Emerging Technologies for Business Professionals E-Book

Table of Contents

COVER

TABLE OF CONTENTS

TITLE PAGE

COPYRIGHT

ACKNOWLEDGMENTS

CHAPTER 1: Introduction to Emerging Technologies

Impact of Emerging Technology

IT Governance

Introduction to Technologies

Final Thoughts

Notes

CHAPTER 2: Information Technology and Ethics

Ethics

Reasons for IT Ethical Issues

Ethical Issues Related to Information Technology

Ethical Framework for Information Technology Decision‐Making

Notes

CHAPTER 3: Introduction to Data Analytics

Data Analytics

Analytics Concepts

Analytics Tools

Use Cases

Notes

CHAPTER 4: Data Analytics Governance and Management

Data Analytics Projects

Implementing Analytics

Data Analytic Process

Data Quality

Data Governance

Ethics

Notes

CHAPTER 5: Introduction to Artificial Intelligence

Artificial Intelligence

How to Build an AI Model

Types of Artificial Intelligence

AI Platforms and Software Applications

Use Cases

Notes

CHAPTER 6: Artificial Intelligence Implementation and Management

Implementation Framework

Implementation Lifecycle

AI Governance and Management

Ethical Considerations

Notes

CHAPTER 7: Cryptocurrency and Blockchain

Cryptocurrency and Blockchain

Cryptocurrency

Blockchain

How Does Blockchain Work? Cryptocurrency Example

Notes

CHAPTER 8: Blockchain Developments and Governance

Blockchain Layers

Types of Blockchains

Smart Contracts

Other Developments

Use Cases

Governance and Management of Blockchain

Future Trends

Notes

CHAPTER 9: The Metaverse and Non‐Fungible Tokens

Metaverse

Non‐Fungible Tokens

The Metaverse and NFT Economy

Notes

CHAPTER 10: Introduction to Robotic Process Automation

How RPA Works

RPA Software Applications

Future Trends

Use Cases

Additional Resources

Notes

CHAPTER 11: Robotic Process Automation Implementation and Management

RPA Framework: Successful RPA Projects

RPA Lifecycle

Governance and Management

Notes

CHAPTER 12: Quantum and Edge Computing

Conventional Computing

Quantum Computing

Edge Computing

Notes

CHAPTER 13: Augmented Reality

Virtual Versus Augmented Reality

Augmented Reality Equipment

AR Use Cases

Challenges and Limitations of AR

Management and Governance of AR

Notes

CHAPTER 14: Introduction to Cybersecurity

What Is Cybersecurity?

Cybersecurity Challenges

Cybersecurity Domains

Security Concepts

Cybersecurity Trends

Notes

CHAPTER 15: Cybersecurity Management

Cybersecurity Strategy

Cybersecurity Governance and Management

Cybersecurity Controls

Cybersecurity Reporting and Disclosure

Notes

APPENDIX: Governance Frameworks

COSO Internal Control Framework

COSO Enterprise Risk Management

COBIT

NIST

System and Organization Controls (SOC)

Conclusion

Additional Resources

Notes

ABOUT THE AUTHORS

ABOUT THE WEBSITE

INDEX

END USER LICENSE AGREEMENT

List of Tables

Chapter 1

Table 1.1 Potential IT Risks

Chapter 3

Table 3.1 Data Storage Comparisons

Chapter 4

Table 4.1 Characteristics of Quality Data

Chapter 5

Table 5.1 AI Platforms and Software Applications

Chapter 6

Table 6.1 Why Do AI Projects Fail?

Table 6.2 Confusion Matrix

Chapter 7

Table 7.1 Brief Historical Milestones of Blockchain

Chapter 8

Table 8.1 Permissionless versus Permissioned Blockchains

Table 8.2 Top Blockchain Platforms

Chapter 11

Table 11.1 Why Do RPA Projects Fail?

Table 11.2 Performance Measures Using the Balanced Scorecard Method

Chapter 13

Table 13.1 Comparison Between Virtual Reality and Augmented Reality

Chapter 14

Table 14.1 Cybersecurity Myths Versus Reality

Table 14.2 Common Cyberattack Strategies

Appendix

Table A.1 COSO Integrated Framework Components and Principles

Table A.2 The Five Main Components of COSO ERM

Table A.3 Trust Services Principles

List of Illustrations

Chapter 3

Figure 3.1 Data to Knowledge Conversion Process

Figure 3.2 Big Data Characteristics – The 5 V's

Figure 3.3 Example of a Flat File

Figure 3.4 Example of Relational Database Tables

Figure 3.5 Graph Data Model: Fund Transferred Between Accounts

Figure 3.6 Three‐Tier Architecture of Data Warehouse

Figure 3.7 Types of Analytics Based on Two Dimensions

Figure 3.8 Example of a Dashboard

Chapter 5

Figure 5.1 Three‐Step High‐Level Process of Building an AI Model

Figure 5.2 Types of Machine Learning

Figure 5.3 Supervised Learning

Figure 5.4 Unsupervised Learning

Figure 5.5 Artificial Neural Network

Chapter 6

Figure 6.1 Model Fit

Figure 6.2 Matrix to Evaluate AI Risk

Chapter 7

Figure 7.1 Popular Cryptocurrencies in Circulation by Market Capitalization ...

