impacts of quality and environmental management. Journal of Cleaner
Production, 193, 759–770. https://doi.org/10.1016/j.jclepro.2018.05.031
Hancock, G. R., Mueller, R. O., & Stapleton, L. M. (Eds.). (2010). The reviewer’s guide to
quantitative methods in the social sciences. https://ebookcentral.proquest.com
Hashemi, P., Khadivar, A., & Shamizanjani, M. (2018). Developing a domain ontology for
Knowledge Management technologies. Online Information Review, 42(1), 28. Retrieved
from https://www.emerald.com/insight
Hock, M., Clauss, T., & Schulz, E. (2016). The impact of organizational culture on a firm’s
capability to innovate the business model. R&D Management, 46(3), 433–450.
https://doi-org.proxy1.ncu.edu/10.1111/radm.12153
Hoe, S. (2006), “Tacit knowledge, Nonaka and Takeuchi SECI model and informal knowledge
processes”, International Journal of Organization Theory & Behavior, 9(4), 490-502.
https://doi.org/10.1108/IJOTB-09-04-2006-B002
115
Hughes, J. (2012). SAGE Library of Research Methods: SAGE internet research methods, 1-4.
SAGE Publications Ltd. https://doi.org/10.4135/9781446263327
Iazzolino, G., & Laise, D. (2016). Value creation and sustainability in knowledge-based
strategies. Journal of Intellectual Capital, 17(3), 457–470. https://doi.org/10.1108/JIC-
09-2015-0082
Iazzolino, G., & Laise, D. (2018). Knowledge worker productivity: is it really impossible to
measure it? Measuring Business Excellence, 22(4), 346. https://doi.org/10.1108/MBE-06-
2018-0035
Industries at a Glance: Publishing Industries (except Internet): NAICS 511. (2020). BLS.
https://www.bls.gov/iag/tgs/iag511.htm
Intezari, A., & Gressel, S. (2017). Information and reformation in KM systems: big data and
strategic decision-making. Journal of Knowledge Management, 21(1), 71.
https://doi.org/10.1108/JKM-06-2016-0216
Intezari, A., Taskin, N., & Pauleen, D. J. (2017). Looking beyond knowledge sharing: An
integrative approach to Knowledge Management culture. Journal of Knowledge
Management, 21(2), 492-515. https://doi.org/10.1108/JKM-06-2016-0216
Iskandar, K., Jambak, M. I., Kosala, R., & Prabowo, H. (2017). Current issue on Knowledge
Management System for future research: A systematic literature review. Procedia
Computer Science, 116, 68–80. https://doi.org/10.1016/j.procs.2017.10.011
ISO 30401:2018: Knowledge Management Systems — Requirements. (2018). ISO.
https://www.iso.org/obp/ui/#iso:std:iso:30401:ed-1:v1:en
Jabar, M. A. & Alnatsha, A. S. M. (2014). Knowledge Management System quality: A survey of
knowledge management system quality dimensions, 2014 International Conference on
116
Computer and Information Sciences (ICCOINS), 2014, pp. 1-5.
http://doi.org/10.1109/ICCOINS.2014.6868438.
Jahmani, K., Fadiya, S. O., Abubakar, A. M., & Elrehail, H. (2018). Knowledge content quality,
perceived usefulness, KMS use for sharing and retrieval. VINE: The Journal of
Information & Knowledge Management Systems, 4(4), 470.
https://doi.org/10.1108/VJIKMS-08-2017-0054
Jennex, M. (2017). Re-examining the Jennex Olfman Knowledge Management Success Model.
Proceedings of the 50th Hawaii International Conference on System Sciences.
https://doi.org/10.24251/HICSS.2017.567
Jennex, M. E., & Olfman, L. (2006). A Model of Knowledge Management Success.
International Journal of Knowledge Management, 2(3), 1.
Johnson, R. B., & Onwuegbuzie, A. J. (2004). Mixed Methods Research: A Research Paradigm
Whose Time Has Come. Educational Researcher, 33(7), 14-26.
Junior, H. J., Barbosa, C. E., de Lima, Y. O., & de Souza, J. M. (2019). Approaching future-
oriented technology analysis strategies in Knowledge Management processes. 2019 IEEE
23rd International Conference on Computer Supported Cooperative Work in Design
(CSCWD), Computer Supported Cooperative Work in Design (CSCWD), 2019 IEEE
23rd International Conference On, 99–104.
https://doi.org/10.1109/CSCWD.2019.8791886
nonparametric factor analytical methods. Educational Sciences: Theory & Practice,
16(1), 153–171. https://doi.org/10.12738/estp.2016.1.0220
117
Kaplan, D. (2002). Review of structural equation modeling: Foundations and extensions. Journal
of Educational Measurement, 39(2), 183–186. https://doi.org/10.1111/j.1745-
3984.2002.tb01142.x
Karlinsky-Shichor, Y., & Zviran, M. (2016). Factors influencing perceived benefits and user
employee satisfaction in Knowledge Management Systems. Information Systems
Management, 33(1), 55–73. https://doi.org/10.1080/10580530.2016.1117873
Kelley-Quon, L. I. (2018). Surveys: Merging qualitative and quantitative research methods.
Seminars in Pediatric Surgery, 27(6), 361–366.
https://doi.org/10.1053/j.sempedsurg.2018.10.007
Khanal, L., and Raj Poudel, S., 2017. Knowledge management, employee satisfaction, and
performance: Empirical evidence from Nepal. Saudi Journal of Business and
Management Studies, 2(2), pp. 82-91. https://doi.org/10.21276/sjbms.2017.2.2.3
Khasseh, A. A., & Mokhtarpour, R. (2016). Tracing the historical origins of Knowledge
Management issues through referenced publication years spectroscopy (RPYS). Journal
of Knowledge Management, 20(6), 1393. https://doi.org/10.1108/JKM-01-2016-0019
Kianto, A., Shujahat, M., Hussain, S., Nawaz, F., & Ali, M. (2019). The impact of Knowledge
Management on knowledge worker productivity. Baltic Journal of Management, 14(2),
178. https://doi.org/10.1108/BJM-12-2017-0404
Kimble, C., Vasconcelos, J., & Rocha, Á. (2016). Competence management in knowledge
intensive organizations using consensual knowledge and ontologies. Information Systems
Frontiers, 18(6), 1119. https://doi.org/10.1007/s10796-016-9627-0
118
Koc, T., Kurt, K., & Akbiyik, A. (2019). A brief summary of Knowledge Management domain:
10-year history of the Journal of Knowledge Management. Procedia Computer Science.
https://doi.org/10.1016/j.procs.2019.09.128
Koenig, M. (2018). What is KM? Knowledge management explained. KM World.
https://www.kmworld.com
Koenig, M., & Neveroski, K. (2008). The origins and development of Knowledge Management.
Journal of Information & Knowledge Management, 7(4), 243.
https://doi.org/10.1142/S0219649208002111
Kraemer, H. D. & Blasey, C. (2016). How many subjects? Statistical power analysis in research.
SAGE Publications, Ltd. https://doi.org/10.4135/9781483398761
Krozer, Y. (2017). Innovative offices for smarter cities, including energy use and energy-related
carbon dioxide emissions. Energy, Sustainability and Society, 7(1), 1.
https://doi.org/10.1186/s13705-017-0104-5
Kumar, M. (2018). Nature of knowledge technology across Indian organizations. Delhi Business
Review, 19(1), 69. https://doi.org/10.2139/ssrn.3400833
Langefors, B. (1977). Information systems theory. Information Systems, 1(4), 207–219.
https://doi.org/10.1016/0306-4379(77)90009-6
Labafi, S. (2017). Knowledge hiding as an obstacle of innovation in organizations a qualitative
study of software industry. Ad-Minister, 1(30), 131–148. https://doi.org/10.17230/ad-
minister.30.7
Lee, O.-K. D., Choi, B., & Lee, H. (2019). How do Knowledge Management resources and
capabilities pay off in short term and long term? Information & Management, 103166.
https://doi.org/10.1016/j.im.2019.05.001
119
Lee, J. Y., Yoo, S., Lee, Y., Park, S., & Yoon, S. W. (2019). Individual and organisational
factors affecting knowledge workers’ perceptions of the effectiveness of informal
learning: A multilevel analysis. Vocations & Learning, 12(1), 155.
https://doi.org/10.1007/s12186-019-09218-z
Leopold, H. (2019). Social media and corporate innovation management—Eight rules to form an
innovative organisation. E & i Elektrotechnik Und Informationstechnik, 136(3), 241.
https://doi.org/10.1007/s00502-019-0729-5
Levallet N, Chan YE.(2018). Organizational knowledge retention and knowledge loss. Journal
of Knowledge Management. 2019; 23(1):176. https://doi.org/10.1108/JKM-08-2017-0358
Liu, S.-C., Olfman, L., & Ryan, T. (2008). Knowledge Management System success: Empirical
assessment of a theoretical model. IGI Global. https://www.igi-global.com
Mao, H., Liu, S., Zhang, J., & Deng, Z. (2016). Information technology resource, Knowledge
Management capability, and competitive advantage: The moderating role of resource
commitment. International Journal of Information Management, 36(6), 1062–1074.
https://doi.org/10.1016/j.ijinfomgt.2016.07.001
Martinez-Conesa, I., Soto-Acosta, P., & Carayannis, E. G. (2017). On the path towards open
innovation: Assessing the role of Knowledge Management capability and environmental
dynamism in SMEs. Journal of Knowledge Management, 21(3), 553-570.
https://doi.org/10.1108/JKM-09-2016-0403
Martins, V. W. B., Rampasso, I. S., Anholon, R., Quelhas, O. L. G., & Leal Filho, W. (2019).
Knowledge management in the context of sustainability: Literature review and
opportunities for future research. Journal of Cleaner Production, 489–500.
https://doi.org/10.1016/j.jclepro.2019.04.354
120
Medakovic, V., & Maric, B. (2018). A Model of Management Information System for Technical
System Maintenance. Acta Technica Corvininesis – Bulletin of Engineering, 11(3), 85–
90. Retrieved from http://acta.fih.upt.ro
Mellinger, C. D., & Hanson, T. A. (2016). Quantitative Research Methods in Translation and
Interpreting Studies. Taylor & Francis.
Mentzas, G. (1994). Towards intelligent organizational information systems. International
Transactions in Operational Research, 1(2), 169. https://doi.org/10.1016/0969-
6016(94)90018-3
Mousavizadeh, M., Harden, G., Ryan, S., & Windsor, J. (2015). Knowledge management and the
creation of business value. Journal of Computer Information Systems, 55(4), 35-45.
https://doi.org/10.1080/08874417.2015.11645785
Moussa, M., Bright, M., & Varua, M. E. (2017). Investigating knowledge workers’ productivity
using work design theory. International Journal of Productivity & Performance
Management, 66(6), 822–834. https://doi.org/10.1108/IJPPM-08-2016-0161
Mukhopadhyay, S., & Gupta, R. K. (2014). Survey of Qualitative Research Methodology in
Strategy Research and Implication for Indian Researchers. Vision (09722629), 18(2),
109-123. https://doi.org/10.1177/0972262914528437
Muqadas, F., Rehman, M., Aslam, U., & Ur-Rahman, U.-. (2017). Exploring the challenges,
trends, and issues for knowledge sharing. VINE: The Journal of Information &
Knowledge Management Systems, 47(1), 2. https://doi.org/10.1108/VJIKMS-06-2016-
0036
Musyoki, J., Bor, T., & Tanui, T. A. (2017). Effects of Knowledge Management Facilitators and
Mechanisms on Organizational Performance in the Hospitality Industry. CLEAR
121
International Journal of Research in Commerce & Management, 8(11), 37–42.
NAICS Association. (2017). https://data.census.gov/cedsci/
Nikiforova, A., & Bicevska, Z. (2018). Application of LEAN Principles to Improve Business
Processes: A Case Study in Latvian IT Company. Baltic Journal of Modern Computing,
6(3), 247. https://doi.org/10.22364/bjmc.2018.6.3.03
Nikolopoulos, K., & Dana, L. (2017). Social capital formation in EU ICT SMEs: The role played
by the mobility of knowledge workers. European Management Review, 14(4), 409–422.
https://doi.org/10.1111/emre.12113
Nonaka, I. (1991). The knowledge-creating company. Harvard Business Review, 1(6), 96.
https://eric.ed.gov/?id=EJ1126832
Nugroho, E.A.K. Suroso, J. S., & Hanifah, P. (2018). A Study of Knowledge Management
System Acceptance in Halo Bca. JUTEI (Jurnal Terapan Teknologi Informasi), 1(1), 43.
https://doi.org/10.21460/jutei.2018.21.91
Nuñez, M. A., Wendlandt, T. R., & Álvarez, M. T. (2016). The relationship between
organizational culture and Knowledge Management in Tequila companies from Mexico.
International Journal of Advanced Corporate Learning, 9(1), 44–50.
https://doi.org/10.3991/ijac.v9i1.5748
Nurulin, Y., Skvortsova, I., Tukkel, I., & Torkkeli, M. (2019). Role of knowledge in
management of innovation. Resources (2079-9276), 8(2), 87.
https://doi.org/10.3390/resources8020087
122
Nusantara, P. D., Gayatri, N. A. G., & Suhartana, M. (2018). Combining two models of
successful information system measurement. Telkomnika, 16(4), 1793–1800.
https://doi.org/10.12928/TELKOMNIKA.v16i4.7737
O’Dwyer, L. M., & Bernauer, J. A. (2013). Quantitative research for the qualitative researcher.
SAGE Publications.
Occupational Employment Statistics. (2018). May 2018 State Occupational Employment and
Wage Estimates California. BLS.gov. https://www.bls.gov/oes/current/oes_tn.htm#15-
0000
Oladejo, B. F., & Arinola, A. G. (2019). University Knowledge Management System for
decision support for disciplinary procedures using a case-based reasoning technique.
International Journal of Technology, Knowledge & Society: Annual Review, 15(2), 31–
41. https://doi.org/10.18848/1832-3669/CGP/v15i02/31-41
Olaisen, J., & Revang, O. (2018). Exploring the performance of tacit knowledge: How to make
ordinary people deliver extraordinary results in teams. International Journal of
Information Management, 43, 295–304. https://doi.org/10.1016/j.ijinfomgt.2018.08.016
Oparaocha, G. O. (2016). Towards building internal social network architecture that drives
innovation: a social exchange theory perspective. Journal of Knowledge Management,
20(3), 534-556.
http://www.emeraldgrouppublishing.com/products/journals/journals.htm?id=jkm
Orenga-Roglá, S., & Chalmeta, R. (2019). Methodology for the implementation of Knowledge
Management Systems 2.0. Business & Information Systems Engineering, 61(2), 195.
https://doi.org/10.1007/s12599-017-0513-1
123
Oyemomi, O., Liu, S., Neaga, I., Chen, H., & Nakpodia, F. (2018). How cultural impact on
knowledge sharing contributes to organizational performance: Using the fsQCA
approach. Journal of Business Research. doi:10.1016/j.jbusres.2018.02.027
Palvalin, M. (2017). How to measure the impacts of work environment changes on knowledge
work productivity – Validation and improvement of the SmartWoW tool.
Measuring Business Excellence, 21(2), 175–190. https://doi.org/10.1108/MBE-05-2016-
0025
Peng, G., Wang, H., Zhang, H., Zhao, Y., & Johnson, A. L. (2017). A collaborative system for
capturing and reusing in-context design knowledge with an integrated representation
model. Advanced Engineering Informatics, 33, 314–329.
https://doi.org/10.1016/j.aei.2016.12.007
Ping-Ju Wu, S., Straub, D. W., & Liang, T. (2015). How information technology governance
mechanisms and strategic alignment influence organizational performance: Insights from
a matched survey of business and IT managers. MIS Quarterly, 39(2), 497-A7
Knowledge Management practices on employee satisfaction in the Romanian healthcare
system. Amfiteatru Economic, 20(49), 553–566.
https://doi.org/10.24818/EA/2018/49/553
Prusak, R. (2017). The impact of the level of market competition intensity on enterprises
activities in area of intellectual capital. Management (1429-9321), 21(2), 49–61.
https://doi.org/10.1515/manment-2017-0004
Punch, K. F. (2013). Introduction to social research: Quantitative and qualitative Approaches.
SAGE Publications.
124
Putra, R. J., & Putro, B. L. (2017). Knowledge Management System (KMS) readiness level
based on group areas of expertise to improve science education and computer science
quality (cross-fertilization principle) (Case study: Computer science program course
FPMIPA UPI). 2017 3rd International Conference on Science in Information Technology
(ICSITech), Science in Information Technology (ICSITech), 2017 3rd International
Conference, 701–705. Https://doi.org/10.1109/ICSITech.2017.8257203
Ramayani, H., Wang, G., Prabowo, H., Sriwidadi, T., Kodirun, R., & Gunawan, A. (2017).
Improving knowledge assets management (KM) through cloud-based platform in higher
education. 2017 International Conference on Information Management and Technology
(ICIMTech), Information Management and Technology (ICIMTech), 2017 International
Conference, 10–13. https://doi.org/10.1109/ICIMTech.2017.8273502
Rawdin, C. (2018). Calming the ‘perfect ethical storm’: A virtue-based approach to research
ethics. Ethics & Education, 13(3), 346–359.
https://doi.org/10.1080/17449642.2018.1477230
Roldán, J. L., Real, J. C., & Ceballos, S. S. (2018). Antecedents and consequences of Knowledge
Management performance: The role of IT infrastructure. Intangible Capital, 14(4), 518–
535. https://doi-org.proxy1.ncu.edu/10.3926/ic.1074
Santoro, G., Vrontis, D., Thrassou, A., & Dezi, L. (2018). The Internet of Things: Building a
Knowledge Management System for open innovation and Knowledge Management
capacity. Technological Forecasting & Social Change.
https://doi.org/10.1016/j.techfore.2017.02.034
125
Sarnikar, S., & Deokar, A. V. (2017). A design approach for process-based Knowledge
Management Systems. Journal of Knowledge Management, 21(4), 693-717.
https://doi.org/10.1108/JKM-09-2016-0376
Schmitt, U., & Gill, T. G. (2019). Synthesizing design and informing science rationales for
driving a decentralized generative Knowledge Management agenda. Informing Science:
The International Journal of an Emerging Transdiscipline, 1.
https://doi.org/10.28945/4264
Schober, P., Boer, C., & Schwarte, L. A. (2018). Correlation coefficients: Appropriate use and
interpretation. Anesthesia & Analgesia, 126(5), 1763-1768.
https:/www.10.1213/ANE.0000000000002864
Schwartz, D. G. (2014). The disciplines of information: Lessons from the history of the
discipline of medicine. Information Systems Research, 25(2), 205–221.
https://doi.org/10.1287/isre.2014.0516
Shieh, G. (2006). Exact Interval Estimation, Power Calculation, and Sample Size Determination
in Normal Correlation Analysis. Psychometrika, 71(3), 529–540.
Shrafat, F. D. (2018). Examining the factors influencing Knowledge Management System
(KMS) adoption in small and medium enterprises SMEs. Business Process Management
Journal, 24(1), 234–265. https://doi.org/10.1108/BPMJ-10-2016-0221
Shujahat, M., Sousa, M. J., Hussain, S., Nawaz, F., Wang, M., & Umer, M. (2019). Translating
the impact of Knowledge Management processes into knowledge-based innovation: The
neglected and mediating role of knowledge-worker productivity. Journal of Business
Research, 94, 442–450. https://doi.org/10.1016/j.jbusres.2017.11.001
126
Siedlecki, S. L. (2020). Understanding descriptive research designs and methods. Clinical Nurse
Specialist: The Journal for Advanced Nursing Practice, 34(1), 8–12.
https://doi.org/10.1097/NUR.0000000000000493
Slavinsky, J. (2016). Relating Knowledge Management Success Factors to Economic Value
within United States’ Airline Industry Firms (Publication No. 10242942) [Doctoral
dissertation, Northcentral University]. ProQuest Dissertations Publishing.
Standard Occupational Classification. (2018). 2018 Standard Occupational Classification
System. Retrieved from https://www.bls.gov/soc/2018/major_groups.htm
Steinau, S., Marrella, A., Andrews, K., Leotta, F., Mecella, M., & Reichert, M. (2019). DALEC:
a framework for the systematic evaluation of data-centric approaches to process
management software. Software & Systems Modeling, 18(4), 2679.
https://doi.org/10.1007/s10270-018-0695-0
Surawski, B. (2019). Who is a “knowledge worker” – clarifying the meaning of the term through
comparison with synonymous and associated terms. Management (1429-9321), 23(1),
105–133. https://doi.org/10.2478/manment-2019-0007
Sutanto, J., Liu, Y., Grigore, M., & Lemmik, R. (2018). Does knowledge retrieval improve work
efficiency? An investigation under multiple systems use. International Journal of
Information Management, 40, 42–53. https://doi.org/10.1016/j.ijinfomgt.2018.01.009
Tserng, H. P., Lee, M.-H., Hsieh, S.-H., & Liu, H.-L. (2016). The measurement factor of
employee participation for Knowledge Management System in engineering consulting
firms. Journal of Civil Engineering & Management, 22(2), 154–167.
https://doi.org/10.3846/13923730.2014.897963
Turriago-Hoyos, A., Thoene, U., & Arjoon, S. (2016). Knowledge workers and virtues in
127
Peter Drucker’s management theory. SAGE Open, 6(1), 1–9.
https://doi.org//10.1177/2158244016639631
Vanian, J. (2016). Businesses Expected to Spend $2.7 Trillion on I.T. by 2020.
https://www.fortune.com.
Vaske, J. J., Beaman, J., & Sponarski, C. C. (2017). Rethinking Internal Consistency in
Cronbach’s Alpha. Leisure Sciences, 39(2), 163–173.
http://dx.doi.org/10.1080/01490400.2015.1127189
Vehovar, V. & Manfreda, K. (2017). Overview: Online surveys. In N. Fielding R. Lee & G.
Blank. The SAGE Handbook of online research methods, 143-161. SAGE Publications
Ltd. https://doi.org/10.4135/9781473957992.n9
Venters, W. (2010). Knowledge management technology-in-practice: A social constructionist
analysis of the introduction and use of Knowledge Management Systems. Knowledge
Management Research & Practice, 8(2), 161-172. https://doi.org/10.1057/kmrp.2010.8
intelligence as promoter of knowledge transfer in multinational companies. Journal of
Business Research, 94, 367–377. https://doi.org/10.1016/j.jbusres.2018.01.033
Volkova, V. N., & Chernyi, Y. Y. (2018). Application of Systems Theory Laws for Investigating
Information Security Problems. Automatic Control and Computer Sciences, 52(8), 1164.
https://doi.org/10.3103/s0146411618080424
Vuori, V., Helander, N., & Okkonen, J. (2019). Digitalization in knowledge work: the dream of
enhanced performance. Cognition, Technology & Work, 21(2), 237.
https://doi.org/10.1007/s10111-019-00543-w
128
Wang, M.-H., & Yang, T.-Y. (2016). Investigating the success of Knowledge Management: An
empirical study of small- and medium-sized enterprises. Asia Pacific Management
Review, 21(2), 79–91. https://doi.org/10.1016/j.apmrv.2015.12.003
Wang, Y.-M., & Wang, Y.-C. (2016). Determinants of firms’ Knowledge Management System
implementation: An empirical study. Computers in Human Behavior, 64, 829–842.
https://doi.org/10.1016/j.chb.2016.07.055
Wei, Y., & Miraglia, S. (2017). Organizational culture and knowledge transfer in project-based
organizations: Theoretical insights from a Chinese construction firm. International
Journal of Project Management, 35(4), 571–585.
https://doi.org/10.1016/j.ijproman.2017.02.010
Wetcher-Hendricks, D. (2011). Analyzing quantitative data : An introduction for social
researchers. Retrieved from https://ebookcentral.proquest.com
Wilson, J. P., & Campbell, L. (2016). Developing a Knowledge Management policy for ISO
9001: 2015. Journal of Knowledge Management, 20(4), 829–844.
https://doi.org/10.1108/JKM-11-2015-0472
Wipawayangkool, K., & Teng, J. T. C. (2016). Paths to tacit knowledge sharing: knowledge
internalization and individual-task-technology fit. Knowledge Management Research &
Practice, 14(3), 309. https://doi.org/10.1057/kmrp.2014.33
Wright, K. (2017). Researching Internet-based populations: Advantages and disadvantages of
online survey research, online questionnaire authoring software packages, and Web
survey services. Journal of Computer-Mediated Communication, 10(3).
https://doi.org/1083-6101.2005.tb00259.x
129
Wu, J.-H., & Wang, Y.-M. (2006). Measuring KMS success: A specification of the DeLone and
McLean’s model. Information & Management, 43(6), 728–739.
https://doi.org/10.1016/j.im.2006.05.002
Xiaojun, Z. (2017). Knowledge Management System use and job performance: A multilevel
contingency model. MIS Quarterly, 41(3), 811-A5.
https://doi.org/10.25300/MISQ/2017/41.3.07
Yuqing Yan, A., & Zhang, Z. A. (2019). Knowledge transfer, sharing, and management system
based on causality for requirements change management. Information System and Data
Mining, 201. https://doi.org/10.1145/3325917.3325947
Zaim, H., Muhammed, S., & Tarim, M. (2019). Relationship between Knowledge Management
processes and performance: critical role of knowledge utilization in
organizations. Knowledge Management Research & Practice, 17(1), 24.
https://doi.org/10.1080/14778238.2018.1538669
Zamir, Z. (2019). The Impact of Knowledge Capture and Knowledge Sharing on Learning,
Adaptability, Job Satisfaction, and Staying Intention: A Study of the Banking Industry in
Bangladesh. International Journal of Entrepreneurial Knowledge, 7(1), 46–64.
https://doi.org/10.2478/IJEK-2019-0004
Zhang, X. (2017). Knowledge Management System use and job performance: A multilevel
contingency model. MIS Quarterly, 41(3), 811-A5.
https://doi.org/10.25300/MISQ/2017/41.3.07
Zhang, X., & Venkatesh, V. (2017). A Nomological network of Knowledge Management System
use: Antecedents and consequences. MIS Quarterly, 41(4), 1275–1306.
130
Zimmermann, A., Oshri, I., Lioliou, E., & Gerbasi, A. (2018). Sourcing in or out: Implications
for social capital and knowledge sharing. Journal of Strategic Information Systems,
27(1), 82–100. https://doi.org/10.1016/j.jsis.2017.05.001
Zuama, R. A., Hudin J.M., Puspitasari, D., Hermaliani, E.H., & Riana, D. (2017). Quality
dimensions of Delone-McLean model to measure students’ accounting computer
employee satisfaction: An empirical test on accounting system information. (2017). 2017
5th International Conference on Cyber and IT Service Management (CITSM).
131
Appendices
132
Appendix A
Figure 3
G*Power Statistics Analysis
133
Appendix B
Figure 4
Halawi’s (2005) KMS survey permission request/approval
134
Appendix C
Figure 5
Halawi KMS Survey Questions (2005)
135
136
137
138
139
140
Appendix D
Table 1
Research Study Variables (Jennex, 2017; Jennex & Olfman, 2006)
Variable name Variable type Variable scale Value
KMS knowledge quality Independent Variable
(IV)
Interval 1 – 7
Knowledge worker productivity Dependent Variable
(DV)
Interval 1 – 7
Employee satisfaction Dependent Variable
(DV)
Interval 1 – 7
141
Appendix E
Table 4
KMS Success Survey Participants by Gender
Gender Frequency Percent Valid
percent
Cumulative
percent
Male 132 85.7 85.7 85.7
Female 22 14.3 14.3 100
Total 154 100 100
Table 5
KMS Success Survey Participants by Age
Participant
Age
N Minimum Maximum Mean
Age 146 20 68 41.0685
Total Reported 146
142
Table 6
KMS Success Survey Years Employed
Years employed Frequency Percent Valid
percent
Cumulative
percent
Less Than One Year (1) 1 0.6 0.6 0.6
One to Three Years (2) 8 5.2 5.2 5.8
Three to Five Years (3) 39 25.3 25.3 31.2
Five to Ten Years (4) 49 31.8 31.8 63
Greater Than Ten Years
(5)
57 37 37 100
Total 154 100 100
143
Table 7
KMS Success Survey Years of KMS Usage
Years usage Frequency Percent Valid
percent
Cumulative
percent
Less Than One Year (1) 2 1.3 1.3 1.3
One to Two Years (2) 23 14.9 14.9 16.2
Two to Three Years (3) 32 20.8 20.8 37
Three to Five Years (4) 46 29.9 29.9 66.9
Greater Than Five Years
(5)
51 33.1 33.1 100
Total 154 100 100
Table 8
KMS Success Survey Education Level
Education level Frequency Percent Valid
percent
Cumulative
percent
Some or No College Degree (1) 2 1.3 1.3 1.3
Associates Degree (2) 2 1.3 1.3 2.6
Bachelor’s Degree (3) 39 25.3 25.5 28.1
Master’s Degree or beyond (4) 110 71.4 71.9 100
Total 153 99.4 100
Unreported 1 0.6
Grand Total 154 100
144
Table 9
KMS Success Survey Employment Position
Position Frequency Percent Valid
percent
Cumulative
percent
Non-Mgmt. Professional (1) 9 5.8 5.8 5.8
Supervisor/Manager (2) 45 29.2 29.2 35.1
Sr. Manager/Director (3) 63 40.9 40.9 76
Executive (4) 8 5.2 5.2 81.2
President/CEO/COO/CIO/CKO(5) 29 18.8 18.8 100
Total 154 100 100
145
Table 10
KMS Success Survey Industry Employed
Industry Frequency Percent Valid
percent
Cumulative
percent
Banking/Financial Servicesl (1) 4 2.6 2.6 2.6
Government (4) 2 1.3 1.3 3.9
Health Care (5) 2 1.3 1.3 5.2
Information Technology (6) 137 89 89 94.2
Industrial/Manufacturing (7) 2 1.3 1.3 95.5
Wholesale/Retail (9) 1 0.6 0.6 96.1
Other/Specify (10) 6 3.9 3.9 100
Total 154 100 100
146
Appendix F
Figure 6
IRB Approval Letter
147
ProQuest Number:
INFORMATION TO ALL USERS
The quality and completeness of this reproduction is dependent on the quality
and completeness of the copy made available to ProQuest.
Distributed by ProQuest LLC ( ).
Copyright of the Dissertation is held by the Author unless otherwise noted.
This work may be used in accordance with the terms of the Creative Commons license
or other rights statement, as indicated in the copyright statement or in the metadata
associated with this work. Unless otherwise specified in the copyright statement
or the metadata, all rights are reserved by the copyright holder.
This work is protected against unauthorized copying under Title 17,
United States Code and other applicable copyright laws.
Microform Edition where available © ProQuest LLC. No reproduction or digitization
of the Microform Edition is authorized without permission of ProQuest LLC.
ProQuest LLC
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 – 1346 USA
28716266
2021
Developing a Cloud Computing Risk Assessment Instrument for Small to Medium Sized
Enterprises: A Qualitative Case Study using a Delphi Technique
Dissertation Manuscript
Submitted to Northcentral University
School of Business
in Partial Fulfillment of the
Requirements for the Degree of
DOCTOR OF PHILOSOPHY IN BUSINESS ADMINISTRATION
by
MATTHEW WHITMAN MEERSMAN
San Diego, California
May 2019
ProQuest Number:
All rights reserved
INFORMATION TO ALL USERS
The quality of this reproduction is dependent upon the quality of the copy submitted.
In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
ProQuest
Published by ProQuest LLC ( ). Copyright of the Dissertation is held by the Author.
All rights reserved.
This work is protected against unauthorized copying under Title 17, United States Code
Microform Edition © ProQuest LLC.
ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 – 1346
13901056
13901056
2019
Approval Page
By
Approved by the Doctoral Committee:
Dissertation Chair: INSERT NAME Degree Held Date
Committee Member: INSERT NAME Degree Held Date
Committee Member: INSERT NAME Degree Held Date
DocuSign Envelope ID: 23DAA0D2-1F9A-4BB4-87A7-E419FCD9F58D
06/20/2019 | 10:46:15 PDT
Sherri Braxton
Sc.D.
Marie Bakari
06/20/2019 | 11:44:54 MST
DBA, MBA
Ph.D. 06/20/2019 | 10:44:31 MST
Garrett Smiley
Developing a Cloud Computing Risk Assessment Instrument for Small to Medium Sized
Enterprises: A Qualitative Case Study using a Delphi Technique
MATTHEW WHITMAN MEERSMAN
ii
Abstract
Organizations’ leaders lack security expertise when moving IT operations to the Cloud. Almost
all small to medium enterprises need to solve this problem. This qualitative research study using
a Delphi technique, addressed the problem that there is no commonly understood and adopted
best practice standard for small to medium sized enterprises (SMEs) on how to specifically
assess security risks relating to the Cloud. Experienced risk experts from a local chapter of an
international organization in Washington, D.C. responded to three sets of questions through
SurveyMonkey. This research study shows the current state of Cloud risk assessments has not
kept up with the changes in business and IT brought on by Cloud computing. Almost all
respondents indicated that staffing and non-technical concerns affect SMEs that are transitioning
to the Cloud. SMEs are not properly risk assessing and auditing Cloud computing environments.
The primary mitigation recommendation for SMEs is outsourcing or using third parties on some
or all of the SMEs’ Cloud computing. As the use of Cloud computing is becoming an inflection
point for SMEs, SMEs’ decision makers need more research on both the process and the results.
Cloud computing is fundamentally changing the daily pace of business, and this research study
shows that SMEs have not kept pace. SMEs would greatly benefit from more research to help
them adopt Cloud computing securely and effectively.
iii
Acknowledgements
Thank you to my parents, whose erudition set high standards, and my family for their
support. Thank you to Katherine Scott whose help was essential during my research phase.
Thank you to my dissertation chair Dr. Garrett Smiley for his expert guidance and weekly phone
calls. Thank you to my committee subject matter expert Dr. Sherri Braxton. Thank you to my
committee academic reader Dr. Marie Bakari.
iv
Table of Contents
Chapter 1: Introduction ……………………………………………………………………………………………………. 1
Statement of the Problem ……………………………………………………………………………………………. 3
Purpose of the Study ………………………………………………………………………………………………….. 4
Theoretical Conceptual Framework ……………………………………………………………………………… 5
Nature of the Study ……………………………………………………………………………………………………. 7
Research Questions ……………………………………………………………………………………………………. 9
Significance of the Study ………………………………………………………………………………………….. 10
Definitions of Key Terms …………………………………………………………………………………………. 11
Summary ………………………………………………………………………………………………………………… 11
Chapter 2: Literature Review ………………………………………………………………………………………….. 13
Introduction …………………………………………………………………………………………………………….. 13
Documentation ………………………………………………………………………………………………………… 15
Theoretical Framework …………………………………………………………………………………………….. 16
Themes …………………………………………………………………………………………………………………… 21
Chapter 3: Research Method …………………………………………………………………………………………… 59
Research Methodology and Design ……………………………………………………………………………. 60
Population and Sample …………………………………………………………………………………………….. 63
Materials and Instrumentation …………………………………………………………………………………… 64
Study Procedures …………………………………………………………………………………………………….. 65
Data Collection and Analysis…………………………………………………………………………………….. 67
Assumptions ……………………………………………………………………………………………………………. 69
Limitations ……………………………………………………………………………………………………………… 71
Delimitations …………………………………………………………………………………………………………… 72
Ethical Assurances …………………………………………………………………………………………………… 73
Summary ………………………………………………………………………………………………………………… 74
Chapter 4: Findings ……………………………………………………………………………………………………….. 76
Trustworthiness of the Data ………………………………………………………………………………………. 76
Results ……………………………………………………………………………………………………………………. 82
Evaluation of the Findings ………………………………………………………………………………………. 109
Summary ………………………………………………………………………………………………………………. 112
Chapter 5: Implications, Recommendations, and Conclusions ………………………………………….. 114
Implications…………………………………………………………………………………………………………… 117
v
Recommendations for Practice ………………………………………………………………………………… 121
Recommendations for Future Research …………………………………………………………………….. 122
Conclusions …………………………………………………………………………………………………………… 123
References ………………………………………………………………………………………………………………….. 125
Appendix A Survey Answers Aggregate …………………………………………………………………… 163
Appendix B Survey one individual answers ………………………………………………………………. 207
Appendix C Survey two individual answers ………………………………………………………………. 253
Appendix D Survey Three Individual Answers ………………………………………………………….. 322
Appendix E Validated survey instrument ………………………………………………………………….. 352
vi
List of Figures
Figure 1. Creswell data analysis spiral. ……………………………………………………………………………. 68
vii
List of Tables
Table 1 Survey 1. Q9: What IT related frameworks (partially or completely) do you see SMEs
adopting?……………………………………………………………………………………….86
Table 2 Survey 1, Q 13: What Cloud security configuration baselines have you seen used by
SMEs? …………………………………………………………………………………………………………………………. 87
Table 3 Survey 3, Q14: Have you seen Cloud risk assessments change other previously
completed SME risk assessments in the ways listed below? ……………………………………………….. 89
Table 4 Survey 3, Q15: How do you see SMEs changing their risk and audit teams to adapt to
Cloud environments? …………………………………………………………………………………………………….. 90
Table 5 Survey 1, Q15: What non-technical areas of concern do you see when SMEs are
contemplating Cloud adoption?………………………………………………………………………………………..92
Table 6 Survey 1, Q17: What IT (non-security) areas of concern do you see for SMEs as they
adopt Cloud computing? ………………………………………………………………………………………………… 93
Table 7 Survey 2, Q8: When starting to plan a transition to a Cloud environment, what have you
seen SMEs start with before risk assessments or collections of requirements? ……………………… 94
Table 8 Survey 3, Q10: When assessing risk of Cloud environments, do you see SMEs changing
their process in the ways listed below? …………………………………………………………………………….. 96
Table 9 Survey 1, Q11: What IT security control standards do you see SMEs using? ……………. 98
Table 10 Survey 1, Q 19: What Cloud security controls do you see SMEs adopting? ………….. 101
Table 11 Survey 2, Q10: Which portions of a transition to a Cloud environment have you seen
recommended to be outsourced? ……………………………………………………………………………………. 104
Table 12 Survey 3, Q 13: Once controls have been identified for the SME’s environment, what
effect do they have on existing SME IT controls? ……………………………………………………………. 106
viii
Table 13 Survey 2, Q10: Which portions of a transition to a Cloud environment have you seen
recommended to be outsourced? ……………………………………………………………………………………. 109
1
Chapter 1: Introduction
The information technology (IT) industry is a recent addition to the world of business but
has become a critical part of every enterprise level organization in this century (Jeganathan,
2017). Information technology has become critical to any business over a certain size and has
become a significant part of most large business’ IT budgets (Ring, 2015). IT is a field of truly
breathtaking change, and industry standards for storing company data (Al-Ruithe, Benkhelifa, &
Hameed, 2016), reaching out to customers (Alassafi, Alharthi, Walters, & Wills, 2017), and
creating new value from company assets (Khan & Al-Yasiri, 2016) can change on a frequent
basis. No part of IT is safe from rapid change, including fundamental concepts such as what a
computer is, and where a company should put the computer (Bayramusta & Nasir, 2016; Funk,
2015). A change that is gathering speed in the IT industry that has the potential to disrupt almost
every daily task for cybersecurity professionals is Cloud computing.
Cloud computing at its simplest is using someone else’s computers to perform the
organization’s IT operations (Rao & Selvamani, 2015). Instead of using hardware that the
organization has bought and takes care of, the organization uses virtual servers in an
environment usually built and maintained by another company. Some versions of private Clouds
use the organization’s own hardware, but that is rare, and is more of a semantical redefinition of
using virtual servers in house (Molken & van Wilkins, 2017). Cloud computing as commonly
understood in the IT industry, is a virtual computing environment hosted, maintained, and at
least partially secured by a third party (Lian, Yen, & Wang, 2014). The use of Cloud computing
by an organization allows its IT team to focus on more strategic and business aligned activities
and removes physical maintenance and other activities related to owning and caring for computer
servers (Rahul, & Arman, 2017). By adopting Cloud computing, an organization can remove
2
high cost items from its capital expenditure (CapEx) budget such as server rooms with expensive
cooling and huge electrical needs and replace them with more cost-efficient operating expenses
(OpEx) budget items such as virtual server rentals from Cloud service providers (CSP)
(Mangiuc, 2017).
Although cost savings are a primary driver for many organizations that adopt Cloud
computing, the reasons why there is need for more research on Cloud computing is much more
interesting (Bayramusta & Nasir, 2016). Cloud computing is rapidly changing the fundamental
underlying foundational paradigms of IT and how businesses use IT (Chatman, 2010;
Hosseinian-Far, Ramachandran, Sarwar, 2017; Wang, Wood, Abdul-Rahman, & Lee, 2016).
Even though IT is a new and fast-moving field compared to most parts of business, Cloud
computing is an even more powerful change agent. Many careers in IT are changing or
disappearing because of Cloud computing (Khan, Nicho, & Takruri, 2016). Basic ideas in IT
such as what describes a server most accurately, or how an IT business process comes to fruition,
change very rapidly because of Cloud computing (El Makkaoui, Ezzati, Beni-Hssane, &
Motamed, 2016). The primary constraint that has prevented some organizations from adopting
Cloud computing is the security of the organization’s data in the Cloud (Ring, 2015). One of the
most important business processes that organizations can use to evaluate and resolve Cloud
security concerns is risk assessment and analysis (Damenu & Balakrishma, 2015; Viehmann,
2014; Weintraub & Cohen, 2016). Researching ways organizations successfully address these
security concerns is an important contribution to the industry and the academic field of research
(Alassafi, Alharthi, Walters, & Wills, 2017; Al-Ruithe, Benkhelifa, & Hameed, 2016; Ray,
2016).
3
There are multiple academic and practical approaches to securing Cloud computing
environments (Aljawarneh, Alawneh, & Jaradat, 2016; Casola, De Benedictis, Rak, & Rio, 2016;
Choi & Lee, 2015). Many solutions rely on organizations trusting the CSP (Trapero, Modic,
Stopar, Taha, & Sur, 2017). Organizations that do not trust their CSPs or other vendors to
provide complete Cloud security either by mandate or by common business practice (Cayirci,
Garaga, Santana de Oliveira, & Roudier, 2016; Preeti, Runni, & Manjula, 2016) need a different
approach. Organizations that modify or adapt their current business practices or the Cloud
computing environment the organization uses, may provide a useful template for future academic
research into Cloud security.
Statement of the Problem
The researcher used this study to address the problem that there is no commonly
understood and adopted best practice standard for small to medium sized enterprises (SMEs) on
how to specifically assess security risks relating to the Cloud (Coppolino, D’Antonio, Mazzeo, &
Romano, 2016; El Makkaoui, Ezzati, Beni-Hssane, & Motamed, 2016; Raza, Rashid, & Awan,
2017). Existing business processes and industry frameworks follow a design created for larger,
on premise environments and as such, do not effectively address Cloud computing security
concerns for smaller organizations (El-Gazzar, Hustad, & Olsen, 2016; Gleeson & Walden,
2016). To date, larger organizations are relying on Cloud Service Providers (CSPs) to supply
their own security tools (Jaatun, Pearson, Gittler, Leenes, & Niezen, 2015), Service Level
Agreements (SLAs) (Barrow, Kumari, & Manjula, 2016), better Cloud services customer
education (Paxton, 2016), new data classification laws and regulations (Gleeson & Walden,
2016), comprehensive security and management frameworks (Raza, Rashid, & Awan, 2017), and
a myriad of tailored solutions to specific problems, leaving a baseline that could be leveraged by
4
lesser sized organizations for Cloud security risk assessment to be addressed by others. SMEs
have slowed their adoption of Cloud computing even though Cloud computing improves many
business processes and offers significant savings (Issa, Abdallah, & Muhammad, 2014; Khan,
Nicho, & Takruri, 2016). There are several interesting academic solutions to Cloud security
issues published (Alasaffi, Alharthi, Walters, & Wills, 2017; Al-Ruithe, Benkhelifa, & Hameed,
2016; Gleeson & Walden, 2016), but rarely a case of a solution adopted in the corporate world
that a smaller sized organization could leverage (Rebello, Mellado, Fernandez-Medina, &
Mouratidis, 2014); these studies do not build upon current industry best practices and are not
viable for most organizations. Organizations that are adopting Cloud computing are facing these
new security issues without a consensus solution that all organizations, regardless of their size
can use (Coppolino, D’Antonio, Mazzeo, & Romano, 2016; El Makkaoui, Ezzati, Beni-Hssane,
& Motamed, 2016; Raza, Rashid, & Awan, 2017).
Purpose of the Study
The purpose of this qualitative case study-based research study was to discover an
underlying framework for research in SME risk analysis for Cloud computing and to create a
validated instrument that SMEs can use to assess their risk in Cloud adoption. Unlike SMEs, the
vast majority of medium to large enterprises use risk assessments before adopting new
computing environments (Cayirci, Garaga, Santana de Oliveira, & Roudier, 2016; Jouini &
Rabai, 2016). SMEs need a process or validated instrument such as a risk assessment to
determine if they should move to the Cloud (Bildosola, Rio-Belver, Cilleruelo, & Garechana,
2015; Carcary, Doherty, & Conway, 2014; Hasheela, Smolander, & Mufeti, 2016). Research
shows that SMEs using a risk-based approach have not reached a consensus on how to identify
and address Cloud security risks (Carcary, Doherty, Conway, & McLaughlin, 2014; Kumar,
5
Samalia, & Verma, 2017). The target population for this research study was risk professionals
that were either employed by or contracted to SMEs to perform Cloud security risk assessments.
Members of a Washington D.C. area chapter of a professional risk association represent
the target population and the sample population consisted of those chapter members that respond
to the web survey. The population of risk experts in the chapter is approximately three thousand
members. This research study used a web survey predicated on a Delphi technique with two or
three rounds as the method to gather data from a group of IT risk experts based on membership
in the Washington D.C. area local chapter of ISACA. ISACA is a global organization of
information systems auditors and risk assessors. ISACA publishes information security
governance and risk assessment guides including COBIT (ISACA GWDC, 2018). Recent
studies using a Delphi technique show useful results with sample population sizes of forty or
fewer participants (Choi & Lee, 2015; El-Gazzar, Hustad, & Olsen, 2016; Johnson, 2009). With
a potential population of approximately three thousand and a participation rate as low as one per
cent, the resulting sample size of close to thirty experts was more than enough to complete the
research study and return useful results. Using case study procedures, this research study
addressed the concerns of SMEs looking at Cloud adoption (Glaser, 2016). Case study review
and analysis was the procedure inductively used to create a thesis from the survey results. A risk
assessment instrument for SMEs follows from the generated theory.
Theoretical Conceptual Framework
The underlying conceptual framework for this research study is that SMEs have different
needs than large enterprises regarding Cloud computing environment risk assessments, and
academic research has not answered those needs yet. Cloud environment risk assessments create
new problems for organizations of all sizes (Assante, Castro, Hamburg, & Martin, 2016;
6
Hussain, Hussain, Hussain, Damiani, & Chang, 2017). While SMEs of different regions may
have distinct issues (Bildosola, Rio-Belver, Cilleruelo, & Garechana, 2015; Carcary, Doherty, &
Conway, 2014; Kumar, Samalia, & Verma, 2014), a common factor for all SMEs is that SMEs
have greater challenges solving these problems as SMEs have less resources and fewer skilled
employees to resolve Cloud computing risk assessment issues (Assante, Castro, Hamburg, &
Martin, 2016; Carcary, Doherty, & Conway, 2014; Chiregi & Navimipour, 2017). A common
factor for all SMEs is that many academic solutions to properly risk assessing Cloud computing
environments require highly technical knowledge and skills (Hasheela, Smolander, & Mufeti,
2016; Kumar, Samalia, & Verma, 2017) or large budgets (Mayadunne & Park, 2016; Moyo &
Loock, 2016). While properly deployed large enterprise solutions may show positive results if
used by SMEs, the cost in both employee skills and financial outlay prohibit these solutions in
the real world (Bildosoia, Rio-Belver, Cillerueio, & Garechana, 2015; Carcary, Doherty,
Conway, & McLaughlin, 2014). Appropriate solutions for large multi-national enterprises are not
the correct answer for SMEs.
The smaller budgets of SMEs require Cloud environment risk assessments that not only
require smaller initial cost or capital expenditures (CapEx), but also require small to no
continuing costs or operating expenses (OpEx). Academic solutions to Cloud environment risk
assessment needs that cannot exist in the smaller confines of the SME world, do not contribute to
the field of SME Cloud computing environment risk assessments. While foundational research
that indicates SMEs need workable Cloud computing environment risk assessments is present
(Lacity & Reynolds, 2014; Phaphoom, Wang, Samuel, Helmer, & Abrahamsson, 2015;
Priyadarshinee, Raut, Jha, & Kamble, 2017), the next step of addressing the need is not yet
current (Trapero, Modic, Stopar, Taha, & Suri, 2017; Wang, Wood, Abdul-Rahman, & Lee,
7
2016). Addressing the need of SMEs to properly assess the risk of using Cloud computing
environments is a new field of research hampered by factors unique to the SME paradigm. Due
to the reduced levels of skill and budget amounts available to SMEs, the research for SME Cloud
computing risk assessments must focus on simpler ways to assess and reduce the risk of Cloud
computing adoption. This research study attempted to supply a workable risk assessment
instrument based on research that other researchers can extend and amplify going forward.
Nature of the Study
A qualitative approach using a case study methodology is the best solution as the theory
relating to a successful Cloud computing risk assessment does not yet exist. A problem solved by
using a qualitative case study approach is that the subject population of risk-based Cloud
computing research experts were able to respond with qualitative data but not quantitative
numbers to avoid compromising their organization’s security (Beauchamp, 2015). Even though
the audience for this research study commonly works in quantitative ways, the audience will find
value in qualitative case study research on this topic (Liu, Chan, & Ran, 2016). A truly
experimental design for this research study was not feasible as the topic is not a general one, and
a random selection of the population would not possess the requisite knowledge needed to
address the topic of Cloud security. Even narrowing the population to that of cybersecurity
engineers, Cloud computing expertise is in short supply, and Cloud computing security even
more so (Khan, Nicho, & Takruri, 2016).
Other qualitative research approaches lack the flexibility needed to discover and refine a
new theory and a validated tool for SMEs from existing industry standards. Ethnographic,
phenomenological, or narrative approaches do not work for this research study based on data
regarding Cloud computing risk assessments. A grounded theory approach was not appropriate
8
for several reasons, but most importantly because of the security of the participating subjects’
organizations. Cybersecurity professionals do not commonly discuss specifics in their fight to
keep their organizations secure, which limits a researcher’s ability to ask questions and develop
connections during a coding process (Rebello, Mellado, Fernandez-Medina, & Mouratidis,
2014). If details of the cybersecurity professionals’ organizations’ defenses are common
knowledge, then their adversaries gain an advantage. This organizational security concern is also
the primary factor regarding ethical concerns for this research study.
The proposed case study research study design includes use of the Delphi technique. The
RAND Corporation created the Delphi technique to facilitate the collation and distillation of
expert opinions in a field (Hsu & Sanford, 2007). The Delphi technique seems well designed for
the Internet with current researchers using “eDelphi” based web surveys (Gill, Leslie, Grech, &
Latour, 2013). Although Cloud security is a very new field, some illustrative research is evident
in the field using Delphi techniques (Choi & Lee, 2015; El-Gazzar, Hustad, & Olsen, 2016; Liu,
Chan, & Ran, 2016). These studies use the Delphi technique in different manners, but similar to
this proposed research study, all rely on electronic communications with groups of experts.
Although the research topic is very specialized compared to some business research
topics, the topic is broad enough to select a sample population large enough to meet the needs of
this research study. Using a Delphi technique with two or three rounds of surveys further reduces
the appropriate number of subjects needed for this research study, although Delphi techniques
have subject based issues also. For this research study, ethical concerns focused on protecting the
anonymity of the respondents and their organizations. There is no consensus in the industry or
the academic research field on what works for Cloud security (Ring, 2015), so a case study of
9
even a very successful effort to secure Cloud computing would not have much external validity
or replication interest.
The data collection procedures and data analysis followed accepted Delphi technique
practices. As academic research is still exploring the current state of Cloud security, the
informative value of industry-based practitioners’ tools and techniques is very high (Lynn,
VanDer Werff, Hunt, & Healy, 2016). The researcher employed a Delphi technique to gather and
distill the current frameworks, categories, controls, and recommended mitigation used by a
representative expert group of risk professionals. Although the experts in this research study are
not academics, the results still add to the field of research because the field is so new.
Research Questions
The questions used in the survey elicited details on how organizations adopt current risk
assessment processes and other business procedures used to approve new IT computing
environments, and/or what new paradigms organizations are using. Additionally, by using a
Delphi technique this research study was able to identify if there is a consensus on what works
and if there are processes and procedures that have shown success.
RQ1. What are the current frameworks being leveraged in Cloud specific risk
assessments?
RQ2. What are the primary categories of concern presently being addressed in Cloud
specific risk assessments?
RQ3. What are the commonly used and tailored security controls in Cloud specific risk
assessments?
RQ4. What are the commonly recommended mitigations in Cloud specific risk
assessments?
10
Significance of the Study
This research study is important because it contributes to the academic field of Cloud
computing security risk assessment solutions, and to the security of SMEs adopting Cloud
computing. The answers to the research questions posed by this study have importance to both
SMEs and the academic field. IT risk assessment solutions for on-premises computing have
achieved maturity from an academic viewpoint, but those frameworks and existing IT solutions
are not adequate for Cloud based computing (Coppolino, D’Antonio, Mazzeo, & Romano, 2016;
El Makkaoui, Ezzati, Beni-Hssane, & Motamed, 2016; Raza, Rashid, & Awan, 2017). Even
though researchers have proposed several academic frameworks to improve risk assessments for
Cloud based computing for large enterprises, this research study is one of the first to provide
evidence of which frameworks experts in the field are starting to use. SMEs can use the results of
this research study to better secure their Cloud computing environments. While many non-viable
frameworks are interesting thought experiments and contribute to the body of academic
knowledge, researchers that are interested in real world feedback on proposed Cloud computing
risk assessments solutions will be able to use this research study to provide direction for SMEs.
Researchers can also use this research study as an example of effective Delphi techniques for
research in the Cloud security field.
Industry based professionals will find significance in this research study as it provides
guidance on what expert practitioners are using. The IT field has issues with sharing solutions.
This is because any publication describing organizations security solutions can provide
information that bad actors could use to find weaknesses in the organization’s security (Jouini &
Rabai, 2016). Through this research study, the researcher provides pertinent and accurate
11
information regarding Cloud computing risk assessments that may not be available by other
means.
Definitions of Key Terms
Cloud Data Storage: Cloud storage is a way for organizations to store data on the
Internet as a service instead of using on-premises storage systems. Cloud data storage key
features include standard Cloud features such as just-in-time capacity, and no up-front CapEx
expenditures (Phaphoom, Wang, Samuel, Helmer, & Abrahamsson, 2015)
Cloud Service Provider (CSP): The current term for an organization that offers services
to customers from a remote data center connected via the Internet. Major public CSPs include
AWS, Google, and Microsoft. (Cayirci, Garaga, Santana de Oliveira, & Roudier, 2016).
Security as a Service (SECaaS): Security as a service (SECaaS) is where a third party
provides an organization’s IS needs. Due to the structure of most CSPs, SECaaS is becoming
increasingly important. (Aldorisio, 2018)
Service Level Agreement (SLA): A service-level agreement (SLA) defines the level of
service an organization expects from a third party. Cloud SLAs are becoming an option for an
organization’s security requirements. (Overby, Greiner, & Paul, 2017)
Summary
Research in IT fields has a hard time keeping up with real world applications due to the
high rate of change in the industry. This issue increases almost exponentially when one focuses
on Cloud computing security. Many research studies have taken the first step and identified risk-
based organizational concerns with Cloud computing security, and a few authors have proposed
novel solutions. Evidence of what organizations are doing to satisfy their risk requirements in
Cloud computing adoption is not clear. A qualitative multiple case study-based research study
12
adds to the body of knowledge and further the research in the field of Cloud security, as the field
is not at the point where consensus of what are the successful frameworks and theories has
emerged. Through this study the researcher addressed the problem that researchers cannot
identify commonly understood and adopted best practice standards for small to medium sized
enterprises (SMEs) on how to specifically assess security risks relating to the Cloud. The
creation of a new framework for academic treatment of SME Cloud computing risk, and the
creation of a validated instrument that SMEs can use to assess their risk in Cloud adoption were
the reasons for this research study. A survey with a Delphi technique of industry experts is a
good step to resolving those concerns of SMEs adopting Cloud computing and is a good step to
increasing the knowledge in the academic field of Cloud security. The guiding framework of this
research study is that the risk assessment process for Cloud computing environments is
fundamentally different for SMEs than large enterprises and the primary data collection
instrument is a web survey of risk experts with a Delphi technique. The population for this
research study has constraints on security information that they can share. A qualitative case
study-based theory approach was the only way for a researcher to gather the data needed to
propose a unifying theory for SME Cloud computing risk assessment. As the state of research in
SME risk assessment tools and procedures is still in the nascent stages, case study-based theory
is the correct framework to advance the field and to create a validated instrument for SME Cloud
computing risk assessments.
13
Chapter 2: Literature Review
Introduction
This was a qualitative case study-based theory-based research project using a Delphi
technique. The researcher’s goal for this study was two-fold. The first goal was to contribute to
the academic field of research regarding SMEs adoption of Cloud computing. The second goal
was to create a validated risk instrument for use by SMEs to evaluate and assess the various risks
involved in adopting Cloud computing environments. The researcher with this research study
used several rounds of a web-based survey instrument to question a population sample of risk
subject matter experts as defined by membership in the Greater Washington D.C. chapter of
ISACA (ISACA GWDC, 2018). This research study was a direct result of the literature review
which revealed the lack of academically sound solutions for SMEs to resolve Cloud security
issues (Assante, Castro, Hamburg, & Martin, 2016; Mayadunne & Park, 2016; Rasheed, 2014).
New theory must spring from collected data, a very good fit for qualitative case study-based
theory approaches (Glaser, 2016; Mustonen-Ollila, Lehto, & Huhtinen, (2018; Wiesche, Jurisch,
Yetton, & Krcmar, 2017).
The search strategies used in researching this study included the use of Northcentral’s
online library, Google Scholar, and other online resources. The searches using Northcentral
library included all possible databases including the Institute of electrical and electronics
engineers (IEEE), the Association for computing machinery (ACM), the ProQuest computing
database, and the Gale information science and technology collection. Almost all resources are
from peer reviewed journals or conference papers that are less than five years old. Including
conference papers was a necessary decision because the general field of Cloud computing is
new, and specific sub-fields more so. Even though most conference papers are short and
14
primarily descriptive, conference papers are the leading edge of published work in a field and
very important for a field undergoing as rapid a growth as Cloud computing. As any aspect of
Cloud computing is a very young academic field, there are very few seminal articles in the field,
so none will appear in the literature review (Bayramusta & Nasir, 2016; Chang, Y., Chang, P.,
Xu, Q., Ho, K., Halim, 2016; Lian, Yen, & Wang, 2014). Perhaps the closest to seminal in Cloud
research is the U.S. Department of Commerce, National Institute of Standards (NIST) special
publications regarding Cloud computing found in this research study’s list of citations (Li & Li,
2018; Mell & Grance, 2011).
This chapter includes the literature review which starts with the broad theme of
cybersecurity and Cloud computing and moves towards the more specific topic of Cloud
computing risk assessments. In this literature review, the researcher continues by addressing
several themes related to Cloud security, including themes such as improving Cloud security
with technical approaches such as encryption and new tool designs for Cloud computing
environments. The next theme is business process approaches to securing Cloud computing
environments including Security as a service (SecaaS) and service level agreements (SLAs)
including security service level agreements (SecSLAs). Cloud computing is a new field of
academic research, but there are signs of consensus among researchers on several topics (Al-
Anzi, Yadav, & Soni, 2014; Rao & Selvamani, 2015).
Once the researcher presents sufficient detail regarding Cloud computing environments
and the security tools and techniques needed to secure Cloud computing environments, the
literature review will move to a SME related discussion. Research on SMEs and Cloud
computing tend to follow predictable patterns. There is an abundance of SME and Cloud
literature based on the geographical location of the SMEs (Carcary, Doherty, & Conway, 2014;
15
Carcari, Doherty, Conway, & McLaughlin, 2014; Hasheela, Smolander, & Mufeti, 2016; Kumar,
Samalia, & Verma, 2017; Qian, Baharudin, & Kanaan-Jeebna, 2016). Another popular topic
regarding SMEs and adopting Cloud computing environments focuses on the difference between
SMEs and large enterprises (Bildosola, Rio-Belver, Cilleruelo, & Garechana, 2015; Gastermann,
Stopper, Kossik, & Katalinic, 2014; Llave, 2017; Mayadunne & Park, 2016; Seethamraju, 2014).
The best research on the differences between SMEs and large enterprises adopting Cloud
computing environments, however, points to SMEs needing their own risk assessment processes
for adopting Cloud computing environments (Senarathna, Yeoh, Warren, & Salzman, 2016;
Vasiljeva, Shaikhulina, Kreslins, 2017; Wakunuma & Masika, 2017).
With the themes following the SME discussion the researcher focused on risk, risk
assessments, and Cloud computing risk assessments. The research regarding risk assessments has
a much longer history than research regarding Cloud computing adoption both in industry and in
academia (Alcantara & Melgar, 2016; Vijayakumar & Arun, 2017). Perhaps because of the well
understood and researched nature of risk assessments, there is a tendency to equate what works
with on-premise risk assessments with Cloud risk assessments, but the best of recent research
shows that solutions must change with several possible directions (Brender & Markov, 2013;
Rittle, Czerwinski, & Sullivan; Togan, 2015).
Documentation
The search terms used for this literature review generally followed the presentation of
themes. Parameters were bounded by peer reviewed journals, and 2014 or later for all searches.
The first set of searches using all available databases were Cloud, Cloud computing. Cloud
service provider, Cloud adoption. The next set of searches focused on Cloud security, improving
Cloud security, Cloud security solutions, Cloud security problems. Following searches drilled
16
down into specific types of Cloud security solutions including (Cloud OR virtual) security AND
encryption, hypervisor, network, software, or framework. Based on the previous searches, Cloud
SLAs, Cloud SecSLAs, Cloud SecaaS, were the next set of searches. Moving on to SMEs
included searches such as (SME OR small medium) Cloud, Cloud security, Cloud adoption,
Cloud security solutions. Risk based searches included Cloud risk, Cloud adoption risk, Cloud
risk assessment, SME Cloud risk solutions.
Theoretical Framework
The underlying conceptual framework for this research study is that SMEs have different
needs than large enterprises regarding Cloud computing environment risk assessments, and
academic research has not answered those needs yet (Haimes, Horowitz, Guo, Andrijcic, &
Bogdanor, 2015; Gritzalis, Iseppi, Mylonas, & Stavrou, 2018; Moncayo, & Montenegro, 2016).
This is not a giant leap into the unknown, but more of a much-needed enhancement and
specialized focus of the current business risk paradigm. Practitioners have done work on
adapting large enterprise risk assessment paradigms for Cloud computing environments but even
so, the current conceptual framework of business risk assessments does not work for SMEs
evaluating Cloud computing environments (Mahmood, Shevtshenko, Karaulova, & Otto, 2018;
Priyadarshinee, Raut, Jha, & Kamble, 2017; Wang & He, 2014). SMEs trying to use standard
risk assessment processes based on previous academic research will make incorrect decisions
regarding the risk posed by adopting Cloud computing (Kritikos & Massonet, 2016; Vasiljeva,
Shaikhulina, & Kreslins, 2017). This can lead to SMEs making poor financial decisions and
costing SMEs a competitive advantage in their field (Al-Isma’ili, Li, Shen, & He, 2016;
Fernando & Fernando, 2014). Researchers trying to use current on-premises paradigms to guide
their research efforts in SME risk assessments regarding Cloud computing adoption will not
17
discover useful validated theory. A refined conceptual framework focused on Cloud computing
risks and threats is needed both for use by SMEs in the business world and for academic
researchers trying to discover how SMEs can best use Cloud computing environments (Ali,
Warren, & Mathiassen, 2017; Islam, Fenz, Weippl, & Mouratidis, 2017).
Risk assessments are a standard business process for organizations making significant
changes to their operations (Mahmood, Shevtshenko, Karaulova, & Otto, 2018; Weintraub &
Cohen, 2016). The codification of risk assessments as part of an organization’s decision-making
process have been going on since business practices started (Lanz, 2015; Szadeczky, 2016). As
new opportunities and environments including IT present themselves, organizations assess the
potential risk of changing the way the organization does business (Djuraev & Umirzakov, 2016;
Gupta, Gupta, Majumdar, & Rathore, 2016). The incredible growth of IT use in business has led
to mature and well accepted standard frameworks for addressing IT risk for large enterprises
(Atkinson, & Aucoin, 2015; Lanz, 2015; Lawson, Muriel, & Sanders, 2017).
IT risk assessments are an integral part of major changes in large enterprise’s IT
operations and there are several large-scale industry created IT risk and operations frameworks
(Calvo-Manzano, Lema-Moreta, Arcilla-Cobián, & Rubio-Sánchez, 2015; Moncayo, &
Montenegro, 2016). COBIT and ITIL as examples of industry-based frameworks, work very well
for large enterprises but are too much work for a typical SME (Devos, & Van de Ginste, 2015;
Oktadini & Surendro, 2014). SMEs have previously used ad-hoc risk assessment tools and
smaller scale solutions when evaluating IT risk (Erturk, 2017; Gastermann, Stopper, Kossik, &
Katalinic, 2014). SME risk tools are fairly well adapted to evaluating on-premises computing
risks but do not address important Cloud computing environment issues and threats (Aljawarneh,
Alawneh, & Jaradat, 2016; Lalev, 2017).
18
Cloud computing is still in its infancy and many SMEs that perform IT risk assessments
are trying to use their current on-premises IT risk assessment frameworks to evaluate whether or
not Cloud computing will save costs or provide a competitive advantage (Erturk, 2017;
Gastermann, Stopper, Kossik, & Katalinic, 2014). Their existing frameworks do not accurately
capture or describe the advantages and disadvantages of Cloud computing environments
(Goettlemann, Dahman, Gateau, Dubois, & Godart, 2014; Lai & Leu, 2015). SMEs also do not
have the capacity to adopt large enterprise risk frameworks that can create modifications for use
in evaluating Cloud computing environments (Devos, & Van de Ginste, 2015; Oktadini &
Surendro, 2014). For example, a central tenet of current SME on-premise IT risk assessments is
that an organization’s data can only be truly secure on the organization’s own IT infrastructure
(Chiregi & Navimipour, 2017). If this is a core principle of an SME’s IT security policy, then the
SME cannot use Cloud computing, as the definition of Cloud computing is that of using someone
else’s hardware. By enhancing and focusing the existing SME risk assessment framework to
properly identify Cloud computing environment risks, this research study adds to the academic
field of SME Cloud risk assessment frameworks and create a validated risk instrument that
SMEs may use.
A large number of SMEs are not IT focused and have used their existing business
processes related to risk instead of trying to adapt current large enterprise IT risk frameworks
(Haimes, Horowitz, Guo, Andrijcic, & Bogdanor, 2015; Tisdale, 2016). Some SMEs trying to
avoid using the current frameworks of on-premises IT risk assessments by following non-IT
business practices and mitigating or transferring IT risk to a third party using managed IT
solutions or managed security services providers (MSSP) (Chen & Zu, 2017; Torkura, Sukmana,
Cheng, & Meinel, 2017). Even for those SMEs that do not use IT risk assessment frameworks or
19
transfer risk by using MSSPs, Cloud computing is a very attractive alternative primarily due to
lower costs (Bildosola, Río-Belver, Cilleruelo, & Garechana,2015; Lacity & Reynolds, 2013).
The SMEs not using the dominant on-premises IT risk assessment frameworks will be able to
use this research study’s framework in a manner similar to the SMEs current business practices
with third party IT providers and MSSPs (Chen & Zu, 2017; Torkura, Sukmana, Cheng, &
Meinel, 2017). These SMEs will be able to adapt to Cloud computing using the framework of
this research study by identifying important SLAs and SecSLAs that can be understood by non-
IT risk processes and business practices, thereby realizing the promise of lower costs when using
Cloud computing (Luna, Suri, Iorga, & Karmel, 2015; Oktadini & Surendro, 2014; Na & Huh,
2014).
Organizations of all sizes from all income level countries would benefit from a Cloud
environment risk assessment, although the research study focuses on high-income country-based
businesses (Assante, Castro, Hamburg, & Martin, 2016; Hussain, Hussain, Hussain, Damiani, &
Chang, 2017). Although SMEs based in all income level countries have distinct issues
(Bildosola, Rio-Belver, Cilleruelo, & Garechana, 2015; Carcary, Doherty, & Conway, 2014;
Kumar, Samalia, & Verma, 2014), every SME can face greater challenges solving these
problems as SMEs have less resources and fewer skilled employees to resolve Cloud computing
risk assessment issues than large scale enterprises (Assante, Castro, Hamburg, & Martin, 2016;
Carcary, Doherty, & Conway, 2014; Chiregi & Navimipour, 2017). A common factor for all
SMEs is that many academic solutions to properly risk assessing Cloud computing environments
require highly technical knowledge and skills that are not found in an SME’s IT staff (Hasheela,
Smolander, & Mufeti, 2016; Kumar, Samalia, & Verma, 2017) or large enterprise sized budgets
(Mayadunne & Park, 2016; Moyo & Loock, 2016). While a SME could use a good large
20
enterprise solution, the cost in both employee skills and financial outlay prohibit these solutions
in the real world (Bildosoia, Rio-Belver, Cillerueio, & Garechana, 2015; Carcary, Doherty,
Conway, & McLaughlin, 2014). This literature review illuminates how appropriate solutions for
large multi-national enterprises are rarely the correct answer for SMEs in most IT solutions, and
certainly not in Cloud security risk assessment activities.
The smaller budgets of SMEs require Cloud environment risk assessments that not only
require smaller initial cost or capital expenditures (CapEx), but also require small or controllable
continuing costs or operating expenses (OpEx). Academic solutions to Cloud environment risk
assessment needs do not always contribute to the field of SME Cloud computing environment
risk assessments. While foundational research that indicates SMEs need workable Cloud
computing environment risk assessments is present (Lacity & Reynolds, 2014; Phaphoom,
Wang, Samuel, Helmer, & Abrahamsson, 2015; Priyadarshinee, Raut, Jha, & Kamble, 2017), the
next step of addressing the need is not yet current, and the research study helps address that gap
(Trapero, Modic, Stopar, Taha, & Suri, 2017; Wang, Wood, Abdul-Rahman, & Lee, 2016).
Addressing the need of SMEs to properly assess the risk of using Cloud computing environments
is a new field of research hampered by factors unique to the SME paradigm. Due to the reduced
levels of skill and budget amounts available to SMEs (Bieber, Grivas, & Giovanoli, 2015;
Hanclova, Rozehnal, Ministr, & Tvridkova, 2015; Ndiaye, Razak, Nagayev, & Ng, 2018), the
research for SME Cloud computing risk assessments must focus on simpler ways to assess and
reduce the risk of Cloud computing adoption. This research study attempts to supply a workable
risk assessment instrument based on research that other researchers can extend and amplify
going forward.
21
Themes
Before focusing on specific themes, it is important to describe the fundamental constructs
used in this research study and in the literature review. In almost all research papers cited in this
literature review, researchers base their definition of Cloud computing on the NIST description
(Bayramusta & Nasir, 2016; Chang, Chang, Xu, Ho, & Halim, 2016; Doherty, Carcary, &
Conway, 2015; Dhingra & Rai, 2016; Tang & Liu, 2015; Zissis & Lekkas, 2012). No matter the
journal or the authors’ academic associations, the NIST definition of Cloud computing is the
standard. This makes perfect sense as the NIST definition for Cloud and Cloud security is as
close to foundational concepts as Cloud research has (Alijawarneh, Alawneh, & Jaradat, 2016;
Coppolino, D’Antonio, Mazzeo, & Romano, 2017; Demirkhan & Goul, 2011; Hallabi &
Bellaiche, 2018). While chapter one of the thesis presents most of these definitions, it is
important to define the terms here as all discussions in the cited research papers and the analysis
and synthesis in this literature review are based on a common understanding of what Cloud
computing is. The NIST definition of Cloud computing includes the following essential
characteristics:
On-demand self-service: The organization has full control of the virtual server or service
creation without intervention by the CSP (Mell & Grance, 2011).
Broad network access: The organization and its customers can reach the virtual server or
services over the Internet without proprietary tools provided by the CSP (Mell & Grance, 2011).
Resource pooling: Although the organization may be able to specify which data center the CSP
uses, the CSP uses shared resources in a multi-tenant model. The CSP allocates the resources
desired by the organization in a manner in which the CPS chooses the physical hardware and
networking systems (Mell & Grance, 2011).
22
Rapid elasticity: The organization may increase, change, or decrease the virtual server or
services in rapid and almost unlimited fashion (Mell & Grance, 2011).
Measured service: the CSP bills resource usage in units of time, and provides the organization
with the ability to monitor and control resource usage (Mell & Grance, 2011).
The NIST definition of Cloud computing include the concept of service models:
Software as a service (SaaS): The CSP provides access to an application for the organization
and its customers. The CSP is responsible for all aspects of the underlying virtual and physical
hardware with the exception of some user related settings (Mell & Grance, 2011).
Platform as a service (PaaS): PaaS is a step lower into control of the Cloud environment where
the organization is able to deploy its own applications and control most aspects of the application
without having to manage and control the underlying virtual server and network environment
(Mell & Grance, 2011).
Infrastructure as a service (IaaS): IaaS is the lowest level of control and responsibility
provided to the organization by the CSP. The organization can control the servers’ operating
systems, size, and speed, storage characteristics, networking, and accessibility by its customers
to the organization’s servers and applications (Mell & Grance, 2011).
The NIST definition of Cloud computing includes the concept of deployment models:
Private Cloud: a private Cloud is one provisioned for use by a single organization. The
organization or the CSP may manage the physical location and control over the hardware (Mell
& Grance, 2011).
Community Cloud: a community Cloud gets created for use by a group of organizations sharing
similar concerns or requirements. As with a private Cloud, one of the organization or the CSP
may manage the physical location and control over the hardware (Mell & Grance, 2011).
23
Public Cloud: the CSP allows any organization to provision virtual servers or services in its
Cloud computing environment. Popular examples in North America include Amazon web
services (AWS), Google Cloud, and Microsoft Azure (Mell & Grance, 2011).
Hybrid Cloud: a combination of two or more Cloud environments tied together through
technology to allow virtual servers and services to move from one Cloud environment to another
(Mell & Grance, 2011).
Risk is an important concept to define for this literature review also. Risk as used in the
cited articles and this literature review is not as specific as the Cloud definitions. One commonly
defines risk in IT using an equation as shorthand. Risk = probability x impact / cost (Choo, 2014;
Jouini & Rabai, 2016). This literature review and the research project slightly expands this
definition to include any risk that a risk assessment tool can measure. This definition of risk
includes the risk of insufficient management buy in and the risk of the organization’s technical
staff not having the requisite Cloud knowledge and skills (Ahmed & Abraham, 2013; Luna, Suri,
Iorga, & Karmel, 2015; Shao, Cao, & Cheng, 2014).
A definition of SME as used in this literature review and the research study is important
as none of the research papers included in this literature review specify what a small enterprise or
medium enterprise is. Based on a careful reading of the research papers cited in this literature
review; the European commission definition of SMEs seems accurate. The EC definition of
SMEs is are small (15 million or less in annual revenue) to medium (60 million or less in annual
revenue) sized enterprises that are not subsidiaries of large enterprises or governments, or wholly
or partially supported by large enterprises or governments (Papdopoulos, Rikana, Alajaasko,
Salah-Eddine, Airaksinen, & Loumaranta, 2018). While Gartner may consider anything under a
billion dollars a year as a medium enterprise (Gartner, 2014), that is a very American centric
24
viewpoint and as usual Gartner is wrong, and there is no evidence that the authors of the cited
research papers relied on Gartner’s definitions of SMEs. The U.S. small business administration
(SBA) has a very complicated spreadsheet showing what types of SMEs are in a large number of
different industries (SBA, 2017). The SBA SME spreadsheet overview tab has over one
thousand entries alone and is very confusing to use, so there is no real number to gain from a
hypothetical use of the SMB spreadsheet, and there is no evidence that any of the cited research
articles used the spreadsheet when calculating enterprise sizes.
Cybersecurity
The broader field within which this research study resides is cybersecurity, or the security
of computing and IT environments. Earlier studies use the term information security or IS, but
cybersecurity has become the dominant phrase for the subject of protecting computing and IT
environments (Bojanc & Jerman-Blazic, 2008; Rahman & Choo, 2015; Tang, Wang, Yang, &
Wang, 2014).Significant cybersecurity research is only a few decades old, and as expected in
such a young field, paradigms and foundational studies are still not clear (Anand, Ryoo, & Kim,
2015; Ho, Booth, & Ocasio-Velasquez, 2017; Paxton, 2016). Rapid change is a central theme of
this literature review and a strong reason why case study-based theory and a Delphi technique
are so important for the research study. Cybersecurity is a smaller part of the information
technology (IT) field, and Cloud cybersecurity focuses on the security of Cloud based computing
environments. The IT field as a whole, is a new one compared to many business-related fields.
Cybersecurity is even newer with rapidly changing paradigms that require new research on an
ever-increasing pace (Fidler, 2017).
Cloud computing at its simplest and perhaps most disparagingly is virtual computing on
someone else’s hardware (Daylami, 2015). This simple and accurate, yet limiting definition
25
highlights the fundamental changes needed in cybersecurity. For the past thirty years,
cybersecurity has grown from a physical model to a model that is more abstract (Rabai, Jouini,
Aissa, & Mili, 2013). The first major cybersecurity paradigm of perimeter defense used physical
similes such as fences with barbed wire and armed guards, or locked server room doors and
secure server rack cages to describe the cybersecurity process. The reliance on physical examples
and thought processes based on physical security has always hampered Cybersecurity but
continued through succeeding paradigm shifts such as defense in depth, and “assume your
network is compromised” (Kichen, 2017). Cloud risk assessments suffer from the same limited
view based on physical properties (Iqbal, Kiah, Dhaghighi, Hussain, Khan, Khan, & Choo, 2016;
Mishra, Pilli, Varadharajan, & Tupakula, 2017; Rao & Selvamani, 2015). Dominant paradigms
based on physical models are obsolete when considering Cloud computing environments and so
are risk assessments for Cloud computing risk assessment. SMEs need the creation of new tools
and frameworks to stay current with Cloud security.
The rapid growth of Cloud computing is drastically changing cybersecurity (Dhingra &
Rai, 2016; Khalil, Khreishah, & Azeem, 2014; Singh, Jeong, & Park, 2016). As more SMEs
adopt Cloud computing, the industry needs to adapt to SME specific concerns, and one of the
results of the research study is a validated risk instrument that SMEs can freely use. The
cybersecurity industry already has put some effort into solutions for SMEs but SMEs need more
research (Chiregi & Navimpour, 2017; Vasiljeva, Shaikhulina, & Kreslins, 2017). In some ways
Cloud computing is similar to other fields where solutions created for large enterprises can be
pared down to SME size, such as using SaaS solutions (Assante, Castro, Hamburg, & Martin,
2016; Bildosola, Rio-Belver, Cilleruelo, & Garechana, 2015; Wang & He, 2014) or micro virtual
computing concepts such as Docker or containers (Salapura & Harper, 2018; Sun, Nanda, &
26
Jaeger, 2015). In other ways, cybersecurity has failed SMEs and Cloud computing may be a way
to avoid those mistakes (Ali, Khan, & Vasilakos, 2015; Assante, Castro, Hamburg, & Martin,
2016; Hasheela, Smolander, & Mufeti, 2016). The validated risk instrument that is one goal of
the research study will attempt to advance cybersecurity for SMEs in Cloud computing
environments and the other goal of contributing to the new academic field of Cloud computing
security will do the same.
Cloud Computing
The adoption of Cloud computing has become a business inflection point for all
organizations of any size, necessitating new research and new industry solutions for both IT and
cybersecurity (Chen, Ta-Tao, & Kazuo, 2016). Industry and the academic field are having to
react to an amazingly fast rate of change in Cloud computing industry and research topics
(Ramachandra, Iftikhar, & Khan, 2017). Although even the broader field of IT and computing in
general are very fast-moving fields of research, research in Cloud computing has to proceed at a
breakneck pace to keep up with current industry practice (Tang & Liu, 2015; Tunc & Lin, 2015).
Even with researchers working as fast as they can to describe and create theory on Cloud
computing, there are difficulties speed alone will not solve. Researchers following accepted and
respected models of academic research are falling behind in predicting and describing current
Cloud computing in the real world as it is hard to get data regarding organizations’ security
policies and procedures (Hart, 2016; Ardagna, Asal, Damiani, & Vu, 2015). Very few
organizations are willing to expose the inner workings of their IT and Cloud computing
operations (Quigley, Burns, & Stallard, 2015; Sherman et al, 2018). CSPs are even more reticent
for several reasons (Hare, 2016; Elvy, 2018). The design of survey instruments for the research
study take this into effect and avoid asking for potentially compromising information. The
27
inability to ask pertinent demographic question in the survey instruments for the research study is
another indicator of why a qualitative case study-based theory research study using a Delphi
approach with three rounds is the appropriate approach to answering the research questions.
Although research discussed under improving Cloud security theme is starting to
recommend that CSPs differentiate themselves by offering different security options (Preeti,
Runni, & Manjula, 2016; Coppolino, D’Antonio, Mazzeo, & Romano, 2017; Paxton, 2016),
there is not much evidence that CSPs are doing so (Ring, 2015; Singh, Jeong, & Park, 2016). In a
following section discussing SLAs and SecSLAs more detail on the potential security options
will be discussed but interest in these options is currently limited to smaller CSPs which have
their own drawbacks for SMEs or the solutions are not likely to be adopted (Elsayed &
Zulkernine, 2016; Furfaro, Gallo, Garro, Sacca, & Tundis, 2016; Lee, Kim, Kim, & Kim, 2017).
Potential solutions or paradigm shifts in Cloud computing security are not particularly relevant to
SMEs until SMEs understand what they need from a Cloud computing environment and what
those security risks are (Huang, Shen, Zhang, & Luo,2015; Karras, 2017; Lanz, 2015). SMEs
are not generally up to date on Cloud computing security or what potentials solutions are their
best choices (Hasheela, Smolander, & Mufeti, 2016; Hussain, Hussain, Hussain, Damiani, &
Chang, 2017), although there is some research showing that SMEs do not rank their ignorance as
a primary factor (Qian, Baharudin, & Kanaan-Jeebna, 2016; Mohabbattlab, von der Heidt, &
Mohabbattlab, 2014).
At the beginning of the Cloud computing adoption wave, many organizations and
researchers tried to evaluate Cloud computing environments based on their existing on-premises
computing security paradigms (Koualti, 2016; Barrow, Kumari, & Manjula, 2016; Paxton,
2016). To some extent, this is still the case in academic research. Researchers have done
28
foundational work on the general topic of Cloud computing and Cloud computing adoption, and
the research on these topics has reached the point where meta analyses are possible.
Bayranmusta and Nasir present an excellent example of a literature review of two hundred and
thirty-six papers with their article titled “A fad or future of IT? A comprehensive literature
review on the Cloud computing research: (Bayranmusta & Nasir, 2016). Many other papers
cover similar ground regarding Cloud computing adoption. Some papers present qualitative
survey results (Oliveira, Thomas, & Espadanal, 2014) some comprehensive quantitative results
(Phaphoom, Wang, Samuel, Helmer, & Abrahamsson, 2015), and some papers use advanced
techniques such as neural networks (Priyadarshinee, Raut, Jha, & Gardas, 2017). The best papers
covering Cloud computing adoption approach seminal status in this very recent field by
presenting quantitative results in clear and convincing fashion (Ray, 2016; Wang, Wood, Abdul-
Rahman, & Lee, 2016). Some of the papers in the field that do not rise to the level of seminal
works remain interesting as their research focuses on specific parts of the business or academic
world, or particular parts of the world (Chang, Chang, Xu, Ho, & Halim, 2016; Lian, Yen, &
Wang, 2014; Musungwini, Mugoniwa, Furusa, & Rebanowako, 2016). Because many research
articles describing Cloud computing have achieved the goal of repeatable findings, and find no
significant new findings, it is time to research more specific topics in Cloud computing. The
more important of these topics are under separate theme headings in this literature review.
Cloud Security General
One of the ways researchers have been advancing the field past that of the original
researchers discussed above, is to focus on Cloud security issues, rather than just stating Cloud
security is a concern (Raza, Rashid, & Awan, 2017; Coppolino, D’Antonio, Mazzeo, & Romano,
2016; Khalil, Khreishah, & Azeem, 2014). This is a natural outgrowth of the results found by the
29
researchers cited in the general Cloud theme of this literature review. A clear and consistent
result from those studies is that Cloud security is a major concern for organizations moving to
the Cloud (El Makkaoui, Ezzati, Beni-hssane, & Motamed, 2016; Anand, Ryoo, & Kim, 2015;
Dhingra & Rai, 2016). Most researchers writing about Cloud security use standard US
Department of Commerce National Institute of Standards (NIST) Cloud and Cloud security
definitions (Ring, 2015; Khan & Al-Yasiri, 2016; Charif & Awad, 2016). Most researchers focus
on broader public Cloud security concerns (Dhingra & Rai, 2016; Khalil, Khreishah, & Azeem,
2014), although research based on particular parts of the world such as China tend to use the
private Cloud paradigm (Lian, Yen, & Wang, 2014). Even though most researchers use the same
definitions of Cloud, risk and SMEs, there are differences between researchers in what they think
is the correct approach to improving Cloud security.
Interesting differences start to appear when looking at research articles regarding general
Cloud security articles based on the journals that published the articles. Articles from more
computer science and engineering-based journals such as the Journal of Network and Computer
Applications or Annals of Telecommunications tend to focus on lower levels of the Cloud
computing stack such as hypervisor escapes or VMware based virtual computing environments
(Mishra, Pilli, Varadharajan, & Tupakula, 2017; Raza, Rashid, & Awan, 2017). Some would
argue, however, that there is a small distinction between virtual computing and Cloud
computing, with Cloud computing a subset of virtual computing (Khan & Al-Yasiri, 2016; Iqbal
et al., 2016). Cloud computing environments, especially software as a service (SaaS) Cloud
computing environments, however, have diverged so much from hypervisor-based virtualization
that researchers have to consider the topics separately (Huang & Shen, 2015; Goode, Lin, Tsai,
& Jiang, 2014). Journals not focused on computer scientists or engineers such as the Journal of
30
International Technology & Information Management, or the Journal of Business Continuity &
Emergency Planning tend to produce articles more focused on private or public Cloud computing
environments offered by Cloud Service providers (CSP) such as Microsoft Azure or Amazon
web services (AWS) (Ferdinand, 2015; Srinivasan, 2013).
