Month: June 2025

Subject: Information System Science

Title: Adapting to Regulation: The EU AI Act’s Influence on AI Adoption in Dutch Banking

Abstract: 

The European Union Artificial Intelligence Act (EU AI Act) aims to regulate the use and adoption of AI systems across various sectors, including banking. The EU AI Act introduces compliance requirements and addresses high-risk AI systems to ensure ethical AI usage in organisations. Despite theoretical discussions, there is still a lack of empirical evidence on the effects of the EU AI Act on AI adoption. This raises questions about how Dutch banks can succesfully adopt AI while achieving regulatory compliance. This study investigates the influence of the EU AI Act on the adoption of artificial intelligence (AI) within the Dutch banking sector, through compliance and innovation strategies. The research explores the challenges Dutch banks face in adapting to the EU AI Act. It highlights key areas such as compliance strategies, AI literacy, innovation, and the balance between regulation and innovation. A comprehensive literature review is conducted, followed by thematic analysis of collected data from 12 semi-structured interviews. The study identifies significant themes including varying stakeholder perceptions of the EU AI Act, the importance of AI literacy for compliance and competitive advantage, and innovative practices amid regulatory constraints. To overcome those challenges, the study recommends establishing clear AI literacy initiatives and inventory systems. Moreover, the integration of specialized compliance-focused roles in banks can further support adherence to the EU AI Act. Furthermore, the study provides empirical insights into the EU AI Act’s influence, understanding its impact on compliance and innovation strategies in the banking sector. Ultimately, the study highlights the importance to balance compliance with the EU AI Act and stimulate AI innovation for Dutch banks, remaining competitive within the strict regulatory landscape. Future research directions are suggested to explore ongoing developments in AI governance and its impact across different banking sectors and geographical locations.

Key words: EU AI Act, AI systems, Dutch banking sector, compliance strategies, AI adoption, innovation, regulatory challenges

Subject: Information System Science

Title: Enhancing cybersecurity awareness strategies to comply with ISO 27001:2022

Abstract: 

This thesis presents a case study of ICT Group aimed at enhancing cybersecurity awareness throughout the organization by developing a role-based strategy aligned with the ISO 27001:2022 standard. Through a multi-method research approach, including literature review, organizational analysis, benchmarking, and data collection via interviews, surveys, and incident reports, the study identifies critical gaps in the current one-size-fits-all awareness program. The findings demonstrate the need for tailored, role-specific training that addresses the unique cybersecurity risks associated with different employee functions.
A comprehensive, modular awareness strategy is proposed, featuring detailed role-risk mapping, targeted training plans, and the integration of Learning Management Systems (LMS) to support scalable and engaging learning experiences. The strategy further incorporates the appointment of cybersecurity champions, a centralized communication platform, continuous microlearning, and a metrics-driven evaluation framework to monitor effectiveness and promote continuous improvement.
The LMS options were evaluated, recommending Docebo for its scalability and robust role-based capabilities, with Moodle and Nerds & Company as alternative solutions based on organizational needs. Finally, a phased implementation roadmap is outlined to guide ICT Group in transitioning to a sustainable, scalable, and ISO-aligned cybersecurity awareness program that fosters a proactive security culture.

Key words: Cybersecurity, Awareness improvement, cybersecurity awareness strategy

Subject: Information System Science

Title: Understanding Knowledge Platform Adoption in a Large Industrial Organization: A Multi-Layered Case Study

Abstract: 

This thesis investigates the factors influencing employees’ willingness to engage with a knowledge management platform within a large multinational industrial organization. Based on a six-month field immersion and a department-level case study, the research combines qualitative interviews and a structured survey to examine how organizational framing, behavioral motivation, and technological usability interact to shape platform adoption. The findings reveal that while interpersonal trust and technical access were present, engagement remained limited due to weak strategic framing, lack of managerial modeling, and persistent usability frictions. The concept of latent disengagement is introduced to describe this passive yet non-resistant pattern of underuse.
The thesis makes a theoretical contribution by integrating insights from affordance theory, symbolic framing, and motivation psychology to explain voluntary system use. Practical recommendations include reinforcing symbolic legitimacy, simplifying usability, and establishing feedback loops to support sustained engagement with knowledge-sharing platforms in complex organizational contexts.