Figure 7.2 Symmetric Encryption

Figure 7.3 Asymmetric Encryption

Figure 7.4 Using Public‐Key Encryption to Sign a Message

Figure 7.5 Merkle Tree

Figure 7.6 Centralized versus Decentralized Network

Figure 7.7 Distributed Ledger Technology

Chapter 8

Figure 8.1 Top 10 Crypto Exchanges as of February 2023

Figure 8.2 Blockchain Coalition versus Blockchain Consortium

Figure 8.3 Companies Invested in Blockchain

Chapter 9

Figure 9.1 Three Phases of the Development of the Metaverse

Figure 9.2 The Architecture of the Metaverse

Chapter 10

Figure 10.1 Screenshot of UiPath StudioX

Figure 10.2 Screenshot of UiPath Studio

Chapter 11

Figure 11.1 Sample Bot Flowchart

Figure 11.2 Risks Associated with the RPA Lifecycle

Chapter 12

Figure 12.1 Cloud Computing Versus Edge Computing

Chapter 13

Figure 13.1 Milgram's Reality–Virtuality Continuum

Appendix

Figure A.1 COSO Integrated Framework

Figure A.2 COSO Enterprise Risk Management

Figure A.3 COBIT 2019 Core Model

Guide

Cover

Table of Contents

Title Page

Copyright

Acknowledgments

Begin Reading

Appendix: Governance Frameworks

About the Authors

About the Website

Index

End User License Agreement

Pages

iii

iv

v

1

2

3

4

5

6

7

8

9

10

11

12

13

15

16

17

18

19

20

21

22

23

24

25

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

281

283

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

EMERGING TECHNOLOGIES FOR BUSINESS PROFESSIONALS

A NONTECHNICAL GUIDE TO THE GOVERNANCE AND MANAGEMENT OF DISRUPTIVE TECHNOLOGIES

Copyright © 2024 by John Wiley and Sons. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per‐copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750‐8400, fax (978) 750‐4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748‐6011, fax (201) 748‐6008, or online at http://www.wiley.com/go/permission.

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762‐2974, outside the United States at (317) 572‐3993 or fax (317) 572‐4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging‐in‐Publication Data:

Names: Vincent, Nishani, author. | Igou, Amy, author.Title: Emerging technologies for business professionals : a nontechnical guide to the governance and management of disruptive technologies / Nishani Vincent & Ms Amy Igou.Description: Hoboken, New Jersey : Wiley, [2023] | Includes index.Identifiers: LCCN 2023020824 (print) | LCCN 2023020825 (ebook) | ISBN 9781119987369 (cloth) | ISBN 9781119987383 (adobe pdf) | ISBN 9781119987376 (epub)Subjects: LCSH: Business enterprises—Technological innovations. | Artificial intelligence. | Blockchains (Databases) | Computer security.Classification: LCC HD45 .V563 2023 (print) | LCC HD45 (ebook) | DDC 658.5/14—dc23/eng/20230719LC record available at https://lccn.loc.gov/2023020824LC ebook record available at https://lccn.loc.gov/2023020825

Cover Design: WileyCover Image: © Galeanu Mihai/Getty ImagesAuthor Photos: Nishani Vincent ‐ © University of Tennesee at Chattanooga;Amy Igou ‐ © Sean O’Neal

ACKNOWLEDGMENTS

A special thanks to our accounting department colleagues, in particular, our department chairs, Rebecca Shortridge and Joseph Ugrin, for their support and encouragement. Thank you to our graduate assistants, Reedhi Bamnelkar, James Cooper, and Derek LaBarge, for their assistance in compiling material for the book. We also appreciate the love and support from our families, especially our husbands, Vinod Vincent and Patrick Igou, for their patience during this project.

CHAPTER 1Introduction to Emerging Technologies

Netflix versus Blockbuster – The Original Disruption

Blockbuster, in its prime, had a stronghold on the U.S. video rental industry. It had brick‐and‐mortar stores in 2,800 locations worldwide in 1992 and 9,000 stores at its peak. Two years later, Viacom purchased Blockbuster for $84 million. During the 1990s, a Blockbuster store offered the latest releases and classic movie hits for the entire family in most neighborhoods. Besides revenue from rentals, Blockbuster also made significant income from late fees.

When Netflix arrived on the scene with a subscription‐based DVD rental business in 1997, Blockbuster did not see it as a worthy competitor. Netflix, known today for its streaming service, started renting out DVDs. For a monthly fee, subscribers entered a wish list of movies they wished to view, and Netflix sent the customer their first two DVDs. When the customer finished with the video, they sent the DVD back to Netflix, which would, in turn, send a different DVD from the subscriber's wish list. A subscriber could keep any DVD for as long as they wanted, thus eliminating the pressure to return a movie on time to avoid costly late fees.

Netflix infiltrated this market by utilizing technology to provide what the customer wanted – reasonably priced, convenient entertainment. Their model also eliminated late fees, which were the customers' least favorite feature of Blockbuster. As of January 2021, Netflix was worth over $230 billion, whereas in 2022, Blockbuster had one remaining store, in Bend, Oregon.

Netflix is considered to be one of the first companies to use the internet to reach customers and completely change the entertainment business. While the concept may seem relatively simple today, the change in the home entertainment business was revolutionary and started a new trend of digital disruption by changing an entire industry.

Blockbuster CEO Jim Keyes stated in an interview in 2008, “Neither Redbox nor Netflix is even on the radar screen in terms of competition.”[1] Looking back, maybe they should have been.

Impact of Emerging Technology

The past decade has seen significant technical advances leading to a flurry of new technologies. Technology implementation and management traditionally required technical skills possessed by information technology (IT) professionals. Historically, automating a process required heavy coding and the specialized technical skills of an IT professional. However, today, the addition of new end‐user tools, combined with better processing speeds, has put technology in the hands of the end‐user. For example, robotic process automation (RPA) software enables nontechnical users to automate basic processes without significant technical knowledge. Consequently, the developments in software and hardware tools have made it easy for nontechnical users in all areas of the organization to be active participants in using technology. The increased dependence on technology, not only for communication, collaboration, record‐keeping, and decision‐making but also for improving efficiency, increasing profitability, creating a competitive advantage, and innovating new products and services, makes understanding emerging technologies critical for all business professionals.