Even with the different approaches based on the academic field that the researcher
focuses on, there do not seem to be many Cloud security improvements that are specific to SMEs
(Aljawarneh, Alawneh, & Jaradat, 2016; Assante, Castro, Hamburg, & Martin, 2016; Hasheela,
Smolander, & Mufeti, 2016). The technical solutions require large well-trained cybersecurity
teams that have budgets to support mathematicians or encryption subject matter experts (Feng &
Yin, 2014; Khamsemanan, Ostrovsky, & Skeith, 2016; Mengxi, Peng, & HaoMiao, 2016). The
research articles based on governance or adoption of industry frameworks such as COBIT, ITIL,
or ISO 2700 clearly do not focus on anything but large enterprises (Barton, Tejay, Lane, &
Terrell, 2016; Tisdale, 2016; Vijayakumar, & Arun, 2017). Compliance focused research articles
do not seem to scale down to SME budgets and staff either (Bahrami, Malvankar, Budhraja,
Kundu, Singhal, & Kundu, 2017; Kalaiprasath, Elankavi, & Udayakumar, 2017; Yimam &
Fernandez, 2016) even literature reviews with large numbers of articles (Halabi & Bellaiche,
2017). Improving Cloud security with SLAs and SecSLAs would seem to be the most promising
avenue for a large-scale solution working for SMEs, however, there are two main issues with this
approach. The first issue is that the currently proposed solutions are still too complicated for the
cybersecurity staff of a normal SME (Demirkan & Goul, 2011; Na & Huh, 2014; Oktadini &
Surendro, 2014) even if the cost is low (Rojas, et al, 2016). The second issue for SMEs using
SLAs and SecSLAs to secure their Cloud computing environments is that CSPs only modify
31
SLAs and SecSLAs CSPs when the customer is a very large one (Kaaniche, Mohamed, Laurent,
& Ludwig, 2017; Trapero, Modic, Stopar, Taha, & Suri, 2017).
This literature review and the research study are in partial fulfillment of the requirements
for a PhD from the school of business so the focus of this literature review is not on specific
virtual environment software or hypervisors. Given the accelerating rate of change in Cloud
computing, and the increasing adoption of public Cloud offerings in the western world, it would
not make sense to focus on specific software that will be outdated by the publication date of this
literature review. This literature review is based on English language articles and the researcher’s
focus is primarily on Western world public Cloud offerings. The American based public Cloud
providers such as AWS and Azure are the largest and fastest growing Cloud computing providers
(Darrow, 2017) and it makes sense to focus primarily on those types of offerings for this
dissertation.
Improving Cloud Security
The themes may seem to be very small slices on a single issue, but Cloud computing
security as an industry activity and an academic research field is very new and rapidly
expanding, it makes sense to separate improving Cloud security from Cloud security in general.
Many Cloud articles in the past five years are still doing important academic work by simply
defining what Cloud security is and listing potential fixes for specific issues (Bhattacharya &
Kumar, 2017; Diogenes, 2017; Ferdinand, 2015; Iqbal, Mat, Dhaghinghi, Hussein, Khan, Khan,
& Choo, 2016; Soubra & Tanriover, 2017; Srinivasan, 2013; Van Till, 2017). Cloud computing
and Cloud computing security are very new academic research fields (Bayramusta & Nasir,
2016; Chang, Chang, Xu, Ho, Halim & 2016; Lian, Yen, & Wang, 2014; Oliveira & Espanal,
2014; Priyaadarshinee, Raut, Jha, & Gardas, 2017). Articles baselining what Cloud computing
32
and Cloud computing security have been very valuable in these early days of Cloud computing
(Ab Rahman & Choo, 2015; Aich, Sen, & Dash, 2015; Gangadharan, 2017; Novkovic & Korkut,
2017; Phaphoom, Wang, Samuel, Helmer, & Abrahamsson, 2015). It is fairly simple in 2018 to
identify Cloud security as a concern for organizations that are looking to adopt Cloud computing
including SMEs (Albakri, Shanmugam, Samy, Idris, & Ahmed, 2014; Haimes, Horowitz, Guo,
Andrijcic, & Bogdanor, 2015; Vasiljeva, Shaikhulina, & Kreslins, 2017). It is not so simple to
take the next step and identify solutions that work in the business world today (Ali, Warren, &
Mathiassen, 2017; Devos & van de Ginste, 2015; Moral-Garcia, Moral-Rubio, Fernandez, &
Fernandez-Medina, 2014). Many potential solutions discussed in other themes of this literature
review may end up as the dominant paradigm in Cloud security in the next decade but they do
not help in the current business environment. If SMEs cannot find a workable solution to Cloud
security issues, the SMEs will not be secure as they adopt Cloud computing (Assante, Castro,
Hamburg, & Martin, 2016; Bildosola, Rio-Belver, Cilleruelo, & Garechana, 2015; Carcary,
Doherty, & Conway, 2015; Kumar, Samalia, & Verma, 2017; Lacity & Reynolds, 2013;
Moncayo & Montenegro, 2016; Wang & He, 2014).
This section is based on a smaller group of academic papers than most of the other
themes in this literature review. This is the simplest indication of the gap in research and the size
of the Cloud security problem, there are very few useful and even fewer accurate papers that
provide Cloud security solutions (Aljiwaneh, Alawneh, & Jaradat, 2016; Imran, Hlavacs, Haq,
Jan, Khan, & Ahmed, 2017; Islam, Fenz, Weippl, & Mouratidis, 2017). The research study plans
to fit into this section as the research goal is to determine if there is a consensus on how
organizations use a risk-based orientation to make business decisions to help secure an
organization’s Cloud computing environment. Later themes in this literature review focus on
33
new paradigm changing approaches to Cloud security that future researchers may consider
foundational ten years from now but have not yet bridged the gap between academic research
and real-life application (Cao, Moore, O’Neil, O’Sullivan, & Hanley, 2016; Carvalho, Andrade,
Castro, Coutinho, & Agoulmine, 2017; Casola, DeBenedeictis, Modic, Rak, & Villano, 2014;
Dasgupta & Pal, 2016; Torkura, Sukana, Cheng, & Meinel, 2017). Ten years may seem like a
reasonable gap between academic theory creation and industry-based applications in many fields,
but a decade in Cloud computing security is more than half the lifetime of the field itself
(Fernandes, Soares, Gomes, Freire, & Inacio, 2014; Daylami, 2015; Bunkar and Rei, 2017).
Currently available research that moves beyond discussing specific Cloud security
problems such as data storage (Paxton, 2016; Wang, Su, Dio, Wang, & Ge, 2018), moving
current physical device security paradigms to the Cloud (Khalil, Khreishah, & Azeem, 2014;
Mishra, Pilli, Varadharajan, & Tupakula, 2017), or IAM solutions (Iqbal, Mat Kiah, Dhaghighi,
Hussain, Khan, Khan, & Choo, 2016; Younis, Kifayat, & Merabti, 2014), use a variety of
methods and techniques to improve Cloud security. Solutions range from the systems
development life cycle (Aljawarneh, Alawneh, & Jaradat, 2016) to increased hypervisor security
(Coppolino, D’Antonio, Mazzeo, & Romano, 2017), to the trusted computer base (TCB)
(Navanati, Colp, Aiello, & Warfield, 2014) to a laundry list of current vulnerabilities and
solutions (Iqbal et al, 2016; Khan & Al-Yasiri, 2016), to vendor specific solutions (Diogenes,
2017).
There is a very promising encryption-based solution discussed in deeply technical
computer science and electrical engineering journals named homomorphic encryption (Bulgurcu,
Cavusoglu, & Benbasat, 2016; Feng & Xin, 2014; Khamsemanan, Ostrovsky, & Skeith, 2016;
Zibouh, Dalli, & Drissi, 2016) but the only business process focused article that mentions it that I
34
have found so far is the one by Coppolino, D’Antonio, Mazzeo, and Romano published in 2017
(Coppolino, D’Antonio Mazzeo, & Romano, 2017). Although homomorphic encryption looks
like it will allay many security concerns regarding Cloud computing adoption, it is not in use yet
and looks to be expensive and complicated, negating its use for SMEs (Dasgupta & Pal, 2016;
Feng & Xin, 2014; Souza & Puttini, 2016). Perhaps the most effective argument against
homomorphic encryption in an academic setting is that it is just another Band-Aid on IT and
Cloud security (Potey, Dhote, & Sharma, 2016; Ren, Tan, Sundaram, Wang, Ng, Chang, &
Aung, 2016). Homomorphic encryption solutions allow organizations including SMEs to make
the same choices and mistakes that they do in an on-premises environment (Elhoseny, Elminir,
Riad, & Yuan, 2016; Mengxi, Peng, & Hao Miao, 2016; Wu, Chen, & Weng, 2016). Just as the
research project that this literature review is a part of does not propose a once in a generation
paradigm change to Cloud computing, homomorphic encryption lets organizations make the
same security mistakes they have been making since computing became a major business
function (Bulgurcu, Cavsogliu, & Benbasat, 2016; Potey, Dhote, & Sharma, 2016). The other
major drawback to homomorphic encryption as a topic for a thesis submitted to a business
department is that it requires very advanced mathematical skills and knowledge.
Industry-based Framework Solutions for Large Enterprises
There is a large amount of academic research in changing or transforming industry-based
framework solutions for large enterprises into solutions for SMEs (Bildosola, Rio-Belver,
Cilleruelo, & Garechana, 2015; Moyo & Loock, 2016; Seethamraju, 2014). This section of
literature review includes research papers based on industry-based frameworks such as data-
based governance (Al-Ruithe, Benkhelifa, & Haneed, 2016), general governance (Barton, Tejay,
Lane, & Terrell, 2016; Elkhannoubi & Belaissaoui, 2016), or industry standard based governance
35
efforts such as ISACA’s control objectives for information and related technologies (COBIT)
(Devos & Van de Ginste, 2015). There are several complex and all-consuming industry-based
frameworks for almost all IT activities and functions including cybersecurity (Cao & Zhang,
2016; Oktadini & Surendro, 2014; Tajammul, & Parveen, 2017). These industry-based
frameworks for large enterprises have real world drawbacks for use by SMEs. These industry-
frameworks are incredibly expensive in time, training, and financial terms (Haufe, Dzombeta,
Bradnis, Stantchev, & Colomo-Palacios, 2018; Kovacsne, 2018; Lanz, 2015). The return on
investment (ROI) calculation for these types of endeavors is far too small for most SMEs
(Moral-Garcia, Moral-Rubio, Fernandez, & Fernandez-Medina, 2014; Schmidt, Wood, &
Grabski, 2016).
Researchers and practitioners may be able to adapt these industry-based frameworks to
effective and useful Cloud computing security research but these industry-based frameworks are
very rigid, and do not encourage change (Tajammul, & Parveen, 2017). Industry will only accept
changes proposed by academic research when versions change for ITIL, COBIT, or ISO 2700
(Atkinson & Aucoin, 2016; IT Process Maps, 2018). Because of the structure of these industry-
based frameworks, they are very antithetical to change, in fact, the design of these industry-based
frameworks encourage elimination of any change or diversion from strict standards wherever
possible (Betz & Goldenstern, 2017; Lawson, Muriel, & Sanders, 2017). Despite these
drawbacks there does appear to be some research is currently taking place on industry-based
framework-based solutions to let organizations perform accurate and useful risk analyses of
CSPs but not particularly for SMEs (Silva, Westphall, & Westphall, 2016; Karras, 2016; Cayrici,
Garaga, de Oliveira, & Roudier, 2016).
36
Leaving aside the issue of whether or not these industry-based frameworks for large
enterprises could effectively work for SMEs, these industry-based frameworks are not able to
keep up with the massive rate of change in Cloud computing (Cram, Brohman, Gallupe, 2016;
Lohe & Legner, 2014). For example, the previously mentioned COBIT saw seven years between
COBIT 4 and COBIT 5 releases. To stay effective and timely for SME risk analysis and
assessment of Cloud computing and Cloud computing security, COBIT would have to decrease
the time between releases to seven months (Tajammul & Parveen, 2017). Additionally, within
the proposed seven-month release cycle, the industry-based frameworks would have to be re-
engineered for SMEs. Unlike academic research, creators of industry-based frameworks for large
enterprises such as ITIL, COBIT, and ISO 2700 do so for-profit motives (Leclercq-
Vandelannoitte & Emmanuel, 2018). Printed documents, training, and certifications of
employees and organizations are very expensive to obtain and create large profits for the
certifying organization (Skeptic, 2009). SMEs are not good customers for these industry-based
frameworks as they do not have the budget for them in employee time or financial budgets
(Assante, Castro, Hamburg, & Martin, 2016Carcary, Doherty, & Conway, 2014; Senaratha,
Yeoh, Warren, & Salzman, 2016). Perhaps the only reasonable way for academic research to
start with an industry framework for large enterprises and end up with a solution for SMEs is to
focus a small part of an industry framework such as SLAs (Carvalho, Andrade, Castro,
Couitinho, & Agoulmine, 2017; Luna, Suri, Iorga, & Karmel, 2015; Na & Huh, 2014). A
separate theme discusses SLAs but find their antecedents in large enterprise agreements with
vendors such as CSPs.
37
SMEs
SMEs are present in almost every country in the world (Calvo-Manzano, Lema-Moreta,
Arcilla-Cobian, & Rubio-Sanchez, 2015) and in some countries employ more than 95% of the
total workforce (Fernando & Fernando, 2014). SMEs are responsible up to sixty per cent of all
employment, and up to forty per cent of all reported national income in emerging countries
(Ndiaye, Razak, Nagayev, & Ng, 2018). SMEs are a very large segment of the business world
and deserve a large amount of the industry-based solutions research and the academic research
for IT and Cloud security solutions (Robu, 2013; Seethamraju, 2014). While it is possible to
scale down some large enterprise solutions to SME size, as previously discussed, most cannot
(Kritikos, & Massonet, 2016; Parks & Wigand, 2014). SMEs need their own IT solutions
including Cloud security and Cloud risk assessments. These solutions will need to consider the
constraints that SMEs face such as financial and employee skill levels (Carcary, Doherty,
Conway, & McLaughlin, 2014; Hasheela, Smolander, & Mufeti, 2016). The academic research
for SME Cloud security risk assessments must accept these constraints to be useful, both in
potential industry-based solutions and for academic frameworks. There is no value in solutions
that have no chance of implementation. Even though many current SME solutions are not
probable in today’s business and industry settings, they are possible (Hussain, Hussain, Hussain,
Damiani, & Chang, 2017; Liu, Xia, Wang, & Zhong, 2017; Mohabbattalab, von der Heidt,
Mohabbattalab, 2014). As discussed previously, trying to adapt a large enterprise solution that
may cost more than the entire SME yearly budget to solve SME Cloud security problems is not
prudent (Cram, Broham, & Gallupe, 2016; Lawson, Muriel, & Sanders, 2017; Devos & Van de
Ginste, 2015). Adapting the large enterprise solutions will not yield useful results in the
incredibly fast-moving Cloud security industry or research field.
38
The same is true for academic solutions that require advanced mathematics or high levels
of skill in arcane academic fields to succeed (Potey, Dhote, & Sharma, 2016; Ren, Tan,
Sundaram, Wang, Ng, Chang, & Aung, 2016; Zibouh, Dali, & Drissi, 2016). A homomorphic
encryption solution that requires periodic changes to the cryptographic elements of the solution
are not a reasonable solution for SMEs (Feng & Xin, 2014; Khamsemanan, Ostrovsky, & Skeith,
2016; Wu, Cheng, Weng, 2016). Nor are solutions that require skill in an academic model unique
to a single or small group of papers (Deshpande et al, 2018; Kholidy, Erradi, Abelwahed, &
Baiardi, 2016; Nanavati, Colp, Aeillo, & Warfield, 2015). Unique models such as Security
threats management model (STMM) (Lai & Leu, 2015), or a data provenance model (Imran,
Hlavacs, Haq, Jan, Khan, & Ahmad, 2017), or even more common models such as using the
Software development life cycle framework to create a Software assurance reference dataset
(SARD) (Aljawarneh, Alawneh, & Jaradat, 2016) are very unlikely to be adopted by SMEs.
SMES are not just scaled down versions of large enterprises. SMEs have fundamentally
different designs and structures that require different approaches and reactions to new
technologies such as Cloud computing (Cheng & Lin, 2009; Diaz-Chao, Ficapal-Cusi, &
Torrent-Sellens, 2017; Lai, Sardakis, & Blackburn, 2015). Research attempting to discover or
create solutions for SMEs to securely adopt Cloud computing environments needs to be
fundamentally different also (Hussain, Hussain, Hussain, Damiani, & Chang, 2017; Moyo &
Loock, 2016; Wang & He, 2014). Research leading to academic and industry-based solutions for
SMEs need to focus on solutions that are closer to “turn-key” or ones SMEs can adopt without
special expertise. If an SME cannot implement a solution with its current staff, the SME is less
likely to adopt the solution (Bildosola, Río-Belver, Cilleruelo, & Garechana, 2015; Kumar,
Samalia, & Verma, 2017).
39
SMEs Local
Much of the current research on SMEs focuses on a geographically distinct group of
SMEs. While the focus on the research may be Cloud or Cloud security, the group under study is
usually in the same region of the world (Assante, Castro, Hamburg, & Martin, 2016; Bolek,
Lateckova, Romanova, Korcek, 2016; Carcary, Doherty, & Conway, 2014). After reading a large
number of research papers based on SMEs from the same state, country or continent, several
differences between regions become evident (Moyo & Loock, 2016; Senarathna, Yeoh, Warren,
& Salzaman, 2016). The differences between SMEs in one region versus another region as
regards Cloud computing adoption and Cloud security would make for a fascinating thesis by
themselves but for the purposes of this literature review and the research study it is enough to
differentiate SMEs geographically by World bank average income level groupings (Fosu, 2017).
There is an obvious and broad correlation between the SMEs in low, lower-middle, upper-middle
economies and the SMEs in high-income economies in terms of Cloud computing adoption.
SMEs in non-high-income countries do not appear to be adopting Cloud computing at a level
where they would need to do Cloud security risk assessments yet (Kumar, Samalia, & Verma,
2017; Moyo & Loock, 2016; Vasiljeva, Shaikhulina, & Kreslins, 2017). SMEs in high-income
countries, however, need Cloud security risk assessments and would find a validated risk
instrument to be a valuable commodity (Haines, Horowitz, Guo, Andrijicic, & Bogdanor, 2015;
Rahulamathavan, Rajarajan, Rana, Awan, Burnap, & Das, 2015; Sahmim & Gharsellaoui, 2017).
High income economy SMEs will be the assumed target of the research study unless otherwise
specified.
40
SMEs and Cloud
Cloud computing is a new and rapidly developing field of research (Khan & Al-Yasiri,
2016). SMEs and Cloud computing is an even newer subset of that field of research (Chiregi &
Navimipour, 2017). Even as a new subset of a new field of research there are interesting threads
developing in the field (Bildosola, Río-Belver, Cilleruelo, & Garechana, 2015; Hussain, Hussain,
Hussain, Damiani, & Chang, 2017; Mohabbattalab, von der Heidt, & Mohabbattalab, 2014).
SMEs are as competitive as large enterprises and look for potential business advantages such as
Cloud. Current research studies find that SMEs want to adopt Cloud computing for predicted
cost savings (Al-Isma’ili, Li, Shen, & He, 2016; Chatzithanasis & Michalakelis, 2018; Shkurti &
Muca, 2014), business process improvement (Chen, Ta-Tao, & Kazuo, 2016; Papachristodoulou,
Koutsaki, & Kirkos, 2017; Rocha, Gomez, Araújo, Otero, & Rodrigues, 2016), or to reach new
customer bases (Ahani, Nilashi, & Ab Rahim, 2017; George, Gyorgy, Adelina, Victor, & Janna,
2014; Stănciulescu, & Dumitrescu, 2014). SMEs’ Cloud options are different than large
enterprise options (Gholami, Daneshgar, Low, & Beydoun, 2016; Salim, Darshana, Sukanlaya,
Alarfi & Maura, 2015; Yu, Li, Li, Zhao, & Zhao, 2018). With very few exceptions in current
research (Wang, Wang, & Gordes, 2018), SMEs do not have the financial means or staff
expertise to create and adopt private or hybrid Clouds (Hsu, Ray, & Li-Hsieh, 2014; Keung &
Kwok, 2012; Michaux, Ross, & Blumenstein, 2015), nor do SMEs want to focus on Cloud
operations as a core business practice. SMEs are more likely than large enterprises to be the
customer of a community based CSP, either non-profit or for profit based (Baig, R., Freitag, F.,
Moll, A., Navarro, L., Pueyo, R., Vlassov, V., (2015; Bruque-Camara, Moyano-Fuentes, &
Maqueira-Marin, 2016), although most SMEs will use a public Cloud offering (Buss, 2013;
Cong & Aiqing, 2014). Large enterprises are more likely to adopt a private Cloud or leverage
41
their large enterprise size to be a valued customer of one of the largest CSPs such as AWS,
Azure, or Google Cloud (Chalita, Zalila, Gourdin, & Merle, 2018; Persico, Botta, Marchetta,
Montieri, & Pescape, 2017; Vizard, 2016). SMEs cannot offer the scale of purchasing to receive
significant discounts from the large CSPs and are more likely to see value in a community Cloud
that understands the SMEs core business practices, or a smaller CSP that specializes in the
SMEs’ core business practices (Huang, et al, 2015; Wang & He, 2014).
SMEs and IaaS
A number of research studies show that SMEs should be more likely to adopt SaaS CSP
offerings than PaaS or IaaS CSP offerings but researchers need to do more work. One of the
issues with concluding that SMEs should use SaaS Cloud computing options is that the research
does not show that SMEs actually are using SaaS more than IaaS and PaaS (Achargui & Zaouia,
2017; Hasheela, Smolander, & Mufeti, 2016). While the arguments made by the researchers are
imminently logical, the same research does not show that they have not yet persuaded SMEs
with those arguments. The research study’s survey instruments and the validated risk instrument
associated with the research include SaaS Cloud computing.
There is research describing SMEs use or lack of use of PaaS Cloud computing
environments (Bassiliades, Symeonidis, Meditskos, Kontopoulos, Gouvas, & Vlahavas, 2017;
Ionela, 2014). The current research regarding SMEs and PaaS does not reach a reproducible
conclusion and the research tends to focus on PaaS offerings of very large business application
software suites (Bassiliades, Symeonidis, Meditskos, Kontopoulos, Gouvas, & Vlahavas, 2017;
Kritikos, Kirkham, Kryza, & Massonet, 2015; Papachristodoulou, Koutsaki, & Kirkos, 2017).
The recent research studies discussing high-income country-based SMEs and PaaS Cloud
computing environments tend to focus on the SMEs adoption and use of the large software
42
programs such as enterprise resource planning programs (ERP) or huge customer relationship
management programs (CRM) (Calvo-Manzano, Lema-Moreta, Arcilla-Cobián, & Rubio-
Sánchez, 2015; Rocha, Gomez, Araújo, Otero, & Rodrigues, 2016). Research based on lower
income-based country SMEs and PaaS Cloud computing environment offerings tend to focus on
the smaller SMEs and their adoption of the more individual customer-based PaaS Cloud
environments such as Google Gmail or Microsoft Office 365 (Chatzithanasis & Michalakelis,
2018; Hasheela, Smolander, & Mufeti, 2016).
Some research shows that SMEs tend to adopt Cloud paradigms that the SME’s current
staff is comfortable using (Assante, Castro, Hamburg, & Martin, 2016; Carcary, Doherty,
Conway, & McLaughlin, 2014). In many cases the simplest Cloud service to adjust to when first
adopting Cloud computing, is that of IaaS (Cong &Alquing, 2014; Fernando & Fernando, 2014;
Keung & Kwok, 2012). An SME’s IT staff can perform the same job duties on a virtual server in
an IaaS environment that they did on an on-premise computer server. While the IT staff will
have to become conversant with the CSP’s IaaS server provisioning process, all major CSPs
allow one to create a server and network online through a web page. The SME’s IT staff can also
create and destroy IaaS servers quickly and cheaply to learn the CSP’s process (Chalita, Zalila,
Gourdin, & Merle, 2018; Persico, Botta, Marchetta, Montieri, & Pescapé, 2017; Vizard, 2016).
The SME’s will need to learn the most cost-effective way to utilize the CSP’s IaaS environment,
but that holds true for the CSP’s PaaS and SaaS environments.
IaaS Cloud computing environments are a good choice for SMEs in several scenarios. If
an SME is ready to make a wholesale move to the Cloud, perhaps as part of the initial IT setup
and configuration, moving to an IaaS environment can offer a base virtual environment where
the SME’s IT team can setup its environment any way it deems best (Chalita, Zalila, Gourdin, &
43
Merle, 2018; Vizard, 2016). If an SME is moving an existing server room or data center into a
public or private Cloud, and the SME can outsource the forklift portion of adopting a Cloud
computing environment, the SME’s IT staff need to learn a smaller set of Cloud computing
specific skills and tasks (Fahmideh & Beydoun, 2018). IaaS Cloud computing environments are
the best choice for SMEs that have to move into a Cloud computing environment quickly (Al-
Isma’ili, Li, Shen, & He, 2016; Baig, Freitag, Moll, Navarro, Pueyo, Vlassov, 2015).
IaaS Cloud environments are attractive to SMEs in other scenarios too. If the SME
decides on a gradual move to the Cloud with a policy of all new servers created in a CSP hosted
environment, the SME’s IT staff can gradually learn the skills needed server by server
(Senarathna, Wilkin, Warren, Yeoh, & Salzman, 2018). A gradual move to a CSP environment
can coincide with other business processes within the SME such as amortization and cost write-
offs for servers and server room equipment, or technology life-cycle events such as aging out of
a specific server model (Gupta & Saini, 2017; Rocha, Gomez, Araújo, Otero, & Rodrigues,
2016). A gradual move based on business processes has the additional benefit of stronger buy-in
from other business units within the SME for continued Cloud operations (Kouatli, 2016; Raza,
Rashid, & Awan, 2017).
PaaS and SaaS CSP options can be strong options for SMEs in various scenarios. Very
small businesses, may only need a limited amount of IT perhaps one or two applications such as
email and document sharing and storage (Hasheela, Smolander, & Mufeti, 2016; Moyo & Loock,
2016). If a small enterprise only needs to use applications, not to build and change them, SaaS or
PaaS would be an appropriate choice (Musungwini, Mugoniwa, Furusa, & Rebanowako, 2016).
If a small enterprise’s IT needs do reach the level of individual servers or a server room, the
SME may not IT staff with competencies much higher than that of an IT Help-Desk. IF the SME
44
does not currently manage on premise servers, PaaS or SaaS would be a logical choice for a
Cloud computing environment (Bassiliades, Symeonidis, Meditskos, Kontopoulos, Gouvas, &
Vlahavas, 2017; Ionela, 2014). As the research study focuses on high-income SMEs that need a
validated risk instrument for adopting Cloud computing solutions securely, single customer-
based SaaS or PaaS solutions will not get much coverage.
SME Cloud Security
Just as in general Cloud security research, SME focused Cloud security research has
reached the point where researchers have done the general descriptive baselining of what a
current Cloud computing environment is (Kumar, Samalia, & Verma, 2017; Lacity & Reynolds,
2013), how Cloud security is different than on premise IT security (Liu, Xia, Wang, Zhong,
2017), and why Cloud security is important for SMEs (Mohabbattalab, von der Heidt, &
Mohabbattalab, 2014). Even research that does not start with the focus on SMEs can be very
informative when describing Cloud computing environments and the security needs of SMEs for
Cloud adoption (Shaikh & Sasikumar, 2015; Sun, Nanda, & Jaeger, 2015). Even though parts of
this literature review make large the differences between SMEs and large enterprises, at a basic
level, a Cloud computing environment has a basic structure that is the same for any size
company (Phaphoom, Wang, Samuel, Helmer, & Abrahamsson, 2015; Ray 2016). So too, Cloud
computing security starts the same for an organization whether they have one employee or fifty
thousand employees.
Differences between Large Enterprises and SMEs
The differences between SME on-premise IT security and potential Cloud security can
look fairly similar to the same comparison for large enterprises (Diogenes, 2017; Hussain,
Mehwish, Atif, Imran, & Raja Khurram, 2017). SMEs tend to have very different on-premises IT
45
security needs, budgets, and practices than large enterprises, but at the basic level, Cloud
computing is using someone else’s hardware (Daylami, 2015). This tends to be truer for SMEs
than large enterprises as financial budgets play a large role in whether or not an organization
decides to create its own Cloud environment such as a private Cloud or a hybrid Cloud
environment leading to more use of public Cloud offerings by SMEs (Shkurti, & Muça, 2014).
The lack of Cloud expertise held by SME’s IT staff would also tend to negate the possibilities of
an SME creating its own Cloud baseline. When a researcher starts to investigate actual business
practices and the details in Cloud adoption and Cloud security, SMEs start to differentiate
themselves from large organizations (Chatzithanasis, & Michalakelis, 2018; Rocha, Gomez,
Araújo, Otero, & Rodrigues, 2016).
Aside from decision making influences such as budget and IT staff expertise, the
importance of SME Cloud security can look similar to what a large enterprise considers
important in Cloud security when focusing on the details. In general, if a large enterprise in a
specific industry faces a security threat when adopting Cloud computing environments, SMEs
face similar concerns, just on a smaller scale. In specific cases, large enterprises do have greater
security concerns and concomitant practices to allaying those security concerns (Bahrami,
Malvankar, Budhraja, Kundu, Singhal, & Kundu, 2017; Yimam & Fernandez, 2016). Large
enterprises have access to solutions that SMEs do not such as creating new Cloud security teams,
or hiring CSP based security subject matter experts. As with differences between on-premises
and Cloud security between large enterprises and SMEs, the differences between SMEs and large
enterprises regarding Cloud computing security start to gain prominence when a researcher starts
to focus on details. Focusing on these and other details is a basic part of the case study-based
theory coding process and played an integral part of the research study.
46
As discussed, Cloud computing security for SMEs starts at a similar place to Cloud
security for larger enterprises. Cloud computing involves using someone else’s hardware and the
corresponding loss of control that giving up physical security involves (Daylami, 2015). While
SMEs have similar security concerns and all organizations would like to keep confidential
information secret, the size of an organization affects the way in which SMEs secure their data.
SME focused academic research solutions tend to be smaller scale and less expensive (Bildosola,
Río-Belver, Cilleruelo, & Garechana, 2015; Gastermann, Stopper, Kossik, & Katalinic, 2014
Lacity & Reynolds, 2013; Senarathna, Yeoh, Warren, & Salzman, 2016). Some current SME
Cloud computing security solutions are just lists of threats and how to remediate the threats,
which although very cost effective, are not forward-looking solutions frameworks (Lalev, 2017;
Preeti, Runni, & Manjula, 2016). Other current SME Cloud computing security solutions require
SMEs to create new teams or business processes (Haimes, Horowitz, Guo, Andrijcic, &
Bogdanor, 2015; Lai & Leu, 2015). The best of current academic SME solutions to Cloud
security do not create new processes or tools for SMEs to learn but instead help SMEs to
simplify their treatment of data and to reduce the SME’s attack surface (Carcary, Doherty,
Conway, & McLaughlin, 2014; Ertuk, 2017; Gritzalis, Iseppi, Mylonas, & Stavrou, 2018).
SME Using Cloud to Reduce Costs
SMEs are less likely to embrace the costs of creating and maintaining server rooms with
dedicated power and cooling than large enterprises (Tso, Jouet, & Pezaros, 2016). SMEs are
more likely to be based in one physical location making redundancy and failover more difficult
for the organization’s pre-Cloud IT infrastructure (Lent, 2016). As such, Cloud computing may
look more attractive for an SME than a large enterprise when the viewpoint is financial or
business process related (Bildosoia, Rio-Belver, Cillerueio, & Garechana, 2015; Carcary,
47
Doherty, Conway, & McLaughlin, 2014). In terms of a Cloud security solution, SMEs may be
able to bridge some of the gap between them and large enterprises in that SME Cloud security
solutions can include multi-Cloud or fully redundant solutions without major increases in cost or
effort (Ertuk, 2017; Salim, Darshana, Sukanlaya, Alarfi & Maura, 2015; Wang & He, 2014). An
SME that can adopt business processes or solutions normally restricted to large enterprises can
gain a competitive advantage (Hsu, Ray, & Li-Hsieh, 2014). Cloud computing can be a tool for
SMEs to adopt some large enterprise IT standards such as full redundancy and auto scaling of
organizational resources to customer demand (Buss, 2013; Huang, et al, 2015; Michaux, Ross, &
Blumenstein, 2015).
There are many ways for an organization to adopt Cloud computing and many different
ways to manage the risk of Cloud computing adoption. The differences between the solutions,
including security solutions can be much more than a result of “throwing more money at it” that
can dismissively explain the differences between SMEs and large enterprises when discussing
on-premises IT security solutions. SMEs may be able to adopt solutions such as multi-Cloud
(Zibouh, Dalli, Drissi, 2016, Cloud access security broker (CASB) (Paxton, 2016), or automation
of security controls (Tunc, et al, 2015) that if based on-premises would be solely the provenance
of large enterprises. These possible Cloud security solutions are still outside of the main stream
for SMEs, however, and SMEs need a way to assess the risk of using these or more standard
solutions. The research study is a start to providing SMEs a way to assess the risks of adoption a
Cloud computing solution, even if the solutions is one that the SME would never consider in an
on-premises environment (Albakri, Shanmugam, Samy, Idris, & Ahmed, 2014; Ngo.
Demchenko, & de Laat, 2016; Younis, Kifayat, & Merabti, 2014). The promise of gaining an
edge on their competition should have SMEs looking at the feasibility of these new solutions.
48
One important promise of Cloud computing for SMEs is that rather than be forced to
decide from a scaled down, reduced cost version of a large enterprise solution or a simpler, less
secure solution, SMEs will be able to choose from a larger selection of Cloud security solutions
if it is easier for SMEs to assess the risk of each solution. Due to previously discussed dual
constraints of smaller financial budgets and lower skill levels of IT staff, SMEs tend to
contemplate different priorities in Cloud computing risk calculations. If SMEs could reasonably
assess the risk of using new Cloud computing security solutions, SMEs could be much more
secure in the Cloud than they currently are on-premises (Chen, Ta-Tao, & Kazuo, 2016;
Seethamraju, 2014). SMEs cannot realize the great promise of Cloud computing adoption SMEs
if the SMEs cannot properly asses the risk of using a Cloud computing environment.
Cloud Security as an Improvement
An interesting difference between SMEs and large enterprises shows up in some SME
based research papers that indicates that for many SMEs, basic Cloud security is an improvement
over the SMEs existing IT security (Lacity & Reynolds, 2013; Mohabbattalab, von der Heidt, &
Mohabbattalab, 2014). The SMEs where basic CSP provided security is better than the SME in
house security, are most likely the smaller SMEs discussed earlier that have limited IT needs and
limited IT staffs (Mayadunne & Park, 2016; Senarathna, Yeoh, Warren, & Salzman, 2016; Wang
& He, 2014). Some SMEs have very limited in IT security. For those SMEs, the adoption of
Cloud computing environments is an improvement in the SMEs security posture. These SMEs
are among those that would find the greatest help from a validated risk instrument. An
inadequate cybersecurity budget almost certainly means, at the very least, the staff have little free
time to research Cloud security options.
49
While public CSPs have many whitepapers discussing their security and the risk
assessment attestations they have (Chalita, Zalila, Gourdin, & Merle, 2018; Persico, Botta,
Marchetta, Montieri, & Pescapé, 2017; Vizard, 2016), the documents and attestations do not
apply to the CSP’s customer’s security. Even if the SME’s cybersecurity team has been able to
read the CSPs explanations of how their Cloud security offerings work, the SME still needs to
work through how each solution fits the organization’s specific needs. Having said that, the
current academic research in SME Cloud security is moving towards a consensus that SMEs can
be more secure at a lower cost in the Cloud than on-premises (Al-Isma’ili, Li, Shen, & He, 2016;
Bassiliades, Symeonidis, Meditskos, Kontopoulos, Gouvas, & Vlahavas, 2017; Famideh &
Beydoun, 2018; Shkurti, & Muça, 2014). SMEs still need a way to ensure that the solution they
pick make the SME more secure, and the research study produced a validated risk instrument
that will help SMEs do so.
Risk
As discussed earlier in this literature review, professionals commonly define risk in IT
using an equation as shorthand. Risk = probability x impact / cost (Choo, 2014; Jouini & Rabai,
2016). Researchers have done good academic research on the risk involved with Cloud
computing adoption (Jouini & Rabai, 2016; Vijayakumar, & Arun, 2017). Researchers have
published less regarding the risk SMEs take in adopting Cloud computing and how SMEs
evaluate the risk (Assante, Castro, Hamburg, & Martin, 2016; Hussain, Hussain, Hussain,
Damiani, & Chang, 2017). The research study helps to fill the gap in academic research about
SME risk assessment processes when adopting Cloud computing, and the research study
generated a validated instrument that SMEs can use during a Cloud risk assessment. This
50
literature review followed the same general pattern for researching risk as the sections for SMEs
and Cloud security; starting broadly and narrowing down to the final topic.
Risk Descriptive
The first section of the literature review research on SME Cloud computing risk
assessments is the general field describing risk relating to Cloud computing. There is adequate
research on broad questions such as the differences between on-premises IT risk and Cloud
computing environment risks, with the simplest answer being that risk is different in the Cloud
(Li & Li, 2018; Rittle, Czerwinski, & Sullivan, 2016; Shackleford, 2016). More nuanced
analyses of how Cloud security presents different risks is also represented in the literature, from
highly detailed quantitative models (Hu, Chen, & We, 2016; Jouini & Rabai, 2016; Tanimoto et
al, 2014) to qualitative descriptive research papers (Iqbal et al, 2016; Khalil, Khreishah, &
Azeem, 2014; Hussain, Mehwish, Atif, Imran, & Raja Khurram, 2017) ) to presentations of
controls and responses that should be taken to ameliorate Cloud computing risk (Khan & Al-
Yasiri, 2016; Preeti, Runni, & Manjula, 2016).
Unfortunately, due to the newness of the field, many articles on Cloud computing risk are
more descriptive based rather than discovery focused (Mishra, Pilli, Varadharajan, & Tupakula,
2017; Singh, Jeong, & Park, 2016). While many of these research papers do a very good job of
describing Cloud computing risk at a high level (Choi & Lambert, 2017; Shackleford, 2016) and
some can be very informative at a lower level of Cloud risk (Casola, De Benedictis, Erascu,
Modic, & Rak, 2017; Lai & Leu, 2015), very few research papers reach the level that would have
other researchers want to expand or extend the research (Masky, Young, & Choe, 2015; Ngo,
Demchenko, & de Laat, 2016). It is logical that academic researchers have to fully describe a
new problem, environment, process, or framework before the important work of discovering how
51
to improve it. One cannot expect quality research from the academic field regarding Cloud
computing security risk until that risk is fully detailed, but the research study and this literature
review took steps in that direction.
The incredible rate of change in the Cloud computing industry is surprising even by IT
standards (Bayramusta & Nasir, 2016) The value of properly researched and peer reviewed
articles based on the details of specific risks involved in adopting Cloud computing such as
hypervisor attacks (Nanavati, Colp, Aeillo, & Warfield, 2014), or other specific CSP weaknesses
(Deshpande, et al. 2018) is minimal as the industry will have reacted before the research paper is
published (Kurpjuhn, 2015; Preeti, Runni, & Manjula, 2016). The current research available does
a better job describing the risks involved with using a Cloud computing IaaS environment than a
PaaS or SaaS Cloud computing environment (Gritzalis, Iseppi, Mylonas, & Stavrou, 2018; Wang
& He, 2014). This is predictable as an IaaS environment is closest to existing on-premises
environments and existing research models and paradigms for computing security. While some
researchers actively focus on risk in PaaS and SaaS Cloud computing environments (Gupta,
Gupta, Majumdar, & Rathore, 2016; Weintraub & Cohen, 2016) the ratio seems to be off. It is
reasonable to expect that just as on-premises computing is being supplanted by Cloud computing
for all the reasons discussed in this literature review, so too will be IaaS with PaaS, SaaS, and
new paradigms that have not been created yet (Kritikos, Kirkham, Kryza, & Massonet, 2015;
Priyadarshinee, Raut, Jha, & Kamble, 2017). As the industry and CSPs move to more dynamic
and complicated computing paradigms and environments such as containers (Bahrami,
Malvankar, Budhraja, Kundu, Singhal, & Kundu, 2017), micro-services (Sun, Nanda, & Jaeger,
2015), compute as a service (Qiang, 2015), security as a service (SecaaS) (Torkura, Sukmana,
52
Cheng, & Meinel, 2017), and eventually everything as a service (Sung, Zhang, Higgins, & Choe,
2016), academic research focused on just describing old models of Cloud risk will not be useful.
SME Risk Assessment
Organizations are rapidly moving to the Cloud (Khan & Al-Yasiri, 2016). The vast
majority of medium to large organizations have policies and procedures regarding adoption and
use of IT such as Cloud computing (Madria, 2016; Shackleford, 2016). The core of the research
project is discovering how organizations are approving the use of Cloud computing
environments based on a risk paradigm. At a high level, organizations can use existing risk
frameworks such as ISO2700, or COBIT (Devos & Van de Ginste, 2015), alter their current risk-
based procedures or alter the organization’s Cloud computing environments to match the
organization’s current risk requirements.
SMEs are not likely to use large industry-based IT control frameworks such as ITIL,
COBIT, or ISO2700 because of the cost of implementing the industry frameworks (Barton,
Tejay, Lane, & Terrell, 2016; Tisdale, 2016; Vijayakumar, & Arun, 2017). As discussed
previously, the cost of training staff and implementing such frameworks can be higher than an
SME’s entire IT budget (Atkinson & Aucoin, 2016; IT Process Maps, 2018). Perhaps the true
value of such frameworks is the ability to standardize IT processes across a global company and
across many business units (Cao & Zhang, 2016; Oktadini & Surendro, 2014; Tajammul, &
Parveen, 2017). Such standardization is not a business driver for SMEs and is usually a goal of
mature large enterprises.
SMEs are likely to alter their current risk procedures when adopting Cloud computing.
The alteration process is not that of a large enterprise, however. A large enterprise will have
entire teams dedicated to IT risk assessments and may even have separate teams based on the
53
type of risk (Zong-you, Wen-long, Yan-an, & Hai-too, 2017). Global enterprises may have
different IT risk assessment teams dedicated to applications, infrastructure, and new software
acquisitions (Damenu & Balakrishna, 2015). Large enterprises may reasonably treat a new Cloud
computing environment as any one of those types of risk assessment types and only require
minor alterations to the large enterprises business processes to finish a Cloud computing risk
assessment. SMEs have no such separate risk teams, and may have no internal audit or risk teams
whatsoever (Mahmood, Shevtshenko, Karaulova, & Otto, 2018). SMEs are more likely to
contract outside audit and risk firms, and only when required by law for financial audits and
other matters (Gupta, Misra, Singh, Kumar, & Kumar, 2017). SMEs may use consultants for a
Cloud computing risk assessment but would save money by using something similar to the
validated risk instrument that is an output of the research study.
As with altering their current risk assessment procedures, large enterprises are most likely
to require constraints and limitations on a Cloud computing environment before approving
moving to the Cloud. Large enterprises have the resources, both financially and in qualified staff
to create a private Cloud limited to a single organization if they wish (Gupta, Misra, Singh,
Kumar, & Kumar, 2017). More commonly, large organizations will use their greater resources to
design a Cloud environment to their specifications that will pass an internal risk assessment
(Chang & Ramachandran, 2016). A very simple example is that a large organization can separate
confidential and non-confidential data to prevent the storage of data in the Cloud. A large
organization may also leverage the size of their Cloud deployment to secure changes and
discounts from the CSP (Gupta, Misra, Singh, Kumar, & Kumar, 2017). These are all examples
of changes to a Cloud environment that SMEs are not able to do. SMEs are far more likely to
have to accept what a CSP offers as the SME has no leverage with the CSP to enact changes.
54
One choice SMEs do have in their favor is the choice of CSP or combinations of CSPs. A
validated risk instrument that will allow SMEs to make effective choices between various public
CSPs will be a very useful tool.
Cloud Risk Solutions
A thorough review and understanding of current risk assessment and acceptance policies
and procedures is critical to this research project. This section of the literature review focuses on
how academic research is writing about Cloud computing risk. Many authors have done good
work in identifying Cloud computing risk factors (Jouini & Rabai, 2016; Hu, Chen, & We, 2016;
Alali & Yeh, 2012). One can see many challenges found in on-premises computing risk
assessments also identified in Cloud computing environments along with many risk factors that
are distinct to the Cloud (Cayirci, Garaga, de Oliveira, & Roudier, 2016; Madria, 2016). From a
focus on those specific threats and corresponding security controls (Sen & Madria, 2014;
Albakri, Shanmugam, Samy, Idris, & Ahmed, 2014; Ramachandran & Chang, 2016) to higher
level risk analysis focuses (Brender & Markov, 2013; Shackleford, 2016; Gupta, Gupta,
Majumdar, & Rathore, 2016), there is a wide range of published research.
Some of the proposed solutions are interesting, including a new access control model for
Cloud computing by Younis, Kifayat, and Merabti that incorporates features of mandatory access
control models (MAC), role-based access control models (RBAC), discretionary access control
models (DAC), and attribute-based access control models (ABAC) to create a new model of risk-
based access control (RBAC) (Younis, Kifayat, & Merabti, 2014). A focus on business process
modeling notation (BPMN) also looks promising (Ramachandran & Chang, 2016). There are
proposals to use fuzzy decision theory (de Gusmao, e Silva, Silva, Poleto, & Costa, 2015), and
55
extensible access control markup language (XACML) (dos Santos, Marinho, Schmitt, Westphall,
& Wesphall, 2016) as the basis of solutions to Cloud computing risk.
SME Cloud Risk Solutions
Unfortunately, none of these solutions are a good fit for SMEs. Based on previously
discussed constraints of financial and staff skill constraints, complicated additional skill needed
processes will not help SMEs properly assess the risk involved in adopting Cloud computing.
One of the main attractions of the Cloud for SMEs is that the promise for SMEs that they will
have to do less work and spend less money than with on-premises solutions (Bayramusta, &
Nasir, 2016; Lalev, 2917; Raza, Rashid, & Awan, 2017). Adding very complicated and complex
controls based on RBAC or BPMN or fuzzy decision theory is a non-starter for most SMEs
(Ramachandran & Chang, 2016). One of the promises of Cloud computing for SMEs is that
different paradigms and solutions will emerge in the high rate of change within the Cloud
computing field. A successful solution for SMEs is one that SMEs can easily understand and
adopt. At the present time, this means that the solution or paradigm has to be based on a
currently understood model such as the classic equation of risk, risk = probability x impact / cost
(Choo, 2014; Jouini & Rabai, 2016).
Research is lacking on proposed more traditional risk assessment instruments for Cloud
computing but portions of the research papers that are public has some very good ideas and
potential avenues to research (Gritzalis, Iseppi, Mylonas, & Stavrou, 2018). Building a risk
instrument based upon a simple to understand industry tool such as the common vulnerability
scoring system (CVSS) has promise for SMEs but real-world examples are lacking (Maghrabi,
Pfluegel, & Noorji, 2016). Several groups of authors are presenting research papers that are
attempting to provide validated risk instruments similar to the research paper, including
56
RAClouds based on ISO27001 (Silva, Westphall, & Westphall, 2016) and risk instruments based
on the ISO 31000 risk management framework (Viehmann, 2014) but the results are not easy to
use.
Some researchers are investigating making Cloud risk assessments more accessible to
SMEs but solutions are not complete (Damenu & Balakrishna, 2015; Djuraev & Umirzakov,
2016; El-Attar, Awad, & Omara, 2016). Other approaches to understanding and properly
assessing Cloud computing risk get complicated very quickly even though they propose
interesting solutions. If research concepts such as reducing Cloud computing risk assessments to
simple business process evaluations (Goettlemann, Dalman, Gateau, Dubois, & Godart, 2014), or
Cloud risk assessments based on Markov models (Karras, 2017); or Cloud risk assessments
based on vertical stacking of groups of SMEs (Mahmood, Shevtshenko, Karaulova, & Otto,
2018) come to fruition, perhaps validated risk instruments will not be as important as they are
today. More optimistic researchers are positing theories based on getting CSPs to change and
offer more services such as Security SLAs or more access to the CSPs internal workings
(Rasheed, 2014; Razumnikov, Zakharova, & Kremneva, 2014; Tang, Wang, Yang, & Wang,
2014; Weintraub & Cohen, 2016). The research study provides a validated risk instrument that
can help SMEs assess the risk of adopting Cloud computing in a simple and rational way that
will work without proposing radical changes in the way CSPs conduct business. While large
enterprises can force changes on CSPs due to the large amounts of money they spend, SMEs do
not have that leverage.
Summary
The theoretical framework discussed in this literature review is that SMEs have different
needs than large enterprises regarding Cloud computing environment risk assessments, and
57
academic research has not answered those needs yet (Haimes, Horowitz, Guo, Andrijcic, &
Bogdanor, 2015; Gritzalis, Iseppi, Mylonas, & Stavrou, 2018; Moncayo, & Montenegro, 2016).
The process to researching potential solutions for SME Cloud computing risk assessments started
with broad searches involving cybersecurity (Anand, Ryoo, & Kim, 2015; Ho, Booth, & Ocasio-
Velasquez, 2017; Paxton, 2016), Cloud computing (Chen, Ta-Tao, & Kazuo, 2016;
Ramachandra, Iftikhar, & Khan, 2017), and Cloud security (Coppolino, D’Antonio, Mazzeo, &
Romano, 2017; Ring, 2015; Singh, Jeong, & Park, 2016). There is research that investigates
industry-based framework solutions for large enterprises as potential solutions but they were
found not to be appropriate for SMEs (Al-Ruithe, Benkhelifa, & Haneed, 2016; Bildosola, Rio-
Belver, Cilleruelo, & Garechana, 2015; Elkhannoubi & Belaissaoui, 2016; Moyo & Loock,
2016; Seethamraju, 2014). SMEs have their own requirements and constraints for most IT
solutions (Gholami, Daneshgar, Low, & Beydoun, 2016; Salim, Darshana, Sukanlaya, Alarfi &
Maura, 2015; Yu, Li, Li, Zhao, & Zhao, 2018) and for adopting Cloud computing such as cost
savings (Al-Isma’ili, Li, Shen, & He, 2016; Chatzithanasis & Michalakelis, 2018; Shkurti &
Muca, 2014) or business process improvements (Chen, Ta-Tao, & Kazuo, 2016;
Papachristodoulou, Koutsaki, & Kirkos, 2017; Rocha, Gomez, Araújo, Otero, & Rodrigues,
2016). SME specific Cloud computing risk assessments that do not use old and outdated on-
premises paradigms are not evident in the literature (Baig, R., Freitag, F., Moll, A., Navarro, L.,
Pueyo, R., Vlassov, V., (2015; Bruque-Camara, Moyano-Fuentes, & Maqueira-Marin, 2016;
Buss, 2013; Cong & Aiqing, 2014). The research study creates a validated risk assessment
instrument, and advances the academic field of SME Cloud computing which is lacking in
research focused solely on SME Cloud computing risk assessments (Aljawarneh, Alawneh, &
58
Jaradat, 2016; Assante, Castro, Hamburg, & Martin, 2016; Feng & Yin, 2014; Hasheela,
Smolander, & Mufeti, 2016).
59
Chapter 3: Research Method
The problem the researcher addressed with this study is that there is no commonly
understood and adopted best practice standard for small to medium sized enterprises (SMEs) on
how to specifically assess security risks relating to the Cloud. The purpose of this qualitative
case study research study was to discover an underlying framework for research in SME risk
analysis for Cloud computing and to create a validated instrument that SMEs can use to assess
their risk in Cloud adoption. In this chapter, the researcher presents the research methodology
and design in detail, including population, sample, instrumentation, data collection and analysis,
assumptions, and limitations. Collecting data using a Delphi technique with three rounds
provided the researcher with enough information from multiple case studies regarding SME
Cloud computing risk assessments. Using a Delphi technique is more successful if the sample is
from a population of subject matter experts. Using subject matter experts informed the
limitations, assumptions, and ethical practices in this research study.
SMEs have a different relationship with risk in general (Assante, Castro, Hamburg, &
Martin, 2016) and Cloud adoption risk in particular (Lacity & Reynolds, 2013; Qian, Baharudin,
& Kanaan-Jeebna, 2016; Phaphoom, Wang, Samuel, Helmer, & Abrahamsson, P. 2015). While
many SMEs see Cloud adoption as an avenue to increase their overall security posture
(Bildosola, Río-Belver, Cilleruelo, & Garechana, 2015; Mohabbattalab, von der Heidt, &
Mohabbattalab, 2014; Wang & He, 2014), they do not have the skilled staff or requisite expertise
to create the business and IT processes and procedures to ensure a more secure result (Carcary,
M., Doherty, Conway, & McLaughlin, 2014; Hasheela, Smolander, & Mufeti, 2016). It is
standard practice for medium to large enterprises to use risk assessments before adopting new
computing environments and SMEs should follow the same process (Cayirci, Garaga, Santana de
60
Oliveira, & Roudier, 2016; Jouini & Rabai, 2016). SMEs, however, cannot generally create their
own security procedures and need a process or validated instrument such as a risk assessment to
determine if they should move to the Cloud (Bildosola, Rio-Belver, Cilleruelo, & Garechana,
2015; Carcary, Doherty, & Conway, 2014; Hasheela, Smolander, & Mufeti, 2016). Current
research does not provide a commonly used strategy by SMEs to identify and address Cloud
security risks (Carcary, Doherty, Conway, & McLaughlin, 2014; Kumar, Samalia, & Verma,
2017).
Research Methodology and Design
The decision to approach this research topic on a qualitative case study basis with a
Delphi instrument was based on several factors (Chan, & Mullick, 2016; Flostrand, 2017;
Ogden, Culp, Villamaria, & Ball, 2016). The primary factor is that the product of this research
study is a new approach to SME Cloud computing risk assessments and a validated risk
assessment tool that SMEs can use going forward. With this research study the researcher is not
building on theories from previous studies but looking to discover a thesis and answers from
analyzing what SMEs are currently doing. The most appropriate way to generate new theses and
answers from research based on what organizations are currently practicing is through the use of
case studies (Leung, Hastings, Keefe, Brownstein-Evans, Chan, & Mullick, 2016; Waterman,
Noble, & Allan, 2015). There are currently no easily adaptable tools for SMEs to use as they
decide to adopt Cloud computing (Huang, Hou, He, Dai, & Ding, 2017; Kritikos, Kirkham,
Kryza, & Massonet, 2015; Lacity & Reynolds, 2013). This case study-based research study used
an appropriate Delphi technique to harness the expertise of a large group of subject matter
experts and to synthesize the output of that expertise into a useable product (Flostrand, 2017;
Ogden, Culp, Villamaria, & Ball, 2016). Using case study-based recordation and analyzation
61
techniques on the replies of the subject matter experts that belong to a local ISACA chapter was
a unique chance to create new theory and validated risk instruments.
In other academic fields, a researcher may do well with a grounded theory-based
methodology. A grounded theory design would be an appropriate choice in similar circumstances
except for several major flaws. If there are SMEs risk teams that have created a validated risk
instrument or have answered the research questions in this study, they have not shared them
(Chiregi & Navimipour, 2017; Lacity & Reynolds, 2013; Liu, Xia, Wang, T., Zhong, 2017). If a
researcher built a study on grounded theory coding techniques of SMEs that are in the process of
solving the research questions, the SMEs would not share the additional and ancillary
information critical to grounded theory coding processes due to security concerns (Korte, 2017;
Ring, 2015). The same reticence on the part of cybersecurity professionals rules out quantitative
approaches in general. Quantitative based research study methodologies such as experimental,
quasi-experimental, descriptive, or correlational are not appropriate for two main reasons. The
subject population that can provide answers posed by the survey instruments of this research
study are a very select group and a very small portion of the general population. Random
selection is not possible given the specific knowledge required of the participants of this research
study. A second major concern that obviates the ability to use quantitative methods is that
cybersecurity professionals are not able to share specific details of their work or their
organizations’ challenges (Lalev, 2017; Ring, 2015). Ethnographic, narrative, and
phenomenological methodologies did not fit the focus of this research study. Perhaps the most
important reason for a qualitative case study approach for this research study is that the answers
are not evident and reporting and proving the answers is a useful addition to the field of
academic research and standard industry practices.
62
This research study was based on the replies from a group of risk subject matter experts
to a multi-round web-based survey. The publishing of a web link to the first round of the survey
on the home page of the greater Washington D.C. chapter of ISACA is the way the subject
matter experts accessed the survey instrument. All respondents received a random identification
number based on the order in which they responded to the survey.
The first round of the web-based survey contained general demographic questions such as
the respondent’s risk background, professional role, and size of organization that employs the
respondent. Careful consideration is important on the demographic based questions for both
ethical grounds and security grounds. Cybersecurity professionals have rarely gained permission
to share any information that may identify weaknesses within their organization (Wilson &
Wilson, 2011). The second section of the first web-based survey included general questions
about risk assessments, Cloud security, and SMEs. Sample web-based survey questions included
those similar to the following. How long have you worked in an IT risk-based field? Have you
created or used risk-based tools to assed your organization adopting Cloud computing? What are
some of the deficiencies you have witnessed in using risk assessments created for on-premises
computing environments? Analysis of the differences and similarities of these responses should
be the major driver in creating the questions based on the second-round web-based survey
(Mustonen-Ollila, Lehto, & Huhtinen, 2018). As researcher used the Delphi technique in this
research study, the second web-based survey asked the participants to assess the results of the
first web-based survey and create new subjects or concepts (Greyson, 2018). Continued analysis
of the answer took place with the second-round results and led to the creation of the third round
of questions (Mustonen-Ollila, Lehto, & Huhtinen, 2018).
63
Population and Sample
The population for this research study was the approximately three thousand strong
current membership of the greater Washington D.C. chapter of ISACA. ISACA is a nonprofit
global association that authors COBIT, a framework for IT governance, and certifications for
audit, governance, and risk professionals (da Silva & Manotti, 2016). A paid membership in
ISACA is a strong indicator that the subject is interested enough in a risk assessment related field
to spend approximately $200 a year to be a member. Membership in an ISACA chapter by itself
is an indicator that the member is not only a risk professional but an expert in the field (Lew,
2015). The sample used in this research study was self-selecting based on members of the D.C.
area chapter of ISACA that respond to the advertisement of this research study. The board of
directors for the local chapter gave permission to place a short article advertising this research
study on the main page of the chapter’s website and granted informal site permission.
The estimated number of members that could have responded to the study ranged from
approximately one hundred replies based on the local chapter’s board of directors estimates to
approximately twenty members based on research on web-based survey tools (Bickart &
Schmittlein, 1999; Brüggen & Dholakia, 2010). There are indications from previous Delphi
studies that much lower numbers such as ten to twenty respondents can be effective in reaching
saturation (Gill, Leslie, Grech, & Latour, 2013; Ogden, Culp, Villamaria, & Ball, 2016). A
response rate of less than one per cent of the local ISACA chapter satisfied a twenty to thirty
subject count. If the response rate was less than one per cent, there is a potential to include other
ISACA chapters or LinkedIn groups in the population to increase respondent counts.
64
Materials and Instrumentation
The main instrument for this research study was an online or web-based survey
instrument with three rounds. The responses to each round played a major role in the creation of
the next round of questions through the review and analysis of the responses process (Mustonen-
Ollila, Lehto, & Huhtinen, 2018). The first round of questions included general demographic
questions and open-ended multiple-choice questions that directly tie back to the research study
questions. The structure of the survey was such that respondents answer questions from the
general IT risk domain and then progress to the specific Cloud risk field. While the survey
questions were new, the questions only used standard terms and paradigms in the IT risk
framework. As part of the case study-based review and analysis process, the first round of
questions was the basis for the researcher to inductively generate the next round of questions and
the discovery of a theory that describes how SMEs can secure Cloud computing environments.
Appendix A includes sample survey questions in a spreadsheet.
The researcher created the survey using the software SurveyMonkey (SurveyMonkey,
2018). SurveyMonkey is a comprehensive solution with sample validated questions and
instructions for creating effective survey questions, however, the questions for this research
study were new to this research study. This research study included the definition of standard
industry terms as part of the survey questions. No questions used non-standard industry terms.
ISACA’s COBIT 5, a framework for the governance and management of enterprise IT provided
any definitions of standard terms needed (da Silva Antonio & Manotti, 2016). It is reasonable to
expect risk subject matter experts to either be familiar with COBIT 5 terms or be able to
reference them as needed.
65
The researcher used standard and recommended design elements such as the use of a
five-point Likert scale, free form text boxes and checkboxes. The collection of this type of
quantitative data allowed the researcher to discover where there is a consensus of ideas and
provide an opportunity to hone in on a unifying theory and validated risk instrument (O’Malley
& Capper, 2015). Future researchers will be able to change the text of any question while
remaining in standard design formats such as Likert scales. The survey questions did not follow a
particular framework such as Technology Organization Environment theory (TOE) but instead
the focus of the questions was on fact finding and straightforward response generation.
The result of this research study includes a validated risk instrument that is freely
available and usable by the general SME community. The participants of the web-based survey
and other members of the local ISACA chapter may help validate the risk instrument at some
future point. Publication of the finished risk instrument product will take place on the web page
of the local ISACA chapter and comments requested. As the risk instrument should be usable by
SME staff that may not be expert risk professionals, there may be a need for validation of the
finished risk instrument by outside review groups as the local ISACA chapter members may
have a bias towards validating the Cloud risk instrument because they contributed to its creation.
The use of the appropriate SME LinkedIn groups should provide the necessary sample on non-
risk experts if needed.
Study Procedures
A short article including a link to a web survey hosted on the SurveyMonkey site
appeared on the front page of the Greater Washington D.C. ISACA chapter. Review and analysis
of all responses to the survey that answer the majority of the questions took place. Once
analyzed, incorporation of the first-round responses into the study took place and the potential
66
respondents received a second link based on the SurveyMonkey website. A similar review and
analysis procedure took place for all responses to the second-round survey that answer the
majority of the questions. Once analyzed, incorporation of the second-round responses into the
study followed and the potential respondents received a third link based on the SurveyMonkey
website.
Once the researcher performed a case study-based review and analysis of the survey
results, the researcher identified a consensus on what is working, and creation of a risk
instrument that is usable by SMEs was the next step. The risk instrument consists of a web-based
SurveyMonkey survey. The finished risk instrument has the same simple branching question
format as the one used by this research study. The risk instrument has distinct sections of
demographic, IT related, and CSP related questions. The risk instrument IT and CSP questions
are adaptive based on the demographic responses. If the risk instrument user indicates that their
organization is a particular size in a particular industry, the following questions for the
organization’s IT staff changes. The same is true for following questions for a potential CSP. For
example, if the risk instrument user indicates that they are a small enterprise in the health care
industry, the risk instrument branch to a set of questions for potential CSPs that ask pertinent
questions for such an organization.
Review of the finished risk instrument by the risk experts in the local ISACA chapter and
non-risk expert SME employees as discussed previously may take place based on voluntary
participation. A successful validated risk instrument must be usable by non-risk experts. The
projected audience of the risk instrument includes SME IT teams and SME accounting
departments. Many SMEs have no dedicated cybersecurity personnel and rely on general IT staff
for all related IT and cybersecurity functions (Wang & He, 2014). SMEs commonly do not have
67
dedicated risk or audit teams and rely on members of the accounting team to evaluate financial
costs and risks for new expenditures such as adopting Cloud computing (Assante, Castro,
Hamburg, & Martin, 2016; Gritzalis, Iseppi, Mylonas, & Stavrou, 2018; Hasheela, Smolander, &
Mufeti, 2016). Evaluation of the final risk instrument by a representative group of SME IT and
accounting staff is a primary step for validation. The intent of the validated risk instrument is to
allow non-Cloud expert SME staff to ask and answer the appropriate questions for their
organization. The risk instrument will also help SMEs decide the appropriate control sets to use
for their organization. While approval and use of the risk instrument by subject matter experts
and general business users is no substitute for academic testing and validation, acceptance by the
IT risk assessment community will be a useful data point for future academic research.
Data Collection and Analysis
The researcher used commonly accepted case study techniques and processes to analyze
the data gathered from the subjects of the local ISACA chapter. Although the collection of the
information takes place via web-based surveys, the subjects were able to respond to many of the
questions in a free form text manner that emulates responding to interview questions. This
allowed the subjects to respond in as much detail as they wish and were allowed to by their
organizations (Mustonen-Ollila, Lehto, & Huhtinen, 2018). Although there were few respondent
comments, the use of a memoing technique after return of the responses took place along with
electronic recordation and formatting for long term storage of all subject answers. Common field
interview drawbacks such as logistics were not be a factor in this research study. Creswell’s data
analysis spiral is a visual representation of how this research study processed and analyzed the
data collected from the web-based surveys (Creswell, 2007).
68
Figure 1. Creswell data analysis spiral. This figure visualizes the data analysis process.
(Creswell, 2007).
After collection of the first round of survey responses, the researcher created preliminary
categories (Ogden, Culp, Villamaria, & Ball, 2016). The researcher repeated this process after
each succeeding round, including deciding which category shows the most consensus among
respondents either for what works or what has failed in the Cloud security risk assessment
process (Parekh, DeLatte, Herman, Oliva, Phatak, Scheponik, Sherman, 2018). Based on the
appropriateness or usefulness of the central category, alteration of the succeeding round of
questions took place to produce a new central theme. For example; if a particular security
concern or the use of a specific technique emerges from the first round of questions, then the
second round of questions would have focused on that security concern. The new and focused
categories would have included which part of the risk field the respondent is most experienced in
and other demographic categories (Ogden, Culp, Villamaria, & Ball, 2016). The categories also
include on which type of risk assessments or analyses the subject has based their response. For
example, respondents that have vast experience in compliance-based audits will focus on
different aspects of Cloud computing environment risks than a respondent that commonly uses a
tool such as the Center for Internet Security (CIS) benchmarks as the basis for their assessments
69
(Center for Internet Security, 2018). After completing review and analysis of the second round of
responses, the researcher conducted a final phase of review and analysis (Ogden, Culp,
Villamaria, & Ball, 2016). As one of the end goals of this research was to develop a validated
risk instrument for SMEs, the entire process was focused on the end goal of presenting a useful
tool for SMEs.
Once the review and analysis process ended, the next step was to create a simple risk
instrument from the results. The risk instrument starts with demographic questions to branch into
the questions for the organization’s IT staff and potential CSPs. The business decision makers
and risk assessors of SMEs now have a simple tool to ask the correct questions of their IT staff
and potential CSPs based on the results of this research study. The first part of the research study
generated a new thesis and the second part packages that thesis and knowledge into a useful tool
for SMEs. The validated risk instrument allows SMEs to properly evaluate Cloud computing
adoption risk by showing the SMEs which questions they need to have answered. As discussed
previously, the risk instrument will help the SMEs identify what they need to know from their IT
teams and potential CSPs.
Assumptions
Research methodological assumptions are particularly important in qualitative case
study-based research and perhaps more so for case study research using a Delphi panel (Parekh,
DeLatte, Herman, Oliva, Phatak, Scheponik, Sherman, 2018; Wiesche, Jurisch, Yetton, &
Krcmar, 2017). The researcher is developing new theses from case study data collection and
assumptions play a large part in the results of the research study. During the review and analysis
of data in this research study, one may embrace different realities or ontological viewpoints
(Parekh, DeLatte, Herman, Oliva, Phatak, Scheponik, Sherman, 2018). One goal of the
70
researcher for this research study was to find a solution and create a validated risk instrument, so
the researcher took care to make sure that the data supports any reality or paradigm discovery
from the data review and analysis process. It was tempting for the researcher to base acceptance
of a paradigm with a solution rather than a paradigm the truly fits the results of the data coding.
The researcher was open to the possibility that there is no current solution to assessing Cloud
security risks for SMEs. The research properly done, led to the methodological assumptions
being paramount. The design of the review and analysis process of this qualitative case study-
based research study was to start with discrete facts and to weave them into an overarching
theory that explains the connections between the details (Glasser, 2016). Each succeeding round
of the Delphi technique elucidated additional results that inductively got closer to a true solution
and a workable validated risk assessment instrument.
Epistemological assumptions of this research paper focus on alternative ways in which to
gain subjective knowledge from the participants of the web-based survey (Guba & Lincoln,
2008). The cybersecurity field is a very difficult one in which to practice field research and to get
close to subjects (Lalev, 2017; Ring, 2015). This research study attempted to ameliorate the
negative results of a lack of subjective closeness between the researcher and the subjects through
the use of a Delphi technique (Johnson, 2009). On the positive side, being that all contact
between the researcher and the subject population was through responses to a web-based survey,
the researcher assumed that it took less effort to increase the distance between the researcher and
the subjects. (Parekh, DeLatte, Herman, Oliva, Phatak, Scheponik, Sherman, 2018).
Axiological research assumptions include the biases, predilections, and beliefs of the
researcher (Denzin, 2001). Axiological research assumptions for this research study include the
researcher’s industry and practical experience as a multi-decade long member of a cybersecurity
71
team. When discussing whether a Cloud computing environment is secure, the default and
immediate reaction of a cybersecurity team member is “No” (Aljawarneh, Alawneh, & Jaradat,
2016; Kholidy, Erradi, Abdelwahed, & Baiardi, 2016; Lai, & Leu, 2015). As the researcher has
the assumptions and biases of a cybersecurity team member, data coding was more rigorous and
exhaustive than it might be if the researcher had a different background. The researcher
anticipates that there is a need to take care to avoid rejecting paradigms that successfully explain
the coded data because they provide a way to make Cloud computing secure.
Limitations
General limitations include funding, time, and access to the subject population. This
research study does not require funding as the expected costs include only a temporary paid
SurveyMonkey account. Limitations to this study did not include time pressures. Although the
limited time period for completing the research phase of this study, the design of this research
study led to completion in a timely manner primarily through the use of easily and quickly
accessed web-based surveys. Access to the subject population was the greatest possible
limitation to this research study. The researcher has spent several years volunteering, teaching,
and working with the board of the local ISACA chapter. The researcher has already obtained site
permission to reach the members of the local ISACA chapter and is continuing to build bonds
with the local ISACA chapter governing bodies.
Cybersecurity professionals do not have permission to share detailed information
regarding what their organizations do to combat threats (Beauchamp, 2015; Lalev, 2017; Ring,
2015). This study attempts to mitigate this limitation by using a Delphi technique with web-
based survey questions that do not require disclosure of specific identifiable information.
Another potential limitation is the risk of subject drop-outs on later rounds of the Delphi
72
technique (Ogden, Culp, Villamaria, & Ball, 2016). Starting with a large number of participants
should ameliorate this risk. If the number of first round respondents is too low, additional steps
such as using LinkedIn groups to increase the number of subjects may take place. The design of
this research study as a qualitative case study-based research study is a potential limitation and
perhaps also a delimitation. Instead of statistically verifiable experimental results, this research
study depends on the inductive reasoning process of the researcher as he reviews and analyzes
the responses (Guba & Lincoln, 2008). While the researcher is an experienced industry
practitioner, the researcher is not yet an experienced expert academic researcher. With the help
of this research study’s dissertation committee, the researcher expects to reach the required level
of academic expertise.
Delimitations
A major delimitation of this research study was the choice of participants (Gomes et al.,
2018). The population for this research study was only those subscribing members of a local
ISACA chapter. This selection criteria was central to the design of this research study and the
research questions. A qualitative case study-based theory research project using a Delphi
technique needs experts (Strasser, 2017). The use of experts implies a limited population.
Additional rounds of a Delphi technique supply additional data needed to complete the review
and analysis process (Strasser, 2017). The design of the problem statement and purpose
statement presumes answers by experts. The problem stated in this research study is a narrow
and specific one that a random sample of any particular population cannot answer. The
researcher has designed answerable research questions for a group of experts with the
aforementioned constraint that they not share specific data on their organization’s cybersecurity
activities including risk assessments of Cloud computing environments.
73
The research decision to investigate solutions to SME risk assessments of Cloud
computing environments had direct ties to the availability of a large subject matter expert sample
of risk professionals that are members of a local ISACA chapter. The researcher has spent
several years working with these experts and the opportunity to collect data from such an expert
group was too great to pass up on. Once the researcher made the decision to use the risk subject
matter experts belonging to the local ISACA chapter, a Delphi technique seems obvious. The use
of a Delphi technique to answer the research questions lead to the selection of a qualitative case
study-based theory approach. Multiple levels of coding enhanced the power of a large group of
experts focused on the research questions of this study (Trevelyan & Robinson, 2015).
Ethical Assurances
The researcher received approval from Northcentral University’s Institutional Review
Board (IRB) prior to data collection. The risk to participants was minimal. No collection of
personally identifiable information (PII) took place. The researcher assumed that access to and
participation on the local ISACA chapter website is proof of expertise. The limited demographic
data collected is not able to identify participants. The intent was to design the web-based survey
questions as generic enough that a bad actor cannot identify respondents’ organizations. For
example, questions relating to the industry or size of a respondent’s organization offers responses
in broad categories and not specific numbers. Only sharing of the data from the responses in
aggregate numbers will take place.
The storage of data from the study including all rounds of the Delphi technique using a
web-based survey instrument follow the Northcentral University’s requirements. Compression
and encryption of the data will take place. The researcher will then upload the data to a free
Gmail account. Storage of the encryption key will be in a LastPass password manager account.
74
Magnification of the researcher’s role in this research study can happen by the qualitative
multiple case study-based theory framework. The researcher reviewed and analyzed data from
multiple sources during three phases and personal and professional biases could have easily
influenced the theory discovery process based on the researcher’s view of the data. Personal
biases are a lesser concern for this research study as collection of the data uses a web-based
survey instrument. There was no personal interaction with the subject population. The research
study did not collect demographic data regarding race, sex, nationality, or any other factor that
could play into personal bias by the researcher.
Professional experience bias is a greater concern. As the researcher has spent decades on
cybersecurity teams, the concept that one can never fully secure data stored on someone else’s
computer is a truism. The long professional career of the researcher has also deeply ingrained the
idea of rapid change in IT. The researcher understands that Cloud computing adoption is rampant
and increasing at a rapid rate (Bayramusta & Nasir, (2016). The tone of this research study is
deeply optimistic. The goal is to find a solution to SMEs’ adoption of Cloud computing securely.
While the researcher’s professional experience is likely to cause greater scrutiny on data coding
results that appear to offer solutions, that is a feature of good research
Summary
Professionals in SMEs need proven ways to evaluate risk in adopting loud computing
environments and this qualitative case study-based theory research study has produced a
validated risk instrument for that purpose. The research methodology and design of this study
included web-based survey instruments, and a Delphi technique. Review and analysis of the data
collected from the three rounds of web-based surveys used case study-based theory techniques
and the results formed the basis of a freely available Cloud computing risk assessment
75
instrument for SMEs. The rarely available subject population is the key to this research study and
the basis for all design and methodology decisions. The design of this research study intends to
yield maximum results from a large group of IT risk subject matter experts based on membership
in a local chapter of ISACA.
76
Chapter 4: Findings
The researcher’s purpose with this qualitative case study was to discover an underlying
framework for research in SME risk analysis for cloud computing and to create a validated
instrument that SMEs can use to start assessing their risk in cloud adoption. To determine if they
are ready to transition to cloud computing, SMEs need a process or validated instrument such as
a risk assessment (Bildosola, Rio-Belver, Cilleruelo, & Garechana, 2015; Carcary, Doherty, &
Conway, 2014; Hasheela, Smolander, & Mufeti, 2016). Current research does not show that
SMEs using a risk-based approach have reached a consensus on how to identify and address
cloud security risks. (Carcary, Doherty, Conway, & McLaughlin, 2014; Kumar, Samalia, &
Verma, 2017). In this chapter, the researcher describes the ways in which this research study
achieved trustworthiness of the data. Also, in this chapter, the researcher presents the results of
the research including how the researcher answered each of the four research questions.
Trustworthiness of the Data
The researcher confirmed the trustworthiness of the qualitative data gathered in this
research project by prolonged engagement, triangulation, transferability, dependability, and
confirmability. Prolonged engagement for this research study involved the researcher being a
member of the local chapter of ISACA (GWDC) for over five years and volunteering for over
one hundred hours of conference events hosted by the local chapter. The researcher worked hard
to build a close and effective volunteer relationship with the local chapter officers. This research
study was the first one supported by GWDC and the first that GWDC allowed to use the local
chapter email list and chapter events to promulgate the three web surveys. Prolonged
engagement with GWDC by the researcher led to the researcher gaining the trust of the subject
population of risk experts. Familiarity with the field of risk assessment and the expert
77
practitioners of risk assessments by the researcher helped to make sure the survey questions were
based on pertinent risk assessment practices. The research project was a three round Delphi panel
with anonymous participation. The survey questions were specific to the risk assessment field
and required expert knowledge of the field to answer coherently.
As the research was based on anonymous surveys, the primary type of triangulation was
that of data triangulation. The same group of respondents may have completed each survey or a
totally different group each time. The researcher designed each of the surveys to ask questions
related to each of the four research questions. The design of several questions in each of the three
surveys intended to elicit consistent responses to those asked in the other two surveys. For
example; survey one, question eleven that asks “What IT security control standards do you see
SMEs using?” and survey three, question thirteen asking “Once controls have been identified for
the SME’s Cloud environment, what effect do they have on existing SME IT controls?” were
purposely asked in separate surveys rather than one right after the other as a way to increase data
triangulation.
The use of three web surveys is a simple form of method triangulation. A GWDC
newsletter announced each survey, and the researcher used the SurveyMonkey web-based tool
for each survey so the method triangulation was weak but each survey presented questions
differently than the other surveys. For example; survey one used two questions for each major
point, such as question ten “For SMEs that are planning to adopt Cloud computing, do you see
SMEs using IT security control standards?” and question eleven “What IT security control
standards do you see SMEs using” would be one question in survey two or three. Survey two had
questions that directly referenced the results of survey one such as question ten “100% of
respondents to survey 1 have seen recommendations to outsource the transition to a Cloud
78
environment. Which portions of a transition to a Cloud environment have you seen
recommended to be outsourced?” There was only one researcher so investigator triangulation
was not possible. During the coding portion of the data analysis the researcher used a simple
form of theory triangulation when grouping results of the survey questions under each research
question.
There are limits to the transferability of the data due to the very specific field that the
questions focused on. Within the field of Cloud computing risk assessments, however, the
transferability of the data is very strong due to the consistent format of the surveys as web based
with questions predominately presented as multiple choice. The researcher does not need to
provide thick description where the researcher “provides a robust and detailed account of their
experiences during data collection” (Statistics Solutions, 2019) for this research project as the
data is three series of questions with multiple choice answers. The use of a Delphi technique
specifically reduces the subject population to subject matter experts in a particular topic (Choi &
Lee, 2015; El-Gazzar, Hustad, & Olsen, 2016; Johnson, 2009). By reducing the participants to
risk subject matter experts, the researcher greatly lessened most of the concerns about
transferability due to broader social or cultural concerns regarding data collection or participants’
biases. Further reducing the subject population to those experts that are members of a local
geographical based chapter of an international risk professional association helps to reduce
potential cultural biases when answering the survey questions. Risk assessments are fact finding
exercises and risk assessment results are statements of success and failure (He, Devine, &
Zhuang, 2018). Risk assessments and audits avoid emotional or culturally based descriptors or
modifiers. (King et al, 2018).
79
The researcher can state many of the results of this research project in simple declarative
statements such as “100% of risk experts surveyed found that SMEs have gotten
recommendations to transit to Cloud computing operations”. While the interpretation of how
various questions within each of the three surveys relate to each other may change when viewed
by other researchers, the basic information gained by surveying D.C. area risk subject matter
experts on specific Cloud computing risk assessment topics is clear and transferable with high
fidelity to the original results. One can never completely eliminate bias on the part of the
researcher or participants but the use of multiple-choice questions based solely on a fact-based
profession that requires declarative statements as the work product goes a long way to reducing
any potential bias (de Bruin, McCambridge, & Prins, 2015).
The researcher’s design of this research study is that of a qualitative case study approach
with a Delphi technique. A qualitative approach using a case study methodology is the best
solution for dependability when trying to elucidate data from cybersecurity professionals
regarding potentially confidential processes. A problem solved by using a qualitative case study
approach is that the subject population of risk-based Cloud computing research experts were able
to respond with qualitative data but not quantitative numbers to avoid compromising their
organization’s security (Glaser, 2014). Using a three-round survey with multiple choice
questions allows cybersecurity professionals to answer questions regarding Cloud transition risk.
This improves the dependability as future researchers can ask the same questions without
concern that respondents will not be able to answer.
The researcher’s use of a Delphi technique, in the case of this research study, improves
the dependability of the data gathered in this research study. Limiting the subject population to
experts in the risk field reduces the variability of potential subjects for both good and bad (Lu,
80
2018). In the case of dependability, reduced variability makes the research study easier to
replicate if one uses the same strictures on respondents. The use of a Delphi technique allowed
the researcher to pose specific questions about a very narrow field. The more specific the
questions, the more easily a future researcher can replicate the study. The use of multiple-choice
answers also increases the ease in which a future researcher may be able to replicate this study. If
the future researcher wants to add new choices based on recent technology or a different research
focus, they will be able to just add more choices to existing questions. While there is always the
chance that questions reworded to add or remove bias may gather different answers in a future
research study, short simple answer choices remove some of that problem (Bard & Weinstein,
2017).
The dependability of the data from this research study is very strong aside from one
hurdle. If a future researcher gains access to GWDC, then the researcher could simply replicate
the study completely by posting the same three surveys. Based on the local chapter’s board with
this research project, they have verbally agreed to similar efforts in the future. The international
chapter of ISACA is pushing to have greater student involvement and research projects such as
this would help further that goal. Future researchers attempting to replicate this research study
would most likely find approval from the local chapter board if the researcher was a member of
the chapter and a student. If a future researcher wished to replicate this study without being a
member of the local chapter, they would need to increase efforts to reach risk experts. The future
researcher would also have to devise a way to make sure that the respondents were actual risk
experts. One of the benefits of limiting the population to members of the local ISACA chapter is
that it is reasonable to conclude that only risk professionals would agree that paying international
81
and local dues in the current amount of one hundred and sixty-five dollars a year to ISACA is
worth doing.
The researcher used a straightforward approach to address the confirmability of the data
(Korstjens & Moser, 2018). This research study is based on a Delphi technique and surveys risk
experts using multiple choice questions. The data received from the surveys is clear and easily
summarized by each question in simple to read tables. Presentation of pertinent tables takes place
when discussing the research questions. Suspected bias in answering multiple choice questions
can be determined by looking at the survey results broken down by respondents. After looking at
results grouped by respondents, the researcher discovered no such bias and readers can find the
results by respondent in the Appendix. Readers may check for bias by the researcher in this
project by reading the multiple-choice questions and potential answers. The field of research is
very narrow and focused on risk assessments related to a SME transitioning to a Cloud
computing environment. The use of loaded terms with emotional overtones is not apparent in the
questions or the answer choices. The researcher took care to change the question style between
surveys to eliminate unconscious attempts to lead respondents to a particular answer. For
example; survey one generally asked two questions for each area of focus. Survey one, question
eighteen “Do you see SMEs adopting Cloud security controls?” and question nineteen “What
Cloud security controls do you see SMEs adopting?” are an example of this. Some of survey two
questions had multiple sentences in the question and did state assumptions in the question but the
assumptions did not include emotional or bias elements. For example; Survey two, question 7
“Most SMEs have Cloud operations in progress. Which scenarios have you seen and which have
you seen audited by SMEs?” states the assumption that most SMEs have current Cloud
operations.
82
Results
With this research study, the researcher used a Delphi technique with three rounds of
surveys to ask risk assessment experts questions about cloud computing adoption by SMEs and
the risk assessment process involved with the SME’s transition to the cloud. The presentation of
survey instrument questions follows the four research questions in the study. The researcher
gathered data for each of the four research questions and presents and organizes the results are by
research question in this chapter. The survey instrument questions had multiple choice answers.
Design of the questions differ in some ways to elicit accurate and consistent answers.
RQ1. What are the current frameworks being leveraged in Cloud specific risk
assessments? When answering survey questions related to this RQ, respondents described several
frameworks showing common use. RQ2. What are the primary categories of concern presently
being addressed in Cloud specific risk assessments? Respondents answered this RQ with
multiple concerns with one concern very prevalent. RQ3. What are the commonly used and
tailored security controls in Cloud specific risk assessments? Answering this RQ happened at a
high level with several control families predominant. RQ4. What are the commonly
recommended mitigations in Cloud specific risk assessments? Respondents also answered this
RQ with several mitigations currently in use. This chapter organizes survey instrument questions
and answers by research question.
The participants were anonymous. There was no requirement for participants to give their
names. The research process involved three web surveys hosted by SurveyMonkey. The survey
instrument did not track or record of the IP addresses of the respondents. GWDC shared the
surveys’ web links via the Washington D.C. chapter of ISACA (GWDC) weekly newsletter, the
GWDC website and at GWDC one day conferences. This had a purposeful effect of limiting the
83
population to members of ISACA in general and GWDC specifically. Participants did not have
to have a membership in GWDC but the limited dissemination of the web links worked to limit
the population to GWDC members for the most part.
Aside from probable membership in GWDC which assumes the subject population is
based in the D.C. geographic area, the demographic details of the respondents are not known in
great detail. To take part in each of the surveys the respondents had to say that they were
eighteen years or older and that they had at least five years of risk experience. The researcher
decided not to collect further demographic details of the respondents. The researcher determined
that it was sufficient for the respondents to give their expert opinion on Cloud computing risk.
Age other than adult, gender, or nationality do not impact the respondents’ replies to the
multiple-choice questions in the surveys.
The designs of the surveys included strong efforts to let respondents be as anonymous as
possible and to not require demographic detail due to the sensitive nature of the survey questions.
The survey questions are not personally sensitive to the respondents but the questions would be
sensitive if the question involved a specific SME. The professional cybersecurity population
rarely has permission to discuss their SME’s cybersecurity efforts in any detail due to SME
concerns about giving adversaries damaging information. Cybersecurity risk professionals face
the same constraints. The design of the surveys focused on making sure that there was no
possible identification of respondents or the SME that employs them from any possible
combination of the data gathered in this research study.
As the survey questions are predominately multiple choice, the coding process for this
research study is seemingly straightforward. Complex and complicated coding was not an
effective option when the survey respondents were truly anonymous but some themes still
84
emerged. The age, ethnicity, gender, or life experiences of the respondents to the three surveys in
this research study cannot be determined. Survey questions were very focused on a narrow field
of expertise and this research study does not require demographic details of the respondents. On
the other hand, as this research study uses a Delphi technique to survey a group of experts, even
small differences in results can lead to new themes discoveries.
