The objective of this survey was to determine the relevance and importance of stakeholders in the continuity of information system (IS). The instrument lists six categories of stakeholders, namely: (i) Owners, Creditors, and Insurers, (ii) Top Management, (iii) Functional Departments, (iv) Customers and Suppliers, (v) Vendors, and (vi) Governments. Multiple stakeholders were listed within each category. Respondents are permitted to add stakeholders to the list in each category. The respondents added a couple of new stakeholders, indicating that the list provided was quite exhaustive. These additional stakeholders have not been reported for the same reason.
The default response for each stakeholder is ‘Not Applicable.’ The other possible responses are ‘Very Unimportant’, ‘Unimportant’, ‘Neutral’, ‘Important’, and ‘Very Important’. The last five responses are coded on a five-point scale in increasing order of importance, ‘1’ being ‘Very Unimportant’ and ‘5’ being ‘Very Important’.
The World Wide Web-based survey was conducted by the Pontikes Center for Management of Information, College of Business and Administration, Southern Illinois University at Carbondale. Responses were solicited by sending e-mail to those that had visited the Disaster Recovery Journal home page. Those that did not respond to the first e-mail were sent a reminder after four weeks. Most data were collected electronically. A couple of respondents requested hard copies of the questionnaire, which they returned by mail. The questionnaire used can be found at the Pontikes Center web site http://www.pontikes.siu.edu/.
A total of 44 respondents interested in IS continuity completed the survey, resulting in 38 usable responses. The profile of these respondents is summarized in Table 1.
Business Continuity Manager
|IS Department Manager
|Business Continuity Consultant||3|
Clearly the respondents have a variety of titles: Business Continuity Managers, IS Department Managers, Business Continuity Consultants, and Risk/Contingency Managers constitute a majority of the respondents. Except one Sales Manager no other functional area manager is represented. There are a few Presidents/Owners.
The relevance of different stakeholders to the above respondents is summarized in Table 2. Relevance is measured by the percentage of respondents that considered a stakeholder as being relevant. If the default response of ‘Not Applicable’ is unchanged then that stakeholder is assumed to be not relevant to that respondent. If all the respondents considered a stakeholders as being relevant then that stakeholder’s relevance is 100; if only half of them considered the stakeholder to be relevant then that stakeholder’s relevance is 50.
At one extreme, all respondents see individual customers as stakeholders. At the other extreme, only 40% see business continuity consultants and the local government as relevant stakeholders. The low relevance of business continuity consultants may simply indicate that most respondents do not have them. On the other hand it is difficult to imagine any enterprise that is not under the jurisdiction of some local government. The low relevance of the latter may simply indicate the absence of any relationship between the local government and the enterprise’s information system in the minds of a majority of respondents. Similar explanations can be given for the relevance of all the other stakeholders
Analyzing the relevance by categories highlights many interesting points. Owners, Creditors, and Insurers cluster together in the middle band of relevance at 70%. The relevance of Top Management ranges from 90% for the CEO to 60% for the COO; that for the Departments too falls in the same range with Finance and Marketing at 90% and Risk Management at 60%. The relevance of Customers and Suppliers falls in a higher band compared to Top Management and Departments, ranging from 100% for Individual Customer to 80% for Suppliers. In contrast the relevance of Vendors covers a wider, slightly lower band ranging from 80% for Software and Hardware Vendors to 40% for Business Continuity Consultants. Last, the Governments fall in the lowest band, ranging from 50% for Federal and State Governments to 40% for Local Government.
The importance of different stakeholders is summarized in Table 3 based on their respective mean score. ‘Not Applicable’ responses were not considered in the computation of this score. Hence there is considerable variation in the divisor used in the computation of importance.
Overall, the Business Continuity Department is rated the most important and the Local Government the least. Most stakeholders were rated as being ‘Important’ to ‘Very Important’. Some were rated between ‘Neutral’ and ‘Important’. None was rated below ‘Neutral’ as being ‘Unimportant’ or ‘Very Unimportant’.
Among Owners, Creditors, and Insurers the last are rated the most important, and the Creditors the least, although all three are rated as being ‘Important’ to ‘Very Important’. Similarly, the Top Management stakeholders fall within the same band, with the CIO rated as being the most important and the Marketing Chief the least. The Sales Chief too is close to the bottom of the band. The Departments as stakeholders are spread over a wider band ranging from ‘Very Important’ to less than ‘Important’. The Business Continuity Department, the Production Department, and the IS Department, in that order are at the top; the Human Resources Department, the Facility Management Department, and the Marketing Department, again in that order, are at the bottom – rated between ‘Neutral’ and ‘Important’. Customers and Suppliers fall into a lower band. Both Institutional and Individual Customers are rated together as more than ‘Important’, but the Suppliers are rated as less than ‘Important’ – in fact they are rated the second lowest among all the stakeholders. Among Vendors Business Continuity Consultants are at the top and Software and Hardware Vendors at the bottom, with Telecom Network vendors and Outsourcers in between. The Vendors range in importance from a shade below ‘Very Important’ to a shade below ‘Important’. Last, the Governments are rated as the least important, between ‘Neutral’ and ‘Important’, with the Federal Government being rated the highest and the Local Government the lowest among them.