The proliferation of emerging technologies is disrupting organizations and industries more than ever. A period of rapid technological change generally disrupts how businesses operate and what services and products they offer. For many, the term disruption has a negative connotation. However, disruption can bring new opportunities for those who anticipate and embrace the change. Gartner defines digital disruption as “the effect that changes the fundamental expectations and behaviors in a culture, market, industry or process through digital capabilities.”[2] Digital disruption often leads to new products and services and possibly new industries. An existing business that does not adapt and take advantage of new developments can be left behind and become the Blockbuster of the current generation. With a strategic mindset, companies can create a competitive advantage, even with minor technological changes. Early examples of disruption included cars replacing horses, telephones replacing telegraphs, and online reference sites replacing traditional encyclopedias. Recent advances in technology have already transformed several industries. Consider these examples:

One of the largest taxi companies does not own any vehicles (Uber).

One of the largest accommodation providers does not own any real estate (Airbnb).

One of the largest retailers does not hold any inventory (Alibaba).

When managers think about increasing productivity, exploring new revenue models, moving into untapped markets, or cutting the cost of operations, they revert to technological solutions. Often, people think that technology can solve the problems they face in a company. Today's managers are more likely to embrace technology because they are familiar with and dependent on smart devices, such as smartphones, watches, TVs, and virtual assistant technologies. However, using technology will not always solve the problems facing a company but will always increase the risks to the company if not properly managed. For example, during an English professional football game, the automated technology did not notify match officials to award a goal. Players and the goalpost blocked all goal line cameras, preventing unobstructed tracking of the ball into the goal. The lack of a clear view by the cameras cost one team a point and determined the outcome of the championship match.[3] Even though this technology worked properly in 9,000 previous games, one failure was detrimental to one team. Therefore, organizations must consider these isolated risks as they weigh new technology options.

Many organizations chase the latest technology without considering the long‐term implications, functionality, risks, and threats, thus picking the wrong solution for the wrong task in the short and long terms. Therefore, when adopting, implementing, and using technology, managers must do their due diligence to understand which technologies would help their organization thrive in changing markets while minimizing threats.

When selecting technology, organizations must keep the users in mind. Individuals will only use the technology if they find it easy to use and valuable. For example, a customer service manager may consider using chatbots to support customer service inquiries, focusing on the benefit of cost savings while increasing productivity. However, if the chatbot is not implemented correctly, it may frustrate customers and increase customer dissatisfaction. It will also increase the costs of resolving issues and complicate maintaining the company's image and reputation.

Technologies, such as artificial intelligence, in manufacturing, procurement, and sales generation, can increase companies' productivity. However, using artificial intelligence can also increase risks to the company if management ignores ethical issues. This technology may also increase vulnerability to cyberattacks and other security risks.

Marketing professionals use advanced analytics techniques by gathering data from new sources to gain insights into their customers. However, not understanding the process and tools may lead to bias and inaccurate interpretation of data, leading to bad decisions. Consequently, a better understanding of technological advances will help managers determine the right solution for the right task and manage the associated risks.

Business managers and external stakeholders, such as auditors and regulators, need a broad understanding of technologies and how they are used in organizations to provide insights into financial information. To provide assurance of financial statements, auditors must understand whether the client organization accurately captured, processed, analyzed, and reported the data. Suppose data is collected and analyzed using emerging technologies. In that case, auditors need to understand how technology influences the processing of data when collecting evidence. They also need to evaluate critically the outputs generated using technology. Further, regulators need to know how emerging technologies, such as blockchain, may impact the capital market and provide oversight and guidance over organizations to protect the investors and maintain fair, orderly, and efficient markets.

This book is designed to help nontechnical business professionals navigate the complex and changing world of new technologies. All business professionals will benefit from foundational knowledge of many of the disruptive technologies available today. By understanding each technology's functionality, risks, and benefits, professionals can help make better‐informed decisions when selecting and managing technologies. In this book, you will find:

A single source of information for a variety of emerging technologies.

A nontechnical explanation of the functionality of a given emerging technology.

Examples and use cases to help relate technical topics to a specific business context.

A discussion on challenges, issues, and concerns related to the management and governance of a particular technology.

Discussions on how disruptive technologies will impact business operations.

This book will help professionals understand the complexity involved in making decisions on technology adoption, implementation, management, governance, compliance, and reporting, and hence, be active and informed technology participants in their organizations.

IT Governance

Knight Capital Americas LLC was a financial services firm with its primary operations on the execution of market trades. Before Knight's collapse, it was the largest trader of U.S. equities. However, that abruptly stopped in 2012, when a system failure caused the firm to incur $440 million in trading losses in 45 minutes. Within two days, its market capitalization fell by approximately 80%.[4]

Since Knight was engaged in high‐volume stock trades, it relied heavily on technology to process the transactions. Two months before the incident, Knight's CEO, Thomas Joyce, commented, “Our data centers are some of the largest and most reliable in the industry. We spend tens of millions of dollars every year making our technology platform better, faster, and more reliable.”[5]

On August 12, 2012, an error in one of the eight trading servers allowed the continued generation of trade orders without tracking which orders were completed. In short, the system created multiple trade orders when it should have only created one. The system sent 97 messages to employees, signaling an error in the trading system. However, the employees ignored the messages for over an hour. When a team responded to examine the situation, they operated without documentation on how to proceed. During this time, the server continued to generate trade orders en masse. A large number of trades affected stock prices, leading the New York Stock Exchange to stop trading affected stocks.