Because the recruitment of respondents took place through a Washington D.C. chapter of
a professional risk association, government experience is likely for many of the respondents. One
can find confirmation of this government experience in some of the responses to certain survey
questions. For example; survey one, question eleven asked about IT security controls. The
responses look at least partially tilted to NIST security control standards that the U.S. federal
government uses. Response to survey one, question thirteen offers further confirmation of the
federal background of some of the respondents. The top three choices by respondents to survey
one, question thirteen are Federal government based. DoD, DISA, and FedRAMP Cloud security
baselines. The Federal government IT frameworks and Cloud security controls are based on a
compliance paradigm. To remove this potential Federal government bias, surveys two and three
questions avoided potential compliance-based questions for the most part.
An additional research question one related theme, is that current frameworks in use are
not as current as they might be. More respondents reported seeing existing frameworks and
guidelines in use that either are not Cloud focused or have creation dates well before Cloud
computing was predominant. Although respondents see SMEs accepting CSP attestations and
SLAs, they are not using the CSPs advanced security tools. Even SMEs, more nimble and more
easily able to change than large enterprises, do not keep up with the dramatic changes in Cloud
85
computing. This strongly relates to the predominant theme discovered by replies related to
research questions two and three.
The biggest theme, and the one that most of the coding process led to, is that SMEs do
not have Cloud capable staff. SMEs respond to research question two with a resounding
uniformity. Lack of properly trained IT staff is the major theme of research question two results.
SMEs’ lack of Cloud trained staff affects every research question in this study. By far, the
consensus of the risk experts surveyed is that SMEs need outside help with Cloud transitions.
When SMEs have the choice of either investing in their IT staff, or outsource or contract out
work involved in the SMEs Cloud transition, risk experts recommend outsourcing. In relation to
research question three, the risk experts recommend controls that rely on third parties.
Commonly recommended mitigations, research question four, also relied heavily on third-parties
or outsourcing.
Research question 1. What are the current frameworks being leveraged in Cloud
specific risk assessments?
Tables present pertinent survey questions and the respondents’ answers below for clarity.
The researcher designed several survey questions related to research question one to be
exploratory and level setting to make sure the subject population was the appropriate group to
answer the other survey questions. The purpose of some survey questions was to cross-check
previous survey questions. All survey question tables are in appendix B.
Survey one, question nine asked which IT related frameworks are SMEs adopting. This
question directly addresses research question one. Respondents reported three common IT
frameworks as commonly used by SMEs with COBIT, ITIL, and ISO/IEC 38500 each receiving
eleven of nineteen replies. The responses to this question helped direct the focus of surveys two
86
and three. The answers to this survey question help to identify a common theme of SMEs not
using current or best practice frameworks.
Table 1
Survey 1. Q9: What IT related frameworks (partially or completely) do you see SMEs adopting
Answer Choices Responses Count
COBIT (Control Objectives for Information and Related
Technologies)
61.11% 11
ITIL (formerly Information Technology Infrastructure Library) 61.11% 11
TOGAF (The Open Group Architecture Framework for enterprise
architecture)
27.78% 5
ISO/IEC 38500 (International Organization for
Standardization/International Electrotechnical Commission Standard
for Corporate Governance of Information Technology)
61.11% 11
COSO (Committee of Sponsoring Organizations of the Treadway
Commission)
38.89% 7
Other 16.67% 3
A large proportion of respondents to survey one have seen Cloud security configuration
baselines used by SMEs. Survey one respondents identified many Cloud security configuration
baselines in use by SMEs with no one baseline predominant. Respondents choose the federal
government-based Cloud security configuration baselines at a higher rate than normal for a more
general risk expert population. As the subjects were members of a D.C. based risk organization,
87
a bias towards government-based examples the researcher should have expected this result.
Identification of this minor theme occurred early in the coding process, and the design of surveys
two and three mitigated its effects.
Table 2
Survey 1, Q 13: What Cloud security configuration baselines have you seen used by SMEs?
Please select all that apply.
Answer Choices Responses Count
DoD Cloud Security requirements guides (Department of Defense) 62.5% 10
DISA/IASE Security requirements guide (Defense Information
Systems Agency Information Assurance Support Environment)
56.25% 9
CSA Cloud security guidance (Cloud Security Alliance) 31.25% 5
FedRAMP Cloud security baselines (Federal Risk and Authorization
Management Program)
68.75% 11
AWS SbD (Amazon Web Services Security by Design) 50% 8
CIS Cloud baselines (Center for Internet Security) 50% 8
Other 0% 0
A majority of survey two respondents do not see the use of current frameworks changed
as a result of Cloud transitions. This directly applies to research question one and is related to a
theme discovered in this research study. If Cloud specific risk assessments are not changing the
framework used by a SME, perhaps a Cloud environment does not need a new or tailored
framework. Most likely the theme of SMEs not using the best frameworks for a Cloud transition,
88
however, is directly related to the major theme of this research study; that SMEs do not have
properly trained Cloud personnel.
89
Table 3
Survey 3, Q14: Have you seen Cloud risk assessments change other previously completed SME
risk assessments in the ways listed below? Please select all that apply.
Answer Choices Responses Count
Previous risk assessments changed because of CSP location. 6.25% 1
Previous risk assessments changed because of new legal or
regulatory requirements based on Cloud usage.
37.50% 6
Previous risk assessments changed because of new financial
requirements based on Cloud usage.
6.25% 1
Previous risk assessments changed because of new insurance
requirements based on Cloud usage.
6.25% 1
Previous risk assessments changed because of new market
requirements based on Cloud usage.
0% 0
Previous risk assessments changed because of new operational
requirements based on Cloud usage.
37.5% 6
Previous risk assessments changed because of new strategic
requirements based on Cloud usage.
6.25% 1
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
90
As a refutation to the conclusion that Cloud specific risk assessments are not changing
the framework used by a SME the results of survey three, question fifteen show that Cloud
transitions are changing SME risk and audit teams. Most respondents to survey three see an
increased work load and rate of change for SME risk assessment teams. This is slightly
tangential to research question one, but does indicate that there is an increased use of
frameworks. In the coding process, the results of this survey question indicate that there may be a
valid counterpoint to assuming that current frameworks are not changing.
Table 4
Survey 3, Q15: Cloud transitions almost always promise cost saving and Cloud operations
usually require less effort than on-premise IT operations. Cloud transitions, however, increase
the risk and audit team’s responsibilities, knowledge, and skills requirements. How do you see
SMEs changing their risk and audit teams to adapt to Cloud environments? Please select all that
apply.
Answer Choices Responses Count
Increase size and budget of risk and audit teams. 41.18% 7
Reorganize or change structure of risk and audit teams 64.71% 11
Increase outsourcing or use of consultants to perform Cloud risk and
audit duties.
47.06% 8
Increase workload of existing risk and audit teams. 76.47% 13
91
Research question 2. What are the primary categories of concern presently being
addressed in Cloud specific risk assessments?
Every respondent to survey one saw non-technical areas of concern and IT (not security)
areas of concern for SMEs transitioning to the Cloud. Several survey questions directly
addressed research question two, including survey one, questions fourteen, fifteen, sixteen, and
seventeen. The two tables following, show the responses to questions fifteen and seventeen.
Every respondent to survey one saw non-technical areas of concern for SMEs transitioning to the
Cloud, with the majority of those concerns being privacy, business process, governance,
financial, or legal related. Respondents see more than one non-technical area of concern for
SMEs. Majorities of survey one respondents saw IT team knowledge and skills, IT audit results,
type of Cloud to use, network path to Cloud, backup and restore, and cost as primary categories
of concern in Cloud risk assessments. A plurality of respondents to survey one, question fifteen
and question seventeen selected every response except other.
Respondents to the second survey found a large number of non-IT related concerns for
SMEs when transitioning to the Cloud. While there was no one specific concern with a majority
of respondents, there were ten concerns with a third or more respondents selecting them. Survey
two, question thirteen added additional choices of concerns including business process and risk
assessment. Survey two, question thirteen also included choices specific to outsourcing the
concerns listed in survey one, questions fourteen through seventeen. These results reinforce the
major them of this research study. SMEs need more Cloud expertise and if it is not present in
existing staff, one solution is to use a competent third-party to help.
92
Table 5
Survey 1, Q15: What non-technical areas of concern do you see when SMEs are contemplating
Cloud adoption?
Answer Choices Responses Count
Governance 80% 16
Business Process 85% 17
Financial (non-technical) 70% 14
Privacy 85% 17
Legal 55% 11
Other 15% 3
Any additional comments (We want your expertise)? 15% 3
93
Table 6
Survey 1, Q17: What IT (non-security) areas of concern do you see for SMEs as they adopt
Cloud computing? Please select all areas of concern that you have seen.
Answer Choices Responses Count
Backup and Restore 60% 12
IT Audit Results 75% 15
Transition Process to Cloud 100% 20
Type of Cloud to use IaaS (Infrastructure as a Service), PaaS
(Platform as a service), SaaS (Software as a service)
70% 14
IT Team Knowledge and Skills 75% 15
Network Path to Cloud (redundant paths, multiple Internet service
providers)
65% 13
Cost 55% 11
Psychological Barriers/Concerns 50% 10
Other 0% 0
Other (please specify) 5% 1
Based on what SMEs pay attention to when starting the transition to the Cloud,
respondents to survey two report that a strong majority see the choice of a CSP and then the
choice of the type of Cloud infrastructure as primary concerns. SMEs make these choices before
the SME would normally conduct a risk assessment process. Researchers would need to conduct
94
further research before concluding that the SME risk assessment team was involved with
choosing a particular Cloud vendor or Cloud computing infrastructure. Almost half of survey
two respondents see choice of security controls and choice of Cloud security baselines as
primary concerns.
Table 7
Survey 2, Q8: When starting to plan a transition to a Cloud environment, what have you seen
SMEs start with before risk assessments or collections of requirements? Please select all that
apply.
Answer Choices Responses Count
Choice of CSP (Cloud service provider). 86.96% 20
Choice of infrastructure such as IaaS (Infrastructure as a Service),
PaaS (Platform as a Service), or SaaS (Software as a Service).
69.57% 16%
Choice of IT framework such as COBIT, ITIl, or ISO/IEC 38500. 30.43% 7%
Choice of security control standards such as NIST SP 800-53 or
CSF, HIPAA, or PCI-DSS.
47.83% 11
Choice of Cloud security baselines such as FedRAMP, CIS, or CSA. 47.83% 11
Automation tools such as DevOps or DevSecOps. 26.09% 6
Other 4.35% 1
The responses to survey three, question ten indicate that a lack of current SME IT staff
expertise is a major concern for SMEs in survey one. In survey two, the researcher asked
participants several questions in an attempt to identify the cause of a lack of staff expertise and
95
possible solutions. In response to survey two, question eleven a majority of respondents
identified multiple causes including IT staffs that are undersized, budget deficiencies,
governance and management issues, and SME business structure. Again, this points to the
predominant theme of this research; SMEs do not have enough Cloud expertise on staff.
In response to survey two, question twelve risk experts identified several solutions with a
preponderance of choices using third parties or outside consulting. If a SME is outsourcing its
operations and on-premises hardware to a CSP, it may make sense to include all facets of a
Cloud computing operation (Fahmideh & Beydoun, 2018). Outsourcing is certainly an option for
SMEs in other business operations (Al-Isma’ili, Li, Shen, & He, 2016; Baig, Freitag, Moll,
Navarro, Pueyo, Vlassov, 2015), outsourcing a Cloud transition may be the best way to address
Cloud specific risk concerns (Fahmideh & Beydoun, 2018). Survey two, question fifteen
attempted to correlate SMEs choices of CSP to help address research question two. The choice
of CSP could help inform primary categories of concern because CSPs offer different services,
security offerings and control choices.
Respondents to survey two, however, selected CSPs at a rate very similar to the general
publics’ usage of CSPs and Cloud offerings. No respondent picked a specialty CSP aside from
Oracle Cloud. Responses to survey two, question fifteen may be related to the lack of IT staff
training and knowledge shown in responses to survey two questions. Further study on this topic
may be fruitful. Respondents to survey three showed by their choices to answer question ten that
SMEs were making changes to address primary categories of concern identified in previous
survey questions even if the choice of CSP does not indicate a meaningful trend. Majorities of
respondents choose new IT controls, Cloud security guides, IT governance frameworks, and CSP
recommended practices as ways in which SMEs were addressing primary categories of concern.
96
A researcher can show that the responses to this correlate with previous questions that show
outsourcing as a primary tool to alleviate a lack of staff Cloud expertise but that is not a
conclusion drawn from this research.
Table 8
Survey 3, Q10: When assessing risk of Cloud environments, do you see SMEs changing their
process in the ways listed below? Please select all that apply.
Answer Choices Responses Count
Using CSP recommended practices 55.56% 10
Using any IT governance frameworks not previously used by the
SME.
61.11% 11
Using any IT controls not previously used by the SME. 77.78% 14
Using any Cloud security control guides not previously used by the
SME.
61.11% 11
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
Research question 3. What are the commonly used and tailored security controls in
Cloud specific risk assessments?
For the purpose of this research study the definition of Cloud security controls does not
have great specificity. Although security control catalogues abound, and include great detail in
every part of applying and using a particular security control, the goal of this research study is
not to pick individual controls. As a practical matter, asking survey respondents to go through
97
thousands of individual controls was not feasible. Asking respondents about control families is
the proper level of detail for this research study.
Almost all respondents to survey one have seen security controls used in Cloud risk
assessments and almost all respondents to survey one see SMEs adopting Cloud security
controls. These are similar questions with a difference in tense. The underlying requirement for
research question three is that SMEs are using security controls in Cloud computing
environments. A large majority of respondents to survey one selected all choices for IT security
controls by large majorities except for CIS top twenty controls with just over fifty per cent
selection and two control families; IEC 62443 and ENISA with less than sixteen per cent. Based
on the percentages of selection by respondents, SMEs are using many different security controls.
98
Table 9
Survey 1, Q11: What IT security control standards do you see SMEs using? Please select the
standards from the list below.
99
Answer Choices Responses Count
CIS (Center for Internet Security) top 20 controls 52.63% 10
NIST SP 800-53 (National Institute of Standard and Technology
Special Publication 800-53 Security and Privacy Controls for
Information Systems and Organizations)
84.21% 16
NIST Cybersecurity Framework (National Institute of Standard and
Technology)
84.21% 16
ISO/IEC 27001 (International Organization for
Standardization/International Electrotechnical Commission
Information Security Management Systems)
73.68% 14
IEC 62443 (International Electrotechnical Commission Industrial
Network and System Security)
5.26% 1
ENISA NCSS (European Union Agency for Network and
Information Security National Cyber Security Strategies)
15.79% 3
HIPAA (Health Insurance Portability and Accountability Act) 78.95% 15
PCI-DSS (Payment Card Industry Data Security Standard) 68.42% 13
GDPR (General Data Protection Regulation) 78.95% 15
Other 5.26% 1
Respondents to survey one selected all choices for Cloud security controls in question
nineteen. There is a clear split with newer control choices such as CASB or SecaaS under fifty
100
per cent, and older tools such as virtual firewalls and physical security devices receiving closer to
seventy per cent. This is a very interesting question for future research. As DevOps and
DevSecOps becomes more prevalent in IT, this balance may change (Betz & Goldenstern, 2017).
Cloud computing cannot realize its full power until SMEs start adopting Cloud specific tools and
paradigms. The use of DevOps and DevSecOps would help address the main theme of this
research. If SMEs adopted newer Cloud processes and procedures, SME IT staff would be able
to raise their Cloud expertise.
101
Table 10
Survey 1, Q 19: What Cloud security controls do you see SMEs adopting? Please select all
Cloud security controls that you have seen.
102
Answer Choices Responses Count
Data storage 68.42% 13
VMs (Virtual Machines) 57.89% 11
Micro services (Docker, Kubernetes, etc.) 31.58% 6
Networks 52.63% 10
Virtual security devices (for example; virtual Firewalls or Amazon
Web Services (AWS) security groups)
73.68% 14
Physical security devices (for example; a Hardware Security
Module (HSM))
57.89% 11
CASB (Cloud Access Security Broker) 21.05% 4
Encryption at rest 78.95% 15
Encryption in transit 89.47% 17
Encryption during compute (homomorphic encryption) 31.58% 6
Backup 52.63% 10
SecaaS (Security as a Service) 31.58% 6
SecSLA (Security Service Level Agreement) 15.79% 3
IAM (Identity and Access Management) 63.16% 12
MultiCloud 15.79% 3
Other 0% 0
103
Common across the three surveys, respondents agree with the idea that outsourcing or
using a third party for all or parts of a SME’s Cloud transition is a proper solution in many cases,
again supporting the major theme of this research. Outsourcing the entire Cloud transition is a
common way for SMEs to enact Cloud controls. Survey respondents also see recommendations
to outsource the planning of transferring data to the Cloud as a commonly used security step for
Cloud transitions. When looking at moving further down into the process of transitioning to a
Cloud computing environment, the pattern of outsourcing continues. For example; less than half
of the respondents have seen recommendations to have the SME IT team execute specific Cloud
security controls, Similar to the concept of DevOps and DevSecOps transforming Cloud
environments and Cloud security tools, a future research project may find outsourcing diminish
as SME IT teams become more conversant in DevOps and DevSecOps (Fahmideh & Beydoun,
2018). As outsourcing or the use of a third party is so prevalent, SMEs may not focus on
tailoring and using Cloud security tools.
104
Table 11
Survey 2, Q10: 100% of respondents to Survey 1 have seen recommendations to outsource the
transition to a Cloud environment. Which portions of a transition to a Cloud environment have
you seen recommended to be outsourced? Please select all that apply.
Answer Choices Responses Count
Entire transition including choice of CSP (Cloud Service
Provider), type of virtual environment, and transfer of data.
15.79% 3
Selecting CSP and type of infrastructure such as IaaS, PaaS, or
SaaS.
47.37% 9
Creating and executing data transfer plan to Cloud environment. 68.42% 13
Creating and executing security controls in Cloud environment. 42.11% 8
Managed or professional services including ongoing management
of SME data and IT operations.
73.68% 14
Managed security services including scheduled audits or
penetration testing.
42.11% 8
Other. 0% 0
Respondents to survey two, question sixteen show a similar pattern to survey two,
question six in that many SMEs are using Cloud tools but a smaller percentage are also auditing
the tools. Survey three, question seven respondents recognize new hazards that need controls by
a large margin for CSP environments. This raises the issue of how SMEs are using and tailoring
105
Cloud security controls again. If SMEs are not auditing or risk assessing Cloud tools and Cloud
environments, then SMEs are most likely not tailoring controls based on specific threats.
As shown by the replies to survey three, question eleven, SMEs see a shift in standard
risk practice when transitioning to the Cloud. Respondents see risk assigned to business owners
less than forty per cent of the time. Respondents see the SME security team assigned the risk
almost as often. This is a change from usual SME practice (Brender & Markov, 2013). Perhaps
this shift is a result of more outsourcing and use of third parties but only more research can
confirm this hypothesis. This may be a tangential theme to that of Cloud outsourcing or just an
indication of SMEs not truly understanding Cloud computing.
The responses to survey three, question twelve split evenly on accepting CSP based
controls. A strong plurality or respondents see SMEs using new IT governance controls and
Cloud security control guides. SMEs are using new security controls as they transition to a Cloud
environment but this research study results do not show that SMEs have reached the point where
SMEs are tailoring Cloud security controls for specific risks. Again, as SMEs adopt Cloud
specific paradigms and tools such as DevOps and DevSecOps, this may change.
A majority of survey three, question thirteen respondents see SMEs integrating new
Cloud security controls into existing control catalogues. Over a third of respondents are reporting
that SMEs are keeping Cloud controls separate. Perhaps the use of “tailoring” in research
question three seems imprecise or used too early in the general SME Cloud adoption process.
Some current research suggests that DevOps and DevSecOps, among other changes, may
revolutionize Cloud security control changes and allow continuous security control changes
(Betz & Goldenstern, 2017). Revisiting research question three in five to ten years may show
very interesting results.
106
Table 12
Survey 3, Q 13: Once controls have been identified for the SME’s environment, what effect do
they have on existing SME IT controls? Please select all that apply.
Answer Choices Responses Count
New Cloud controls are kept separate from existing control
catalogues.
35.29% 6
New Cloud controls are combined with existing controls to form
larger control catalogues.
64.71% 11
New Cloud controls promise to replace or reduce existing control
catalogues spurring increased Cloud transitions.
17.65% 3
New Cloud controls appear onerous and reduce Cloud transitions
due to increased difficulty.
5.88% 1
Other (Please describe) or any additional comments (We want
your expertise)?
5.88% 1
Research question 4. What are the commonly recommended mitigations in Cloud
specific risk assessments?
As shown by the responses to survey one questions, all respondents have seen
recommendations to outsource at least a portion of the SMEs transition to the Cloud. Survey one
respondents have not seen a risk assessment recommendation to avoid Cloud computing. A
majority of survey two respondents see SMEs receive recommendations to mitigate Cloud risk
107
by outsourcing the transition or planning the details of the data transition. A majority of survey
respondents have seen multiple recommendations such as accept CSP attestations, accept CSP
SLAs, and outsourcing of Cloud operations. These results reinforce the main theme of this
research. If SMEs do not have enough well-trained Cloud staff, the SME may make poor
decisions such as blindly accepting CSPs’ initial SLAs and attestations.
Survey two respondents did not converge on any particular mitigation to non-IT related
concerns for a Cloud transition with most respondents selecting several concerns. A majority of
respondents to survey three, question eight and nine see Cloud risk assessments changing SME
mitigation and risk avoidance procedures with changes in Cloud mitigation and risk strategies
and procedures predominant. There does not appear to be an actionable recommendation from
these two questions rather than devout more attention to GDPR. While one could argue that
perhaps a SME would not need to worry about the effects of GDPR on their business if the SME
did not adopt Cloud computing, this does not appear to be a Cloud specific mitigation.
If one considers accepting CSP attestations, SLAs, and guidelines as third-party
guidance, a preponderance of survey respondents report seeing recommendations to outsource at
least part of the SME’s Cloud transition. Responses to survey three, question six show that a
majority of respondents to survey three have accepted that contracting outside help is an
appropriate mitigation. Mitigating Cloud risk involves adding Cloud expertise to the SME or the
SME should consider outsourcing Cloud risk assessments. Again, an almost overwhelming
amount of coding done in this research study leads to the central theme of SMEs lacking
competent Cloud staff.
Discussions related to research question two and three detail some of the reasons for the
outsourcing or consulting recommendations. Only a small portion of respondents to survey two,
108
question ten have seen recommendations to outsource the entire Cloud transition process. A large
majority of respondents, however, have seen recommendations to use managed or professional
services including ongoing management of SME data and IT operations. A similar majority have
seen recommendations for outsourcing the creation and execution of a data transfer plan to the
SMEs Cloud environment. Close to half of the respondents have seen recommendations for
SMEs to outsource the selection of a CSP and type of infrastructure such as IaaS, PaaS, or SaaS.
Almost half responded affirmatively to the use of managed security services including scheduled
audits or penetration testing. Reinforcing the central theme of the research results, it seems clear
by the data collected in this research study that the most commonly recommended mitigation in
Cloud specific risk assessments is to outsource at least part of the transition to the Cloud process.
109
Table 13
Survey 2, Q10: 100% of respondents to Survey 1 have seen recommendations to outsource the
transition to a Cloud environment. Which portions of a transition to a Cloud environment have
you seen recommended to be outsourced? Please select all that apply.
Answer Choices Responses Count
Entire transition including choice of CSP (Cloud Service Provider),
type of virtual environment, and transfer of data.
15.79% 3
Selecting CSP and type of infrastructure such as IaaS, PaaS, or
SaaS.
47.37% 9
Creating and executing data transfer plan to Cloud environment. 68.42% 13
Creating and executing security controls in Cloud environment. 42.11% 8
Managed or professional services including ongoing management
of SME data and IT operations.
73.68% 14
Managed security services including scheduled audits or
penetration testing.
42.11% 8
Other. 0% 0
Evaluation of the Findings
The results of this research study both agree and extend current research in the field yet
disagree in some instances. SMEs understand what Cloud computing is and show a good
knowledge of what different types of Cloud services are available. As previous research has
110
found, SMEs are not well prepared for secure transitions to the Cloud (Lacity & Reynolds, 2013;
Mohabbattalab, von der Heidt, & Mohabbattalab, 2014). While previous research has done a
good job identifying security issues for SMEs adopting Cloud computing, most of the proposed
solutions are not currently in use by SMEs based on the respondents to this research study. This
study shows that SMEs are not yet using well prepared or defined plans to mitigate Cloud
computing risks.
Regarding research question one, this research shows no convergence in attempts by
SMEs to use large enterprise solutions such as recognized IT frameworks, Cloud security
baselines, or Cloud control guidelines or families. This research study confirms earlier research
indicating that SMEs have taken a piece meal approach to Cloud computing with most SMEs
using at least one Cloud service without necessarily conducting a risk assessment on that service
(Al-Isma’ili, Li, Shen, & He, 2016; Bassiliades, Symeonidis, Meditskos, Kontopoulos, Gouvas,
& Vlahavas, 2017; Famideh & Beydoun, 2018; Shkurti, & Muça, 2014). Based on this research,
SMEs are not doing a good job auditing or risk assessing new Cloud environments. A finding
from this research is that SMEs are more likely to outsource or use third parties to conduct Cloud
transitions than previous research has shown. This research study expands on current research by
showing that a lack of competent Cloud trained staff is the genesis of most of these behaviors.
Until SMEs have more in-house Cloud expertise, their use of Cloud related frameworks will be
lacking.
Regarding research question two, this research study agrees with earlier research that
shows SMEs have a variety of concerns with Cloud computing that are non-technical based
(Senarathna, Wilkin, Warren, Yeoh, & Salzman, 2018). This research shows a lack of SME staff
preparedness and training budget for transitioning to the Cloud is the primary concern for SMEs,
111
building upon earlier research that lists this as one of a number of concerns (Fahmideh &
Beydoun, 2018). Again, this study shows SMEs turning to outsourcing or third parties to solve
this issue. The results of this study show that SME risk teams are trying to adapt to Cloud
computing in a variety of ways but the risk teams see an increasing work load in almost all cases.
This research study is one of the first to report on how risk teams are changing due to
new Cloud computing environments. Results of this research show that SMEs and SME risk
teams are not keeping up with the new demands of Cloud computing and the required
mitigations. This study shows that aside from outsourcing or using third parties to perform parts
or all of the SME transition to the Cloud, SMEs are not showing proper oversight of their Cloud
environments. SMEs are accepting CSP attestations and SLAs in large percentages, something
they would not allow their risk teams to do with other vendors. This research extends previous
research that shows SMEs are not prepared for a transition to the Cloud with more insight on the
details (Kumar, Samalia, & Verma, 2017; Moyo & Loock, 2016; Vasiljeva, Shaikhulina, &
Kreslins, 2017). The primary theme of this research study’s data is the lack of well-trained SME
Cloud teams, this seems to include the risk and audit teams also.
Regarding research question three, this research study shows that SMEs are not using
best practice or Cloud specific security tools in any large margin. Most respondents are either
using old non-Cloud specific security control guidelines or using third parties to select and apply
controls. The central theme of a lack of well-trained Cloud IT staff presents itself in these results
too. Perhaps a Cloud feedback loop of SMEs using true Cloud tools and controls such as DevOps
or DevSecOps will produce skilled Cloud staff who will then use more Cloud specific tools and
controls.
112
Regarding research question four, this research study follows the central theme that SMEs lack
proper Cloud trained staff which affects the recommended mitigations from SME Cloud risk
assessments. Based on the lack of internal Cloud staff, a large majority of risk professional
respondents have seen mitigation recommendations to outsource part or all of a Cloud transition.
This includes using managed or professional services for data transfer plans, CSP selection,
infrastructure selection, ongoing management of SME data and IT operations, even the risk
assessments and audits themselves.
Summary
Data collection for this qualitative research study consisted of a three-round survey of
GWDC risk experts. This chapter has established the trustworthiness of the data including how
credibility, dependability, and confirmability. This chapter has described the reasons and
assumptions made that led to keeping participation in the survey instruments anonymous and
collecting very little demographic detail. This chapter has organized the results of the research
study by research question. The questions in the survey instruments were multiple choice and
presentation of the data in this chapter includes tables as appropriate. The use of a Delphi
technique based three round survey instrument has resulted in data that answers the four research
questions of this study.
The answer to research question one is that SMEs using insufficient or non-Cloud
focused frameworks when risk assessing Cloud computing. The answer question to research
question two is that the primary concern for SMEs in Cloud specific risk assessments is the lack
of qualified SME Cloud and Cloud security teams. The answer question to research question
three is that SMEs commonly use a wide range of security controls and SMEs have not
converged on a particular process or set of controls to secure Cloud computing environments.
113
The answer question to research question four is that SMEs do not yet have a common set of
recommended mitigations for SME Cloud computing risk assessments. SMEs are still relying on
CSPs and existing frameworks, security guides and control families for mitigation
recommendations. SMEs are not at the point where the SME risk team can produce specific clear
and effective mitigation steps.
An additional result of this research study is a validated survey instrument that SMEs can
use to gauge their risk and needed next steps in the SMEs transition to the Cloud. The instrument
will be a freely available survey on SurveyMonkey. The page logic of the survey will help guide
SMEs to consider the answers to this research studies questions and how the SME can move
forward securely. While the survey instrument will not replace a full-fledged risk assessment, the
survey instrument will help guide SMEs to making more informed decisions at the start of the
SMEs’ Cloud transition. The survey questions and link to the survey are in the Appendix E.
114
Chapter 5: Implications, Recommendations, and Conclusions
The researcher used this qualitative cased study based research project to address the
problem that there is no commonly understood and adopted best practice standard for small to
medium sized enterprises (SMEs) on how to specifically assess security risks relating to the
Cloud (Coppolino, D’Antonio, Mazzeo, & Romano, 2016; El Makkaoui, Ezzati, Beni-Hssane, &
Motamed, 2016; Raza, Rashid, & Awan, 2017). Research in IT fields has a hard time keeping up
with real world applications due to the high rate of change in the industry. This issue increases
almost exponentially when one focuses on Cloud computing security. Many research studies
have taken the first step and identified risk-based organizational concerns with Cloud computing
security, and a few authors have proposed novel solutions. Evidence of what organizations are
doing to satisfy their risk requirements in Cloud computing adoption is not clear.
The purpose of this qualitative case study-based research study was to discover an
underlying framework for research in SME risk analysis for Cloud computing and to create a
validated instrument that SMEs can use to assess their risk in Cloud adoption. Unlike SMEs, the
vast majority of medium to large enterprises use risk assessments before adopting new
computing environments (Cayirci, Garaga, Santana de Oliveira, & Roudier, 2016; Jouini &
Rabai, 2016). SMEs need a process or validated instrument such as a risk assessment to
determine if they should move to the Cloud (Bildosola, Rio-Belver, Cilleruelo, & Garechana,
2015; Carcary, Doherty, & Conway, 2014; Hasheela, Smolander, & Mufeti, 2016). Research
shows that SMEs using a risk-based approach have not reached a consensus on how to identify
and address Cloud security risks (Carcary, Doherty, Conway, & McLaughlin, 2014; Kumar,
Samalia, & Verma, 2017). The creation of a new framework for academic treatment of SME
115
Cloud computing risk, and the creation of a validated instrument that SMEs can use to assess
their risk in Cloud adoption were the reasons for this research study.
A qualitative approach using a case study methodology was the best solution as the
theory relating to a successful Cloud computing risk assessment does not yet exist. A problem
avoided by using a qualitative case study approach is that the subject population of risk-based
Cloud computing research experts were able to respond with qualitative data but not quantitative
numbers to avoid compromising their organization’s security (Glaser, 2014). Making sure to
limit the subject population to subject matter experts allowed the researcher to create very
specific survey instruments. This helped eliminate potential areas of bias or confusion for
participants. Even though the audience for this research study commonly works in quantitative
ways, the audience will find value in qualitative case study research on this topic (Liu, Chan, &
Ran, 2016).
A survey with a Delphi technique of industry experts was an effective way to both
resolving those concerns of SMEs adopting Cloud computing and was a good step to increasing
the knowledge in the academic field of Cloud security. The RAND Corporation created the
Delphi technique to facilitate the collation and distillation of expert opinions in a field (Hsu &
Sanford, 2007). The Delphi technique seems well designed for the Internet with current
researchers using “eDelphi” based web surveys (Gill, Leslie, Grech, & Latour, 2013). Although
Cloud security is a very new field, some illustrative research is evident in the field using Delphi
techniques (Choi & Lee, 2015; El-Gazzar, Hustad, & Olsen, 2016; Liu, Chan, & Ran, 2016).
These studies use the Delphi technique in different manners, but similar to this proposed research
study, all rely on electronic communications with groups of experts.
116
The guiding framework of this research study was that the risk assessment process for
Cloud computing environments is fundamentally different for SMEs than large enterprises and
the primary data collection instrument is a web survey of risk experts with a Delphi technique.
The population for this research study has constraints on security information that they can share.
A qualitative case study-based theory approach was an effective way for the researcher to gather
the data needed to propose a unifying theory for SME Cloud computing risk assessment. As the
state of research in SME risk assessment tools and procedures is still in the nascent stages, case
study-based theory is the correct framework to advance the field and to create a validated
instrument for SME Cloud computing risk assessments.
The design of this research study evolved from the need to find out what was actually
happening in Cybersecurity Cloud risk assessments, a very specialized and secretive field. A
qualitative case study approach using a Delphi instrument was the research design chosen for this
research study. The researcher created a web-based survey with three rounds composed primarily
of multiple-choice questions to work around the strictures normally placed on cybersecurity
professionals. The researcher choose a very focused and small population of cybersecurity risk
experts in the Washington D.C. area. The researcher asked subjects to participate in three web-
based surveys over a period of five months. The researcher posted links to the surveys on the
GWDC web site and promulgated through GWDC emails and conferences.
The three rounds of responses from cybersecurity risk experts provided the researcher
with answers to the research questions posed by this study. The researcher was able to identify
current frameworks being leveraged in Cloud computing risk assessments. The researcher has
determined the primary areas of concern for SMEs as they transition to the Cloud. The researcher
has generally identified the commonly used security controls recommended in Cloud computing
117
risk assessments. The researcher has brought to light mitigations that risk professionals associate
with a SME transition to Cloud computing.
Limitations of this research study are based on the secrecy of information in the
cybersecurity field and the limited subject population that can provide useful information.
Organizations do not share security data including defense designs, breaches, and policies and
procedures. Potential survey questions for this research had to balance the need for pertinent
information and the limited ability of respondents to share specific information. The subject
population for this research question was a very small subset of IT professionals and the
researcher needed to do a large amount of preliminary work to gain access to an appropriately
sized group of respondents.
In this chapter, the researcher reiterates the problem statement, purpose statement,
methodology, design, results, and limitations. The researcher continues with the implications
from the results of this research study organized around the research questions. Following the
discussion of implications, the researcher presents recommendations for practice and future
research. The last section of this chapter is a conclusion.
Implications
The implications derived from this research study are best discussed by research
questions. The researcher focused research question one on the current state of Cloud computing
risk assessments and what frameworks SMEs are currently using. Based on the response to the
survey questions, predominately survey two questions, the current state of Cloud risk
assessments has not kept up with the changes in business and IT brought on by Cloud
computing. This is consistent with most Cloud transition research (Madria, 2016; Shackleford,
2016). Almost uniformly, SMEs are using Cloud computing without preforming complete risk
118
assessments on the Cloud tools and offerings as indicated by survey two, questions seven and ten
results. Previous research has not focused on this issue. Response to survey one, questions eight
and nine indicate that some SMEs are using large enterprise frameworks such as COBIT and
ITIL but SMEs are not showing a consensus on choice of frameworks based on survey. One
could infer this from current research but not definitely state it (Barton, Tejay, Lane, & Terrell,
2016; Tisdale, 2016; Vijayakumar & Arun, 2017). Government based Cloud security
configurations are being adopted more frequently than public sector ones, showing that if a SME
is compliance based, they are more likely to follow predetermined policies and procedures for
Cloud computing transition as per survey one, questions twelve and thirteen. This research study,
specifically survey two, question ten and survey three, question fifteen does indicate that SMEs
have almost uniformly considered outsourcing or using a third party to adapt a framework to
their Cloud transition. This is a strong amplification of previous research efforts that have
mentioned third parties or outsourcing as an option (Gupta, Misra, Singh, Kumar, & Kumar,
2017).
The researcher focused research question two on the primary areas of concern for SMEs
as they perform Cloud computing risk assessments. Most of the SMEs referenced by the survey
respondents do not start with a blank state. Responses to survey two questions seven and eight
show that most SMEs select a CSP and a type of Cloud infrastructure before the SME begins the
Cloud transition risk assessment process. This helps narrow the primary areas of concern for
SMEs to general IT concerns such as backups or network paths, and a wide array of non-
technical concerns that confirms previous research in the field (Cheng & Lin, 2009; Diaz-Chao,
Ficapal-Cusi, & Torrent-Sellens, 2017; Lai, Sardakis, & Blackburn, 2015). Responses to survey
one, questions fourteen and fifteen shows that every respondent reports non-technical concerns
119
for SMEs that they work with. Almost all respondents indicate that governance, business
process, financial, and privacy concerns affect SMEs that are transitioning to the Cloud.
In Survey 2, responses to questions ten, eleven and twelve support the finding that by far
the biggest primary concern reported by this research study participants is that of the SMEs IT
staff knowledge levels and Cloud readiness. SMEs are also concerned with the reasons that the
SME IT teams are not ready, including; lack of training, IT staff budget, and IT staff resistance
to Cloud computing environments as per the responses to survey two, question eleven. Survey
one, question twenty-one and survey two, question ten shows that SMEs are overwhelmingly
outsourcing IT tasks related to the SME’s Cloud transition or using third parties for their Cloud
transitions.
The researcher asked with research question three; what are the commonly used security
controls used in Cloud risk assessments. Almost all respondents to survey one, question ten,
eleven, and eighteen see SMEs use security controls specific to Cloud environments. This
confirms earlier research in the field (Haines, Horowitz, Guo, Andrijicic, & Bogdanor, 2015;
Rahulamathavan, Rajarajan, Rana, Awan, Burnap, & Das, 2015; Sahmim & Gharsellaoui, 2017).
Responses to survey one, question nineteen bounds the type of controls being used by SMEs.
Newer Cloud specific controls and tools such as CASB, SecaaS, and multi-Cloud are not in
widespread use by SMEs while older security controls are. Previous research in the field confirm
these results by not generally discussing modern controls and discussing a lack of SME focus on
best practices for a Cloud transition (Gholami, Daneshgar, Low, & Beydoun, 2016; Salim,
Darshana, Sukanlaya, Alarfi, & Maura, 2015; Yu, Li, Li, Zhao, & Zhao, 2018). Responses to
survey two, question sixteen indicate that whatever Cloud tools SMEs are using, they are not
being fully audited leading to the conclusion that SMEs need more controls. Research in the field
120
indicate a lack of preparation by SMEs for Cloud transitions including the use of security
controls but this research helps shed light on the details of SMEs’ lack of preparation (Huang et
al., 2015, 2015; Wang & He, 2014). Responses to survey three, question seven show that SMEs
still need a lot of work in this area with only seventy-one per cent of the risk experts seeing a
change in Cloud risk assessment hazards identification. Responses to survey three, question
twelve and thirteen indicate that the SMEs realize they need new security controls even if they
are not using them yet. Previous research supports this conclusion with several studies reporting
that many SMEs see a Cloud transition as a way to increase the SMEs’ IT security (Lacity &
Reynolds, 2013; Mohabbattalab, von der Heidt, & Mohabbattalab, 2014).
The researcher asked with research question four; what are the commonly recommended
mitigations in Cloud specific risk assessments. The design of this question intended to elicit
slightly different responses than just controls or control families. The assumption made by the
researcher was that all respondents would see specific recommendations made to SMEs but
respondents to survey one, question twenty show only seventy-five per cent have seen
recommendations. Previous research in the field supports this conclusion but this research study
is the first to quantify the number of SMEs seeing specific Cloud recommendations (Assante,
Castro, Hamburg, & Martin, 2016; Hussain, Hussain, Hussain, Damiani, & Chang, 2017).
Responses to survey one, question twenty-one help detail the specific mitigations recommended
to SMEs with eighty per cent of respondents saying that they have seen recommendations to
outsourcing or use third parties. This is a reoccurring theme in the data collected in this research
study. Previous research hints at the use of outsourcing by SMEs but this research shows how
prevalent it has become (Fahmideh & Beydoun, 2018). Overall, survey respondents show that
SMEs are adopting mitigations specific to the Cloud environments and changes to the mitigation
121
process with risk assessment changes as indicated by responses to survey three, questions six,
eight and nine. While accepting that Cloud computing environments require new mitigations and
new mitigation processes may seem obvious, previous research has not focused on this to any
great detail (Mohabbattalab, von der Heidt, & Mohabbattalab, 2014). Responses to survey three,
questions six and eleven, indicate that changes in the make-up of risk assessment teams and SME
risk responsibility assignment will affect recommended mitigations.
The primary factor that may have influenced the interpretation of the results of this
research study is that all significant results emerged from responses to multiple choice questions.
Perhaps the researcher did not include important choices in the answer choices. The researcher
has included all survey questions and responses in an appendix so the reader can decide. The
researcher presents the survey question answers in percentages so interpretation of the results
gathered is straightforward.
Recommendations for Practice
The researcher has encapsulated recommendations for practice in the validated risk
assessment instrument in the appendix. The primary recommendation is that SMEs need to spend
more time preparing for a Cloud transition. Even though responses to survey one, question eight,
nine, and twelve show a strong majority of SMEs transitioning to the Cloud do some planning,
SMEs need to do much more planning. Current research supports this finding but does not offer
many details (Bildosola, Río-Belver, Cilleruelo, & Garechana, 2015; Gastermann, Stopper,
Kossik, & Katalinic, 2014; Lacity & Reynolds, 2013; Senarathna, Yeoh, Warren, & Salzman,
2016). The validated risk instrument presented in the appendix does not get to the level of
specific controls but focuses on the decisions that SMEs must make before moving servers or
data to a CSP. Responses to survey three, questions seven, twelve, and thirteen indicate SMEs
122
realize they need to put more effort into the Cloud transition process and a validated risk
instrument with a series of fairly simple questions should help shape that effort. Existing
research shows that many SMEs see a Cloud transition as a way to increase security (Lacity &
Reynolds, 2013; Mohabbattalab, von der Heidt, & Mohabbattalab, 2014), this research study
helps show how the SMEs can achieve that goal. The findings from this research study do not
solve all SMEs’ problems with Cloud transitions, but if used as indicated by the validate risk
instrument, SMEs should have a smoother and more secure Cloud transition effort.
Recommendations for Future Research
The primary recommendation for future study is that more research should focus on how
SMEs plan for Cloud transitions. Current research does a good job of identifying why or why not
SMEs are adopting Cloud computing but current research does not identify how SMEs should
transition to Cloud computing. This research study has taken the first steps and identified the
current frameworks and primary areas of concern for SMEs as they adopt Cloud computing.
Extending the results of this research study, however, will require much more research. Adopting
Cloud computing is much more than just changing IT vendors or changing the type of servers
used by the SME. Adopting Cloud computing is a major paradigm shift for many SMEs that will
fundamentally change how SMEs do business and interact with each other and customers.
Based on results from this research study, specific fields of interest deserving more
research include several cross-domain topics. This research has shown that a primary concern for
SMEs during Cloud transitions is staffing. SMEs are trying to decide if it make sense to
outsource part or all of a move to Cloud computing. Pursuing research to help answer this
question may involve management theory, employee training, business risk analysis, and IT
among other research fields. Cloud computing is primarily a field in which IT and cybersecurity
123
researchers work. The results of this research study indicate several promising avenues of
research in IT and IT security fields. SMEs are not using modern Cloud based tools yet.
Research investigating what would it take to get SMEs to adopt a Cloud tool such as DevOps or
DevSecOps may show interesting results. If, as this research shows, SMEs are heavily using
third parties and outsourcing for the transition to the Cloud, further research on how that will
affect the IT and IT security fields will produce many topics. If SMEs adopt Cloud computing
with third parties in control, research on how the day to day operations of the SME would change
and could bear useful results. This research study indicates that the field of IT risk is changing as
a result of Cloud transitions. Research on how the field of IT risk adapts to Cloud computing
would be a very interesting research topic.
Conclusions
The researcher has only identified the issues for Cloud computing adoption by SMEs
from the perspective of risk experts. This research study has not identified ways in whcich those
risk experts can make the SME decision makers adopt these findings. Future research will need
to identify the answers and solutions that SMEs will adopt. Cloud computing is a very technical
field but this research study shows that SMEs’ biggest problems with transitioning to the Cloud
is human based, not technical. This research study builds on prior research and points the way for
future research. Earlier research has shown that SMEs show hesitation when moving to the
Cloud. Previous research studies have not identified the major concerns and road blocks for
SMEs as they transition to the Cloud. This research illuminates the major issues for SMEs
adopting Cloud computing.
This research study shows that SMEs are adopting Cloud computing in a piece-meal and
unorganized way. Future research on whether or not SMEs converge on best practices and
124
standards will be important work. As the use of Cloud computing is becoming an inflection point
for SMEs, SMEs need more research on both the process and the results. Cloud computing is
fundamentally changing the daily pace of business, and this research study shows that SMEs
have not kept pace. SMEs would greatly benefit from more research to help them adopt Cloud
computing securely and effectively.
125
References
Ab Rahman, N. H., & Choo, K. R. (2015). A survey of information security incident handling in the
Cloud. Computers & Security, 49, 45-69. doi:10.1016/j.cose.2014.11.006
Achargui, A., & Zaouia, A. (2017). Hosted, Cloud and SaaS, off-premises ERP systems adoption by
Moroccan SMEs: A focus group study. 2017 International Conference on Information and
Digital Technologies (IDT). doi:10.1109/dt.2017.8012125
Ahani, A., Rahim, N. Z., & Nilashi, M. (2017). Forecasting social CRM adoption in SMEs: A combined
SEM-neural network method. Computers in Human Behavior, 75, 560-578.
doi:10.1016/j.chb.2017.05.032
Ahmed, N., & Abraham, A. (2013). Modeling security risk factors in a Cloud computing
environment. Journal of Information Assurance & Security, 8(6), 279-289. Retrieved from
http://www.mirlabs.org/jias/
Aich, A., Sen, A., & Dash, S. R. (2015). A Survey on Cloud Environment Security Risk and Remedy.
2015 International Conference on Computational Intelligence and Networks.
doi:10.1109/cine.2015.45
Alali, F. A., & Chia-Lun, Y. (2012). Cloud Computing: Overview and Risk Analysis. Journal of
Information Systems, 26(2), 13-33. doi:10.2308/isys-50229
Alassafi, M. O., Alharthi, A., Walters, R. J., & Wills, G. B. (2017). A framework for critical security
factors that influence the decision of Cloud adoption by Saudi government agencies. Telematics
and Informatics, 34(7), 996-1010. doi:10.1016/j.tele.2017.04.010
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for Cloud computing environments. Security & Communication
Networks, 7(11), 2114-2124. doi:10.1002/sec.923
126
Alcantara, M., & Melgar, A. (2016). Risk Management in Information Security: A Systematic
Review. Journal of Advances in Information Technology, 7(1). Retrieved from:
http://www.jait.us/
Aldorisio, J. (2018). What is security as a service? A definition of SECaaS, benefits, examples, and
more. Retrieved from https://digitalguardian.com/blog/what-security-service-definition-secaas-
benefits-examples-and-more
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in Cloud computing: Opportunities and
challenges. Information Sciences, 30(55) 357-383. doi:10.1016/j.ins.2015.01.025
Aljawarneh, S. A., Alawneh, A., & Jaradat, R. (2016). Cloud security engineering: Early stages of
SDLC. Future Generation Computer Systems, doi:10.1016/j.future.2016.10.005
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2016). A conceptual framework for designing data
governance for Cloud computing. Procedia Computer Science, 94, 160-167.
doi:10.1016/j.procs.2016.08.025
Al-Anzi, F., S., Yadav, S., K., Soni, J., (2014) Cloud computing: Security model comprising
governance, risk management and compliance. 2014 International Conference on Data Mining
and Intelligent Computing (ICDMIC). doi:10.1109/ICDMIC.2014.6954232
Al-Ismaili, S., Li, M., & Shen, J. (2016). Cloud Computing Adoption Decision Modelling for SMEs:
From the PAPRIKA Perspective. Lecture Notes in Electrical Engineering, 597-615.
doi:10.1007/978-981-10-0539-8_59.
Anand, P., Ryoo, J., Kim, H., (2015) Addressing security challenges in Cloud computing — A pattern-
based approach. 2015 1st International Conference on Software Security and Assurance
(ICSSA), 13. doi:10.1109/ICSSA.2015.013
127
Assante, D., Castro, M., Hamburg, I., & Martin, S. (2016). The use of Cloud computing in SMEs.
Procedia Computer Science, 83 The 7th International Conference on Ambient Systems, Networks
and Technologies (ANT 2016), 1207-1212. doi:10.1016/j.procs.2016.04.250
Atkinson, S., & Aucoin, R. F. (2015). Adopting COBIT 5 in a government entity. COBIT Focus, 1(6).
Retrieved from: https://www.isaca.org/COBIT/focus/Pages/FocusHome.aspx
Bahrami, M., Malvankar, A., Budhraja, K., K., Kundu, C., Singhal, M., & Kundu, A., (2017)
Compliance-Aware provisioning of containers on Cloud. 2017 IEEE 10th International
Conference on Cloud Computing (CLOUD), 696. doi:10.1109/CLOUD.2017.95
Baig, R., Freitag, F., Moll, A., Navarro, L., Pueyo, R., Vlassov, V., (2015). Community network Clouds
as a case for the IEEE InterCloud standardization. 2015 IEEE Conference on Standards for
Communications and Networking (CSCN), Standards for Communications and Networking
(CSCN), 2015 IEEE Conference on, 269. doi:10.1109/CSCN.2015.7390456
Bard, G., & Weinstein, Y. (2017). The effect of question order on evaluations of test performance: Can
the bias dissolve? The Quarterly Journal of Experimental Psychology, 70(10), 2130–2140.
https://www.tandfonline.com/loi/pqje20
Bassiliades, N., Symeonidis, M., Meditskos, G., Kontopoulos, E., Gouvas, P., & Vlahavas, I. (2017). A
semantic recommendation algorithm for the PaaSport platform-as-a-service marketplace. Expert
Systems with Applications, 203-227. doi:10.1016/j.eswa.2016.09.032
Barrow, P., Kumari, R., & Manjula, R. (2016). Security in Cloud computing for service delivery models:
Challenges and solutions. Journal of Engineering Research and Applications.
doi:10.1016/j.cose.2016.02.007
128
Barton, K. A., Tejay, G., Lane, M., & Terrell, S. (2016). Information system security commitment: A
study of external influences on senior management. Computers & Security, 599-625.
doi:10.1016/j.cose.2016.02.007
Bayramusta, M., & Nasir, V. A. (2016). A fad or future of IT?: A comprehensive literature review on
the Cloud computing research. International Journal of Information Management, 36, 635-644.
doi:10.1016/j.ijinfomgt.2016.04.006
Betz, C. T., & Goldenstern, C. (2017). The New World: What do Agile and DevOps mean for ITSM and
ITIL – Kepner-Tregoe. Retrieved from https://www.kepner-tregoe.com/knowledge-
center/articles/technical-support-improvement/the-new-world-what-does-agile-and-devops-
mean-for-itsm-and-itil/
Beauchamp, P. (2015, March 26). Cyber security for professional service agencies: How to safeguard
your clients? Intellectual property and trade secrets. Retrieved from
http://www.inguard.com/blog/cyber-security-for-professional-service-agencies-how-to-
safeguard-your-clients-intellectual-property-and-trade-secrets
Bhattacharya, S., Kumar, C., S., From threats subverting Cloud security to a secure trust paradigm.
(2017). Inventive Communication and Computational Technologies (ICICCT), 2017
International Conference on, 510. doi:10.1109/ICICCT.2017.7975252
Bickart, B., & Schmittlein, D. (1999). The distribution of survey contact and participation in the United
States: constructing a survey-based estimate. Journal of Marketing Research (JMR), 36(2), 286-
294. Retrieved from:
https://www.ama.org/publications/JournalOfMarketingResearch/Pages/current-issue.aspx
Bieber, K., Grivas, S. G., & Giovanoli, C. (2015). Cloud Computing Business Case Framework:
Introducing a Mixed-Model Business Case Framework for Small and Medium Enterprises to
129
Determine the Value of Cloud Computing. 2015 International Conference on Enterprise Systems
(ES), 161. doi:10.1109/ES.2015.22
Bildosola, I., Río-Belver, R., Cilleruelo, E., & Garechana, G. (2015). Design and implementation of a
Cloud computing adoption decision tool: Generating a Cloud road. Plos One, 10(7),
doi:10.1371/journal.pone.0134563
Bojanc, R., & Jerman-Blazic, B. (2008). An economic modelling approach to information security risk
management. International Journal of Information Management, 28, 413-422.
doi:10.1016/j.ijinfomgt.2008.02.002
Brender, N., & Markov, I. (2013). Risk perception and risk management in Cloud computing: Results
from a case study of Swiss companies. International Journal of Information Management, 33(5),
726-733. Retrieved from: https://www.journals.elsevier.com/international-journal-of-
information-management
Brüggen, E., & Dholakia, U. M. (2010). Determinants of participation and response effort in web panel
surveys. Journal of Interactive Marketing, 24, 239-250. doi:10.1016/j.intmar.2010.04.004
Bruque-Camara, S., Moyano-Fuentes, J., & Maqueira-Marín, J. M. (2016). Supply chain integration
through community Cloud: Effects on operational performance. Journal of Purchasing and
Supply Management, 22, 141-153. doi:10.1016/j.pursup.2016.04.003
Bulgurcu, B., Cavusoglu, H., & Benbasat, I., (2016). Hopes, fears, and software
obfuscation. Communications of the ACM, 59(3), 88-96. doi:10.1145/2757276
Bunkar, R. K., & Rai, P. K. (2017). Study on security model in Cloud computing. International Journal
of Advanced Research in Computer Science, 8(7), 841. doi:10.26483/ijarcs.v8i7.4350
Buss, A. (2013). SMEs open to public Cloud services. Computer Weekly, 14. Retrieved from:
https://www.computerweekly.com/
130
Calvo-Manzano, J. A., Lema-Moreta, L., Arcilla-Cobián, M., & Rubio-Sánchez, J. L. (2015). How small
and medium enterprises can begin their implementation of ITIL?. Revista Facultad De
Ingenieria Universidad De Antioquia, 127. doi:10.17533/udea.redin.n77a15
Cao, X., Moore, C., O’Neill, M., O’Sullivan, E., & Hanley, N., Optimised multiplication architectures
for accelerating fully homomorphic encryption. (2016). IEEE Transactions on Computers, IEEE
Trans. Comput, (9), 2794. doi:10.1109/TC.2015.2498606
Cao, J & Zhang, S., (2016). IT Operation and Maintenance Process improvement and design under
virtualization environment. 2016 IEEE International Conference on Cloud Computing and Big
Data Analysis (ICCCBDA), Cloud Computing and Big Data Analysis (ICCCBDA), 2016 IEEE
International Conference on, 263. doi:10.1109/ICCCBDA.2016.7529568
Carcary, M., Doherty, E., & Conway, G. (2014). The adoption of Cloud computing by Irish SMEs — An
exploratory study. Electronic Journal of Information Systems Evaluation, 17(1), 3-14. Retrieved
from: http://www.ejise.com/main.html
Carcary, M., Doherty, E., Conway, G., & McLaughlin, S. (2014). Cloud computing adoption readiness
and benefit realization in Irish SMEs—An exploratory study. Information Systems Management,
31(4), 313-327. doi:10.1080/10580530.2014.958028
Carvalho, C. d., Andrade, R. C., Castro, M. d., Coutinho, E. F., & Agoulmine, N. (2017). State of the art
and challenges of security SLA for Cloud computing. Computers and Electrical Engineering, 59,
141-152. doi:10.1016/j.compeleceng.2016.12.030
Casola, V., De Benedictis, A., Modic, J., Rak, M., & Villano, U., Per-service security SLA: A new
model for security management in Clouds. (2016). 2016 IEEE 25th International Conference on
Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2014 IEEE
23rd International, 83. doi:10.1109/WETICE.2016.27
131
Casola, V., De Benedictis, A., Rak, M., & Rios, E. (2016). Security-by-design in Clouds: A security-
SLA driven methodology to build secure Cloud applications. Procedia Computer
Science, 97(2nd International Conference on Cloud Forward: From Distributed to Complete
Computing), 53-62. doi:10.1016/j.procs.2016.08.280
Cayirci, E., Garaga, A., Santana de Oliveira, A., & Roudier, Y. (2016). A risk assessment model for
selecting Cloud service providers. Journal of Cloud Computing, 5(1), 1. doi:10.1186/s13677-
016-0064-x
Charif, B., & Awad, A. I. (2016). Feature: Towards smooth organisational adoption of Cloud computing
a customer-provider security adaptation. Computer Fraud & Security, 2016, 7-15.
doi:10.1016/S1361-3723(16)30016-1
Center for Internet Security. (2018). CIS benchmarks. Retrieved from https://www.cisecurity.org/cis-
benchmarks/
Chalita, S., Zalila, F., Gourdin, C., & Merle, P., (2018). A precise model for Google Cloud platform.
2018 IEEE International Conference on Cloud Engineering (IC2E), Cloud Engineering (IC2E),
2018 IEEE International Conference on, IC2E, 177. doi:10.1109/IC2E.2018.00041
Chang, Y., Chang, P., Xu, Q., Ho, K., Halim, W., (2016). An empirical investigation of switching
intention to private Cloud computing in large enterprises. 2016 22nd Asia-Pacific Conference on
Communications (APCC), 323. doi:10.1109/APCC.2016.7581451
Chang, V, & Ramachandran, I. (2016). Towards achieving data security with the Cloud computing
adoption framework. IEEE Transactions on Services Computing, Services Computing, IEEE
Transactions on, IEEE, 138. doi:10.1109/TSC.2015.2491281
132
Charif, B., & Aswad J. A. (2016). Towards smooth organisational adoption of Cloud computing – A
customer-provider security adaptation. Computer Fraud & Security, 2016(2), 7-15.
doi:10.1016/S1361-3723(16)30016-1
Chatman, C. (2010). How Cloud computing is changing the face of health care information technology.
Journal of Health Care Compliance, 12(3), 37-70. Retrieved from
http://www.healthcarecompliance.us/journal-of-health-care-compliance.html
Chatzithanasis, G., & Michalakelis, C. (2018). The Benefits of Cloud Computing: Evidence from
Greece. International Journal of Technology Diffusion (IJTD), 9(2), 61. Retrieved form:
https://www.igi-global.com/journal/international-journal-technology-diffusion/1135
Chen, T., Ta-Tao, C., & Kazuo, N. (2016). The Perceived Business Benefit of Cloud Computing: An
Exploratory Study. Journal of International Technology & Information Management, 25(4), 101-
121. Retrieved from: http://scholarworks.lib.csusb.edu/jitim/
Cheng, H., & Lin, C. Y. (2009). Do as the large enterprises do? Expatriate selection and overseas
performance in emerging markets: The case of Taiwan SMEs. International Business Review,
18, 60-75. doi:10.1016/j.ibusrev.2008.12.002
Chiregi, M., & Jafari Navimipour, N. (2017). Review: Cloud computing and trust evaluation: A
systematic literature review of the state-of-the-art mechanisms. Journal of Electrical Systems and
Information Technology, doi: 10.1016/j.jesit.2017.09.001
Choi, M., & Lee, C. (2015). Information security management as a bridge in Cloud systems from private
to public organizations. Sustainability, 7(9) 12032-12051 (2015), (9), 12032.
doi:10.3390/su70912032
Cong, C., & Aiqing, C. (2014). Cost analysis of public Cloud IaaS access of SMEs. Applied Mechanics
& Materials, 19(6) 631-632. doi:10.4028/www.scientific.net/AMM.631-632.196
133
Coppolino, L., D’Antonio, S., Mazzeo, G., & Romano, L. (2017). Cloud security: Emerging threats and
current solutions. Computers and Electrical Engineering, 59, 126-140.
doi:10.1016/j.compeleceng.2016.03.004
Cram, W. A., Brohman, M. K., & Gallupe, R. B. (2016). Hitting a moving target: a process model of
information systems control change. Information Systems Journal, 26(3), 195-226.
doi:10.1111/isj.12059
Creswell, J. W. (2007). Qualitative inquiry and research design: Choosing among five traditions.
Thousand Oaks: Sage.
da Silva Antonio, F., & Manotti, A. (2016). Using COBIT 5: Enabling Information to Perform an
Information Quality Assessment. COBIT Focus, 1-4. Retrieved from:
https://ww7w.isaca.org/COBIT/focus/Pages/FocusHome.aspx
Damenu, T. K., & Balakrishna, C. (2015). Cloud security risk management: A critical review. 2015 9Th
International Conference on Next Generation Mobile Applications, Services & Technologies,
370. doi:10.1109/NGMAST.2015.25
Dasgupta, S., & Pal, S.K. (2016). Design of a polynomial ring based symmetric homomorphic
encryption scheme. Perspectives in Science, Vol 8, 692-695. doi:10.1016/j.pisc.2016.06.061
Daylami, N. (2015). The origin and construct of Cloud computing. International Journal of the
Academic Business World, 9(2), 39-45. Retrieved from: http://jwpress.com/IJABW/IJABW.htm
de Bruin, M., McCambridge, J., & Prins, J. M. (2015). Reducing the risk of bias in health behaviour
change trials: Improving trial design, reporting or bias assessment criteria? A review and case
study. Psychology & Health, 30(1), 8–34. Retrieved from:
https://www.tandfonline.com/loi/gpsh20.
134
de Gusmão, A. H., e Silva, L. C., Silva, M. M., Poleto, T., & Costa, A. S. (2016). Information security
risk analysis model using fuzzy decision theory. International Journal of Information
Management, 36, 25-34. doi:10.1016/j.ijinfomgt.2015.09.003
Demirkan, H., & Goul, M. (2011). Taking value-networks to the Cloud services: Security services,
semantics and service level agreements. Information Systems and E-Business
Management, 11(1), 51-91. Retrieved from https://link.springer.com/journal/10257
Denzin, N. K. (2001). Interpretive interactionism (Vol. 16). Sage.
Deshpande, P., Sharma, S.C., Peddoju, S.K. et al. (2018) Security and service assurance in Cloud
environment. International Journal of System Assurance Engineering Management (2018) 9:
194. Retrieved from https://link.springer.com/journal/13198
Devos, J., & Van de Ginste, K. (2015). Towards a Theoretical Foundation of IT Governance – The
COBIT 5 case. Electronic Journal of Information Systems Evaluation, 18(2), 95. Retrieved from:
http://www.ejise.com/main.html
Dhingra, A., K., Rai, D., Evaluating risks in Cloud computing: Security perspective. (2016). 2016 5th
International Conference on Reliability, Infocom Technologies and Optimization (Trends and
Future Directions) ICRITO, 533. doi:10.1109/ICRITO.2016.7785013
Díaz-Chao, Á., Ficapal-Cusi, P., & Torrent-Sellens, J. (2017). Did small and medium enterprises
maintain better jobs during the early years of the recession? Job quality multidimensional
evidence from Spain. European Management Journal, 35, 396-413.
doi:10.1016/j.emj.2016.06.006
Diogenes, Y. (2017). Embracing Cloud computing to enhance your overall security posture. ISSA
Journal, 15(5), 36-41. Retrieved from: https://issa-cos.org/issajournal
135
Djuraev, R., X., & Umirzakov, B., M., (2016) Model of assessment of risks of information security in
the environment of Cloud computing. 2016 International Conference on Information Science
and Communications Technologies (ICISCT), 1. doi:10.1109/ICISCT.2016.7777391
Doherty, N. F., & Tajuddin, S. T. (2018). Towards a user-centric theory of value-driven information
security compliance. Information Technology & People, 31(2), 348. doi:10.1108/ITP-08-2016-
0194
dos Santos, D. R., Marinho, R., Schmitt, G. R., Westphall, C. M., & Westphall, C. B. (2016). A
framework and risk assessment approaches for risk-based access control in the Cloud. Journal of
Network and Computer Applications, 74, 86-97. doi:10.1016/j.jnca.2016.08.013
Elhoseny, M., Elminir, H., Riad, A., & Yuan, X., (2016). A secure data routing schema for WSN using
elliptic curve cryptography and homomorphic encryption. Journal of King Saud University:
Computer and Information Sciences, 28(3), 262-275. Retrieved from:
https://www.journals.elsevier.com/journal-of-king-saud-university-computer-and-information-
sciences
Elsayed, M., & Zulkernine, M. (2016). IFCaaS: Information flow control as a service for Cloud security.
Availability, Reliability and Security (ARES), 2016 11th International Conference on. 211-216.
Retrieved from;
https://ieeexplore.ieee.org/xpl/tocresult.jsp?isnumber=7784494&filter%3DAND%28p_IS_Numb
er%3A7784494%29&pageNumber=3
Elvy, S. (2018). Commodifying consumer data in the era of the Internet of things. Boston College Law
Review, 59(2), 424-522. Retrieved from: https://www.bc.edu/bc-web/schools/law/academics-
faculty/law-reviews/bclr.html
136
El-Attar, N., E., Awad, W., A., & Omara, F., A., Empirical assessment for security risk and availability
in public Cloud frameworks. (2016). 2016 11th International Conference on Computer
Engineering & Systems (ICCES), 17. doi:10.1109/ICCES.2016.7821969
El-Gazzar, R., Hustad, E., & Olsen, D. H. (2016). Understanding Cloud computing adoption issues: A
Delphi study approach. The Journal of Systems & Software, 118, 64-84. doi:
10.1016/j.jss.2016.04.061
El-Makkaoui, K., Ezzati, A., Beni-Hssane, A., Motamed, C. (2016). Cloud security and privacy model
for providing secure Cloud services. 2016 2nd International Conference on Cloud Computing
Technologies and Applications (CloudTech), 81. doi:10.1109/CloudTech.2016.7847682
Erturk, E. (2017). An incremental model for Cloud adoption: Based on a study of regional organizations.
TEM Journal, 6(4), 868-876. doi:10.18421/TEM64-29
Fahmideh, M., & Beydoun, G. (2018). Reusing empirical knowledge during Cloud computing
adoption. The Journal of Systems & Software, 138, 124-157. doi:10.1016/j.jss.2017.12.011
Feng, C., & Xin, Y. (2014). Fast key generation for Gentry-style homomorphic encryption. The Journal
of China Universities of Posts and Telecommunications, 21, 37-44. doi:10.1016/S1005-
8885(14)60343-5
Fernandes, D., Soares, L., Gomes, J., Freire, M., & Inácio, P. (2014). Security issues in Cloud
environments: A survey. International Journal of Information Security, 13(2), 113-170.
doi:10.1007/s10207-013-0208-7
Fernando, B. & Fernando, R., (2014). Strategy, innovation and internationalization in SMEs: The
implementation issue. Proceedings of the European Conference on Innovation &
Entrepreneurship, 77. Retrieved from: https://www.academic-conferences.org/conferences/ecie/
137
Ferdinand, J. (2015). Building organisational cyber resilience: A strategic knowledge-based view of
cyber security management. Journal of Business Continuity & Emergency Planning, 9(2), 185-
195. Retrieved from https://www.henrystewartpublications.com/jbcep
Flostrand, A. (2017). Finding the future: Crowdsourcing versus the Delphi technique. Business
Horizons, 60, 229-236. doi:10.1016/j.bushor.2016.11.007
Fosu, A. K. (2017). Growth, inequality, and poverty reduction in developing countries: Recent global
evidence. Research in Economics, 71, 306-336. doi:10.1016/j.rie.2016.05.005
Funk, J. L. (2015). Thinking about the future of technology: Rates of improvement and economic
feasibility. Futures, 73, 163-175. doi:10.1016/j.futures.2015.08.003
Furfaro, A., Gallo, T., Garro, A., Sacca, D., & Tundis, A., (2016). Requirements specification of a Cloud
service for cyber security compliance analysis. 2016 2nd International Conference on Cloud
Computing Technologies and Applications (CloudTech), 205.
doi:10.1109/CloudTech.2016.7847700
Gartner. (2014, October 2). What is SMB? – Gartner defines small and midsize businesses. Retrieved
from https://www.gartner.com/it-glossary/smbs-small-and-midsize-businesses
Gastermann, B., Stopper, M., Kossik, A., & Katalinic, B. (2014). Secure implementation of an on-
premises Cloud storage service for small and medium-sized enterprises. Annals of DAAAM &
Proceedings, 25(1), 574-583. doi:10.1016/j.proeng.2015.01.407
George, S., Gyorgy, T., Adelina, O., Victor, S., & Janna, C. (2014). Cloud computing and big data as
convergent technologies for retail pricing strategies of SMEs. Challenges of the Knowledge
Society, 4(1), 1044-1052. Retrieved from: http://cks.univnt.ro/
138
Gill, F. J., Leslie, G. D., Grech, C., & Latour, J. M. (2013). Using a web-based survey tool to undertake
a Delphi study: Application for nurse education research. Nurse Education Today, 13(28) 1322-
1328. doi:10.1016/j.nedt.2013.02.016
Gholami, M. F., Daneshgar, F., Low, G., & Beydoun, G. (2016). Cloud migration process—A survey,
evaluation framework, and open challenges. The Journal of Systems & Software, 12, 31-69.
doi:10.1016/j.jss.2016.06.068
Glaser, B. G. (2010). The future of grounded theory. Grounded Theory Review, 9(2). Retrieved from:
Glaser, B. G. (2014). Choosing grounded theory. Grounded Theory Review, 13(2). Retrieved from:
Glaser, B. G. (2016). The grounded theory perspective: Its origins and growth. Grounded Theory
Review, 15(1), 4-9. Retrieved from: http://groundedtheoryreview.com/
Gleeson, N., & Walden, I. (2014). ‘It’s a jungle out there’?: Cloud computing, standards and the law.
European Journal of Law & Technology, 5(2), 1. Retrieved from: http://ejlt.org/
Goettlemann, E., Dahman, K., Gateau, B., Dubois, E., & Godart, C., A security risk assessment model
for business process deployment in the Cloud. 2014 IEEE International Conference on Services
Computing, Services Computing (SCC), 307. doi:10.1109/SCC.2014.48
Gomes, D. E., Guedes dos Santos, J. L., Pereira Borges, J. W., Pedroso Alves, M., de Andrade, D. F., &
Erdmann, A. L. (2018). Theory of the response to the item of research on public health. Journal
of Nursing UFPE / Revista De Enfermagem UFPE, 12(6). doi:10.5205/1981-8963-
v12i6a234740p1800-1812-2018
139
Greyson, D. (2018). Information triangulation: A complex and agentic everyday information practice.
Journal of the Association for Information Science & Technology, 69(7), 869-878.
doi:10.1002/asi.24012
Gritzalis, D., Iseppi, G., Mylonas, A., & Stavrou, V. (2018). Exiting the risk assessment maze: A meta-
survey. ACM Computing Surveys, 51(1), 11-30. doi:10.1145/3145905
Guba, E. G., & Lincoln, Y. S. (2008). Paradigmatic controversies, contradictions, and emerging
confluences. In N. K. Denzin, Y. S. Lincoln, The landscape of qualitative research (pp. 255-
286). Thousand Oaks, CA, US: Sage Publications, Inc.
Gupta S, Saini A. (2018). Cloud adoption: Linking business needs with system measures. Global
Journal of Enterprise Information System 9(2) 42-49. Retrieved from:
https://library.harvard.edu/services-tools/business-source-complete
Haimes, Y. Y., Horowitz, B. M., Guo, Z., Andrijcic, E., & Bogdanor, J. (2015). Assessing systemic risk
to Cloud-computing technology as complex interconnected systems of systems. Systems
Engineering, 18(3), 284-299. doi:10.1002/sys.21303
Halabi, T., & Bellaiche, M. (2018). A broker-based framework for standardization and management of
Cloud Security-SLAs. Computers & Security, 75, 59-71. doi:10.1016/j.cose.2018.01.019
Hanclova, J., Rozehnal, P., Ministr, J., & Tvridkova, M. (2015). The determinants of IT adoption in
SMEs in the Czech-Polish border areas. Information Technology for Development, 21(3), 426.
doi:10.1080/02681102.2014.916249
Hare, S. (2016). For your eyes only: U.S. technology companies, sovereign states, and the battle over
data protection. Business Horizons, 59, 549-561. doi:10.1016/j.bushor.2016.04.002
140
Hasheela, V. T., Smolander, K., & Mufeti, T. K. (2016). An investigation of factors leading to the
reluctance of SaaS ERP adoption in Namibian SMEs. African Journal of Information Systems,
8(4), 1-13. Retrieved from: https://digitalcommons.kennesaw.edu/ajis/
Haufe, K., Dzombeta, S., Bradnis, K., Stantchev, V., & Colomo-Palacios, R., (2018). Improving
transparency and efficiency in IT security management resourcing. IT Professional, IT Prof, (1),
53. doi:10.1109/MITP.2018.011291353
He, M., Devine, L., & Zhuang, J. (2018). Perspectives on Cybersecurity Information Sharing among
Multiple Stakeholders Using a Decision‐Theoretic Approach. Risk Analysis: An International
Journal, 38(2), 215–225. Retrieved from: https://www.sra.org/aggregator/sources/1
Ho, S. M., Booth, C., & Ocasio-Velazquez, M. (2017). Trust or consequences? Causal effects of
perceived risk and subjective norms on Cloud technology adoption. Computers & Security, 70,
581-595 Retrieved from https://www.journals.elsevier.com/computers-and-security
Hosseinian-Far, A., Ramachandran, M., & Sarwar, D. (2017). Strategic engineering for Cloud
computing and big data analytics. Cham, Switzerland: Springer.
Hsu, P., Ray, S., & Li-Hsieh, Y. (2014). Examining Cloud computing adoption intention, pricing
mechanism, and deployment model. International Journal of Information Management, 34, 474-
488. doi:10.1016/j.ijinfomgt.2014.04.006
Hsu, C., & Sanford, B., A., (2007). The Delphi technique: Making sense of consensus. Practical
Assessment, Research & Evaluation, 12(10), 1. Retrieved from: http://pareonline.net/
Huang, C., Hou, C., He, L., Dai, H., & Ding, Y., (2017) Policy-Customized: A new abstraction for
building security as a service. 2017 14th International Symposium on Pervasive Systems,
Algorithms and Networks & 2017 11th International Conference on Frontier of Computer
141
Science and Technology & 2017 Third International Symposium of Creative Computing
(ISPAN-FCST-ISCC), doi:10.1109/ISPAN-FCST-ISCC.2017.57
Huang, L., Shen, Y., Zhang, G., & Luo, H. (2015). Information system security risk assessment based on
multidimensional Cloud model and the entropy theory. 2015 IEEE Conference on Computer
Vision & Pattern Recognition (CVPR), 11. doi:10.1109/ICEIEC.2015.7284476
Hu, K. H., Chen, F. H., & We, W. J. (2016). Exploring the key risk factors for application of Cloud
computing in auditing. Entropy, 18(8), 401. Retrieved from:
http://www.mdpi.com/journal/entropy
Hussain, W., Hussain, F. K., Hussain, O. K., Damiani, E., & Chang, E. (2017). Formulating and
managing viable SLAs in Cloud computing from a small to medium service provider’s
viewpoint: A state-of-the-art review. Information Systems, 71, 240-259.
doi:10.1016/j.is.2017.08.007
Hussain, S., A., Mehwish, F., Atif, S., Imran, R., & Raja Khurram, S. (2017). Multilevel classification of
security concerns in Cloud computing. Applied Computing and Informatics, 13(1) 57-65.
doi:10.1016/j.aci.2016.03.001
Imran, M., Hlavacs, H., Haq, I. U., Jan, B., Khan, F. A., & Ahmad, A. (2017). Provenance based data
integrity checking and verification in Cloud environments. Plos One, 12(5).
doi:10.1371/journal.pone.0177576
Ionela, B. (2014). Cloud computing services: Benefits, risks and intellectual property issues. Global
Economic Observer, 230-242. Retrieved from: https://www.questia.com/library/p439761/global-
economic-observer
142
Iqbal, S., Mat Kiah, M. L., Dhaghighi, B., Hussain, M., Khan, S., Khan, M. K., & Raymond Choo, K.
(2016). Review: On Cloud security attacks: A taxonomy and intrusion detection and prevention
as a service. Journal of Network and Computer Applications, 74, 98-120.
doi:10.1016/j.jnca.2016.08.016
ISACA GWDC. (2018). About – ISACA greater Washington, D.C. chapter. Retrieved from https://isaca-
gwdc.org/about/
Islam, S., Fenz, S., Weippl, E., & Mouratidis, H. (2017). A risk management framework for Cloud
migration decision support. Journal of Risk & Financial Management, 10(2), 1.
doi:10.3390/jrfm10020010
Issa M., K., Abdallah, K., & Muhammad, A. (2014). Cloud computing security: A survey. Computers, 3.
doi:10.3390/computers3010001
IT Process Maps Gb. (2018). What is ITIL? Retrieved from https://en.it-processmaps.com/itil/about-
itil.html
Jaatun, M. G., Pearson, S., Gittler, F., Leenes, R., & Niezen, M. (2016). Enhancing accountability in the
Cloud. International Journal of Information Management. Retrieved from
https://www.journals.elsevier.com/international-journal-of-information-management
Jeganathan, S. (2017). Enterprise security architecture: Key for aligning security goals with business
goals. ISSA Journal, 15(1), 22-29. Retrieved from http://www.issa.org/?page=ISSAJournal
Johnson, A. M. (2009). Business and security executives’ views of information security investment
drivers: Results from a Delphi study. Journal of Information Privacy & Security, 5(1), 3-27.
Retrieved from: https://www.tandfonline.com/loi/uips20
143
Jouini, M., & Ben Arfa Rabai, L. (2016). Comparative study of information security risk assessment
models for Cloud computing systems. Procedia Computer Science, 831084.
doi:10.1016/j.procs.2016.04.227
Lawson, B. P., Muriel, L., & Sanders, P. R. (2017). Regular Paper: A survey on firms’ implementation
of COSO’s 2013 Internal control–integrated framework. Research in Accounting Regulation, 29,
30-43. doi:10.1016/j.racreg.2017.04.004
Lohe, J., & Legner, C. (2014). Overcoming implementation challenges in enterprise architecture
management: a design theory for architecture-driven IT Management (ADRIMA). Information
Systems & E-Business Management, 12(1), 101-137. doi:10.1007/s10257-012-0211-y
Luna, J., Suri, N., Iorga, M., & Karmel, A. (2015). Leveraging the potential of Cloud security service-
level agreements through standards. IEEE Cloud Computing, 2(3), 32-40.
Kaaniche, N., Mohamed, M., Laurent, M., & Ludwig, H., Security SLA Based Monitoring in Clouds.
(2017). 2017 IEEE International Conference on Edge Computing (EDGE), 90.
doi:10.1109/IEEE.EDGE.2017.20
Kalaiprasath, R., Elankavi, R., & Udayakumar, R. (2017). Cloud security and compliance – A semantic
approach in end to end security. International Journal on Smart Sensing & Intelligent Systems.
Retrieved from http://s2is.org/
Karras, D. A. (2017). On Scalable and Efficient Security Risk Modelling of Cloud Computing
Infrastructure based on Markov processes. ITM Web of Conferences 9 3-6. EDP Sciences.
Retrieved from: https://www.itm-conferences.org/
Keung, J., & Kwok, F. (2012). Cloud deployment model selection assessment for SMEs: Renting or
Buying a Cloud. 2012 IEEE Fifth International Conference on Utility & Cloud Computing, 21.
doi:10.1109/UCC.2012.29
144
Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: A survey. Computers,
3(1) 1-35. doi:10.3390/computers3010001
Khamsemanan, N., Ostrovsky, R., Skeith, W., E. (2016). On the black-box use of somewhat
homomorphic encryption in noninteractive two-party protocols. SIAM Journal on Discrete
Mathematics, 30(1), 266. doi:10.1137/110858835
Khan, N., & Al-Yasiri, A. (2016). Identifying Cloud security threats to strengthen Cloud computing
adoption framework. Procedia Computer Science, 94, 485-490. doi:10.1016/j.procs.2016.08.075
Khan, S., Nicho, M., & Takruri, H. (2016). IT controls in the public Cloud: Success factors for
allocation of roles and responsibilities. Journal of Information Technology Case & Application
Research, 18(3), 155. Retrieved from https://www.tandfonline.com/loi/utca20
Kholidy, H., Erradi, A., Abdelwahed, S., & Baiardi, F. (2016). A risk mitigation approach for
autonomous Cloud intrusion response system. Computing, 98(11), 1111-1135.
doi:10.1007/s00607-016-0495-8
Korstjens, I., & Moser, A. (2018). Series: Practical guidance to qualitative research. Part 4:
Trustworthiness and publishing. The European Journal of General Practice, 24(1), 120–124.
https://www.tandfonline.com/loi/igen20
Kouatli, I. (2016). Managing Cloud computing environment: Gaining customer trust with security and
ethical management. Procedia Computer Science, 91(Promoting Business Analytics and
Quantitative Management of Technology: 4th International Conference on Information
Technology and Quantitative Management (ITQM 2016), 412-421.
doi:10.1016/j.procs.2016.07.110
145
Kovacsne, L., A., M., (2018). Reducing IT costs and ensuring safe operation with application of the
portfolio management. Serbian Journal of Management, 12(1) 143-155. Retrieved from:
http://www.sjm06.com/
Korte, J. (2017). Mitigating cyber risks through information sharing. Journal of Payments Strategy &
Systems, 203–214. Retrieved from https://www.henrystewartpublications.com/jpss
Kritikos, K., Kirkham, T., Kryza, B., & Massonet, P. (2015). Security enforcement for multi-Cloud
platforms – The case of PaaSage. Procedia Computer Science, 68,1st International Conference
on Cloud Forward: From Distributed to Complete Computing, 103-115.
doi:10.1016/j.procs.2015.09.227
Kumar, D., Samalia, H. V., & Verma, P. (2017). Factors influencing Cloud computing adoption by
small and medium-sized enterprises (SMEs) in India. Pacific Asia Journal of the Association for
Information Systems, 9(3), 25. Retrieved from: http://aisel.aisnet.org/pajais/
Lacity, M. C., & Reynolds, P. (2013). Cloud services practices for small and medium-sized enterprises.
Mis Quarterly Executive, 13(1), 31-44. Retrieved from:
http://misqe.org/ojs2/index.php/misqe/index
Lai, S., & Leu, F. (2015). A security threats measurement model for reducing Cloud computing security
risk. 2015 Second International Conference on Advances in Computing & Communication
Engineering, 414. doi:10.1109/IMIS.2015.64
Lai, Y., Sardakis, G., & Blackburn, R. (2015). Job stress in the United Kingdom: Are small and
medium-sized enterprises and large enterprises different?. Stress & Health: Journal of The
International Society for the Investigation of Stress, 31(3), 222-235. Retrieved from
https://onlinelibrary.wiley.com/journal/15322998
146
Lalev, A. (2017). Methods and instruments for enhancing Cloud computing security in small and
medium sized enterprises. Business Management / Biznes Upravlenie, (2), 38-53 Retrieved from:
http://bm.uni-svishtov.bg/
Lanz, J. (2015). Conducting information technology risk assessments. CPA Journal, 85(5), 6-9.
Retrieved from: https://www.cpajournal.com/
Leclercq-Vandelannoitte, A., & Emmanuel, B. (2018). From sovereign IT governance to liberal IT
governmentality? A Foucauldian analogy. European Journal of Information Systems, 27(3), 326.
doi:10.1080/0960085X.2018.1473932
Lee, J., Kim, Y., S., Kim, J., H., & Kim, I., K., (2017). Toward the SIEM architecture for Cloud-based
security services. 2017 IEEE Conference on Communications and Network Security (CNS),
Communications and Network Security (CNS), 2017 IEEE Conference on, 398.
doi:10.1109/CNS.2017.8228696
Lent, R. (2016). Evaluating the cooling and computing energy demand of a datacentre with optimal
server provisioning. Future Generation Computer Systems, 57, 1-12.
doi:10.1016/j.future.2015.10.008
Leung, R., Hastings, J. F., Keefe, R. H., Brownstein-Evans, C., Chan, K. T., & Mullick, R. (2016).
Building mobile apps for underrepresented mental health care consumers: A grounded theory
approach. Social Work in Mental Health, 14(6), 625. doi:10.1080/15332985.2015.1130010
Lew, D. (2015). ISACA’s COBIT conference provides training and insights for all levels of expertise.
COBIT Focus, 1-2. Retrieved from: https://www.isaca.org/COBIT/focus/Pages/FocusHome.aspx
Li, J., & Li, Q. (2018). Data security and risk assessment in Cloud computing. ITM Web of Conferences.
EDP Sciences. Retrieved from https://www.itm-conferences.org/
147
Lian, J., Yen, D., & Wang, Y. (2014). An exploratory study to understand the critical factors affecting
the decision to adopt Cloud computing in Taiwan hospital. International Journal of Information
Management, 34, 28-36. doi:10.1016/j.ijinfomgt.2013.09.004
Liu, S., Chan, F. T., & Ran, W. (2016). Decision making for the selection of Cloud vendor: An
improved approach under group decision-making with integrated weights and
objective/subjective attributes. Expert Systems with Applications, 5537-47.
doi:10.1016/j.eswa.2016.01.059
Liu, X., Xia, C., Wang, T., Zhong, L., (2017) CloudSec: A novel approach to verifying security
conformance at the bottom of the Cloud. 2017 IEEE International Congress on Big Data
(BigData Congress), Big Data (BigData Congress), 569. doi:10.1109/BigDataCongress.2017.87
Llave, M. R. (2017). Business intelligence and analytics in small and medium-sized enterprises: A
systematic literature review. Procedia Computer Science, CENTERIS/ProjMAN/HCist 2017),
194-205. doi:10.1016/j.procs.2017.11.027
Lu, P. (2018). Structural effects of participation propensity in online collective actions: Based on big
data and Delphi methods. Journal of Computational and Applied Mathematics, 344, 288–300.
https://www.journals.elsevier.com/journal-of-computational-and-applied-mathematics
Lynn, T., van der Werff, L., Hunt, G., & Healy, P. (2016). Development of a Cloud trust label: A Delphi
approach. Journal of Computer Information Systems, 56(3), 185-193. Retrieved from:
https://www.tandfonline.com/loi/ucis20
Madria, S. K. (2016). Security and risk assessment in the Cloud. Computer, 49(9), 110-113. Retrieved
from: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=2
Maghrabi, L., Pfluegel, E., & Noorji, S., F., (2016) Designing utility functions for game-theoretic Cloud
security assessment: A case for using the common vulnerability scoring system. 2016
148
International Conference on Cyber Security and Protection of Digital Services (Cyber Security),
doi:10.1109/CyberSecPODS.2016.7502351
Mahmood, K., Shevtshenko, E., Karaulova, T., & Otto, T. (2018). Risk assessment approach for a
virtual enterprise of small and medium sized enterprises. Proceedings of the Estonian Academy
of Sciences, 67(1), 17-27. doi:10.3176/proc.2017.4.27
Mangiuc, D. (2017). Accountants and the Cloud – Involving the professionals. Accounting &
Management Information Systems / Contabilitate Si Informatica De Gestiune, 16(1), 179-198.