Key words: knowledge sharing, digital platforms, user engagement, knowledge management systems adoption

Subject: Information System Science

Title: Evaluating and optimizing productivity of Generative Artificial Intelligence in organizational projects

Abstract: 

As Generative Artificial Intelligence (GenAI) continuous to evolve, its integration into organizational workflows present both significant opportunities and complex challenges. While GenAI has demonstrated potential to enhance productivity through automation, decision-making and content generation, organizations struggle to reliably assess its impact. This research investigates how the productivity of GenAI can be accurately assessed and optimized within service-oriented projects.
The research employs a qualitative design, combining a Systematic Literature Review, semi-structured interviews, and multiple case studies. The findings reveal that although GenAI can significantly reduce task completion time and improve output quality, its productivity gains are often inconsistently measured. Metrics are used sporadically and lack standardization, moreover the effectiveness of GenAI varies across business context and organizational maturity.
To address these challenges, the study introduces the Generative Productivity & Impact Model (G-PIM), a multidimensional framework consisting of five dimensions: strategic impact, operational performance, human-centric outcomes, governance and risk and contextual adaptability. This model provides a holistic view of GenAI’s contribution to business value, emphasizing both direct and indirect productivity indicators.
This paper emphasizes the importance of establishing standardized productivity metrics, aligning KPIs with strategic objectives and adopting outcome-based pricing models to accurately assess and optimize the impact of GenAI. Furthermore, fostering organizational readiness and embedding robust governance structures are essential to ensure responsible, scalable, and value-driven GenAI deployment.
This research contributes to academic literature by bridging theoretical insights with practical implications, offering actionable recommendations for organizations seeking to leverage GenAI effectively. It also lays the foundation for future research on long-term impacts, human-AI collaboration, and the development of adaptive performance metrics in rapidly evolving technological landscapes.

Key words: Generative Artificial Intelligence (GenAI), productivity, Key Performance Indicators (KPI), organizational performance, business value.

Subject: Proactive third-party cybersecurity monitoring in the financial sector under DORA

Title: Cybersecurity risk management in outsourcing: a proactive approach to third-party monitoring under DORA

Abstract: 

In today’s digital landscape, organizations increasingly rely on third-party service providers for critical IT functions. While this dependence enhances operational efficiency, it also introduces significant cybersecurity risks. In response to the rise in cyber-attacks and the need for stronger digital resilience in the financial sector, the European Union introduced the Digital Operational Resilience Act (DORA), which from January 17, 2025, mandates all financial entities and third-party ICT providers to strengthen their IT security and ensure resilience against cyber threats. Although DORA outlines key responsibilities for third-party risk management, it lacks concrete guidance on how financial entities should monitor their outsourcing partners, leaving a gap that neither academic literature nor current industry practices have yet adequately addressed. This study addresses that gap by identifying practical barriers to effective third-party monitoring and proposing structured, forward-looking steps for improving oversight in line with DORA. Using a qualitative methodology, the research integrates a literature review with semi-structured interviews conducted with experts in DORA, cybersecurity, and third-party risk management, offering both theoretical and practical insights. Findings reveal that while financial entities recognize the need for proactive monitoring, many lack the internal capacity and organizational readiness to implement it, as many are still in the process of establishing baseline compliance. To move toward proactive monitoring, financial entities should start by developing a comprehensive inventory of all third-party relationships, classifying them by criticality, and strengthening internal capabilities. Establishing regular evaluations and KPI-driven service-level reporting provides a strong foundation for oversight, which could later be enhanced through advanced technologies such as AI.