After the incident, the Securities and Exchange Commission (SEC) showed that Knight did not have proper risk management controls or supervision in place. The lack of controls led to both system failure and delayed detection. The company did not have adequate systems for testing and review. In 2013 the SEC fined Knight $12 million for not having controls in place for deployment and inadequate guidelines for how to respond.[4]

The story about Knight Capital Americas LLC exemplifies how system issues can negatively impact not only an organization's operations and financial performance but also the capital markets. Therefore, business managers, auditors, and regulators must consider whether proper oversight and controls have been established around technology to prevent, detect, and correct mistakes.

Governance in a corporation includes overseeing the business operations and the mechanisms used to control and hold the organization and its people accountable. Information technology governance is one component of corporate governance. However, because of the dependence on IT for business operations today, this single component has become not only the most significant subset of corporate governance but also the most complex.

The COBIT (Control Objectives for Information and Related Technologies) framework defines enterprise governance of information technology as the process by which

the board that oversees the definition and implementation of processes, structures and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from I&T‐enabled business investments.[6]

Information technology enables organizations to create value for their stakeholders, increase productivity and efficiency in operations, innovate new products and services, and serve new and niche markets, which leads to improved financial performance. As a result, managers are increasingly interested in adopting emerging technologies.

However, proper governance and management of IT risks and resources are particularly crucial when considering emerging technologies because of the uncertainties surrounding them and the novelty of the technologies. An organization takes risks each time it introduces a new system, but the risk is greater if the technology is unfamiliar to IT management and those in the company. Therefore, organizations must provide oversight over IT and be proactive in their IT management to ensure long‐term success. These practices can help ensure that the organization can fulfill its mission and achieve its strategic goals.

Several governance frameworks and guidelines are available for managers to ensure that the systems and IT processes keep the company's assets safe and secure and minimize interruptions to business operations. The Appendix provides brief descriptions of several governance and assurance frameworks available. Good governance practices enable organizations to prioritize IT spending through budgetary controls and to align spending to support their strategic objectives. Governance practices help manage IT applications, infrastructure, and architecture and mitigate and control potential threats. These practices also help organizations to comply with regulations, manage and control third‐party IT services, and support and maintain IT assets and resources. Governance and management of the entire information technology will create a competitive advantage for the organization by aligning IT with the business strategy. We look at several aspects of IT risks next.

IT Risks

Every business activity has some form of risk associated with it. Risk, by definition, is uncertainty. Risks can lead to negative or positive outcomes. Potential adverse outcomes are considered threats or events that may jeopardize an organization from achieving its objectives. In an organization, we want to mitigate adverse outcomes while increasing the positive effects. For example, when an organization decides to implement a new enterprise resource planning (ERP) system, the company is taking a risk. However, this decision can also lead to increased productivity, making it worthwhile to take the risk.

On the other hand, the centralized nature of the system can also increase cybersecurity vulnerability, which is a negative outcome. IT risks can stem from external sources, such as cybercriminals and third‐party vendors, and internal sources, such as employees and various IT components. Every IT component at every level of the organization can increase IT threats. Table 1.1 shows some typical IT risks and an example of a negative consequence associated with different IT components. Management should take extra care to mitigate these risks, especially when considering emerging technologies. In subsequent chapters, we discuss risks specific to a particular technology. Keeping these risks in mind can help organizations select the appropriate governance practices to optimize (reduce threats and create value) the risk to the organization.

Table 1.1 Potential IT Risks

IT Component

Potential Risks

Negative Consequence

Architecture

The planned or current architecture does not meet the needs of the stakeholders

Loss of competitive advantage and customer satisfaction

Infrastructure

Network crashes

Lost business and productivity

Information security

Unauthorized use of data, loss of data, system outages

Damage to the company's reputation. Potential for increased fines. Lost business and productivity

Hardware

Hardware malfunction

Loss of data, disruption to business operations

Software applications

Not having proper patch management controls

Disruptions to business operations, system malfunctions

IT development

Insufficient understanding of user requirements, development using incompatible technology, inadequate testing

Users not accepting the system, wasted resources, inaccurate system processing

People

Lack of IT skills, employee turnover, lack of IT security awareness

Not using the system for daily work. Increased security vulnerabilities

Change management

Incorporating unauthorized changes, inadequate testing

Fraudulent processes and business activities

Project management

Missing the target dates, cost overruns, inadequate resources

User dissatisfaction, increased costs, not meeting the target

When considering adopting, implementing, and using any technology, organizations should evaluate potential risks and develop a risk response to mitigate any dire negative consequences. All IT projects have uncertainties associated with them. Failure to mitigate these risks while planning and implementing a project can frequently lead to loss.

Why IT Projects Fail

Even with a skilled project team, good project management, and a plan, a new technology implementation may not be completed as expected. Experience shows that many system projects fail, that is, the project outcomes are never delivered, are significantly over budget, or, at minimum, do not meet the stakeholders' expectations.

Some well‐documented project failures include:

The U.S. government spent approximately $840 million to release the

healthcare.gov

online insurance site. In the first week, the system failed as millions of users attempted to use the system. Users became frustrated when they were unable to get their applications sent. The website was taken offline and rebuilt for a new deployment months later.

[

7

]

Lidl, a German grocery store chain, implemented a new inventory management system for 500 million euros, only to scrap the project three years later.

[

8

]

In 1999, Hershey's could not deliver its Halloween candy to the U.S. market due to an issue in the supply chain application of its newly installed ERP system.

[

9

]

No matter the type of technology, several overarching factors can cause IT project failure. When using new technology, the risks can be even more significant. Managers should consider some of the following factors when adopting, implementing, and using emerging technologies.