Retrieved from http://jamis.ase.ro/
Martin, V. B. (2017). Formal grounded theory: Knowing when to come out of the rain. Grounded
Theory Review, 16(1), 35-37. Retrieved from: http://groundedtheoryreview.com/
Masky, M., Young, S. S., & Choe, T. (2015). A novel risk identification framework for Cloud
computing security. 2015 2nd International Conference on Information Science & Security
(ICISS), 1. doi:10.1109/ICISSEC.2015.7370967
Mayadunne, S., & Park, S. (2016). An economic model to evaluate information security investment of
risk-taking small and medium enterprises. International Journal of Production Economics,
182519-530. doi:10.1016/j.ijpe.2016.09.018
Mell, P., & Grance, T. (2011). The NIST definition of Cloud computing. Retrieved from:
https://csrc.nist.gov/publications/sp
Mengxi, N., Peng, R., & HaoMiao, Y. (2016). Efficient multi-keyword ranked search over outsourced
Cloud data based on homomorphic encryption. MATEC Web of Conferences, 561.
doi:10.1051/matecconf/20165601002
149
Michaux, S., Ross, P. K., & Blumenstein, M. (2015). Cloud computing as a facilitator of SME
entrepreneurship. Technology Analysis & Strategic Management, 27(1), 87-101. Retrieved from:
https://www.tandfonline.com/loi/ctas20
Mishra, P., Pilli, E. S., Varadharajan, V., & Tupakula, U. (2017). Review: Intrusion detection techniques
in Cloud environment: A survey. Journal of Network and Computer Applications, 77, 18-47.
doi:10.1016/j.jnca.2016.10.015
Mohabbattalab, E., von der Heidt, T., & Mohabbattalab, B. (2014). The perceived advantages of Cloud
computing for SMEs. GSTF Journal on Computing, 4(1), 61-65. doi:10.5176/2251-3043_4.1.309
Molken, R. v., & Wilkins, P. (2017). Implementing oracle integration Cloud service. Birmingham, UK:
Packt Publishing.
Moncayo, D., & Montenegro, C. (2016). 2016 6Th International Conference on Information
Communication & Management (ICICM), 115. doi:10.1109/INFOCOMAN.2016.7784226
Moral-García, S., Moral-Rubio, S., Fernández, E. B., & Fernández-Medina, E. (2014). Enterprise
security pattern: A model-driven architecture instance. Computer Standards & Interfaces, 36,
748-758. doi:10.1016/j.csi.2013.12.009
Moyo, M., & Loock, M., (2016) South African small and medium-sized enterprises’ reluctance to adopt
and use Cloud-based business intelligence systems: A literature review. 2016 11th International
Conference for Internet Technology and Secured Transactions (ICITST), 250.
doi:10.1109/ICITST.2016.7856706
Mustonen-Ollila, E., Lehto, M., & Huhtinen, A. (2018). Hybrid information environment: Grounded
theory analysis. Proceedings of the International Conference on Cyber Warfare & Security, 412-
419. Retrieved from: https://www.academic-conferences.org/conferences/iccws/
150
Musungwini, S., Mugoniwa, B., Furusa, S. S., & Rebanowako, T. G. (2016). An analysis of the use of
Cloud computing among university lecturers: A case study in Zimbabwe. International Journal
of Education and Development Using Information and Communication Technology, 12(1), 53-
70. Retrieved from: http://ijedict.dec.uwi.edu/
Na, S. & Huh, E., (2014) A methodology of assessing security risk of Cloud computing in user
perspective for security-service-level agreements. Fourth edition of the International Conference
on the Innovative Computing Technology (INTECH 2014), 87. Retrieved from:
https://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6916662&filter%3DAND%28p_
IS_Number%3A6927737%29&pageNumber=2
Ndiaye, N., Razak, L. A., Nagayev, R., & Ng, A. (2018). Demystifying small and medium enterprises’
(SMEs) performance in emerging and developing economies. Borsa Istanbul Review,
doi:10.1016/j.bir.2018.04.003
Ngo, C., Demchenko, Y., & de Laat, C. (2016). Multi-tenant attribute-based access control for Cloud
infrastructure services. Journal of Information Security and Applications, 65-84.
doi:10.1016/j.jisa.2015.11.005
Ogden, S. R., Culp, J. C., Villamaria, F. J., & Ball, T. R. (2016). Developing a checklist: Consensus via
a modified Delphi technique. Journal of Cardiothoracic and Vascular Anesthesia, 30855-858.
doi:10.1053/j.jvca.2016.02.022
Oktadini, N., R., & Surendro, K., (2014). SLA in Cloud computing: Improving SLA’s life cycle
applying six sigmas. 2014 International Conference on Information Technology Systems and
Innovation (ICITSI), doi:10.1109/ICITSI.2014.7048278
O’Malley, M. P., & Capper, C. A. (2015). A measure of the quality of educational leadership programs
for social justice: Integrating LGBTIQ identities into principal preparation. Educational
151
Administration Quarterly, 51(2), 290-330. Retrieved from:
http://journals.sagepub.com/home/eaq
Overby, S., Greiner, L., & Paul, L. G. (2017, July 5). What is an SLA? Best practices for service-level
agreements. Retrieved from https://www.cio.com/article/2438284/outsourcing/outsourcing-sla-
definitions-and-solutions.html
Nanavati, M., Colp, P., Aeillo, B., & Warfield, A. (2014). Cloud Security: A Gathering
Storm. Communications of the ACM, 57(5), 70-79. doi:10.1145/2593686
Papachristodoulou, E., Koutsaki, M., & Kirkos, E. (2017). Business intelligence and SMEs: Bridging the
gap. Journal of Intelligence Studies in Business, 7(1), 70-78. Retrieved from: https://ojs.hh.se/
Papadopoulos, G., Rikama, S., Alajaasko, P., Salah-Eddine, Z., Airaksinen, A., & Loumaranta, H.
(2018). Statistics on small and medium-sized enterprises – Statistics explained. Retrieved from
http://ec.europa.eu/eurostat/statisticsexplained/index.php/Statistics_on_small_and_medium-
sized_enterprises#Basic_structures:_employment_size_class_breakdown_in_Structural_Business
_Statistics
Parekh, G., DeLatte, D., Herman, G., L., Oliva, L., Phatak, D., Scheponik, T., Sherman, A., T., (2018).
Identifying core concepts of cybersecurity: Results of two Delphi processes. IEEE Transactions
on Education, (1), 11. doi:10.1109/TE.2017.2715174
Parks, R. F., & Wigand, R. T. (2014). Organizational privacy strategy: Four quadrants of strategic
responses to information privacy and security threats. Journal of Information Privacy &
Security, 10(4), 203. doi:10.1080/15536548.2014.974435
Paxton, N., C., (2016) Cloud security: A review of current issues and proposed solutions. 2016 IEEE
2nd International Conference on Collaboration and Internet Computing (CIC), 452.
doi:10.1109/CIC.2016.066
152
Persico, V., Botta, A., Marchetta, P., Montieri, A., & Pescapé, A. (2017). On the performance of the
wide-area networks interconnecting public-Cloud datacenters around the globe. Computer
Networks, 112, 67-83. doi:10.1016/j.comnet.2016.10.013
Phaphoom, N., Wang, X., Samuel, S., Helmer, S., & Abrahamsson, P. (2015). A survey study on major
technical barriers affecting the decision to adopt Cloud services. The Journal of Systems &
Software, 103, 167-181. doi:10.1016/j.jss.2015.02.002
Potey, M. M., Dhote, C., & Sharma, M. H. (2016). Homomorphic encryption for security of Cloud
data. Procedia Computer Science, 79 (Proceedings of International Conference on
Communication, Computing and Virtualization (ICCCV) 2016), 175-181.
doi:10.1016/j.procs.2016.03.023
Preeti, B., Runni, K., & Prof. Manjula, R. (2016). Security in Cloud computing for service delivery
models: Challenges and solutions. International Journal of Engineering Research and
Applications, 6(4), 76-85. Retrieved from: http://www.ijera.com/
Priyadarshinee, P., Raut, R. D., Jha, M. K., & Kamble, S. S. (2017). A Cloud computing adoption in
Indian SMEs: Scale development and validation approach. Journal of High Technology
Management Research, 28, 221-245. doi:10.1016/j.hitech.2017.10.010
Qian, L., Y., Baharudin, A. S., & Kanaan-Jeebna, A. (2016). Factors affecting the adoption of enterprise
resource planning (ERP) on Cloud among small and medium enterprises (SMEs) in Penang,
Malaysia. Journal of Theoretical & Applied Information Technology, 88(3), 398. Retrieved
from: https://www.jatit.org/
Qiang, D. (2015). Modeling and performance analysis for composite network–compute service
provisioning in software-defined Cloud environments. Digital Communications and Networks,
1(3), 181-190. doi:10.1016/j.dcan.2015.05.003
153
Quigley, K., Burns, C., & Stallard, K. (2015). ‘Cyber Gurus’: A rhetorical analysis of the language of
cybersecurity specialists and the implications for security policy and critical infrastructure
protection. Government Information Quarterly, 32, 108-117. doi:10.1016/j.giq.2015.02.001
Rao, R. V., & Selvamani, K. (2015). Data Security Challenges and Its Solutions in Cloud
Computing. Procedia Computer Science, 48 (International Conference on Computer,
Communication and Convergence (ICCC 2015), 204-209. doi:10.1016/j.procs.2015.04.171
Rasheed, H. (2014). Data and infrastructure security auditing in Cloud computing
environments. International Journal of Information Management, 34, 364-368.
doi:10.1016/j.ijinfomgt.2013.11.002
Ray, D. (2016). Cloud adoption decisions: Benefitting from an integrated perspective. Electronic
Journal of Information Systems Evaluation, 19(1), 3-22. Retrieved from
http://www.ejise.com/main.html
Raza, N., Rashid, I., & Awan, F. (2017). Security and management framework for an organization
operating in Cloud environment. Annals of Telecommunications, 72(5), 325. Retrieved from
https://link.springer.com/journal/12243
Razumnikov, S. V., Zakharova, A. A., & Kremneva, M. S. (2014). A model of decision support on
migration of enterprise IT-applications in the Cloud environment. Applied Mechanics and
Materials. Trans Tech Publications. Retrieved from: https://www.scientific.net/AMM
Rebello, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation of a
Cloud computing information security governance framework. Information and Software
Technology, 58, 44-57. doi:10.1016/j.infsof.2014.10.003
154
Ren, S. Q., Tan, B. M., Sundaram, S., Wang, T., Ng, Y., Chang, V., & Aung, K. M. (2016). Secure
searching on Cloud storage enhanced by homomorphic indexing. Future Generation Computer
Systems, 65(Special Issue on Big Data in the Cloud), 102-110. doi:10.1016/j.future.2016.03.013
Ring, T. (2015). Feature: Cloud security fears: Fact or FUD? Network Security, 10-14.
doi:10.1016/S1353-4858(15)30058-1
Rittle, J., Czerwinski, J., & Sullivan, M. (2016). Auditing the Cloud. Internal Auditor, 73(4), 43-48.
Retrieved from: https://na.theiia.org/periodicals/Pages/Internal-Auditor-Magazine.aspx
Robu, M., (2013). The dynamic and importance of SMEs in economy. USV Annals of Economics and
Public Administration, Vol 13, Issue 1(17), Pp 84-89 (2013), (1(17), 84. Retrieved from:
http://www.seap.usv.ro/annals/ojs/index.php/annals
Rocha, L., Gomez, A., Araújo, N., Otero, C., & Rodrigues, D. (2016). Cloud management tools for
sustainable SMEs. Procedia CIRP, 40 (13th Global Conference on Sustainable Manufacturing –
Decoupling Growth from Resource Use), 220-224. doi:10.1016/j.procir.2016.01.106
Rojas, M. T., Gonzalez, N. M., Sbampato, F. V., Redígolo, F. F., Carvalho, T., Ullah, K. W., & …
Ahmed, A. S. (2016). A framework to orchestrate security SLA lifecycle in Cloud
computing. CISTI (Iberian Conference on Information Systems & Technologies / Conferência
Ibérica De Sistemas E Tecnologias De Informação) Proceedings, 1414. Retrieved from:
http://www.worldcat.org/title/information-systems-and-technologies-proceedings-of-the-11th-
iberian-conference-on-information-systems-and-technologies-cisti-2016-gran-canaria-spain-
june-15-18-2016/oclc/1010053680
Sahmim, S., & Gharsellaoui, H. (2017). Privacy and security in Internet-based computing: Cloud
computing, Internet of things, Cloud of things: a review. Procedia Computer Science, 112,
Knowledge-Based and Intelligent Information & Engineering Systems: Proceedings of the 21st
155
International Conference, KES-20176-8 September 2017, Marseille, France, 1516-1522.
doi:10.1016/j.procs.2017.08.050
Salapura, V., Harper, R., (2018) Virtual machine resiliency management system for the Cloud. IEEE
Cloud Computing, Cloud Computing, IEEE, (3), 55. doi:10.1109/MCC.2018.032591617
Schmidt, P. J., Wood, J. T., & Grabski, S. V. (2016). Business in the Cloud: Research Questions on
Governance, Audit, and Assurance. Journal of Information Systems, 30(3), 173-189.
doi:10.2308/isys-51494
Seethamraju, R., (2014). Adoption of software as a service (SaaS) enterprise resource planning (ERP)
systems in small and medium sized enterprises (SMEs). Information Systems Frontiers. 17, 3,
475-492, ISSN: 13873326. Retrieved from: https://link.springer.com/journal/10796
Senarathna, I., Wilkin, C., Warren, M., Yeoh, W., & Salzman, S., (2018) Factors that influence adoption
of Cloud computing: An empirical study of Australian SMEs. Australasian Journal of
Information Systems, 22(0), doi:10.3127/ajis.v22i0.1603
Senarathna, I., Yeoh, W., Warren, M., & Salzman, S. (2016). Security and privacy concerns for
Australian SMEs Cloud adoption: Empirical study of metropolitan vs regional
SMEs. Australasian Journal of Information Systems, 201-20. Retrieved from:
http://journal.acs.org.au/index.php/ajis
Shackleford, D. (2016). It’s time to clarify ownership of Cloud risk. Information Security, 18(10), 23-25.
Retrieved from: https://www.tandfonline.com/toc/uiss20/current
Shaikh, R., & Sasikumar, M. (2015). Trust model for measuring security strength of Cloud computing
service. Procedia Computer Science, 45 (International Conference on Advanced Computing
Technologies and Applications (ICACTA), 380-389. doi:10.1016/j.procs.2015.03.165
156
Shao, Z., Cao, Y., & Cheng, B., (2014). A quantitative evaluation method based on hierarchical
architecture model of Cloud service availability. Applied Mechanics & Materials, 571-572
doi:10.4028/www.scientific.net/AMM.571-572.11. Retrieved from:
https://www.scientific.net/AMM
Sherman, A. T., DeLatte, D., Neary, M., Oliva, L., Phatak, D., Scheponik, T., & … Thompson, J. (2018).
Cybersecurity: Exploring core concepts through six scenarios. Cryptologia, 42(4), 337.
doi:10.1080/01611194.2017.1362063
Shkurti, R., & Muça, E. (2014). An analysis of Cloud computing and its role in accounting industry in
Albania. Journal of Information Systems & Operations Management, 8(2), 1. Retrieved from:
http://jisom.rau.ro/forward.html
Singh, S., Jeong, Y., & Park, J. H. (2016). A survey on Cloud computing security: Issues, threats, and
solutions. Journal of Network and Computer Applications, 75200-222.
doi:10.1016/j.jnca.2016.09.002
Salim, S., A., Darshana, S., Sukanlaya, S., Abdulrahman Hamad E, A., & Maura, A. (2015). Moving
from evaluation to trial: How do SMEs start adopting Cloud ERP?. Australasian Journal of
Information Systems, 19(0) doi:10.3127/ajis.v19i0.1030
Skeptic. (2009, June 20). The real cost of ITIL V3 expert certification | The IT Skeptic. Retrieved from
http://www.itskeptic.org/real-cost-itil-v3-expert-certification
Soubra, M., & Tanriover, Ö. Ö. (2017). An assessment of recent Cloud security measure proposals in
comparison to their support by widely used Cloud service providers. Mugla Journal of Science &
Technology, 3(2), 122. doi:10.22531/muglajsci.355273
157
Souza, S. M., & Puttini, R. S. (2016). Client-side encryption for privacy-sensitive applications on the
Cloud. Procedia Computer Science, 97 (2nd International Conference on Cloud Forward: From
Distributed to Complete Computing), 126-130. doi:10.1016/j.procs.2016.08.289
Srinivasan, S. (2013). Is security realistic in Cloud computing? Journal of International Technology &
Information Management, 22(4), 47-66. Retrieved from http://scholarworks.lib.csusb.edu/jitim/
Stănciulescu, G. C., & Dumitrescu, F. (2014). Optimizing the IT structures of tourism SMEs using
modern applications and resources (Cloud). Procedia Economics and Finance, 15(Emerging
Markets Queries in Finance and Business (EMQ 2013), 1769-1778. doi:10.1016/S2212-
5671(14)00653-4
Statistics Solution. (2019, January 23). What is transferability in qualitative research and how do we
establish it?. Retrieved April 1, 2019, from https://www.statisticssolutions.com/what-is-
transferability-in-qualitative-research-and-how-do-we-establish-it/
Strasser, A. (2017). Delphi Method variants in information systems research: Taxonomy development
and application. Electronic Journal of Business Research Methods, 15(2), 120-133. Retrieved
from: http://www.ejbrm.com/main.html
Sun, Y., Nanda, S., & Jaeger, T., (2015). Security-as-a-service for microservices-based Cloud
applications. 2015 IEEE 7th International Conference on Cloud Computing Technology and
Science (CloudCom), 50. doi:10.1109/CloudCom.2015.93
Sung, C., Zhang, B., Higgins, C., Y., & Choe, Y., (2016). Data-Driven Sales Leads Prediction for
Everything-as-a-Service in the Cloud. 2016 IEEE International Conference on Data Science and
Advanced Analytics (DSAA), 557. doi:10.1109/DSAA.2016.83
SurveyMonkey. (2018). It’s all about powering the curious | SurveyMonkey. Retrieved from
https://www.surveymonkey.com/mp/aboutus/?ut_source=footer
158
Szadeczky, T. (2016). Risk management of new technologies. AARMS: Academic & Applied Research
in Military & Public Management Science, 15(3), 279-290. Retrieved from: https://www.uni-
nke.hu/kutatas/egyetemi-folyoiratok/aarms/journal-home
Tajammul, M., & Parveen, R., (2017). Comparative analysis of big ten ISMS standards and their effect
on Cloud computing. (2017). 2017 International Conference on Computing and Communication
Technologies for Smart Nation (IC3TSN), 362. doi:10.1109/IC3TSN.2017.8284506
Tang, C., & Liu, J. (2015). Selecting a trusted Cloud service provider for your SaaS program.
Computers & Security, 5060-73. doi:10.1016/j.cose.2015.02.001
Tang, Y., Wang, L., Yang, L., & Wang, X. (2014). Information security risk assessment method based
on Cloud model. IET Conference Proceedings. The Institution of Engineering & Technology. doi
10.1049/cp.2014.0695
Tanimoto, S., Sato, R., Kato, K., Iwashita, M., Seki, Y., Sato, H., Kanai, A., (2014). A study of risk
assessment quantification in Cloud computing. 17th International Conference on, Network-
Based Information Systems (NBiS), 426. doi:10.1109/NBiS.2014.11
Tisdale, S. M. (2016). Architecting a cybersecurity management framework. Issues in Information
Systems, 17(4), 227. Retrieved from: https://www.iacis.org/iis/iis.php
Togan, M. (2015). Aspects of security standards for Cloud computing. MTA Review, 25(1), 31-44.
Retrieved from: https://www.journal.mta.ro/
Torkura, K., A., Sukmana, M., I., H., Cheng, F., & Meinel, C., (2017). Leveraging Cloud native design
patterns for security-as-a-service applications. 2017 IEEE International Conference on Smart
Cloud, 90. doi:10.1109/SmartCloud.2017.21
159
Trapero, R., Modic, J., Stopar, M., Taha, A., & Suri, N. (2017). A novel approach to manage Cloud
security SLA incidents. Future Generation Computer Systems, 72193-205.
doi:10.1016/j.future.2016.06.004
Trevelyan, E. G., & Robinson, P. N. (2015). Research paper: Delphi methodology in health research:
how to do it? European Journal of Integrative Medicine, 7(Diagnostic Techniques and Outcome
Measures for Integrated Health), 423-428. doi:10.1016/j.eujim.2015.07.002
Tso, F. P., Jouet, S., & Pezaros, D. P. (2016). Network and server resource management strategies for
data centre infrastructures: A survey. Computer Networks, 106, 209-225.
doi:10.1016/j.comnet.2016.07.002
Tunc, C., Hariri, S., Merzouki, M., Mahmoudi, C., de Vaulx, F., Chbili, J., Boh, R., Battou, A., Cloud
Security Automation Framework. (2017). 2017 IEEE 2nd International Workshops on
Foundations and Applications of Self Systems (FASW), 307. doi:10.1109/FAS-W.2017.164
vizardUnited States Small Business Administration. (2017). Table of size standards. Retrieved from
https://www.sba.gov/document/support–table-size-standards
Van Till, S. (2017). Five Cloud-based physical security measures for healthcare organizations. Journal
of Healthcare Protection Management, 33(1), 15-18. Retrieved from:
https://www.iahss.org/page/Journal
Vasiljeva, T., Shaikhulina, S., & Kreslins, K. (2017). Cloud Computing: Business Perspectives, Benefits
and Challenges for Small and Medium Enterprises (Case of Latvia). Procedia
Engineering, 178(RelStat-2016: Proceedings of the 16th International Scientific Conference
Reliability and Statistics in Transportation and Communication October 19-22, 2016. Transport
and Telecommunication Institute, Riga, Latvia), 443-451. doi:10.1016/j.proeng.2017.01.087
160
Viehmann, J., (2014) Risk management for outsourcing to the Cloud: Security risks and safeguards as
selection criteria for extern Cloud services. 2014 IEEE International Symposium on Software
Reliability Engineering Workshops, 293. doi:10.1109/ISSREW.2014.80
Vijayakumar, K., & Arun, C. (2017). Analysis and selection of risk assessment frameworks for Cloud-
based enterprise applications. Biomedical Research. Retrieved from: http://www.biomedres.info/
Vizard, M. (2016). Taking a look inside the AWS Public Cloud. Channel Insider, 1-2. Retrieved from:
https://www.channelinsider.com/cp/bio/Michael-Vizard/
Wakunuma, K., & Masika, R. (2017). Cloud computing, capabilities and intercultural ethics:
Implications for Africa. Telecommunications Policy, 41(ICT developments in Africa –
infrastructures, applications and policies), 695-707. doi:10.1016/j.telpol.2017.07.006
Wang, F., & He, W. (2014). Service strategies of small Cloud service providers: A case study of a small
Cloud service provider and its clients in Taiwan. International Journal of Information
Management, 34406-415. doi:10.1016/j.ijinfomgt.2014.01.007
Wang, Z., Su, X., Diao, Y., Wang, P., & Ge, S. (2015). Study of data security risk relevance about
Cloud computing for small and medium-sized enterprises. Application Research of Computers /
Jisuanji Yingyong Yanjiu, 32(6), 1782-1786. doi:10.3969/j.issn.1001-3695.2015.06.040
Wang, X. V., Wang, L., & Gordes, R. (2018). Interoperability in Cloud manufacturing: a case study on
private Cloud structure for SMEs. International Journal of Computer Integrated Manufacturing,
31(7), 653-663. doi:10.1080/0951192X.2017.1407962
Wang, C., Wood, L. C., Abdul-Rahman, H., & Lee, Y. T. (2016). When traditional information
technology project managers encounter the Cloud: Opportunities and dilemmas in the transition
to Cloud services. International Journal of Project Management, 34, 371-388.
doi:10.1016/j.ijproman.2015.11.006
161
Waterman, M., Noble, J., & Allan, G. (2015). How Much Up-Front? A Grounded theory of Agile
Architecture. 2015 IEEE/ACM 37Th IEEE International Conference on Software Engineering,
347. doi:10.1109/ICSE.2015.54
Weintraub, E., & Cohen, Y. (2016). Security risk assessment of Cloud computing services in a
networked environment. International Journal of Advanced Computer Science and Applications,
7(11) 79-90. doi:10.14569/IJACSA.2016.071112
Wiesche, M., Jurisch, M. C., Yetton, P. W., & Krcmar, H. (2017). Grounded theory methodology in
information sciences research. MIS Quarterly, 41(3), 685-A9. Retrieved from:
https://www.misq.org/
Wilson, A., & Wilson, C. (2011). The effects of U.S. government security regulations on the
cybersecurity professional. Allied Academies International Conference: Proceedings of The
Academy of Legal, Ethical & Regulatory Issues (ALERI), 15(2), 5-12. Retrieved from:
http://www.alliedacademies.org/affiliate-academies-aleri.php
Wu, X., Chen, B., & Weng, J. (2016). Reversible data hiding for encrypted signals by homomorphic
encryption and signal energy transfer. Journal of Visual Communication and Image
Representation, 41, 58-64. doi:10.1016/j.jvcir.2016.09.005
Yimam, D., Fernandez, E., B., Building compliance and security reference architectures (CSRA) for
Cloud Systems. (2016). 2016 IEEE International Conference on Cloud Engineering (IC2E), ic2e,
147. doi:10.1109/IC2E.2016.16
Younis, Y., Kifayat, K., & Merabti, M. (2014). An access control model for Cloud computing. Journal
of Information Security and Applications, 19, 45-60. doi:10.1016/j.jisa.2014.04.003
162
Yu, Y., Li, M., Li, X., Zhao, J. L., & Zhao, D. (2018). Effects of entrepreneurship and IT fashion on
SMEs’ transformation toward Cloud service through mediation of trust. Information &
Management, 55(2), 245-257
Zong-you, D., Wen-long, Z., Yan-an, S., & Hai-too W., (2017) The application of Cloud matter —
Element in information security risk assessment. 2017 3rd International Conference on
Information Management (ICIM), 218. doi:10.1109/INFOMAN.2017.7950379
Zibouh, O., Dalli, a., & Drissi, H. (2016). Cloud computing security through parallelizing fully
homomorphic encryption applied to multi-Cloud approach. Journal of Theoretical & Applied
Information Technology, 87(2), 300. Retrieved from https://www.jatit.org/
Zissis, D., & Lekkas, D. (2012). Addressing Cloud computing security issues. Future Generation
Computer Systems, 28, 583-592. doi:10.1016/j.future.2010.12.006
163
Appendix A Survey Answers Aggregate
Table 1
Survey 1, Q6: What types of SMEs have you performed or been involved in risk assessments
for? Please select all that apply.
Answer Choices Responses Count
Primary (mining, farming,
fishing, etc)
20% 4
Secondary (manufacturing) 25% 5
Tertiary (service, teaching,
nursing, etc)
25% 5
Quaternary 75% 15
Other 20% 4
Any additional comments (We
want your expertise)?
20% 4
164
Table 2.
Survey 1, Q7: What types of risk assessments have you been involved with? Please select all that
apply.
Answer Choices Responses Count
Financial 50% 10
IT (Information Technology) 95% 19
Cloud computing 65% 13
Internal 70% 14
External 80% 16
Qualitative 50% 10
Quantitative 40% 8
Other 10% 2
Any additional comments (We
want your expertise)
0% 0
165
Table 3.
Survey 1, Q8: For SMEs that are planning to adopt Cloud computing, do you see SMEs adopting
IT related frameworks (partially or completely)?
Answer Choices Responses Count
Yes 85% 17
No 15% 30
166
Table 4.
Survey 1. Q9: What IT related frameworks (partially or completely) do you see SMEs adopting?
Answer Choices Response
s
Count
COBIT (Control Objectives for Information and Related
Technologies)
61.11% 11
ITIL (formerly Information Technology Infrastructure Library) 61.11% 11
TOGAF (The Open Group Architecture Framework for enterprise
architecture)
27.78% 5
ISO/IEC 38500 (International Organization for
Standardization/International Electrotechnical Commission Standard
for Corporate Governance of Information Technology)
61.11% 11
COSO (Committee of Sponsoring Organizations of the Treadway
Commission)
38.89% 7
Other 16.67% 3
167
Table 5.
Survey 1, Q10: For SMEs that are planning to adopt Cloud computing, do you see SMEs using
IT security control standards?
Answer Choices Response
s
Count
Yes 95% 19
No 5% 1
168
Table 6.
Survey 1, Q11: What IT security control standards do you see SMEs using? Please select the
standards from the list below.
169
Answer Choices Response
s
Count
CIS (Center for Internet Security) top 20 controls 52.63% 10
NIST SP 800-53 (National Institute of Standard and Technology
Special Publication 800-53 Security and Privacy Controls for
Information Systems and Organizations)
84.21% 16
NIST Cybersecurity Framework (National Institute of Standard and
Technology)
84.21% 16
ISO/IEC 27001 (International Organization for
Standardization/International Electrotechnical Commission
Information Security Management Systems)
73.68% 14
IEC 62443 (International Electrotechnical Commission Industrial
Network and System Security)
5.26% 1
ENISA NCSS (European Union Agency for Network and
Information Security National Cyber Security Strategies)
15.79% 3
HIPAA (Health Insurance Portability and Accountability Act) 78.95% 15
PCI-DSS (Payment Card Industry Data Security Standard) 68.42% 13
GDPR (General Data Protection Regulation) 78.95% 15
Other 5.26% 1
170
Table 7.
Survey 1, Question 12: Have you seen Cloud security configuration baselines used by SMEs?
Answer Choices Response
s
Count
Yes 84.21% 16
No 15.79% 3
171
Table 8.
Survey 1, Q 13: What Cloud security configuration baselines have you seen used by SMEs?
Please select all that apply.
Answer Choices Response
s
Count
DoD Cloud Security requirements guides (Department of Defense) 62.5% 10
DISA/IASE Security requirements guide (Defense Information
Systems Agency Information Assurance Support Environment)
56.25% 9
CSA Cloud security guidance (Cloud Security Alliance) 31.25% 5
FedRAMP Cloud security baselines (Federal Risk and Authorization
Management Program)
68.75% 11
AWS SbD (Amazon Web Services Security by Design) 50% 8
CIS Cloud baselines (Center for Internet Security) 50% 8
Other 0% 0
172
Table 9.
Survey 1, Q14: Do you see any non-technical areas of concern when SMEs are contemplating
Cloud adoption?
Answer Choices Response
s
Count
Yes 100% 20
No 0% 0
173
Table 10.
Survey 1, Q15: What non-technical areas of concern do you see when SMEs are contemplating
Cloud adoption?
Answer Choices Response
s
Count
Governance 80% 16
Business Process 85% 17
Financial (non-technical) 70% 14
Privacy 85% 17
Legal 55% 11
Other 15% 3
Any additional comments (We want your expertise)? 15% 3
174
Table 11.
Survey 1, Q16: Do you see any IT (not security) areas of concern for SMEs as they adopt Cloud
computing?
Answer Choices Response
s
Count
Yes 100% 20
No 0% 0
175
Table 12.
Survey 1, Q17: What IT (non-security) areas of concern do you see for SMEs as they adopt
Cloud computing? Please select all areas of concern that you have seen.
Answer Choices Response
s
Count
Backup and Restore 60% 12
IT Audit Results 75% 15
Transition Process to Cloud 100% 20
Type of Cloud to use IaaS (Infrastructure as a Service), PaaS
(Platform as a service), SaaS (Software as a service)
70% 14
IT Team Knowledge and Skills 75% 15
Network Path to Cloud (redundant paths, multiple Internet service
providers)
65% 13
Cost 55% 11
Psychological Barriers/Concerns 50% 10
Other 0% 0
Other (please specify) 5% 1
176
Table 13.
Survey 1, Q18: Do you see SMEs adopting Cloud security controls?
Answer Choices Response
s
Count
Yes 95% 19
No 5% 1
177
Table 14.
Survey 1, Q 19: What Cloud security controls do you see SMEs adopting? Please select all
Cloud security controls that you have seen.
178
Answer Choices Response
s
Count
Data storage 68.42% 13
VMs (Virtual Machines) 57.89% 11
Micro services (Docker, Kubernetes, etc.) 31.58% 6
Networks 52.63% 10
Virtual security devices (for example; virtual Firewalls or Amazon
Web Services (AWS) security groups)
73.68% 14
Physical security devices (for example; a Hardware Security Module
(HSM))
57.89% 11
CASB (Cloud Access Security Broker) 21.05% 4
Encryption at rest 78.95% 15
Encryption in transit 89.47% 17
Encryption during compute (homomorphic encryption) 31.58% 6
Backup 52.63% 10
SecaaS (Security as a Service) 31.58% 6
SecSLA (Security Service Level Agreement) 15.79% 3
IAM (Identity and Access Management) 63.16% 12
MultiCloud 15.79% 3
179
Other 0% 0
Table 15.
Survey 1, Q20: Have you seen specific recommendations made to SMEs regarding Cloud
computing adoption.
Answer Choices Response
s
Count
Yes 75% 15
No 25% 5
180
Table 16.
Survey 1, Q21: What specific recommendations have you seen made to SMEs regarding Cloud
computing adoption? Please select all recommendations that you have seen.
Answer Choices Response
s
Count
Accept CSP’s (Cloud Service Provider) attestations such as SAS 70
(Statement of Auditing Standards #70) as proof of compliance
73.33% 11
Accept CSP’s (Cloud Service Provider) SLAs (Service Level
Agreement) or SecSLAs (Security Service Level Agreement)
60% 9
Outsource or contract Cloud operations 80% 12
Do not adopt Cloud 0% 0
Partial Cloud adoption (for example: no sensitive data allowed in
Cloud)
73.33% 11
Other 6.67% 1
181
Survey Two
Table 17.
Survey 2, Q6: How well defined is the term Cloud? Do you see a distinction in the risk analysis
and auditing between the terms below? Please select all that apply.
Answer Choices Response
s
Count
Distinction between colocation and Cloud. 73.91% 17
Distinction between IaaS (Infrastructure as a Service) and cPanel
controlled hosting.
47.83% 11
Distinction between VMware environment and a private Cloud. 56.52% 13
PaaS (Platform as a Service) and SaaS (Software as a Service). 82.61% 19
Other 0% 0
182
Table 18.
Survey 2, Q7: Most SMEs have Cloud operations in progress. Which scenarios have you seen
and which have you seen audited by the SMEs? Please select all that apply.
Answer Choices Response
s
Count
Shadow IT. Cloud spending not officially budgeted, audited, or
documented.
69.57% 16
Test or development environments in Cloud. 65.22% 15
SMEs auditing and securing Cloud test or development
environments.
39.13% 9
One off solutions. For example; a business group using DropBox for
its own files.
52.17% 12
SMEs auditing and securing one off solutions. 39.13% 9
Business group or team using non-standard CSP. For example; SME
has picked AWS but enterprise exchange team is using Azure.
43.48% 10
SMEs auditing and securing non-standard CSP. 30.43% 7
Other. 4.35% 1
183
Table 19.
Survey 2, Q8: When starting to plan a transition to a Cloud environment, what have you seen
SMEs start with before risk assessments or collections of requirements? Please select all that
apply.
Answer Choices Response
s
Count
Choice of CSP (Cloud service provider). 86.96% 20
Choice of infrastructure such as IaaS (Infrastructure as a Service),
PaaS (Platform as a Service), or SaaS (Software as a Service).
69.57% 16%
Choice of IT framework such as COBIT, ITIl, or ISO/IEC 38500. 30.43% 7%
Choice of security control standards such as NIST SP 800-53 or
CSF, HIPAA, or PCI-DSS.
47.83% 11
Choice of Cloud security baselines such as FedRAMP, CIS, or CSA. 47.83% 11
Automation tools such as DevOps or SecDevOps. 26.09% 6
Other 4.35% 1
184
Table 20.
Survey 2, Q9: Do you see SMEs effectively plan their Cloud usage and growth? Please select all
that apply.
Answer Choices Response
s
Count
The SME has a unified plan for their Cloud transition including
auditing and documenting the process.
4.76% 1
The SME has previously adopted Cloud tools and environments as
solutions to single problems. For example; a business group has
adopted Google Docs to share documents.
57.14% 12
The SME views Cloud solutions as solutions to single problems. 33.33% 7
The SME has a Cloud audit team or subject matter expert. 47.62% 10
The SME has separate controls for Cloud environments. 42.86% 9
The SME has BC / DR plans for CSP failures. 33.33% 7
The SME has security procedures for transferring data from on-
premises to Cloud environment.
38.10% 8
The SME moves IT infrastructure to CSPs as servers, IT equipment,
or data centers reach end of life or leases expire.
66.67% 14
Other. 0% 0
185
Table 21.
Survey 2, Q10: 100% of respondents to Survey 1 have seen recommendations to outsource the
transition to a Cloud environment. Which portions of a transition to a Cloud environment have
you seen recommended to be outsourced? Please select all that apply.
Answer Choices Response
s
Count
Entire transition including choice of CSP (Cloud Service Provider),
type of virtual environment, and transfer of data.
15.79% 3
Selecting CSP and type of infrastructure such as IaaS, PaaS, or
SaaS.
47.37% 9
Creating and executing data transfer plan to Cloud environment. 68.42% 13
Creating and executing security controls in Cloud environment. 42.11% 8
Managed or professional services including ongoing management of
SME data and IT operations.
73.68% 14
Managed security services including scheduled audits or penetration
testing.
42.11% 8
Other. 0% 0
186
Table 22.
Survey 2, Q11: Most survey 1 respondents identified a lack of current SME IT staff expertise
and/or desire as an issue in transition to the Cloud. Are there specific staff issues that you have
seen? Please select all that apply.
Answer Choices Response
s
Count
IT staff not sized appropriately. 89.47% 17
Budget for IT staff training in Cloud environments is lacking. 78.95% 15
IT staff resistant to transition to Cloud environments. 63.16% 12
Governance or management structure not adequate for transition to
Cloud environments, For example; IT is a silo and makes its own
decisions.
78.95% 15
SME business structure or processes not conducive to Cloud
operations. For example; each business unit has distinct IT staff and
IT budget.
63.16% 12
Other 5.26% 1
187
Table 23.
Survey 2, Q12: What solutions have you seen SMEs use to remedy a lack of staff Cloud
training? Please select all that apply.
Answer Choices Response
s
Count
Internal ad-hoc training. For example; a CSP account for staff use. 57.89% 11
General Cloud and Cloud security training courses. For example;
SANS courses.
36.84% 7
Specific CSP training. For example; AWS architect training. 42.11% 8
Hiring of additional personnel. 42.11% 8
Outsourcing Cloud related work to a third party. 73.68% 14
Hiring consultants or professional services to complement SME
staff.
78.95% 15
Other. 0% 0
188
Table 24.
Survey 2, Q13: Survey 1 respondents listed a variety of non-IT related concerns with a transition
to a Cloud environment. Which concerns have you seen outsourced and risk assessed by SMEs?
Please select all that apply.
189
Answer Choices Response
s
Count
Privacy. 38.89% 7
Outsourced privacy procedures risk assessed by SMEs. 33.33% 6
Legal. 44.44% 8
Outsourced legal procedures risk assessed by SMEs. 38.89% 7
Governance. 33.33% 6
Outsourced governance procedures risk assessed by SMEs. 27.78% 5
Business process. 44.44% 8
Outsourced business process procedures risk assessed by SMEs. 27.78% 5
Business continuity / Disaster recovery. 44.44% 8
Outsourced BC / DR procedures risk assessed by SMEs. 11.11% 2
Risk assessment. 44.44% 8
Outsourced risk assessment procedures risk assessed by SMEs. 38.89% 7
Outsourced other procedures risk assessed by SMEs. 33.33% 6
Other. 5.56% 1
190
Table 25.
Survey 2, Q14: What are the important factors for a SME when choosing a CSP? Please select all
that apply.
Answer Choices Response
s
Count
Cost. 80% 16
East of use. 60% 12
Auditing and logging capabilities. 60% 12
Security tools. 60% 12
Automation tools (DevOps, SecDevOps). 50% 10
Stability and reliability. 80% 16
Professional or management services. 30% 6
Industry specific tools. For example: For example a CSP that
specializes in HIPAA or PCI-DSS controls.
30% 6
SME IT team familiarity with CSP tools. For example: a MS
Windows IT shop selecting Azure as a CSP.
35% 7
Other. 5% 1
191
Table 26.
Survey 2, Q 15: Which CSPs have you seen used by SMEs? Please select all that apply.
192
Answer Choices Response
s
Count
AWS (Amazon Web Services) 94.74% 18
Microsoft Azure 68.42% 13
Google Cloud platform 47.37% 9
IBM Cloud 42.11% 8
Rackspace 21.05% 4
GoDaddy 10.53% 2
Verizon Cloud 15.79% 3
VMware 52.63% 10
Oracle Cloud 21.05% 4
1&1 5.26% 1
Digital Ocean 10.53% 2
MageCloud 0% 0
InMotion 0% 0
CloudSigma 0% 0
Hyve 0% 0
Ubiquity 0% 0
Hostinger 0% 0
193
Togglebox 0% 0
Alantic.net 0% 0
Navisite 0% 0
Vultr 0% 0
SIM-Networks 0% 0
GigeNet 0% 0
VEXXHOST 0% 0
E24Cloud 0% 0
ElasticHosts 0% 0
LayerStack 0% 0
Other 5.26% 1
194
Table 27.
Survey 2, Q16: Many SMEs use several different Cloud based IT tools. Which tools have you
seen in use, and have you seen them audited? Please select all that apply.
195
Answer Choices Response
s
Count
Cloud email. For example; Gmail. 72.22% 13
Cloud file storage. For example DropBox. 61.11% 11
Cloud office applications. For example o365 55.56% 10
Cloud chat / communications. For example; Slack. 55.56% 10
Cloud file storage audited by SME. 38.89% 7
Cloud CDN (content delivery network). For example; Akamai. 38.89% 7
Email audited by SME. 33.33% 6
Cloud CRM. For example; Salesforce. 33.33% 6
Cloud office applications audited by SME. 22.22% 4
Cloud chat / communications audited by SME. 16.67% 3
Cloud based backup. For example; Zetta. 16.67% 3
Cloud based backup audited by SME. 11.11% 2
Web hosting. For example; GoDaddy. 11.11% 2
Cloud CDN audited by SME. 11.11% 2
Cloud CRM audited by SME. 5.56% 1
Other 5.56% 1
Other audited by SME. 0% 0
196
197
Survey 3
Table 28.
Survey 3, Q6: Have you seen SMEs adapt their risk assessment process for Cloud environments
in any of the following ways? Please select all that apply.
Answer Choices Response
s
Count
Adding Cloud experts to the audit team. 61.11% 11
Outsourcing Cloud audits or risk assessments. 77.78% 14
Break Cloud audits into smaller processes. 33.33% 6
Limit Cloud audits or risk assessments to CSP attestations. 22.22% 4
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
198
Table 29.
Survey 3, Q7: Have you seen SMEs change how they identify and describe hazards in a Cloud
risk assessment in the ways listed below? Please select all that apply.
Answer Choices Response
s
Count
New hazards specific to CSP, infrastructure, platform, or service are
included.
70.59% 12
New hazards based on the network path between on-premises and
CSP are included.
41.18% 7
New hazards based on specific differences between on-premises and
CSP environments are included.
41.18% 7
No new hazards are included, existing on-premises definitions used. 17.65% 3
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
199
Table 30.
Survey 3, Q8: Do you see the results of Cloud environment risk assessments and audits changing
the way SMEs conduct business in a meaningful way as per the choices below? Please select all
that apply.
Answer Choices Response
s
Count
Large IT budget reductions. 17.65% 3
Large IT budget increases. 35.29% 6
Changes in risk mitigation costs or procedures. 82.35% 14
Changes in risk avoidance costs or procedures. 64.71% 11
Changes in risk transference costs or procedures. 47.06% 8
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
200
Table 31.
Survey 3, Q9: When deciding who might be harmed and how, do you see SMEs including new
Cloud based factors such as those listed below? Please select all that apply.
Answer Choices Response
s
Count
National or international norms based on where the CSP is based or
operates?
29.41% 5
National or international norms based on where the SME is based or
operates?
17.65% 3
Specific legal requirements for data such as GDRP. 52.94% 17
201
Table 32.
Survey 3, Q10: When assessing risk of Cloud environments, do you see SMEs changing their
process in the ways listed below? Please select all that apply.
Answer Choices Response
s
Count
Using CSP recommended practices 55.56% 10
Using any IT governance frameworks not previously used by the
SME.
61.11% 11
Using any IT controls not previously used by the SME. 77.78% 14
Using any Cloud security control guides not previously used by the
SME.
61.11% 11
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
202
Table 33.
Survey 3, Q11: Who do you see SMEs assigning risk ownership t regarding Cloud
environments? Please select all that apply.
Answer Choices Response
s
Count
SME IT team. 0% 0
SME security team. 33.33% 6
3rd party. 11.11% 2
Business owner 38.89% 7
SME does not change risk ownership procedures. 16.67% 3
203
Table 34.
Survey 3, Q12: When identifying controls to reduce risk in Cloud environments, do you see
SMEs changing their process in the ways listed below? Please select all that apply.
Answer Choices Response
s
Count
Primarily relying on CSP provided controls. 50% 9
Adapting new controls from any IT governance frameworks. 77.78% 14
Using any new non-Cloud specific IT security controls. 22.22% 4
Using any Cloud security control guides 66.67% 12
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
204
Table 35.
Survey 3, Q 13: Once controls have been identified for the SME’s environment, what effect do
they have on existing SME IT controls? Please select all that apply.
Answer Choices Response
s
Count
New Cloud controls are kept separate from existing control
catalogues.
35.29% 6
New Cloud controls are combined with existing controls to form
larger control catalogues.
64.71% 11
New Cloud controls promise to replace or reduce existing control
catalogues spurring increased Cloud transitions.
17.65% 3
New Cloud controls appear onerous and reduce Cloud transitions
due to increased difficulty.
5.88% 1
Other (Please describe) or any additional comments (We want your
expertise)?
5.88% 1
205
Table 36.
Survey 3, Q14: Have you seen Cloud risk assessments change other previously completed SME
risk assessments in the ways listed below? Please select all that apply.
Answer Choices Response
s
Count
Previous risk assessments changed because of CSP location. 6.25% 1
Previous risk assessments changed because of new legal or
regulatory requirements based on Cloud usage.
37.50% 6
Previous risk assessments changed because of new financial
requirements based on Cloud usage.
6.25% 1
Previous risk assessments changed because of new insurance
requirements based on Cloud usage.
6.25% 1
Previous risk assessments changed because of new market
requirements based on Cloud usage.
0% 0
Previous risk assessments changed because of new operational
requirements based on Cloud usage.
37.5% 6
Previous risk assessments changed because of new strategic
requirements based on Cloud usage.
6.25% 1
Other (Please describe) or any additional comments (We want your
expertise)?
0% 0
206
Table 37.
Survey 3, Q15: Cloud transitions almost always promise cost saving and Cloud operations
usually require less effort than on-premise IT operations. Cloud transitions, however, increase
the risk and audit team’s responsibilities, knowledge and skills requirements. How do you see
SMEs changing their risk and audit teams to adapt to Cloud environments? Please select all that
apply.
Answer Choices Responses Count
Increase size and budget of risl and audit teams. 41.18% 7
Reorganize or change structure of risk and audit teams 64.71% 11
Increase outsourcing or use of consultants to perform Cloud risk and
audit duties.
47.06% 8
Increase workload of existing risk and audit teams. 76.47% 13
207
Appendix B Survey one individual answers
Table 38
Survey One, Question One.
208
My name is Matthew Meersman. I am a doctoral student at Northcentral University. I am
conducting a research study on Cloud computing risk assessments for Small to Medium sized
enterprises (SMEs). I am completing this research as part of my doctoral degree. Your
participation is completely voluntary. I am seeking your consent to involve you and your
information in this study. Reasons you might not want to participate in the study include a lack
of knowledge in Cloud computing risk assessments. You may also not be interested in Cloud
computing risk assessments. Reasons you might want to participate in the study include a desire
to share your expert knowledge with others. You may also wish to help advance the field of
study on Cloud computing risk assessments. An alternative to this study is simply not
participating. I am here to address your questions or concerns during the informed consent
process via email. This is not an ISACA sponsored survey so there will be no CPEs awarded for
participation in this survey. PRIVATE INFORMATION Certain private information may be
collected about you in this study. I will make the following effort to protect your private
information. You are not required to include your name in connection with your survey. If you
do choose to include your name, I will ensure the safety of your name and survey by maintaining
your records in an encrypted password protected computer drive. I will not ask the name of your
employer. I will not record the IP address you use when completing the survey. Even with this
effort, there is a chance that your private information may be accidentally released. The chance is
small but does exist. You should consider this when deciding whether to participate. If you
participate in this research, you will be asked to:1. Participate in a Delphi panel of risk experts by
answering questions in three web-based surveys. Each survey will contain twenty to thirty
questions and should take less than twenty minutes to complete. Total time spent should be one
hour over a period of approximately six to eight weeks. A Delphi panel is where I ask you risk
209
experts broad questions in the first survey. In the second survey I ask you new questions based
on what you, as a group, agreed on. I do the same thing for the third round. By the end, your
expert judgement may tell us what works in Cloud risk assessments.Eligibility: You are eligible
to participate in this research if you: 1. Are an adult over the age of eighteen. 2. Have five or
more years of experience in the IT risk field.You are not eligible to participate in this research if
you: 1. Under the age of eighteen. 2. If you have less than five years of experience in the IT risk
field. I hope to include twenty to one hundred people in this research. Because of word limits in
Survey Monkey questions you read and agree to this page and the next page to consent to this
study.
Respondent
ID Response
10491254797 Agree
10490673669 Agree
10487064183 Agree
10485140823 Agree
10484829239 Agree
10484680154 Agree
10484537295 Agree
10475221052 Agree
10475220285 Agree
10471701090 Agree
10471688387 Agree
10471530810 Agree
10448076199 Agree
10447785436 Agree
10445940900 Agree
10431943351 Agree
10431854058 Agree
10427699337 Agree
10417386813 Agree
10412337046 Agree
10407510054 Agree
10407305328 Agree
10407277615 Agree
210
10402182952 Agree
Table 39
Survey One, Question Two.
Part 2 of the survey confidentiality agreement Risks: There are minimal risks in this
study. Some possible risks include: a third party figuring out your identity or your employer’s
identity if they are able to see your answers before aggregation of answers takes place.To
decrease the impact of these risks, you can skip any question or stop participation at any
time.Benefits: If you decide to participate, there are no direct benefits to you.The potential
benefits to others are: a free to use Cloud computing risk assessment tool. Confidentiality: The
information you provide will be kept confidential to the extent allowable by law. Some steps I
will take to keep your identity confidential are; you are not required to provide your name or
your employer’s name. I will not record your IP address.The people who will have access to your
information are myself, and/or, my dissertation chair, and/or, my dissertation committee. The
Institutional Review Board may also review my research and view your information.I will secure
your information with these steps: Encrypting all data received during this study during storage.
There will be no printed copies. There will be one copy of the data stored on an encrypted thumb
drive that is stored in my small home safe. There will be one copy of the data stored as an
encrypted archive in my personal Google G Drive folder.I will keep your data for 7 years. Then,
I will delete the electronic data in the G Drive folder and destroy the encrypted thumb drive.
Contact Information: If you have questions for me, you can contact me at: 202-798-3647 or
[email protected] dissertation chair’s name is Dr. Smiley. He works at
Northcentral University and is supervising me on the research. You can contact him at:
[email protected] or 703.868.4819If you contact us you will be giving us information like your
211
phone number or email address. This information will not be linked to your responses if the
study is anonymous.If you have questions about your rights in the research, or if a problem has
occurred, or if you are injured during your participation, please contact the Institutional Review
Board at: [email protected] or 1-888-327-2877 ext 8014. Voluntary Participation: Your participation
is voluntary. If you decide not to participate, or if you stop participation after you start, there
will be no penalty to you. You will not lose any benefit to which you are otherwise
entitled.Future ResearchAny information or specimens collected from you during this research
may not be used for other research in the future, even if identifying information is removed.
AnonymityThis study is anonymous, and it is not the intention of the researcher to collect your
name. However, you do have the option to provide your name voluntarily. Please know that if
you do, it may be linked to your responses in this study. Any consequences are outside the
responsibility of the researcher, faculty supervisor, or Northcentral University. If you do wish to
provide your name, a space will be provided. Again, including your name is voluntary, and you
212
can continue in the study if you do not provide your
name.________________________________ (Your Signature only if you wish to sign)
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 Yes
10475220285 No
10471701090 Yes
10471688387 No
10471530810 No
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
10412337046 Yes
10407510054 No
10407305328 Yes
10407277615 Yes
10402182952 Yes
213
Table 40
Survey One, Question Three.
Are you between the ages of 18 to 65?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 Yes
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 Yes
10402182952 Yes
214
Table 41
Survey One, Question Four
Do you have 5 or more years in the risk field (please include any postgraduate education)?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 Yes
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 Yes
10402182952 Yes
Table 42
Survey One, Question Five
For this study we define small to medium enterprises (SMEs) by the European Commission
guidelines: Small (15 million or less in annual revenue) to medium (60 million or less in annual
revenue) sized enterprises that are not subsidiaries of large enterprises or governments, or wholly
215
or partially supported by large enterprises or governments. Please remember that you are free to
not answer any of the following questions that you wish. If a question is asking for information
you do not wish to share, do not answer it.
Respondent ID Response
10491254797 Agree
10490673669 Agree
10487064183 Agree
10485140823 Agree
10484829239 Agree
10484680154 Agree
10484537295 Agree
10475221052 Agree
10475220285 Null
10471701090 Agree
10471688387 Null
10471530810 Null
10448076199 Agree
10447785436 Agree
10445940900 Agree
10431943351 Agree
10431854058 Agree
10427699337 Agree
10417386813 Agree
10412337046 Agree
10407510054 Null
10407305328 Agree
10407277615 Agree
10402182952 Agree
216
Table 43
Survey One, Question Six.
What types of SMEs have you performed or been involved in risk assessments for? Please select
all that apply:
217
Respondent
ID
Primary
(mining,
farming,
fishing,
etc)
Secondary
(manufacturing)
Tertiary
(service,
teaching,
nursing,
etc)
Quaternary
(IT, research,
and
development,
etc) Other
Any additional
comments (We want
your expertise)?
10491254797 Yes Yes
10490673669 Yes
10487064183 Yes Yes Yes Yes Yes
10485140823 Yes
10484829239 Yes Yes
10484680154 Yes
10484537295
Primary – Info Tech
Secondary –
Intellectual
PropertyR&D
Tertiary –
MediaEntertainment
Quaternary –
Manufacturing
10475221052 Yes
10475220285
10471701090 Yes Yes Yes
10471688387
10471530810
10448076199 Yes Yes Yes
10447785436 Yes
10445940900 Yes Yes Yes
10431943351 Yes Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
performing risk
assessments and
setting up a program
from scratch
10412337046 Yes
10407510054
218
10407305328 Yes
Your question is
unclear. I have
performed risk
assessments over a
24 year period across
17 different
industries, including
1) Entertainment &
Media, 2)
Technology, 3)
Financial Services –
Banks, 5) Financial
Services –
Broker/Dealers, 6)
Hospitality, 7)
Manufacturing, 8)
Retail, 9) Higher
Education, 10) Non-
Profit, 11)
Telecommunications,
12) Transportation
and Logistics, 13)
Healthcare, 14)
Pharmaceuticals, 15)
Mining, 16)
Financial Sevices –
Insurance, 17)
Financial Services –
Mortgage Banking
10407277615 Yes Federal Government
10402182952 Yes Yes
219
Table 44
Survey One, Question Seven.
What types of risk assessments have you been involved with? Please select all that apply:
220
Responde
nt ID
Finan
cial
IT
(Informa
tion
Technol
ogy)
Cloud
comput
ing
Inter
nal
Exter
nal
Qualitat
ive
Quantita
tive
Oth
er
Any
additio
nal
comme
nts (We
want
your
expertis
e)?
10491254
797 Yes Yes Yes Yes Yes Yes Yes
10490673
669 Yes Yes
10487064
183 Yes Yes Yes Yes Yes Yes Yes
10485140
823 Yes Yes Yes Yes Yes
10484829
239 Yes
10484680
154 Yes Yes
10484537
295 Yes Yes Yes Yes Yes Yes
10475221
052 Yes Yes Yes Yes Yes
10475220
285
10471701
090 Yes Yes Yes Yes
10471688
387
10471530
810
10448076
199 Yes Yes Yes Yes Yes Yes
10447785
436 Yes Yes Yes
10445940
900 Yes Yes Yes Yes Yes Yes Yes Yes
10431943
351 Yes Yes Yes Yes Yes
10431854
058 Yes Yes Yes Yes
10427699
337 Yes Yes
221
10417386
813 Yes Yes Yes Yes Yes
10412337
046 Yes Yes Yes Yes
10407510
054
10407305
328 Yes Yes Yes Yes Yes Yes Yes
10407277
615 Yes Yes Yes
10402182
952 Yes Yes Yes Yes Yes Yes
222
Table 44
Survey One, Question Eight.
What IT related frameworks (partially or completely) do you see SMEs adopting?
223
Respond
ent ID
COBIT
(Control
Objective
s for
Informati
on and
Related
Technolo
gies)
ITIL
(formerl
y
Informat
ion
Technol
ogy
Infrastru
cture
Library)
TOGAF
(The
Open
Group
Archite
cture
Framew
ork for
enterpri
se
architec
ture)
ISO/IEC 38500
(International
Organization for
Standardization/Int
ernational
Electrotechnical
Commission
Standard for
Corporate
Governance of
Information
Technology)
COSO
(Commit
tee of
Sponsori
ng
Organiza
tions of
the
Treadwa
y
Commiss
ion)
Oth
er
Any
addition
al
commen
ts (We
want
your
expertise
)?
1049125
4797 Yes Yes Yes
Ye
s
1049067
3669 Yes
1048706
4183 Yes
1048514
0823 Yes
Ye
s
FISMA /
NIST
and
FedRA
MP are
also
consider
ed to be
framewo
rks and
are
probably
the most
widely
enforced
standard
s
1048482
9239 Yes Yes Yes
1048468
0154 Yes
1048453
7295 Yes
1047522
1052
224
1047522
0285
1047170
1090 Yes Yes Yes
1047168
8387
1047153
0810
1044807
6199 Yes Yes
1044778
5436 Yes
1044594
0900 Yes Yes Yes Yes Yes
1043194
3351 Yes Yes Yes
1043185
4058 Yes Yes Yes
1042769
9337 Yes Yes Yes Yes Yes
1041738
6813
1041233
7046 Yes
1040751
0054
1040730
5328 Yes Yes Yes Yes Yes
Ye
s
NIST
800-53
and
other
NIST
framewo
rks
1040727
7615 Yes Yes Yes
1040218
2952 Yes Yes Yes
COBIT
l, COSO,
and ITIL
are used
in SME
environ
ments in
Europe
and the
Middle
East.
225
Table 46
Survey One, Question Nine.
For SMEs that are planning to adopt Cloud computing, do you see SMEs using IT security
control standards?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 No
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 Yes
10402182952 Yes
226
Table 47
Survey One, Question Ten.
What IT security control standards do you see SMEs using? Please select the standards from the
list below.
227
Resp
onde
nt ID
CIS
(Ce
nter
for
Inte
rnet
Sec
urit
y)
top
20
con
trol
s
NIST
SP
800-
53
(Nati
onal
Instit
ute of
Stand
ard
and
Techn
ology
Speci
al
Publi
cation
800-
53
Secur
ity
and
Priva
cy
Contr
ols
for
Infor
matio
n
Syste
ms
and
Organ
izatio
ns)
NIST
Cybe
rsecu
rity
Fram
ewor
k
(Nati
onal
Instit
ute of
Stand
ard
and
Tech
nolog
y)
ISO/IEC
27001
(Internation
al
Organizatio
n for
Standardiza
tion/Internat
ional
Electrotech
nical
Commissio
n
Information
Security
Managemen
t Systems)
IEC
62443
(Intern
ational
Electr
otechn
ical
Comm
ission
Indust
rial
Netwo
rk and
Syste
m
Securi
ty)
ENI
SA
NCS
S
(Eur
opea
n
Unio
n
Age
ncy
for
Net
wor
k
and
Infor
mati
on
Secu
rity
Nati
onal
Cyb
er
Secu
rity
Strat
egie
s)
HIPA
A
(Healt
h
Insura
nce
Porta
bility
and
Acco
untabi
lity
Act)
PCI
–
DS
S
(Pa
ym
ent
Car
d
Ind
ustr
y
Dat
a
Sec
urit
y
Sta
nda
rd)
GDP
R
(Gen
eral
Data
Prot
ectio
n
Reg
ulati
on)
O
th
er
Any
additi
onal
com
ments
(We
want
your
exper
tise)?
1049
1254
797 Yes Yes Yes Yes Yes Yes Yes
1049
0673
669 Yes Yes Yes Yes Yes
1048
7064
183 Yes Yes Yes Yes Yes Yes Yes
Y
es
228
1048
5140
823 Yes Yes Yes Yes
1048
4829
239 Yes Yes Yes Yes Yes
1048
4680
154 Yes Yes Yes Yes
1048
4537
295 Yes Yes Yes Yes
1047
5221
052
1047
5220
285
1047
1701
090 Yes Yes Yes Yes Yes
1047
1688
387
1047
1530
810
1044
8076
199 Yes Yes Yes Yes Yes Yes Yes
1044
7785
436 Yes Yes Yes Yes Yes Yes Yes
1044
5940
900 Yes Yes Yes Yes Yes Yes Yes Yes Yes
1043
1943
351 Yes Yes Yes Yes Yes
1043
1854
058 Yes Yes Yes Yes Yes
SSAE
18 –
SOC
2
1042
7699
337 Yes Yes Yes Yes
229
1041
7386
813 Yes Yes Yes Yes Yes
1041
2337
046 Yes Yes Yes Yes
1040
7510
054
1040
7305
328 Yes Yes Yes Yes Yes Yes Yes
DHS
–
Cyber
Resili
ency
Fram
ewor
k
(CRR
)
1040
7277
615 Yes Yes Yes
230
1040
2182
952 Yes Yes Yes Yes Yes Yes
SMEs
will
apply
the
stand
ard
most
releva
nt in
the
US to
win
new
busin
ess to
meet
contr
actual
condi
tions
and
apply
other
int’l/
Europ
ean
depen
ding
if
they
do
busin
ess in
Europ
e.
231
Table 48
Survey One, Question Eleven.
Have you seen Cloud security configuration baselines used by SMEs?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 Null
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 No
10431854058 Yes
10427699337 Yes
10417386813 No
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 No
10402182952 Yes
232
Table 49
Survey One, Question Twelve.
What Cloud security configuration baselines have you seen used by SMEs? Please select all that
apply:
233
Responde
nt ID
DoD
Cloud
Security
requireme
nts guides
(Departm
ent of
Defense)
DISA/IAS
E Security
requireme
nts guide
(Defense
Informatio
n Systems
Agency
Informatio
n
Assurance
Support
Environm
ent)
CSA
Cloud
securit
y
guidan
ce
(Cloud
Securit
y
Allian
ce)
FedRAM
P Cloud
security
baselines
(Federal
Risk and
Authorizat
ion
Managem
ent
Program)
AWS
SbD
(Amaz
on
Web
Servic
es
Securit
y by
Design
)
C1IS
Cloud
baselin
es
(Cente
r for
Interne
t
Securit
y)
Oth
er
Any
addition
al
comme
nts (We
want
your
expertis
e)?
10491254
797 Yes Yes Yes Yes
10490673
669 Yes Yes Yes Yes
10487064
183 Yes Yes Yes Yes Yes
10485140
823 Yes Yes
10484829
239 Yes Yes Yes
10484680
154 Yes Yes Yes
10484537
295 Yes Yes
10475221
052
10475220
285
10471701
090 Yes
10471688
387
10471530
810
10448076
199 Yes Yes Yes Yes Yes
10447785
436 Yes Yes
10445940
900 Yes Yes Yes Yes Yes Yes
234
10431943
351
10431854
058 Yes
10427699
337 Yes Yes
10417386
813
10412337
046 Yes Yes Yes Yes Yes
10407510
054
10407305
328 Yes Yes Yes
10407277
615
10402182
952 Yes Yes Yes
235
Table 50
Survey One, Question Thirteen.
Do you see any non-technical areas of concern when SMEs are contemplating Cloud adoption?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 Yes
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 Yes
10402182952 Yes
236
Table 51
Survey One, Question Fourteen.
What non-technical areas of concern do you see when SMEs are contemplating Cloud adoption?
Respondent
ID Governance
Business
Process
Financial
(non-
technical) Privacy Legal Other
Any
additional
comments
(We want
your
expertise)?
10491254797 Yes Yes Yes Yes Yes
10490673669 Yes Yes Yes
10487064183 Yes Yes Yes Yes Yes Yes
10485140823 Yes Yes Yes Yes Yes
10484829239 Yes Yes Yes Yes Yes
10484680154 Yes Yes Yes Yes
10484537295 Yes Yes Yes Yes Yes
10475221052 Yes Yes Yes Yes Yes Human
10475220285
10471701090 Yes Yes
10471688387
10471530810
10448076199 Yes Yes
10447785436 Yes Yes Yes Yes
10445940900 Yes Yes Yes Yes Yes
10431943351 Yes Yes Yes Yes
10431854058 Yes Yes
10427699337 Yes Yes
10417386813 Yes Yes Yes
10412337046 Yes Yes Yes Yes
10407510054
10407305328 Yes Yes Yes Yes Yes
Business
Continuity/
Disaster
Recovery
Third Party
risk
management
10407277615 Yes Yes Yes Yes Cost
10402182952 Yes Yes Yes
237
Table 52
Survey One, Question Fifteen.
Do you see any IT (not security) areas of concern for SMEs as they adopt Cloud computing?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 Yes
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 Yes
10402182952 Yes
238
Table 53
Survey One, Question Sixteen.
What IT (not security) areas of concern do you see for SMEs as they adopt Cloud computing?
Please select all areas of concern that you have seen.
239
Respon
dent ID
Back
up
and
Rest
ore
IT
Aud
it
Res
ults
Transi
tion
Proces
s to
Cloud
Type of
Cloud to
use IaaS
(Infrastru
cture as a
Service),
PaaS
(Platform
as a
Service),
SaaS
(Softwar
e as a
Service)
IT
Team
Knowl
edge
and
Skills
Netwo
rk Path
to
Cloud
(redun
dant
paths,
multipl
e
Interne
t
service
provid
ers)
Co
st
Psychologic
al
Barriers/Co
ncerns
Other
(please
specify)
1049125
4797 Yes Yes Yes Yes Yes
Ye
s
1049067
3669 Yes Yes Yes Yes
1048706
4183 Yes Yes Yes Yes Yes Yes
Ye
s Yes
1048514
0823 Yes Yes Yes
1048482
9239 Yes Yes Yes Yes Yes Yes
Ye
s
1048468
0154 Yes Yes Yes Yes Yes Yes
1048453
7295 Yes Yes Yes Yes
Ye
s
1047522
1052 Yes Yes Yes Yes Yes
Ye
s Yes
1047522
0285
1047170
1090 Yes Yes
1047168
8387
1047153
0810
1044807
6199 Yes Yes Yes Yes Yes
Ye
s
1044778
5436 Yes Yes Yes Yes Yes Yes Yes
1044594
0900 Yes Yes Yes Yes Yes Yes
Ye
s Yes
240
1043194
3351 Yes Yes Yes Yes
1043185
4058 Yes Yes Yes Yes
1042769
9337 Yes Yes Yes Yes
1041738
6813 Yes Yes Yes Yes
1041233
7046 Yes Yes Yes Yes Yes
Ye
s
1040751
0054
1040730
5328 Yes Yes Yes Yes Yes Yes
Ye
s Yes
Adoptio
n of IT
processe
s in the
cloud –
such as
patch
and
vulnera
bility
manage
ment
and
SDLC
Asset
manage
ment –
includin
g
handlin
g end of
life
assets
that
cannot
transitio
n to the
cloud.
1040727
7615 Yes Yes Yes Yes Yes Yes
Ye
s
1040218
2952 Yes Yes Yes
Ye
s
241
Table 54
Survey One, Question Seventeen.
Do you see SMEs adopting Cloud security controls?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 Yes
10475221052 No
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 Yes
10445940900 Yes
10431943351 Yes
10431854058 Yes
10427699337 Yes
10417386813 Yes
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 Yes
10402182952 Yes
242
Table 55
Survey One, Question Eighteen. Part One of Two.
What Cloud security controls do you see SMEs adopting? Please select all Cloud security
controls that you have seen.
243
Responde
nt ID
Data
stora
ge
VMs
(Virtua
l
Machin
es)
Micro
services
(Docker
,
Kuberne
tes, etc.)
Netwo
rks
Virtua
l
securit
y
device
s (for
examp
le;
virtual
Firew
alls or
Amaz
on
Web
Servic
es
(AWS
)
securit
y
group
s)
Physic
al
securit
y
device
s (for
examp
le; a
Hardw
are
Securit
y
Modul
e
(HSM)
)
CAS
B
(Clou
d
Acce
ss
Secur
ity
Brok
er)
Encrypt
ion at
rest
Encrypt
ion in
transit
1049125
4797 Yes Yes Yes Yes Yes
1049067
3669 Yes Yes Yes Yes Yes Yes Yes
1048706
4183 Yes Yes Yes Yes Yes Yes Yes Yes
1048514
0823 Yes Yes Yes Yes Yes
1048482
9239 Yes Yes Yes Yes
1048468
0154 Yes Yes Yes Yes Yes
1048453
7295 Yes Yes Yes
1047522
1052
1047522
0285
1047170
1090 Yes Yes Yes Yes
1047168
8387
1047153
0810
244
1044807
6199 Yes Yes Yes Yes Yes Yes Yes
1044778
5436 Yes Yes Yes Yes Yes Yes
1044594
0900 Yes Yes Yes Yes Yes Yes Yes Yes Yes
1043194
3351 Yes Yes Yes Yes Yes Yes
1043185
4058 Yes Yes Yes Yes
1042769
9337 Yes Yes Yes Yes Yes
1041738
6813 Yes Yes Yes Yes Yes Yes
1041233
7046 Yes Yes Yes Yes
1040751
0054
1040730
5328 Yes Yes Yes Yes Yes Yes Yes Yes
1040727
7615 Yes Yes
1040218
2952 Yes Yes Yes
245
Table 56
Survey One, Question Eighteen. Part Two of Two.
What Cloud security controls do you see SMEs adopting? Please select all Cloud security
controls that you have seen.
246
Responde
nt ID
Encryption
during
compute
(homomor
phic
encryption
)
Back
up
Secaa
S
(Secur
ity as
a
Servic
e)
SecSLA
(Security
Service
Level
Agreeme
nt)
IAM
(Identity
and
Access
Managem
ent)
MultiCl
oud
Oth
er
Any
addition
al
commen
ts (We
want
your
expertis
e)?
Yes Yes Yes Yes
10491254
797 Yes Yes
10490673
669 Yes Yes Yes Yes Yes
10487064
183 Yes
10485140
823 Yes Yes
10484829
239 Yes Yes
10484680
154
10484537
295
10475221
052
10475220
285 Yes
10471701
090
10471688
387
10471530
810 Yes Yes Yes
10448076
199
10447785
436 Yes Yes Yes Yes Yes Yes
10445940
900 Yes Yes Yes
10431943
351 Yes
247
10431854
058 Yes
10427699
337 Yes Yes Yes
10417386
813 Yes Yes Yes Yes
10412337
046
10407510
054 Yes
10407305
328 Yes
10407277
615
I ONLY
see
SMEs
doing
these.
Others
will be
expensiv
e and
technica
lly
prohibiti
ve.
10402182
952
248
Table 57
Survey One, Question Nineteen.
Have you seen specific recommendations made to SMEs regarding Cloud computing adoption?
Respondent
ID Response
10491254797 Yes
10490673669 Yes
10487064183 Yes
10485140823 Yes
10484829239 Yes
10484680154 Yes
10484537295 No
10475221052 Yes
10475220285 Null
10471701090 Yes
10471688387 Null
10471530810 Null
10448076199 Yes
10447785436 No
10445940900 Yes
10431943351 No
10431854058 No
10427699337 No
10417386813 Yes
10412337046 Yes
10407510054 Null
10407305328 Yes
10407277615 Yes
10402182952 Yes
249
Table 58
Survey One, Question twenty.
What specific recommendations have you seen made to SMEs regarding Cloud computing
adoption? Please select all recommendations that you have seen.
250
Respondent
ID
Accept
CSP’s
(Cloud
Service
Provider)
attestations
such as
SAS 70
(Statement
of
Auditing
Standards
#70) as
proof of
compliance
Accept
CSP’s
(Cloud
Service
Provider)
SLAs
(Service
Level
Agreement)
or
SecSLAs
(Security
Service
Level
Agreement)
Outsource
or
contract
Cloud
operations
Outsource
or
contract
SecaaS
(Security
as a
Service)
MSSP
(Managed
Security
Service
Provider)
etc.
Do
not
adopt
Cloud
Partial
Cloud
adoption
(for
example:
no
sensitive
data
allowed
in
Cloud) Other
Any
additional
comments
(We want
your
expertise)?
10491254797 Yes Yes Yes
10490673669 Yes
10487064183 Yes Yes Yes Yes Yes
10485140823 Yes Yes Yes Yes
Partial
adoption
typically
takes the
form of a
particular
project or
system.
10484829239 Yes Yes
10484680154 Yes Yes
10484537295
10475221052 Yes Yes Yes Yes Yes Yes
10475220285
10471701090 Yes Yes
10471688387
10471530810
10448076199 Yes Yes Yes
10447785436
10445940900 Yes Yes Yes Yes Yes
10431943351
10431854058
10427699337
251
10417386813 Yes Yes Yes Yes
10412337046 Yes Yes
10407510054
10407305328 Yes Yes Yes
SAS70
was retired
several
years ago.
you should
be
referencing
AICPA
SOC1/2 –
SSAE18
10407277615 Yes Yes Yes Yes
10402182952 Yes Yes Yes Yes
252
Table 59
Survey One, Question Twenty-one.
Any additional comments or recommendations for the follow up survey?
Respondent
ID
10491254797
10490673669
10487064183
10485140823
10484829239
10484680154
10484537295
10475221052
10475220285
10471701090
10471688387
10471530810
10448076199
10447785436
10445940900 No
10431943351
10431854058
10427699337
10417386813
10412337046
10407510054
10407305328
I did or see anything your survey regarding a discussion of using a risk
based approach to managing cloud computing risk. In my experience, I
see too many SMEs looking to adopt a framework, implement the
framework with no perspective on the risks. The assumption that a
framework, if implemented, takes care of the risks is flawed. I look
forward to seeing more surveys.
10407277615 Nope
10402182952 Surveys oriented per industry.
253
Appendix C Survey two individual answers
Table 60
Survey Two, Question One.
https://www.surveymonkey.com/r/Meersman_2_of_3_preview. My name is Matthew Meersman.
I am a doctoral student at Northcentral University. I am conducting a research study on Cloud
computing risk assessments for Small to Medium sized enterprises (SMEs). I am completing this
research as part of my doctoral degree. Your participation is completely voluntary. I am seeking
your consent to involve you and your information in this study. Reasons you might not want to
participate in the study include a lack of knowledge in Cloud computing risk assessments. You
may also not be interested in Cloud computing risk assessments. Reasons you might want to
participate in the study include a desire to share your expert knowledge with others. You may
also wish to help advance the field of study on Cloud computing risk assessments. An alternative
to this study is simply not participating. I am here to address your questions or concerns during
the informed consent process via email. This is not an ISACA sponsored survey so there will be
no CPEs awarded for participation in this survey. PRIVATE INFORMATION Certain private
information may be collected about you in this study. I will make the following effort to protect
your private information. You are not required to include your name in connection with your
survey. If you do choose to include your name, I will ensure the safety of your name and survey
by maintaining your records in an encrypted password protected computer drive. I will not ask
the name of your employer. I will not record the IP address you use when completing the survey.
Even with this effort, there is a chance that your private information may be accidentally
released. The chance is small but does exist. You should consider this when deciding whether to
254
participate. If you participate in this research, you will be asked to: 1. Participate in a Delphi
panel of risk experts by answering questions in three web-based surveys. Each survey will
contain twenty to thirty questions and should take less than twenty minutes to complete. Total
time spent should be one hour over a period of approximately six to eight weeks. A Delphi panel
is where I ask you risk experts broad questions in the first survey. In the second survey I ask you
new questions based on what you, as a group, agreed on. I do the same thing for the third round.
By the end, your expert judgement may tell us what works in Cloud risk assessments.
Eligibility: You are eligible to participate in this research if you: 1. Are an adult over the age of
eighteen. 2. Have five or more years of experience in the IT risk field. You are not eligible to
participate in this research if you: 1. Under the age of eighteen. 2. If you have less than five years
of experience in the IT risk field. I hope to include twenty to one hundred people in this research.
255
Because of word limits in Survey Monkey questions you read and agree to this page and the next
page to consent to this study.
Respondent
ID Agree Disagree
10553721693 Agree
10544594567 Agree
10541108771 Agree
10540849349 Agree
10539799082 Agree
10539415359 Agree
10537530950 Agree
10535079594 Agree
10532895540 Agree
10532865651 Agree
10532402129 Agree
10531688057 Agree
10531608134 Agree
10531591833 Agree
10530967705 Agree
10530924512 Agree
10530913418 Agree
10530912179 Agree
10530872657 Agree
10530871673 Agree
10530844402 Disagree
10530837446 Agree
10530835085 Agree
10530534471 Agree
10530525458 Agree
10530496542 Agree
10530446115 Agree
10530171158 Agree
10517027813 Agree
10513614347 Agree
256
Table 61
Survey Two, Question Two.
Part 2 of the survey confidentiality agreement Risks: There are minimal risks in this
study. Some possible risks include: a third party figuring out your identity or your employer’s
identity if they are able to see your answers before aggregation of answers takes place.To
decrease the impact of these risks, you can skip any question or stop participation at any time.
Benefits: If you decide to participate, there are no direct benefits to you. The potential benefits to
others are: a free to use Cloud computing risk assessment tool. Confidentiality: The information
you provide will be kept confidential to the extent allowable by law. Some steps I will take to
keep your identity confidential are; you are not required to provide your name or your
employer’s name. I will not record your IP address. The people who will have access to your
information are myself, and/or, my dissertation chair, and/or, my dissertation committee. The
Institutional Review Board may also review my research and view your information. I will
secure your information with these steps: Encrypting all data received during this study during
storage. There will be no printed copies. There will be one copy of the data stored on an
encrypted thumb drive that is stored in my small home safe. There will be one copy of the data
stored as an encrypted archive in my personal Google G Drive folder. I will keep your data for 7
years. Then, I will delete the electronic data in the G Drive folder and destroy the encrypted
thumb drive. Contact Information: If you have questions for me, you can contact me at: 202-798-
3647 or [email protected] dissertation chair’s name is Dr. Smiley. He works
at Northcentral University and is supervising me on the research. You can contact him at:
[email protected] or 703.868.4819If you contact us you will be giving us information like your
phone number or email address. This information will not be linked to your responses if the
257
study is anonymous. If you have questions about your rights in the research, or if a problem has
occurred, or if you are injured during your participation, please contact the Institutional Review
Board at: [email protected] or 1-888-327-2877 ext 8014.Voluntary Participation: Your participation
is voluntary. If you decide not to participate, or if you stop participation after you start, there will
be no penalty to you. You will not lose any benefit to which you are otherwise entitled. Future
Research Any information or specimens collected from you during this research may not be used
for other research in the future, even if identifying information is removed. Anonymity: This
study is anonymous, and it is not the intention of the researcher to collect your name. However,
you do have the option to provide your name voluntarily. Please know that if you do, it may be
linked to your responses in this study. Any consequences are outside the responsibility of the
researcher, faculty supervisor, or Northcentral University. If you do wish to provide your name, a
space will be provided. Again, including your name is voluntary, and you can continue in the
258
study if you do not provide your name.________________________________ (Your Signature
only if you wish to sign)
Respondent
ID Yes No
10553721693 Yes
10544594567 Yes
10541108771 Yes
10540849349 Yes
10539799082 Yes
10539415359 Yes
10537530950 Yes
10535079594 Yes
10532895540 Yes
10532865651 Yes
10532402129 Yes
10531688057 Yes
10531608134 Yes
10531591833 No
10530967705 Yes
10530924512 Yes
10530913418 Yes
10530912179 Yes
10530872657 No
10530871673 Yes
10530844402 No
10530837446 Yes
10530835085 Yes
10530534471 Yes
10530525458 Yes
10530496542 Yes
10530446115 Yes
10530171158 Yes
10517027813 Yes
10513614347 Yes
259
Table 62
Survey Two, Question Three.
Are you between the ages of 18 to 65?
Respondent
ID Yes No
10553721693 Yes
10544594567 Yes
10541108771 Yes
10540849349 Yes
10539799082 Yes
10539415359 Yes
10537530950 Yes
10535079594 Yes
10532895540 Yes
10532865651 Yes
10532402129 Yes
10531688057 Yes
10531608134 Yes
10531591833
10530967705 No
10530924512 Yes
10530913418 Yes
10530912179 Yes
10530872657
10530871673 Yes
10530844402
10530837446 Yes
10530835085 Yes
10530534471 Yes
10530525458 Yes
10530496542 Yes
10530446115 Yes
10530171158 Yes
10517027813 Yes
10513614347 Yes
260
Table 63
Survey Two, Question Four.
Do you have 5 or more years in the risk field (please include any postgraduate education)?
Respondent
ID Yes No
10553721693 Yes
10544594567 Yes
10541108771 Yes
10540849349 Yes
10539799082 Yes
10539415359 Yes
10537530950 Yes
10535079594 Yes
10532895540 Yes
10532865651 Yes
10532402129 Yes
10531688057 Yes
10531608134 Yes
10531591833
10530967705
10530924512 Yes
10530913418 Yes
10530912179 Yes
10530872657
10530871673 Yes
10530844402
10530837446 Yes
10530835085 Yes
10530534471 Yes
10530525458 Yes
10530496542 Yes
10530446115 Yes
10530171158 Yes
10517027813 Yes
10513614347 Yes
261
Table 64
Survey Two, Question Five.
For this study we define small to medium enterprises (SMEs) by the European Commission
guidelines: Small (15 million or less in annual revenue) to medium (60 million or less in annual
revenue) sized enterprises that are not subsidiaries of large enterprises or governments, or wholly
or partially supported by large enterprises or governments. Please remember that you are free to
262
not answer any of the following questions that you wish. If a question is asking for information
you do not wish to share, do not answer it.
Respondent
ID Agree Disagree Any additional comments (We want your expertise)?
10553721693 Agree
10544594567 Agree
10541108771 Agree
10540849349 Agree
10539799082 Agree
10539415359 Agree
10537530950 Agree
10535079594 Agree Name field does not work….
10532895540 Agree
10532865651 Agree
10532402129 Agree
10531688057 Agree
10531608134 Agree
10531591833
10530967705
10530924512 Agree
10530913418 Agree
10530912179 Agree
10530872657
10530871673 Agree
10530844402
10530837446 Agree
10530835085 Agree
10530534471 Agree
10530525458 Agree
10530496542 Agree
10530446115 Agree
10530171158 Agree
10517027813 Agree
10513614347 Agree
263
Table 65
Survey Two, Question Six.
How well defined is the term Cloud? Do you see a distinction in the risk analysis and auditing
between the terms below? Please select all that apply.
264
Respondent
ID
Distinction
between
colocation
and Cloud.
Distinction
between IaaS
(infrastructure
as a Service)
and cPanel
controlled
hosting.
Distinction
between
VMware
environment
and a
private
Cloud.
PaaS
(Platform as
a Service)
and SaaS
(Software as
a Service). Other.
Any additional
comments? (We
want your expertise).
10553721693 Yes Yes
10544594567 Yes Yes
10541108771 Yes Yes Yes Yes
10540849349 Yes Yes Yes Yes
10539799082 Yes Yes
10539415359 Yes Yes Yes Yes
10537530950 Yes Yes Yes
cPanel is not IaaS
interface, it is for
web sites, more PaaS
or SaaS
10535079594 Yes Yes Yes
10532895540
This question and the
answers to select
make little sense to
me. You ask two
questions, and
provide one set of
answers. If you’re
going to do PhD-
level work, you need
to do much, much
better than this.
Harsh feedback,
perhaps, but you
need to hear it. I
have no idea how to
answer this question
in a manner that
makes sense.
10532865651 Yes Yes Yes Yes
10532402129 Yes Yes Yes Yes
10531688057 Yes Yes Yes
10531608134 Yes Yes
10531591833
10530967705
10530924512 Yes Yes Yes
10530913418 Yes
265
10530912179 Yes Yes
10530872657
10530871673 Yes Yes Yes Yes
10530844402
10530837446 Yes Yes Yes
10530835085 Yes
10530534471 Yes Yes
10530525458 Yes Yes
10530496542 Yes Yes
10530446115 Yes
10530171158 Yes Yes
10517027813
10513614347
266
Table 66
Survey Two, Question Seven. Part One of Two.
Most SMEs have Cloud operations in progress. Which scenarios have you seen and which have
you seen audited by the SMEs? Please select all that apply.
267
Respondent
ID
Shadow IT.
Cloud
spending not
officially
budgeted,
audited, or
documented.
Test or
development
environments
in Cloud.
SMEs
auditing and
securing
Cloud test or
development
environments.
One off
solutions.
For
example; a
business
group using
DropBox for
its own files.
SMEs
auditing and
securing
one off
solutions.
10553721693 Yes Yes Yes
10544594567 Yes Yes
10541108771 Yes Yes Yes Yes
10540849349
10539799082 Yes Yes Yes
10539415359 Yes
10537530950 Yes Yes Yes
10535079594 Yes Yes Yes Yes
10532895540 Yes Yes Yes
10532865651 Yes Yes Yes Yes Yes
268
10532402129 Yes Yes
10531688057 Yes Yes Yes Yes Yes
10531608134 Yes Yes Yes Yes Yes
10531591833
10530967705
10530924512
10530913418 Yes
10530912179 Yes
10530872657
10530871673 Yes Yes
10530844402
10530837446 Yes Yes Yes
10530835085 Yes
10530534471 Yes Yes Yes
10530525458 Yes Yes
10530496542 Yes Yes
10530446115 Yes Yes Yes Yes
10530171158 Yes Yes
10517027813
10513614347
269
Table 67
Survey Two, Question Seven. Part Two of Two.
