BBA 3602 Unit VIII Scholarly Activity

profileACE.M
Article1.pdf

EDITORIAL

Journal of the Association for Information Systems (2019) 20(6), 842-847 doi: 10.17705/1jais.00553

ISSN 1536-9323

Policy: An Information Systems Frontier

John Leslie King1, Kenneth L. Kraemer2

1University of Michigan, USA, [email protected] 2University of California, Irvine, USA, [email protected]

Abstract

The information systems community can contribute more, not just to “public policy” but to the broader notion of policy that guides decisions toward desired outcomes. Policy entails politics. It requires knowing about policy promulgation, implementation, and effect. It requires some understanding of policy analysis. The policy analyst takes a scientific and systematic view of policy issues. Much policy is focused on the unglamorous issues of efficiency and effectiveness. The goal is to speak truth to power. This is the first in a series of papers to address policy.

Keywords: Information Systems, Public Policy, Policy, Politics.

Suprateek Sarker was the accepting senior editor. This editorial was accepted on May 27, 2019. directly. Too many conflate “policy” with “public

1 JAIS Policy Series The Journal of the Association for Information Systems (JAIS) policy series is intended to help the information systems (IS) community contribute to policy discussions. Suprateek Sarker, editor in chief of JAIS, agreed to help IS researchers, teachers, and practitioners make their work more “policy-relevant” by publishing a set of articles in JAIS. Initial articles have been commissioned, but drafts for consideration are welcome (3,000 words maximum). They will be looked at by members of the “policy posse” (at the moment, Chrisanthi Avergou, Mary Culnan, Rudy Hirschheim, John L. King, Kenneth L. Kraemer, M. Lynne Markus, Alain Pinsonneault, Carol Saunders, and Susan Winter). Those who want drafts considered or who are interested in being members of the posse should email John L. King ([email protected]).

2 Policy Purposes The policy world needs a richer understanding of IS. IS is becoming part of almost everything, and almost everything in IS has policy implications. Yet few members of the IS community influence policy

policy” and news stories about network neutrality, IT and loss of jobs, and so on. For many in the IS community, opportunities to influence policy are in the organizations they work with or in. Many are comparatively unglamorous. For example, the federal government spent $96 billion in 2018 on IS that failed or contributed little to mission-related outcomes (GAO, 2018). Cost and time overruns caused the projects to be abandoned although much had already been spent. The social, economic, and productivity losses from failed IS made the toll even higher. Such problems are common in all sectors.

Glamorous topics often occlude important and far more common IS policy issues. Possible use of IS for foreign interference in the 2016 presidential election made it harder to see cyberattacks and privacy invasions that hit the Federal Office of Personnel Management and the Internal Revenue Service. Important, emerging policy issues applicable across the economy, such as Green IS, receive little attention (Watson 2008; Dedrick, 2010). The IS community can address many policy issues in all sectors and has much to say. Even those who think of

842

Policy: An Information Systems Frontier

843

their work as far from policy should read this and the other articles in this series.

This paper covers three issues—policy perspectives; policy analysis, and a common “systematic” approach—and the need to be part of the solution.

3 Policy Perspectives Policy is broader than “public policy.” Wikipedia (https://en.wikipedia.org/wiki/Policy) calls policy a statement of intent, a system of principles to guide decisions toward outcomes desired by any governing body, including leadership in any organization, group, or among individuals. Policy involves any position of authority. It can be informed by the IS community. Policy entails politics. This can be partisan politics but includes organizational politics in all settings. Politics involves how humans make decisions about important things. As such, politics is a reality and often a virtue, but is easily misunderstood. Among the big three in policy decisions (power, process, and truth) power and process usually claim truth. Truth appears to win, even when power or process prevail. Those advantaged by policy support it; those disadvantaged oppose it. Rationality includes political rationality. In policy, politics is “normal.” Policies must be real and sustainable. Policy promulgation in statutes, regulation, orders, authoritative directives, etc. is just that: words “on the books.” There must be implementation for policies to have intended effects. IS people who address policy must understand promulgation, implementation, and effects or they are “just another voice.”

As noted earlier, many policy issues are mundane, having to do with efficiency and effectiveness. Being an “expert” does not automatically draw attention from high-level policy makers engaged with glamorous topics, particularly outside national or regional policy centers or elite institutions. The IS community’s advantage is in advising business and regional leaders who both follow and contribute to public policy. Their policies affect many people directly. IS issues that have been around for decades (centralization, project management, software acquisition, top management involvement in IS, privacy, cybersecurity) are still around, even if altered to fit the times. Make-or-buy decisions still dominate systems and software acquisition, but onshore vs. offshore issues must now also be considered. Reducing data centers and standardizing systems remain concerns, but on a global scale, involving the “cloud” and other alternatives. The current policy issues might be more complicated and far-reaching, but they are fundamentally the same as before. Policy considerations should always begin with the question, “Has this or something like it been discussed before?” If so, what happened? Often the “something like it” is not an IS issue but is important anyway.