Not understanding the technology selected.

Before adding new technology into the organization, managers should be sure that they understand its functionality, advantages, appropriateness for a given business context, and potential risks. Each technology offers different benefits that should be maximized and threats that need to be mitigated.

Not understanding the needs of the business.

Business managers need to work closely with their IT partners to understand the business requirements and how business processes affect the underlying financial performance of the organization. Managers can assign business team members to IT project teams to increase and enhance communication between business and IT.

Expecting a silver bullet.

Most often, end‐users and nontechnical business managers assume that new technology will solve all problems. Implementing a new technology on top of existing flawed processes will not fix the root problem. Expecting the system to fix everything will only lead to disappointment. Therefore, managers should do their due diligence to understand the new features of the latest technology and how it will create value for the organization before deciding to adopt and implement it.

Not defining the scope of the project.

A clear definition of the system's boundary (i.e., where the project starts and ends) is necessary to implement any technology successfully. Scope definition begins with a clear understanding of what processes will be implemented and, more importantly, what will not be included. Otherwise, if the project scope keeps changing, the project deadline will be delayed, leading to frustration among stakeholders.

Not getting buy‐in.

All stakeholders must agree that the project and the end objectives are needed. Buy‐in is required for enterprise‐wide implementations from the top down to the individual users. For implementations not acquiring buy‐in from employees, there is a risk of nonacceptance by the users that will lead to finding ways to bypass the system.

Implementing the wrong technology for the issue.

Business and IT partners must best assess what technology solution will work for the desired task. When deciding which technology to implement, managers should consider the availability of resources, whether the solution matches the organization's needs and current industry standards, and how it affects its overall business strategy, mission, and vision.

These are just a few of the common causes of project failure. By understanding the reasons for potential failures of IT projects, managers can consider how to manage the risks of a given implementation. Additional risks of specific emerging technologies are discussed in subsequent chapters. Managers can use the frameworks listed in the Appendix to help develop appropriate controls to reduce the overall negative outcomes and increase the positive outcomes of adopting emerging technologies.

Introduction to Technologies

This section provides a short synopsis of the technologies addressed in subsequent chapters.

Data Analytics

Analytics itself is not a new technology. However, today's analysis methods are much more advanced than those of 10 years ago. Some advanced analytical techniques are available through end‐user software rather than tools that require significant coding. In addition, the types of data that can be analyzed are more varied than in decades past. Further, data analytics may need to navigate newer database models, such as graph databases, rather than relational databases.

Artificial Intelligence

Artificial intelligence, also known as AI, simulates human intelligence through a computer. Although advanced AI models can provide some degree of intelligence, these programs still lack consciousness and emotion. There are many uses of artificial intelligence, ranging from learning how to win a game, such as chess, to developing business forecasting models and understanding speech. You use AI in many daily tasks, such as asking Alexa or Siri questions, navigating to a new location, or choosing from many recommendations on your favorite streaming service.

Blockchain

Blockchain is the underlying technology used in many cryptocurrencies, such as Bitcoin. A blockchain stores data in a decentralized and distributed ledger, in contrast to a single instance of a traditional database. There are several applications of blockchain besides cryptocurrencies. Recent developments in smart contracts, the metaverse, non‐fungible tokens (NFTs), and Oracles use blockchain development. Blockchain can be used in almost every industry, including financial services, logistics and supply management, real estate, and healthcare.

Robotic Process Automation

Robotic process automation, known as RPA, is a simplified form of artificial intelligence. This technology mimics human actions without learning or acting intelligently. RPA works similarly to an Excel macro but can work with various applications, including e‐mail, ERP, and other systems. The automation between these systems is created without complex programming. The software is usually user‐friendly so knowledgeable business end‐users can build a bot to automate a task without coding.

The Metaverse and Non‐Fungible Tokens

The metaverse has been depicted throughout science fiction novels and video games, but now it is a reality and has many implications for businesses. The metaverse is made up of connected virtual worlds in which individuals can interact, purchase virtual goods, and immerse themselves in different environments. New markets for virtual goods and entertainment will be available for businesses, as well as new ways to market goods and meet with others. Non‐fungible tokens will play a larger part in the metaverse as they are digital assets that can be traded, bought, and sold online.

Advanced Computing

One of the major recent advances in computing is quantum computing. This revolutionary method of computing uses many of the principles of quantum theory to calculate and process data faster. These computers are best used for extensive data analyses or conducting simulations. Advanced computing can help expand other fields, such as artificial intelligence, machine learning, and blockchain.

Edge computing is a newer framework that also provides faster data processing by moving the computation and storage of data closer to the data sources. Data processing may occur on an Internet of Things (IoT) device or distributed servers enabling immediate data processing.

Augmented Reality and Virtual Reality

Augmented reality (AR) and virtual reality (VR) simulate an environment so the user can experience them through a device, such as an Oculus. Virtual reality is used frequently in gaming as it is a fictional environment where users can immerse themselves. Augmented reality is an environment that is overlaid with the real world. Businesses use these technologies to enhance training, facilitate employees' onboarding experience, prototype new products, and enhance the customer shopping experience, for example.

Cybersecurity

Incorporating emerging technologies in the organization's architecture and infrastructure increases a company's information technology risk exposure. Therefore, business professionals need to understand how information technology risks increase, how to protect their existing systems from insider and outsider attacks, assess the risk exposure and create appropriate risk responses, and audit and disclose appropriate information to the relevant stakeholder.

Final Thoughts

Selecting the appropriate technology can be a daunting task for managers. The first focus should be on what problem needs to be solved. Losing focus on this can lead an organization down the wrong path. Once managers have a general idea of the technical solution, many organizations benefit from following a system development methodology to help keep them on track and ensure proper controls throughout the process.