Most SMEs have Cloud operations in progress. Which scenarios have you seen and which have
you seen audited by the SMEs? Please select all that apply.
270
Respondent
ID
Business group or
team using non-
standard CSP. For
example; SME has
picked AWS but
enterprise exchange
team is using Azure.
SMEs auditing
and securing
non-standard
CSP. Other.
Any additional
comments? (We want
your expertise).
10553721693 Yes
10544594567
10541108771 Yes
10540849349 Yes Yes
10539799082 Yes
10539415359
10537530950 Yes
10535079594 Yes Yes
If this counts,
different email
provider
10532895540 Yes Yes
What is the
difference between
answers 2 and 3, 6
and 7? Sorry, but
you REALLY need
to focus on cogent
language and clear
thought. I’m
answering this survey
to help you, but
becoming more and
more irritated with its
sloppiness.
10532865651
271
10532402129 Yes
10531688057 Yes Yes
10531608134 Yes Yes
10531591833
10530967705
10530924512
10530913418
10530912179
10530872657
10530871673 Yes
10530844402
10530837446 Yes
10530835085
10530534471
10530525458 Yes
10530496542
10530446115
10530171158
10517027813
10513614347
Table 68
Survey Two, Question Eight.
When starting to plan a transition to a Cloud environment, what have you seen SMEs start with
before risk assessments or collection of requirements? Please select all that apply;
272
Responde
nt ID
Choice
of CSP
(Cloud
service
provide
r).
Choice of
infrastruct
ure such as
IaaS
(Infrastruc
ture as a
Service),
PaaS
(Platform
as a
Service),
or SaaS
(Software
as a
Service).
Choice
of IT
framew
ork
such as
COBIT,
ITIL or
ISO/IE
C
38500.
Choice
of
securit
y
control
standar
ds
such as
NIST
SP
800-53
or
CSF,
HIPA
A, or
PCI-
DSS.
Choice
of Cloud
security
baseline
s such
as
FedRA
MP,
CIS, or
CSA.
Automati
on tools
such as
DevOps
or
SecDevO
ps.
Othe
r.
Any
addition
al
comme
nts (We
want
your
expertis
e)?
10553721
693 Yes Yes Yes
10544594
567 Yes Yes Yes Yes
10541108
771 Yes Yes Yes Yes
10540849
349 Yes Yes
10539799
082 Yes Yes Yes Yes
10539415
359 Yes Yes Yes Yes Yes Yes
10537530
950 Yes Yes Yes
10535079
594 Yes
Not
been
involve
d
10532895
540 Yes Yes Yes Yes Yes
Finally,
a
question
that
makes
sense.
10532865
651 Yes Yes Yes
10532402
129 Yes Yes
273
10531688
057 Yes Yes Yes
10531608
134 Yes Yes Yes Yes
10531591
833
10530967
705
10530924
512
10530913
418 Yes Yes Yes Yes Yes
10530912
179 Yes
10530872
657
10530871
673 Yes
10530844
402
10530837
446 Yes Yes Yes
10530835
085 Yes
10530534
471 Yes Yes
10530525
458 Yes Yes Yes Yes
10530496
542 Yes Yes Yes Yes Yes
10530446
115 Yes Yes Yes
10530171
158 Yes Yes Yes
10517027
813
10513614
347
274
Table 69
Survey Two, Question Nine Part One of Two.
Do you see SMEs effectively plan their Cloud usage and growth? Please select all that apply.
275
Respondent
ID
The SME
has a unified
plan for their
Cloud
transition
including
auditing and
documenting
the process.
The SME has
previously
adopted
Cloud tools
and
environments
as solutions
to single
problems.
For example;
a business
group has
adopted
Google Docs
to share
documents.
The SME
views
Cloud
solutions
as
solutions
to
individual
problems.
The SME
has a
Cloud
audit
team or
subject
matter
expert.
The SME has
separate
controls for
Cloud
environments.
10553721693 Yes Yes
10544594567 Yes
10541108771 Yes Yes
10540849349 Yes
10539799082 Yes Yes
10539415359 Yes
10537530950 Yes Yes Yes
10535079594 Yes Yes Yes
10532895540
10532865651 Yes Yes
276
10532402129
10531688057 Yes Yes Yes
10531608134 Yes Yes Yes
10531591833
10530967705
10530924512
10530913418 Yes Yes Yes
10530912179
10530872657
10530871673 Yes Yes
10530844402
10530837446 Yes Yes
10530835085 Yes
10530534471 Yes
10530525458 Yes Yes
10530496542 Yes
10530446115 Yes Yes Yes
10530171158 Yes
10517027813
10513614347
277
Table 70
Survey Two, Question Nine Part Two of Two.
Do you see SMEs effectively plan their Cloud usage and growth? Please select all that apply.
278
Respondent
ID
The SME has
BC / DR
plans for
CSP failures.
The SME has
security
procedures
for
transferring
data from on-
premises to
Cloud
environment.
The SME
moves IT
infrastructure
to CSPs as
servers, IT
equipment, or
data centers
reach end of
life or leases
expire. Other.
Any
additional
comments
(We want
your
expertise)?
10553721693 Yes
10544594567
10541108771 Yes
10540849349 Yes Yes Yes
10539799082 Yes
10539415359
10537530950 Yes Yes Yes
10535079594
10532895540
* Sigh * You
ask a Yes/No
question,
then provide
other types of
answers. I
give up.
10532865651 Yes Yes Yes
10532402129 Yes Yes
10531688057 Yes Yes Yes
10531608134 Yes Yes Yes
10531591833
10530967705
10530924512
10530913418 Yes Yes
279
10530912179
10530872657
10530871673 Yes
10530844402
10530837446 Yes Yes
10530835085
10530534471 Yes
10530525458 Yes
10530496542 Yes
10530446115
10530171158 Yes
10517027813
10513614347
280
Table 71
Survey Two, Question Ten part One of Two.
100% of respondents to Survey 1 have seen recommendations to outsource the transition to a
Cloud environment. Which portions of a transition to a Cloud environment have you seen
recommended to be outsourced? Please select all that apply.
281
Respondent
ID
Entire
transition
including
choice of
CSP (Cloud
Service
Provider),
type of
virtual
environment,
and transfer
of data.
Selecting
CSP and
type of
infrastructure
such as IaaS,
PaaS, or
SaaS.
Creating and
executing
data transfer
plan to
Cloud
environment.
Creating and
executing
security
controls in
Cloud
environment.
10553721693 Yes
10544594567 Yes
10541108771 Yes Yes Yes Yes
10540849349 Yes
282
10539799082 Yes Yes
10539415359 Yes
10537530950 Yes
10535079594 Yes
10532895540
10532865651 Yes
10532402129 Yes Yes
10531688057 Yes Yes Yes
10531608134
10531591833
10530967705
10530924512
10530913418 Yes
10530912179
10530872657
10530871673 Yes Yes
10530844402
10530837446 Yes Yes Yes Yes
283
10530835085 Yes
10530534471 Yes
10530525458
10530496542 Yes Yes
10530446115 Yes Yes Yes
10530171158 Yes
10517027813
10513614347
284
Table 72
Survey Two, Question Ten part Two of Two.
100% of respondents to Survey 1 have seen recommendations to outsource the transition to a
Cloud environment. Which portions of a transition to a Cloud environment have you seen
recommended to be outsourced? Please select all that apply.
285
Respondent
ID
Managed or professional
services including ongoing
management of SME data
and IT operations.
Managed security
services including
scheduled audits or
penetration testing. Other.
Any additional
comments (We want
your expertise)?
10553721693 Yes
10544594567 Yes
10541108771 Yes Yes
10540849349 Yes
10539799082 Yes
10539415359 Yes Yes
10537530950 Yes Yes
10535079594 Yes Yes
10532895540
See previous
response.
10532865651 Yes
10532402129 Yes
10531688057 Yes Yes
10531608134
10531591833
10530967705
10530924512
10530913418 Yes Yes
10530912179
10530872657
10530871673 Yes
10530844402
10530837446
10530835085
10530534471 Yes
10530525458
10530496542 Yes
10530446115
10530171158 Yes
10517027813
10513614347
286
Table 73
Survey Two, Question Eleven.
Most survey 1 respondents identified a lack of current SME IT staff expertise and/or desire as an
issue in transition to the Cloud. Are there specific staff issues that you have seen? Please select
all that apply.
287
Responde
nt ID
IT staff
not sized
appropriat
ely.
Budget for
IT staff
training in
Cloud
environme
nts
lacking.
IT staff
resistant to
transition
to Cloud
environme
nts.
Governanc
e or
manageme
nt
structure
not
adequate
for
transition
to Cloud
environme
nts. For
example;
IT is a silo
and makes
its own
decisions.
SME
business
structure
or
processe
s not
conduci
ve to
Cloud
operatio
ns. For
example
: each
business
unit has
distinct
IT staff
and IT
budget.
Othe
r.
Any
additional
comment
s (We
want your
expertise)
?
10553721
693 Yes Yes
10544594
567 Yes Yes Yes Yes
10541108
771 Yes Yes Yes Yes Yes
10540849
349 Yes Yes Yes
10539799
082 Yes Yes
10539415
359 Yes Yes Yes Yes Yes
288
10537530
950 Yes Yes Yes
Othe
r.
The
number
of
individual
s
possessin
g cloud
expertise
is limited
and the
skills are
in
demand.
Those
who work
on
gaining
the
expertise
seek
employm
ent
requiring
those
skills;
therefore
existing
IT staff
typically
do not
have
cloud
expertise.
10535079
594 Yes Yes Yes Yes Yes
10532895
540
10532865
651 Yes Yes Yes Yes Yes
10532402
129 Yes Yes Yes Yes
10531688
057 Yes Yes Yes
10531608
134
289
10531591
833
10530967
705
10530924
512
10530913
418 Yes Yes Yes Yes
10530912
179
10530872
657
10530871
673 Yes Yes Yes Yes
10530844
402
10530837
446 Yes Yes Yes Yes Yes
10530835
085 Yes
10530534
471 Yes Yes Yes Yes Yes
10530525
458
290
10530496
542 Yes Yes Yes
We have
a third
party
vendor
helping
with the
migration
to the
cloud,
and we
have also
found a
lack of
deep
technical
knowledg
e and
managem
ent in
vendors
who
propose
their
expertise.
10530446
115 Yes Yes Yes Yes
10530171
158 Yes Yes Yes Yes
10517027
813
10513614
347
291
Table 74
Survey Two, Question Twelve.
What solutions have you seen SMEs use to remedy a lack of staff Cloud training? Please select
all that apply.
292
Respondent
ID
Internal
ad-hoc
training.
For
example;
a CSP
account
for staff
use.
General
Cloud
and
Cloud
security
training
courses.
For
example;
SANS
courses.
Specific
CSP
training.
For
example
AWS
architect
training.
Hiring of
additional
personnel.
Outsourcing
Cloud
related
work to a
third party.
Hiring
consultants
or
professional
services to
complement
SME staff. Other.
Any
additional
comments
(We want
your
expertise)?
10553721693 Yes Yes Yes
10544594567 Yes Yes Yes Yes Yes
10541108771 Yes Yes Yes Yes Yes Yes
10540849349 Yes Yes
10539799082 Yes Yes Yes Yes
10539415359
10537530950 Yes Yes Yes Yes Yes
10535079594 Yes Yes Yes Yes
10532895540
10532865651 Yes Yes
10532402129 Yes Yes Yes
10531688057 Yes Yes Yes Yes
10531608134 Yes
10531591833
10530967705
10530924512
10530913418 Yes Yes Yes Yes
10530912179
10530872657
10530871673 Yes Yes Yes
10530844402
10530837446 Yes Yes Yes
10530835085 Yes
10530534471 Yes Yes Yes Yes
10530525458
10530496542 Yes Yes Yes Yes Yes
Often
budgets
prevent
hiring
additional
staff.
293
10530446115 Yes Yes
10530171158 Yes Yes
10517027813
10513614347
Table 75
Survey Two, Question Thirteen Part One of Two.
Survey 1 respondents listed a variety of non-IT related concerns with a transition to a Cloud
environment. Which concerns have you seen outsourced and risk assessed by SMEs? Please
select all that apply.
294
Respondent
ID
Privacy
.
Outsource
d Privacy
Legal
.
Outsource
d Legal
procedure
s risk
assessed
by SMEs.
Governanc
e.
Outsource
d
governanc
e
procedure
s risk
assessed
by SMEs.
Busines
s
process.
1055372169
3 Yes.
1054459456
7 Yes. Yes Yes. Yes Yes Yes.
1054110877
1 Yes. Yes Yes. Yes Yes Yes. Yes
1054084934
9
1053979908
2 Yes. Yes
1053941535
9 Yes. Yes Yes. Yes Yes Yes. Yes
295
1053753095
0 Yes Yes.
1053507959
4 Yes. Yes
1053289554
0
1053286565
1
1053240212
9
1053168805
7 Yes. Yes Yes. Yes Yes Yes.
1053160813
4
1053159183
3
1053096770
5
1053092451
2
1053091341
8 Yes. Yes Yes Yes. Yes
1053091217
9
1053087265
7
296
1053087167
3 Yes
1053084440
2
1053083744
6 Yes Yes. Yes Yes
1053083508
5 Yes.
1053053447
1 Yes
1053052545
8
1053049654
2
1053044611
5 Yes Yes. Yes
1053017115
8 Yes.
1051702781
3
1051361434
7
Table 76
Survey Two, Question Thirteen Part Two of Two.
297
Survey 1 respondents listed a variety of non-IT related concerns with a transition to a Cloud
environment. Which concerns have you seen outsourced and risk assessed by SMEs? Please
select all that apply.
298
Respond
ent ID
Outsou
rced
busines
s
process
proced
ures
risk
assesse
d by
SMEs.
Busine
ss
contin
uity /
Disast
er
recove
ry.
Outsou
rced
BC /
DR
proced
ures
risk
assesse
d by
SMEs.
R isk
assessm
ent.
Outsourced
risk
assessment pro
cedures risk
assessed by
SMEs.
Outsou
rced
other
proced
ures
risk
assesse
d by
SMEs.
Oth
er.
Any
additio
nal
comme
nts (We
want
your
expertis
e)?
1055372
1693 Yes
1054459
4567 Yes Yes Yes Yes
1054110
8771 Yes Yes Yes Yes Yes
1054084
9349 Yes Yes
1053979
9082
1053941
5359 Yes Yes Yes Yes Yes Yes
1053753
0950 Yes Yes
1053507
9594
1053289
5540
1053286
5651
1053240
2129 Yes
1053168
8057 Yes Yes Yes Yes Yes
1053160
8134
1053159
1833
1053096
7705
1053092
4512
1053091
3418 Yes Yes
299
1053091
2179
1053087
2657
1053087
1673 Yes
Outsou
rced
help
desk
service
s.
1053084
4402
1053083
7446 Yes Yes Yes
1053083
5085
1053053
4471
1053052
5458
1053049
6542 Yes Yes
1053044
6115 Yes Yes
1053017
1158 Yes
1051702
7813
1051361
4347
Table 77
Survey Two, Question 14, part One of Two.
What are the important factors for a SME when choosing a CSP? Please select all that apply.
300
Respondent
ID Cost.
Ease
of
use.
Auditing
and logging
capabilities.
Security
tools.
Automation
tools
(DevOps,
SecDevOps).
Stability
and
reliability.
10553721693 Yes Yes Yes Yes
10544594567 Yes Yes Yes Yes Yes
10541108771 Yes Yes Yes Yes Yes Yes
10540849349 Yes Yes
10539799082 Yes Yes Yes Yes Yes
10539415359 Yes Yes Yes Yes Yes
301
10537530950
10535079594 Yes Yes Yes Yes Yes Yes
10532895540
10532865651 Yes Yes Yes Yes Yes Yes
10532402129 Yes Yes Yes Yes Yes
10531688057 Yes
10531608134 Yes Yes Yes Yes Yes Yes
10531591833
10530967705
10530924512
10530913418 Yes Yes Yes Yes Yes Yes
10530912179
10530872657
10530871673 Yes Yes
10530844402
10530837446 Yes Yes Yes Yes Yes
10530835085 Yes
10530534471 Yes Yes Yes
302
10530525458
10530496542 Yes Yes Yes Yes
10530446115 Yes Yes Yes Yes
10530171158 Yes Yes
10517027813
10513614347
Table 78
Survey Two, Question 14, part Two of Two.
What are the important factors for a SME when choosing a CSP? Please select all that apply.
303
Respondent
ID
Professional
or
management
services.
Industry
specific
tools. For
example a
CSP that
specializes
in HiPAA
or PCI-
DSS
controls.
SME IT
team
familiarity
with CSP
tools. For
example a
MS
Windows
IT shop
selecting
Azure as a
CSP. Other.
Any
additional
comments
(We want
your
expertise)?
10553721693
10544594567 Yes Yes
10541108771
10540849349
10539799082 Yes
10539415359
304
10537530950 Yes Other.
Finding
skilled
personnel
for the CSP.
Everyone
used Cisco
because
folks knew
Cisco – but
it was not
the best
choice in
terms of
costs and
performance
for many
applications.
10535079594 Yes
10532895540
10532865651 Yes
10532402129 Yes Yes
10531688057
10531608134 Yes
10531591833
10530967705
10530924512
10530913418 Yes Yes Yes
10530912179
10530872657
10530871673 Yes
10530844402
10530837446 Yes Yes
10530835085
10530534471 Yes Yes
305
10530525458
10530496542
10530446115 Yes Yes
10530171158
10517027813
10513614347
Table 79
Survey Two, Question Fifteen, part one of
Which CSPs have you seen used by SMEs? Please select all that apply.
306
Respondent
ID
AWS
(Amazon
Web
Services)
Microsoft
Azure
Cloud
platform
IBM
Cloud Rackspace GoDaddy
10553721693 Yes Yes Yes
10544594567 Yes Yes
10541108771 Yes Yes Yes Yes Yes Yes
10540849349 Yes Yes
10539799082 Yes Yes Yes
10539415359 Yes Yes Yes Yes
10537530950 Yes Yes
10535079594 Yes Yes
10532895540
10532865651 Yes Yes
10532402129 Yes
10531688057 Yes Yes Yes Yes
10531608134
10531591833
10530967705
10530924512
10530913418 Yes Yes Yes
10530912179
10530872657
10530871673 Yes
10530844402
10530837446 Yes Yes Yes
10530835085 Yes Yes
10530534471 Yes Yes
10530525458
10530496542 Yes Yes Yes Yes
10530446115 Yes Yes Yes Yes
10530171158 Yes Yes Yes Yes
10517027813
10513614347
Table 80
Survey Two, Question Fifteen, part Two of Five.
307
Which CSPs have you seen used by SMEs? Please select all that apply.
Respondent
ID
Verizon
Cloud VMware
Oracle
Cloud 1&1 DigitalOcean
10553721693
10544594567
10541108771 Yes Yes Yes Yes Yes
10540849349
10539799082
10539415359 Yes Yes
10537530950 Yes
10535079594 Yes
10532895540
10532865651 Yes
10532402129 Yes Yes Yes Yes
10531688057
10531608134
10531591833
10530967705
10530924512
10530913418
10530912179
10530872657
10530871673 Yes
10530844402
10530837446 Yes
10530835085
10530534471 Yes
10530525458
10530496542
10530446115 Yes Yes
10530171158 Yes
10517027813
10513614347
Table 81
Survey Two, Question Fifteen, part Four of Five.
308
Which CSPs have you seen used by SMEs? Please select all that apply.
Respondent
ID MageCloud InMotion CloudSigma Hyve Ubiquity
10553721693
10544594567
10541108771
10540849349
10539799082
10539415359
10537530950
10535079594
10532895540
10532865651
10532402129
10531688057
10531608134
10531591833
10530967705
10530924512
10530913418
10530912179
10530872657
10530871673
10530844402
10530837446
10530835085
10530534471
10530525458
10530496542
10530446115
10530171158
10517027813
10513614347
Table 82
Survey Two, Question Fifteen, part Three of Five.
309
Which CSPs have you seen used by SMEs? Please select all that apply.
Respondent
ID Hostinger Togglebox Atlantic.net Navisite Vultr
SIM-
Networks
10553721693
10544594567
10541108771
10540849349
10539799082
10539415359
10537530950
10535079594
10532895540
10532865651
10532402129
10531688057
10531608134
10531591833
10530967705
10530924512
10530913418
10530912179
10530872657
10530871673
10530844402
10530837446
10530835085
10530534471
10530525458
10530496542
10530446115
10530171158
10517027813
10513614347
Table 83
Survey Two, Question Fifteen, part Five of Five.
310
Which CSPs have you seen used by SMEs? Please select all that apply.
311
Respondent
ID
GigeNe
t
VEXXHOS
T
E24Clou
d
ElasticHos
ts
LayerStac
k
Othe
r
Any
additional
comment
s *We
want your
expertise)
?
1055372169
3
1054459456
7
1054110877
1
1054084934
9
1053979908
2
1053941535
9
1053753095
0
1053507959
4
1053289554
0
1053286565
1
1053240212
9
1053168805
7
1053160813
4
1053159183
3
1053096770
5
1053092451
2
1053091341
8
1053091217
9
1053087265
7
312
1053087167
3
1053084440
2
1053083744
6
1053083508
5
1053053447
1 Yes
1053052545
8
1053049654
2
1053044611
5
1053017115
8
1051702781
3
1051361434
7
313
Respondent
ID
GigeNe
t
VEXXHOS
T
E24Clou
d
ElasticHos
ts
LayerStac
k
Othe
r
Any
additional
comment
s *We
want your
expertise)
?
1055372169
3
1054459456
7
1054110877
1
1054084934
9
1053979908
2
1053941535
9
1053753095
0
1053507959
4
1053289554
0
1053286565
1
1053240212
9
1053168805
7
1053160813
4
1053159183
3
1053096770
5
1053092451
2
1053091341
8
1053091217
9
1053087265
7
314
1053087167
3
1053084440
2
1053083744
6
1053083508
5
1053053447
1 Yes
1053052545
8
1053049654
2
1053044611
5
1053017115
8
1051702781
3
1051361434
7
Table 84
Survey Two, Question 16, One of Three.
Many SMEs use several different Cloud based IT tools. Which tools have you seen in use, and
have you seen them audited? Please select all that apply:
315
Respondent
ID
Cloud
Email.
For
example;
Gmail.
audited
by
SME.
Cloud
file
storage.
For
example;
DropBox.
Cloud
file
storage
audited
by
SME.
Cloud office
applications.
For
example;
o365
Cloud
office
applications
audited by
SME.
10553721693 Yes Yes Yes Yes Yes Yes
10544594567 Yes
10541108771
10540849349 Yes
10539799082 Yes Yes Yes
10539415359 Yes Yes Yes Yes Yes Yes
10537530950 Yes Yes Yes Yes
10535079594 Yes Yes Yes Yes
10532895540
10532865651 Yes Yes Yes Yes
10532402129 Yes
10531688057 Yes Yes
10531608134
10531591833
10530967705
10530924512
10530913418 Yes Yes Yes
10530912179
10530872657
10530871673 Yes Yes
10530844402
10530837446 Yes Yes Yes Yes
10530835085 Yes
10530534471 Yes Yes
10530525458
316
10530496542
10530446115 Yes Yes Yes Yes
10530171158 Yes Yes Yes
10517027813
10513614347
Table 85
Survey Two, Question 16, Two of Three.
Many SMEs use several different Cloud based IT tools. Which tools have you seen in use, and
have you seen them audited? Please select all that apply:
317
Respondent
ID
Cloud chat /
communications
. For example;
Slack.
Cloud chat /
communication
s audited by
SME.
Cloud
based
backup.
For
example
; Zetta.
Cloud
based
backup
audite
d by
SME.
Cloud
CRM. For
example;
Salesforce
.
Cloud
CRM
audite
d by
SME.
1055372169
3 Yes Yes Yes
1054459456
7 Yes
1054110877
1 Yes
1054084934
9 Yes
1053979908
2 Yes
1053941535
9 Yes Yes Yes Yes
1053753095
0 Yes Yes
1053507959
4 Yes Yes
1053289554
0
1053286565
1 Yes
1053240212
9 Yes
1053168805
7 Yes Yes
1053160813
4
1053159183
3
1053096770
5
1053092451
2
318
1053091341
8 Yes Yes
1053091217
9
1053087265
7
1053087167
3 Yes Yes
1053084440
2
1053083744
6 Yes
1053083508
5
1053053447
1 Yes
1053052545
8
1053049654
2
1053044611
5
1053017115
8
1051702781
3
1051361434
7
Table 86
Survey Two, Question 16, Three of Three
Many SMEs use several different Cloud based IT tools. Which tools have you seen in use, and
have you seen them audited? Please select all that apply:
319
Respondent
ID
Web
hosting.
For
example;
GoDaddy.
Cloud
CDN
(content
delivery
network).
For
example;
Akamai.
Cloud
CDN
audited
by SME. Other.
Other
audited
by
SME.
Any
additional
comments
(We want
your
expertise)?
10553721693 Yes
10544594567
10541108771 Yes
I have seen
almost all of
these in use,
but only
seen CRMs
and CDNs
audited.
10540849349
10539799082
10539415359 Yes. Yes
10537530950 Yes Yes
10535079594
10532895540
10532865651 Yes Yes
10532402129
10531688057 Yes
10531608134
10531591833
10530967705
10530924512
10530913418 Yes
10530912179
10530872657
10530871673 Yes
10530844402
10530837446
10530835085 Yes
10530534471
10530525458
320
10530496542
I have seen
several of
these but I
have not
seen them
audited.
10530446115
10530171158
10517027813
10513614347
Table 87
Survey Two, Question Seventeen
Any additional comments or recommendations for the follow up survey?
321
Respondent
ID Comments
10553721693
10544594567
10541108771
10540849349
10539799082
10539415359
10537530950
10535079594
10532895540 This is simply not graduate level work. Sorry.
10532865651
10532402129
10531688057
10531608134
10531591833
10530967705
10530924512
10530913418
10530912179
10530872657
10530871673
10530844402
10530837446
10530835085
10530534471
I think there is very little guidance and I have seen very little assessment or
auditing.
10530525458
10530496542
10530446115
10530171158
10517027813
10513614347
322
Appendix D Survey Three Individual Answers
Table 88
Survey Three, Question One.
My name is Matthew Meersman. I am a doctoral student at Northcentral University. I am
conducting a research study on Cloud computing risk assessments for Small to Medium sized
enterprises (SMEs). I am completing this research as part of my doctoral degree. Your
participation is completely voluntary. I am seeking your consent to involve you and your
information in this study. Reasons you might not want to participate in the study include a lack
of knowledge in Cloud computing risk assessments. You may also not be interested in Cloud
computing risk assessments. Reasons you might want to participate in the study include a desire
to share your expert knowledge with others. You may also wish to help advance the field of
study on Cloud computing risk assessments. An alternative to this study is simply not
participating. I am here to address your questions or concerns during the informed consent
process via email. This is not an ISACA sponsored survey so there will be no CPEs awarded for
participation in this survey. PRIVATE INFORMATION Certain private information may be
collected about you in this study. I will make the following effort to protect your private
information. You are not required to include your name in connection with your survey. If you
do choose to include your name, I will ensure the safety of your name and survey by maintaining
your records in an encrypted password protected computer drive. I will not ask the name of your
employer. I will not record the IP address you use when completing the survey. Even with this
effort, there is a chance that your private information may be accidentally released. The chance is
small but does exist. You should consider this when deciding whether to participate. If you
participate in this research, you will be asked to:1. Participate in a Delphi panel of risk experts by
323
answering questions in three web-based surveys. Each survey will contain twenty to thirty
questions and should take less than twenty minutes to complete. Total time spent should be one
hour over a period of approximately six to eight weeks. A Delphi panel is where I ask you risk
experts broad questions in the first survey. In the second survey I ask you new questions based
on what you, as a group, agreed on. I do the same thing for the third round. By the end, your
expert judgement may tell us what works in Cloud risk assessments Eligibility: You are eligible
to participate in this research if you: 1. Are an adult over the age of eighteen. 2. Have five or
more years of experience in the IT risk field. You are not eligible to participate in this research if
you: 1. Under the age of eighteen.2. If you have less than five years of experience in the IT risk
field. I hope to include twenty to one hundred people in this research. Because of word limits in
324
Survey Monkey questions you read and agree to this page and the next page to consent to this
study.
Respondent ID Agree Disagree
10594631389 Agree
10592543726 Agree
10592389354 Agree
10588959572 Agree
10572611704 Agree
10571628613 Agree
10561345731 Agree
10559610688 Agree
10558924365 Agree
10558850146 Agree
10558685153 Agree
10557162374 Agree
10556647426 Agree
10556319920 Agree
10553788808 Agree
10552983398 Agree
10552074281 Agree
10550402764 Agree
10549771608 Agree
10548528015 Agree
10548469322 Agree
10548450420 Agree
10548449124 Agree
10543731948 Agree
Table 89
Survey Three, Question Two.
Part 2 of the survey confidentiality agreement Risks: There are minimal risks in this study. Some
possible risks include: a third party figuring out your identity or your employer’s identity if they
are able to see your answers before aggregation of answers takes place. To decrease the impact
325
of these risks, you can skip any question or stop participation at any time. Benefits: If you decide
to participate, there are no direct benefits to you. The potential benefits to others are: a free to use
Cloud computing risk assessment tool. Confidentiality: The information you provide will be kept
confidential to the extent allowable by law. Some steps I will take to keep your identity
confidential are; you are not required to provide your name or your employer’s name. I will not
record your IP address. The people who will have access to your information are myself, and/or,
my dissertation chair, and/or, my dissertation committee. The Institutional Review Board may
also review my research and view your information. I will secure your information with these
steps: Encrypting all data received during this study during storage. There will be no printed
copies. There will be one copy of the data stored on an encrypted thumb drive that is stored in
my small home safe. There will be one copy of the data stored as an encrypted archive in my
personal Google G Drive folder. I will keep your data for 7 years. Then, I will delete the
electronic data in the G Drive folder and destroy the encrypted thumb drive. Contact
Information: If you have questions for me, you can contact me at: 202-798-3647 or
[email protected] dissertation chair’s name is Dr. Smiley. He works at
Northcentral University and is supervising me on the research. You can contact him at:
[email protected] or 703.868.4819If you contact us you will be giving us information like your
phone number or email address. This information will not be linked to your responses if the
study is anonymous. If you have questions about your rights in the research, or if a problem has
occurred, or if you are injured during your participation, please contact the Institutional Review
Board at: [email protected] or 1-888-327-2877 ext 8014.Voluntary Participation: Your participation
is voluntary. If you decide not to participate, or if you stop participation after you start, there will
be no penalty to you. You will not lose any benefit to which you are otherwise entitled. Future
326
Research: Any information or specimens collected from you during this research may not be
used for other research in the future, even if identifying information is removed. Anonymity:
This study is anonymous, and it is not the intention of the researcher to collect your name.
However, you do have the option to provide your name voluntarily. Please know that if you do, it
may be linked to your responses in this study. Any consequences are outside the responsibility of
the researcher, faculty supervisor, or Northcentral University. If you do wish to provide your
name, a space will be provided. Again, including your name is voluntary, and you can continue
327
in the study if you do not provide your name.________________________________ (Your
Signature only if you wish to sign)
Respondent
ID Yes No
10594631389 No
10592543726 Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613 Yes
10561345731 Yes
10559610688 Yes
10558924365 No
10558850146 Yes
10558685153 Yes
10557162374 Yes
10556647426 Yes
10556319920 Yes
10553788808 Yes
10552983398 Yes
10552074281 Yes
10550402764 Yes
10549771608 Yes
10548528015 Yes
10548469322 Yes
10548450420 Yes
10548449124 Yes
10543731948 Yes
328
Table 90
Survey Three, Question Three.
Are you between the ages of 18 to 65?
Respondent
ID Yes No
10594631389
10592543726 Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613 Yes
10561345731 Yes
10559610688 Yes
10558924365
10558850146 Yes
10558685153 Yes
10557162374 Yes
10556647426 Yes
10556319920 Yes
10553788808 Yes
10552983398 Yes
10552074281 Yes
10550402764 Yes
10549771608 Yes
10548528015 Yes
10548469322 Yes
10548450420 Yes
10548449124 Yes
10543731948 Yes
329
Table 91
Survey Three, Question Four.
Do you have 5 or more years in the risk field (please include any postgraduate education)?
Respondent
ID Yes No
10594631389
10592543726 Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613 Yes
10561345731 Yes
10559610688 Yes
10558924365
10558850146 Yes
10558685153 Yes
10557162374 Yes
10556647426 Yes
10556319920 Yes
10553788808 Yes
10552983398 Yes
10552074281 Yes
10550402764 Yes
10549771608 Yes
10548528015 Yes
10548469322 Yes
10548450420 Yes
10548449124 Yes
10543731948 Yes
Table 92
Survey Three, Question Five.
For this study we define small to medium enterprises (SMEs) by the European Commission
guidelines: Small (15 million or less in annual revenue) to medium (60 million or less in annual
revenue) sized enterprises that are not subsidiaries of large enterprises or governments, or wholly
330
or partially supported by large enterprises or governments. Please remember that you are free to
not answer any of the following questions that you wish. If a question is asking for information
you do not wish to share, do not answer it.
Respondent
ID Agree Disagree
10594631389
10592543726 Agree
10592389354 Agree
10588959572 Agree
10572611704 Agree
10571628613 Agree
10561345731 Agree
10559610688 Agree
10558924365
10558850146 Agree
10558685153 Agree
10557162374 Agree
10556647426 Agree
10556319920 Agree
10553788808 Agree
10552983398 Agree
10552074281 Agree
10550402764 Agree
10549771608 Agree
10548528015 Agree
10548469322 Agree
10548450420 Agree
10548449124 Agree
10543731948 Agree
331
Table 93
Survey Three, Question Six.
Have you seen SMEs adapt their risk assessment process for Cloud environments in any of the
following ways? Please select all that apply:
332
Respondent
ID
Adding
Cloud
experts
to the
audit
team
Outsourcing
Cloud
audits or
risk
assessments
Break
Cloud audits
or risk
assessments
into smaller
processes
Limit
Cloud
audits or
risk
assessments
to CSP
attestations
Other
(Please
describe)
or any
additional
comments
(We want
your
expertise)?
10594631389
10592543726 Yes Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613
10561345731 Yes Yes
10559610688 Yes Yes Yes
10558924365
10558850146
10558685153 Yes
10557162374 Yes Yes
10556647426 Yes Yes
10556319920 Yes
10553788808 Yes Yes
10552983398 Yes Yes Yes
10552074281 Yes Yes
10550402764 Yes
10549771608 Yes Yes
10548528015 Yes Yes Yes
10548469322 Yes Yes Yes
10548450420 Yes Yes Yes
10548449124
10543731948
333
Table 94
Survey Three, Question Seven.
Have you seen SMEs change how they identify and describe hazards in a Cloud risk assessment
in the ways listed below? Please select all that apply:
334
Respondent
ID
New hazards
specific to
CSP,
infrastructure,
platform, or
service are
included
New
hazards
based on
the
network
path
between
on-
premises
and CSP
are
included
New hazards
based on
specific
differences
between on-
premises and
CSP
environments
are included
No new
hazards
are
included,
existing
on-
premises
definitions
used
Other
(Please
describe)
or any
additional
comments
(We want
your
expertise)?
10594631389
10592543726 Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613
10561345731 Yes Yes Yes
10559610688 Yes Yes
10558924365
10558850146
10558685153 Yes
10557162374 Yes
10556647426 Yes Yes Yes
10556319920 Yes Yes Yes
10553788808 Yes
10552983398
10552074281 Yes Yes Yes
10550402764 Yes Yes
10549771608 Yes Yes
10548528015 Yes
10548469322 Yes Yes
10548450420 Yes
10548449124
10543731948
335
Table 95
Survey Three, Question Eight.
Do you see the results of Cloud environment risk assessments and audits changing the way
SMEs conduct business in a meaningful way as per the choices below? Please select all that
apply.
336
Respondent
ID
Large
IT
budget
reducti
ons
Large
IT
budget
increas
es
Changes in
risk
mitigation
costs or
procedures
Changes
in risk
avoidance
costs or
procedure
s
Changes
in risk
transferen
ce costs or
procedure
s
Changes
in risk
accepta
nce
costs or
procedu
res
Other
(Please
describe)
or any
additional
comments
(We want
your
expertise)
?
105946313
89
105925437
26 Yes Yes
105923893
54 Yes Yes Yes
105889595
72 Yes Yes Yes Yes Yes
105726117
04 Yes Yes
105716286
13
105613457
31 Yes Yes Yes Yes
105596106
88 Yes Yes
105589243
65
105588501
46
105586851
53 Yes
105571623
74 Yes Yes
105566474
26 Yes Yes Yes Yes Yes
105563199
20 Yes Yes Yes Yes
105537888
08 Yes Yes Yes
105529833
98 Yes Yes Yes
105520742
81 Yes Yes Yes Yes Yes
105504027
64 Yes Yes Yes
337
105497716
08 Yes
105485280
15 Yes Yes
105484693
22 Yes Yes Yes Yes
105484504
20
105484491
24
105437319
48
338
Table 96
Survey Three, Question Nine.
When deciding who might be harmed and how, do you see SMEs including new Cloud based
factors such as those listed below? Please select all that apply.
Respondent
ID
National or
international
norms based
on where
the CSP is
based or
operates
National or
international
norms based
on where
the SME is
based or
operates
Specific
legal
requirements
for data such
as GDRP
10594631389
10592543726 Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613
10561345731 Yes
10559610688 Yes
10558924365
10558850146
10558685153
10557162374 Yes
10556647426 Yes
10556319920 Yes
10553788808 Yes
10552983398 Yes
10552074281 Yes
10550402764 Yes
10549771608 Yes
10548528015 Yes
10548469322 Yes
10548450420 Yes
10548449124
10543731948
339
Table 97
Survey Three, Question Ten
When assessing risk of Cloud environments, do you see SMEs changing their process in the
ways listed below? Please select all that apply
340
Respondent
ID
Using CSP
recommended
practices
Using any
IT
governance
frameworks
not
previously
used by the
SME
Using any
IT security
controls not
previously
used by the
SME
Using any
Cloud
security
control
guides not
previously
used by
the SME
Other?
(Please
describe)
Any
additional
comments
(We want
your
expertise)?
10594631389
10592543726 Yes Yes Yes
10592389354 Yes Yes Yes
10588959572 Yes Yes
10572611704 Yes Yes
10571628613
10561345731 Yes Yes Yes Yes
10559610688 Yes Yes
10558924365
10558850146
10558685153 Yes
10557162374 Yes
10556647426 Yes Yes
10556319920 Yes Yes Yes Yes
10553788808 Yes Yes Yes Yes
10552983398 Yes Yes
10552074281 Yes Yes
10550402764 Yes Yes Yes
10549771608 Yes Yes Yes
10548528015 Yes Yes Yes
10548469322 Yes
10548450420 Yes Yes Yes Yes
10548449124
10543731948
341
Table 98
Survey Three, Question Eleven.
Who do you see SMEs assigning risk ownership to regarding Cloud environments? Please select
all that apply.
Respondent
ID
SME
IT
team
SME
security
team
3rd
party
Business
owner
SME does
not change
risk
ownership
procedures
10594631389
10592543726 Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613
10561345731 Yes
10559610688 Yes
10558924365
10558850146
10558685153 Yes
10557162374 Yes
10556647426 Yes
10556319920 Yes
10553788808 Yes
10552983398 Yes
10552074281 Yes
10550402764 Yes
10549771608 Yes
10548528015 Yes
10548469322 Yes
10548450420 Yes
10548449124
10543731948
342
Table 99
Survey Three, Question Twelve.
When identifying controls to reduce risk in Cloud environments, do you see SMEs changing
their process in the ways listed below? Please select all that apply.
Respondent
ID
Primarily
relying
on CSP
provided
controls
Adapting
new
controls
from any
IT
governance
frameworks
Using
any
new
non-
Cloud
specific
IT
security
controls
Using
any
Cloud
security
control
guides
Other?
(Please
describe)
Any
additional
comments
(We want
your
expertise)?
10594631389
10592543726 Yes Yes
10592389354 Yes Yes Yes
10588959572 Yes Yes
10572611704 Yes
10571628613
10561345731 Yes Yes Yes
10559610688 Yes Yes Yes
10558924365
10558850146
10558685153 Yes
10557162374 Yes Yes
10556647426 Yes Yes
10556319920 Yes Yes Yes Yes
10553788808 Yes Yes Yes
10552983398 Yes Yes Yes
10552074281 Yes Yes
10550402764 Yes Yes
10549771608 Yes
10548528015 Yes Yes
10548469322 Yes
10548450420 Yes Yes
10548449124
10543731948
343
Table 100
Survey Three, Question Thirteen
Once controls have been identified for the SME’s Cloud environment, what effect do they have
on existing SME IT controls? Please select all that apply.
344
Respondent
ID
New
Cloud
controls
are kept
separate
from
existing
control
catalogs
New
Cloud
controls
are
combined
with
existing
controls
to form
larger
control
catalogues
New
Cloud
controls
promise
to replace
or reduce
existing
control
catalogs
spurring
increased
Cloud
transitions
New
Cloud
controls
appear
onerous
and
reduce
Cloud
transitions
due to
increased
difficulty
Other
(Please
describe) or
any
additional
comments
(We want
your
expertise)?
10594631389
10592543726 Yes
10592389354 Yes
10588959572 Yes
10572611704 Yes
10571628613
10561345731 Yes
10559610688 Yes
10558924365
10558850146
10558685153
10557162374 Yes
10556647426 Yes
New Cloud
controls
often
incompatible
with existing
controls.
10556319920 Yes Yes
10553788808 Yes Yes
10552983398 Yes
10552074281 Yes
345
10550402764 Yes Yes Yes
10549771608 Yes
10548528015 Yes
10548469322 Yes
10548450420 Yes
10548449124
10543731948
346
Table 101
Survey Three, Question Fourteen.
Have you seen Cloud risk assessments change other previously completed SME risk assessments
in the ways listed below? Please select all that apply.
347
Respond
ent ID
Previou
s risk
assessm
ents
change
d
because
of CSP
location
Previous
risk
assessm
ents
changed
because
of new
legal or
regulato
ry
require
ments
based
on
Cloud
usage
Previous
risk
assessm
ents
changed
because
of new
financial
require
ments
based
on
Cloud
usage
Previous
risk
assessm
ents
changed
because
of new
insuranc
e
require
ments
based
on
Cloud
usage
Previous
risk
assessm
ents
changed
because
of new
market
require
ments
based
on
Cloud
usage
Previous
risk
assessm
ents
changed
because
of new
operatio
nal
require
ments
based
on
Cloud
usage
Previous
risk
assessm
ents
changed
because
of new
strategic
require
ments
based
on
Cloud
usage
Other
(Please
describ
e) or
any
additio
nal
comm
ents
(We
want
your
experti
se)?
1059463
1389
1059254
3726 Yes
1059238
9354 Yes
1058895
9572 Yes
1057261
1704 Yes
1057162
8613
1056134
5731 Yes
1055961
0688 Yes
1055892
4365
1055885
0146
1055868
5153
1055716
2374 Yes
1055664
7426 Yes
1055631
9920 Yes
348
1055378
8808
1055298
3398 Yes
1055207
4281 Yes
1055040
2764 Yes
1054977
1608 Yes
1054852
8015 Yes
1054846
9322 Yes
1054845
0420 Yes
1054844
9124
1054373
1948
349
Table 102
Survey Three, Question Fifteen.
Cloud transitions almost always promise cost savings and Cloud operations usually require less
effort than on-premise IT operations. Cloud transitions, however, increase the risk and audit
teams’ responsibilities, knowledge and skills requirements. How do you see SMEs changing
their risk and audit teams to adapt to Cloud environments? Please select all that apply:
350
Respondent
ID
Increase
size and
budget
of risk
and
audit
teams
Reorganize
or change
structure
of risk and
audit
teams
Increase
outsourcing
or use of
consultants
to perform
Cloud risk
and audit
duties
Increase
workload
of
existing
risk and
audit
teams
Other
(Please
describe)
or any
additional
comments
(We want
your
expertise)?
10594631389
10592543726 Yes Yes
10592389354 Yes
10588959572 Yes Yes Yes
10572611704 Yes Yes Yes Yes
10571628613
10561345731 Yes Yes Yes
10559610688 Yes Yes Yes
10558924365
10558850146
10558685153 Yes
10557162374 Yes Yes Yes
10556647426 Yes Yes
10556319920 Yes Yes Yes Yes
10553788808 Yes Yes
10552983398 Yes
10552074281 Yes Yes Yes
10550402764 Yes
10549771608 Yes Yes
10548528015 Yes Yes Yes
10548469322 Yes
10548450420
10548449124
10543731948
351
Table 103
Survey Three, Question Sixteen.
Any additional comments or recommendations for the follow up survey?
Respondent
ID Answer
10594631389
10592543726
10592389354
10588959572
10572611704
10571628613
10561345731
10559610688
10558924365
10558850146
10558685153
10557162374
10556647426
10556319920
10553788808
10552983398
10552074281
This is some of the
best graduate level
work I have EVER
seen!
10550402764
10549771608
10548528015
10548469322
10548450420
10548449124
10543731948
352
Appendix E Validated survey instrument
SME Cloud Adoption Risk Guidance.
353
Table 104
Question One.
354
Question Choices
SMEs need help evaluating the
risks of Cloud adoption. This
survey is trying to help identify
risks that SMEs should take into
account as they move to the
Cloud. The audience for this
survey is not experienced risk
professionals. The information
provided in this survey is
intended to help business owners
and executives understand the
broad risks involved with
adopting Cloud computing.This
survey is free to use and may be
taken as many times as you like.
Each question has a comment
field if you would like to see any
changes or additions. Additional
comments or requests ca be sent
meersman.org. Each choice may
lead to a different
recommendation. This first
question is on the size of your
risk and audit team. This helps us
make realistic recommendations
for your organization. Your
organization has:
Any links or advice you would
like to share?
IT frameworks
or IT security
configuration
guidelines
CSP (Cloud
service provider)
choice
Type of Cloud
service or
environment
355
Method of
transition
Table 105
Question Two.
Question Choices
Your organization is large enough for a full-time internal audit team.
Your organization probably has an IT framework or IT configuration
standard in place. Your audit and risk team can help gauge the risk
associated with any early decisions that you make about a Cloud
transition. Your organization is large or in a heavily regulated field.
Your organization has well defined processes. Cloud adoption may
require modification of your current policies and procedures or
require new ones. Please select a decision to see more.
Any links or advice you would like to share?
A Full-time
internal risk and
audit team.
External audits
as needed,
including IT
audits.
Only financial
audits as
required.
No real audits
or risk
assessments.
356
Table 106
Question Three.
357
Question Choices
Your organization uses external
risk and audit teams as needed.
Your organization has
experience with providing
answers to a risk and audit
team. You organization may
use an IT standard or
configuration guide. Your
organization may have regular
IT audits. Your usual outside
audit and risk team may not
specialize in Cloud computing.
You may need to engage a new
IT audit and risk firm.
Any links or advice you would
like to share?
Engage
current vendor
for Cloud related
assessments.
Create RFP
for audit vendor
that specializes
in Cloud.
358
Use current
on-premises
guidance for new
Cloud
environment.
Table 107
Question Four.
Question Choices
Your organization has not yet
engaged a risk or audit team for
IT related matters. IT audits can
be part of a regular financial audit
or separate engagements. Your
organization may not have Cloud
expertise in your IT team, or you
may wish to get a less biased
opinion. Possible choices below.
Any links or advice you would
like to share?
Time to start
IT audits,
perhaps Cloud is
the first.
Your Cloud
risk assessment
will be done by
the internal IT
team.
Your Cloud
risk assessment
will be done by
the internal
audit team.
359
Table 108
Question Five.
360
Question Choices
Your organization is not
large enough to require
formal risk or audit
procedures. Unless you
think it is time for your
organization to adopt
formal risk procedures, an
ad-hoc approach to a
Cloud transition could
work. You should make
sure that you have the
requisite Cloud experience
either in your IT staff or
with an outside consultant.
Any links or advice you
would like to share?
Start
piecemeal,
Cloud app by
Cloud app.
Engage a
consultant or
third party for
your Cloud
transition.
Hire a Cloud
expert to join
your IT team.
361
Train
existing IT
team in Cloud.
Table 109
Question Six.
362
Question Choices
Many large enterprises
with full audit and risk
teams use one of the
below for IT governance
or IT security control
standards. If you
recognize one of the
choices below, there is a
standard for how your
risk team performs
evaluations. Each choice
listed leads to links that
can help describe the
Cloud risk assessment
process for that
framework.
Any links or advice you
would like to share?
COBIT
ITIL
ISO/IEC
NIST SP 800-53
NIST
Cybersecurity
Framework
HIPAA
PCI-DSS
GDPR
363
Table 110
Question Seven.
Question Choices
Useful links for an organization such as yours regarding Cloud
frameworks
includes:https://deloitte.wsj.com/riskandcompliance/2018/11/26/moving-
to-the-cloud-engage-internal-audit-
upfront/https://read.acloud.guru/cloud-risk-management-requires-a-
change-to-continuous-compliance-mindset-
bca7252eecd0?gi=10febf09c20chttps://www.icaew.com/technical/audit-
and-assurance/assurance/what-can-assurance-cover/internal-audit-
resource-centre/how-to-audit-the-
cloudhttps://www.corporatecomplianceinsights.com/wp-
content/uploads/2014/12/PwC-A-guide-to-cloud-audits-12-18-
14.pdfhttps://www.pwc.com/us/en/services/risk-assurance/library.html
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so helpful
Not at all
helpful
364
Table 111
Question Eight.
Question Choices
When deciding which CSP to use, the following links should
help.https://www.zdnet.com/article/how-to-choose-your-cloud-provider-
aws-google-or-
microsoft/https://www.researchgate.net/publication/323670366_Criteria_for
_Selecting_Cloud_Service_Providers_A_Delphi_Study_of_Quality-of-
Service_Attributeshttps://lts.lehigh.edu/services/explanation/guide-
evaluating-service-security-cloud-service-providershttps://nordic-
backup.com/blog/10-mistakes-choosing-cloud-computing-providers/
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
365
Table 112
Question Nine.
Question Choices
Besides choosing a Cloud provider(s), the type of Cloud
infrastructure is also important. The following links should
help.https://aws.amazon.com/choosing-a-cloud-
platform/https://www.cloudindustryforum.org/content/code-
practice-cloud-service-
providershttps://kirkpatrickprice.com/blog/whos-
responsible-cloud-
security/https://www.datamation.com/cloud-
computing/iaas-vs-paas-vs-saas-which-should-you-
choose.html
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
366
Table 113
Question Ten.
367
Question Choices
The transition to a Cloud environment can be done many
ways. Each way has different risks and risk assessment
procedures. The links below should
help.https://www.businessnewsdaily.com/9248-cloud-
migration-challenges.htmlhttps://medium.com/xplenty-
blog/how-to-transition-to-the-cloud-the-basics-
75e7ca06f959https://www.365datacenters.com/portfolio-
items/best-practices-to-transition-to-the-
cloud/https://serverguy.com/cloud/aws-migration/
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
368
Table 114
Question Eleven.
Question Choices
Your organization may have some regulatory and framework
guidelines that will impact your Cloud transition. The links below
should help.https://www.ucop.edu/ethics-compliance-audit-
services/_files/webinars/10-14-16-cloud-
computing/cloudcomputing.pdfhttps://read.acloud.guru/cloud-risk-
management-requires-a-change-to-continuous-compliance-mindset-
bca7252eecd0?gi=10febf09c20chttps://www.infoq.com/articles/cloud-
security-auditing-challenges-and-emerging-
approacheshttps://www.pwc.com/us/en/services/risk-
assurance/library.html
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so helpful
Not at all
helpful
369
Table 115
Question Twelve.
370
Question Choices
The choice of a CSP(s) depends on important risk choices. The links
below should help clarify the basis of those risk
choices.https://www.zdnet.com/article/how-to-choose-your-cloud-
provider-aws-google-or-
microsoft/https://www.brighttalk.com/webcast/11673/136325/cloud-
security-and-compliance-solution-for-
smbhttps://www.entrepreneur.com/article/226845https://lts.lehigh.edu/se
rvices/explanation/guide-evaluating-service-security-cloud-service-
providers
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so helpful
Not at all
helpful
371
Table 116
Question Thirteen.
Question Choices
Not only are CSP choices based on important
risk decisions, so too are types of Cloud
computing environments. The links below
should help.https://aws.amazon.com/choosing-a-
cloud-
platform/https://kirkpatrickprice.com/blog/whos-
responsible-cloud-
security/https://www.fingent.com/blog/cloud-
service-models-saas-iaas-paas-choose-the-right-
one-for-your-
businesshttps://blog.resellerclub.com/saas-iaas-
paas-choosing-the-right-cloud-model-for-your-
business/
Any links or advice you would like to share?
Extremely helpful
Very helpful
Somewhat helpful
Not so helpful
Not at all helpful
372
Table 117
Question Fourteen.
373
Question Choices
Once the CSP(s) and type of Cloud computing
environment are chosen, the transition process from on-
premises to the Cloud has risks that need to be assessed.
The links below should
help.https://www.businessnewsdaily.com/9248-cloud-
migration-challenges.htmlhttps://medium.com/xplenty-
blog/how-to-transition-to-the-cloud-the-basics-
75e7ca06f959https://www.365datacenters.com/portfolio-
items/best-practices-to-transition-to-the-
cloud/https://serverguy.com/cloud/aws-migration/
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
374
Not at all
helpful
375
Table 118
Question Fifteen.
376
Question Choices
Your organization most likely does not have specific IT frameworks or
configuration requirements. The links below should help determine what
framework type risks your organization has regarding a Cloud
transition.https://www.ucop.edu/ethics-compliance-audit-
services/_files/webinars/10-14-16-cloud-
computing/cloudcomputing.pdfhttps://assets.kpmg/content/dam/kpmg/ca/pd
f/2018/03/cloud-computing-risks-
canada.pdfhttps://www.pwc.com/us/en/services/risk-
assurance/library.htmlhttp://www.cloudaccess.com/smb/
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
377
Not at all
helpful
Table 119
Question Sixteen.
Question Choices
There are risks to choosing any CSP. Understanding the strengths and
weaknesses of various CSPs will help make clear the risk decisions that
your organization will need to make. The links below should
help.https://www.cloudindustryforum.org/content/8-criteria-ensure-
you-select-right-cloud-service-
providerhttps://searchcloudcomputing.techtarget.com/feature/Top-
considerations-for-choosing-a-cloud-
providerhttps://searchcloudsecurity.techtarget.com/essentialguide/How-
to-evaluate-choose-and-work-securely-with-cloud-service-
providershttps://www.entrepreneur.com/article/226845
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so helpful
Not at all
helpful
378
Table 120
Question Seventeen.
Question Choices
Once a CSP is chosen, there are still
important details to consider such as what
type of Cloud computing environment your
organization plans to use in the CSP. The
risks for each type are well understood and
informed decisions can be made. The links
below should
help.https://kirkpatrickprice.com/blog/whos-
responsible-cloud-
security/https://www.fingent.com/blog/cloud-
service-models-saas-iaas-paas-choose-the-
right-one-for-your-
businesshttps://blog.resellerclub.com/saas-
iaas-paas-choosing-the-right-cloud-model-
for-your-
business/https://www.datamation.com/cloud-
computing/iaas-vs-paas-vs-saas-which-
should-you-choose.html
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so helpful
Not at all
helpful
379
Table 121
Question Eighteen.
380
Question Choices
The way your organization chooses to move to the Cloud raises
several risk questions that should be resolved. The links below
should help.https://www.businessnewsdaily.com/9248-cloud-
migration-challenges.htmlhttps://cloudacademy.com/blog/cloud-
migration-benefits-
risks/https://visualstudiomagazine.com/articles/2018/05/01/moving-
to-the-cloud-a-piecemeal-
strategy.aspxhttps://support.office.com/en-gb/article/move-
completely-to-the-cloud-f46ff7c8-b09e-4cc5-8a37-184fcfec1aca
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
381
Not at all
helpful
Table 122
Question Nineteen.
Question Choices
Your organization has not had to deal with many audits or risk
assessment processes yet. Moving to the Cloud may be your
organization’s most important IT decision. The links below should help
provide general guidance for organizations similar to
yours.https://www.patriotsoftware.com/accounting/training/blog/small-
business-risk-analysis-assessment-
purpose/https://www.himss.org/library/health-it-privacy-
security/sample-cloud-risk-
assessmenthttps://www.isaca.org/Journal/archives/2012/Volume-
5/Pages/Cloud-Risk-10-Principles-and-a-Framework-for-
Assessment.aspxhttps://securityintelligence.com/smb-security-best-
practices-why-smaller-businesses-face-bigger-risks/
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
382
Table 123
Question Twenty.
Question Choices
The choice of CSP has important risk and cost ramifications.
While the best course may be to engage a consultant to help,
the links below should help you understand the choices
more clearly.https://www.businessnewsdaily.com/5851-
cloud-storage-
solutions.htmlhttps://www.cnet.com/news/best-cloud-
services-for-small-
businesses/https://www.insight.com/en_US/solve/small-
business-solutions/cloud-and-data-center-
transformation/cloud-
services.htmlhttps://www.cloudindustryforum.org/content/8-
criteria-ensure-you-select-right-cloud-service-provider
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
383
Table 124
Question Twenty-one.
Question Choices
Even after making the choice of which CSP to
use, you need to decide on the details of your
Cloud computing environment. As with all your
other business decisions, the details are
important. The links below should help you
understand the differences between the types of
Cloud.https://www.businessnewsdaily.com/5851-
cloud-storage-
solutions.htmlhttps://www.fossguru.com/iaas-
cloud-computing-small-
business//https://www.g2.com/categories/cloud-
platform-as-a-service-
paashttps://kirkpatrickprice.com/blog/whos-
responsible-cloud-security/
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
384
Table 125
Question Twenty-two.
Question Choices
How your organization transitions to the Cloud may seem
straightforward but there are risks associated with any method you
choose. The links below should help you understand those risks and
make appropriate choices.https://lab.getapp.com/security-risks-of-
cloud-
computing/https://www.forbes.com/sites/theyec/2018/12/18/cloud-
computing-for-small-businesses-what-you-need-to-
know/https://www.businessnewsdaily.com/9248-cloud-migration-
challenges.htmlhttps://www.upwork.com/hiring/development/moving-
to-cloud-servers/
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
385
Table 126
Question Twenty-three.
Question Choices
Your organization may follow the COBIT framework. Useful links
include:http://www.isaca.org/Knowledge-
Center/Research/Pages/Cloud.aspxhttps://www.researchgate.net/publication/31186
3817_COBIT_Evaluation_as_a_Framework_for_Cloud_Computing_Governanceh
ttps://cloudsecurityalliance.org/working-groups/cloud-controls-matrix/
Any links or advice you would like to share?
Extre
mely
helpful
Very
helpful
Some
what
helpful
Not so
helpful
Not at
all
helpful
386
Table 127
Question twenty-four.
Question Choices
Your organization may use the ITIL service delivery framework. Useful links
include:https://www.simplilearn.com/itil-key-concepts-and-summary-
articlehttps://www.informationweek.com/devops/itil-devops-whatever—the-
labels-dont-matter/d/d-
id/1332650https://www.itilnews.com/index.php?pagename=ITIL_and_Cloud_
Computing_by_Sumit_Kumar_Jhahttps://www.axelos.com/news/blogs/march-
2019/itil-4-and-cloud-based-services
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
387
Table 128
Question Twenty-five.
388
Question
Choice
s
Your organization may follow ISO/IES JTC 1 policies. ISO/IEC JTC 1/SC 38
is Cloud specific. Useful links
include:https://www.iso.org/committee/601355.htmlhttps://www.iec.ch/dyn/w
ww/f?p=103:22:0::::FSP_ORG_ID:7608https://www.itworldcanada.com/blog/
cloud-computing-standards-update-iso-jtc1sc38-2/380069
Any links or advice you would like to share?
Extre
mely
helpful
Very
helpful
Som
ewhat
helpful
389
Not
so
helpful
Not
at all
helpful
Table 129
Question Twenty-six.
Question Choices
PCI-DSS is a security standard for SMEs that handle credit card transactions.
Some useful links
include:https://www.pcisecuritystandards.org/https://www.bigcommerce.co
m/blog/pci-compliance/https://www.paymentsjournal.com/gdpr-and-pci-dss/
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
390
Table 130
Question Twenty-seven.
Question Choices
Your organization may have compliance based IT security policies.
NIST 800-53 and NIST CF are widely used. Useful links
include:https://www.nist.gov/programs-projects/nist-cloud-
computing-program-nccphttps://www.nist.gov/baldrige/products-
services/baldrige-cybersecurity-
initiativehttps://docs.aws.amazon.com/quickstart/latest/compliance-
nist/templates.htmlhttps://docs.microsoft.com/en-
us/azure/security/blueprints/nist171-paaswa-overview
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
391
Table 131
Question Twenty-eight.
392
Question Choices
The NIST CF provides a policy framework for Cybersecruity.
Useful links include:https://www.nist.gov/baldrige/products-
services/baldrige-cybersecurity-
initiativehttps://www.nist.gov/programs-projects/nist-cloud-
computing-program-
nccphttps://docs.aws.amazon.com/quickstart/latest/compliance-
nist/templates.htmlhttps://docs.microsoft.com/en-
us/azure/security/blueprints/nist171-paaswa-overview
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
393
Not at all
helpful
Table 132
Question Twenty-nine.
Question Choices
HIPAA has very distinct requirements for IT and Cloud usage.
Some useful links include:https://www.hhs.gov/hipaa/for-
professionals/special-topics/cloud-
computing/index.htmlhttps://aws.amazon.com/compliance/hipaa-
compliance/https://hosting.review/file-storage/hipaa-compliant-
cloud-
storage/https://hitinfrastructure.com/features/understanding-
hipaa-compliant-cloud-options-for-health-it
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so helpful
Not at all
helpful
394
Table 133
Question Thirty.
Question Choices
GDPR is a new requirement for many SMEs. Some useful
links may be found below:https://gdpr-
info.eu/https://martechtoday.com/guide/gdpr-the-general-
data-protection-
regulationhttps://www.cloudindustryforum.org/content/cloud-
and-eu-gdpr-six-steps-
compliancehttps://www.paymentsjournal.com/gdpr-and-pci-
dss/
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
395
Table 134
Question Thirty-one.
Question Choices
The Center for Internet Security has many good tools
and guides for Internet and Cloud Security
including:https://www.cisecurity.org/white-
papers/cis-controls-cloud-companion-
guide/https://www.cisecurity.org/cis-
benchmarks/https://www.cisecurity.org/cybersecurity-
best-practices/
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
396
Table 135
Question Thirty-two.
Question Choices
The CSA has many useful procedures and practices. Some oft good ones
include:https://cloudsecurityalliance.org/https://aws.amazon.com/complianc
e/csa/https://www.microsoft.com/en-us/trustcenter/compliance/csa-self-
assessment
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
397
Table 136
Question Thirty-three.
Question Choices
There are many links to recommendations for AWS security, some of the
good ones include:https://aws.amazon.com/compliance/security-by-
design/https://d1.awsstatic.com/whitepapers/compliance/Intro_to_Securit
y_by_Design.pdfhttps://s3-us-west-2.amazonaws.com/uw-s3-cdn/wp-
content/uploads/sites/149/2018/12/28193639/Tim-
Sandage_Amazon_Secure-By-Design-%E2%80%93-Running-Compliant-
Workloads-on-AWS.pdf
Any links or advice you would like to share?
Extremely
helpful
Very helpful
Somewhat
helpful
Not so helpful
Not at all
helpful
398
Table 137
Question Thirty-four.
Question Choices
There are many links to recommendations for Azure security, some of the
good ones
include:https://www.cisecurity.org/benchmark/azure/https://docs.microsoft.co
m/en-us/azure/security/security-best-practices-and-
patternshttps://talkingazure.com/posts/exploring-azure-security-center-virtual-
machine-baseline/
Any links or advice you would like to share?
Extremely
helpful
Very
helpful
Somewhat
helpful
Not so
helpful
Not at all
helpful
Exploring the Strategies of Enhanced Organizational Learning in Small- and M edium-
Sized Enterprises
Dissertation
Submitted to Northcentral University
Graduate Faculty of the School of Business and Technology M anagement
in Partial Fulfillment of the
Requirements for the Degree of
DOCTOR OF PHILOSOPHY
by
KAREN A. B. COCHRAN
Prescott Valley, Arizona
March 2013
UMI Number: 3569892
All rights reserved
INFORMATION TO ALL USERS
The quality o f this reproduction is dependent upon the quality o f the copy submitted.
In the unlikely event that the author did not send a com plete m anuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
UMI
Dissertation PiiblishMig
UMI 3569892
Published by ProQuest LLC 2013. Copyright in the Dissertation held by the Author.
Microform Edition © ProQ uest LLC.
All rights reserved. This w ork is protected against
unauthorized copying under Title 17, United States Code.
ProQuest LLC
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, Ml 48106-1346
Copyright: 2013
Karen A.B. Cochran
APPROVAL PAGE
Exploring the Strategies o f Enhanced Organizational Learning in Small and Medium-
Sized Enterprises
By
Karen A.B. Cochran
Approved by:
VP Academic Affairs: HeatherTrederick Ph.D. Date
Certified by:
< $ ‘ 7 – 2 0 / 3
School Dean: A. Lee Smith, Ph.D. Date
Abstract
Fluctuations in the global economy, transforming industries, and increased business
bankruptcies have compelled the leaders of industrial organizations to focus on
increasing organizational learning capacity. The problem studied was that a sound
strategy for leaders of small and medium-sized enterprises (SMEs) to increase
organizational learning did not exist. The qualitative multiple-case study referenced
complexity leadership theory (CLT) to explore and identify strategies that increased
organizational learning within the business acumen and subsequently aided SM E leaders
in sustaining economic competitive status. Data were collected through face-to-face
interviews with twelve SME leaders representing four embedded case-study sites on the
east and west coasts of the United States. The SME leaders were representative of the
SME industrial manufacturing sector, which provides 86% o f employment in the United
States. The participants had no distinction between the tasks of establishing a strategic
plan and implementing a tactical plan; and were responsible for financial sustainability,
daily operations, and talent management. Analysis of data from the individual cases was
followed by a cross-case synthesis, resulting in four themes (a) communication, (b)
learning environment, (c) compensation, and (d) innovation. The study results revealed a
strategy which utilized a flat-lined organizational structure to enable rapid,
unembellished, and transparent communication, and cultivated an open learning
environment. Expressive ideas were welcomed, innovation generated new product
offerings, and market capabilities were expanded. SME leaders subsequently offered
increased compensation and consequently talent was retained. The organizational
structure, and the creation of open learning environments by the SME leaders promoted
the emergence of complex adaptive systems. The study results provided a theoretical
answer to the problem statement; met the intended purpose o f the study; and contributed
to the learning theory body of knowledge. The study advanced the knowledge base
regarding how leaders of SME companies approach increasing organizational learning to
sustain the business. CLT translated beyond the realm of education and contributed to
increasing organizational learning in the industrial manufacturing sector. Future studies
should be conducted to include the perspectives o f the SME workforce. Additionally
CLT should be examined in the services industries sector.
v
Acknowledgments
The stamina required to complete the journey was a gift from my father, the late Clarence
Patrick Buote, who taught me very early in life that I could do anything as long as I
focused my mind. Daddy, I am you, I love you, I miss you, and I know you are sharing
in this moment.
To my mother Rainey, thank you for the hugs, neck rubs, prayers, and having the faith in
me when I knew the impossible was winning. I would have been ABD if not for your
continuous love and encouragement.
To my other half Steve, thank you for the countless hours of our relationship you have
graciously surrendered while I buried my face on a computer screen. You watered and
fed me, and made me go to bed. It is now time for our lives together without
interruption, and alas the celebratory cruise.
To my son, James, I thank you for instigating this journey on my M BA graduation day
with your question, “So when are you going to be a doctor” ? You have been a
tremendous source of discussion, knowledge, encouragement, and love. You are an
inspiration to me and all of your students. I am so very proud of you; all my love, Mom.
To my chair, Dr. Steve Munkeby, from the marathon phone calls to the bar-b-que dinners
in Huntsville, your guidance, patience, and willingness to listen have enabled me to grow
academically and as a person. I am forever grateful for everything you have given me.
To Dr. Ying Liu, thank you for your critiques and support. I hope to see you in New
York sometime in the near future. To my editors, Toni Williams and A licia Clayton,
thank you for helping translate a large body of effort into a cohesive, smooth flowing
manuscript of meaningful jargon. I am blessed to have found all of you.
To the participants, thank you for your candor and willingness to share with me your
time, thoughts, and strategies. Thank you for what you do for our Nation and to protect
our Freedom. You are heroes. You have given me a gift that will never be replicated.
To Dr. R. Marion and Dr. M. Uhl-Bien, thank you for your fascinating translation of
biological complex adaptive systems to the theoretical existence within exploratory
fields. I have found many CAS on my doctoral journey and am excited to expand CLT. I
look forward to working with you in the future.
To my boss, Laura Truax, who would send me e-mails with a reference: D o not read this,
you should be working on your paper, the instantaneous generated smile was better than
any energy drink. Your time-management and multitasking examples got me to the end.
To many, many coworkers, family, and friends who have supported, encouraged, and
prayed for me, knowing I had to provide you with milestone check-ins kept me going.
Your belief in me provided light during the dark hours, and yes, you have to call me
doctor, at least for a few months. Finally, Donna and Harold Acosta— start the paella!
vi
Table of Contents
List of T a b le s………………………………………………………………………………………………………………..ix
List of Figures……………………………………………………………………………………………………………….. x
Chapter 1: Introduction………………………………………………………………………………………………….. 1
Background………………………………………………………………………………………………………………2
Statement of the Problem…………………………………………………………………………………………. 5
Purpose of the S tudy…………………………………………………………………………………………………6
Theoretical Framework……………………………………………………………………………………………. 7
Research Questions…………………………………………………………………………………………………..9
Nature of the S tudy………………………………………………………………………………………………… 10
Significance of the S tudy……………………………………………………………………………………….. 12
Definition of Key Term s………………………………………………………………………………………… 13
Sum m ary……………………………………………………………………………………………………………….. 18
Chapter 2: Literature Review……………………………………………………………………………………….. 20
Documentation………………………………………………………………………………………………………. 20
Historical Perspective of Business M anagem ent……………………………………………………. 23
Individual Learning Theories…………………………………………………………………………………. 26
Organizational Learning Theory…………………………………………………………………………….. 30
Complexity T heory…………………………………………………………………………………………………38
Complexity Leadership Theory: The Nascent D isciplines……………………………………… 40
Complexity Leadership Theory: The Context o f S M E s…………………………………………..50
Complexity Leadership Theory: Framework L im itations………………………………………. 62
Competitive Edge……………………………………………………………………………………………………64
Implementation of Change— R esisters…………………………………………………………………… 65
Sum m ary………………………………………………………………………………………………………………..68
Chapter 3: Research M ethod…………………………………………………………………………………………70
Research Method and D e s ig n ………………………………………………………………………………… 71
Population………………………………………………………………………………………………………………74
Sample…………………………………………………………………………………………………………………… 75
M aterials/Instruments……………………………………………………………………………………………. 77
Data Collection, Processing, and A nalysis…………………………………………………………….. 79
Assumptions………………………………………………………………………………………………………….. 83
Lim itations……………………………………………………………………………………………………………. 83
Delimitations…………………………………………………………………………………………………………. 84
Ethical Assurances………………………………………………………………………………………………….84
Sum m ary………………………………………………………………………………………………………………..86
Chapter 4: Findings……………………………………………………………………………………………………… 88
Results…………………………………………………………………………………………………………………… 89
Evaluation of Findings…………………………………………………………………………………………. 108
Sum m ary……………………………………………………………………………………………………………… 131
Chapter 5: Implications, Recommendations, and C onclusions…………………………………… 133
Implications…………………………………………………………………………………………………………..136
Recommendations………………………………………………………………………………………………… 145
Conclusions………………………………………………………………………………………………………….. 148
References…………………………………………………………………………………………………………………. 150
Appendices………………………………………………………………………………………………………………… 168
Appendix A: Permission to Conduct Research— Case A ……………………………………….169
Appendix B: Permission to Conduct Research— Case B ……………………………………….170
Appendix C: Permission to Conduct Research— Case C ……………………………………….171
Appendix D: Permission to Conduct Research— Case D ……………………………………….172
Appendix E: Various Contributions of Researchers to Learning T h eo ry………………..173
Appendix F: Assessment Protocol………………………………………………………………………… 180
Appendix G: Source Map for Assessment Protocol Instrument…………………………….. 183
Appendix H: Participant— Informed Consent F orm ……………………………………………….187
Appendix I: Transcription Instructions…………………………………………………………………. 189
viii
List of Tables
Table 1 Literature Review Synthesis: Span o f T im e ………………………………………………………22
Table 2 Case-Study Site Candidate Performance H istories…………………………………………..76
Table 3 Data Reduction and A nalysis……………………………………………………………………………81
Table 4 Research Question Q l: Emergent Them es……………………………………………………. 91
Table 5 Research Question Q l, Prominent Theme: Communication………………………….. 91
Table 6 Research Question Q2: Emergent Them es…………………………………………………….. 93
Table 7 Research Question Q2, Prominent Theme: Innovation……………………………………94
Table 8 Research Question Q3: Em ergent Them es…………………………………………………….. 96
Table 9 Research Question Q3, Prominent Theme: Communication……………………………..96
Table 10 Research Question Q4: Emergent Them es…………………………………………………… 97
Table 11 Research Question Q4, Prominent Theme: Compensation…………………………….98
Table 12 Research Question Q5: Emergent T hem es…………………………………………………..100
Table 13 Research Question Q5, Predominant Theme: Highest quality p r o d u c t 101
Table 14 Research Question Q6: Emergent T hem es…………………………………………………..102
Table 15 Research Question Q6, Prominent Theme: Integrity…………………………………… 102
Table 16 Overarching Themes…………………………………………………………………………………….104
Table 17 Strategies to Enhance Organizational Learning and Theoretical Inference… 130
ix
List of Figures
Figure 1. Literature search strategy……………………………………………………………………………. 21
Figure 2. Conceptual model of traditional hierarchical organizational structure 43
Figure 3. Conceptual model of complex leadership theory organizational structure 44
Figure 4. Conceptual model of complex adaptive systems……………………………………….49
Figure 5. Model of culture of competitiveness, knowledge development, and cycle time
performance in supply chains………………………………………………………………………………………. 65
Figure 6. Multiple-case-study design for the study that demonstrates three people were
interviewed in each case………………………………………………………………………………………………. 73
Figure 7. Methodology implementation flow ……………………………………………………………….74
1
Chapter 1: Introduction
The U.S. Census Bureau (2009) defined small and medium-sized enterprises
(SMEs) as companies with less than 500 employees. The U.S. Department of Labor
Bureau of Labor Statistics (USDLBLS, 2009) indicated SMEs provided 86% of
employment in the United States in March 2008. More than half of the SMEs are
industrial manufacturing firms, and provided products to the aerospace and automotive
industries (Platzer, 2009). Orders from larger corporations, such as General Motors, to
SMEs contribute in excess of $100 billion annually to the global economy (Gilbert,
Rasche, & Waddock, 2011; Thorton, 2010). Small and medium-sized enterprises are
therefore considered a business sector with significant impact to employment and the
global economy (American Bankruptcy Institute [ABI], 2009; Fulton & Hon, 2009;
Platzer, 2009; USDLBLS, 2009).
Large corporate and SME business leaders recognize the need to address the
dynamics of the current economic landscape to avoid the downward trend in productivity
and to protect the sustainability of their companies (ABI, 2009; Area & Prado-Prado,
2008). Traditional means of trimming budgets and reducing costs have created internal
savings (Prokopeak et al., 2011). However, the resultant savings are retained rather than
reinvested in hiring new workers and expanding the business (Prokopeak et al., 2011).
Consequently, 21st-century corporate and SME leaders are seeking alternative means of
internal growth for business sustainability and to gain competitive advantage in the
marketplace (Crawford, Hasan, W am e, & Linger, 2009).
Chapter 1 includes the background of the study, the problem and purpose
statement, and the theoretical framework. Also included in Chapter 1 are the research
questions; the nature and significance of the study; and definitions o f the terms used in
the study. The chapter ends with a summary.
Background
The ABI (2009) noted a downward trend in the domestic economy beginning in
early 2008. From the first quarter of 2008 to the first quarter of 2009, business
management in the United States posted a 64.3% increase in business bankruptcy filings
(ABI, 2009). By the third quarter of 2009, a record number o f U.S. companies (4,585)
had filed for protection under U.S. Bankruptcy Code Chapter 11 (ABI, 2009). The
increase in bankruptcies among larger corporations, the largest of which was General
Motors with $91 billion in assets, led to a disruption in orders to SMEs and subsequently
contributed to more than 42% of bankruptcies in manufacturing SMEs (ABI, 2009; Ben-
Ishai & Lubben, 2011; Lubben, 2009).
Unemployment in the United States continued to increase from 5.4% in January
2008, to 8.5% in January 2009, to 10.4% in January 2010 (“Notes on Current,” 2011;
USDLBLS, 2010a). Increased manufacturing costs were passed to consumers, and,
concurrent with the rise in unemployment, individual consumer bankruptcy filings
increased by 33.4% (ABI, 2009). The spiral affected the SME community through the
disruption of orders, the resultant layoffs, increased labor costs, and increased price of
consumer goods and provided a reason for a new strategy (Ben-Ishai & Lubben, 2011;
Lubben, 2009). Recent statistical data have demonstrated an erosion o f the infrastructure
o f domestic SME business.
PriceWaterhouse Coopers (PwC) is an internationally recognized com pany
providing industry-focused services in the fields o f economics, human resources, and
performance improvement. The services include conducting surveys and audits
following various international standards. For example, IS09001 and IS014001 are
guidelines used for quality and environmental systems evaluations. Additionally the
ISO17021 standard is used as a measurement for conformance assessments. Safety and
health systems are evaluated under OHS AS 18001. The scientific and academic
communities often recognize, rely upon, and cite the audits and surveys PwC conducted
(Barua et al., 2010; Hossenini, 2011; Igartua, Garrigos, & Hervas-Oliver, 2010; Kerezsi,
Ko, & Antal, 2011; M ishra & Suar, 2010; Mueller, Dos Santos, & Seuring, 2009; Phoebe
Putney Medical Center, 2006; University o f Oxford, 2010).
Respondents to the 2011 PwC Annual Global CEO Survey indicated a focus on
increasing organizational learning capacity was more important than traditional executive
priorities of managing risk, managing corporate reputation, or adjusting capital structures.
The suggestion was the first of its kind in the 14-year history of the survey. Diminished
sales, stagnated business, and the ultimate loss of competitive advantage have forced
business executives to establish a new business priority: increasing learning capacity
(PwC, 2011).
The concept of learning organizations first received significant acknowledgment
when Senge published The Fifth Discipline in 1990. Senge proposed a sound strategy to
increase the learning capacity o f the workforce would subsequently result in a
competitive advantage for the learning organization. The strategy should include a focus
on acquiring certain skill sets or competencies relative to the business and executing a
technique or discipline (Senge, 1990). Senge (1990, 2006) identified five specific
disciplines as critical to organizational learning (a) systems thinking, (b) personal
mastery, (c) mental models, (d) shared vision, and (e) team learning. Senge (2006) noted
organizational learning occurs when workers comprehend how their company really
operates (systems thinking), learn to be approachable and receptive of others (personal
mastery), are amenable to new and creative ways o f thinking (mental models), formulate
plans based on consensus (shared vision), and work in harmony to achieve that vision
(team learning).
Senge’s (2006) message resonates for contemporary SME leaders. D ata from the
PwC survey indicated 83% of the respondents intended to focus on five disciplines as
they change and adapt their strategies to address the changed economic topography
(PwC, 2011). First, business leaders would examine the discipline of the organizational
structure, or systems thinking, to ensure businesses have the right talent to compete
(Carson, Tesluk, & Marrone, 2007; Crawford et al., 2009; PwC, 2011). Second, business
leaders realized improving the skills of the workforce and improving infrastructure are
achieved and sustained through the discipline of collaboration or personal mastery of
relationships with both customers and suppliers (PwC, 2011; Rousseau, Aube, & Savoie,
2006). Third, business leaders would focus on the discipline of innovation, or mental
models, in the context of new patterns of demand in an emerging m arket (Joo & Lim,
2009; PwC, 2011). Fourth, leaders would develop the discipline of a shared vision that
promotes innovation and learning capacity (Dierdorff, Bell, & Belohlav, 2011; Gundlach,
Stoner, & Zivnuska, 2006). Last, leaders must develop the discipline o f talent
management or mature the existing skills o f the workers to avoid stagnation and prevent
collapse of the shared vision (Elloy, 2008).
5
Statement of the Problem
The respondents to the PwC (2011) survey noted the lack of a sound strategy in
perfecting the new priority of enhancing organizational learning. The leaders of SMEs
have burdens that differ from the chief executive officers (CEOs) of large corporations
(Harris, 2009; Ottesen & Gronhaug, 2004). The nuances are magnified when the
leadership of SMEs attempt to implement obvious solutions to improve the business
acumen. For example, SME leaders have limited resources and therefore may not have a
separation between the strategic leadership and the tactical implementation team. The
integration of the strategic and tactical team is a distinguishing characteristic from a
corporate CEO. Further, the leaders of SMEs are often enmeshed in the daily efforts of
material and product shortages, production line stoppages, product defects, processes, and
the individuals performing the processes (Pittaway & Rose, 2006). Finally, minimal
resources inhibited the ability to develop internal critical skills, engage in collaboration,
and sustain the viability of a company (Harris, 2009).
The research study addressed the problem that a sound strategy for SM E leaders
to increase organizational learning did not exist (Fulton & Hon, 2009; Garcia-M orales,
Llorens-Montes, & Verdu-Jover, 2007; PwC, 2011). Deficiencies in organizational
learning became apparent through a 24% reduction in organizational sustainability when
leadership did not address organizational learning capacity (USDLBLS, 2010b).
Business leader respondents have acknowledged the strategy was missing (Burke, 2008;
PwC, 2011).
6
Purpose o f the Study
The purpose of the qualitative multiple-case study was to explore and identify
strategies that would potentially increase organizational learning and subsequently aid
SME leaders in sustaining an economic competitive status. Provisional disciplines
propelled the creation of knowledge about and in the performing environment (Senge,
1990). Contemporary business leaders have identified the nascent disciplines of
organizational structure, innovation, shared vision, collaboration with customers and
suppliers, and talent management as critical to increasing organizational learning capacity
(Andert, Platt, & Alexakis, 2011; Area & Prado-Prado, 2008; Carson et al., 2007;
Dierdorff et al., 2011; Gundlach et al., 2006; Joo & Lim, 2009; PwC, 2011; Ruiz-
Mercader, Merono-Cerdan, & Sabater-Sanches, 2006). The study results advanced the
theoretical knowledge base regarding how leaders of SMEs approach increasing
organizational learning to sustain the business. The study results also supported
formative recommendations on how SME leaders within the industrial manufacturing
sector can increase organizational learning capacity.
The case-study sites were four leading industrial manufacturing SMEs located on
both the east and the west coasts o f the United States that were representative of the SM E
industrial manufacturing sector, which provides 86% of employment in the United States,
and are willing to participate in the study (see Appendices A, B, C, and D; see also
Platzer, 2009; USDLBLS, 2009). The sample sites were information rich and the
participants provided considerable insight to the strategy that was o f central importance
to the purpose of the study (Patton, 2002). The SME leaders at each case-study site were
responsible for the daily efforts of material and product shortages, production line
7
stoppages, product defects, processes, and the individuals performing the processes; had
limited human resources; and had no distinction between the roles of establishing
strategic plans and implementing tactical plans (Harris, 2009; Pittaway & Rose, 2006).
Theoretical Framework
The theoretical framework for the study was based in learning theory.
Specifically, the research study included a reliance on the perspective of com plexity
leadership theory (CLT; Uhl-Bien, Marion, & McKelvey, 2007). The seminal theories of
single-loop learning (SLL) and double-loop learning (DLL) provided a historical
theoretical platform toward the disciplines of Senge (Argyris, 1977, 1982, 1994; Argyris
& Schon, 1978; Senge, 1990). The provisional disciplines identified by Senge (1990) as
(a) systems thinking, (b) personal mastery, (c) mental models, (d) shared vision, and (e)
team learning translated to the nascent modem disciplines o f (a) organizational structure,
(b) collaboration, (c) innovation, (d) shared vision, and (e) talent management. The
contemporary disciplines occurred within CLT.
The concept of SLL, described as routine learning, was first disseminated in the
late 1970s (Argyris, 1977, 1982, 1994). Single-loop learning involves the detection and
correction of an error without changing the behaviors and actions that produced the error
and without the ability to challenge policy and procedure (Argyris & Schon, 1978; W ong
& Cheung, 2008). Consequently, the individual making a mistake is destined to repeat
the mistake. The leadership of such organizations often reprimands workers, creating an
atmosphere of silence and low morale (Wong & Cheung, 2008).
Similar to SLL, the term adaptive learning emerged in the early 2000s and is
descriptive of incremental adjustments based upon past decisions (M urray & Chapman,
8
2003; Wilkens, Menzel, & Pawlowsky, 2004; W ong & Cheung, 2008). Although
researchers consider SLL to be conducive to individual learning, SLL does not promote
enhanced learning for the overarching organization (Wong & Cheung, 2008). The SLL
philosophy of leaving policies intact continues and mistakes are repeated.
Argyris subsequently introduced the concept of DLL, or learning that challenges
the status quo (Argyris, 1977; Argyris & Schon, 1978). Double-loop learning occurs
when an individual identifies an error, is subsequently able to correct the error, and
receives further encouragement to challenge the policy and procedures that may have
precipitated the error (Argyris & Schon, 1978; W ong & Cheung, 2008). Double-loop
learning fosters individual learning and promotes enhanced learning for the overarching
organization (Argyris & Schon, 1978; Wong & Cheung, 2008).
Similar to the disciplines of personal mastery, mental models, and shared vision
that Senge (1990) described, DLL is realized when the employee is committed to
assuming accountability within the work environment and pursues candor with
teammates (Argyris, 1994). Double-loop learning contrasts with the communication
techniques demonstrated during focus groups, or with surveys that claim anonymity but
do not necessarily practice the provision. Additionally the familiar techniques block
organizational learning and encourage defensive behaviors (Uhl-Bien & M arion, 2009).