The data from Tables 2 and 3 can be combined graphically as shown in Figure 1. The Northeast quadrant of the graph shows stakeholders that are highly important and relevant, the Southwest quadrant those that are neither important nor relevant. The northwest quadrant shows stakeholders that are important but are not broadly relevant, and the southeast quadrant those that are not important but are relevant. In the Figure a relevance of 70% has been arbitrarily chosen as the dividing line between high and low relevance, and an importance of 4.0 has been arbitrarily chosen to demarcate high and low importance. These values may be changed. With different cutoffs the grouping in the four quadrants will be different.
Highly relevant and highly important stakeholders are those that most respondents think as interested in IS continuity and as being important to the maintenance of such continuity. The Finance Department, CEO, IS Department, CFO, Board of Directors, Accounting Department, Institutional Customers, and Individual Customers are the most relevant and important stakeholders. These are the most significant stakeholders. On the other hand, stakeholders of low relevance and importance are those that most respondents think as not being interested in IS continuity and as not being important to its maintenance. Of these, the Local Government is the least relevant and important. The State Government, R&D Department, Facility Management Department, and Creditors also are in the same quadrant of low relevance and importance. Stakeholders in this quadrant are relatively the least significant. The Sales Chief, Sales Department, Marketing Chief, Marketing Department, Hardware and Software Vendors, Human Resources Department, Purchasing Department, and Suppliers fall into the high relevance-low importance quadrant. Among those in this quadrant, the Suppliers are probably the archetypal stakeholders. At the other extreme, Business Continuity Consultants appear to be the archetypal stakeholder that has low relevance but is highly important. In other words these are relevant to relatively few respondents, but are highly important to those they are relevant. Other stakeholders in this quadrant are the Business Continuity Department, Business Continuity Service Providers, Federal Government, Outsourcers, Production Department, CIO, COO, Controller, Insurers, Telecommunication Network Vendors, Corporate Security Department, and Risk Management Department. The stakeholders in these last two quadrants are somewhat significant.
This particular configuration simply reflects the perception of a sample of respondents. A different sample may result in a different configuration. A sample of CIOs, for example, may view the stakeholders differently than a sample of Marketing Chiefs. Similarly, a sample of respondents from the healthcare industry may view the stakeholders differently than a sample from the financial services industry. Mapping the stakeholders based on relevance and importance as shown in Figure 1 will enable one to document, interpret, and respond to the similarities and differences. It can be an effective planning tool as explained below.
A planner has to segregate stakeholders by their significance. Significance can be defined as a function of relevance and importance. This study provides a significance-map of stakeholders from the perspective of a non-random, small group of respondents. However, the methodology of this study can be used more broadly to map the stakeholders based on the perceptions of key people within a department, an organization, or an industry. These maps can be insightful to the planner in many ways.
First, these maps can help formulate goals for IS continuity. For example, if the Finance Department and the CFO are more significant than the Marketing Department and the Marketing Chief, it would be natural to give higher priority to the continuity of financial operations than to the continuity of marketing operations.
Second, these maps can help aggregate and validate perceptions. These maps provide the ‘big picture’. Ideally, all the planners and the stakeholders should subscribe to a single map. But this is rarely the case. A local government may consider itself far more significant than indicated by the respondents of this study. Similarly a CEO may consider herself far less significant than the IS executives believe. The map provides a basis for highlighting, articulating, and subsequently incorporating these different points of view.
Third, these maps can highlight biases and inconsistencies. For example, in the world of electronic commerce, should the Marketing and Sales Chiefs and their respective departments increase in significance? Similarly, with EDI (Electronic Data Interchange) and JIT (Just In Time) should Suppliers be more significant than indicated in Figure 1? Similarly, should Governments in general be made more significant as many organizations such as PPBI (Private Public Business International) are attempting to do?
Thus, mapping the stakeholders can illuminates the planning terrain by quantifying and visually depicting the significance of different stakeholders. However, good maps require good data. Such data can be obtained only from a large representative sample of respondents. Our next step is to collect such data from multiple industries and corporations.
Arkalgud Ramaprasad, Mikhail Komorov, and Paul Ambrose, are with the Pontikes Center for Management of Information, College of Business and Administration, Southern Illinois University, Carbondale, IL 62901-4627