Key words: Digital Operational Resilience Act, compliance, cybersecurity, third-party risk management, proactive monitoring

Subject: Information System Science

Title: Data governance best practices: Developing practical recommendations for case organization

Abstract: 

This master’s thesis focuses on best practices in data governance and aims to guide a certain international organization in operating according to these practices. Data governance is always organization-specific, which is why universally applicable, concrete instructions for practical implementation are limited, even though the topic has been extensively covered in scientific literature.
The objective of the research is to determine what kind of concrete measures the organization in question could take to better respond to the data governance best practices identified in the literature. This will be examined by evaluating the organization’s current level of data governance maturity and comparing it to the frameworks presented in the literature. In this way, key areas for development are identified, and targeted recommendations can be provided.
The empirical data consists of results obtained through a questionnaire developed by Marchildon (2019) and validated by experts. The questionnaire was supplemented with interviews conducted simultaneously with the questionnaire completion. In addition, the researcher has observed the organization’s activities for three months while participating in a process digitalization project. This has supported a deeper understanding of the data and the reliability of the results.
Best practices in data governance form a broad entity, in which multiple areas must be considered and applied on an organization-specific basis. Several models have been developed for assessing maturity levels, but based on this study, the model by Marchildon (2019) proved to be the most suitable, as it covers all the areas identified in the literature and enables their subjective assessment. The study found that the organization lacks a unified approach to data governance. To address this, the establishment of a dedicated data governance role and the creation of a unified data governance framework are particularly recommended.
The approach applied in the study proved to be functional and helped to identify clear areas for development. Although the study provides a replicable model for other organizations, further case studies are needed in the future that present successful data governance development projects in a practical manner.

Key words: Data governance, master data, best practices, compliance, maturity, framework.

Subject: Information System Science

Title: AI Readiness for Financial Forecasting

Abstract: 

This thesis investigates organizational AI readiness for adopting artificial intelligence in financial forecasting processes. Despite growing interest in AI-driven forecasting, organizations struggle to bridge the gap between technological aspirations and implementation capabilities, with only 26% successfully integrating AI at scale. This research addresses this critical gap by examining what factors characterize organizational AI readiness for the adoption of AI in financial forecasting processes.

The study builds upon existing theoretical frameworks, specifically the Technology–Organization–Environment (TOE) framework (Tornatzky & Fleischer, 1990) and Jöhnk et al.’s (2021) AI readiness model. Using qualitative methodology, semi-structured interviews were conducted with five finance professionals from diverse industries including software, social services, financial services, and business consulting. Data analysis employed Braun and Clarke’s thematic analysis approach to identify patterns and themes characterizing AI readiness.

The analysis revealed five main themes encompassing seventeen distinct readiness factors: (1) Technological Infrastructure and Data Readiness, (2) Human Skills and Cultural Attitudes, (3) Leadership and Strategic Alignment, (4) External Environment Constraints, and (5) Perceived Value and Fit of AI Solutions. Four novel factors emerged that extend existing frameworks: Data-Governance Maturity, Trust and Explainability Concerns, Proof-of-Concept & Value-Validation Capability, and Cross-Border Regulatory Alignment. The research also refined understanding of existing factors, revealing nuances such as generational divides in AI attitudes and the specific constraints of legacy spreadsheet-dependent systems.

The findings demonstrate that AI readiness for financial forecasting extends beyond technological preparedness to encompass human, organizational, and regulatory dimensions that existing frameworks only partially address. Financial forecasting’s unique characteristics—combining quantitative analysis with qualitative judgment under strict regulatory oversight—create distinct readiness requirements. The research provides actionable insights for organizations, emphasizing the need for strong data governance foundations, human-centric AI strategies that prioritize transparency, and sophisticated regulatory navigation capabilities. The study contributes to AI-readiness theory by showing how domain-specific requirements shape readiness in ways general technology-adoption frameworks cannot fully capture. It proposes a comprehensive conceptual framework for assessing and enhancing organizational preparedness for AI adoption in financial forecasting.