Leaders of SMEs do not have as many human capital resources as leaders of
larger corporations (U.S. Census Bureau, 2009). The leaders therefore seek
organizational structures of an appropriate size for their respective businesses and
provide interaction among the SME community membership (Uhl-Bien & M arion, 2009).
Including the concepts of DLL and the disciplines o f Senge (2006), CLT has emerged as
9
a new theoretical means of increasing organizational learning. Described as the study of
the connection and involvement of complex adaptive systems (CASs) within larger
organizing systems, CLT is the basis for leaders who enable learning (Uhl-Bien &
Marion, 2009).
The understanding of CLT and the ensuing impact at the operational level of
companies are in initial stages (Lichtenstein et al., 2006). The concept of shared
leadership, sometimes described as CLT or alternating leadership was recently modeled
and suggested as a possible means of increasing organizational learning (Andert et al.,
2011). The disciplines of organizational structure, collaboration, innovation or the
emergence of new ideas, shared vision, and talent management are contributing factors to
organizational learning (Uhl-Bien et al., 2007). The participants in the 2011 PwC survey
expressed an intention to focus on the named disciplines. The research study contributed
to the expansion of CLT by considering how SM E leaders use the disciplines of
organizational structure, collaboration, innovation, shared vision, and talent management
to enhance organizational learning strategically.
Research Questions
Yin (2009) noted the definition of the unit of analysis, in this instance the
individual cases embedded in the multiple-case-study design, relate to the development o f
the research questions. According to SME leaders, the primary need has been to establish
a strategy for increasing organizational learning within SM E businesses and to
understand how to use the identified disciplines to foster an environment in which
knowledge accrues (Uhl-Bien et al., 2007). Following Y in’s (2009) recom m endation, the
research questions were discussed with colleagues to ensure the questions addressed the
purpose of the study, as well as to ensure participants from the specific case-study sites
could answer the questions. The following research questions served to explore and
identify the overall strategy for enhancing organizational learning within SMEs.
Organizational learning is a basic platform to advance the internal business acumen of
employees and to increase the survival rate of businesses (Sanches, Vijande, & Gutierrez,
2011). The focus of the study was the main research question: How do SME leaders
responsible for the financial health and survival o f an SME enhance organizational
learning in the industrial manufacturing sector? The following questions supported this
inquiry:
Q l . How do SME leaders use the discipline of organizational structure to
enhance learning capacity?
Q2. How do SME leaders support the emergence o f new ideas?
Q3. How do SME leaders support knowledge sharing?
Q4. How do SME leaders use the discipline of talent management to enhance
organizational learning?
Q5. How do SME leaders use the discipline of shared vision to enhance
organizational learning?
Q6. How do SME leaders demonstrate commitment to enhanced
organizational learning?
Nature o f the Study
The basis o f the research design was an embedded multiple-case approach to
explore and identify strategies that may increase organizational learning and subsequently
aid SME leaders in sustaining economic competitive status. Yin (2009) noted case
studies are the preferred method for examining contemporary events and when a
researcher cannot manipulate the relevant behaviors. Exploring the strategies employed
by SME leaders to increase organizational learning is contemporary, and researchers
cannot manipulate the behaviors of SME leaders or the individual workforce o f the
SMEs.
Data collection for the research study was field-based, was qualitative, and
provided the opportunity to understand the details o f the issue (Yin, 2009). The study
involved personal interviews using a semistructured interview protocol with SME leaders
directly responsible for increasing organizational learning (Kvale & Brinkm ann, 2009;
Seidman, 2006; Yin, 2009). The use of personal interviews provided the opportunity to
discover the disciplines employed by each SME leader.
The interview protocol included questions about leadership assumptions centric to
enhancing organizational learning (Senge, 1990, 2006; Yin, 2009). The focus of the
specific set of questions was to acquire an understanding about leadership assumptions
regarding the disciplines of enhanced organizational learning and the integration o f the
suggestions of CLT (Senge, 2006; Uhl-Bien et al., 2007; Yin, 2009). The questions were
open-ended and allowed personal interpretations and perspectives to em erge (Yin, 2009).
Data reduction and analysis commenced following the transcription o f the
interviews. The research data were analyzed using content analysis and descriptive
statistics (Miles & Huberman, 1994). A coding approach prescribed for qualitative data
analysis with multiple participants, multiple sites, and interviews followed (Bogdan &
Biklen, 2007; Namey, Guest, Thairu, & Johnson, 2008; Saldana, 2009; Schram, 2006;
Yin, 2009). A multiple-case embedded design, rather than a single-case study, allowed
12
for cross-case comparisons and possible replication (Caniels & Romijn, 2008; Voss,
Tsikriktsis, & Frohlich, 2002; Yin, 2009). Data codes were used as the basis for cross
case comparison (Yin, 2009). The final analysis involved an attempt to understand
common practices and use of the disciplines of organizational learning M iles &
Huberman, 1984; Patton, 2002; Yin, 2009). The study results included the disciplines
that influenced enhance organizational learning for SMEs.
Significance o f the Study
The study of strategies that may increase organizational learning within SMEs
was significant for three reasons. First, SMEs provide 86% o f employment in the U.S.
industrial manufacturing sector (USDLBLS, 2009). The continued rise in unemployment
over 3 consecutive years, from 5.4% in January 2008 to 10.4% in January 2010,
encouraged a focus on an industry sector that provides a substantial job market platform
and is seeking relief from the rise in unemployment (USDLBLS, 2010a).
Second, SME leaders have expressed that a focus on increasing organizational
learning is more important than traditional executive priorities of managing risk,
managing corporate reputation, or adjusting capital structures (PwC, 2011). The SM E
leaders expressed an uncertainty in how to develop such a strategy (Ben-Ishai & Lubben,
2011; Lubben, 2009; PwC, 2011). An exploration of the disciplines leaders used to build
a strategy to increase organizational learning was therefore essential in an industry that
contributes to such a large percentage o f U.S. domestic employment (Bochner et al.,
2008; Burke, 2008; PwC, 2011; Senge, 2006).
Third, knowledge is considered an article of trade. The brisk enhancement of
knowledge and subsequent translation o f innovation to the market space are often critical
13
factors of organizational survival (Uhl-Bien et al., 2007). An understanding by business
leaders regarding how to increase organizational learning m ay provide a path for SME
leaders to increase the opportunity to remain in business and become viable for long-term
survival (Burke, 2008; Crawford et al., 2009; PwC, 2011). The study results advanced
the knowledge base regarding how SME leaders approach increasing organizational
learning and provide an understanding of the disciplines and gaps relevant to the theories
of enhanced organizational learning.
The literature contains a discussion of the absence of an approach to enhanced
organizational learning (Burke, 2008; Senge, 2006). Studies similar to the current study
have been performed in large and complex organizations in the not-for-profit and
governmental sector (Senge, 2006; Uhl-Bien et al., 2007; Zammuto, Griffith, Majchrzak,
Dougherty, & Faraj, 2007). However, a study of this nature did not exist in the
commercial for-profit SME industrial manufacturing industry.
Definition of Key Terms
The terminology used in the qualitative study was based on strategies and
disciplines employed within SMEs to enhance organizational learning and CLT. The
following terms provide a common understanding for the reader of the study and serve to
clarify the language of the research questions. The definition of each term was refined
for the study unless otherwise cited from another source.
Adaptive leadership. Adaptive leadership is a process that occurs when humans
interact and advance solutions. An adaptive leader is an individual who is able to make
choices and who influences others without having the formal direction to act in said
capacity (Uhl-Bien & Marion, 2009).
14
Adaptive learning. Adaptive learning occurs when incremental adjustments are
made based upon past decisions (Murray & Chapman, 2003; Wong & Cheung, 2008).
Administrative leadership. Administrative leadership is a type o f leadership
engaged in the technical and practical functions o f the organization w ithout disruption to
the interactions of change (Uhl-Bien & Marion, 2009).
Bureaucratic structure. A bureaucratic structure is an organizational structure
with coordinated rules; with a set hierarchical pyramid; functionally departmentalized
typically into manufacturing operations such as product work, executive targets on sales
and acquisitions, and organizational functions such as finance, human resources, and with
some representation of middle management; and a structure that is most likely impersonal
(Uhl-Bien & Marion, 2009).
Characteristics. Characteristics are features or qualities that demonstrate
uniqueness, distinguishing traits, or commonality among individuals or organizations.
Complex adaptive system (CAS). Complex adaptive systems consist of groups
that function through self-reference and self-organization within a learning organization
and subsequently contribute to organizational learning (Marion & Uhl-Bien, 2001; Uhl-
Bien et al., 2007).
Complex system. A complex system is a system within which the com ponent
parts interact in a manner that cannot be predicted, and the overall output is a result o f the
component parts acting as one unit (Boal & Schultz, 2007).
Complexity. Complexity should not be confused with the definition denoted in
engineering environments as being intricate, meaning a lot o f pieces or parts. To the
contrary, in the context of the research study and consistent with the theoretical
15
framework of CAS, complexity refers to the connectivity and interactions within a single
CAS and between multiple CASs (Uhl-Bien & Marion, 2009).
Complexity dynamics. Complexity dynamics is the process that materializes and
through which CASs form and function. Complexity dynamic units are viewed as self
managed (Uhl-Bien & Marion, 2009).
Complexity leadership. Complexity leadership is defined as a leadership model
with a focus on change, ultimately encouraging creativity, innovation, and learning
opportunities for (Uhl-Bien & Marion, 2009).
Complexity leadership theory (CLT). The epicenter of com plexity leadership
theory is founded within the review of the interplay dynamics of complex systems.
Complex systems are frequently located within larger organized systems. The theory of
CLT is frequently a platform for leaders to facilitate learning. (Uhl-Bien & M arion,
2009).
Discipline. A discipline is a process, skill, routine, structure, or technique that
must be mastered and put into practice to advance knowledge (Senge, 2006). The
disciplines identified by the SME leaders in the study were (a) organizational structure,
(b) collaboration, (c) innovation, (d) shared vision, and (e) talent management.
Double-loop learning (DLL). Double-loop learning is the detection and
correction of an error that subsequently allows actors to challenge current policy and
procedures that may have caused the errors or gaps; and to promote the requirement to
change the presumptions that caused the errors or gaps (Argyris & Schon, 1978; W ong &
Cheung, 2008).
16
Emergent leaders. Emergent leaders are individuals not formally designated as
leaders by management but who naturally emerge as group leaders or project leaders
when working with others toward a common goal (Uhl-Bien & Marion, 2009).
Enabling leadership. Enabling leadership is a form of leadership which serves
as a conduit between adaptive leaders and administrative leaders. Enabling leaders foster
conditions conducive to innovation (Uhl-Bien & Marion, 2009).
Generative learning. Generative learning occurs when challenges to questions
and decision-making assumptions are encouraged (Murray & Chapman, 2003; W ong &
Cheung, 2008).
Heterogeneity in CASs. Heterogeneity in CASs applies to differences in the
physical environment and human representatives, and includes political and societal
preferences, skill and education assortment, various applications and performance
capabilities of technology, and subsequent sharing of information (Uhl-Bien & M arion,
2009).
High-quality social exchanges. High-quality social exchanges are activities in
which individuals interact with other workforce members in the social environment rather
than the physical location of the work environment (Erdogan, Kraimer, & Liden, 2006;
George, Works, & Watson-Hemphill, 2005; Schein, 1996, 2004). Examples include
employer family picnics, golf tournaments, charity marathons, and technology summits.
Leaders. Leaders are individuals whose behavior may influence the interaction
of participants or sway the results of a situation (Uhl-Bien et al., 2007). Specific types of
leadership are defined in separate categories (see adaptive, emerging, enabling, and
SME).
17
Leadership. Leadership is an evolving characteristic that produces results which
are conducive to the organization (Uhl-Bien et al., 2007).
Learning style. Learning style is the manner in which an individual prefers to
acquire and assimilate information (Kolb, 1984; Kolb & Kolb, 2009). Examples may
include viewing pictures or videos, reading print material, listening to a lecture or audio
tape, or adopting a combination o f means of absorption (Litzinger, Lee, W ise, & Felder,
2007).
Mechanisms. Mechanisms, for the purpose of the research study, are not to be
considered as apparatus or machines. Mechanisms are defined as the behavior patterns
and processes which result in the collective organizations acting as one complex unit
(Uhl-Bien et al., 2007).
Nonlinearity. Nonlinearity means that a change in an underlying force does not
automatically precipitate an equal or balanced change in another underlying force (Uhl-
Bien & Marion, 2009).
Single-loop learning (SLL). Single-loop learning is the detection and correction
of an error without the alterations of behaviors and actions that produced the error and
without the ability to challenge policy and procedure (Argyris & Schon, 1978; W ong &
Cheung, 2008).
Small and medium-sized enterprise (SME) leaders. Leaders o f SMEs typically
supply capital and have some type of ownership in the business; have burdens that differ
from the CEOs of large corporations; have limited resources and therefore may not have
a separation between the strategic leadership and the tactical implementation team; and
are often embroiled in the day-to-day efforts of material and product shortages,
18
production line stoppages, product defects, processes, and the individuals performing the
processes (Harris, 2009; Ottesen & Gronhaug, 2004; Pittaway & Rose, 2006).
Talent management. Talent management involves examining the skill mix of
the currently employed workforce and maximizing the existing talent, as well as
developing the needed skills from internal candidates to avoid the costs associated with
hiring new employees (Uhl-Bien et al., 2007; Zammuto et al., 2007).
Summary
The USDLBLS (2009) reported SMEs provided 86% of employment in the
United States in March 2008. The number of organizations filing business bankruptcies
has increased (ABI, 2009). The closure of business brings a rise in unemployment
(USDLBLS, 2009), and a rise in unemployment permeates a rise in individual
bankruptcies (ABI, 2009; Ben-Ishai & Lubben, 2011). Business managers of 21st-
century organizations, regardless of whether they are in the government, industrial,
commercial, or civil sectors of business, understand the need to address the dynamics of
the current economic landscape (Crawford et al., 2009). Research data from the 14th
Annual Global CEO Survey (PwC, 2011) confirmed engaging, motivating, and
developing talent was a source of competitive advantage. The respondents indicated they
understood the need to change, but expressed a lack of strategy for increasing
organizational learning.
The study addressed the problem that in the current economic decline, a sound
strategy for SME leaders to increase organizational learning did not exist (Fulton & Hon,
2009; Garcia-Morales et al., 2007; PwC, 2011). The purpose of the qualitative multiple-
case study was to explore and identify strategies that would increase organizational
learning and subsequently aid SME leaders in sustaining an economically competitive
status. The study results advanced the knowledge base regarding how SM E leaders
approach expanding learning capacity and reflected an understanding o f the disciplines
and performance gaps relevant to (a) organizational structure, (b) collaboration, (c)
innovation, (d) shared vision, and (e) talent management. The study results provided
formative recommendations on how SME companies and leaders within the industrial
manufacturing sector could increase organizational learning. The study participants were
from four leading industrial manufacturing SMEs located on both the east and the west
coasts of the United States, were representative of the SME industrial manufacturing
sector that provides 86% of employment in the United States, and were willing to
participate in the study (Platzer, 2009; USDLBLS, 2009).
Chapter 2: Literature Review
The USDLBLS (2009) indicated SMEs provided 86% of em ployment in the
United States in March 2008. Small and medium-sized enterprises are therefore a
business sector with a significant effect on employment and the global econom y (ABI,
2009; Fulton & Hon, 2009; Platzer, 2009; USDLBLS, 2009). Diminished sales,
stagnated business, and the ultimate loss of competitive advantage have led SM E leaders
to establish a new business priority: increasing learning capacity (PwC, 2011). However,
PwC (2011) also indicated SME leaders were lacking a strategy that provides a path for
attaining business priority.
The purpose of the qualitative multiple-case study was to explore and identify
strategies that would increase organizational learning and subsequently aid SME leaders
in sustaining economic competitive status. A wide range o f organizational learning
theories exist and the literature review serves to guide the reader through the particulars
of organizational learning theory as it applies to SM E leaders. The expanse of the review
was necessary to expose the lack of depth in the literature specific to the nuances of SME
leaders, making this a unique topic that has contributed to the body o f knowledge in the
field of industrial and manufacturing SME leaders.
Documentation
The researcher developed and employed a literature search strategy for the study
(see Figure 1). The literature review is a synthesis of research conducted on topics both
directly and indirectly related to organizational learning. The research spanned 112
years, 205 scholars, and more than 100 emergent theoretical perspectives (see Table 1).
21
Outline o f Topics/
T hem es to
C ategorize th e
Search
Develop L iterature
Tree
P repare a List o f Key
W ords
Develop Research
Q uestions
Develop a Filing
System to Store
R esearch Articles
Develop Matrix of
A uthors and Topics
S earch th e Following Available Data Sources:
> P roQ uest D atabase
> EBSCOhost D atabase
> Ebrary
> ERIC
> Films on D em and
> InformaW orld
> JAMA
> PsychiatryOnline
> W orldCat
> D issertations a n d Theses D atabase
> Am erican B ankruptcy In stitu te (ABI)
> U.S. General Services Administration
> U.S. G o v ern m en t Accounting Office
> U.S. G overnm ent National Institute of S ta n d a rd s &
Technology
> PriceW aterhouseC oopers global CEO Surveys
> Emerald Publications
> Sage Publications
> South-W estern College Publications
> History o f W ar
> N ational G eographical Society
> International M useum Society
> Learning Styles Network
> King Tut Research
> MacArthur fo u n d atio n
> Nobel Prize Organization
> United S ta te s D ep a rtm e n t o f Health, Education a n d Labor
> United S ta te s D ep a rtm e n t o f Labor Bureau o f Labor S tatistics
> Bible Archaeology
> Baldrige n ational Quality Program
> In stitu te for Policy Studies & United for a Fair Econom y
> National In stitu te of S tan d ard s & Technology
Finalize th e
C hapter 2 – Literature
Review
T ranslate O btained
Inform ation into
W ritten Literature
Review
(C hapter 2)
C ontinue to
Research and Add
New Inform ation as
Discovered to
L iterature Review
Color Code by
Highlighter or Sticky
P ertinent
Inform ation
Review Scholarly
D ocum ents
C ategorize all
Articles
Figure 1. Literature search strategy.
22
Table 1
Literature Review Synthesis: Span o f Time
1900- 1980- 1990- 2000- 2006-
Span of time 1979 1989 1999 2005 2012
Number of scholars 24 7 27 53 94
Number of theoretical perspectives 22 3 19 33 38
The topics included learning theories, learning styles, leadership, organizational
structures, innovation, collaboration, talent management, and competitive advantage.
The focus of the majority of the literature review was scholarly writings and peer-
reviewed journals. The review included relevant scholarly books, governmental agency
documents and studies, newspapers, magazines, and historical museum Internet sites
when appropriate. A comprehensive list of the specific researchers and associated areas
of contribution reviewed appears in Appendix E.
The process of developing the literature review included considering SME leaders
and their relationship to the five disciplines identified by Senge (1990). The disciplines
described by Senge translated to the contemporary disciplines identified by SME leaders
(PwC, 2011). The simplified approach may assist the reader in developing an
understanding of the (a) historical perspective of business management and the roles of
business leaders; (b) individual and organizational learning theories; (c) com plexity
learning theory, the nascent disciplines, and the context o f the SME leader; (d) the
limitations of the current framework; and (e) the resisters o f change in pursuing the
competitive edge in a downward trending economy.
Finally, the discussion includes the intent for using the knowledge within the
literature review as applicable to the current research study. The study results advanced
the knowledge base by identifying strategies that may increase organizational learning
23
through an integration of the disciplines o f (a) organizational structure, (b) collaboration,
(c) innovation, (d) shared vision, and (e) talent management (Caldwell, Herold, & Fedor,
2004; Parish, Cadwallader, & Busch, 2008). The literature review provided a solid
foundation and guided the research study through possible theoretical perspectives of the
SME participants.
Historical Perspective o f Business Management
The modem concept of a business leader, while still in its conceptual infancy, was
recognizable for the first time in human history in the Nile Valley as early as 5000 BC
(Hassan, 1988; Rosicrucian Egyptian Museum, 2009). Later, the mid-Holocene droughts
forced refugees from the deserts of the eastern Sahara and southern Levant into the Nile
Valley, where a distinctive specialization of labor was witnessed as chieftains formed
management structures and organizations (Hassan, 1988; Rosicrucian Egyptian Museum,
2009). The increase in power bestowed on the chiefs presented a need for legitimacy,
and the path to legitimacy most chieftains chose required an understanding of the innate
psychological needs of people (Hassan, 1988; Rosicrucian Egyptian M useum, 2009).
Similar traits are common in the business environment in the 21st century (Erdogan et al.,
2006; Schein, 2004).
The mid-Holocene leadership and organizational traits matured for centuries and
the business manager and intraorganizational structures demonstrated critical importance
during the Middle Ages from AD 4 1 0 -AD 1500 (History.com, 2010; Langholm, 2008;
Lev, 2008). Subsequently canon law was imposed, which altered the way business was
conducted and prohibited the sale of whole or unaltered goods at a profit. Contrary to
canon law, the philosophy of English King Edward I created an organizational structure
24
that permitted a two-way exchange between the members of the army and the
government (Niderost, 2006). The embodiment o f the army felt protected and
consequently provided input, which allowed the government to profit (Niderost, 2006).
The knowledge exchange and collaboration demonstrated the successful organizational
learning sought in the exploration o f SMEs within the study.
Agreement abounds that the effect of the industrial revolution was significant on
the economy and on business leaders (Keener, 2008; Landow, 2009). M anufacturing
environments transitioned to steam power as animal labor began a decline.
Technological advancement included a decline in craftsmen and the socialization o f small
craft shops with a movement toward large factories. People began to migrate from rural
areas and farms to urban areas where factories were developing. Improvements in
transportation expanded markets in a manner that business leaders had not previously
imagined (Landow, 2009).
The industrial revolution could not compare to the beginning o f the information
and technology ages. Carlson invented the first photocopier in 1937 (Beilis, 201 la).
Plunkett invented Teflon in 1938 (Beilis, 201 lc). Sikorsky invented the first successful
helicopter in 1939 (Sikorsky, 2011; U.S. Centennial of Flight Commission, 2003). By
1940, Fermi had invented the neutronic reactor (U.S. Department o f Energy, 2010). Zuse
developed the first computer controlled by software in 1941 (Beilis, 201 lb). Business
leaders needed to understand how to deal with the rapid change of public demand and the
globalization of business brought about by advanced communications and transportation
(Robinson, 1981). Contemporary SME leaders have similar challenges with the
25
advancements of cyberspace, the globalization of competition, and perfecting the ability
to react to a declining and restrictive market.
The post-World W ar II decade was an era o f economic reconstruction in Europe
and Japan, and consumer goods were greatly sought after, which strengthened the U.S.
economic and military positions (Robinson, 1981). The situation initially encouraged
massive U.S. exports, which in turn presented an opportunity for U.S.-based firms to
recognize the potential to produce in foreign markets. However, the m anagem ent
experience and training required to integrate business with politics was absent.
Early in the 1970s, the United States had lost it nuclear monopoly, the Japanese
economy had expanded with unprecedented growth, the United States had accumulated
massive deficits, and the dollar declined significantly. In the mid-1970s, President
Richard Nixon formed the U.S. Environmental Protection Agency (EPA) as public
concerns regarding pollution, natural resources, and energy emerged following the Love
Canal incident (EPA, 2012). A need for a shift in organizational form with a focus on
stopping the downward trend in productivity and the increased trend in unem ploym ent
occurred in the 1980s (Robinson, 1981). The trends described remain prevalent in the
economy at the beginning of the second decade of the 21st century (ABI, 2009; PwC,
2011; USDLBLS, 2010). The apparent repeat of the economic decline experienced in the
past was a reason for SME leaders’ concern about the survivability o f their businesses.
Drucker (1985) acknowledged living in an unprecedented tim e wherein members
of a global society were interconnected and new conflicts arose for business leaders. The
emergence of new management disciplines evidenced a systemic approach to business
management. Members of the business community sought to understand how an
26
organization must change to succeed (Drucker, 1992). Implications o f the economy,
people, and markets became focal points in an attempt to understand the knowledge
required of executives to manage for the future (Drucker, 1992).
Persistent inflation, recession, erosion of savings, high levels of unemployment,
and bankruptcies result in businesses losing leverage (ABI, 2009; USDLBLS, 2009).
The nuances of an ever-changing market impose demands on the leadership of firms to
develop a propensity for incessant learning (Sanches et al., 2011). A directed focus
toward organizational learning is therefore considered one possible key strategy for
improving an organization’s competitiveness (Bell, Menguc, & Widing, 2010; Sanches et
al., 2011). Small and medium-sized enterprise leaders have acknowledged the focus but
claimed a lack of experience or know-how in the development or execution of a
particular strategy.
Individual Learning Theories
The methodologies of modem business leaders can be traced to the historical
philosophies of early educational systems and were first challenged by the school of
pragmatism launched in early 1920 by Dewey (Barmark, 2009; Drucker, 1985). The
pragmatists contended an increased dependence on technology would demand students
become creative, critical thinkers and learn to solve problems rather than rely on the
teaching styles of memorization and rote regurgitation (Barmark, 2009; Dewey, 1920).
The pragmatic position dissented against intelligence testing and suggested nurturing
students’ inborn curiosity. The belief was that individuals needed social interaction and
an environment that allowed them to pursue areas o f interest (Barmak, 2009; Hickman,
2009).
Confirming the belief of the school of pragmatism, Piaget introduced the theory
o f social interaction as a necessary condition for developing individual learning capacity
(Zittoun, Gillespie, Comish, & Psaltis, 2007). Piaget’s M oral Judgment o f the Child,
written in 1932, distinguished two types of social relations: one of constraint, in which
one individual had power over others, and the other of cooperation, in which an even
distribution of power existed between participants (Zittoun et al., 2007). The
organizational structures imposed by contemporary SME leaders may be an area of
opportunity for change in an attempt to sustain businesses in a competitive market and an
area where research is lacking (see Appendix E).
Drawing on the teachings of Dewey and Piaget, in the late 1940s Lewin presented
an idea and plan for the creation of scientific knowledge by conceptualization (Kolb,
Rubin, & McIntyre, 1971). The practice would entail formal, explicit, testable theory.
The process would encourage the exploration of both the qualitative and the quantitative
features in a single system. The resulting plan would adequately represent causal
attributes of phenomena, facilitate measurement, and allow generalizations to both
universal laws and individual cases (Kolb et al., 1971). The theory o f Lewin became
known as experiential learning theory (Cartwright, 1951; Kolb, 1971; Kolb et al., 1971;
Kolb & Kolb, 2005; Moran, 2008).
The experiential learning theory model indicated workers are m ore productive if
they believe they are involved in making decisions (Kolb & Kolb, 2005; M oran, 2008).
The contribution of Lewin to training and management schools was his concept of
member-centered meetings. In a departure from traditional structures, the new structure
28
included a facilitator instead of a powerful chairman and involved role playing and
brainstorming in which participants received encouragement to join (Moran, 2008).
Researchers have studied human learning and development for m any years. In
addition to Dewey, Piaget, and Lewin, notable scholars James, Jung, Freire, and Rogers
believed people learn through personal experiences and normal daily events involving
school, work, family, and church (Kolb & Kolb, 2009). A holistic model of the
experiential learning process was developed and included input from these scholars (Kolb
& Kolb, 2009). The focus of the experiential learning process theory was individual
experience.
In 1976, Kolb provided a learning model in which individual learning was
described as taking place through immediate experience, observation, and reflection. The
individual learning model contained four different kinds of abilities required for
individuals to learn. A learner must (a) have experience, (b) be able to reflect on
observations, (c) create abstract conceptualization, and (d) participate in active
experimentation (Kolb, 1976a, 1976b; Lahteenmaki, Toivonen, & M attila, 2001). The
individual learning model defined by Kolb spawned additional learning models.
Two types of organizational learning also applicable to individual learning were
founded on the Kolb model that Argyris and Schon further developed in 1978. The
models are SLL and DLL. Double-loop learning is experienced when given or chosen
goals, values, plans, and rules are subject to critical scrutiny and questioning (Argyris &
Schon, 1978). Characteristics of DLL occur in three distinct manners (a) the detection
and correction of an error; (b) the questioning of policies, rules, regulations, and cultural
norms of an organization; and (c) the subsequent amendments to policies, rules,
29
regulations, and cultural norms after such questioning (Argyris, 1982; Argyris & Schon,
1974, 1978; Kolb, 1976b). Individual learning was defined in 1993 as an increasing
capacity to act more effectively (Kim, 1993). The results of Kim’s (1993) study
confirmed the goals of the Kolb model and the characteristics of the A rgyris and Schon
models.
Adaptive learning and SLL shared a common theoretical basis (W ilkens et al.,
2004). Adaptive learning occurs after making incremental adjustments based upon past
decisions (Murray & Chapman, 2003; Wilkens et al., 2004; Wong & Cheung, 2008).
Generative learning occurs when challenges, questions, and decision-making assumptions
are encouraged (Murray & Chapman, 2003; W ong & Cheung, 2008). Positive feedback
encourages deviation, learning, and adaptation (Plowman et al., 2007).
Contrary to Kolb (1976a, 1976b), as well as Argyris and Schon (1978), Bandura
(1977, 2007) believed human beings acquire new skills vicariously. The social learning
concepts center on observational learning or modeling in which people learn through
observation, mental states were important to learning, and learning did not necessarily
lead to a change in behavior (Bandura, 1977, 2007; Wagner, 2009).
The theory of self-efficacy, which Bandura named, included three basic models
for describing individual learning (a) a live model, which involved an individual
demonstrating a behavior; (b) a verbal instructional model, which involved descriptions
and explanations; and (c) a symbolic model, which involved actors displaying behaviors
in books, movies, or other visual media (Bandura, 1977, 2007; Wagner, 2009).
Emotional and intrinsic reinforcements such as pride, satisfaction, and sense of
30
accomplishment, known as self-efficacy, contribute to learning (Bandura, 1977, 2007;
Wagner, 2009).
Organizational Learning Theory
An examination of organizational learning occurred at the same time as the
hypothesizing and testing of the various individual learning theories. Lave and W enger
(1991) speculated that learning was a process of becoming a member o f a population or
group through genuine tangential participation. According to activity theory, learning is
active engagement between a person and the social environment (Vygotsky, 1978). The
individual experience in the social environment rather than the physical location of the
environment was the focus in both theories (Lave & Wenger, 1991; Vygotsky, 1978).
Agreeing with Vygotsky (1978), both Argyris (1982) and Senge (1990) noted
individuals learn in an organizational setting. Contrary to Argyris (1982) and Senge
(1990), Cummings and Worley (1997) contended organizational learning was a
phenomenon distinguishable from individual learning as long as learning took place in
the organizational structure. Kim (1993) described organizational learning as more
complex than individual learning. Tanriverdi and Zehir (2006) noted the com plexity of
learning increased exponentially as learning progressed from an individual to a society.
Different from organizational learning, the learning organization is an
organization that provides learning for its members and changes its processes based on
learning (Argyris, 1982; Argyris & Schon, 1978; Lahteenmaki et al., 2001; Pedler,
Burgoyne, & Boydell, 1991; Senge, 1990, 1994). A learning organization practices
generative learning (Murray & Chapman, 2003; Wong & Cheung, 2008) and includes
DLL (Argyris & Schon, 1978; Wong & Cheung, 2008). However, in certain
31
organizations, a DLL atmosphere may be contradictive to the purpose or structure of the
organization (Wong & Cheung, 2008). Small and medium-sized enterprise leaders must
provide the means for a learning organization to exist, thereby enabling organizational
learning.
Twenty years after commencing studies in organizational learning, Schein (1996)
recognized the failure to learn and posed the question: “W hy do organizations fail to
learn how to learn and therefore remain competitively marginal” (p. 9)1 Although
innovative ideas may be abundant within the confines of an organization, the
implementation and subsequent sustainment of the innovation frequently lapse (Schein,
1996). The leader participants in the PwC (2011) posed Schein’s (1996) question and
substantiated the need for the current research.
Organizational cultures. Schein (1996) noted three distinctive cultures exist in
an organization (a) the executive culture, (b) the engineering culture, and (c) the operator
culture. The first two cultures have their roots outside the third internal culture of
operational success, referred to as the operator culture (Schein, 1996). In the industrial
business sector, the engineering culture may be equivalent to middle management or
supervisory-level culture (H. Acosta, personal communication, September 10, 2010).
Leaders of SMEs have acknowledged that without the operator culture, the production of
goods and services would not materialize.
The basis of the executive culture is a set of tacit assumptions with the goal to
maintain the financial health of an organization (Schein, 1996). The respondents to the
PwC (2011) survey confirmed the supposition of Schein (1996) by expressing a
preoccupation with investors, markets, and organizational financial health. Although the
32
constituent individuals of the executive culture try to become involved with expanded
organizational duties, the individuals revert to their primary duties o f financial survival
(Schein, 1996). The respondents to the PwC survey expressed an urgency to manage the
tactical plans of the company that disquietly conflicted with the focus on the financial
health of the organization.
The basis of the engineering culture described by Schein is the underlying
technological work of the organization (Schein, 1996). Members o f the engineering
culture believe it is possible to implement solutions in the tangible world as long as the
systems and products are free of human error. The lack o f human integration isolates the
engineering culture and makes communication with the executive culture challenging
(Schein, 1996). The operator culture is thought to have evolved within an organization
and from industry to industry (Schein, 1996). The role of the operator defined by Schein
is diverse and enhanced or diminished by the particular industrial focus. For example, an
operator in a nuclear power plant may have advanced skills in a technological field when
compared to an operator in a Venetian blind factory. One operator sits in a control center,
while the other performs manual labor tasks. The disparity within the operator culture
forces operators to learn to use their own innovative skills (Schein, 1996).
Similar to the suppositions of Schein (1996, 2004), the SME leaders of the
participating multiple-case-study sites have three cultures that must embrace the
contemporary disciplines to advance organizational learning. Business leaders face a
challenge when the cultures interface (Schein, 2004). Teamwork and cooperation are
negated when behavior is encouraged by an incentive (Institute for Policy Studies &
United for a Fair Economy [IPS&UFE], 2007). For example, if the external situation
33
demands teamwork, the team would adapt the appearance o f working as a team by
conducting team meetings and seeking consensus (Schein, 2004). However, contrary to
the appearance, members would continue to get ahead by individual effort and would
only act accordingly when it is time for recognition. The contradictive individual
behavior is elevated if recognition occurs in the form of promotion or financial
remuneration (Schein, 2004).
Business leaders operate within the confines of the three cultures o f m anagem ent
(Schein, 1996). Initially, there is alignment for the three cultures. For example, the
process tasks defined for operator performance coincide with the needs o f the middle
management for a reliable product. The execution of the tasks supports the achievement
o f the executive goals for minimizing costs and maximizing profits. The goal o f early
insertion into the market is met (George et al., 2005). The alignment is cohesive and
remains intact until technological and environmental conditions change (George et al.,
2005).
Schein (1996) proposed that when organizational leaders attempt to reinvent an
organization in a generative way, the three cultures collided, resulting in frustrations and
low productivity. The collision of the cultures Schein described occurs within the current
business environment (ABI, 2009; USDLBLS, 2009, 2010a). Schein’s proposal was
contrary to the proponents of generative learning (Murray & Chapman, 2003; W ilkens et
al., 2004; Wong & Cheung, 2008). The key to sustaining an alignment between the
cultures could be found within the learning cycle o f the individual (Schein, 1996). The
Schein discussion concludes with a presentation o f suggestions for consideration relevant
to the current study.
First, Schein (1996) noted that the tacit assumptions of the executive and
engineering cultures were from a global perspective and probably negate the operations
o f the internal organization. Second, Schein noted the members of each culture have a
viewpoint regarding what is supposed to be performed and believed nothing further was
necessary. For example, executives believe they must be mindful o f the financial health
of their organization, engineers firmly believe they are responsible for new and creative
solutions, and operators in turn believe they are responsible for building product and
following the policies and procedures imposed (Schein, 1996, 2004). Leaders of SMEs
often find themselves executing the dual role of executive and engineer. Or contrary to
the dual role of executive and engineer, the leaders may in fact assume the dual role of
engineer and operator.
Finally, Schein (1996) noted it is not enough to have a single viewpoint; instead,
the viewpoints o f each culture must be respected as valid. The respondents to the PwC
(2011) survey indicated a mutual understanding among the cultures m ust evolve.
Capitalizing on the suggestions of Schein, leadership should develop high-quality social
exchanges. The transference of knowledge must be based on relationships and trust
within an organization (Erdogan et al., 2006). The soirees would enable individuals to
contribute thoughts and ideas for the success of their organizations. Further the
opportunities to motivate teammates and possibly influence decision making would be
apparent. Absent of leadership engagement, social exchange, and trust, organizational
learning does not occur (Erdogan et al., 2006; George et al., 2005; Schein, 1996, 2004).
The SME leaders in the study should have an understanding of the pitfalls posed by
Schein.
Organizational learning— industrial gap. Attention has been given to
organizational learning by practitioners and academics since the early 1990s (Bell et al.,
2010). Organizational learning is identified as a primary strategy for improving an
organization’s competitive status (Sanches et al., 2011). Useable knowledge about the
competition, trading alliances, and developmental technology is garnered by relying on
the social networks of organizational members (Sanches et al., 2011). Social networks
are comparable to the discipline of shared vision sought by SME leaders. Lacking expert
knowledge, business leaders had a difficult task to develop services and product lines that
satisfied customers’ demands (Sanches et al., 2011).
Firms dependent upon the existence of an enduring business connection aim for
relationships that result in excellent performance and contribute to the growth of the
business (Hakala, 2011; Ittner & Larcker, 2003). The leaders of SMEs are seeking
customer and supplier relationships through the discipline o f collaboration. M odem
customers are informed and sophisticated and have needs that change faster than in the
documented past (Leek, Naude, & Turnbull, 2003). Customers of SMEs also have needs
that change daily. Organizational learning is a valuable tool because it assists in creating
market services and products customers consider important and desire (Hult, Ketchen, &
Slater, 2002).
Previous research supported the idea that when learning occurred in a company,
the learning contributed to the totality of organizational performance and subsequent
increased customer loyalty (Bontis, Crosson, & Hulland, 2002; Perez, Montes, &
Vazquez, 2005; Tippins & Sohi, 2003). When coupled with the increased intensity o f
competition, the learning often spawned a product or service offering adept at customer
36
retention (Sanches et al., 2011). Organizational learning is therefore considered a basic
platform to advance the internal business acumen of employees and to increase the
survival rate of the business (Sanches et al., 2011).
The benefits of organizational learning have been noted in innovation and new
product development (Akgun, Lynn, & Yilmaz, 2006), and the strategies employed in
supply chain management (Hult et al., 2002). Additionally, enhancements in
organizational learning have been identified as contributing factors within the services
and quality industries (Tucker, Nembhard, & Edmonson, 2007). Similar results have
been noted during market demographic explorations in the retail store arenas (Bell et al.,
2010; Santos, Sanzo, Alvarez, & Vazquez, 2005). However, little thought has been
directed toward determining the benefits of organization learning among commercial
partners in industrial markets (Sanches et al., 2011). Leaders of SMEs recognize the
need to collaborate with commercial partners but may lack the strategy to engage. The
limited focus given to commercial partners is on larger corporations with no mention of
the SME sector. Organizational learning for the manufacturer is a system o f processes
involving the acquisition, sharing, and interpretation of information, and discounts
previously acquired organizational knowledge or memory (Huber, 1991; Moorman,
1995; Sinkula, 1994). The implementation of organizational learning differs from one
manufacturing company to another. The variance in method for learning acquisition is
dependent upon the uniqueness of the resources available (Argyris, 1982; Hunt &
Morgan, 1995; Senge, 1990; Tanriverdi & Zehir, 2006). Leaders of SMEs must focus on
managing the skills of the internal workforce and expanding on existing talent.
Internal departmental or functional organizations interact ambiguously with other
resources, making it difficult to learn beyond the boundaries of the internal structure
(Collis & Montgomery, 1995). However, in contrast to Collis and M ontgomery, Zahay
and Handfield (2004) claimed particular historical frameworks implemented for
particular circumstances do help a company to evolve. From a competitive advantage
perspective, the intangibility o f the ability of an organization to learn m ay be the only
authentic foundation of competitive advantage for survival (Zahay & Handfield, 2004).
Leaders of SMEs must use the disciplines of innovation, shared vision, and talent
management to gain a competitive advantage in the market.
Relying on the framework Senge (1990) established, Tanriverdi and Zehir (2006)
indicated learning organizations increase individuals’ capacities to create the results they
want, nurture new and enthusiastic thinking styles, encourage coworkers to share, and
expand organizational learning. A learning organization must therefore go through
various stages of absorption (Tanriverdi & Zehir, 2006). McGill and Slocum (1993)
described the transformation as a range of absorption moving from knowing, to
understanding or thinking, and to emerging as a learning organization. The learning
capacity of the learning organization enlarges through experience (Tanriverdi & Zehir,
2006). As an organization returns to the cyclical phases, the group becomes a social or
societal foundation on which knowledge is gathered, shaped, and changed. The power
stemming from knowledge increases as it is communicated, changed, and applied
(McGill & Slocum, 1993; Tanriverdi & Zehir, 2006).
Although organizational learning occurs by means of individuals, it is more than
merely a sum of individuals’ learning (Kim, 1993; Kolb, 1976a; Lahteenmaki et al.,
2001; Lave & Wenger, 1991; Schein, 2004; Vygotsky, 1978; Wong & Cheung, 2008).
Organizations therefore shape their own viewpoints and ideologies, and as new recruits
enter and exiting employees leave, organizational memory retains norms, behavioral
forms, and values (Tanriverdi & Zehir, 2006). The research questions were fram ed to
enable the verification of the phases of transformation with the multiple-case-study
participants. The exploration of the SMEs indicated whether talent management,
innovation, and collaboration assist in the retention of organizational learning.
Complexity Theory
Complexity theory emerged in explanations made in the field of biology (Smith &
Graetz, 2006). Prigogine and Stengers (1984) validated the notion that some chemical
systems are capable o f self-organization with a resultant different em erging structure.
Business management theorists attempt to comprehend the characteristics o f the
biological systems with the aspiration to impose a similar response to counteract the
stresses of economic turmoil and environmental change (Smith & Graetz, 2006).
The field of complexity theory was an attractive area of study for the current
study because o f the organizational learning issues SME leaders encounter in the
industrial sector (ABI, 2009; PwC, 2011; USDLBLS, 2010). Complexity theory provides
a platform for handling fast-changing markets and rising competition as well as for
creating and maintaining flexible organizations (Begun, 1994). The CAS indicated the
interaction of representative groups frequently created innovative behaviors.
Additionally the creative behaviors were observed without the need for a predetermined
leader, thus providing for flexibility in the organizational structure o f the business (Boal
39
& Schultz, 2007). The role of leadership in CASs will contribute to the body of
knowledge in learning theory and aid in fulfilling the purpose of the study.
Complex systems are open-looped organizations in which individuals within the
complex system interact and provide feedback, thus creating an emerging new self
organization (Plowman et al., 2007). Individuals within the complex system act on the
basis o f local knowledge or rules (Plowman et al., 2007). Adaptation takes place
following a decision to react to feedback and may occur in conjunction with, or absent,
coordination with a central governing body (Plowman et al., 2007). For the purpose of
the current study, complexity theory was an interpretive paradigm of the organizational
structure and its units (Smith & Graetz, 2006).
New age management is about an economy in which knowledge is considered an
article of trade. The brisk enhancement of knowledge and subsequent translation of
innovation to the market space are often critical factors o f organizational survival (Uhl-
Bien et al., 2007). Leadership is central to enabling an organization to rise to the
challenge of enhanced learning capacity (Uhl-Bien et al., 2007). However, even though
leadership is a key factor in the success of an organization, leadership models for the era
o f knowledge do not include the leadership discussion (Uhl-Bien et al., 2007).
Drawing on complexity science, Uhl-Bien et al. (2007) extended leadership
models beyond the bureaucracy. Leadership should be interactive and dynamic, thereby
creating an atmosphere where action and change will emerge (Uhl-Bien et al., 2007).
The leaders of SMEs will need to examine organizational structure to determine if the
SME leaders are interactive and dynamic. Complexity science utilizes a CAS as the
basic unit of measurement for analysis (Uhl-Bien et al., 2007; Uhl-Bien & M arion, 2009).
40
Similar to the biological structure of Prigogine and Stengers (1984), Uhl-Bien et al.
considered a CAS to include interdependent representatives who have a com m on goal
that unites them in a solidified network. Further, CASs have interchangeable roles and
overlapping hierarchies (Uhl-Bien et al., 2007).
Complexity Leadership Theory: The Nascent Disciplines
Complexity leadership theory includes the dynamic capabilities o f CASs and
focuses on disciplines that foster organizational learning and growth (Uhl-Bien et al.,
2007). The CLT aligned with the purpose of the study, which was to explore and identify
strategies that may increase organizational learning. The output of the CLT fram ework in
bureaucratic organizations is innovation, learning, adaptability, and new organizational
forms. The study involved examining the nascent disciplines of (a) organizational
structure, (b) collaboration, (c) innovation, (d) shared vision, and (e) talent management.
The success of the study was promoted through the lens o f CLT (Uhl-Bien et al., 2007).
The knowledge gleaned from the study may expand CLT regarding how SM E leaders
approach expanding learning capacity in SMEs.
The discipline of organizational structure. Fixed roles with specific
responsibilities over an extended period o f time are identifying traits of traditional
organizational structures (Crawford et al., 2009). The hierarchical bureaucracy within
companies whose leaders use the traditional format diminishes organizational learning
and subsequent growth of the business (Crawford et al., 2009). The resulting stagnation
is exhibited in the organizational power structure, top leadership incentives, and directed
attention and decision making (Andert et al., 2011; deGeus & Senge, 1997). The
41
workforce is excluded in the decision-making processes, becomes isolated, is difficult to
motivate, and is a factor in the failed business.
When coupled with respective leadership incentive packages, executives from the
Fortune 500 list of top U.S. companies earned an average o f $10.9 million in 2006
(IPS&UFE, 2007). Chief executive officers of the largest U.S. corporations grossed $364
for every $1 the average worker grossed (IPS&UFE, 2007; Sahadi, 2007). The
substantial pay inequality was the manifestation of excessive power assumed by
management in establishing their own compensation (Buck & Main, 2005; DeCarlo,
2006; Dyck & Neubert, 2010). The protests against Wall Street in the third quarter of
2011 echoed worker sentiment against executive and corporate greed (Eckholm &
Williams, 2011). Research has not substantiated the idea that executive leadership
incentives are advantageous to companies (Andert et al., 2011; Dyck & Neubert, 2010).
The organizational structure that includes leadership incentive is a paradigm that requires
a shift and does not lend the appropriate staging for increasing organizational learning
capacity.
The pyramidal organizational power structure demonstrated by most corporations
may be contradictory to the corporations’ central purpose, mission, and futuristic visions
(de Geus & Senge, 1997; Kotter, 1996). Contrary to a system which encourages
behaviors for organizational advancement over periods o f extended performance,
executives receive contractual incentives to focus their attention toward near-term results
(Banham, 2009). Stakeholders and the workforce are usually aware of misdirected
focuses, but are not empowered to challenge incentives or organizational direction
(Kidwell & Valentine, 2009).
Personal power, egotistical prestige, and dollarized incentives surpass the
priorities of the welfare o f an organization or the development of its human capital
(Andert et al., 2011). Corporate leaders need to understand the dynamics of approving
the use of nonsalary financial inducements throughout an organization to influence firm-
wide emerging leadership, learning capacity, and positive productivity (Andert et al.,
2011). Management should incorporate a shift in paradigms to a participant-centric
paradigm that invites and encourages responses among participants o f the workforce and
either complements or replaces the traditional pyramidal bureaucracies. A participant-
centric paradigm is a return to recognizing the value of human capital and associated
relationships, as well as the significance of a shared endeavor (Crawford et al., 2009).
Large corporations such as those represented in the PwC (2011) survey subscribe
to traditional models of leadership with a leader at the top o f a pyramid and direction,
information flow, and process implementation originating from the apex. The autocratic
nature of the organizational structure is a bureaucratic paradigm, and leaders can exercise
power exploitatively (Uhl-Bien & Marion, 2009). Figure 2 shows an organizational
structure of a large corporation with an autocratic command and control style of
leadership.
43
Traditional Large Corporation
Command & Control
DIRDIR
DIR
DIRDIR
DIR
Mgr
DIRDIR DIR
DIR
Repeats for
each DIR
DIR
VP Quality
VP
Marketing &
Sales
VP Finance
V P H u m a n
Resources
VP
Procurement
President
E: Employee
VP: Vice President
DIR: Director
M g r ‘ M a n a g e r
LEGEND
Figure 2. Conceptual model of traditional hierarchical organizational structure.
Contrary to the hierarchical organizational structure, the CAS consists o f groups
that function through self-reference and self-organization within a learning organization
(Marion & Uhl-Bien, 2001; Uhl-Bien et al., 2007). Collectively the CAS contributes to
organizational learning (Marion & Uhl-Bien, 2001; Uhl-Bien et al, 2007). A CAS does
not prescribe to the traditional meaning of complicated, but alternatively refers to the
connectivity and interactions within a single CAS and between multiple CASs that
subsequently generates emerging knowledge in and among the various CASs (Uhl-Bien
& Marion, 2009). Using a CAS, leadership should emerge naturally at all levels within
an organization and should not be viewed as simply a position of authority (Uhl-Bien et
al., 2007). Figure 3 is an example of a possible CLT organizational model. The
hierarchical management pyramid is absent.
44
Com plex L eadership T heory
LEGEND:
Pres: P resident
VP: Vice Presid en t
M gr: M an ag er
Emp: Employee
CAS: Complex A daptive System
Figure 3. Conceptual model of complex leadership theory organizational structure.
The discipline o f collaboration. The second discipline the surveyed CEOs
identified was collaboration with customers and the supply base (PwC, 2011). However,
the organization will have to change the behavior of hierarchical leadership from short
term measures to practices that promote trust and engagement and foster spontaneous
collaboration (Mintzberg, 2009). The thread of increased learning capacity woven
through the organizational structure and innovation within SMEs is indicative o f a
reflection upon the voice o f the customer.
Cultivating customer collaboration needs to be a mind-set for CEOs (Shirman,
2011). A review of old-versus-new postures may assist CEOs with a paradigm shift
(Senge, 1990, 2006; Shirman, 2011). For example, an old assumption on the part of
business that business knows best will need adjusting to include the mind-set the
45
customer is as smart as the business, or the assumption the customer wants the business
to have all o f the answers is now translated to they want the business to understand the
real questions (Shirman, 2011).
Collaborating with customers benefits organizational structure and innovation and
diminishes confusion in the translation of technological information (M uha, 2011). For
instance, marketing organizations sell product without a technical understanding of
product capabilities. Alternatively, when engineering personnel collaborate directly with
the manufacturing or engineering units o f the customer, a common dialogue and mutual
understanding is realized (Muha, 2011). Additionally, collaboration with customers
fosters creativity among employees by challenging them to generate ideas that align with
customer needs. The results of the PwC (2011) survey indicated the respondents
determined collaborative efforts may increase the learning capacity o f an organization.
Current business leaders do not delineate a means for acquiring required resources
for product development (Twombly & Shuman, 2006). Failing business leaders do not
encourage the workforce to engage in collaborative endeavors. Consequently, the
business competes for the top-performing customers and for the top-performing
suppliers. Leaders who successfully engage with critical suppliers in collaborative efforts
gain a competitive advantage (Twombly & Shuman, 2006). Partnering provides for a
tactical exchange of data resulting in mature and trusting relationships and enhanced
learning capacity (Twombly & Shuman, 2006). Operating efficiencies and an increase in
the quality o f a product are resultant effects of collaboration.
The discipline of innovation. The discipline o f innovation is a means to increase
operational efficiencies and provide a competitive edge (PwC, 2011). Nevertheless,
leaders struggle with how to grow and steward innovational relationships (Surie & Hazy,
2006; Twombly & Shuman, 2006). The basis for the success of an industrial or
manufacturing company is the organizational intelligence, the capacity to learn new
knowledge, and the creative use o f that knowledge (Cohen & Levinthal, 1990;
McKelvey, 2001,2003, 2008; Quinn, Anderson, & Finkelstein, 2002). Eighty-two
percent of CEOs believed innovation leads to operational efficiencies and provides a
competitive advantage (PwC, 2011). However, 28% of CEOs in the industrial sector
believed the innovation would be codeveloped with partners outside their organizations
(PwC, 2011). The alternative to external sources is to rely on the work efforts o f the
individuals performing the work.
Innovation summons rapidly changing circumstances often requiring swift and
creative alteration (Crawford et al., 2009). However, traditional top-down roles defy
empowerment and innovation and subsequently stifle creative idea generation (Andert et
al., 2011). As the PwC (2011) survey demonstrated, 66% of the CEOs expressed concern
regarding the limited supply o f external candidates with the right skill mix and
experience to foster innovative advancements in product development. Developing from
within and increasing learning capacity were global themes in the PwC survey. Forty-
eight percent of the CEOs within the United States expected less than a 5% increase in
hiring within the next 12 months. Specifically, 43% of the CEOs within the industrial
manufacturing sector indicated hiring was increasing by less than 5% (Platzer, 2009;
PwC, 2011). Therefore, retention and development of existing talent is paramount.
Leaders of modem learning organizations view existing employees as knowledge
workers (Crawford et al., 2009). For example, employees will participate in interactive
47
processes that use collective knowledge as well as create new knowledge to subsequently
alter organizational landscapes. Additionally, the ceremonial role o f m anagem ent must
be flexible enough to accommodate the demands o f the tacit knowledge (Crawford et al.,
2009). Revaluating organizational composition and processes is appropriate to ensure the
emergence of the knowledge base and subsequent innovation (Snowden & Boone, 2007).
The discipline of shared vision. An atmosphere that taps learning capacity will
produce naturally emerging leaders (Elloy, 2008; Gundlach et al., 2006; Kidwell &
Valentine, 2009; Rousseau et al., 2006; Senge, 2006). Leadership continues to emerge in
individuals who do not have the corresponding position of power (see Figures 3 and 4).
For example, although authority of position can be contractually bestow ed in large
corporations, or unilaterally claimed in small organizations, leadership cannot be
bestowed upon anyone by anyone (O ’Sullivan, 2009; Schein, 1996). The emergence of
internal leaders negates the additional expenses o f hiring from outside the business.
Emerging leaders possess both leader and follower characteristics in a social
construct (Elloy, 2008; Gundlach et al., 2006; Senge, 1990, 2006). The occurrence is
evident whenever a group of employees is working toward a goal or solving a problem
(Elloy, 2008; Dierdorff et al., 2011; Gundlach et al., 2006; Senge, 1990, 2006). Shared
voices contribute to a shared vision, with employees taking personal ownership in the
produced product or service. The collaborations contribute to the com pany meeting
objectives (Andert et al., 2011). Businesses that succumb to bankruptcy were void of a
shared vision and employee ownership. Their organizational structure was a hierarchical
bureaucracy and collaboration was absent.
The role of management is viewed from a different perspective when the typical
pyramidal structure is absent. The proximity o f the CEO and senior m anagem ent team is
close to the first line of professionals without the pyramid. The result o f the structure is
an opening of the environment to alternating behaviors for leaders and followers, and
promotes increased learning (Andert et al., 2011). Organizational benefits increase when
leaders alternate at all levels o f an organization (O ’Sullivan, 2009). Individuals can
increase value through alternating leadership within and among the various working
levels (Andert et al., 2011). Business managers, however, appear to place lim ited value
on the ad-hoc leader-follower relationship, as evidenced through the salary structures of
CEOs at a 364:1 ratio (Andert et al., 2011).
The organizational strategy of alternating leadership challenges the outdated
infatuations of leadership. The previous strategy is replaced with a synergistic workforce
that demonstrates diversity and inclusion. Shared vision is forthcoming. Recent
economic developments have reflected the importance o f principled-based, steady-state,
and cadenced ex tended-term organizational strategies. W hen the com bination o f the
various administrative strategies is lacking, notable organizational stress occurs, and
domestic and international economic upheaval results (Andert et al., 2011). Figure 4 is a
conceptual model of a CAS depicting areas of opportunity for emerging leaders to
surface as they intertwine with active working groups.
49
O r g a n iz a tio n a l S tr u c tu r e
In n o v a tio n
C o lla b o r a tio n
T a le n t M a n a g e m e n t
S h a r e d V isio n
© E m e rg in g -L e a d e rs
© E m p lo y e e s
g ) C o m p le x A d a p tiv e S y s te m s
y /
Figure 4. Conceptual model of complex adaptive systems.
The discipline of talent management. Senge (1990) first broached the largely
unexplored field of study in organizational intelligence. Subsequent to the first
exploration by Senge, scholars have subsequently proposed a direct correlation between
the development of organizational learning capacity and the success of business (Burke,
2008; Senge, 2006; Uhl-Bien et al., 2007; Zammuto et al., 2007). Despite the continuous
investigation of the topic, the formula to build organizational learning capacity remains
elusive and an open field of inquiry (Burke, 2008; Senge, 2006). Business leaders are
obligated to examine the skill mix of the currently employed workforce and maximize the
existing talent, develop from within, and avoid the costs associated with hiring new
employees.
50
Business leaders must vie with the transformations of the global m arket space
and, therefore, must understand how to manage talent (Crawford et al., 2009; PwC,
2011). Talent management goes beyond a skill set and encompasses various connections
and relationships between internal and external agencies (Crawford et al., 2009).
Governance of a company is therefore not confined to the terms of organizational
authority or human capital, but expounded in the abilities of SME leaders to energize the
workforce and capitalize on the internal talent (Crawford et al., 2009).
A review of the literature indicated the efforts of an individual working alone do
not advance learning capacity within organizations. Alternatively the collective sharing
of activities, brainstorming of thoughts and ideas, and overall forthright discussions
advance the learning capacity within organizations (Andert et al., 2011). The contextual
characteristic of an organizational learning culture directly affects the intrinsic motivation
and organizational commitment of the employee (Joo & Lim, 2009). Employees are
motivated and exhibit organizational commitment when they perceive the existence o f a
higher learning culture and contribute to a shared vision (Andert et al., 2011; Joo & Lim,
2009).
Complexity Leadership Theory: The Context o f SMEs
Context. The context of CLT, and the environment of SME participants in the
current study, is the nature of dependent and independent relationships among the
workforce, the organizational structure, and the flexibility within the workplace
environment (Uhl-Bien et al., 2007). The premise of an informal dynamic belies the fact
that a CAS is not an arbitrator, precursor, mediator, or broker representing any particular
organization (Osborn, Hunt, & Jauch, 2002; Uhl-Bien et al., 2007). Complexity
51
leadership theory further demands a distinction between leaders and leadership (Uhl-Bien
et al., 2007).
Leadership is an emergent dynamic capable of adaptive outcomes, and leaders are
individuals who act in a manner that influences the energy o f leadership (Uhl-Bien et al.,
2007). Guided by the distinction between leaders and leadership, and viewing
organizations as CASs, management and leadership are essentially involved in a routine
process (Boal & Schultz, 2007). Leaders o f SMEs will disclose their involvement in their
organizations. Vital to organizational survival is the establishment of a framework and
configuration of members for the purpose o f seeking and vetting resources (Boal &
Schultz, 2007).
Three types o f leadership. Complexity leadership theory includes three types of
leadership. First is administrative leadership, which is the type of leadership grounded in
bureaucratic philosophies of pyramidal hierarchy, rigid alignment, and time-honored
authoritarian control (Uhl-Bien et al., 2007). Second, adaptive leadership (Uhl-Bien et
al., 2007) is similar to adaptive learning (Wilkens et al., 2004) and the DLL of Argyris
and Schon (1978). Third, enabling leadership is characterized by the conditions that
structure and enable CAS unit members to solve problems creatively, adapt to new
solutions, and share learning experiences (Uhl-Bien et al., 2007).
Adm inistrative leadership. Administrative leadership is a bureaucratic function
in which organizational activities are planned and managed by individuals in structurally
defined and assigned management roles (Uhl-Bien et al., 2007). Administrative leaders
formulate a vision and then structure tasks and assign resources to achieve goals (M arion
& Uhl-Bien, 2007). Common in a top-down pyramidal functional organization,
52
administrative leaders wield the power of decisiveness for an organization (see Figure 2;
Marion & Uhl-Bien, 2007). The structure of CLT encourages administrative leadership
to exercise decision-making prerogatives only after having considered the need for
creativity and learning as well as the implication on the adaptive leadership dynamic
(Uhl-Bien et al., 2007).
Adaptive leadership. Adaptive leadership is informal leadership with individuals
working together from all hierarchical levels to advance new ideas and solutions (Uhl-
Bien & Marion, 2009). The informal leadership style is an emergent change in behaviors
that occurs from an increase in tension, such as the threat of bankruptcy and losing o n e’s
job (Uhl-Bien et al., 2007). Adaptive leadership is evident when individual employees
are able to make choices and the management acknowledges the employees for having
made decisions (Uhl-Bien & Marion, 2009). Additionally, adaptive leadership involves
peer influence to create change (Uhl-Bien & Marion, 2009).
Lichtenstein et al. (2006) indicated adaptive leadership was the proxim al supply
of change in an organization. Uhl-Bien et al. (2007) presented adaptive leadership as a
collaborative change resultant from nonlinear interactive exchanges, and specifically one
that originated in disputes between members over conflicting priorities and preferences.
Adaptive leadership is a dynamic among multiple factions and not an individual trait,
although individuals are involved.
Two types of symmetry existed within an adaptive leadership dynamic (Uhl-Bien
et al., 2007). The first symmetry related to authority and manifested in a largely one
sided, authority-based, and top-down organization (Uhl-Bien et al., 2007). The second
symmetry focused on preferences, which included differences in personal beliefs, skills
53
assessments, and intellectual knowledge (Uhl-Bien et al., 2007). The responses to the
interview questions in the current study disclosed if the adaptive leadership elements
described by Lichtenstein et al. (2006) and Uhl-Bien et al. (2007) are contributing factors
to how SME leaders enhance learning capacities within the organizations under study.
Enhanced learning is emanated by the discord of existing but ostensibly
incompatible technologies, innovations, and knowledge (Uhl-Bien et al., 2007). The
adaptive leadership dynamic emerges as the struggle over asymmetrical preference
differences is debated. For example, if two individuals are deliberating over conflicting
opinions and clarity occurs, bringing forth a third way of looking at the problem, a
nonlinear product has been produced (Bradbury & Lichtenstein, 2000; Lichtenstein et al.,
2006; Uhl-Bien et al., 2007). The new product cannot be claimed individually but rather
is a product of the interactions of the CAS (Uhl-Bien et al., 2007). The responses to the
interview questions in the current study indicated if the adaptive leadership elements
described are contributing factors to how the business leaders enhance learning capacity.
Adaptive leadership—network dynamics. Network dynamics refer to the
frameworks and methods that enable adaptive leadership. Context is the environment
within which the dynamics of interaction and debate produce complex outcomes (Uhl-
Bien et al., 2007). Adaptive ideas, regardless of size, materialize and interface in the
same fashion that representative pairs interact (Uhl-Bien et al., 2007). The environments
that shape ideas include environmental demands, feedback loops, webs o f tension and
constraints, and intrinsic as well as extrinsic relationships (Uhl-Bien et al., 2007). The
mechanisms that emerge from network dynamics include significance and unification of
ideas, channels which propel behaviors that expedite activities, and tension dispersion
54
during transition (Prigogine, 1997). Additional benefits include a reenergized CAS, rapid
flow of information, and nonlinear change which is easy to implement and
organizationally embraced (Uhl-Bien et al., 2007).
Presumably the complex surroundings o f contexts and mechanisms foster the
emergence of adaptive leadership. The interaction of representatives and a CAS that
engages in the production of interactivities and knowledge sharing are the spontaneity of
adaptive leadership (Uhl-Bien et al., 2007). After combining the representative agents
and CAS, along with contexts, mechanisms, ideas, and knowledge, the output at all levels
of the system is adaptability and learning (Uhl-Bien et al., 2007). Participants discussed
the network dynamics of SMEs during the interviews.
Adaptive leadership—emergence. Emergence is a bipod of two interdependent
mechanisms (Uhl-Bien et al., 2007). The first is reformulation of an existing elem ent to
produce a structure or grouping descriptively different from the original. The second
interdependent mechanism is self-organization. Reformulation is the expansion,
amplification, transformation, or combination thereof of contradicting ideas while
exposed to fragmented information and tension (Uhl-Bien et al., 2007). The aura o f the
original idea was transformed in a manner that gave renewed substance to the resulting
situation. The second interdependent mechanism, self-organization, was a process
wherein the CAS demonstrated increased organization without outside influence (Uhl-
Bien et al., 2007). For example, the modem Al Qaeda movement is a self-organized
event. Management coordination is a contributor in the terrorist movement dynamic but
does not necessarily control the behavior.
Adaptive leadership emerges at all hierarchical levels within an organization. The
adaptive outputs for the upper level, known as strategic levels, relate to the em ergence of
strategic relationships within the market space (Marion & Uhl-Bien, 2001). The
hierarchical level is equivalent to the executive culture Schein (1996) described. The
middle hierarchy levels, known as middle management demonstrate the arrival of focused
planning and detailed resource allocation (Uhl-Bien et al., 2007). Schein (1996)
described the middle hierarchy as the engineering culture. Finally, the low er level,
known as the production level or the operator culture, relates to the level o f the
organization responsible for the production of products and where innovation occurred
(Osbom & Hunt, 2007; Schein, 1996).
E nabling leadership. The third type of leadership recognized in the CLT
framework is enabling leadership (Uhl-Bien et al., 2007). The first role o f enabling
leadership is to serve as a catalyst for the emergence of adaptive leadership (Uhl-Bien et
al., 2007). Middle management is more likely to engage in the behaviors proscribed to
enabling leadership. The nature o f their defined roles coupled with their proxim ity to
production level resources provides the enabling opportunities (Osbom & Hunt, 2007).
The SMEs in the current study had limited resources and the middle managem ent level
was minimal or nonexistent. Enabling leadership, however, can be discovered at all
levels of a CAS because the role overlaps the characteristics of adaptive and
administrative leadership (Uhl-Bien et al., 2007). The second role o f enabling leadership
was to supervise the lattice between administrative and adaptive leadership (Uhl-Bien et
al., 2007). Finally, ensuring operational readiness and simultaneously aiding with the
publication of the innovative products through some formal managerial system is the
56
responsibility of enabling leadership (Uhl-Bien et al., 2007). The SM E leaders in the
current study had dual roles of administrative and adaptive leadership and therefore
exhibited the latticing of the two roles.
Enabling leadership—interaction. Positive relationship conditions are energized
first by interaction (Uhl-Bien et al., 2007). Interaction constructs the web of neurons
across which information connects and is disbursed, resulting in networking groups that
self-organize (Uhl-Bien et al., 2007). Enabling leadership uses strategies such as
workplaces or work spaces and self-selects work groups to foster the desired interactions
(Uhl-Bien et al., 2007). The idea of work space builds on the concept of life space
defined by Lewin (Kolb & Kolb, 2005). The environment in which a person experiences
subjectivity is described in psychological perspectives as life space (M arrow, 1977).
Contrary to Marrow (1977), Lewin maintained the topographical boundaries could depict
the learning space (Kolb & Kolb, 2005). A study originally conducted for the U.S.
General Services Administration in 1999 and updated in 2006 indicated the criteria that
management of organizations should follow when developing high-performance
workspaces (Bloom & Obenreder, 2006). Enabling leadership considers the perspectives
of Lewin and Marrow (Uhl-Bien et al., 2007).
Enabling leadership helps to bolster interactions o f organizational CASs with
strategic level environmental dynamics (Uhl-Bien et al., 2007). Two im portant purposes
for the interaction of CAS exist (a) the ability to bring unsullied information into the
creative atmosphere; and (b) the opportunity to expand the adaptation capacity of the
organization to ever-changing conditions within the work space and m arket space
environments (Uhl-Bien & Marion, 2009). The research questions in the study revealed
57
how the management of the SMEs under study has adjusted and reacted to the economic
strains to foster enhanced learning capacity through enabling leadership. Enabling
leadership can donate to the information stream by embracing behaviors that encourage
absorption of current trends and translate to interactive contributions (Uhl-Bien et al.,
2007). .
Enabling leadership—interdependency. The functionality o f CASs is maximized
through interaction with other CASs (Uhl-Bien et al., 2007). However, interaction alone
is not enough; the units also had to be interdependent (Uhl-Bien et al., 2007). Increasing
the capacity of people to create the desired results occurs through the interdependency of
the CAS networks (Senge, 1990). An organization can learn, benefit from m em bers’
learning, pass the learning through the transformational process to make the knowledge a
standard application, and function as learning and innovative systems (Tanriverdi &
Zehir, 2006). The participating SMEs demonstrated sustainability during the current
economic stressors. The current study framed by the interview questions demonstrated
an atmosphere for nurtured and enthusiastic thinking styles and encouragement for
coworkers to learn together.
Historically, leaders have been expected to solve problems and to intervene when
conflict arises, a practice that could be stifling to interdependency and lim it adaptive
mechanisms (Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009). The traditional
management hierarchies with top-down communication expect employees to w ait to
receive direction (see Figure 2). When problems arise, management consequently
implements the solution without consultation with or inclusion of those in proximity to
the problem (Cangemi & Miller, 2007).
According to CLT, administrative leaders should defy enticement to create an
atmosphere where management is expected to resolve the problems o f the workforce.
(Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009). Enabling leadership must mediate the
overt involvement of administrative leadership to ensure the emergence o f the
interdependent CAS (Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009). Task conflicts
are resolved through the interdependency, and enhanced learning is advanced. The
interdependency of the CAS was an area of interest in the study to identify how
management enhances learning capacity.
Enabling leadership—tension. Enabling leadership should create tension, which
in turn creates an implicit strategy o f adaptation (Uhl-Bien et al., 2007; Uhl-Bien &
Marion, 2009). Heterogeneity, or the differences in skills, preferences, and outlooks
among agents in a CAS, can create internal tension. Creating an atmosphere in which
diversity is expected and respected serves to promote upper management heterogeneity.
Diversity is considered in hiring practices and within working groups to capture a range
of diverse ideas (Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009).
Enabling leaders are expected to do more than foster tension; at times the enabler
is expected to inject tension into the informal dynamics (Uhl-Bien et al., 2007; Uhl-Bien
& Marion, 2009). Upper- and mid-level enabling leaders inject tension through the
implementation of managerial pressures or challenges (Marion & Uhl-Bien, 2001).
Resource allocation, thought-provoking questions, and expansion o f ideas are means of
creating emergent solutions via tension injection (Marion & Uhl-Bien, 2001; Schreiber &
Carley, 2008). Enabling leadership has the cognizance to distinguish between task
conflict, which could result in creativity, and interpersonal conflict that could be socially
59
disruptive (Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009). Recognizing when a group
is stagnated by consensus that results from a lack of diversity, enabling leadership would
infuse the group with heterogeneous perspectives by bringing in additional people and
ideas (Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009). The level o f infused tension
was an area of interest during the study.
Managing the interfaces o f the structure. Enabling leadership is tasked with
managing the intertwining between the dynamics of a CAS and the structure established
for administrative duties of the identified leaders (Uhl-Bien et al., 2007). Two objectives
must be met within the management application (a) preclude administrative leaders from
smothering or restraining beneficial interactive dynamics while fostering adaptive
dynamics consistent with the vision and expectations of the organization, and (b)
facilitate the integration of and implementation o f the suggested creative solutions into
the formal system (Dougherty & Hardy, 1996; Uhl-Bien et al., 2007). The interview
questions in the study exposed whether SME leaders promote or stifle beneficial
dynamics. Enabling leadership must enable the formal and informal organizational
systems to work together rather than oppose each other (Dougherty & Hardy, 1996).
Managing the administrative-adaptive interface. Enabling leaders have a
politically volatile role. The enabling leadership influences the decisions and policies of
the administrative leadership (Dougherty & Hardy, 1996; Uhl-Bien et al., 2007; Uhl-Bien
& Marion, 2009). Protecting the CAS from the internal top-down mandates and
insulating the CAS from external politics are additional duties of enabling leaders
(Dougherty & Hardy, 1996; Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009). The SME
leaders in the current study were in the position o f monitoring and reacting to the external
60
political and economic environments. However, due to the limiting size o f the business
by definition, SME leaders do not necessarily have the same internal political strife as
experienced by larger hierarchical structured corporations. Enabling leaders strive to
convince administrative leadership when CAS dynamics are aligned with organization
strategy (Marion & Uhl-Bien, 2007).
The affectivity of enabling leadership requires a focus on resource distribution
and planning and occasionally may deviate from the planning and resource allocations
within the administrative leadership (Uhl-Bien et al., 2007; Uhl-Bien & M arion, 2009).
Leadership literature, however, is lacking an opinion whether administrative planning
hampers or enables creativity within organizations (Mumford, Bedell-A vers, & Hunter,
2008). Scholars have contended that planning is a necessary pillar of structure to support
creativity. Contradictive views have indicated the vagueness administrators encountered
as they try to forecast and plan for creative flow (Mumford et al., 2008; Uhl-Bien et al.,
2007; Uhl-Bien & Marion, 2009).
Mumford et al. (2008) suggested organizational plans should include limits that
ensure creative emergence is consistent with core values and company competencies.
However, the focus of creativity should not be restrained by practicality and any imposed
limited constraints should not unduly hamper the creative spirit (Mumford et al., 2008).
Nor should adaptive behaviors be unduly managed or tethered (Uhl-Bien et al., 2007).
Leaders of SMEs may embrace the adaptive behavior philosophy to m inim ize conflict.
Encouraging employee suggestions for progressive solutions may assist in achieving
SME goals. Administrative leaders should map a target path for the adaptive process
incorporating long-term goals (Marion & Uhl-Bien, 2001; Uhl-Bien & M arion, 2009).
61
Enabling leadership should assume a systemic relationship in which the onus is to
provide the integrated structure within the two leadership functions (M arion & Uhl-Bien,
2001; Uhl-Bien & Marion, 2009).
Managing the innovation-to-organization interface. Enabling leaders help in the
translation o f innovation to total organization integration (Dougherty & Hardy, 1996).
Internal politics and socioeconomic pressures applied by organization inhibit the internal
dissemination of innovation and information (Dougherty & Hardy, 1996). The role o f the
enabling leadership is to assist administrative leaders with becoming adaptive leaders and
overcoming the internally imposed pressure regulators (Uhl-Bien et al., 2007). Enabling
leadership must encourage administrative leaders to fulfill the role o f champions and
demonstrate personal commitment to the ideas the CAS brings forth (Uhl-Bien et al.,
2007).
Administrative leaders promote organizational learning and innovation by
advancing a vision (Boal & Schultz, 2007). Administrative leaders instill meaning in
followers in fulfilling the vision o f a company. Further, the promotion of the vision
encourages a positive response to new challenges and stimulations and, therefore,
enhances the overall learning capacity of the organization (Boal & Schultz, 2007).
Organizational storytelling is a means for creating excitement and justifying
movement within an organization (Boal & Schultz, 2007). Future behaviors are realized
and legitimized through the venue of historical company stories. The interview questions
may expose whether SME leaders engage in storytelling. The outcomes o f the historical
events provide a justification for past behaviors, building credibility. Therefore, enabling
62
leadership should encourage strategic leaders to engage in storytelling, specifically
regarding narratives of a personal experience nature (Boal & Schultz, 2007).
The organizations in which the SM E participants in the current study worked had
organizational structures with administrative leadership chairs and longevity in the
business unit. The SMEs also had structures that promote innovation and encourage the
emergence of ideas, patents, or uniqueness of product. The study involved determining
through the interview process if the mechanism o f storytelling was evident.
Complexity Leadership Theory: Framework Limitations
Complexity theory is a nonlinear system, and the explanatory nature of the theory
has more value than the prescriptive implementation (Smith & Graetz, 2006).
Complexity and chaos theories are groundbreaking science with the pow er to create
modem Isaac Newtons of the scholars who discover the means of direct application
(Lynch & Kordis, 1988). The conceptual framework for organizing creates a paradox
with the ambiguity of the application to organizations. Recent studies have indicated that
although complexity in action is difficult to analyze, complex adaptive social systems
seek balance and have the ability to self-organize into hierarchical structures (Boal &
Schultz, 2007; Galunic & Eisenhardt, 2001; Goldberg & Markoczy, 2000; Houchin &
MacLean, 2005; Marion & Uhl-Bien, 2003; M umford et al., 2008; Smith & Graetz, 2006;
Uhl-Bien et al., 2007).
The composition of the organizational unit, a variable that determines the
presence of complexity, is an additional limitation to the theoretical framework. Changes
to organizational structure typically encourage a flatter structure (Dijksterhuis, Van Den
Boshch, & Volberda, 1999; Dimaggio, 2001; Pettigrew & Fenton, 2000; Pettigrew et al.,
2003). However, the complexity of devolved decision making, improved collaboration,
and participative management has met with resistance (Smith & Graetz, 2006). The
resistance may result in a reversion to the hierarchical com fort zone. New forms of
organizational structure have appeared and are suggested as possible answers to internal
environmental anxiety. The SME leaders in the study responded to questions regarding
the use of organizational structure. Change is omnipresent, and officialdoms are unable
to respond within sufficient time parameters (Schneider & Somers, 2006). The
disciplines of self-organization and innovation have been concentric to the new forms of
proposed organizations (Pettigrew et al., 2003).
Complexity theory creates another paradox because o f the nature o f the
framework and the conveyance of control (Marion & Uhl-Bien, 2009). M anagem ent
finds equilibrium in predictability and order. Continuously transforming organizations as
a result of chaotic economic stressors and the constant attempt for equilibrium
necessitates an understanding of the disciplines and gaps relevant to enhancing learning
capacity. An exploration of the complex issues o f informal, emergent, and adaptive
leadership must take place (Marion & Uhl-Bien, 2009).
Multiple areas within CLT remain unresolved and contribute to limitations o f the
theory (Uhl-Bien et al., 2007). For example, the enabling functions that emerge from an
integrated yet independent CAS have not been identified (Schreiber & Carley, 2006). An
understanding of the psychological-merged-with-the-social dynamic that occurs in the
gaps between the representatives has not been explored (Schreiber & Carley, 2006; Uhl-
Bien et al., 2007). An understanding of how enabling and administrative leaders help
encourage or stagnate the contexts of enhancing organizational learning capacity has not
64
been researched (Schreiber & Carley, 2006; Uhl-Bien et al., 2007). Simulations have
provided a baseline for the mechanics o f a CAS; however, the lack o f onsite observations
and preprogrammed rules cannot account for unexpected human response (Uhl-Bien et
al., 2007). The current study enlarged the body o f knowledge in CLT.
Competitive Edge
Gaining the competitive edge in business has been the goal for business managers
through many historical cycles (George et al,, 2005). Research in the fields of operations
management (Hult, Ketchen, & Arrfelt, 2007; Hult, Ketchen, & Nichols, 2003), strategic
management (Ghemewat & Cassiman, 2007), and management in general (Adner &
Zemsky, 2006) has increased in recent years. The focus has been on superior
performance, but the overarching concern of firm diversity and talent management has
also been a concern for managers (Rumelt, Schendel, & Teece, 1994).
The concept of cultural competitiveness is a reflection of three primary facets (a)
entrepreneurship, (b) learning orientation, and (c) innovation. Hult et al. (2007) indicated
the failure to provide learning opportunities for employees will result in the loss o f the
competitive edge. Business managers can close the gap between the roles o f knowledge
development and a culture of competitiveness through growth, profits, and engagement
opportunities. Figure 5 depicts Hult’s model of this cultural competitiveness, knowledge
development, and the cycle time for performance.
65
Interaction
Effect
(CC*KD)
Information
Distribution
Innovativeness
Orientation
Learning
Orientation
Entrepreneurial
Orientation
Achieved
Memory
Shared Meaning
Knowledge
acquisition
Knowledge
Development
Market
Turbulence
Cycle Time
Performance
Firm Size
Firm Age
Cultural of
competitiveness
Figure 5. Model of culture of competitiveness, knowledge development, and cycle time
performance in supply chains.
From “Strategic Supply Chain Management: Improving Performance Through a Culture
of Competitiveness and Knowledge Development,” by G. Tomas, M. Hult, D. J. Ketchen,
and A. Mathias, 2007, Strategic Management Journal, 28, p. 1037. Copyright 2007 by
Wiley. Adapted with permission.
Implementation o f Change— Resisters
The focus of the research was that, in the current economic decline, a sound
strategy for SME leaders to increase organizational learning does not exist (Fulton &
Hon, 2009; Garcfa-Morales et al., 2007; PwC, 2011). Deficiencies in organizational
learning became apparent through the 24% reduction in organizational sustainability
when leadership did not address organizational learning capacity (USDLBLS, 2010b).
Complex leadership theory provides a platform for administrative leadership to gam er the
required knowledge (Uhl-Bien et al., 2007).
66
The growing complexity of change in the workplace coupled with the increased
rate of those changes have required employees to adapt and maneuver through change
without a misstep in the actual manufacture of work product (Parish et al., 2008).
Unfortunately for the business manager and in particular the SME leader, the most
common reaction to change is resistance (Caldwell et al., 2004). Leaders of SMEs must
therefore consider the effect on employees in addition to the effect on customers.
Employee level of commitment to change is one forecaster of subsequent
behavioral acquiescence for change within a business (Parish et al., 2008). The
commitment of an individual to change was divided into three categories (Parish et al.,
2008). An employee possesses affective commitment if he or she has an emotional
attachment to, identifies with, and is involved with his or her organization (Parish et al.,
2008). An employee possesses continuance commitment if he or she has a personal
understanding o f the costs associated with leaving the company (Parish et al., 2008). The
third level of commitment is the normative commitment (Parish et al., 2008). An
employee exhibiting normative commitment remains with the company because he or she
feels an obligation to continue employment (Parish et al., 2008).
Understanding the level of commitment o f employees to change may assist
business managers in selecting the method of implementation and may assist the enabling
leadership of CLT (Parish et al., 2008; Uhl-Bien et al., 2007). Leaders o f SMEs must
understand the levels of commitment of their employees, therefore exploring the
discipline of shared vision may add to the understanding. Consistent with CLT, if the
vision of the change is communicated to the employees and a positive em ployee-
manager relationships exist, the likelihood of successful implementation increases (Parish
67
et al., 2008; Uhl-Bien et al., 2007; Uhl-Bien & Marion, 2009). The success of the
implementation increases further if an employee has his or her own m otive (Parish et al.,
2008).
Learning from past mistakes or experiences is critical knowledge SME leaders
must embrace to implement successful change in a business. Individual learning must
take place to maintain the change (Parish et al., 2008). Committed employees want to
contribute and desire to witness the results of their efforts. Learning perm its such
realization among the workforce (Parish et al., 2008). W hen employees are involved in
change they assume personal responsibility for the ideas and consider their enhanced
learning to shape the success of the business (Parish et al., 2008). Personal ownership is
crucial to commitment (Parish et al., 2008).
Business managers must understand that many proposed organizational changes
experience delays or do not occur because of the psychological inability o f the employees
to understand the change, to accept the change, or to adjust to the change (Eilam &
Shamir, 2005). Resistance to change from employees also results if individuals fear
losing their identity (Eilam & Shamir, 2005). The work identity of employees forms
when they have both a source of job satisfaction and the ability to service customers
(Brown & Humphreys, 2006). A sense of who one is, what one values, and how one
connects to others determines a level o f resistance to any change business managers
propose (Brown & Humphreys, 2006). Collaboration, shared vision, and innovation
diminish resistance to change.
Business managers need to acknowledge resistance to change is rarely about what
is happening in the moment, but more about what has happened in the past (Herod,
68
Rainnie, & McGrath-Champ, 2007). Employees will focus on location or space o f a
change (Cutcher, 2009). Previous experience will exacerbate resistance if the experience
was uncomfortable. For example, with the increased bankruptcy filings and subsequent
layoffs experienced in SMEs, employees may focus on a recent personal experience,
especially if it affects their family or friends. Employee responses and reactions are
therefore solidified not only over time but also by space and a depiction of a gap in
experiential learning (Brown & Humphreys, 2006; Cutcher, 2009).
Business managers need to create a learning atmosphere consistent with, instead
of contradictory to, the strategy management provided (Sturdy & Fleming, 2003).
Resistance takes place in the spaces contradictions create. Leaders of SM Es therefore
need to practice what is communicated to the team. Observing a business manager acting
in a manner inconsistent with the message delivered during a team meeting triggers the
instinct to preserve the work space and the identity of the employee (Sturdy & Fleming,
2003). Business managers must understand the tools available to ensure consistency in
message and action (Cutcher, 2009).
Summary
The purpose of the qualitative multiple-case study was to explore and identify
strategies that increased organizational learning and subsequently help SM E leaders
sustain economic competitive status. The broad conceptual area of the study rested
within learning theory. The seminal theories of SLL and DLL (Argyris, 1977, 1982,
1994; Argyris & Schon, 1978) provided a historical theoretical platform for the
disciplines of Senge (1990), which subsequently translated to the nascent disciplines o f
69
(a) organizational structure, (b) collaboration (c) innovation, (d) shared vision, and (e)
talent management. The contemporary disciplines were found in CLT.
The historical perspective disclosed the conflicts of leaders as early as 5000 BC
and transitioned to the conflicts of PwC business leaders (Hassan, 1988; Rosicrucian
Egyptian Museum, 2009; PwC, 2011). The historical transformation of learning theory
coincided with leader transformation and economic environmental conditions. Individual
learning theory, organizational learning theory, and resistance to change have not been
bounded by time. Scholars have attempted to address the issues of business stability and
the competitive edge.
Complexity leadership theory is an emerging interpretive paradigm for SMEs that
extends beyond traditional organizational learning. Complexity leadership theory
represents a platform for the expansion and stability of a business, particularly in
turbulent economic markets. Specifically, CLT provides a flexible tool for those SME
leaders challenged with obstacles different from the leaders o f large corporations.
Multiple conflicting and overlapping frameworks are available for the diagnosis and
prognosis of organizational learning. However, an integrated understanding that includes
the philosophies of SME leaders as the basis for the enhanced learning of a business, and
a narrowing o f the gap in learning theory, is lacking in the literature (M arion & Uhl-Bien,
2009; Snowden & Boone, 2007). The study contributed to the body o f literature for SME
leaders in the industrial and manufacturing sectors of business.
70
Chapter 3: Research Method
Fluctuations in the global economy, the transformation of industries, and
increased business bankruptcies compel the leaders of industrial organizations to focus on
increasing learning capacity (ABI, 2009; PwC, 2011). Industrial m anufacturing SMEs
provided 86% of employment in the United States in M arch 2008 (USDLBLS, 2009).