4 Policy Analysis “Policy analysis” is the art of thinking through effects of policy as implemented. It emerged in the latter half of the 20th century from systems analysis. Management science and information systems both used the systems approach (Kast & Rosenzweig, 1963; Edwards, 1996). Over time, systems approaches became broader and deeper. Policy analysis emerged. This paper draws, in part, from a tutorial on policy analysis applied to local government (Kraemer, 1973), now decades old but, in keeping with the point above, remarkably relevant to today. The Wikipedia entry (https://en.wikipedia.org/wiki/Policy_analysis) reinforces the relevance.

Policy analysis is scientific. Objectivity precludes intrusion of personality, reputation, or other interests. Duplicable processes allow reproducibility so that results can be independently verified. The scientific tradition includes sharing of assumptions, data, calculations, and judgments. Results often are derived from experimental and quantitative methods used to ascertain the likely effects of prospective policies over time. The policy must be understood as proposed and as likely to be amended over time. This requires understanding of the environment and the mechanisms affecting the policy when implemented. Evolution of the policy as implementation proceeds must be considered, even though it is often impossible to consider every alternative due to combinatoric explosion. Impossible or highly unlikely outcomes are ruled out. Consideration is given to the outcomes that remain. Policy analysis considers long-term effects and stakeholder reactions of those effects. Even then the wise policy analyst remembers the old saying: no plan for battle survives contact with the enemy. Analysis can have far-reaching effects. Systems analysis for IS, especially requirements or needs analysis, often reveal existing organizational practices that had been established years or decades before, perhaps for good reasons, but no longer made sense. Yet they remained, especially if embedded in expensive code. Smart managers got rid of these processes. Michael Hammer noted this and together with Joe Champy started the business process reengineering movement, or BPR (Hammer, 1990; Hammer and Champy, 1993). BPR grew out of IS and had a big impact on IS. Although no longer in vogue, BPR lives on in process management. Getting rid of obsolete processes rather than automating them was a policy.

Good policy analysis identifies self-dooming assumptions. Highest on this list is assuming people will work against their self-interest without force. There are other self-dooming assumptions. Most are contrary to common sense. To say, “The policy would have worked if only…” is to admit that important mechanisms were not thought of in advance. The analyst must protect the policy process from wishful

Journal of the Association for Information Systems

844

thinking. Research methods protect against wishful thinking. The analyst should ask what is required to make the proposed policy plausible, flagging unrealistic answers.

The policy analyst knows that the interaction between policy and environment is systematic and that what happens in one part of the system affects other parts of the system. It was long hoped that systems would provide uniquely powerful ways to look at things. Clifford Siskin’s history shows systems took hold in the 16th century, but came to fruition later (Siskin, 2017). A half-century ago C. West Churchman identified four approaches to systems (Churchman, 1968): efficiency (elimination of waste), science (the ideals noted above), human relations (human welfare is paramount), and anti-planning (let forces like the market guide). In one form or another these approaches still dominate policy analysis.

IS researchers are positioned to help with policy analysis. They are trained in science and systems. Moreover, information systems are connected to everything and many policies affect information systems. IS people who help with policy must consider the environment and the effects required to make a policy valuable. Sometimes this is difficult, and surprises are common. For example, organizations that followed the policy of adopting enterprise resource planning (ERP) systems that combine financial, accounting, operations, human resource, and other functions in a single system, often discovered that such functions are complicated. Customizing the ERP system to fit the organization’s operations by “configuring” the system has proved daunting. Setting even 100 parameters explodes combinatorically into too many options to consider. When these organizations brought in consulting firms to help, they were presented with a limited set of configurations that the consultants use on all organizations. Organizations had to change their processes to fit the chosen configuration. The problem is the dream of customizability. Few organizations can afford a fully customized ERP system. In principle, ERP customizability is attractive. In practice, the environment limits customizability. The environment usually wins. The policy analyst brings this kind of knowledge to the policy deliberation.

Understanding the longer-term effects of a policy and the reactions of stakeholders to those effects must be considered at all times. A policy producing intolerable outcomes will be changed or removed by stakeholders, whether organizational leaders, patrons, customers, autocrats, or electorates of democratic governments. Desirable outcomes enable policies to survive. Most policies are good for only some stakeholders. There’s nothing to decide if everyone wins. Real decisions have winners and losers, and losers don’t like to lose. A good policy analyst examines likely effects and is not

driven by ideology. Policies can have effects other than hoped. In IT security, for example, requiring passwords with numbers and punctuation marks can make passwords less vulnerable to password cracking algorithms, but result in passwords so difficult to remember that security is reduced when users store passwords in a file called “passwords.” Other policies (e.g., multifactor login) can increase security. “Do nothing” is not the answer for security. The answer is in considering human behavior with passwords as part of the policy analysis.