Notes

1.

Satell, G. (2014). A Look Back at Why Blockbuster Really Failed and Why It Didn't Have To.

Forbes

(5 September).

https://www.forbes.com/sites/gregsatell/2014/09/05/a-look-back-at-why-blockbuster-really-failed-and-why-it-didnt-have-to/?sh=760df3ec1d64

.

2.

Gartner. (n.d.). Gartner Glossary: Digital Disruption.

https://www.gartner.com/en/information-technology/glossary/digital-disruption

.

3.

Ranson, J. and Gardner, J. (2022). Another Refereeing Nightmare!

MailOnline

(5 September).

https://www.dailymail.co.uk/sport/football/article-11181079/EFL-confirm-hawk-eye-goal-line-technology-failure-major-error-Championship-clash.html

.

4.

Austin, R., and Meister, D. (2015). Knight Capital Americas LLC. Ivey Publishing. Available at

https://hbsp.harvard.edu/product/W15077-PDF-ENG

.

5.

United States House of Representatives. (2012). Testimony of Mr. Thomas M. Joyce to the Committee on Financial Services Subcommittee on Capital Markets and Government Sponsored Enterprises (20 June).

https://financialservices.house.gov/uploaded-files/hhrg-112-ba16-wstate-tjoyce-20120620.pdf

.

6.

ISACA. (2019). COBIT 2019 Framework. Introduction and Methodology.

7.

Government Accountability Office. (2014).

Healthcare.gov

Ineffective Planning and Oversight Practices Underscore the Need for Improved Contract Management (July).

https://www.gao.gov/assets/gao-14-694.pdf

.

8.

Grill, Gooman, J. (2018). Lidl Suffers €500 Million Euro Supply Chain Failure.

RISNews

(1 October).

https://risnews.com/lidl-suffers-eu500-million-supply-chain-failure

.

9.

Stedman, Craig. (1999). Failed ERP Gamble Haunts Hershey; Candy Maker Bites Off More Than It Can Chew and “Kisses” Big Halloween Sales Goodbye.

Computerworld

(1 November): 1.

CHAPTER 2Information Technology and Ethics

The development of technology brings forth additional ethical questions. The following are some recent events that highlight some of the questions companies need to consider.

On January 13, 2021, the Australian Financial Review reported that Google had removed some Australian news content from its search results for some local users. A Google spokesperson told The Conversation that the experiment did not prevent users in the trial group from accessing a news story. Rather, they would not discover the story through the search function and would have to access it another way, such as directly on a publisher's website.[1]

“A Cambridge report published in October 2022 claims the United Kingdom police's use of facial recognition technology (FRT) has breached numerous ethical and human rights obligations. The report audited the use of facial recognition technology by the Metropolitan Police and the South Wales Police. The report outlined three key issues: privacy, discrimination, and accountability.”[2]

Ethics

Technology can enhance many aspects of business operations and human conditions. However, as the two opening stories indicate, some uses of technology add complications when trying to maximize profit at the expense of others. Therefore, when introducing new technology, managers should consider how technology would impact society and individuals. In this chapter, we explain information technology ethics and discuss managerial considerations of IT ethics.

Ethics, Morals, and Law

What is ethical behavior? The Merriam‐Webster dictionary defines ethics as the “discipline dealing with what is good and bad and with moral duty and obligation.”[3] Even though many use ethics and morals synonymously, these terms have slightly different connotations today.

Morals are one's personal beliefs about right and wrong. These beliefs are generally influenced by religion, culture, social status, and upbringing, whereas ethics “deals with the justification of moral principles (or with the impossibility of such a justification) and must take into account the variations in moral systems.”[4] Ethics recognizes that there are common features that are universally valid regardless of one's feelings, beliefs, culture, or religion.

On the other hand, the law attempts to make what is unethical illegal. Good legal practices allow similar freedom of activity for all people. However, the law generally lags behind developments in society. Laws, such as the apartheid law in South Africa,[5] are unethical; therefore, the law cannot be equated with ethics. Moreover, not every unethical action can be made illegal because ethics can be broad and allow for degrees or context.

In summary, ethics is not a religion, even though religion can set high ethical standards. It is also not the same as being lawful, and it is not the same as doing what society in general accepts. Next, we attempt to address why ethics is an important consideration in the use of information technology.

Information technology ethics is defined as the study of ethical issues related to the development and use of technology. Information technology has become ubiquitous in the lives of individuals and business operations. We use technology to operate business processes, analyze data, and communicate with internal and external stakeholders. Technology plays an important underlying role in the decision‐making process. However, sometimes, the influence of technology and its unintended impacts are not at the forefront of decision‐makers' considerations. Therefore, people often make decisions without understanding the complexity of the long‐term implications and tend not to take responsibility for the outcomes of these decisions.

The following are several interrelated themes about why people avoid taking responsibility for their decisions and the corresponding outcomes.

The myth of amoral computing and information technology.

[

5

]

The myth of amoral computing and information technology suggests that computers cannot use moral judgment. Therefore, it is improper to apply moral language to computers and their actions. This myth disregards the responsibility humans have when they purchase, design, develop, and use computers. People often ignore this responsibility because they do not understand the technology or its impact on others. Since technology can be complex, they pass on the blame to the technology. They perceive that what the computer does is not real and cannot affect others. Consequently, most people do not take responsibility for their decisions, how they design the system, and how it impacts others. However, as managers responsible for making technology‐related decisions, you need to be aware of this myth and recognize that the outcome is a consequence of people's decisions, design, development, and use of the technology.

The lure of the technological imperative.