The problem studied was that in the current economic decline a sound strategy for SME
leaders to increase organizational learning capacity did not exist (Fulton & Hon, 2009;
Garcfa-Morales et al., 2007). The purpose of the qualitative multiple-case study was to
explore and identify strategies that may increase organizational learning and subsequently
aid SME leaders in sustaining economic competitive status. The study results advanced
the knowledge base regarding how SME leaders approach increasing organizational
learning to sustain the business. The study results supported formative recommendations
on how SME leaders within the industrial manufacturing sector can increase
organizational learning capacity.
The focus of the study was the main research question: How do SM E leaders
responsible for the financial health and survival o f an SM E enhance organizational
learning in the industrial manufacturing sector? The following questions supported the
inquiry:
Q l. How do SME leaders use the discipline of organizational structure to
enhance learning?
Q2- How do SME leaders support the emergence of new ideas?
Q3. How do SME leaders support knowledge sharing?
71
Q4. How do SME leaders use the discipline of talent management to enhance
organizational learning?
Q5. How do SME leaders use the discipline of shared vision to enhance
organizational learning?
Q6. How do SME leaders demonstrate commitment to enhanced
organizational learning?
The methodology chapter of the study includes a description of the research
methods and procedures related to the research design. The first section includes a
summary of the multiple-case-study design and an explanation why the case-study
methodology was used to complete the study. The second section includes an
explanation of how the industrial SME companies were selected for the study and why
the study included four study locations. The remaining sections of Chapter 3 included
the interview protocol, the procedures used to collect and analyze data, and the
assumptions and limitations of the study. A discussion of the protection o f the rights of
human subjects served to qualify the standards employed in the study for protecting the
case-study participants.
Research Method and Design
Social research involves the use of three methodological approaches (a)
qualitative, (b) quantitative, and (c) mixed methods (Trochim & Donnelly, 2008).
Qualitative studies are intrinsic to the analysis of words and are for exploring themes,
common experiences or cultures, and learning experiences (Shank, 2006). Quantitative
research studies align with numbers and their meanings to formulate hypotheses, compare
results to predictions, or define trends (Miles & Huberman, 1994; Shank, 2006). Mixed-
72
methods research includes both qualitative and quantitative pursuits. The research study
included a qualitative methodology as the research involved exploring and identifying
strategies that increased organizational learning and not forming or proving a hypothesis.
Qualitative methodology has five options for design (a) ethnography, in which a
phenomenon is tied to the notion of ethnicity and geographic location; (b)
phenomenology, in which the respondents experience a phenomenon; (c) field research,
in which the researcher goes into the field and observes the phenomenon in the natural
state; (d) grounded theory, in which the purpose is to develop new theory about the
phenomenon observed; and (e) case-study research, in which the purpose is to understand
complex social and contemporary phenomena of individuals, groups, or organizations
(Trochim & Donnelly, 2008; Yin, 2009). The research involved developing an
understanding of the complex social contemporary phenomena of organizational learning
and looking for themes by analyzing words relative to how the SME leaders enhanced
organizational learning. The case-study design was therefore the appropriate choice for
the research study.
The research design included a multiple-case, embedded design as described by
Yin (2009). The multiple-case-study design, as opposed to a single-case study, increased
the internal validity of the findings and allowed for cross-case synthesis (Voss et al.,
2002). Researchers may also accomplish replication with a multiple-case design (Yin,
2009). The multiple-case design was ideally suited to capturing the rich, intense features
of a social system found in CAS (Caniels & Romijn, 2008; Shank, 2006; Uhl-Bien et al.,
2007; Yin, 2009). Four single-case studies, one for each SME, were independently
analyzed followed by a cross-case synthesis (Yin, 2009).
The single SME case-study sites were a unit of measurement in the multiple-case
study, as shown in Figure 6 (Yin, 2009). The individuals responsible for the daily
operations, quality of product, and financial health of the SME participated in interviews
and described the CAS of the location, which constituted the units o f embedded
measurement within each individual case-study site. The criteria used to focus the
current study were the disciplines of enhanced learning capacity identified by the
respondents in the PwC survey and in the literature (PwC, 2011; Uhl-Bien et al., 2007).
The enhanced learning capacity framework became a platform for aligning the results to
future studies.
MULTIPLE-CASE EMBEDDED DESIGN
MULTIPLE-CASE STUDY
CASE A CASE DCASE B CASEC
INTERVIEWEES
Figure 6. Multiple-case-study design for the study that demonstrates three people were
interviewed in each case.
The results of the study were the outcome of a three-phase study design (Yin,
2009). The flow of the design appears in Figure 7. The structure provided organization
and flow to the multiple-case-study process. The phasing provided the researcher the
ability to maintain separation of the individual cases until a cross-comparison and
74
discussion were appropriate.
C ase S tu d y M ethodology Flow
3.4 Wrise cross-
cnpe rqu>ji
3.1 Draw cross-case
OfmctllFHOTS
2.1 Coordinate Site Vtsatx
1,1 Select Enhanced
Learning C apacity
FrffiDcwwit
3 J Develop strategic
mnn*j«ffnrtens imj»5c«t*nns
3,2 Review enhance
te am in g capacity
frameworks
1,3 D esign fctn cijllecttcm
protoonl and xetect
msuurDemaJioft
2,2,2 Transcribe Interviews
Review N ales
Write Report
2,2„1 Tmmcrfhe Interviews
Review Natex
Write Rtpoal
2.2.4 TmrKcrihe Interviews
Review Notes
Write Report
2,2,1 Transcribe Interviews
Review N ates
Write Rtport
2.1.2 Cooduct Case B
(interviews)
2.1.4 Conduct Case D
(jntervicm*)
2.1.1 Conduct C*sc A
(interviews)
2.1.3 Conduct CascC
(interviews)
1.2 (deadly Case Sites
1.0 D efine and D esign tb£ Stody
3.0 A nalyzsondCoaclude
2 .0 Prepare. C ollect, an d Write
Figure 7. Methodology implementation flow.
Population
The U.S. Census Bureau (2009) defined SMEs as firms with less than 500
employees. The USDLBLS (2009) indicated SMEs provided 86% of employment in the
United States in March 2008. Over half of the SMEs were industrial manufacturing
firms, and over half of those firms provided products to the aerospace and automotive
75
industries (USDLBLS, 2009). Small and medium-sized enterprises serving the aerospace
and automotive industries were therefore representative of domestic business, and a
viable population for the research study. The management o f X-Brand Corporation (a
pseudonym), rated in the top 10% of the Fortune 500, and a representative of domestic
management companies, volunteered a business database for case-study candidate
sampling.
Sample
A two-stage screening process of candidates is recommended when a study has
more than 30 possible candidates (Yin, 2009). The first stage of the screening involved
identifying the potential candidates for the study. The database of X -Brand Corporation
consisted o f 86 SMEs and was representative of a viable candidate pool (Yin, 2009).
The second stage of screening involved identifying operational criteria to filter
out qualified cases (Yin, 2009). The operational criteria were drawn from the purpose of
the qualitative multiple-case study to explore and identify strategies that may increase
organizational learning and subsequently aid SME leaders in sustaining economic
competitive status (Bochner et al., 2008; Miles & Huberman, 1994). The criteria
included a 24-month quality-of-product and on-time delivery performance history of the
86 SMEs (Snider, Silveira, & Balakrishnan, 2008; Sousa & Voss, 2007; Voss et al.,
2002). The viable candidates exhibited consistent improvement in quality and delivery,
and less than a 5% increase in workforce population in the 12 months preceding the study
(PwC, 2011). The potential case-study site candidates’ performance histories appear in
Table 2.
76
Table 2
Case-Study Site Candidate Performance H istories
Industry Workforce Leadership < 5 % increase in Consistent
served population membership workforce population improvement
Aerospace
defense and
automotive
No less than 50
and no greater
than 499
Operational,
quality, and
financial health
Net hiring balanced
by attrition
Quality and
delivery
86 86 86 72 22
The goal of the first and second screening criteria was to reduce the number of
candidates to a viable sample of 20 to 30 perspective candidate sites (Yin, 2009).
Twenty-two case-study candidates exhibited the desired characteristics, which m et the
goal of the screenings. The next task was to narrow the field of 22 perspective candidate
sites. The researcher reviewed the suggestions o f several scholars to narrow the case-
study participant field.
Data from two case-study sites may not provide the variety of perspectives on the
phenomena for comparison or the ability to achieve data saturation (M uscatello, Small, &
Chen, 2003; Nah & Delgado, 2006; Sandelowski, 1995; Snider et al., 2008). Data from
five or more sites may become excessive, repetitive, time consuming, and o f little added
value (Muscatello et al., 2003; Nah & Delgado, 2006; Sandelowski, 1995; Snider et al.,
2008). Mindful of those suggestions, and coupled with the accessibility to specific sites
and the specific site manager’s willingness to participate, four final candidates were
selected. Each of the four sites was experiencing the phenomenon of increased learning
as evidenced through the X-Brand Corporation database quality metrics (Pettigrew,
1990). The four sites each constituted an embedded single case and were designated as
Case A, Case B, Case C, and Case D (Yin, 2009).
The input obtained from the three interviewees at each site was obtained from the
individuals responsible for the daily operations, quality o f product, and financial health of
the SME (Patton, 2002; Shank, 2006; Yin, 2009). The use of three participants at each
site allowed for the completion of data collection within 1 day with minimal disruption to
the business operations at the case-study site (Gordon & Tarafdar, 2007; Krueger, 2000;
Langford, Schoenfeld, & Izzo, 2002; Snider et al., 2008). Identifying the three
interviewees involved a purposive sampling strategy (Krueger, 2000; M orse, 1994).
Selecting interviewees with relevant knowledge o f the phenomena enhanced the
credibility of the findings (Rubin & Rubin, 2005; Seidman, 2006).
The four study site organizations were recruited through personal and e-mail
contacts using the personnel references o f the procurement organization of the X-Brand
Corporation (see Appendices A, B, C, and D). A general lack of knowledge about how to
enhance learning capacity exists within the SME industry, and the SM E case-study
organizations served as models for other companies whose leaders have not addressed the
topic. The methods the leaders of the case-study SMEs employed to enhance learning
capacity within their respective organizations contributed to expanding research theory in
the field of organizational learning and complexity learning theory.
Materials/Instruments
The design of the study was field-based, and interviews were an appropriate
primary data collection instrument (Kvale & Brinkmann, 2009; Shank, 2006; Yin, 2009).
A semistructured interview approach allowed for open-ended questions and discussions
and negated the rigidity of a telephonic or online survey approach (Voss et al., 2002).
The assessment questions in Appendix F were adapted with permission from the 2 0 0 9 –
78
2010 Malcolm Baldrige National Quality Award (MBNQA) criteria (National Institute of
Standards and Technology, 2009) and the 14th Annual CEO Survey (PwC, 2011). The
MBNQA criteria have been validated by more than 1,099 assessments since 1990
(Baldrige National Quality Program, 2010; Jayamaha, Grigg, & Mann, 2008). The PwC
(2011) survey was compiled over 14 years and was administered to m ore than 1,500
CEOs in 65 countries in 2010. Appendix G was a source map for the assessm ent
protocol questions and the source documents.
The MBNQA (National Institute of Standards and Technology, 2009) and the
PwC (2011) criteria were designed to bring forth responses that described current
processes related to enhanced learning capacity (National Institute of Standards and
Technology, 2009). A description of how the leaders currently examine and implement
learning opportunities within the organization was disclosed and aligned with the focus of
the study. A descriptive viewpoint was appropriate for exploratory case studies (Yin,
2009).
Six means of discovery were available while doing field research (a) interviews,
(b) documentation such as financial records and quality metrics, (c) direct observations of
the participants and made by the researcher, (d) participant observations made by the
participants on each other, (e) physical artifacts such as organizational charts, and (e)
archival records (Yin, 2009). The dilemma between espoused theory and theory-in-use is
often perpetrated by the use of only one data collection instrument (Argyris & Schon,
1978). The dilemma was minimized in the current study by using an assessm ent protocol
to ensure the same questions were asked of each respondent and by using the researcher
79
notes. Additionally, the multiple-case-study design provided a synthesis during cross
case analysis (Kvale & Brinkmann, 2009; Seidman, 2006; Yin, 2009).
A participant consent form was used to support and facilitate the research (see
Appendix H). Each interviewee received the consent form prior to the commencement of
the data collection process (Rubin & Rubin, 2005; Seidman, 2006). The Institutional
Review Board (IRB) approved the consent form prior to its use.
An interview guide was used as a framework to ensure the same questions were
pursued with each interviewee (Douse, 2009; Patton, 2002; Rubin & Rubin, 2005). The
interview guide also included a space for the researcher to record notes and observations
during the interview process. Participants provided permission to record the notes and
observations using the interviewee consent form.
A digital recorder was used to record the interviews. Manual transcription o f the
interview conversations was performed with the assistance o f a professional
transcriptionist with multiple years of experience (Seidman, 2006). W ritten transcription
instructions were provided (see Appendix I). The digital format was provided for
computer-based word-processing translation as a secondary means of transcription.
Computer-based transcription of the audio interview tapes was performed using NVivo 9
qualitative analysis software (Miles & Huberman, 1994; Patton, 2002).
Data Collection, Processing, and Analysis
Data collection for the research study was field-based, was qualitative, and
provided the opportunity to understand the details o f the problem (Caniels & Romijn,
2008; Shank, 2006; Yin, 2009). Execution of the research design followed the process
flow shown in Figure 7. The researcher served as the coordinator, along with the
80
respective case-study company points of contact, for establishing the dates and times for
the site visits, as shown in Phase 2.1 of Figure 7. Permission to conduct research was
requested at each respective case-study site. The presidents of the respective case-study
sites granted permission to conduct research at the sites and confirmed no harm would
come to the individuals who elected to participate, or not to participate, in the study (see
Appendices A, B, C, and D for Cases A, B, C, and D, respectively).
Purposive sampling was used to identify three interviewees depicted in Phases
2.1.1, 2.1.2, 2.1.3, and 2.1.4 of Figure 7. The primary data collection process of face-to-
face, open-ended question interviews took place during Phases 2.1.1, 2.1.2, 2.1.3, and
2.1.4 o f Figure 7 (Kvale & Brinkmann, 2009; Seidman, 2006). The interviews enabled
the interviewees to tell their stories in their own words (Voss et al., 2002). Guiding
interview questions from the assessment protocol were used (see Appendix F). The
experience of the interviewees and the meaning they made o f the experience contributed
to how the learning capacity of the organization had been enhanced (Kvale & Brinkmann,
2009; Seidman, 2006).
The interviews were digitally recorded, with the permission o f the interviewees.
The recording instrument was tested prior to the start o f each interview to ensure clear
audio reception (Seidman, 2006). The assessment protocol (see Appendix F) served as a
guide for assessing the interview contents and offered a means for follow -up questions to
ensure completeness of the assessment (Patton, 2002; Shank, 2006). The researcher
recorded notes and comments during the interview process. Notes and comments were
reviewed following each interview (Cutcher, 2009; Seidman, 2006).
The interviews were transcribed and the transcriptions transferred to computer-
based software. The audiotapes were copied to CDs, which were in turn provided to the
transcriptionist immediately upon completion of the interviews. The CDs were labeled to
protect the identity of the participants and were transcribed as close to the interview time
as practical to allow the researcher to recall and reflect on the meaning conveyed at the
time o f the interview (Cutcher, 2009; M iles & Huberman, 1994).
Data reduction and analysis commenced using an iterative approach and
prevented the research from progressing along the lines of a preconceived idea of what
should be found (Schram, 2006). The method provided a platform for the em ergent
discoveries to be included in subsequent case analyses (see Table 3).
Table 3
Data Reduction and Analysis
Step Stage Action
1 Initial
screening
Determine relevance o f company data to each interview
question in Appendix F
2 Reduction and
elimination
Discard information that is abstract, extraneous, vague, or
insufficient to understand or categorize
3 Application of
data codes
Utilize NVivo 9 tool to assist with coding
4 Thematizing Examine coded data for emergent themes that are reflective
of the disciplines of the theoretical framework
5 Analyze
comparatively
Use a series of conceptually clustered matrices based on
theme and pattern codes to facilitate cross-case com parison
6 Report findings Attached significance to the results
Coding grammar for setting context was applied first (Bogdan & Biklen, 2007;
Miles & Huberman, 1994). Attribute coding was appropriate to harmonize with the
Computer-Assisted Qualitative Data Analysis System language of NVivo 9. Attribute
82
coding is appropriate for multiple participants and sites, and for research consisting of
interview transcripts and site documents (Bogdan & Biklen, 2007; Saldana, 2009).
Structural coding acted as a labeling and indexing device. Structural coding is
appropriate with multiple participants, multiple sites, and during exploratory
investigations that include interview protocols (Namey et al., 2008; Saldana, 2009).
Thematizing involved reviewing the text and apportioning an appropriate theme
and subtheme to segments of the text (Cutcher, 2009; Schram, 2006). The process was
facilitated using NVivo 9 software to reduce the vast array o f words, sentences,
paragraphs, and pages to items of most significance and interest (Miles & Huberman,
1984; Seidman, 2007). Using alpha-numeric indicators to represent the interviewees in
the study and to protect the anonymity of each case-study site, the researcher analyzed
the transcriptions as mapped in Table 3.
The individual cases were analyzed first as indicated in Phases 2.2.1, 2.2.2, 2.2.3,
and 2.2.4 of Figure 7. An individual case report was prepared. A cross-case analysis was
then performed as indicated in Phase 3 of Figure 7, completing the multiple-case
comparative study (Yin, 2003, 2009). The researcher attached significance and
prioritization to what was found, made sense of the findings, and offered explanations to
various patterns that emerged from the data analysis (Miles & Huberman, 1984; Patton,
2002; Yin, 2009). The transparency of the design allows the reader to assess the
thoroughness of the work as well as the conscientiousness, sensitivity, and biases of the
researcher (Rubin & Rubin, 2005).
83
Assumptions
The multiple-case qualitative study included five assumptions. First was the
assumption the case-study site interviewees understood the anonymity and confidentiality
o f the study. The second assumption was the interviewees would offer candid
perspectives and responses to interview questions based on their experiences and
personal knowledge. Third, it was assumed the cultural and environmental factors o f the
various geographical locations of the case-study sites were inherent and could not be
removed by design. The fourth assumption was the sample for the study would reflect an
appropriate cross-section of available data. The final assumption was the qualitative
researcher would have the skills required to generate emerging themes from the data and
would render findings based on the data.
Limitations
Three known obstacles limited the study. The limitations were inherent in the
nature of qualitative research. First, the small fraction o f the overall SM E businesses
examined was a limitation of the study. Partial mitigation o f the limitation was attempted
by the geographical dispersion of the case-study sites. Similar to each other in industries
served, work performed, and employee population, the four embedded case-study-sites
were located on both coasts of the continental United States. Including both geographical
regions helped to minimize the possibly o f regionally or culturally influenced results
(Rubin & Rubin, 2005).
The second limitation was an influence o f time, financial resources, and
participant manufacturing schedules constraints. The data collection phase required the
researcher to travel wide-ranging distances to the individual case-study sites. The case-
84
study site visits required the purchase o f airline tickets, and substantial financial
expenditures were minimized by sequential reservations. The case-study sites were
actively engaged in the manufacturing o f product, and the researcher was committed to
collecting data with minimal interference to daily operations.
Delimitations
The sample investigated was delimited to include 12 SME leaders. A purposive
sampling strategy ensured (a) all participants were leaders with decision-making
authority; (b) were responsible for the daily operations, quality of product, and financial
health of the SME; and (c) were in their respective positions at the respective SME
companies for a minimum of two years prior to the data collection. The delimitations
were implemented to allow for data collections that were accurate and current. The
delimitations further enhanced the credibility of the findings (Rubin & Rubin, 2005;
Seidman, 2006).
Ethical Assurances
Data were collected from participants at selected case-study sites only after
receiving approval from Northcentral University’s IRB. The steps and provisions taken
within the multiple-case research study followed the guidelines of the Northcentral
University IRB and suggestions of the Collaborative Institutional Training Initiative,
which relied on the Belmont report (U.S. Department of Health, Education, & Labor,
1979). The primary data collection instrument for the study was the participant
interviews. The data collection instrument did not include any deception or
misinformation.
The participants were entitled to respect and were treated as autonomous agents
(U.S. Department o f Health, Education, & Labor, 1979). The participants were informed
about the nature of the study and the procedures to be used. Interactions with the
participants were respectful, honest, and professional. Risks were outlined and
communicated via the informed consent form, which was an adaptation o f a template
provided to research students by Northcentral University (see Appendix H). Further, the
participants were allowed to withdraw from or cease participation in the study at any time
(see Appendix H).
The respective participants and case-study sites were entitled to beneficence and
ensured by the IRB (U.S. Department of Health, Education, & Labor, 1979). No physical
dangers were associated with the study. The presidents o f the respective case-study sites
granted permission to conduct research at the respective sites (see Appendices A, B, C,
and D).
Participants were assured the information they provided would remain private and
confidential. The case-study site participants as well as the individual interviewees at the
respective case-study sites contributed significantly to the national security of the United
States. Additionally, companies mentioned in the various interviews were not asked to
provide permission to use their respective names in the research. The research was not
intended to denigrate a particular company, supplier, or industry. The interviewees were
encouraged to speak freely without hesitation to maintain a flow o f conversation. Undue
stress could have resulted if the interviewees had to speak with caution regarding the
mention of names, rather than a free-flowing conversation. Further, public disclosure of
the participants could have negative consequences on contract continuation. Therefore,
86
due to the sensitive nature of the business, the names of participant site companies or
individual participants were not disclosed in the study.
Audiotapes and transcriptions remained in a secure file system and locked in a
research office. Information collected was coded and the original source o f information
remains known only to the researcher. The case-study sites were identified by an
alphabetical code. The names of the companies and presidents in the respective
permissions to conduct research e-mails were redacted and identified by the alphabetical
code. Only the overall case-study site results and cross-site comparison results will be
reported. Information gathered during the study will forever protect the identity of the
participants. The participants were assured the information they divulged would not be
misrepresented or misreported.
Summary
The study addressed the problem that in the current economic decline, a sound
strategy for SME leaders to increase organizational learning did not exist (Fulton & Hon,
2009; Garcfa-Morales et al., 2007; PwC, 2011). The research study included a qualitative
methodology as the research involved exploring and identifying strategies that may
increase organizational learning and was not intended to form or prove a hypothesis. The
management of X-Brand Corporation (a pseudonym), rated in the top 10% of the Fortune
500 and representative of domestic management companies, volunteered a business
database for possible case-study candidate selection. The operational criteria were drawn
from the purpose of the qualitative multiple-case study and included a 24-month quality-
of-product and on-time delivery performance history o f the 86 SMEs. The viable
candidates exhibited consistent improvement in quality and delivery and less than a 5%
increase in workforce population in the 12 months preceding the study. D ata were
collected from personal interviews of 12 SME leaders conducted on four case-study sites
that were representative of the SMEs providing 86% of employment in the United States
(USDLBLS, 2009). The data were analyzed to understand and identify strategies that
may increase organizational learning. Individual case-study reports were developed,
followed by a cross-case analysis. The study results advanced the knowledge base
regarding how SME leaders used the identified strategies to increase organizational
learning and subsequently sustained an economic competitive status. Approval by the
IRB was pursued and received prior to the commencement o f any data collection.
88
Chapter 4: Findings
The purpose of the qualitative multiple-case study was to explore and identify
possible strategies that may increase organizational learning at SMEs and subsequently
aid in sustaining economic competitive status. The impetus of the study was the main
research question: How do SME leaders responsible for the financial health and survival
o f an SME enhance organizational learning in the industrial manufacturing sector? The
results are based on the cumulative data from SME leader interviews conducted at the
four embedded case sites. An assessment protocol (see Appendix F) was used to solicit
participant responses relative to the research questions. The exploration o f the data
focused on the lived experiences of the SME leaders and was attentive to the SME
leaders’ sensitivities and views of organizational learning (Yin, 2009).
The chapter contains a presentation of the results organized according to research
questions and is in accordance with the method described in Chapter 3. The results are
followed by an evaluation of findings. The findings are interpreted in light of the
theoretical framework of complexity leadership theory described in Chapter 1. The
findings are supported by the literature reviewed in Chapter 2. The research study added
to the literature by identifying strategies that could increase organizational learning at
SMEs and built upon the work of other researchers (Andert et al., 2011; Crawford et al.,
2009; Marion & Uhl-Bien, 2009; Uhl-Bien et al., 2007). Specifically the theories of
complexity leadership theory and complex adaptive systems were expanded as the
research provided evidence that CLT and CAS exist outside the realm o f the academic
classroom, are found in the industrial manufacturing sector, and have a role in
organizational learning. The chapter concludes with a summary.
89
Results
The data were collected from the in-depth, open-ended personal interviews of
twelve SME leaders from four embedded case sites. The case sites were geographically
dispersed in an attempt to limit geographic-specific conclusions (Yin, 2009). All
interviews were conducted in person between M ay 2012 and June 2012. The interviews
were audio taped (Moustakas, 1994). The duration of the interviews ranged from 1 hour
25 minutes to 3 hours.
Recordings were transcribed and imported into NVivo 9 for analysis. Analysis
was conducted by coding the transcriptions. The explication process tracked the data
reduction and analysis methodology set forth in Table 3. Thematizing was performed at
the research question level.
The responses of the SME leaders provided demographic information relative to
the embedded case site SMEs. The SMEs represented the northeastern, southeastern,
western coastal, and the southern inland regions o f the United States. All were long-
established SMEs; the establishment of the site with the longest history occurred in 1948.
All SMEs were privately held institutions. The ages of the employees ranged from those
qualifying for part-time employment via internship programs at the age o f 16 years to
full-time employees at the age of 75 years. Education extended from individuals with no
formal education to individuals with master’s degrees. Longevity with the company
ranged from an average low of 15 years to an average high o f 25 years, and did not
account for interns or other part-time employees. The primary customers o f the SMEs
were the automotive and aerospace defense industrial manufacturing sector. The annual
sales of the respective sites ranged from $10 to $103 million. The site demonstrating the
90
high end of the sales scale was posturing to transition out o f the classification of SM E as
defined by the U.S. Census Bureau (2009).
Following is a presentation of the results o f the study. Data tables are used to
depict the emergent themes, number o f occurrences, and a representative sampling of
interview responses. Data presented in the form o f representative responses from the
interviews may have contained words or names that may have given indications of
identity. Given the consequences toward national security and to m aintain anonymity,
some words have been redacted and replaced with “xxxx” .
Research Question Q l. How do SME leaders use the discipline of
organizational structure to enhance learning? Interview Questions 1 through 7 were
designed to address research question Q l. An analysis of data directed at the
organizational structure of the SMEs and how the structure was used by the SME leaders
to enhance learning revealed 443 responses. Ten themes presented with one theme
absorbing 38.83% of the total responses: communication. The emergent themes,
numbers of responses, and corresponding percentages are presented in Table 4 in
descending order of occurrence. Representative responses for the dominant theme are
presented in Table 5.
Communication was discussed relative to organizational structure. Seventy-five
percent of the SME leaders described the structure of their respective SMEs as being a
non-pyramidal organization. The SME leaders used the term flat-lined organizational
structure and indicated the SME had a president to lead the company. The president
relied upon three or four key SME leaders for all critical operations o f the business.
91
Table 4
Research Question Q l: Emergent Themes
Themes N %
Communication 172 38.83
Learning Environment 57 12.87
Structure 52 11.74
Customers 44 9.93
Strategy 44 9.93
Economy 31 7.00
Workforce Profile 23 5.19
Governance 9 2.03
Flat-lined 8 1.81
Union 3 0.68
Total 443 100
Table 5
Research Question Q l, Prominent Theme: Communication
Theme_______ N __________________ Representative Responses_______________
Communication 172 He [the president] communicates wh y . . . . H e’s not ju st
barking orders.
Because we are a small company, he [the president] is very
accessible and likes it that way. They can come up to him
anytime as well.
We have a very open-door policy; not a lot of people to go
through to have a discussion or get an answer.
Visible, very visible. Two-way communication with the
employees. W e work together as a team
We are encouraging feedback from everyone on the shop
floor. Our organizational structure provides them with
multiple avenues for discussion and to bring up concerns or
compliment their teammates.
Our structure is that, number one, the owner has a policy that
he has an open-door policy; if we have any problems, then
we have the understanding that we are welcome to go and
visit with him, and many folks talk to our president all the
______________________ time. He enjoys when people come into his office._________
92
The atmosphere created by the flat-lined structure was referred to as casual and one in
which formal relationships were minimal. The SME leaders believed the structure
promoted a line of direct and rapid communication from the SME leaders to the
workforce. Additionally, the organizational structure provided an ease in access to the
SME leadership for the workforce. The duality o f the communication chain fostered
open communication and knowledge sharing among employees.
The remaining twenty-five percent of the SME leaders described the structure of
their SME as being the traditional hierarchical pyramidal structure. The structure as
described sustained a president, multiple layers o f vice-presidents, directors and various
levels of managers, finally arriving at the workforce on the factory floor. However, the
SME leaders with the hierarchical structure further described nuances such as
communication managers that allowed the larger organization to function much like the
flat-lined organizations described by the other SME leaders.
The SME leaders were unanimous in acknowledging the importance of
communication. Rapid, accurate, negations of false embellishment, or understatement of
information, were terms used by the SME leaders to describe the dissem ination of
information. Feed-back, two-way communications, and open-door policies were stressed
as the means for quick response times to posed questions. The SME leaders believed in
having the employees working and talking together. Cross-training opportunities were
noted as a means of growing knowledge for the employees o f the SME. Self-emergent
teams and team leaders were recognized as value-added contributors to the overall
success of the company.
93
Research Question Q2. How do SME leaders support the emergence o f new
ideas? Interview Questions 8 through 10 were designed to address research question Q2.
An analysis of data directed at how new ideas are supported by SME leaders yielded 218
responses. Six themes emerged with one theme absorbing 55.05% o f the total responses:
innovation. The emergent themes, numbers of responses, and corresponding percentages
are presented in Table 6 in descending order of occurrence. Representative responses for
the dominant theme are presented in Table 7.
Table 6
Research Question Q2: Emergent Themes
Themes N %
Innovation 120 55.05
Communication 36 16.51
Employees 27 12.38
Partners 17 7.80
Learning Environment 11 5.04
Highest quality product 7 3.21
Total 218 100
The SME leaders relied upon the casual organizational structures and open
communications to promote creativity among the employees. The consensus was the
workforce contained creative individuals and therefore they should be enabled to work
without restraint. A culture that permitted employees to brainstorm ideas was described
by 92% of the SME leaders. Lab areas, or creative sandboxes, were described by 83% of
the SME leaders. The creativity areas were designated areas within the manufacturing
floor where employees were encouraged to convert the brainstormed ideas into real
product.
94
Table 7
Research Question Q2, Prominent Theme: Innovation
Theme_________ N __________________Representative Responses______________
Innovation 120 You have creative people and you enable them to work
freely.
Pilot, demonstrate, show, incorporate, educate.
Everybody to some degree has their ear to the ground as to
what’s out there.
If you don’t become innovative and come up with new
ideas on how to make a product, someone else is going to
come in there and take that jo b away from you.
We are taking a look at the things we do today and trying
to look at what we believe the requirements and the
expectations of our customers will be 20 years from now.
W e’re forming teaming relationships with those that are
best in class, where we can complement each other and
grow into the future.
__________________________ We know that our future is directly tied to innovation
One SME leader described the innovative model for the SME. The model
translated the generation of an idea to a pilot product; allowed the employee to
demonstrate to others how the product should be used; incorporate the feedback of
others; and educate the entire team on the final product. The SME leader em phasized the
importance of the creativity in furtherance of the welfare of the business. Additionally,
75% of the SME leaders believed the creative atmosphere permitted the em ergence of
self-designated leaders and ownership of activities.
Relationships with the supply chain and customers were denoted as innovative
avenues by 83% of the SME leaders. Employees were encouraged to communicate
directly with the customers and suppliers. The SM E leaders believed the direct line of
95
communication eliminated time delays frequently encountered when seeking permission
for contact, and generated increased excitement during the discovery process.
Investment in research and development was described by 75% o f the SME
leaders. Forward looking, long-term plans and capital investments were discussed. The
noted SME leaders expressed a conviction in the importance of planning for the rapid
changes in technology. The remaining 25% of the SME leaders expressed concern with
the depressed economy o f the localized area. Due to the nature of the majority of the
military contracts serviced by the SME the posture was to delay investment in research
and development. Consequently the same SME leaders also suggested that while
brainstorming ideas were encouraged from the workforce, rarely were the ideas
implemented.
R esearch Q uestion Q3. How do SME leaders support knowledge sharing?
Interview Questions 11 through 15, 31, and 32 were designed to address research
question Q3. An analysis of data directed to discover the knowledge sharing strategies
yielded 555 total responses. Eight themes presented with one theme absorbing 31.89% of
the total responses: communication. The emergent themes, numbers o f responses, and
corresponding percentages are presented in Table 8 in descending order o f occurrence.
Representative responses for the dominant theme are presented in Table 9.
The support of knowledge sharing was described by 92% of the SM E leaders as
dynamic. The SME leaders were visible on the factory floor and referred to the casual
organizational structure as being conducive for interaction with the employees. The SME
leaders were not viewed as isolationists who governed from a secluded office, but rather
were viewed as technically astute and a source o f knowledge.
96
Table 8
Research Question Q3: Emergent Themes
Themes N %
Communication 111 31.89
Learning Environment 145 26.13
Customers 72 12.97
Government 52 9.37
Collaboration 50 9.0
Continuous Improvement 30 5.4
Suppliers 15 2.70
Highest Quality Product 14 2.52
Total 555 100
Table 9
Research Question Q3, Prominent Theme: Communication
Theme_________ N_______________ Representative Responses____________
Communication 177 The leaders are out on the floor working the machines
with them.
W e have walkie-talkies to communicate immediately, so if
there is a problem or a good thing going on, everyone
knows about it right away.
Everyone seems to be pretty open . . . not afraid to bring
up an issue or concern and consequently we all learn.
The encouragement of a culture of thinking was described by 75% o f the SM E
leaders. Peer-to-peer training opportunities were provided. Employees were encouraged
and supported to attend external training classes. The expectation was a translation o f the
gained knowledge to peers upon return.
The SME leaders portrayed relationships with the SME customers and supply
chain as paramount to knowledge sharing. Engaging the customer and critical supply
base early in the process often resulted in a reduction in the cost of the product.
97
Unfortunately, in one instance the SME leader consistently referred to individual efforts
rather than team efforts. The acquisition of knowledge by the individual did not translate
to shared knowledge for the workforce.
R esearch Q uestion Q4. How do SME leaders use the discipline o f talent
management to enhance organizational learning? Interview Questions 16 through 30, 33,
and 34 were designed to address research question Q4. An analysis of data directed to
discover how SME leaders utilized talent management to enhance organizational learning
yielded 279 responses. Six themes presented with one theme absorbing 43.70% of the
total responses: compensation. The emergent themes, numbers of responses, and
corresponding percentages are presented in Table 10 in descending order of occurrence.
Representative responses for the dominant theme are presented in Table 11.
Table 10
Research Question Q4: Emergent Themes
Themes N %
Compensation 122 43.72
Workforce Profile 90 32.26
Strategy 23 8.24
Communication 20 7.17
Education 12 4.3
Experience 12 4.3
Total 279 100
The SME leaders utilized compensation as the primary means to m anage talent
within the SME. Benefit packages which included medical, dental, vision, and vacation
plans were offered by 100% of the SME leaders. Company matched 401(k) packages
were offered by 75% of the SME leaders. Notably, 25% o f the SME leaders also offered
an employee stock option (ESOP) program which was described as the single attraction
98
to acquiring and retaining talent within the SME. The ESOP was described as unique for
the geographical location and specifically for SMEs.
Table 11
Research Question Q4, Prominent Theme: Compensation
Theme_________ N __________________Representative Responses______________
Compensation 122 They [the employees] are paid fairly and they know it is
rough out there and they are treated fairly from the CEO
down.
W e understand what the proper compensation is in the
area and we try to meet or beat that and sustain that.
W e benchmark and we are a member o f the Precision
Machining Association so you get statistics from there.
They have medical and dental insurance; 401(k) and the
company is still matching up to half.
I actually feel that these people helped us build the
company into who and what we are, and when they retire,
they should actually have something to take with them
besides a handshake and a going away party
The company has tickets to professional sporting events
locally that are given away at Christmas as part of a raffle;
some are handed out to someone that does good or comes
up with a good idea, you know, puts forth a good effort
that helps move a product forward and the custom er’s
__________________________ happy_____________________________________________
Compensation rates were described by 75% of the SME leaders as benchmarked
against the industrial manufacturing m arket segment for the SME business.
Consequently, the SME leaders were able to draw talent from beyond the local
geographical boundaries. The expanded the knowledge base contributed to employee
retention, minimizing the non-value added costs associated with turnover, and
strengthening the competitive position of the SME.
99
The remaining 25% of SME leaders looked to the local geographical region to
establish compensation rates. The local region was described by these leaders as being
within a Historically Underutilized Business Zone (HUBZone) as defined by the United
States Small Business Reauthorization Act of 1997 (U.S. Small Business Association,
2012). The SME leaders believed the HUBZone contributed to a dim inished talent pool
and lower compensation rates.
Formal education, although desired, was not a requirement for em ployment at any
of the SME locations. In fact, all of the SME leaders expressed the desired trait of a
positive attitude and willingness to learn in a perspective employee, over a conferred
degree with no practical application. A disappointment between formal educational
theory and operational readiness of employees was expressed by 66% of the SME
leaders. Notably missing was apprentice programs in the educational systems. To
compensate for the lack of academically available apprenticeship program s, 58% of the
SME leaders indicated the establishment of internal apprenticeship programs. Careful
pairing of newer employees with the job, and then with a seasoned, experienced learning
partner encouraged knowledge sharing in a safe inclusive atmosphere and expanded
internal talent development.
The SME leaders indicated the success of the SMEs could be found in the
diversity of the workforce, especially in the area o f language skills. Seventy-five percent
of the SME leaders mentioned multilingual plant workers as a positive influence in
establishing standard work instructions and processes. The ability to share knowledge in
more than one language promoted the quality of the production output. A positive
100
attitude among the workers encouraged the workforce to engage in discussions and
support each other.
R esearch Q uestion Q5. How do SME leaders use the discipline o f shared vision
to enhance organizational learning? Interview Questions 1, 5, 7e, 15, and 35 were
designed to address research question Q5. An analysis o f data directed to discover how a
shared vision is translated to enhance organizational learning yielded 114 total responses.
Six themes presented with one theme absorbing 27.19% of the total responses: highest
quality product. The emergent themes, numbers of responses, and corresponding
percentages are presented in Table 12 in descending order o f occurrence. Representative
responses for the dominant theme are presented in Table 13.
Table 12
Research Question Q5: Emergent Themes
Themes N %
Highest quality Product 31 27.19
Economy 23 20.17
Lowest Possible Cost 23 20.17
Communication 22 19.29
Involvement 8 7.02
Demonstration 7 6.14
Total 114 100
SME leaders provided rich descriptions o f the shared vision o f the respective
SMEs. All SME leaders expressed a vision for the highest quality product to be delivered
to the customer. The casual organizational structure was acknowledged by 80% o f the
SME leaders as the foundation for communicating the shared vision to the workforce.
The open, frequent, and honest communication was believed by the SM E leaders to
contribute to the employee ownership of the product being produced. The SM E leaders
101
believed the workforce became willing participants in the execution of the vision when
the importance of the vision was clearly communicated.
Table 13
Research Question Q5, Predominant Theme: Highest quality product
Theme_________ N__________________ Representative Responses_______________
Highest quality 31 They [customers] came to us because they knew the type of
product organization we are and they knew the quality o f our work
They know we have a stable workforce and if we com m it
to doing something we are going to be able to finish the
job. We have very, very little turnover and that fact raises
our quality, makes us more successful, and gives our
customers a better product.
W e have actually got to meet and listen to actual war
fighters and it just puts you in that place that you feel like
you are important for what you make
The quality control is our number one factor in the
company and as long as you go through and keep the
quality there, your customers will come back to you and
__________________________ repeat their business._________________________________
Eighty-percent of the SME leaders ascribed to making a profit while not taking
advantage o f the demand of the customer. The shared vision therefore included integrity
and credibility. The shared vision of the SME leaders aligned with expectations o f the
customers. Operating efficiencies and an increase in the quality of the product were
attributed to the communication and understanding of the shared vision by the workforce.
Research Question Q6. How do SME leaders demonstrate commitment to
enhanced organizational learning? Interview Questions 6 and 7d were designed to
address research question Q6. An analysis of the data focused on the strategies employed
by SME leaders to demonstrate commitment to organizational learning yielded 17 total
responses. Seven themes presented with one theme absorbing 35.06% of the total
102
responses: integrity. The emergent themes, numbers of responses, and corresponding
percentages are presented in Table 14 in descending order o f occurrence. Representative
responses for the dominant theme are presented in Table 15.
Table 14
Research Question Q6: Emergent Themes
Themes N %
Integrity 27 35.06
Understanding 11 14.28
W ork Ethics 11 14.28
Continuous Improvement 9 11.69
Leadership 9 11.69
Patriotism 6 7.79
Value Longevity 4 5.20
Total 77 100
Table 15
Research Question Q6, Prominent Theme: Integrity
Theme_________ N__________________ Representative Responses______________
Integrity 77 W e w on’t lie or mislead by saying, “This other guy is 10%
lower, can you meet or beat t ha t ? . . . W e ju s t don’t do that.
It’s just not in our blood, in our DNA. W e ju st can’t do
t h a t . . . . W e just d o n ’t feel comfortable doing that, and our
suppliers know that we are basically an honest business.
Our leaders demonstrate the desire to understand, convey
to the workforce that what we do really matters. That we
have, in our own way, a sense of serving our country, and
some of us haven’t had the opportunity to do that, so every
time that we have a chance to provide a prim e contractor,
or direct to the U.S. government, a military product that
allows us to keep the United States of America a peaceful
place, that’s critical to each and every one o f us.
Everybody looks at the leaders to make sure we are
standing up to the standards we set for everyone else. . . .
So I can say we lead by example.
103
The responses of the SME leaders converged on the integrity o f the leadership.
Terms such as mutual respect, commitment, and value of longevity were repeated by the
SME leaders. The integrity of the SME leaders was defined as practiced. The SME
leaders exercised transparency in communication and operations. The SM E leaders
described a posture of leading by example.
The workforce was encouraged to bring forth issues so they could be resolved.
Emphasis was placed on a non-punitive atmosphere. Consequently the SM E leaders
believed employee retention was enabled. The SME leaders further expressed the
conviction that employee retention translated to customer retention. Sixty-six percent of
the SME leaders indicated their respective customers had communicated an environment
with stable workforce often factored in the awarding of future contracts.
Employees were encouraged by the SME leaders to participate in local
community, charity, and volunteer opportunities. The participation often occurred during
working hours and 83% of the SME leaders indicated the remuneration o f the employees
were not decremented when such participation accrued during working hours. The
extension of influence beyond the internal organization was a demonstration of
commitment to organizational learning and engagement.
Primary Research Question. The primary research question was: How do SME
leaders responsible for the financial health and survival of an SME enhance
organizational learning in the industrial manufacturing sector? Research questions Q l
through Q6 revealed emergent themes based on the lived experiences of the SM E leaders.
An analysis of the data yielded in excess of 1600 responses which funneled 29
overarching themes. Four dominant themes contributed to the top 52.31% of the total
104
responses. The overarching themes, number of responses and corresponding percentages
are presented in Table 16 in descending order of occurrence.
Table 16
Overarching Themes
Themes N %
Communication A l l 25.33
Learning environment 213 12.63
Compensation 122 7.24
Innovation 120 7.12
Customers 116 6.88
Workforce profile 113 6.70
Strategy 67 3.97
Economy 54 3.20
Government 52 3.08
Highest quality product 52 3.08
Structure 52 3.08
Collaboration 50 2.97
Continuous improvement 39 2.31
Suppliers partners 32 1.90
Employees 27 1.60
Integrity 27 1.60
Lowest possible cost 23 1.36
Education 12 0.71
Experience 12 0.71
Understanding 11 0.65
Work ethics 11 0.65
Governance 9 0.53
Leadership 9 0.53
Flat-lined 8 0.47
Involvement 8 0.47
Demonstration 7 0.42
Patriotism 6 0.36
Value longevity 4 0.24
Union 3 0.18
Total 1686 100.00
Communication. Communication emerged as the first overarching theme and
resulted in 25.33% of the total responses. Various methods o f communication were
employed by the SME leaders to enhance organizational learning. However,
105
spontaneous, face-to-face communication was the preferred methods for 75% of the SME
leaders. The communication method provided a rapid means of translating information
to the workforce where everyone acquired information simultaneously and while the
information was current and relevant. The SME leaders who employed this technique
believed engagement of the workforce contributed to the overall success o f the business.
Organizational structure, open-door policies, and visibility o f the SM E leaders on the
factory floor, were described strategies for executing communication.
The remaining 25% of the SME leaders also subscribed to face-to-face
communication; however the communication opportunities were scheduled, limited, and
not spontaneous. Typically information was presented during bimonthly meetings and
therefore considered delayed. According to the SME leaders, the stagnation in the
translation of information often led to missed opportunities, rumor, and innuendo. The
results were detrimental to the SME Company, the employees, and the customers.
Additional communication practices included the use of multi-mediums. Flat
screen televisions were used by 50% o f the SME leaders to translate goals, metrics, and
safety information to the employees throughout the factory. The use of an external
website was utilized by 75% of the SME leaders. The innovative websites were created
for the convenience of the SME leaders’ customers and suppliers, and contained current
information relative to product experience, process capabilities, and quality standards of
the represented SME.
Learning environment. The learning environment emerged as the second
overarching theme and resulted in 12.63% of the total responses. The SM E leaders
suggested the communication methods employed by the SME established a path for
106
enhanced learning environments. Knowledge sharing among the workforce, cross-
training on various machines and processes, and the general ability to discover were
proposed by 75% of the SME leaders as contributing factors to the creation of a learning
environment. A non-punitive atmosphere where employees were encouraged to raise
issues and concerns without fear of retribution was also acknowledged as conducive to
learning.
Contrary to some of the shared experiences, 10% of the SME leaders offered
limited descriptions of an encouraging learning environment. To the contrary, a
deficiency in formal education among the workforce was cited as a reason for lack of
cross-training. Additionally, although social working luncheons were existent where
employees established and executed the agenda, the SME leaders conceded the
suggestions were rarely implemented. The absence of the required follow-through
dampened the desire of the employees and negated the existence o f a learning
environment.
Compensation. Compensation emerged as the third prominent theme and
resulted in 7.24% of the total responses. The responses o f 100% of the SM E leaders
indicated compensation was used as a means to retain or recruit qualified talent.
Benchmarking beyond the local region to include the market segment was employed by
75% of the SME leaders to establish fair wage and salary levels. Consequently the talent
pool was enlarged and the SME leaders were able to recruit qualified talent from beyond
the local geographical area. The remaining 25% of the SM E leaders indicated they
aligned compensation with the local demographics and did not consider the market
segment when establishing the salary levels. Consequently the depressed economy
107
contributed to a limited talent pool and further stagnation o f the growth of the SME
organization.
All o f the SME leaders indicated the provision of a comprehensive benefit
package which included medical, dental, and vision packages. A company-matched
401(k) was mentioned by 50% of the SM E leaders. Participation in an ESO P was
provided by 25% of the SME leaders.
Innovation. The last prominent theme to emerge was innovation and resulted in
7.12% of the total response. A learning atmosphere, which encouraged idea generation,
sharing, and demonstration, was described by 75% of the SME leaders. Ownership of
patents was expressed by the same 75% SME leaders. Free-form discussion,
brainstorming sessions, and the exploration of emergent ideas in a safe learning
environment were also encouraged by the SME leaders. Consistent with an expanded
learning environment employees were encouraged to interface and com m unicate with
customers and supply chain members. The SME leaders indicated the shared knowledge
and collaboration increased the ability o f the SM E to prepare for the future and sustain
the current economic constraints.
Innovation was described by the remaining 25% of SME leaders as limited at
best. The SME leaders did not seek opportunities for the expansion o f knowledge
contained within the talent. To the contrary, the leaders expressed reluctance to permit
experimentation, citing safety concerns as self-proclaimed justification for stifling the
potential creativity.
108
Evaluation of Findings
The current research study identified 29 overarching themes and four prominent
themes regarding the lived experiences of SME leaders to enhance organizational
learning. In this section, the findings are evaluated in light of existing literature about
organizational learning. The theoretical framework for the study is discussed, followed
by an evaluation of each research question presented in the study.
Theoretical framework. The conceptual framework for the study was
complexity leadership theory. Complexity leadership theory provides a platform for
handling fast-changing markets and rising competition (Uhl-Bien et al., 2007).
According to CLT, leadership should be interactive and dynamic, thereby creating an
atmosphere where action and change will emerge while maintaining flexible
organizations (Uhl-Bien et al., 2007). Leaders, distinctively different from leadership,
are individuals who act in a manner that influences the energy of leadership (Uhl-Bien et
al., 2007).
The existence of naturally emerging leaders is demonstrative o f CLT. Innovation,
learning, adaptability, knowledge sharing, and in some instances, new organizational
forms are easily identified (Uhl-Bien et al., 2007). The context of CLT is the nature o f
dependent and independent relationships among the workforce which contribute to the
survival of the organization and expand the knowledge base (Boal & Schultz, 2007;
Crawford et al., 2009; Uhl-Bien et al, 2007).
The benefits of organizational learning have been noted in innovation and new
product development (Akgun, Lynn, & Yilmaz, 2006), and the strategies employed in
supply chain management (Hult et al., 2002). Additionally, enhancements in
109
organizational learning have been identified as contributing factors within the services
and quality industries (Tucker, Nembhard, & Edmonson, 2007). Similar results have
been noted during market demographic explorations in the retail store arenas (Bell et al.,
2010; Santos, Sanzo, Alvarez, & Vazquez, 2005). However, little thought has been
directed toward determining the benefits of organization learning among commercial
partners in industrial markets (Sanches et al., 2011). The current study has contributed to
CLT by addressing the missing strategies for SME leaders to enhance organizational
learning.
Research Question Q l. How do SME leaders use the discipline of
organizational structure to enhance learning? The findings suggested the organizational
structured was used as a communication mechanism to enhance learning. For example,
the flat-lined organizational structure described by 75% o f the SME leaders was a shift
away from the command-and control paradigm to a participant-centric paradigm. The
described structure invited and encouraged responses from the workforce. The described
structure was consistent with the suggestions of Crawford et al. (2009) who encouraged a
departure from the traditional pyramidal structure and bureaucracies in order to promote
organizational learning.
Crawford et al. (2009) suggested a hierarchical structure served as an influence of
diminished organizational learning. Surprisingly, while the structure described by 25% of
the SME leaders was pyramidal in form, the SME was able to demonstrate rapid
communication and enhanced organizational learning. The described organizational
format had nuances that were appropriate for the particular SME. The nuances translated
the formal structure into that of a casual structure. The transformed hierarchical structure
110
aligned with the Crawford et al. suggestion for a participant-centric paradigm that
complements the traditional pyramidal structure. For example, the SM E leaders were
united with their descriptions of the learning environment created for the benefit of the
employees and the company. Additionally, the organizational structure promoted two-
way conversations and provided accessibility to the decision-making leadership. SM E
leadership was credited for expanding employee communication and empowerment.
The casual atmosphere of the organizational structure contributed to rapid and
direct communication between management and the employees. The rapid and direct
communication was an identifying trait of CLT (Uhl-Bien et al., 2007). The speed o f
communication negated rumor and innuendo, eliminated the opportunity for false
embellishment, and permitted the employees to ask questions minimizing the
understatement of information. The structure coincided with the suggestions of Andert et
al. (2011) that the close proximity o f senior management to the first line performers
promoted organizational learning.
Additional examples of organizational flexibility were demonstrated when
employees were enabled to increase their understanding o f the critical products they
produced and participated in decision making processes. The strategy described reflected
the suppositions of Dierdorff et al. (2011), Elloy (2008), and Gundlach et al. (2006).
Specifically, the scholars suggested when employees took personal ownership in the
produced product, the ownership potentially translated to subsequent organizational
learning.
The casual and open organizational structure fostered knowledge sharing among
employees. The described participant-centric paradigm was considered a return to
I l l
recognizing the value of human capital and associated relationships, as well as the
significance of a shared endeavor (Crawford et al., 2009). Further, the diverse skill mix
and opportunity to communicate with each other contributed to the success of the
company. The workforce was empowered to form working groups for specific self-
identified tasks. Emergent leaders were cultivated. Theoretically the described
empowered, self-emerging working groups demonstrated the existence of CAS defined
by Marion and Uhl-Bien (2001), Uhl-Bien et al. (2007), and Marion and Uhl-Bien (2009)
where groups are self-organized and contribute to organizational learning.
Communication and customer interface were portrayed as im portant knowledge
sharing tools. The organizational structure was deemed responsible for the strong
interaction with customers and minimal disruption to daily business activities. The
strategy described coincided with the suppositions of Uhl-Bien et al.’s (2007) CLT
wherein the interactivities of representatives of a CAS results in adaptability and
learning. The practice described aligned with the theory of Twombly and Shuman (2006).
The scholars believed partnering with customer and supply chain members provided a
tactical exchange medium which resulted in enhanced organizational learning.
Research Question Q2. How do SME leaders support the emergence o f new
ideas? The SME leaders supported the emergence of new ideas by creating an
atmosphere that encouraged employee engagement with each other, with customers, and
with supply chain partners. The learning atmosphere therefore extended beyond the
internal boundaries of the SME.
Creative environments were transparent in the data at three o f the embedded case
sites. At the noted sites the SME leaders not only encouraged employees to engage with
112
each other, the leaders established opportunities for the interactions to occur. For
example, the employees were provided time during the workday to explore new
technologies. The open culture and idea exchanges often resulted in spontaneously
conducted brainstorming sessions. The execution of the brainstormed ideas spawned the
emergence of self-designated leaders. The materialization o f self-designated leaders was
aligned with the theory of CAS described by Uhl-Bien et al. (2007), and Uhl-Bien and
Marion (2009).
The interviewees at the fourth case site acknowledged the im portance of
innovation and described open discussions and brainstorming sessions. However, while
the employee-driven brainstorming sessions had the appearance of em ergent leaders as
defined by the CLT theory of Uhl-Bien and M arion (2009), the participants indicated the
resultant suggestions were rarely implemented. Opportunities for self-em ergent leaders
were limited and CAS described by Uhl-Bien et al. (2007) was not described. Further,
limited evidence was presented indicative o f knowledge sharing and consequently a
learning environment was indiscernible. A lack o f formal education and embarrassment
among peers were offered as reasons for the absence of cross-training opportunities. The
practice described was a contradiction to the theory of Bandura (2007) who propounded
intrinsic reinforcement of pride, satisfaction, and sense of accomplishment occurred with
internal knowledge sharing.
Forward looking, long-term plans and the capital invested in research and
development was cited by all of the SME leaders. Communication with the custom ers, a
focus on markets and technology, and the reliance on the creativeness o f the employees
were depicted as critical to the survival and growth of the company. The SM E leaders at
113
three of the case sites described either lab areas for experimentation or dedicated sections
of the manufacturing floor for use by the employees to exercise creative thought and to
pilot their ideas. One SME leader revealed a model to increase learning had been created
for the site. The model was described as a flow wherein an employee would (a) pilot
their idea, (b) demonstrate its capabilities, (c) show it to others, (d) consider the
suggestions of their peers, and (e) educate the rest of the team. The labs, creativity
sessions, and model were conducive to the emergence o f original ideas and were
subsequently pursued by the company.
The creativity model described was within the realm of CAS defined by Uhl-Bien
and Marion (2009). The flexibility of the model further demonstrated recognition o f the
value of human capital and associated relationships as encouraged by Crawford et al.
(2009). The existence of a similar creativity model was also noted at the site location
where the hierarchical organizational structure had been muted with contem porary
nuances. The existence of the innovative lab at that location was contradictive to the
suppositions of Andert et al. (2011) and Crawford et al. (2009) who believed the
traditional top-down organizational structure stifled creative idea generation. Joo and
Lim (2009) indicated the culture directly affected the intrinsic motivation and
commitment of the employee. The results of the learning suggested the presence o f CAS
and the workings of CLT defined by Uhl-Bien et al. (2007).
The SME leaders were united and considered their respective suppliers and
customers as innovative, knowledge-sharing partners. Twombly and Shuman (2006)
noted leaders who successfully engaged in an exchange of information, collaborative
efforts, and shared vision promoted an atmosphere of enhanced learning. The resultant
affiliations translated to mature and trusting relationships and advanced the competitive
advantage. According to the SME leaders the employees were encouraged to
communicate directly with the customers and suppliers. The direct line of
communication between employees and partners eliminated the time delays frequently
encountered when seeking permission for contact, a further confirmation of the
suggestions of Twombly and Shuman (2006). As suggested in the results and findings of
research question Q l, all interviewees believed the organizational structure provided a
direct communication channel for the SME customers and suppliers. The communication
channel resulted in the rapid transfer o f knowledge potentially expanding the CLT of
Uhl-Bien et al. (2007) beyond the confines of the internal SME.
Research Question Q3. How do SME leaders support knowledge sharing? The
cumulative data from the four embedded case studies suggested SME leaders supported
knowledge sharing through open communication. Descriptive responses expounded on
the previous responses to research question Q l with a reliance on the organizational
structure for rapid and accurate communication of knowledge and information.
Internal knowledge sharing was denoted at all case study sites. The responses
established the SME leaders were technically astute and frequently on the factory floor.
The visibility o f the SME leaders provided communication opportunities for the
workforce to leam from the experience of the SME leaders. The practice described by
the interviewees denoted an example of enabling leadership described by Uhl-Bien et al.
(2007). Additionally, the interaction with the workforce enabled the SM E leaders to
understand the needs and requirements of the workforce. The communication duality
resulted in knowledge convergence.
115
SME leaders at three case sites indicated a variety of continuous improvement
activities had improved the flow of the product through the respective factories. Each
pointed to a creative culture where everyone learned from every mistake made in the
factory. The SME leaders did not permit blame to be placed on an individual; rather,
they desired for lessons learned to be shared across the business. The interviewees
believed the practice promoted knowledge sharing, and subsequently improved the
overall business. The interviewees noted cross-training between departments or
production areas was customary and enhanced overall learning. The described
knowledge sharing was a trait exhibited with the existence of CAS under CLT of Uhl-
Bien et al. (2007).
The responses of the interviewees at three of the case sites provided further
discussion on learning opportunities within the SME. Experiences with peer-to-peer
training and a culture of dynamics were examples cited. The SME leaders expressed the
desires of the workforce to have a psychologically safe environment where they could
attempt to fail in order to learn. The discussions suggested the existence o f an even
distribution of knowledge, a relationship encouraged by CLT of Uhl-Bien et al. (2007)
and addressed by Zittoun et al. (2007).
Similar to the findings of question Q2, the SME leaders collectively portrayed the
relationships with the SME customers as paramount to external knowledge sharing. The
importance o f engaging the customer early in the process and listening to the custom er as
the production ensued was denoted as critical to customer retention. The ability of the
enabling leadership to bolster interactions of organizational CASs to include the strategic
level environmental dynamics of customers and suppliers was a practice theorized by
116
Uhl-Bien et al. (2007). The results described fulfilled the two important purposes for the
CAS to exist as delineated by Uhl-Bien and Marion (2009) (a) to bring information into
the creative atmosphere; and (b) to expand the adaptation capacity of the organization
within the work space and market space environments.
The interviewees referenced numerous examples where the inclusion o f the voice
of the customer was paramount early in the work product flow. One interview ee believed
as much as a 40% reduction in the cost of a product with translated savings to the
customer was achievable through shared knowledge. Listening skills played a critical
role in getting the answer from the customer. The interviewees considered the shared
knowledge with the customer to be of critical importance to the success o f the company.
All SME leaders described shared knowledge efforts between the SM E leaders
and their customers and suppliers. All SME leaders also considered the shared
knowledge with the customer to be of critical importance to the success of the company.
The SME leaders described similar instances of knowledge sharing with the supply chain.
However, the findings revealed at one case site the knowledge shared between customer
and SME leaders; or between supplier and SME leaders; appeared to be overshadowed by
the lack of translation of the shared knowledge from the SM E leaders to the workforce.
For example, one SME leader consistently answered questions by describing individual
actions rather than the collective actions of the team. Further, the absence o f the
transference of knowledge resulted in the inability o f the SM E leaders at that location to
implement the gained knowledge. The atmosphere created by the storing o f knowledge
was contraindicative of CLT defined by Uhl-Bien et al. (2007) and did not follow the
suggested model of Erdogan et al. (2006).
The SME leaders were consistently complimentary o f their customers, and in
particular the customers within the U.S. Department of Defense. The SM E leaders
expressed an understanding for controls and regulations when it came to safety of
personnel. All interviewees believed in providing a safe environment, including the use
o f personal safety equipment for the employees. The interviewees were also
complementary of the local government agencies that provided guidance and inspections
o f the facilities to ensure a safe working environment. However, the SM E leaders were
unified in their descriptions of the collateral effects of government oversight and imposed
regulations.
The SME leaders repeatedly described the intrusion of the federal government
and specific agencies as a hindrance to knowledge sharing and the growth o f business.
Acknowledging the importance of safeguards for a healthy environment, the SM E leaders
believed the elevated rigors of the EPA were not effective and in fact had become cost
prohibitive. The EPA was mentioned as a costly and time-consuming agency wherein the
absence of knowledgeable workers prevented the SME business from obtaining
information in a timely manner. The interviewees further noted other instances where the
federal government had inserted itself in process flow for purposes o f inspections. The
interviewees identified areas where the self-proclaimed inspection processes had been a
hindrance to delivery schedules and impacted deliveries to the military custom er by
weeks or even months. The responses of the SM E leaders were consistent with Piaget’s
(1932) description of constraint, in which individuals were dominated by the pow er of
others with resultant oppressed learning. Further, self-efficacy was com pressed as
cautioned by Bandura (2007) and W agner (2009).
118
Research Question Q4. How do SME leaders use the discipline of talent
management to enhance organizational learning? The cumulative data from the four
embedded case studies suggested SME leaders used compensation as a means of talent
management. The harmony among the leaders indicated talent management was critical
to knowledge sharing among employees and partners.
The SME leaders exercised diligence to understand compensation rates of the
market segment in the geographical region. SME leaders at all four em bedded case sites
noted employees received full benefits including medical, dental, a company-matched
401(k), and tuition reimbursement. SME leaders at one case site also provided an
Employee Stock Option Program (ESOP). The benefit packages were described by the
interviewees of all case sites as instrumental in extending the growth of the business. The
SME leaders were able to enhance organizational learning through the attraction of a
solid talent base founded in fair and equitable compensation. The consensus o f the
interviewees depicted the robust benefits packages offered by the SM E leadership as
above par when compared to the local competition. Consequently, the interviewees
believed the SME leaders were able to build a stable workforce and avoid the costs
associated with high rates of turnover among employees.
Consistent with Argyris (1992) and Senge (1990) who suggested learning
acquisition was dependent upon the uniqueness o f the resource available and the
willingness to learn, the SME leaders depicted an environment with less attention on a
formal education and more emphasis on attitude. Hiring practices were described with a
focus on enthusiasm for learning a new process, an alternative to a conferred degree from
a higher learning institution The strategy employed by the SME leaders was consistent
119
with Tanriverdi and Zehir (2006) who emphasized managing the skills of the internal
workforce and expanding on existing talent.
The SME leaders were descriptive regarding the workforce profiles. The
diversity in ethnicity was attributed to the various geographical locales; however, the
talent within the diversity was accredited to attitude. The interviewees depicted hiring
practices that considered the diversity of the talent pool as an enhancement to
organizational learning. The interviewees focused on the value of attitude and verbal
skills o f the internal talent pool.
The SME leaders indicated the success of the company could be found in the
diversity of the workforce, specifically in the area of language skills. M ultilingual plant
workers were mentioned as a positive influence in establishing standard work instructions
and processes. The ability to share knowledge in more than one language promoted the
quality of the production output. Additionally, a positive attitude among the workers
encouraged the workforce to engage in discussions and support each other. The reliance
upon internal talent was again consistent with the learning theories o f Argyris (1992),
Senge (1990), and Tanri verdi and Zehir (2006).
SME leaders considered the geographical location o f the SM E Company as an
advantage when providing nonfinancial compensation incentives to the workforce. For
example, the SME leaders at one case site established production goals, reviewed the
progress toward meeting those goals with the workforce, and empowered the workforce
to nominate peers for monthly employee awards based on the success of the team. The
awards included tickets to professional sporting events, a much sought after award
according to the interviewees. The use o f nonsalary financial inducements throughout an
120
organization to influence firm-wide emerging leadership, learning capacity, and positive
productivity were theorized by Andert et al. (2011) as a viable organizational learning
strategy.
The interviewees projected the strategy for talent management as one of retention
and promotion from within. The SM E leaders had empowered the workforce to
strategize and make decisions relative to their workflow processes, a trait o f CAS and
CLT (Uhl-Bien et al., 2007). The interviewees agreed the strategy of personal ownership
and empowerment had strengthened the working relationships and prom oted teamwork.
Additionally, the SME leaders were convinced the pride in ownership extended into the
supply chain and aided in collaborative efforts within the chain.
Research Question Q5. How do SME leaders use the discipline o f shared vision
to enhance organizational learning? The cumulative data from the four embedded case
studies suggested the shared vision of the SME leaders was engrained in the daily
operations and standard work performed by the workforce.
Twombly and Shuman (2006) believed leaders who successfully com m unicated a
shared vision gained a competitive advantage. The delivery of the highest quality
product was expressed as part of the shared vision of the SM E leaders. The strategy of
the SME leadership was one of focus on the highest quality product, doing the right
thing, and always listening to the customer. The workforce owned the vision and the
internal organizations were thereby enriched. The ability to continuously deliver the
highest quality product despite the downed economy was attributed to the success of the
SME leaders to openly communicate the shared vision.
The SME leaders ascribed to the recognition of trying to make a profit w hile not
taking advantage of the demand of the customer. The shared vision of the SME leaders
therefore included integrity and credibility. The SME leaders focused on the alignment
of the vision with the expectations of the customers of the company. Operating
efficiencies and an increase in the quality of product are reasonable expectations when
the vision of leadership is shared and align with the theoretical expectations of Andert et
al. (2011), and Twombly and Shuman (2006). Additionally, the results described by the
SME leaders are consistent with and reveal a CAS environment within the organization
as defined by Uhl-Bien et al. (2007).
Research Question Q6. How do SME leaders demonstrate com m itm ent to
enhanced organizational learning? The cumulative data from the four embedded case
studies suggested SME leaders exhibited commitment to enhanced organizational
learning through integrity. The integrity o f the SME leaders was defined as practiced.
The SME leaders were caring, focused on a quality product, did the right thing, and
exhibited transparency in operations. The SME leaders were quick to disclose issues on
the production line to the affected customer. The study participants provided examples
where a perceived psychological contract created a trusting environment and permitted an
employee to disclose a problem rather than hide the issue. The employees were
encouraged to bring forth issues so they could be resolved. Emphasis was placed on not
punishing the messenger. Consequently, the interviewees believed the integrity of the
product, the credibility of the SME leaders, and the reputation of the com pany was
strong. The descriptions of a non-punitive atmosphere are consistent with the
characteristics of alternating leadership described by O ’Sullivan (2009), and provided
122
additional evidence o f the existence of CAS under CLT defined by Uhl-Bien et al. (2007)
within the SME Company.
The SME leaders provided continuous opportunities for the engagem ent o f the
workforce in two-way communications. The interviewees emphasized the efforts of the
SME leaders for rapid communication and transparency. The description was an
example o f CAS described by Uhl-Bien et al. (2007) in a CLT supported environment.
The communication strategy was also consistent with the findings o f subresearch
questions Q l, Q2, Q3 and Q5. The integrity of the SME leaders was another reason for
the low turnover rate within the workforce population. The SME leaders also encouraged
the workforce to participate in local community, charity, and volunteer opportunities and
participated in the activities with the workforce. The extension of influence beyond the
internal organization demonstrated the principles of CLT defined by Uhl-Bien et al.
(2007), and encouraged by Osborn and Hunt (2007). Further, the study participants
provided examples where the SME leaders worked long hours, were willing to assume
roles on the factory floor to assist with increased workload, and therefore earned
credibility with the workforce. The examples of trust, credibility, and psychological
contracts aligned with the constructs defined by Davis and Rothstein (2006) as necessary
requirements for enhanced organizational learning.
Primary research question. How do SME leaders responsible for the financial
health and survival of an SME enhance organizational learning in the industrial
manufacturing sector? The synthesized analysis o f the six research questions suggested
the SME leaders relied upon a combination of strategies to enhance organizational
learning. The strategies incorporated four prominent themes (a) communication, (b)
123
learning environment, (c) compensation, and (d) innovation. The four themes
represented the top 52.31% of the total responses (see Table 16).
Prom inent Theme 1: C om m unication. Communication was characterized as
rapid, unembellished, and where everyone learned information simultaneously. The
delivery method for communication was primarily face-to-face. An instance where
communication was delayed was acknowledged as a hindrance to organizational learning.
The identified methods of first-line communication appeared consistent with the
assertions of Crawford et al. (2009) for the SME companies with flat-lined organizational
structures. However, the rapid communication was unexpected for the case site with the
described hierarchical organizational structure. Contrary to Crawford et al. (2009), who
cautioned traditional command-and-control organizations reduced face-to-face
communication, the SME leaders had compensated for the impediments o f the
organizational structure. The open-door policies o f the SME leaders at the hierarchical
site, the leaders’ visibility on the factory floor, and the time for one-on-one conversations,
dampened the predictions of Crawford et al.’s (2009) findings.
The communication channels extended beyond the boundaries of the internal
organization and were consistent with the exchanges encouraged by Schein (2004).
Innovative, interactive electronic media websites were created for the convenience of
customers and suppliers. The websites provided a communication platform enabling a
blending of the internal and external cultures. Additionally the extended communication
exhibited an offered response to the demands of the respondents to the PwC (2011)
survey for a mutual understanding and an evolved culture.
124
P rom inent Theme 2: The learning environm ent. The learning environment was
acknowledged as critical to enable knowledge sharing. Cross-training on various
machines and processes was common. Advanced training, for example on computer-
driven equipment, was absorbed by a few individuals and subsequently taught to peers
through open engagement. The peer-to-peer training often resulted in collaborative
learning.
The learning environments described were consistent with the theories o f several
scholars. For example, the CLT theory of Uhl-Bien and Marion (2009) indicated
dynamic interaction generated emerging knowledge. Additionally, A ndert et al. (2011),
and deGeus and Senge (1977) believed the encouraged participation in the discovery and
decision-making processes advanced organizational success. Kolb and Kolb (2009)
encouraged observation of peers coupled with experience and reflection as a means of
collective growth for the organization.
Contradictory to the findings at three case sites, limited evidence of an
encouraging learning environment was found at a fourth site. Noting a lack of
education among the employees resulted in embarrassment and in the withdrawal of the
workforce, cross-training was not offered. Consequently knowledge sharing was absent.
The practices referenced were a contradiction of the Bandura (1977, 2007) studies.
Specifically, Bandura (2007) described self-efficacy as means for knowledge expansion.
The resultant intrinsic reinforcements o f pride, satisfaction, and sense o f accomplishment
among peers and from leadership are necessary requirements for organizational learning.
The mindset of leadership at the particular site contributed to the lack of enhanced
knowledge.
125
P rom inent Them e 3: Compensation. Compensation, including benefit packages,
was used as a talent management tool at all four case study sites, although the approaches
and use of compensation, and the ultimate results were somewhat different. The
philosophy of Tanri verdi and Zehir (2006) suggested the basis for compensation should
be engrained in the market segment, extend beyond the local boundaries, and should
commensurate with the extended employee effort. However, the findings revealed an
understanding of market segment versus local geographical region was not well
understood at all sites.
The compensation rates of the respective market segments and geographical
regions were understood by the SME leaders at three locations. Employees were
therefore provided comprehensive benefits including medical, dental, and vision
packages commensurate with the market segment competition. Additionally, the
employees at two sites were provided with company-matched 401(k) savings programs.
The employees at a third site were provided with an ESOP, described as a rare practice
for an SME company and unusual for the geographical location of that site. The
compensation packages offered exceeded the local competition.
Standard compensation of wages, comprehensive benefits, 401k and ESOPs, were
supplemented by two sites with end-of-the-year bonus packages. The bonuses were based
on production goals and were peer nominated and selected. The successful practice of
peer-selected awardees was contradictive to the statistics of the IPS&UFE (2007) study,
which posited teamwork and cooperation were negated by internal competition. The
practice further contradicted the supposition of Schein (2004), who noted a team would
only act together when it was time for recognition. The dispelling metrics indicated
126
continuous on-time deliveries, high quality of product, customer satisfaction feedback,
renewed or extended contracts, and overall continuous growth of the companies.
The effects o f compensation were inconsistent at a fourth site. W hile
compensation was a means to retain talent, the basis for compensation was the
demographic location of being in a HUBZone and relied solely upon the local market
segment for reparation alignment. The focus on the demographic location did not
account for market segment, competition, and was not based on talent. The lack o f formal
education of the employees resulted in an isolating mechanism of human capital
entrapment raised by Campbell et al. (2012). Consequently a diminished sustained
competitive advantage resulted. Hult et al. (2007) predicted the spiral created by the lack
o f education and isolated compensation packages. Additionally, Ghemewat and
Cassiman (2007), and Adner and Zemsky (2006) predicated the resultant stagnation
foreshadowed by the lack of alignment with management guidelines.
Similar to the previous sites, a comprehensive medical, dental, vision, and 401(k)
savings program were available to the employees. However, participation in the 401(k)
program was described as anemic. The financial positions of the employees and the lack
o f discretionary income were believed to be the cause o f the lack of participation in the
program. Although publicized as above-par compensation for the area, the compensation
package did not attract skill outside of the HUBZone boundary.
P rom inent Theme 4: Innovation. Examples of innovation were abundant at three
o f the embedded case sites. Learning atmospheres that encouraged internal idea
generation, sharing, and demonstration were profuse. D ata collection revealed the
ownership o f multiple patents as a result of employee creativity. The internal
127
development of innovative technology without the specific inclusion o f external sources
was a contradiction of the supposition of the PwC (2011) participants who believed
external sources had to be included for innovation to occur. The learning atmospheres
and subsequent creativity conformed to the absorption and transference o f knowledge
theory of Tanri verdi and Zehir (2006), and the CLT theory o f Uhl-Bien and Marion
(2009).
Knowledge beyond the realm of the internal organization was sought after and
encouraged by SME leaders at three of the sites. Free-form discussion, brainstorming
sessions, and exploring the emergent ideas of the workforce in collaboration with the
external customer was evident. The inclusionary activities conformed to the conjecture
of the PwC (2011) participants. Subscribing to the theory described by Cui and
O ’Connor (2012), the customers and supply chain, were considered innovative partners
in the comprehensive exploratory sessions.
The SME leaders at the remaining embedded site did not demonstrate innovation.
The mantra for the site was one of demographic depression and stagnation. Predicated by
the limited evidence of an encouraging learning environment, lack o f cross-training, and
focus on the local market segment, innovation was not prominent. Limited evidence o f
innovation existed in a low percentage of the company’s portfolio. Consequently, the
streamlined processes that resulted from any creative thinking were not applicable to the
bulk of the business and therefore did not contribute to the viability o f the site. The
consequences of not subscribing to the theory of Cui and O ’Connor (2012) and
Tanriverdi and Zehir (2006) were suffered. Additionally, the absence of a CAS structure
as promoted by Uhl-Bien and Marion (2009) was apparent and detrimental.
128
R em aining em ergent themes. The emergent themes of communication, learning
environment, compensation and innovation constituted 52% of the 1,686 total responses
and dominated the top of the total 29 emergent themes. The resultant four prominent
themes have been discussed in detail. A secondary review o f the rem aining 24 emergent
themes was conducted.
The explication of the remaining 24 themes was indicative o f an intertwining o f
four themes (a) customers, (b) workforce profile, (c) highest quality product, and (d)
integrity. For example, the emergent theme of highest quality product was connected to
the customer. The SME leaders stressed the importance of producing the highest quality
product by focusing on the intended use of the product by the end user customer.
Further, the SME leaders believed the creation of safe atmospheres for the workforce
contributed to the production of the highest quality product
Non-punitive environments were found to be present at several of the sites and
provided a platform for the safe disclosure of mistakes when made. The open and direct
dialog with the customer under those circumstances provided learning opportunities for
all concerned. The workforce profile included individuals who thrived in the safe
atmosphere.
The integrity o f the individual was applauded and translated to the trust of the
customer in the SME Company. Consequently discussion was abundant, knowledge
sharing prevailed, and metrics documented the success of the implemented model for the
three sites. The described model and implementation strategies confirmed the predictions
of the Uhl-Bien et al. (2007) and Marion (2009) CLT studies.
129
The integrity of the SME leaders was prevalent throughout the interview and data
analysis processes, and demonstrated a linkage to the workforce and customer. The lead-
by-example philosophies exhibited by the SME leaders were an example of practiced
integrity. The leaders were described as honest, transparent and forthcoming. Further,
the leaders were described as respectful toward the customer, each other, and the
employees. The integrity of the leadership translated to the integrity o f the product. The
characterization of the SME leaders was consistent with the linkage o f leadership values
and organizational outcomes portrayed in the Berson et al. (2008) study.
Strategies: The SME leaders appeared to utilize the prominent themes to
construct strategies for. their respective sites. The prominent themes when used in
combination contributed to the enhanced organizational learning o f the represented case
site. The emergent strategies employed by the SME leaders at the embedded study sites
and the theoretical inference from the findings appears in Table 17.
The interviewees provided detailed and numerous responses, and valuable insight
to the practices and business rhythms of the respective SME leaders and case study sites.
The responses of the interviewees illustrated the key strategies used by SM E leaders to
enhance organizational learning. The strategies included (a) use of the organizational
structure to promote rapid and open communication; (b) creation o f learning
environments and creativity spaces; (c) compensation appropriate to m arket segment; (d)
innovation; and (e) transfer of knowledge.
130
Table 17
Strategies to Enhance Organizational Learning and Theoretical Inference
Strategy Site A Site B Site C Site D
Organizational structure Flat-lined Flat-lined Hierarchical Flat-lined
Communication
Open Yes Yes Yes Yes
Rapid Yes Yes Yes No
Face-to-face Yes Yes Limited Limited
Knowledge sharing Yes Yes Yes Limited
Innovative Yes Yes Yes Limited
Compensation Market Market Market M arket
competitive competitive competitive limited
Enhanced learning Yes Yes Yes Limited
environment
Theoretical inference
Utilization of CAS Yes Yes Yes Limited
Ability to thrive Yes Yes Yes Questionable
The findings indicate rapid and open communication was enabled through an
organizational structure with a shift away from the command-and-control paradigm to a
participant-centric paradigm (Crawford et al., 2009). The creation o f a learning
environment wherein knowledge was shared, experimentation was perm itted, failure was
not punitive, and self-emerging leaders were prevalent (Uhl-Bien & M arion, 2009).
Compensation was used to manage talent and was indicative of market segment
(Tanriverdi & Zehir, 2006). The strategy for innovation was prevalent and used to
promote knowledge sharing internal to the SME among the employees, and extended
externally to the customer based and supply chain. The rapid transfer o f knowledge
exemplified the CLT of Uhl-Bien et al (2007).
131
Summary
The purpose of the study was to explore and identify possible strategies that may
increase organizational learning at SMEs and subsequently aid in sustaining economic
competitive status. The impetus of the study was the prim ary research question: How do
SME leaders responsible for the financial health and survival of an SME enhance
organizational learning in the industrial manufacturing sector? Research questions were
analyzed and resulted in emergent themes and strategies relative to the primary research
question.
Results were derived from data collected during in-depth interviews of 12 SM E
leaders at four embedded case sites. The embedded design was used to increase the
internal validity of the findings and to allow for the subsequent embedded case synthesis
(Voss et al., 2002; Yin, 2009). Themes emerged through the rich descriptions, opinions,
and perceptions of the interviewees. The researcher had no preconceived expectations of
the number o f emergent themes prior to the study.
Following the synthesized analysis of the results, the findings were presented. The
findings indicated the SME leaders relied upon a combination of strategies to enhance
organizational learning. The strategies incorporated four prominent themes (a)
communication, (b) learning environment, (c) compensation, and (d) innovation.
The strategies included rapid and open communication enabled through an
organizational structure with a shift away from the command-and-control paradigm to a
participant-centric paradigm (Crawford et al., 2009). The creation of a learning
environment wherein knowledge was shared, experimentation was permitted, failure was
not punitive, and self-emerging leaders were prevalent (Uhl-Bien & M arion, 2009).
Compensation was used to manage talent and was indicative of market segment
(Tanriverdi & Zehir, 2006). The strategy for innovation was prevalent and used to
promote knowledge sharing internal to the SME among the employees, and extended
externally to the customer based and supply chain. The rapid transfer o f knowledge
exemplified the CLT of Uhl-Bien et al (2007).
The results were interpreted with respect to the theoretical fram ework o f complex
learning theory defined by Uhl-Bien et al. (2007), Uhl-Bien and Marion (2009), and other
relevant theories defined in Chapter 2. The findings identified demonstrated the
existence o f CAS and CLT at the thriving sites. No evidence indicating a duplication of
prior research was found. Chapter 5 discusses the implications, recommendations and
conclusions.
133
Chapter 5: Implications, Recommendations, and Conclusions
The research study addressed the problem that in the current economic decline a
sound strategy for SME leaders to increase organizational learning capacity does not exist
(Fulton & Hon, 2009; Garcfa-Morales et al., 2007). Deficiencies in organizational
learning became apparent through a 24% reduction in organizational sustainability when
leadership did not address organizational learning capacity (USDLBLS, 2010b).
Business leader respondents acknowledged the strategy was missing (Burke, 2008; PwC,
2011). Academics concurred with the business leaders’ conclusions that a sound strategy
for SME leaders to increase organizational learning did not exist (Fulton & Hon, 2009;
Garcfa-Morales et al., 2007).
The purpose of the qualitative multiple-case study was to explore and identify
strategies that may increase organizational learning and subsequently aid SM E leaders in
sustaining an economic competitive status. The results o f the study provide experiential
data about strategies used by SME leaders to enhance organizational learning. Further,
the results of the study contribute to the learning theory body of knowledge outside the
realm of classroom learning and applicable to SM E leaders in the industrial
manufacturing industry.
The focus of the study was on the lived experiences o f SME leaders involved with
enhancing organizational learning. A qualitative multiple-case study approach was
appropriate because the problem was contemporary and the researcher could not
manipulate the behaviors of the SME leaders. The data generated from the opinions and
134
experiences of the case study interviewees provided information relative to strategies
employed by SME leaders to enhance organizational learning.
The pattern of the research design was similar to Y in’s (2009) multiple-case
embedded design. The multiple-case-study design increased the internal validity of the
findings and allowed for cross-case synthesis (Voss et al., 2002; Yin, 2009). Further, the
multiple-case design was idyllic for collecting the robust aspects of a social system found
in CAS (Caniels & Romijn, 2008; Shank, 2006; Uhl-Bien et al., 2007; Yin, 2009).
The steps taken for the research study included (a) identifying a contem porary
problem involving social significance, (b) conducting a comprehensive review of the
literature and identifying a gap in the theoretical framework of learning theory, (c)
establishing criteria filters to identify appropriate case-study site participants, (d)
developing and obtaining case-study site and interviewee participant agreements
consistent with ethical research and the guidance o f the IRB, (e) developing an interview
protocol set of questions guided by the primary research question to provide consistency
between interviews, (f) conducting lengthy person-to-person interviews, (g) analyzing the
data for emergent themes, (h) reporting the results and findings for the individual
embedded case-study sites, and (i) conducting a synthesis of the results and reporting the
findings. The study design used a three-phase design defined by Yin (2009). The
structure provided organization and flow for the multiple-case-study process as well as
separation of the individual cases until synthesis was appropriate. The flow of the design
appeared in Figure 7.
Limitations to the study included the potential for the researcher to introduce bias
during the interview process. Consequently, the researcher relied upon the interview
135
protocol questions to extract data to answer the research questions posed. The utilization
o f an audio recording device during the interviews subsequently assisted to minimize
conjecture of the transcribed words during the data analyses phase. Further, NVivo 9 was
used to depict themes within the interview responses at the respective em bedded sites.
The researcher was therefore able to focus on the patterns, similarities, and differences
within the respective SME leaders’ responses.
A second limitation noted was the possibility that SME leaders would not be
honest in their responses, but would answer based upon their perception o f what the
researcher was seeking. Additionally, or alternatively, the SME leaders would answer
based upon their perception o f how other SME leaders were responding. The researcher
took great care to ensure the interviewees understood the nature and confidentiality o f the
study, enabling them to be honest with their opinions and personal experiences.
A third limitation was the constraint of time and possible interference with normal
production operations. The geographical dispersions o f the embedded sites required
extensive travel to conduct the face-to-face interviews. The researcher sought advanced
permission, and coordinated site visits at the convenience o f the respective SME leaders
thereby ensuring minimal disruption to the normal business rhythms o f the embedded
sites and SME leaders.
The research study involved strict adherence to the guidelines of Northcentral
University’s IRB and suggestions of the Collaborative Institutional Training Initiative,
which relied on the Belmont report (U.S. Department o f Health, Education, & Labor,
1979). Approval was sought and received by the IRB to conduct research with human
respondents. No data collection activities were conducted until the IRB reviewed and
136
approved the study and granted permission to proceed. The study involved no physical
dangers. Additionally, each interviewee was notified o f the purpose o f the study, and
was given the opportunity to not participate. A consent form following the guidelines of
NCU was executed by each interviewee. The interviewees were given the ability to ask
questions, provide additional comments, and voice any concerns with regard to the study
before the commencement of the interview. The interviewees were provided the same
opportunities during and post interview.
The remainder of this final chapter provides a discussion o f the implications of
the logical conclusions to be drawn based on the findings o f the study, and is organized
by research question. Recommendations for application by the SME leaders within the
industrial manufacturing sectors and recommendations for future studies are included.
Finally, a summary of the chapter and the research is presented.
Implications
The purpose of the study was to explore and identify strategies that potentially
increase organizational learning and therefore aid SME leaders in sustaining an economic
competitive status. The benefits of increased organizational learning are well established
in the realm of education and in larger corporations (Hakala, 2011; Sanches et al., 2011).
Leaders of SMEs recognize the need to collaborate with commercial partners but may
lack the strategy to engage. The limited focus given to commercial partners is on larger
corporations with no mention of the SME sector. The need for SME leaders to embrace a
strategy for increasing organizational learning is well established (Burke, 2008; Fulton &
Hon, 2009; Garcfa-Morales et al., 2007; PwC, 2011).
137
The analysis o f the data, the explicated results, and the emergent themes presented
in the findings provided several implications for this research study which are supported
by the literature. The implications are presented first at the question level. A synopsis
of the implications is subsequently presented for the primary research question.