5 Being Part of the Solution The IS community must do more than “care” about policy issues to have policy effect. High-level policy makers or news organizations probably will not consult most in the IS community. Lobbyists do not welcome others, and there is fierce competition to be the “expert” to whom news personalities turn. IS community members who wish to affect policy ought to ask: “What policy issues can I affect?” Most opportunities are outside the realm in which lobbyists and news personalities congregate. They come from noticing a connection between a policy issue and one’s research or teaching, or because someone local needs policy help.

The oath taken by beginning physicians starts with the admonition, “do no harm.” IS people who seek to affect policy should pay heed. IS people can inform policy by considering the environment, the likely effects of the policy, and stakeholders reactions. Strong analytical skills and deep knowledge of technology can help others avoid simplistic assessments and spot problems in the premises behind proposed policies. IS people can help work against “bandwagon” effects by providing grounded and clear-headed assessment. Aaron Wildavsky once described policy analysis as “speaking truth to power” (Wildavsky, 1979). The IS policy analyst might not have special dispensation with regard to the truth, but speaking something close to truth to those in power is not a bad start.

To summarize, policy is not just “public policy.” It pertains to any system of principles guiding decisions toward desired outcomes. It can be informed by IS people and applies to anyone in authority. Politics is “normal” in policy, whether interpersonal, organizational, or partisan. It requires knowing the difference between promulgation, implementation, and effect. Good policy analysis requires thinking through effects of policy as implemented. Much policy is not glamorous. It is focused instead on efficiency and effectiveness. The goal of policy analysis is to speak truth to power, enabled by a scientific approach and an understanding of systems. For the IS community, this is often a sociotechnical systems approach, not only social or only technical.

Policy: An Information Systems Frontier

845

Future articles will deal with issues relevant to IS policy. Among the topics of interest are the implications of emergent and/or expanding technologies (e.g. blockchain, facial recognition, the Internet of things, the cloud, smart cities, artificial intelligence, machine learning, autonomous vehicles, virtual and augmented reality, etc.), app development and governance, systems design, privacy, information security, and the “cascade” of policy issues from laws and regulations to the local level.

Acknowledgments We are grateful to Carol Saunders for her leadership in getting this going, to Suprateek Sarker for extending the JAIS connection, to all the members of the policy posse for helping with this paper, and especially to Mary Culnan for her comments.

Journal of the Association for Information Systems

846

References Churchman, C. W. (1968). The systems approach.

New York: Delacorte.

Dedrick, J. (2010). Green IS: Concepts and issues for information systems research, Communications of the Association for Information Systems, 27 (1), Article 11.

Edwards, P. N. (1996). The closed world: Computers and the politics of discourse in Cold War America. Cambridge, MA: MIT Press.

GAO (2018). Implementation of recommendations is needed to strengthen acquisitions, operations, and cybersecurity (GAO-19-275T). Retrieved from https://www.gao.gov/products/GAO-19- 275T.

Hammer, M. (1990) Reengineering work: Don’t automate, obliterate. Harvard Business Review, 68(4), 104-112.

Hammer, M. and Champy, J. (1993). Reengineering the corporation: A manifesto for business revolution. New York, NY: Harper Business.

Kast, F. E. and Rosenzweig, J. E. (1963). Science, technology and management: Proceedings of the national advanced technology conference. New York: McGraw-Hill.

Kraemer, K. L. (1973). Policy analysis in local government: a systems approach to decision making. Washington DC: International City Management Association.

Siskin, C. (2017). System: The shaping of modern knowledge. Cambridge, MA: MIT Press.

Watson, R. T. (Ed.). (2008). Green IS: Building sustainable business practices. Athens, GA. Global Text Project.

Wildavsky, A. (1979). Speaking truth to power: The art and craft of policy analysis. Boston, MA: Little, Brown, & Co.

Policy: An Information Systems Frontier

847

About the Authors John Leslie King is W. W. Bishop Professor in the School of Information at the University of Michigan. His research is on the relationship between technical and social change, particularly the relationship between information and communication technologies and highly institutionalized production sectors.

Kenneth L. Kraemer is a professor emeritus in the Paul Merage School of Business, University of California, Irvine. His research has included the social and economic impacts of information systems in federal governments, information technology and productivity, national policy towards the information industry, the globalization of the information industry, and who captures the value in global supply chains in industry.

Copyright © 2019 by the Association for Information Systems. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than the Association for Information Systems must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists requires prior specific permission and/or fee. Request permission to publish from: AIS Administrative Office, P.O. Box 2712 Atlanta, GA, 30301-2712 Attn: Reprints or via email from [email protected].

Copyright of Journal of the Association for Information Systems is the property of Association for Information Systems and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.