[

5

]

Technology has advanced tremendously during the past few decades and has proliferated in organizations. To some extent, the use of the latest technology can be associated with achieving a higher status. For example, when an organization announces the adoption of new innovative technology, the market perceives this as a positive trend. Today, when faced with a business challenge, most managers believe that the latest technology would solve the problem. This pursuit of technological development without considering the immediate and long‐term effects and consequences on society in general, employees, and other stakeholders can be dangerous. As managers, you need to be aware of how technology may lure you to the latest development. Therefore, it is important to do your due diligence when considering technology investments.

The danger of hidden structures.

[

5

]

How the technology works and how it is developed is often hidden from the users. When a technology firm releases an update, what is being updated, how it might impact user behavior, and what other files are being accessed and shared may not be transparent to the user. As managers who make decisions about technology that impact the firm's customers, employees, and other stakeholders, you need to be aware when making technology‐related decisions that there are hidden structures in the technology. Managers should encourage others to do their due diligence to understand the hidden design and the implications of the changes on business processes and various stakeholders and evaluate the impact of the use of the technology on people in the short and long terms.

The acceptance of technological inertia.

[

5

]

All of us understand that technology has developed and that these developments have, in some ways, enhanced various aspects of our lives. However, most of us fail to accept that some elements may not be beneficial or ethical, despite the improvements to us. As managers, we should be willing to acknowledge the negative consequences and change the way the technology is developed or used in cases where it is not ethical.

Modularizing.

[

6

]

Today, a single company does not produce all the parts necessary for the product it sells. In a competitive market, companies strive to produce small components to be assembled later by a different company. This disaggregation of development responsibility makes it difficult to know who is responsible for the ethical outcomes of the final product. Another related issue with modularization is that companies have no control over how another organization could use the simple component manufactured by your company in a complex, disruptive product. Therefore, it is important for managers to understand the inner workings of simple components and their impact on the larger, complex system/product to avoid unintended negative consequences.

Given these complexities and behavioral elements, managers need to be aware of their own biases and tendencies if they want to make ethical decisions about technology. Greater globalization leads to complex work environments and uncertain economic climates creating pressure to increase productivity and profit margins. When faced with such pressures today, managers turn to various technologies as a solution, often without considering the consequences of the decisions. However, considering ethics in technology‐related decision‐making can have several benefits, such as:

Protecting the firm and its employees from legal actions.

Complying with regulations.

Creating a reputation of being an ethical and socially responsible company.

Increasing productivity while improving processes.

Retaining top talent by creating an ethical business environment.

Reducing unnecessary risk by creating a fair business culture.

Reasons for IT Ethical Issues

Today, people want access to information and to obtain information using easy‐to‐use applications. They also expect to receive this information inexpensively or, preferably, for free. At the same time, users also want their information to be secure, reliable, and stable. Providing more security over information comes at a cost, conflicting with the ability to provide low‐cost output. Further, lowering the costs of producing information may also impact the quality of information. These conflicting interests create the moral paradox of information technology. Therefore, program designers/developers have to make uncomfortable compromises when designing information systems.

When deciding on conflicting interests, several factors may influence decision‐making concerning information technology and lead to ethical issues. The factors can be divided into data, system, and people categories.

Data‐Related Factors

Data is central to decision‐making; however, how we use data can have ethical implications. When making decisions, managers should consider whether the following practices would lead to intentional or unintentional harm to others.

The sources of data.

Organizations collect data at various points using various applications, devices, and systems. Technology makes it easy for organizations to collect, analyze, and use data. However, individuals may not have consented to or be aware that their data is being collected.

The increased volume of data.

Given the ease of obtaining data using technology, organizations collect massive amounts of data. Internet of Things devices collect more personal data than traditional sources do. Cell phones track movements and behavior to establish behavioral patterns that can be stored and misused. Much of the data collected by these devices is personal data about specific individuals.

Complex analytics.

Technology enables organizations to combine data from various sources to create a profile of an individual. As an individual, you may not be able to dictate whether the profile created for you is accurate. This profile can limit the type of services and products you see and the opportunities available to an individual.

Inconsistency in data.

Inadequate updating, incomplete data, erroneous data, and other data issues may lead to incorrect analyses creating false positives or negatives.

Fake data.

An increased amount of fake data and information makes it very difficult to identify which data is false and which data is not. Cleaning and separating fake from real data requires a lot of time and effort. Therefore, many users of data may not take the time to distinguish which data is reliable, leading to incorrect inferences.

Easy reproduction.

Digital data can be easily copied and distributed without the owner's knowledge. This dilemma leads to new concerns about data ownership and when it is ethical to use data without permission. Unlike physical assets, one may say that the data owner does not lose the original copy. However, the data may be proprietary and essential for an organization's ability to make a profit.

Systems‐Related Factors

Decisions made during systems development can change how an application functions, possibly leading to ethical concerns. Management should consider these factors when developing new systems.

Complex systems.

Systems can be complex because of integration with other systems, modularity, and interactions between components. Many also have complex algorithms. The algorithm's decisions are not always visible to the users, especially when using neural networks or machine learning. The outputs produced by complex systems can influence management decision‐making.

Large teams.

Large teams subdivided into small groups develop small components that make up integrated and complex systems. Lack of proper oversight and inadequate accountability can impact the final output of the system. Further, when using open‐source software, where various users can make modifications, managers might lose control over design considerations, leading to unintended consequences.

Integration.

Most systems used in organizations are integrated with other systems. Not taking the time to evaluate whether integrated systems have the same level of controls, design considerations, and blind dependence on different system outputs can lead to ethical issues for the company.

Service providers.

Many organizations use a variety of software services provided by third parties. If managers do not understand where the third party is storing or using the data, it can lead to ethical concerns for the company. Not understanding the complex terms by third parties can also lead to ethical issues.