Research Question Q l. How do SME leaders use the discipline of
organizational structure to enhance learning? The synthesis of data propounded by the
responses of the interviewees to research question Q l implied organizational structure
had a significant impact on organizational learning. The implementation of a flat-lined
organizational structure for three of the sites was a departure from the classic hierarchical
organizational structure. The flat-lined structure at two of the three sites reportedly
created a casual atmosphere, and therefore promoted open communication and
knowledge sharing among the employees. Communication was described as rapid, direct,
and void of false embellishment or understatement of information.
The implication from the findings was a preference on behalf o f the employees
and the SME leadership for face-to-face communication. The implication aligns with
several recent studies. For example, Robinson and Stubberud (2012) noted university ,
students are highly involved with using advanced technology methods such as texting,
social networking, and e-mail. However, the researchers noted the preferred method for
learning by those same university students was face-to-face communication and
interaction. Pentland (2012) confirmed the preference.
Although the flat-lined organizational structure was evident at a third site, the
SME leaders did not take advantage of the casual organization to instill rapid
communication with the workforce. Face-to-face communication was evident, but was
138
scheduled on a biweekly basis rather than spontaneous. Consequently the lag in
communication resulted in lethargic organizational learning.
The SME leaders at the fourth case site continued to subscribe to the traditional
hierarchical organizational structure. However, in spite o f the traditional structure, the
SME leaders had taken steps to minimize the formality of the structure. Level loading of
the work burden across middle management provided an offset approach that provided
the workforce with accessibility to the SME leaders. The implication suggests the focus
on rapid and continuous communications with the workforce contributed to an open and
responsive atmosphere. Spontaneous, face-to-face communication was enabled.
The implications are consistent with the literature and suggestions o f Crawford et
al. (2009) who encouraged a departure from the traditional pyramidal structure and
bureaucracies in order to promote organizational learning. Additionally, the rapid and
direct communication described by the SME leaders is an identifying trait o f CLT (Uhl-
Bien et al., 2007). Lastly, the flat-lined structure coincided with the suggestions of
Andert et al. (2011) that the close proximity o f senior management to the first line
performers promoted organizational learning.
The data analysis and rich descriptions implied the presence o f CAS as described
by Uhl-Bien and Marion (2009). Self-emergent leaders were evident, a trait o f CLT
(Uhl-Bien & Marion, 2009). The internal business acumen o f the employees was
expanded through communication and supported the findings of Sanches et al. (2011)
who insisted organizational learning was the basic platform to advance the business
posture.
139
R esearch Q uestion Q2: How do SME leaders support the emergence o f new
ideas? The synthesis of data propounded by the responses o f the interviewees to research
question Q2 implied learning environments could be created. The nontraditional
organizational structures created a casual atmosphere and established a workspace for
hands-on learning, demonstrations, and development of ideas and creativity. The
implication coincides and fits the findings of Akgun et al. (2006) in the realm o f new
product development. The lack of individuals with advanced degrees did not stifle
innovation. The ownership of multiple patents demonstrated the existence o f internal
innovation.
The SME leaders acknowledged the importance of employee input and problem
solving responsibilities. The SME leaders noted the workers were more engaged and
subsequently more creative when included in the decision making process.
Consequently, the inclusion of the employees in the decision making processes spawned
self-designated leaders. The inclusion of the workforce in decision making processes
subscribed to and fit within the philosophies of Kolb and Kolb (2005), M oran (2008), and
Wong and Cheung (2008). The materialization o f self-designated leaders was aligned
with the theory of CAS described by Uhl-Bien et al. (2007), and Uhl-Bien and M arion
(2009).
A further implication was presented through the creation of a model to increase
learning at one of the sites. The model was described as a flow wherein an employee
would (a) pilot their idea, (b) demonstrate its capabilities, (c) show it to others, (d)
consider the suggestions o f their peers, and (e) educate the rest of the team. The labs,
creativity sessions, and model were conducive to the emergence of original ideas and
140
were subsequently pursued by the company. The creativity model described was within
the realm o f CAS defined by Uhl-Bien and Marion (2009). The flexibility o f the model
further demonstrated recognition of the value of human capital and associated
relationships as encouraged by Crawford et al. (2009). The culture directly affected the
intrinsic motivation and commitment o f the employee and fit within the findings o f Joo
and Lim (2009).
The implication that a constrained environment suppressed organizational was
demonstrated at one of the sites. The SME leaders at the specific location indicated
employee-driven brainstorming sessions had the appearance of emergent leaders as
defined by the CLT theory of Uhl-Bien and Marion (2009), but indicated the resultant
suggestions were rarely implemented by the leaders. Opportunities for self-emergent
leaders were therefore limited and CAS described by Uhl-Bien et al. (2007) was not
established. Further, limited evidence was presented indicative of knowledge sharing and
consequently a learning environment was indiscernible.
Research Question Q3: How do SME leaders support knowledge sharing? The
synthesis of data propounded by the responses of the interviewees to research question
Q3 implied the open and direct communication channels with the custom er served to
maintain on-time deliveries of the highest quality product. The implication coincides
with similar findings in the services industries by Tucker et al. (2007). The interviewees
considered the strong customer relationships as a means for enhanced organizational
learning and cited face-to-face collaboration as a means to long-term survival. Cross-
training, observations, and reflection were learning tools described by the interviewees.
141
The findings implied multi-lingual employees enhanced organizational learning.
Noted language barriers were considered an asset for the SME leaders who capitalized on
the language diversity as a means of cross-training and internal knowledge sharing.
Workforce ownership of problems appeared to strengthen the relationships within the
CAS as described by Uhl-Bien and M arion (2009) at three of the sites. Additionally, the
interviewees described the social interactions required for developing individual learning
capacity described by Zittoun et al. (2007).
Research question Q4: How do SME leaders use the discipline o f talent
management to enhance organizational learning? The synthesis of data propounded by
the responses of the interviewees to research question Q4 implied the management o f
talent was a critical component to organizational learning. Retention and competitive
status also contributed to organizational learning. Talent management and compensation
could be managed through the provisions of open communication and enhanced learning
atmospheres. The findings acknowledged multiple examples of the acquisition of new
hires through the recommendations of existing employees. The lure for the new
employee required nothing more than the contentment o f the current m em ber of the team.
A significant implication was that of examining compensation and talent in
relationship to the market segment of the SME Company versus the local geographical
market. Three sites focused talent acquisition and retention based on m arket segment.
Compensation packages were reflective o f the market segment. Consequently, those sites
experienced limited issues with talent management. The strategy em ployed by those SME
leaders was consistent with the philosophy of Tanriverdi and Zehir (2006) who suggested
142
the basis for compensation should be engrained in the market segment, extend beyond the
local boundaries, and should commensurate with the extended employee effort.
Contrary to the suggestions of Tanri verdi and Zehir (2006) the SM E leaders at
one site focused on the demographic location and did not account for m arket segment.
Additionally compensation was not based on talent. Consequently the lack o f formal
education of the employees resulted in an isolating mechanism of hum an capital
entrapment raised by Campbell et al. (2012). Further, a diminished sustained competitive
advantage resulted. Hult et al. (2007) predicted the spiral created by the lack of
education and isolated compensation packages. Additionally, Ghemewat and Cassiman
(2007), and Adner and Zemsky (2006) predicated the resultant stagnation foreshadowed
by the lack of alignment with management guidelines.
Research question Q5: How do SME leaders use the discipline o f shared vision
to enhance organizational learning? The synthesis of data propounded by the responses
o f the interviewees to research question Q5 implied the shared vision of the SME leaders
was engrained in the daily operations and standard work performed by the workforce.
The implication was consistent with Twombly and Shuman (2006) who believed leaders
who successfully communicated a shared vision gained a competitive advantage.
A further implication of the findings indicated reliance upon diversification in a
program portfolio was a significant contributing factor to the stability of the SME. The
interviewees described forward thinking and ongoing plans for continued developm ent of
social interaction, continuous learning, and workforce emerging leaders. The results
described by the SME leaders are consistent with, and im plied a CAS environment within
the organization as defined by Uhl-Bien et al. (2007).
143
Further, the interviewees provided a description of a platform for handling a fast-
changing environment as suggested by Smith and Graetz (2006). The ability to maintain
a flexible and responsive organization contributed to enhance organizational learning as
suggested by Boal and Schultz (2007). Operating efficiencies and an increase in the
quality of product are reasonable expectations when the vision of leadership is shared and
aligned with the theoretical expectations of Andert et al. (2011).
R esearch question Q6: How do SME leaders demonstrate com m itm ent to
enhanced organizational learning? The synthesis of data propounded by the responses of
the interviewees to research question Q6 implied SME leaders communicated their
strategy to the workforce and demonstrated the strategy through their actions. Through
the creation of a noncompetitive atmosphere, the SME leadership fostered self-emergent
leaders, which are a required trait of a natural CAS as defined by Uhl-Bien et al. (2007).
P rim a ry R esearch Q uestion: How do SME leaders responsible for the financial
health and survival of an SME enhance organizational learning in the industrial
manufacturing sector? The synthesis of the questions provided insight to possible
answers to the propounded question. The findings presented several strategies used by
the SME leaders to enhance organizational learning. The implication of the described
strategies easily translates beyond the current study and theoretically aid SM E leaders
throughout industry.
The basis for the theoretical framework for the research was learning theory.
Specifically, the research study included a reliance on the perspective of the CLT o f Uhl-
Bien et al. (2007). The site participants consistently described the interactive dynamics
144
o f the organizations and demonstrated the existence of CAS as described by Uhl-Bien et
al. (2007), and expanded by Uhl-Bien and Marion (2009).
The implication of the findings transitive the expectation that Case Sites A and B
will continue to survive and subsequently thrive as SME entities. Further, Case Sites A
and B provided a basis for controlled growth and the flexibility to mature beyond the
realm of SME status. The implications suggest the SME leaders have determ ined
organizational learning has promoted the growth o f the company, and the shift away from
SME status is in the best interest of the overall business.
The implications from the findings further suggest Case Site C has also thrived in
spite of the difficult economic atmosphere. The SME leaders indicated Case Site C has
acquired futuristic contracts, anticipated a rise in headcount, and will soon convert from
the current SME classification to that of a large business entity. The im plication suggests
the status change was due in part to enhanced organizational knowledge, custom er and
supplier collaborative innovations, and the encouragement of self-emergent leaders.
The findings suggested the lack of an enhanced learning environment at Case Site
D. The implication raises concerns regarding the survivability of the case study site. The
limited existence of the critical components of innovation and knowledge sharing were
disconcerting. The contentment of existence as a HUBZone business indicates a need for
further investigation. The constrained and controlled environment appeared to contribute
to the limited existence of CAS. CLT was not established. The concerns project as a
signal of stagnated advancement.
145
Recommendations
Review and clarification of the synthesis o f data, emergent themes and theoretical
strategies led to four recommendations. Current SME leaders face burdens that differ
from the CEOs of large corporations (Harris, 2009). A sound strategy for SM E leaders to
increase organizational learning is necessary (Fulton & Hon, 2009; Garcia-M orales et al.,
2007; PwC, 2011). The implementation of the recommended strategies may increase
organizational learning and subsequently aid SM E leaders in sustaining an economic
competitive status.
Recommendation 1: Face-to-face communication. The recommendation is for
SME leaders to consider an organizational structure that promotes face-to-face
communication as a primary means of communication. Implications o f the study
suggested the SME leaders who implemented a flat-lined organizational structure
promoted rapid communication and consequently increased organizational learning.
Confirmed by Robinson and Stubberud (2012) and Pentland (2012), face-to-face
communication is the preferred method in spite o f the advanced technology methods of
social networks.
Recommendation 2: W orking environments. Leaders of SMEs must establish
working environments that are conducive to learning. The recommendation is for SME
leaders to establish a business rhythm and encourage creativity sessions. The SME
leaders should participate in prioritizing the generated ideas, but the voice o f the SME
leaders should be an equal vote, not a controlling vote. The SME leaders must provide
financial funding, time, and resources to allow for the successful implementation of the
generated ideas. The recommendation is substantiated by the implications which
146
suggested shared knowledge, innovation, and the learning environment were critical
strategies for organizational learning. Employees must be able to engage with their peers
in other internal organizations. Engagement with peers is the second most important
form o f communication (Pentland, 2012).
Recommendation 3: Knowledge base. The third recommendation is for SM E
leaders to extend the knowledge base beyond the internal boundaries of the organization.
External collaboration could be perfected through the attendance or hosting of
conferences in conjunction with customers and supply chain participants. Literature,
workshops, activities, techniques, and interface opportunities should be accessible during
the conference to enable knowledge transfer. The newfound knowledge and experiences
should subsequently be shared with the workforce.
Literature suggested the transfer of knowledge was best accomplished on a peer-
to-peer level (Dierdorff et al., 2011; Elloy, 2008; Gundlach et al., 2006; Pentland, 2012).
Therefore, to expound upon the recommendation, representative peer-nominated
members o f the workforce should participate in the conferences. The recommendation
aligns with the implications of the study which suggest innovative platforms are provided
through external collaboration with customers and supply chain members. Lindgren
(2012) conducted a study on SME business model innovation and indicated most SM E
leaders focus on the internal value chain, thus abandoning the external potential o f the
SME Company. External reach-out is therefore a critical component to enhancing
organizational learning.
Recommendation 4: PwC CEO Annual Conference. The fourth
recommendation is to present the study and subsequent results at the next PwC CEO
147
Annual Conference. The presentation could provide the initial strategies for leaders to
consider when enhancing organizational learning. The ensuing dialogue could provide
leaders of large companies with an understanding of the importance o f collaborative
efforts within the SME community in sustaining an economic competitive status. The
CEO conference attendees should consider serving as an additional community for
further study and expansion of the exploration of Uhl-Bien and M arion’s (2009) CLT
theory.
Recommendation 5: Future Studies. The research study disclosed some of the
strategies for SME leaders to increase organizational learning capacity. The study
produced recommendations for the SM E leaders to improve communication, increase
innovation, and create learning atmospheres. The recommendations were validated
through embedded case synthesis and by comparing the results with prior literature.
The research study was limited by financial resources, time, and sample size, but
the study data and recommendations are valid and may be useful for future research
efforts. Future qualitative and quantitative research concerning enhanced organizational
learning in the SME workplace is necessary. The current research study should be
repeated and expanded to another sample of SMEs within the aerospace defense and
automotive industries.
A second repeat of the study should include the workforce employees o f the SME
leaders. The adjustment in interviewee population could assist in identifying or negating
any variance in the current study findings due to SME leader self-perceptions. The
implication of CAS and CLT among the workforce from the perspective o f the workforce
148
would further contribute to theoretical suppositions of CAS and CLT as defined by Uhl-
Bien and Marion (2009).
The study should move beyond the SME industrial and manufacturing industry.
Therefore, repeating the study using a sample of SMEs in the service industry would
provide additional insight and expansion of Uhl-Bien and Marion’s (2009) CLT.
Specifically, an examination of organizational structures and the subsequent influence of
those structures on communication within a service industry may further advance the
literature positions and the CLT theory.
Finally, a quantitative study with a larger sample size aimed at testing the findings
o f the current study would add to the literature. The current economic dynam ics continue
to restrain business in general and are specifically taxing on the SMEs. The existence of
a critical part of the economic structure warrants additional exploration into strategies
which promote organizational learning and the subsequent survival o f the SMEs.
Conclusions
The problem addressed was in the current economic decline, a sound strategy for
SME leaders to increase organizational learning capacity did not exist (Fulton & Hon,
2009; Garcfa-Morales et al., 2007). The purpose of the qualitative m ultiple-case study
was to explore and identify strategies that may increase organizational learning and
subsequently aid SME leaders in sustaining an economically competitive status.
Strategies were identified and the purpose o f the study was accomplished.
A major result of the study and data analysis was the production o f experiential
data leading to identified strategies and subsequent recommendations for enhancing
organizational learning capacity. The responses to the research questions answered the
overarching primary research question: How do SME leaders responsible for the financial
health and survival of an SME enhance organizational learning in the industrial
manufacturing sector? The implications o f the study suggested SME leaders used
combined strategies to promote organizational learning. In general, a flat-lined,
nontraditional organizational structure is used to promote open communication and
knowledge sharing among employees. Communication filters beyond the internal walls
of the company and must include the triad of supply chain and customers in order to
succeed. However, it must be noted the strategy o f communication is strengthened when
coupled with additional strategies of a created learning environment that promotes
innovation and provides time for said creativity.
The general overarching conclusion of the study supports CLT of Uhl-Bien et al.
(2007), and Uhl-Bien and Marion (2009) noting individuals thrive when a learning
environment is created. When CLT is present, natural leaders emerge in multiple
situations in the SME institutions of the industrial manufacturing sector. Finally, the
research study contributes to the overall body of knowledge of learning theory
specifically advancing the CLT beyond the sphere of education and acknowledges the
existence of CLT in the industry setting.
150
References
Adner, R., & Zemsky P. (2006). A demand-based perspective on sustainable competitive
advantage. Strategic M anagement Journal 27, 215-239. doi: 10.1002/smj.513
Akgun, A. E., Lynn, G. S., & Yilmaz, C. (2006). Learning process in new product
development teams and effects of product success: A socio cognitive perspective.
Industrial Marketing Management, 35, 210-224.
doi: 10.1016/j.indmarman.2005.02.005
American Bankruptcy Institute. (2009, June 9). Total bankruptcy filings increase nearly
35 percent over first quarter 2008: Business filings jump over 64 percent.
Retrieved from http://www.abiworld.org/AM /Template.cfm?Section=Business
_Bankruptcy_Filingsl&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLI
D=59&ContentED=36301
Andert, D., Platt, A., & Alexakis, G. (2011). Alternative, grassroots, and rogue
leadership: A case for alternating leaders in organizations. Journal o f Applied
Business Research, 27(2), 53-61. http://joumals.cluteonline.com/index.php/JABR
Area, J. G., & Prado-Prado, J. C. (2008). Personnel participation as a key factor for
success in maintenance program implementation: A case study. International
Journal o f Productivity and Performance Management, 57, 247-255.
doi:10.1108/17410400810857257
Argyris, C. (1977). Double loop learning organizations. Harvard Business Review, 55(5),
115-125. http://hbr.org/
Argyris, C. (1982). The executive mind and double-loop learning. O rganizational
Dynamics, 11(2), 5-23. doi.:10.1016/0090-2616(82)90002-X
Argyris, C. (1994). Good communication that blocks learning. Harvard Business Review,
72(4), 77-86. http://hbr.org/
Argyris, C., & Schon, D. (1974). Theory in practice: Increasing professional
effectiveness. San Francisco, CA: Jossey-Bass.
Argyris, C., & Schon, D. (1978). Organizational learning: A theory o f action perspective.
Reading, MA: Addison-Wesley.
Baldrige National Quality Program. (2010, July 12). Data analysis. Retrieved from
http ://w w w. nist. go v/baldrige/data_analysis/index .cfm
Bandura, A. (1977). A social learning theory. Englewood Cliffs, NJ: Prentice-Hall.
151
Bandura, A. (2007). Much ado over a faulty conception of perceived self-efficacy
grounded in faulty experimentation. Journal o f Social and Clinical Psychology,
26, 641-658. doi:10.1521/jscp.2007.26.6.641
Banham, R. (2009). Fray on pay: The battle over executive compensation and what it
means. Chief Financial Officer, 25(6), 38-44.
Barmak, S. (2009, October 25). Education’s Darwin: As Toronto debates proposals for
education reform, we take a look at John Dewey, whose radical ideas a century
ago brought teaching out of the dark ages. Toronto Star. Retrieved from
http ://w w w . thestar. com/
Barone, G., & Cingano, F. (2011). Sendee regulation and growth: evidence from OECD
countries. The Economic Journal, 12, 931-957. doi: 10.111/j. 1468-
0297.2011.02433x
Barua, A., Brooks, L., Gillon, K., Hodgkinson, R., Kohli, R., Worthington, S., & Zukis,
B. (2010). Creating, capturing and measuring value from IT investments: Could
we do better? Communications o f A1S, 2010(2), 13-26. http://aisel.aisnet.org/cais/
Begun, J. W. (1994). Chaos and complexity: Frontiers o f organization science. Journal o f
Management Inquiry, 3, 329-335. doi: 10.1177/105649269434006
Bell, S. J., Menguc, B., & Widing, R. E. (2010). Salesperson learning, organizational
learning, and retail store performance. Journal o f the Academy o f M arketing
Science, 38, 187-201. doi: 10.1007/s 11747-009-0149-x
Beilis, M. (2011a). History of Xerox: Xerox photocopiers and Chester Carlson. Retrieved
from http://inventors.about.eom/od/xyzstartinventions/a/xerox.htm
Beilis, M. (2011b). Inventors of the modem computer: The first freely programmable
computer invented by Konrad Zuse. Retrieved from
http://inventors.about.com/library/weekly/aa050298.htm
Beilis, M. (2011c). Teflon® – Roy Plunkett. Retrieved from
http://inventors.about.com/library/inventors/blteflon.htm
Ben-Ishai, S., & Lubben, S. J. (2011). Sales or plans: A comparative account o f the
“new” corporate reorganization. McGill Law Journal 56, 591-627.
doi: 10.7202/1005133ar
Berson, Y., Oreg, S., & Dvir, T. (2008). CEO values, organizational culture and firm
outcomes. Journal o f Organizational Behavior, 29, 615-633. doi:10.1002/job.499
Bloom, M., & Obenreder, R. (2006). Creating the sustainable workplace. Retrieved from
http://www.gsa.gov/gsa/cm_attachments/GSA_DOCUMENT/CREATING%20T
152
HE%20SUSTALNABLE%20WORKPLACE%20June%2004_R2-
oV6O_0Z5RDZ-i34K-pR.pdf
Boal, K., & Schultz, P. (2007). Storytelling, time, and evolution: The role of strategic
leadership in complex adaptive systems. The Leadership Quarterly, 1 8 ,411-428.
doi: 10.1016/j.leaqua.2007.04.008
Bochner, A., Denzin, N., Ellis, C., Lincoln, Y., Morse, J., Pelias, R., & Richardson, L.
(2008). Talking and thinking about qualitative research. Qualitative Inquiry, 14,
254-284. doi: 10.1177/1077800407311959
Bogdan, R. C., & Biklen, S. K. (2007). Qualitative research fo r education: An
introduction to theories and methods (5th ed.). Boston, MA: Pearson Education.
Bontis, N., Crossan, M. M., & Hulland, J. (2002). Managing an organizational learning
system by aligning stocks and flows. Journal o f Management Studies, 39, 437-
469. doi: 10.111 l/1467-6486.t01-1-00299
Bradbury, H., & Lichtenstein, B. (2000). Relationality in organizational research:
Exploring the space between. Organizational Science, 11, 551-564.
doi: 10.1287/orsc. 11.5.551.15203
Brown, A. D., & Humphreys, M. (2006). Organizational identity and place: A discursive
exploration of hegemony and resistance. Journal o f Management Studies, 43,
2 31 -257. doi: 10.1111/j. 1467-6486.2006.00589.X
Buck, B., & Main, B. (2005). Top executive remuneration: A view from Europe. Journal
o f Management Studies, 42, 1493-1506. doi:10.1111/j.l467-6486.2005.00553.x
Burke, W. W. (2008). Organization change: Theory and practice. Thousand Oaks, CA:
Sage.
Caldwell, S. D., Herold, D. M., & Fedor, D. B. (2004). Toward an understanding of the
relationships among organizational change, individual differences, and changes in
person-environment fit: A cross-level study. Journal o f Applied Psychology, 89,
868-882. doi: 10.1037/0021-9010.89.5.868
Campbell, B. A., Coff, R., & Kryscynsk, D. (2012). Rethinking sustained competitive
advantage from human capital. Academy o f Management Review 37, 376-395.
doi: 10.5465/cmr.2010.0276
Cangemi, J., & Miller, R. (2007). Breaking-out-of-the-box in organizations: structuring a
positive climate for the development of creativity in the workplace. Journal o f
Management Development, 26, 401-410. doi: 10.1108/02621710710748239
153
Caniels, M. C., & Romijn, H. A. (2008). Supply chain development: insights from
strategic niche management. The Learning Organization, 15, 336-353.
doi: 10.1108/09696470810879583
Carson, J. B., Tesluk, P. E., & Marrone, J. A. (2007). Shared leadership in teams: An
investigation of antecedent conditions and performance. Academy o f M anagem ent
Journal, 50, 1217-1234. doi: 10.2307/20159921
Cartwright, D. (Ed.). (1951). Field theory in social science: Selected theoretical papers
by Kurt Lewin. New York, N Y : Harper Torchbooks.
Cohen, W., & Levinthal, D. (1990). Absorptive capacity: A new perspective on learning
and innovation. Administrative Science Quarterly, 35, 128-152.
doi: 10.2307/2393553
Collis, D. J., & Montgomery, C. A. (1995). Competing on resources: Strategy in the
1990s. Harvard Business Review, 73(4), 118-128. http://hbr.org/
Crawford, K., Hasan, H., Wame, L., & Linger, H. (2009). From traditional knowledge
management in hierarchical organizations to a network centric paradigm for a
changing world. E:CO, 11, 1-18. http://emergentpublications.com
Cui, A., & O ’Connor, G. (2012). Alliance portfolio resource diversity and firm
innovation. Journal o f Marketing, 76(4), 24-43. doi:10.1059/jm.l 1.0130
Cummings, T. G., & Worley, C. G. (1997). Organizational development and change (6th
ed.). Cincinnati, OH: South-Western College.
Cutcher, L. (2009). Resisting change from within and w ithout the organization. Journal
o f Organizational Change Management, 22, 275-289.
doi: 10.1108/09534810910951069
Davis, A. L., & Rothstein, H. R. (2006). The effects of the perceived behavioral integrity
of managers on employee attitudes: A meta-analysis. Journal o f Business Ethics,
67, 407-419. doi: 10.1007/s 1055100690344
DeCarlo, S. (2006, April 20). W hat the boss makes. Retrieved from
http://www.forbes.com/2006/04/20/ceo-pay-options-xz_sw_0420ceopay.html
de Geus, A., & Senge, P. M. (1997). The living company. Boston, MA: Harvard School
Press.
Dewey, J. (1920). Reconstruction in philosophy. New York, NY: Holt.
154
Dierdorff, E.C., Bell, S.T., & Belohlav, J.A. (2011). The power of ‘w e’; effects of
psychological collectivism on team performance over time. Journal o f Applied
Psychology, 96(2), 247-262. doi:10.1037/a0020929.
Dijksterhuis, M. S., Van Den Boshch, F., & Volberda, H. W. (1999). W here do new
organizational forms come from? Management logics as a source o f co-evolution.
Organizational Science, 10, 569-582. doi: 10.1287/orsc. 10.5.569
Dimaggio, P. (Ed.). (2001). The twenty-first century firm . Princeton, NJ: Princeton
University Press.
Dougherty, D., & Hardy, C. (1996). Sustained product innovation in large, mature
organizations: Overcoming innovation-to-organization problems. Academ y o f
Management Journal, 29, 1120-1153. doi: 10.2307/256994
Douse, D. M. (2009). Beyond the glass ceiling—A phenomenological study o f senior
executive women and their perceived responsibility to mentor other women
(Doctoral dissertation). Retrieved from ProQuest Dissertations and Theses
database. (UMI No. 3350240)
Drucker, P. F. (1985). Marketing and economic development in B. M. Enis & K. K. Cox
(Eds.), Marketing classics: A selection o f influential articles. Boston, MA: Allyn
& Bacon.
Drucker, P. F. (1992). Managing fo r the future. Oxford, UK: Butterworth-Heinemann.
Dyck, B., & Neubert, M. (2010). Organizational behavior. Stamford, CT: Cengage
Learning.
Eckholm, E., & Williams, T. (2011, October 4). Anti-W all Street protests spreading to
cities large and small. New York Times. Retrieved from http://www.nytimes.com
I
Eilam, G., & Shamir, B. (2005). Organizational change and self-concept threats: A
theoretical perspective and a case study. Journal o f Applied Behavioral Science,
41, 399-421. doi: 10.1177/0021886305280865
Elloy, D. (2008). The relationship between self-leadership behaviors and organization
variables in a self-managed work team environment. Management Research
News, 31(11), 801-810. doi:10.1108/01409170810913015
Erdogan, B., Kraimer, M., & Liden, R. (2006). Justice and leader-member exchange: The
moderating role of organizational culture. Academy o f Management Journal, 49,
395-406. doi: 10.5465/AMJ.2006.20786086
155
Fulton, M., & Hon, B. (2009). M anaging advanced manufacturing technology (AMT)
implementation in manufacturing SMEs. International Journal o f Productivity
and Performance Management, 59, 351-371. doi: 10.1108/17410401011038900
Galunic, C., & Eisenhardt, K. (2001). Architectural innovation and modular corporate
forms. Academy o f Management Journal, 44, 1238-1246. doi: 10.2307/3069398
Garcfa-Morales, V. J., Llorens-Montes, F. J., & Verdu-Jover, A. J. (2007). Influence of
personal mastery on organizational performance through organizational learning
and innovation in large firms and SMEs. Technovation, 27, 547-568. doi: 10.1016/
j.technovation.2007.02.013
George, M. L., Works, J., & Watson-Hemphill, K. (2005). Fast innovation. New York,
NY: McGraw Hill.
Ghemawat, P., & Cassiman, B. (2007). Introduction to the special issue on strategic
dynamics. Management Science, 53, 529-536. doi: 10.1287/mnsc. 1070.0723
Gilbert, D. U., Rasche, A., & Waddock, S. (2011). Accountability in a global economy:
The emergency of international accountability standards. Business Ethics
Quarterly, 21, 23-44.
Goldberg, J., & Markoczy, L. (2000). Complex rhetoric and simple games. Emergence,
2(1), 49-72. doi: 10.1207/S 15327000EM0201_06
Gordon, S. R., & Tarafdar, M. (2007). How do a com pany’s information technology
competences influence its ability to innovate? Journal o f Enterprise Information
Management, 20, 271-290. doi: 10.1108/17410390710740736
Gundlach, M., Stoner, J., & Zivnuska, S. (2006). Understanding the relationship between
individualism-collectivism and team performance through an integration o f social
identity theory and the social relations model. Human Resources Journal, 59,
1603-1632. http://www.humanresourcesjoumal.com/
Hakala, H. (2011). Strategic orientations in management literature: Three approaches to
understanding the interaction between market, technology, entrepreneurial and
learning orientations. International Journal o f Management Reviews, 13, 199-217.
doi:/10.1111/1468-2370
Harris, R. (2009). Improving tacit knowledge transfer within SMEs through e-
collaboration. Journal o f European Industrial Training, 33, 215-231.
doi: 10.1108/03090590910950587
Hassan, F. A. (1988). Predynastic o f Egypt. Journal o f World Prehistory, 2, 135-185.
doi:10.1007/BF00975416
156
Herod, A., Rainnie, A., & McGrath-Champ, S. (2007). Working space: W hy
incorporating the geographical is central to theorizing work and employment
practices. Work, Employment & Society, 21, 247-264.
doi: 10.1177/0950017007076633
Hickman, L. (2009). Center for Dewey Studies. Retrieved from
http://w w w . siuc. edu/~deweyctr/index .html
History.com. (2010). History of the dark ages. Retrieved from
http://www.history.com/marquee.do?content_type=Marquee_Generic&content_ty
pe_id=54711 &display_order= 1 &marquee_id=5 3127
Hossenini, H. (2011). The most recent crisis of capitalism: To what extent will it impact
the globalization process of recent decades? Journal o f Applied Business &
Economics, 12(3), 69-1 A. Retrieved from:
http://search.proquest.com.proxyl.ncu.edu/docview/885179284?accountid=28180
Houchin, K., & MacLean, D. (2005). Complexity theory and strategic change: An
empirically informed critique. British Journal o f Management, 16, 149-166.
doi: 10.1111/j. 1467-8551.2005.00427.x
Huber, G. P. (1991). Organizational learning: The contributing processes and the
literatures. Organization Science, 2, 88-115. doi:10.1287/orsc.2.1.88
Hult, G. T. M., Ketchen, D. J., & Arrfelt, M. (2007). Strategic supply chain management:
Improving performance through a culture of competitiveness and knowledge
development. Strategic M anagement Journal, 28, 1035-1052.
doi: 10.1002/smj .627
Hult, G. T. M., Ketchen, D. J., & Nichols, E. L. (2003). Organizational learning as a
strategic resource in supply management. Journal o f Operations Management, 21,
541-556. doi:10.1016/j.jom.2003.02.001
Hult, G. T. M., Ketchen, D. J., & Slater, S. F. (2002). A longitudinal study of the learning
climate and cycle time in supply chains. Journal o f Business & Industrial
Marketing, 17, 302-323. doi:10.1108/08858620210431697
Hunt, S. D., & Morgan, R. M. (1995). The comparative advantage theory o f competition.
Journal o f Marketing, 59(2), 1-15. doi: 10.2307/1252069
Igartua, J. I., Garrigos, J. A., & Hervas-Oliver, J. L. (2010). How innovation management
techniques support an open innovation strategy. Research Technology
Management, 53(3), 41-52. http://www.iriweb.org/
157
Institute for Policy Studies & United for a Fair Economy. (2007). 14th Annual Labor Day
executive excess report: Americans pay a staggering cost for corporate leadership.
Retrieved from http://www.commondreams.org/news2007/0829-01.htm
Ittner, C. D., & Larcker, D. F. (2003). Coming up short on no financial perform ance
measurement. Harvard Business Review, 5 a (l 1), 88-95. http://hbr.org/
Jayamaha, N. P., Grigg, N. P., & Mann, R. S. (2008). Empirical validity o f Baldrige
criteria: New Zealand evidence. International Journal o f Quality and Reliability
Management, 25, 477-493. doi: 10.1108/02656710810873880
Joo, B., & Lim, T. (2009). The effects o f organizational learning culture, perceived job
complexity, and proactive personality on organizational commitment and intrinsic
motivation. Journal o f Leadership & Organizational Studies, 16, 48-60.
doi:10.1177/1548051809334195
Keener, R. (2008). Power and plenty: Trade, war, and the world economy in the second
millennium. History, 36(3), 115-117.
http://search.proquest.com.proxyl.ncu.edu/docview/232160556?accountid=28180
Kerezsi, L., Ko, J., & Antal, S. (2011). The social costs o f crime and crim e control.
Beijing Law Review, 2(2), 74-87. doi: 10.4236/blr.2011.22008
Kidwell, R., & Valentine, S. (2009). Positive group content: Work attitudes, and
organizational misbehavior: The case of withholding job effort. Journal o f
Business Ethics, 56(10), 15-28. doi: 10.1007/s 10551-008-9790-4
Kim, D. H. (1993). The link between individual and organization learning. Sloan
Management Review, 34, 37-50. http://sloanreview.mit.edu/
Kolb, D. A. (1971). Individual learning styles and the learning process (W orking Paper
No. 535-71). Cambridge, MA: Sloan School of Management, M assachusetts
Institute of Technology.
Kolb, D. A. (1976a). Learning style inventory. Boston, MA: McBer.
Kolb, D. A. (1976b). Management and the learning process. California M anagement
Review, 17(3), 21-31. doi: 10.2307/41164649
Kolb, D. A. (1984). Experiential learning: Experience as the source o f learning and
development. Englewood Cliffs, NJ: Prentice Hall.
Kolb, D., & Kolb, A. (2005). Learning styles and learning spaces: Enhancing experiential
learning in higher education. Academy o f M anagement Learning & Education, 4,
193-212. doi: 10.5465/AMLE.2005.17268566
158
Kolb, D., & Kolb, A. (2009). Experiential learning frequently asked questions. Retrieved
from http://www.leamingfromexperience.com/faq
Kolb, D. A., Rubin, I. M., & McIntyre, J. (1971). Organizational psychology: A n
experiential approach. Englewood Cliffs, NJ: Prentice Hall.
Kotter, J. (1996). Leading change. Boston, MA: Harvard Business School Press.
Krueger, R. A. (2000). Focus groups: A practical guide f o r applied research (3rd ed.).
Thousand Oaks, CA: Sage.
Kvale, S., & Brinkmann, S. (2009). Interviews, learning the craft o f qualitative research
interviewing (2nd ed.). Thousand Oaks, CA: Sage.
Lahteenmaki, S., Toivonen, J., & Mattila, M. (2001). Critical aspects of organizational
learning research and proposals for its measurement. British Journal o f
Management, 12, 113-129. doi:10.1111/1467-8551.00189
Landow, G. P. (2009). The industrial revolution: A timeline. Retrieved from
http ://w w w . Victorian web. org/ technology/ir/irchron .html
Langford, B. E., Schoenfeld, G., & Izzo, G. (2002). Nominal grouping sessions vs. focus
groups. Qualitative M arket Research, 5, 58-70. doi:10.1108/13522750210414517
Langholm, O. (2008). The German tradition in late medieval value theory. European
Journal o f the History o f Economic Thought, 15, 555-570.
doi: 10.1080/09672560802480914
Lave, J., & Wenger, E. (1991). Situated learning: Legitimate peripheral participation.
Cambridge, UK: Cambridge University Press.
Leek, S., Naude, P., & Turnbull, P. W. (2003). Interactions, relationships and networks in
a changing world. Industrial Marketing Management, 32(2), 87-90.
doi:10.1016/S0019-8501(02)00222-5
Lev, E. (2008). Medieval Egyptian Judaeo-Arabic prescriptions. Journal o f the Royal
Asiatic Society, 18, 449-465. doi: 10.1017/S 1356186308008663
Lichtenstein, B., Uhl-Bien, M., Marion, R., Seers, A., Orton, D., & Schreiber, C. (2006).
Leadership in emergent events: Exploring the interactive process of leading in
complex situations. Emergence: Complexity and Organization, S(4), 2-12.
http://emergentpublications.com
Lindgren, P. (2012). Business model innovation leadership: How do SM E ’s strategically
lead business model innovation? International Journal o f Business &
Management, 7(14), 53-66. doi:10.5539/ijbm.v7nl4p53
159
Litzinger, T. A., Lee, S. H., Wise, J. C., & Felder, R. M. (2007). A psychometric study of
the Index o f Learning Styles©. Journal o f Engineering Education, 96, 309-320.
http://www.jee.org/
Lubben, S. J. (2009). No big deal: The GM and Chrysler cases in context. American
Bankruptcy Law Journal, 83, 532. http://www.ablj.org/
Lynch, D., & Kordis, P. (1988). Strategy o f the Dolphin: Scoring a win in a chaotic
world. New York, NY: W illiam Morrow.
Marion, R., & Bacon, J. (2000). Organizational extinction and complex systems.
Emergence, i(4), 71-96. doi: 10.1016/S 1048-9843(01)00092-3
Marion, R., & Uhl-Bien, M. (2001). Leadership in complex organizations. The
Leadership Quarterly, 12, 389-418. doi:10.1016/S1048-9843(01)00092-3
Marion, R., & Uhl-Bien, M. (2003). Complexity theory and Al-Qaeda: Examining
complex leadership. Emergence: A Journal o f Complexity Issues in Organizations
and Management, 5, 56-78. http://emergentpublications.com
Marrow, A. J. (1977). The practical theorist: The life and work o f K urt Lewin. New
York, NY: Teachers College Press.
McGill, M. E., & Slocum, W. J. (1993). Unlearning the organization. Organizational
Dynamics, 22(2), 67-69. doi:10.1016/0090-2616(93)90054-5
McKelvey, B. (2001). Energizing order-creating networks o f distributed intelligence.
International Journal o f Innovation Management, 5, 181-212.
doi: 10.1016/S 1363-9196(01)00034-8
McKelvey, B. (2003). Emergent order in firms: Complexity science vs. the entanglement
trap. In. E. Mitleton-Kelly (Ed.), Complex systems and evolutionary perspectives
on organizations (pp. 99-125). Amsterdam, The Netherlands: Elsevier Science.
McKelvey, B. (2008). Emergent strategy via complexity leadership: Using complexity
science and adaptive tension to build distributed intelligence. In M. Uhl-Bien &
R. Marion (Eds.), Complexity leadership, Part 1: Conceptual foundations (pp.
225-268). Charlotte, NC: Information Age.
Miles, M. B., & Huberman, A. M. (1994). A n expanded sourcebook: Qualitative data
analysis (2nd ed.). Thousand Oaks, CA: Sage.
Mintzberg, H. (2009, July-August). Rebuilding companies as communities. Harvard
Business Review. Retrieved from http://hbr.org/2009/07/rebuilding-companies-as-
communities/ar/1
160
Mishra, S., & Suar, D. (2010). Does corporate social responsibility influence firm
performance of Indian companies? Journal o f Business Ethics, 95, 571-601.
doi:10.1007/sl0551-010-0441-l
Moorman, C. (1995). Organizational market information processes: Cultural antecedents
and new product outcomes. Journal o f Marketing Research, 32, 318-335.
doi: 10.2307/3151984
Moran, J. (2008, November 1). A Maine summer school ‘invents’ the m odem meeting,
1947; defining moment. Financial Times, London. Retrieved from
http://www.ft.com
Morse, J. M. (1994). Designing fu n d ed qualitative research. In N. K. Denzin & Y. S.
Lincoln (Eds.), Handbook o f qualitative research (pp. 220-235). Thousand Oaks,
CA: Sage.
Moustakas, C. (1994). Phenomenological research methods. Thousand Oaks, CA: Sage.
Mueller, M., Dos Santos, V. G., & Seuring, S. (2009). The contribution of environmental
and social standards towards ensuring legitimacy in supply chain governance.
Journal o f Business Ethics, 89, 509-523. doi:10.1007/sl0551-008-0013-9
Muha, G. (2011, January 15). Collaborating with customers to improve your supply chain
performance. Retrieved from http://freightsavingstips.com/2011/01/15
/collaborating-with-customers-to-improve-your-supply-chain-performance/
Mumford, M. D., Bedell-A vers, K. E., & Hunter, S. T. (2008). Planning for innovation: A
multi-level perspective, in M. D. Mumford, S. T. Hunter, & K. E. Bedell-Avers
(Eds.), Multi-level issues in creativity and innovation (Research in M ulti-Level
Issues, Vol. 7, pp. 107-154). Oxford, UK: Emerald Group.
Murray, P., & Chapman, R. (2003). From continuous improvement to organizational
learning: Developmental theory. The Learning Organization, 10, 272-283.
doi: 10.1108/09696470310486629
Muscatello, J. R., Small, M. H., & Chen, I. C. (2003). Implementing enterprise resource
planning (ERP) systems in small and midsize manufacturing firms. International
Journal o f Operations & Production Management, 23, 850-871.
doi: 10.1108/01443570310486329
Nah, F., & Delgado, S. (2006). Critical success factors for enterprise resource planning
implementation and upgrade. Journal o f Computer Information Systems, 46(5),
99-113. http://www.iacis.org/jcis/jcis.php
161
Namey, E., Guest, G., Thairu, L., & Johnson, L. (2008). Data reduction techniques for
large qualitative data sets. In G. Guest & K. M. MacQueen (Eds.), H andbook fo r
team-based qualitative research (pp. 137-161). Landham, MD: AltaM ira Press.
National Institute of Standards and Technology. (2009). Criteria for performance
excellence (2009-2010 ed.). Retrieved from http://www.nist.gov/baldrige/
publications/business_nonprofit_criteria.cfm
National Weather Service Weather Forecast Office. (2011). April severe weather events
sets new tornado records for Alabama. Retrieved from
http://www.srh.noaa.go v/bm x/?n=clim o_2011 torstats
Niderost, E. (2006). King Edward I: E ngland’s warrior king. Retrieved from
http://www.historynet.com/king-edward-i-englands-warrior-king.htm
Notes on Current Labor Statistics. (2011). M onthly Labor Review, 134, 75-149.
www.bls.gov/mir/welcome.htm
Osbom, R., & Hunt, J. G. (2007). Leadership and the choice of order: Com plexity and
hierarchical perspectives near the edge of chaos. The Leadership Quarterly, 18,
319-340. doi: 10.1016/j.leaqua.2007.04.003
Osborn, R., Hunt, J. G., & Jauch, L. R. (2002). Toward a contextual theory o f leadership.
The Leadership Quarterly, 13, 797-837. doi:10.1016/S1048-9843(02)00154-6
O’Sullivan, K. (2009). Leadership the next step. C hief Financial Officer, 25(3), 37-39.
Ottesen, G., & Gronghaug, K. (2004). Barriers to practical use of academic marketing
knowledge. Marketing Intelligence & Planning, 22, 520-530.
doi: 10.1108/02634500410551905
Parish, J. T., Cadwallader, S., & Busch, P. (2008). W ant to, need to, ought to: Employee
commitment to organizational change. Journal o f Organizational Change
Management, 21, 32-52. doi: 10.1108/09534810810847020
Patton, M. Q. (2002). Qualitative research & evaluation methods (3rd ed.). Thousand
Oaks, CA: Sage.
Pedler, M., Burgoyne, J., & Boydell, T. (1991). The learning company: A strategy fo r
sustainable development. London, England: McGraw-Hill.
Pentland, A. S. (2012). The new science of building great teams. H arvard Business
Review, 90(4), 60-70. http://hbr.org/
162
Perez, S., Montes, J. M., & Vazquez, C. J. (2005). Organizational learning as a
determining factor in business performance. The Learning Organization 12, 227-
245. doi: 10.1108/09696470510592494
Pettigrew, A. M. (1990). Longitudinal field research on change: Theory and practice.
Organization Science, 1, 267-292. doi: 10.1287/orsc. 1.3.267
Pettigrew, A. M., & Fenton, E. M. (Eds.). (2000). The innovating organization. London,
UK: Sage.
Pettigrew, A. M., Whittington, R., Melin, I., Sanchez-Runde, C., Van Den Bosch, F.,
Ruigrok, W., & Numagami, T. (2003). Innovative fo rm s o f organizing. London,
UK: Sage.
Phoebe Putney Medical Center. (2006). A report to the Hospital Authority of
Albany/Dougherty County, Georgia. Retrieved from
http://www.phoebeputney.com/uploads/PDF/kOfr3VT2.pdf
Pittaway, L., & Rose, M. (2006). Learning and relationships in small firms. International
Small Business Journal, 24, 227-231. doi: 10.1177/0266242606063429
Platzer, M. D. (2009). U.S. Aerospace manufacturing: industry overview and prospects
(Congressional Research Service Report 7-5700, R40967). Retrieved from
http://www.fas.org/sgp/crs/misc/R40967.pdf
Plowman, D., Solansky, S., Beck, T., Baker, L., Kulkami, M., & Travis, D. (2007). The
role of leadership in emergent, self-organization. The Leadership Quarterly, 18,
341-356. doi: 10.1016/j.leaqua.2007.04.004
Pricewaterhouse Coopers. (2011). 14th Annual Global CEO Survey: Growth reimagined,
prospects in emerging markets drive CEO confidence. Retrieved from
http://www.pwc.com/ceosurvey
Prigogine, I. (1997). The end o f certainty. New York, NY: Free Press.
Prigogine, I., & Stengers, I. (1984). Order out o f chaos. New York, NY: Heinemann.
Prokopeak, M., Nikravan, L., Whitney, K., Parker, S., Smith, M., Krupp, S., &
Schoemaker, P. (2011). Changing models for changing times. C h ief Learning
Officer, 70(4), 18-21, 51.
Quinn, J. B., Anderson, P., & Finkelstein, S. (2002). Managing professional intellect:
Making the most of the best. In S. Little, P. Quintas, & T. Ray (Eds.), M anaging
knowledge: An essential reader (pp. 335-348). London, UK: Sage.
163
Robinson, R. D. (1981). Background concepts and philosophy of international business
from World W ar II to the present. Journal o f International Business Studies, 12,
13-21. doi: 10.1057/palgrave.jibs.8490567
Robinson, S., & Stubberud, H. A. (2012). Communication preferences among university
students. Academy o f Educational Leadership Journal, 16, 105-113.
http ://w ww. alliedacademies. org/public/j oumals/j oumaldetails. aspx?j id=5
Rosicrucian Egyptian Museum. (2009). Egyptian timeline. Retrieved from
http://www.egyptianmuseum.Org/discoveregypt#timeline
Rousseau, V., Aube, C., & Savoie, A. (2006). Team behaviors: A review and integration
of frameworks. Retrieved from http://online.sagepub.com
Rubin, H. J., & Rubin, I. S. (2005). Qualitative interviewing: The art o f hearing data
(2nd ed.). Thousand Oaks, CA: Sage.
Ruiz-Mercader, J., Merono-Cerdan, A. L., & Sabater-Sanches, R. (2006). Information
technology and learning: Their relationship and impact on organizational
performance in small businesses. International Journal o f Information
Management, 26, 16-29. doi: 10.1016/j.ijinfomgt.2005.10.003
Rumelt, R. P., Schendel, D. E., & Teece, D. J. (1994). Fundamental issues in strategy. In
R. P. Rumelt, D. E. Schendel & D. J. Teece (Eds.), Fundamental issues in
strategy: A research agenda (pp. 9-54). Boston, MA: Harvard Business School
Press.
Sahadi, J. (2007, August 29). CEO pay: 364 times more than workers. Retrieved from
http://money.cnn.com/2007/08/28/news/economy/ceo_pay_workers/index.htm
Saldana, J. (2009). The coding manual f o r qualitative researchers. Thousand Oaks, CA:
Sage.
Sanches, J. A. L., Vijande, M. L. S., & Gutierrez, J. A. T. (2011). The effects of
manufacturer’s organizational learning on distributor satisfaction and loyalty in
industrial markets. Industrial Marketing Management, 40, 624-635. doi: 10.1016/
j.indmarman.2010.12.003
Sandelowski, M. (1995). Focus on qualitative methods: Sample sizes in qualitative
research. Research in Nursing & Health, 18, 179-183.
doi: 10.1002/nur.4770180211
Santos, M. L., Sanzo, J., Alvarez, L. I., & Vazquez, R. (2005). Organizational learning
and market orientation: Interface and effects on performance. Industrial
Marketing Management, 34, 187-202. doi:10.1016/j.indmarman.2004.08.004
164
Schein, E. H. (1996, Fall). Three cultures of management: The key to organizational
learning. Sloan Management Review, 9-20. http://sloanreview.mit.edu/
Schein, E. H. (2004). Learning when and how to lie: A neglected aspect o f organizational
and occupational socialization. Human Relations, 57, 260-273.
http://hum.sagepub.com/
Schneider, M., & Somers, M. (2006). Organizations as complex adaptive systems:
Implications of complexity theory for leadership research. The Leadership
Quarterly, 17, 351-365. doi:10.1016/j.leaqua.2006.04.006
Schram, T. H. (2006). Conceptualizing and proposing qualitative research (2nd ed.).
Upper Saddle River, NJ: Pearson Education.
Schramm, J. M., Williams, S., Krasnow, M., Grossman, B., & Walters, L. (2007,
November 4). SHRM 2007 Symposium on the Workforce Readiness o f the Future
U.S. Labor Pool (C. Cornelius, Ed.). Retrieved from http://www.shrm.Org///.aspx
Schreiber, C., & Carley, K. (2008). Leading for innovation and adaptability: Tow ard a
dynamic network analytic theory o f knowledge era leadership. In M. Uhl-Bien &
R. Marion (Eds.), Complexity leadership, Part 1: Conceptual foundations (pp.
291-332). Charlotte, NC: Information Age.
Seidman, I. (2006). Interviewing as qualitative research: A guide f o r researchers in
education and the social sciences (2nd ed.). New York, NY: Teachers College
Press.
Senge, P. M. (1990). The fifth discipline, the art and practice o f learning organization.
New York, NY: Doubleday Dell.
Senge, P. M. (1994). Learning to alter mental models. Executive Excellence, 11(3), 16-
17. http: //eep. store. merchandizer.eom/Merchant//newsite/index.html
Senge, P. M. (2006). The fifth discipline, the art and practice o f learning organization
(2nd ed.). New York, NY: Doubleday Dell.
Shank, G. D. (2006). Qualitative research: A personal skills approach (2nd ed.). Upper
Saddle River, NJ: Pearson Prentice Hall.
Shirman, L. (2011, April 6). Cultivating customer collaboration is a mindset. Retrieved
from http://www.b2bbuzz.org/cultivating-customer-collaboration-is-a-mindset/
Sikorsky. (2011). Timeline. Retrieved from
http ://www. sikorsky .com/About+S ikorsky/Timeline
165
Sinkula, J. M. (1994). Market information processing and organizational learning.
Journal o f Marketing, 58, 35-45. doi: 10.2307/1252249
Smith, A. C., & Graetz, F. (2006). Complexity theory and organizing form dualities.
Management Decision, 44, 851-870. doi: 10.1108/00251740610680569
Snider, B., da Silveira, G. J. C., & Balakrishnam, J. (2008). ERP implementation SMEs:
Analysis of five Canadian cases. International Journal of Operations &
Production Management, 2 9 , 4-29. doi: 10.1108/01443570910925343
Snowden, D., & Boone, M. (2007, November 1). A leader’s framework for decision
making. Harvard Business Review, 68-76. Retrieved from http://hbr.org
Sousa, R., & Voss, C. A. (2007). Operational implications of manufacturing outsourcing
for subcontractor plants. International Journal o f Operations & Production
Management, 27, 974-997. doi: 10.1108/01443570710775829
Sturdy, A., & Fleming, P. (2003). Talk as technique— a critique of the words and deeds
distinction in the diffusion of customer service cultures in call centers. Journal o f
Management Studies, 40, 753-773. doi: 10.1111/1467-6486.00359
Surie, G., & Hazy, J. K. (2006) Generative leadership: Nurturing innovation in complex
systems. Emergence: Complexity and Organization, <8(4), 13-26.
http://emergentpublications.com
Tanriverdi, H., & Zehir, C. (2006). Impact of learning organizations’ applications and
market dynamism on organizations’ innovativeness and market performance. The
Business Review, 6, 238-245. http://www.jaabc.com/joumal.htm
Thorton, E. (2010, November 2). Bankruptcies: 2009 is already one for the record books.
Business Week, 4153, 17. www.businessweek.com
Tippins, M. J., & Sohi, R. S. (2003). IT competency and firm performance: Is
organizational learning a missing link? Strategic Management Journal, 4, 745-
761. doi:10.1002/smj.337
Trochim, W. M. K., & Donnelly, J. P. (2008). The research methods knowledge base (3rd
ed.). Mason, OH: Cengage Learning.
Tucker, A. L., Nembhard, I. M., & Edmonson, A. C. (2007). Implementing new
practices: An empirical study of organizational learning in hospital intensive care
units. Management Science, 53, 894-907. doi:10.1287/mnsc. 1060.0692
Twombly, J., & Shuman, J. (2006). Collaborating with suppliers for innovation and
growth. Retrieved from http://www.rhythmofbusiness.com/uploaddir/
a92f259ccollaboratingwithsuuppliersforinnovationandgrowth.pdf
166
Uhl-Bien, M., & Marion, R. (2009). Complexity leadership in bureaucratic forms of
organizing: A meso model. The Leadership Quarterly, 20, 631-650.
doi: 10.1016/j.leaqua.2009.04.007
Uhl-Bien, M., Marion, R., & McKelvey, B. (2007). Complexity leadership theory:
Shifting leadership from the industrial age to the knowledge era. The Leadership
Quarterly, 18, 298-318. doi:10.1016/j.leaqua.2007.04.002
University of Oxford. (2010). Oxford diploma in financial strategy at the Said Business
School. Retrieved from http://www.sbs.ox.ac.uk/execed/finance/DFS/Pages
/PricewaterhouseCoopers%20Scholarship.aspx
U.S. Centennial of Flight Commission. (2003). Igor Sikorsky vs 200. Retrieved from
http://www.centennialofflight.gov/essay/Rotary/Sikorsky_VS300/HE8.htm
U.S. Census Bureau. (2009). Statistics of U.S. businesses: U.S. NICS sectors, small
employment sizes. Retrieved from http://www.census.gov/econ/susb/
U.S. Department of Energy. (2010, December 6). Enrico Fermi: Patents, US Patent
2,206,634, process for the production of radioactive substances. Retrieved from
http: //w w w .osti. gov/accomplishments/fermipat.html
U.S. Department of Health, Education and Labor. (1979, April 18). The Belm ont report,
Office of the Secretary, ethical principles and guidelines for the protection of
human subjects of research, the national commission for the protection o f human
subjects of biomedical and behavioral research. Retrieved from
http://www.hhs.gov/ohrp/humansubjects/guidance/belmont.htm
U.S. Department of Labor Bureau of Labor Statistics. (2009, June 4). Labor productivity
and costs. Retrieved from http://www.bls.gov/lpc/
U.S. Department of Labor, Bureau o f Labor Statistics. (2010a). Unemployment rate.
Retrieved from http://www.google.com/publicdata?ds=usunemployment&met
=unemployment_rate&tdim=true&dl=en&hl=en&q=unemployment+rate
U.S. Department of Labor, Bureau of Labor Statistics. (2010b). Career guide to
industries, 2010-2011 ed., aerospace product and parts manufacturing. Retrieved
from http://www.bls.gov./co/cg/cqs006.htm
U.S. Environmental Protection Agency. (2012). EPA history: Abandoned homes near
Love Canal. Retrieved from http://www.epa.gov/aboutepa/history/index.html
U.S. Small Business Reauthorization Act of 1977, 13 CFR §126 et. seq. (U.S. Small
Business Administration, 2012). Retrieved from
http:// www. sba. go v/content/hubzone
167
Voss, C., Tsikriktsis, N., & Frohlich, M. (2002). Case research in operations
management. International Journal o f Operations & Production Management,
22, 195-219. doi: 10.1108/01443570210414329
Vygotsky, S. (1978). M ind in society: The development o f higher psychological processes
(M. Cole, V. John-Steiner, S. Scribner, & E. Souberman, Eds.). Cambridge, MA:
Harvard University Press.
Wagner, K. V. (2009). Social learning theory, an overview o f Bandura’s social learning
theory. Retrieved from http://psychology.about.com/od/developmentalpsychology
/a/socialleaming.htm?p=l
Wilkens, U., Menzel, D., & Pawlowsky, P. (2004). Inside the black-box: Analyzing the
generation of core competencies and dynamic capabilities by exploring collective
minds. An organizational learning perspective. Management Revue, 15, 8-26.
Retrieved from:
http://search.proquest.com.proxyl.ncu.edu/docview/201559556?accountid=28180
Wong, P., & Cheung, S. O. (2008). An analysis o f the relationship between learning
behavior and performance improvement o f contracting organizations.
International Journal o f Project Management, 26, 112-123.
doi: 10.1016/j. ijproman.2007.04.004
Yin, R. K. (2003). Case study research design and methods (3rd ed.). Thousand Oaks,
CA: Sage.
Yin, R. K. (2009). Case study research design and methods (4th ed.). Thousand Oaks,
CA: Sage.
Zahay, D. L., & Handfield, R. B. (2004). The role of learning and technical capabilities in
predicting adoption of B2B technologies. Industrial Marketing Management, 33,
627-641. doi: 10.1016/j.indmarman.2003.10.004
Zammuto, R., Griffith, T., Majchrzak, A., Dougherty, D., & Faraj, S. (2007). Information
technology and the changing fabric of organization. Organizational Science, 18,
749-762. doi: 10.1287/orsc. 1070.0307
Zittoun, T., Gillespie, A., Cornish, F., & Psaltis, C. (2007). The metaphor o f the triangle
in theories of human development. Human Development, 50, 208-229.
doi: 10.1159/000103361
Appendices
169
Appendix A:
Permission to Conduct Research— Case A
Monday, April 19, 2 010 6:29 AM
From: “Richard”
To: ’”karen”
Karen,
Glad to see your project has started. I am more than happy to grant you permission to conduct research at
any division o f X X X X Industries as described in the attached form. Please keep me in the loop let me
know if there is any way I can further help. If you need me to return the signed form as w ell just let me
know.
Richard X X X X
President
X X X Industries
From: karen
Sent: Sunday, April 18, 2010 7:15 PM
To: Richard XXXX
Subject: Permission to do research
Greetings Rich ~ hope all is well.
The time is approaching when I will be coordinating com ing to your site to conduct research. I
am therefore seeking your permission to conduct research at your business.
Your site will receive a letter designation assigned and known only to me.
Please grant your permission by signing the attached form as President o f XXXX Industries and
returning to me as soon as possible. A scanned pdf file via email w ill be sufficient i f convenient
for you. Or, in the alternative, you may grant your permission by returning this email and
indicating “permission to conduct research at X X X X Industries as described in the attached
form”.
Thanks for your valuable assistance and contribution in this research project.
With B est Regards, Karen X X X Doctoral Candidate – Northcentral University, [redacted for
privacy]
170
Appendix B:
Permission to Conduct Research— Case B
Re: Permission to do research
M o n d a y , M a y 1 0 , 2 0 1 0 4 : 4 6 PM
From: “Shannon XXXXX”
“Howard XXXXX” ”
C c :
Message contains attachments
1 File (118KB)
Mrs. X X X X X ,
As per your request, please find attached the executed copy o f the
permission to do research.
Should you require anything additional, please let us know.
Sincerely,
Shannon SX X X X X X
Email:ShannonS @ X X X X X X X
Greetings Howard ~ hope all is well.
The time is approaching when I will be coordinating com ing to your site to conduct research. I am therefore
seeking your permission to conduct research at your business. Your site will receive a letter designation
assigned and known only to me.
Please grant your permission by signing the attached form as President o f XXXX Engineering Corp. and
returning to me as soon as possible. A scanned p d f file via email w ill be sufficient i f convenient for you.
Or, in the alternative, you may grant your permission by returning this email and indicating “permission to
conduct research at X X X X X Engineering Corp. as described in the attached form”.
Thanks for your valuable assistance and contribution in this research
project.
With B est Regards,
Karen XXXXDoctoral Candidate – Northcentral University
[redacted for privacy]
171
Appendix C:
Permission to Conduct Research— Case C
From: greg
Sent: Monday, May 03, 2010 4:43 PM
To: ‘kxxxxx’
Subject: FW: Permission to do research
I am giving you permission to interview personnel o f X X X with an agreed upon schedule that w ill be done
in a one day period only. Interviews are to be approx. 2 hours and the schedule w ill not interfere with
priorities o f the company.
From: XXXXX Karen
Sent: Monday, April 19, 2010 11:50 AM
To: ‘greg’
Cc: xxxxxxxx
Subject: Permission to do research
Greetings Greg ~ hope all is well.
The time is approaching when I will be coordinating com ing to your site to conduct research. I am
therefore seeking your permission to conduct research at your business. Your site w ill receive a letter
designation assigned and known only to me.
Please grant your permission by signing the attached form as President o f XXX and returning to me as
soon as possible. A scanned pdf file via email will be sufficient if convenient for you. Or, in the
alternative, you may grant your permission by returning this email and indicating “permission to conduct
research X X X X | as described in the attached form”.
Thanks for your valuable assistance and contribution in this research project.
With Best Regards,
Karen xxxxxx
Doctoral Candidate – Northcentral University
[email and phone # redacted for privacy]
172
Appendix D:
Permission to Conduct Research— Case D
W e d n e s d a y , A p ri l 2 8 , 2 0 1 0 1 2 : 2 1 PM
From:
G eorge XXXX” < gXXX XXX X @ X X X X X X X X .co m >
To:
“karen xxxxx”
1 File (38KB)
Karen,
Back in the office, able to open your document, reviewed it, discussed
it with X X X X and X X X X , signed it, and am presenting it back to you. Hope
this works out well for you. D o you need the original?
Regards,
George
From: X X X X X Karen
Subject: Permission to Conduct Research
To: “George X X X X ” gX X X X X @ X X X X X X .com
C c:”xxxxxx”
Date: Monday, April 19, 2010, 11:54 AM
Greetings George ~ hope all is well.
The time is approaching when I will be coordinating com ing to your site to conduct research. I am
therefore seeking your permission to conduct research at your business. Your site w ill receive a letter
designation assigned and known only to me.
Please grant your permission by signing the attached form as President o f XXXXX, and returning to me as
soon as possible. A scanned pdf file via email will be sufficient if convenient for you. Or, in the
alternative, you may grant your permission by returning this email and indicating “permission to conduct
research at X X X X X | as described in the attached form”.
Thanks for your valuable assistance and contribution in this research project.
With Best Regards,
Karen xxxxxx
Doctoral Candidate – Northcentral University
[email and phone redacted for privacy]
173
Appendix E:
Various Contributions of Researchers to Learning Theory
Year Researcher Topic / Area of Contribution
1900s James
Jung
Theory of Emotion
Pragmatism
Collective unconsciousness
1920s Dewey
Freire
Experiential Learning Theory (ELT)
Emphasis on dialogue and expression
1930s Piaget Social interaction & organizational structures
1940s Lewin Experiential Learning Theory (ELT)
1944 Von Neumann
Morgenstem
Game Theory
Game Theory
1950 Nash Nash Equilibrium
1954 Drucker Management by Objectives (MBO)
1957 Luce
Raiffa
Dominating strategies
Integration o f strategic plans
1960s Argyris
Hanna
Barbera
Psychological contracts
Cartoonish influence, social styles, supply & demand
Cartoonish influence, supply & demand
1961 Vicery Auctions & organizational behavior
1970 Lockheed Martin Quality Circles
1974 Argyris
Schon
Theory in practice; Single Loop Learning (SLL)
Theory in practice; Single Loop Learning (SLL)
1976 Kolb Learning Styles Inventory (LSI); Individual learning
1977 Bandura
Bronfrenbrenner
Argyris
Observational learning
Learning space
Double Loop Learning (DLL)
174
Year Researcher Topic / Area of Contribution
1978 Vygotski
Argyris
Schon
Activity theory
Organizational learning theory
Organizational learning theory
1979 Bronfrenbrenner Learning space
1980s Deming
Juran
Crosby
Total Quality M anagement (TQM)
TQM
TQM
1982 Argyris DLL & the executive mind
1984 Kolb
Kolb
Experiential Learning Theory (ELT)
Learning Styles Inventory (LSI)
1986 Argyris Skilled incompetence
1990-2000 Multiple Self-Managed Teams
1990 Senge Organizational learning
1991 Lave
Wenger
Argyris
Situational & social learning
Situational learning & social networking
Executive management learning
1992 Dunn
Dunn
Lederman
Petranek
Corey
Black
Preferred learning styles
Preferred learning styles
Experiential learning & debriefing
Individual learning: participation, debriefing, writing
Individual learning: participation, debriefing, writing
Individual learning: participation, debriefing, writing
1993 Kim
McGill
Slocum
Individual learning
Learning organizations
Learning organizations
1994 Argyris Communication interference with learning
1995 Boyatzis
Kolb
“Personal Learning”
Leaman
Collis
Learning Skills Profile (LSP)
LSP
Personal Learning Indicator Profile (PLIP)
Productivity, work space & environment
Collaboration
175
Year Researcher Topic / Area of Contribution
1996 Schein
Brandenburg
Stuart
Cultures of organizational learning: executive,
engineer, operator
Individual learning, performance, productivity
Individual learning, performance, productivity
1997 Cummings
Worley
Individual learning to organizational learning
Individual & organizational learning
1998 Nonaka
Konno
Ba
Tacit learning
1999 Sarasin Personal learning style
2000 Marion
Bacon
Bradbury
Lichtenstein
Goldberg
Markoczy
Complex systems
Complex systems
Adaptive leadership
Adaptive leadership
Complex systems, equilibrium
Complex systems, equilibrium
2001 Marion
Uhl-Bien
Galunic
Eisenhardt
Complex organizations, leadership
Complex organizations, leadership
Complex systems, equilibrium
Complex systems, equilibrium
2002 Mainemelis
Boyatzis
Kolb
Bontis
Crosson
Hulland
Hult
Ketchen
Slater
Adaptive Style Inventory (ASI)
ASI
ASI
Organizational performance
Organizational performance
Organizational performance
Organizational learning
Organizational learning
Organizational learning
2003 Jorroff
Porter
Feingberg
Kukla
Lippman
Rumelt
Hult
Ketchen
W ork space & learning
W ork surface space & organizational learning
W ork space & learning
W ork space, emotional productivity
Individual learning, performance, productivity
Individual learning, performance, productivity
Organizational learning as a strategic resource
Organizational learning as a strategic resource
176
Year Researcher Topic / A rea of Contribution
2003 Nichols Organizational learning as a strategic resource
Sturdy Learning atmosphere contradictions
Fleming Learning atmosphere contradictions
Ittner Collaboration
Larker Collaboration
Tippins Organizational performance
Sohi Organizational performance
Leek Customer sophistication
Naude Customer sophistication
Turnbull Customer sophistication
Marion Complexity theory
Uhl-Bien Complexity theory
2004 Wilkens Adaptive & generative learning
Menzel Adaptive & generative learning
Pawloswky Adaptive & generative learning
Schein Continuous improvement & individual learning
MacDonald Competitive advantage & value
Ryall Competitive advantage & value
Caldwell Intra-organizational relationships
Herold Intra-organizational relationships
Fedor Intra-organizational relationships
MacDonald Individual learning, performance, productivity
Ryall Individual learning, performance, productivity
Zahay Organizational learning, competitive advantage
Handfield Organizational learning, competitive advantage
2005 Gensler Office layout & learning
Baker Conversational learning
Jensen Conversational learning
Kolb Conversational learning
Straker Learning styles
Baker Temporal, emotional, & physical space
Eilam Psychology o f organizational change & threats
Shamir Psychology o f organizational change & threats
McKone-Sweet Competitive advantage
Hamilton Competitive advantage market insertion
Willis Competitive advantage supply chain
George Market insertion, fast innovation, org. learning
Works Market insertion, fast innovation, org. learning
W atson-Hemphill Market insertion, fast innovation, org. learning
Perez Organizational performance
177
Year Researcher Topic / A rea of Contribution
2005 Montes Organizational performance
Vazquez Organizational performance
Santos Organizational performance, market orientation
Sanzo Organizational performance, m arket orientation
Alvarez Organizational performance, m arket orientation
Vazquez Organizational performance, market orientation
Houchin Complex systems, equilibrium
MacLean Complex systems, equilibrium
2006 Bloom W ork space & learning
Obenreder W ork space environment & learning
Cahill Self-efficacy theory
Gallo Self-efficacy
Lisman Self-efficacy
Weinstein Sell-efficacy & posturing
Tanri verdi Individual learning to societal learning theory
Zehir Social learning theory
Summers Game theory & risk identification
Zeuhauser Game theory profitability
Brown Psychology o f organizational identity
Humphries Psychology o f organizational identity
Adner Individual learning & performance
Zemensky Individual learning & performance
Ireland Business performance & supply chain
Webb Business performance & supply chain
Erdogan Leader-member exchange; motivation
Kraimer Leader-member exchange; motivation
Liden Leader-member exchange; motivation
Akgun Innovation, new product development
Lynn Innovation, new product development
Yilmza Innovation, new product development
Smith Complexity theory
Graetz Complexity theory
2007 Simon Risk mitigation & contingency theory
Cangemi Management hierarchies
M iller Management structures & hierarchies
Brandenburger Biform games & risk mitigation
Stuart Risk identification & mitigation thru Biform games
Chatain Individual learning, performance, productivity
Zemensky Individual learning, performance, productivity
Ghemawat Strategic management, planning, dynamics
Cassiman Strategic management, planning, dynamics
178
Year Researcher Topic / A rea of Contribution
2007 Hult Strategic management, performance
Ketchen Strategic management, performance
Arrfelt Strategic management, performance
Herod Resistance to change; individual & organizational
learning
Rainnie Resistance to change; individual & organizational
learning
McGrath-Champ Resistance to change; individual & organizational
learning
Tucker Organizational learning
Nembhard Organizational learning
Edmonson Organizational learning
Boal Complex adaptive systems, innovation
Schultz Complex adaptive systems, innovation
Plowman Emergent leadership, self-organization
Solansky Emergent leadership, self-organization
Beck Emergent leadership, self-organization
Baker Emergent leadership, self-organization
Kulkami Emergent leadership, self-organization
Travis Emergent leadership, self-organization
Uhl-Bien Complexity leadership
Marion Complexity leadership
McKelvey Complexity leadership
Osbom Enabling leadership
Hunt Enabling leadership
2008 Srivastava Psychological environments
Morgan W ork space & learning
Antony W ork space & learning
Haynes W ork space & learning
Parish Organizational change, employee com m itm ent
Cadwallader Organizational change, employee com m itm ent
Busch Organizational change, employee com m itm ent
Ito Individual & organizational learning & digital media
Horst Individual & organizational learning & digital media
Billanti Individual & organizational learning & digital media
Boyd Individual & organizational learning & digital media
Herr-Stephenson Individual & organizational learning & digital media
Lange Individual & organizational learning & digital media
Pascoe Individual & organizational learning & digital media
Robinson Individual & organizational learning & digital media
Area Participation & process improvement
Prado-Prado Participation & process improvement
Mumford Complex systems, equilibrium
179
Year Researcher Topic / Area of Contribution
2008
2009
Bedell-Avers
Hunter
Burke
Pitts
Friedman
Miller
Dunn
Honigsfeld
Shea-Doolan
Bonstrom
Russo
Schiering
Suh
Tenedero
Rose
Kumar
Pak
Cutcher
Uhl-Bien
Marion
Complex systems, equilibrium
Complex systems, equilibrium
Learning capacity
Learning Styles Preference Indicator (LSPI)
W ork space & stress
W ork space & stress
Learning style instructional strategies & achievement
Learning style instructional strategies & achievement
Learning style instructional strategies & achievement
Learning style instructional strategies & achievement
Learning style instructional strategies & achievement
Learning style instructional strategies & achievement
Learning style instructional strategies & achievement
Learning style instructional strategies & achievement
Organizational learning, commitment, work
performance
Organizational learning, commitment, work
performance
Organizational learning, commitment, work
performance
Resisting change
Complexity leadership
Complexity leadership
2011 Dalia Complexity theory
180
Appendix F:
Assessment Protocol
Organizational Structure
1. What are your stated purpose, vision, values, and mission?
2. What are your organizational structure, governance system, and reporting
relationships?
3. To what extent has your com pany’s strategy changed over the past 24 months
relative to:
a) Economic growth or uncertainty?
b) Customer demand?
c) Industry dynamics?
4. To what extent have you made changes in the organizational structure within the
last 24 months?
5. How do senior leaders deploy your organization’s vision and values through your
leadership system; to the workforce; to key suppliers; to partners; and to
customers?
6. How do leaders’ actions reflect a commitment to the organization’s values?
7. How do leaders achieve the following:
a) Create an environment for organizational performance im provem ent and
organizational agility?
b) Create a workforce culture that delivers a consistently positive custom er
experience and fosters customer engagement?
c) Create an environment for organizational and workforce learning?
d) Participate in organizational learning, succession planning, and
development of future organizational leaders
e) Communicate with and engage the entire workforce
f) Encourage frank, two-way communication throughout the organization?
Innovation
8. How does innovation factor into your long-term plans?
9. In what ways are you pursuing innovation?
10. How do you identify and innovate product offerings to provide opportunities for
expanding relationships with existing customers and suppliers?
Collaboration
What role do your customers play in:
a) Product development?
b) Product production?
c) Product delivery?
What role do your suppliers play in:
a) Product development?
b) Product production?
c) Product delivery?
181
13! What role does the government play in:
a) Product development?
b) Product production?
c) Product delivery?
14. How do you listen to customers, former customers, potential customers, and
customers of competitors to obtain actionable information, and to obtain feedback
on your products and customer support?
15. How do you market, build and manage relationships with customers and suppliers
to increase their engagement with you?
Talent Management
16. What is your workforce profile?
17. What are your workforce or employee groups?
18. What are their educational levels?
19. What are the key elements that engage them in accomplishing your mission and
vision?
20. What are your organization’s workforce jo b diversity, organized bargaining units,
key workforce benefits, and special health and safety requirements?
21. W hat effect did the economic downturn have on your people strategy?
22. W hat does talent management mean to you?
23. How do you assess your workforce capability and capacity needs, including skills,
competencies, and staffing levels?
24. What are your current and future talent needs?
25. Where are your skill gaps? W hat are your plans to fill them?
26. How do you recruit, hire, place, and retain new members o f your workforce?
27. How do you identify your key talent?
28. W hat is your incentive reward model to retain talent? How do you use non-
financial rewards to motivate staff and the workforce?
29. How do senior leaders take an active role in reward and recognition programs?
30. How do you plan for attrition (the retirement o f older workers; key employees
making career changes for personal reasons)?
Learning
31. How does your learning and development system address the following factors
for your workforce members and leaders?
a) Organizational performance improvement and innovation
b) Customer focus
c) Their learning and development needs, including those that are self
identified and those identified by supervisors, managers, and senior
leaders
32. How do you manage organizational knowledge to:
a) Accomplish the collection and transfer of workforce knowledge?
b) Accomplish the transfer of relevant knowledge from and to customers,
suppliers, partners, and collaborators?
182
c) Accomplish the rapid identification, sharing, and implementation of best
practices?
33. How do you work with government or educational systems to improve the skills
in your talent pool?
34. How do you evaluate the effectiveness and efficiency of your learning and
development system?
Closing
35. On your journey to enhanced learning for your organization, w hat have been your
most:
a) Difficult challenges?
b) Best practices?
c) Unexpected moments?
36. Is there anything else you would like to share at this time?
Assessment protocol adapted with permission from: “ 14th Annual Global CEO Survey:
Growth Reimagined, Prospects in Emerging M arkets Drive CEO Confidence,” by
Pricewaterhouse Coopers. (2011)
and
“Sterling Criteria for Organizational Performance Questions 2010-2011” Baldrige
Performance Excellence Program at the National Institute o f Standards and Technology
and from Criteria for Performance Excellence (Gaithersburg, MD: 2011)
183
Appendix G:
Source Map for Assessment Protocol Instrument
Framework Discipline Source Question
Organization Structure-
M ission & Purpose
M BNQ A
P .l.a .2
What are your stated purpose, vision, values, and
m ission?
Organization Structure-
Governance
M BNQ A
P .l.b .l
What are your organizational structure,
governance system , and reporting relationships?
Organization Structure-
Strategy
PwC
Q1:PG6.
Prospects
To what extent has your com pany’s strategy
changed over the past 24 months relative to:
a) Econom ic growth or uncertainty
b) Customer demand
c ) Industry dynamics
Organization Structure-
Flexibility
PwC
Q1.4.PG3
To what extent have you made changes in the
organizational structure within the last 24
months?
Organization Structure-
Senior leaders
M BNQ A
l . l . a . l
How do senior leaders deploy your organization’s
vision and values through your leadership system;
to the workforce; to key suppliers; to partners;
and to customers?
Organization Structure-
Senior leaders
M BNQ A
l . l . a . l
How do leaders’ actions reflect a com m itm ent to
the organization’s values?
Organization Structure-
Senior leaders
M BNQ A
1.1.a.3
How do leaders achieve the follow ing?
Organization Structure-
Flexibility
a) Create an environment for
organizational performance
improvement and organizational agility?
Organization Structure-
Culture
b) Create a workforce culture that delivers
a consistently positive customer
experience and fosters customer
engagement?
Organization Structure-
Learning
c ) Create an environment for
organizational and workforce learning?
Organization Structure-
Learning
d) Participate in organizational learning,
succession planning, and developm ent o f
future organizational leaders
184
Framework Discipline Source Question
Organization Structure M BN Q A
Communication 1.1.b.l
e ) Communicate with and engage the entire
workforce
Organization Structure
Communication
Innovation-
Strategy
Innovation-
Pursuit
Innovation-
Opportunities
Collaboration-
Customers
M BNQ A
1.1.b .l
PwC
Q.Gen.Trans.
PwC
Q.Gen.Trans.
M BNQ A
3 .2.a.l
PwC
Q 1. A P P 10.PG 19.Pr
ospects
M BNQA
P .l.b .3
f) Encourage firank, tw o-w ay
communication throughout the
organization?
How does innovation factor into your long-term
plans?
In what ways are you pursuing innovation?
How do you identify and innovate product
offerings to provide opportunities for expanding
relationships with existing custom ers and
suppliers?
What role do your customers play in a) product
development; b) product production; c) product
delivery?
Collaboration-
Suppliers
PwC
Q 1 .APP 10.PG 19.Pr
ospects
M BNQ A
P .l.b .3
What role do your suppliers play in a) product
development; b) product production; c) product
delivery?
Collaboration-
Government
PwC
Q3. APP 10.PG 19.Pr
ospects
M BNQA
P .l.b .3
What roles w ill the government play in product
development; b) product production; c) product
delivery?
Collaboration-
Customers
Collaboration-
Customers & Suppliers
Talent Management-
Workforce Profile
M BN Q A
3.1 .a .l
3.1.a.2
M BNQ A
3 .2.b .l
M BN Q A
P .l.a .3
H ow do you listen to customers, former
customers, potential customers, and customers o f
competitors to obtain actionable information, and
to obtain feedback on your products and custom er
support?
H ow do you market, build and manage
relationships with customers and suppliers to
increase their engagement with you?
What is your workforce profile?
Talent Management-
Workforce Profile
M BNQ A
P .l.a .3
What are your workforce or em ployee groups?
185
Framework D iscipline Source
Talent Management- M BN Q A
Workforce Profile P .l.a .3
Talent Management- M BNQ A
Workforce Profile P .l.a .3
Talent Management- M BNQ A
Workforce Profile P .l.a .3
Talent Management- PwC
Economic Effect Q14.PG8
Talent Management- PwC
Definition Q1.PG14
Talent Management- PwC
N eeds assessment Q1.1.PG:14
Talent Management PwC
N eeds assessment Q1.1.PG:14
Talent Management- PwC
N eeds assessment Q1.2.PG:14:
Talent Management- M BNQ A
Hiring & Retention 5 .1 .a.2
Talent Management- PwC
Key talent identification Q l.G en.PG 3
Talent Management PwC
Q l.G en.P G 6
Q1.1.PG6
Talent Management M BN Q A
l . l . b . l
Talent Management Pwc
Q14.i.PG8
Learning
Learning-
M BNQ A
5.2.C.1
Performance & Innovation
Question
What are their education levels?
What are the key elements that engage them in
accom plishing your mission and vision?
What are your organization’s workforce job
diversity, organized bargaining units, key
workforce benefits, and special health and safety
requirements?
What effect did the economic downturn have on
your people strategy?
What does talent management mean to you?
How do you assess workforce capability and
capacity?
What are your current and future talent needs?
W here are your skill gaps? W hat are your plans
to fill them?
H ow do you recruit, hire, place, and retain new
members o f your workforce?
H ow do you identify your key talent?
What is your incentive reward m odel to retain
talent? H ow do you use non-financial rewards to
m otivate staff and the workforce?
H ow do senior leaders take an active role in
reward and recognition programs?
H ow do you plan for attrition (the retirement o f
older workers; key employees making career
changes for personal reasons)?
H ow does your learning and developm ent system
address the follow ing factors for your workforce
members and leaders?
a) Organizational performance
improvement and innovation
186
Framework Discipline Source Question
Learning-
Customer focus
b) Customer focus
Learning-
Development
c ) Their learning and developm ent needs,
including those that are self-identified
and those identified by supervisors,
managers, and senior leaders
Enhanced Learning M BN Q A
4.1.a.3
H ow do you manage organizational know ledge
to:
a) A ccom plish the collectio n and transfer
o f workforce knowledge?
b) A ccom plish the transfer o f relevant
know ledge from and to customers,
suppliers, partners, and collaborators?
c) Accom plish the rapid identification,
sharing, and implementation o f best
practices?
Enhanced Learning PwC
Q1.3.PG6
H ow do you work with governm ent or
educational system s to improve the skills in your
talent pool?
Learning-
Efficiency o f system
M BNQA.5.2.C.2 H ow do you evaluate the effectiven ess and
efficiency o f your learning and developm ent
, system?
Closing On your journey to enhanced learning for your
organization, what has been your most:
a) D ifficult challenges
b) B est practices
c) Unexpected moments
Closing Is there anything else you w ould like to share at
this time?
187
Appendix H:
Participant— Informed Consent Form
Exploring the Strategies of Enhanced Organizational Learning in Small and M edium-
Sized Enterprises
Purpose. You are invited to participate in a research study conducted for a
doctoral dissertation at Northcentral University in Prescott, Arizona. The purpose of this
study is to explore how your organization is enhancing learning capacity. The
exploration focuses on how your organization is structured, how the leaders support the
emergence of new ideas, and how the leaders demonstrate commitment to the overall
process of enhanced learning capacity. The study is free of deception. I am interested in
your opinions and reflections about your organization.
Participation requirements. Your organization was selected as a possible
participant in this study because it is a SME in the industrial manufacturing sector. You
will be asked to participate in a one-on-one, audio taped interview. The purpose of the
interview is to explore the disciplines of enhanced learning capacity within your
organization and should take between two and four hours to complete. I will make
written notes during the interview which will assist me later to recall the discussion.
Research personnel. The following person is involved in this research project
and may be contacted at any time:
Karen A.B. Cochran, Researcher kcochran_l [email protected]
Potential risk or discomfort. There are no known risks, discomforts, or
inconveniences in this study.
188
Potential benefit. The benefits reasonably to be expected include a copy o f the
final report that will include formative recommendations. W e cannot guarantee,
however, that you will receive any benefits from the results of the study. There will be
no compensation available for participation in this study.
A nonym ity a n d confidentiality. The data collected in this study are confidential.
Data are coded such that your name is not associated with them. In addition, the coded
data are made available only to the researcher associated with this project.
Confidentiality is promised to the extent allowed by law.
R ight to withdraw. Your decision whether or not to participate will not prejudice
your future relations with Northcentral University. You have the right to withdraw from
the study at any time without penalty. You may om it questions on any interview profile
if you do not want to answer them.
The Committee on the Protection of Human Subjects at Northcentral University
has reviewed and approved the present research. W e will be happy to answer any
question that may arise about the study. Please direct your questions or com m ents to:
Karen A. B. Cochran Email: kcochran_l [email protected]
Signatures
By signing this form, you agree that you have read the above descriptions of the
Strategies of Enhanced Organizational Learning in Small and Medium-Sized Enterprises
(SME) study and understand the conditions of your participation. Your signature
indicates that you agree to participate in the study.
Participant’s N am e:_____________________________
Participant’s Signature:___________________________
Researcher’s Name: Karen A.B. Cochran Signature:__________ D a te :______________
You will be given a copy of this form to keep.
189
Appendix I:
Transcription Instructions
1. All transcripts will begin with the provided anonymous designated code for each
transcript.
2. All statements should be transcribed verbatim and word-by-word, retaining
frequent repetitions, noting “m h’s” and the like.
3. All pauses in the conversation should be noted as [pause].
4. All emphases in intonation and emotional expressions like laughter and sighing
should be included also noted with brackets [sigh]
5. All transcriptions will be provided to the researcher from the transcriber in .doc or
.docx format.
6. Italics indicate some form of stress, via pitch, or amplitude or both.
Looking for top-notch essay writing services? We've got you covered! Connect with our writing experts today. Placing your order is easy, taking less than 5 minutes. Click below to get started.
Order a Similar Paper Order a Different Paper