People‐Related Factors

The final decisions are made by individuals, each having downstream ethical implications. It is important for managers to understand what motivates them throughout the decision‐making process.

Black‐box effect.

People blindly using outputs from various systems without fully understanding how the output was created may lead to ethical issues.

Impersonal interactions.

Automation is increasing remote work, changing how work is done and how people interact. This lack of interaction creates an impersonal environment, leading to more indifferent and distant relationships.

Line of command.

In the systems development process, the line of command from the decision‐maker to the programmer can be very long. Therefore, people may blindly follow their immediate supervisor without questioning whether the choices have long‐ or short‐term negative consequences for others. The long chain of command may blur the responsibility people have toward others.

Information overload.

A person cannot thoroughly analyze all available information given the increased volume of data. This causes a person to only focus on a subset of the data, which can lead to ethical issues.

Ethical Issues Related to Information Technology

Managers should consider the following to ensure ethical decision‐making about technology. The oldest theoretical model discussing ethical issues in information and communication technologies identifies four main areas, namely privacy, accuracy, property, and accessibility.[7]

Privacy suggests that information systems should not invade someone's private space. Accuracy implies that the information collected is accurate and without errors or omissions. Property proposes the protection of intellectual property and the flow of information. Accessibility indicates that information systems should be accessible to all.

Below we discuss these issues in detail.

Privacy.

Today, for many businesses, the organization's most costly and valuable asset is data. Data can originate internally or externally and contain private or personal information about individuals, such as Social Security numbers, addresses, first and last names, and other personal details. Organizations are responsible for ensuring that this data is not misused and that specific identities of individuals are protected when appropriate. Recently, laws such as the California Privacy Act and the European Union's General Data Protection Regulation (GDPR) were passed to protect consumers' right to data privacy. Managers should consider the following when making decisions about the privacy of data.

Collecting, recording, and storing information. Technology enables companies to collect massive amounts of data about individuals. Using various devices and programs such as smartphones and apps, organizations can monitor various individuals, such as customers and employees, and collect data about their behavior. However, managers should determine whether every data item collected and stored about individuals is necessary. Further consideration should be given to how these data are stored and whether the data at rest and in transit are secure to protect the privacy of the individuals.

Communicating information. Managers should be aware of how the information collected about individuals is communicated and who receives that information. Also, managers should evaluate whether employees with access to personal information follow protocols set by the organization to protect the privacy of the individuals.

Accuracy.

Data flows from various sources in massive volumes. When collecting data from various sources and using them for analysis, managers should be aware of the state of the data and eliminate any inaccurate and incomplete data. Including erroneous data can skew the results of the analysis conducted and can lead to ineffective decisions. Managers should encourage and educate employees to do their due diligence in identifying and eliminating fake data and verifying the accuracy of data received from various sources to increase the quality of the information.

Property.

One of the major challenges of protecting intellectual property stems from its distinguishing feature that intellectual property can be infinitely shared. For example, an idea I have can be shared with others. When shared with others, it does not diminish, as I still hold the idea. Further, most ideas build on prior knowledge that may or may not belong to the same person. There are two ethical justifications for intellectual property rights protection. First, a utilitarian justification states that if society wishes to encourage the production of such ideas, then the producers should benefit financially. Another justification, based on fairness, states that those who spend their effort, time, and money deserve compensation. Given that technology develops over time using the knowledge of various researchers from different fields, managers should be aware of the challenges of considering the ethical issues of property rights.

Accessibility.

Organizations' IT architectures today use many different third‐party applications to collect data from customers, employees, and other stakeholders. Even though accessibility says that everyone should have access to all the data collected about themselves, in today's environment, this is not possible. The information we receive on social media and search engine sites is determined by algorithms or artificial intelligence models based on our past selections and information consumption. Organizations can tweak these algorithms to show only the items they believe will get the most clicks or interactions. Restricting the information a user sees limits the content they can view. The user may not see information other than what they have clicked on previously. This limitation provides the user less control over the content they can view and use. Even though many third‐party applications are used, managers making decisions about technology adoption should consider how these third parties use the data collected from individuals, where they store the data, whether the individuals have access to their personal data, and whether they can opt out or opt in to various programs.

In the subsequent chapters, we discuss specific ethical issues related to a particular technology.

Ethical Framework for Information Technology Decision‐Making

The general ethical framework for managers to address situations in business operations has four steps: identify, consider, act, and reflect. This framework can also be applied to decision‐making for emerging technologies as well.

Identify.

When making a decision, managers should first consider which ethical principles are at stake, who will be directly or indirectly affected by the decision, whether there is a conflict of interest, and the facts about the technology.

Consider.

Managers should take time to assess the alternatives and evaluate the possible outcomes of the decision. Here managers should be aware of how information overload may influence their evaluation.

Act.

When carrying out the chosen alternative, managers should assign responsibility and ensure that every employee is aware of their responsibilities.

Reflect.

Evaluate the implemented processes and outcomes to identify any ethical issues.

Actions managers can take when implementing technology to evaluate various situations from an ethical standpoint are to:

Involve an ethics specialist in the design phase of the technology. Since most processes are automated, managers should consider ethical issues early during development. Therefore, consider including an ethics specialist in the technology development team.

Create an ethical culture by leading by example. Manage employee expectations and responsibilities so that they are not enticed to cut corners to meet unrealistic deadlines.

Assign accountability by involving people in the decision‐making process.

Create clear policies about the treatment of data at rest and in transit.

Evaluate and understand what can go wrong.

Document the design process and provide transparency for the algorithms used for decision‐making, data processing, and analyzing data.