Key words:

AI readiness, financial forecasting, AI in finance, machine learning in finance, organizational readiness, artificial intelligence adoption, change management

 

Subject: Philanthropy & AI

Title: Enhancing Impact Measurement of Philanthropic Organisations: A Human-AI Collaboration Framework

Abstract: 

Philanthropic organisations increasingly face pressure to demonstrate the impact of their work, yet existing impact measurement practices remain fragmented, resource-intensive, and often ill-suited to capturing both qualitative and quantitative outcomes. This thesis addresses these challenges by proposing a human–AI collaboration framework designed to enhance the efficiency, traceability, and usefulness of impact data in the nonprofit sector. Building on principles of Design Science Research (DSR), the study integrates semantic technologies (ontology and knowledge graphs), natural language processing (NLP), and automation tools within a prototype system aimed at structuring and querying unstructured impact data.
The research is informed by a two-phase empirical process: initial exploratory interviews to identify key challenges and requirements, followed by evaluative interviews assessing the system’s perceived usefulness, usability, and ethical acceptability. The results confirm the relevance of established models such as the Technology Acceptance Model (TAM) and Human-Centered AI (HCAI) in this context, highlighting the importance of transparency, trust, and organisational fit. The proposed framework was found to effectively support common impact measurement needs, such as aggregating indicators, linking data to strategic goals like the SDGs, and making qualitative insights more analysable.
This work contributes both a functional prototype and a set of design recommendations for responsible AI implementation in the social sector. It also responds to documented gaps in the literature regarding integrated, context-sensitive AI tools for nonprofits. The findings underscore the potential of AI to support evidence-based decision-making in philanthropy, provided that technical innovations are embedded within participatory, ethical, and user-centred processes.

Key words: Impact Measurement, Philanthropy, Nonprofit Organisations, Human–AI Collaboration, Knowledge Graph, Ontology Engineering, Natural Language Processing (NLP), Technology Acceptance Model (TAM), Human-Centered AI (HCAI), Design Science Research (DSR), Responsible AI, Semantic Technologies, Sustainable Development Goals (SDGs)

Subject: Hybrid IT Environments

Title: Agile Adoption and its Impact on Inter-team Technical Coordination and Delivery Perception in Hybrid IT Organisations

Abstract: 

This study investigates how agile adoption influences inter-team technical coordination and stakeholder perception of delivery in hybrid IT organisations where agile and traditional methodologies coexist. Through a single case study within a multinational cosmetics company, seven semi-structured interviews were conducted with stakeholders across different coordination interfaces, using an integrated framework combining Thompson’s Interdependence Theory and Freeman’s Stakeholder Theory.
The findings reveal that hybrid IT environments develop sophisticated coordination mechanisms beyond traditional approaches: standardisation through documentation and quality standards, planning through release-based coordination and roadmapping, and mutual adjustment through over-communication strategies and small-group meetings. Emergent hybrid-specific mechanisms include Product Owner translation roles, branch-based integration strategies, and definition of done alignment processes.
Regarding stakeholder perception, timeline adherence emerges as the dominant success factor across all stakeholder groups, transcending methodological preferences. Stakeholders develop multi-criteria quality assessment frameworks while requiring transparency about progress and risk to maintain confidence in hybrid environments.
This research extends Thompson’s theory by identifying hybrid-specific coordination mechanisms and contributes to Stakeholder Theory by examining perception formation across multiple delivery methodologies. The findings provide practical guidance for coordination design and stakeholder management in hybrid IT
organisations.

Key words: Agile Delivery, Hybrid IT Environments, Technical Coordination, Delivery Perception,
Interdependence Theory, Stakeholder Theory

Subject: Information Management

Title: Enhancing Risk Management in ERP Project through Structured RAID-Log Analysis: A Mixed-Methods Approach to Continuous Learning and Governance

Abstract: 

Introduction – This study explores how a structured analysis of RAID-logs can enhance risk management in ERP projects by supporting early risk detection, continuous learning, and as a result long-term organisational resilience.
Contribution – This study adopts a holistic perspective by combining quantitative and qualitative methods to address the underexplored long-term improvement of risk management practices in ERP implementations, shifting the focus from short-term mitigation to continuous learning through structured RAID-log analysis. It provides actionable insights for project managers by demonstrating how structured RAID-log analysis can improve early risk detection, support ongoing risk evaluation, and strengthen organisational resilience.
Methodology – This study employs an explanatory sequential mixed-methods design, combining quantitative analysis of RAID-log data with qualitative expert interviews to uncover patterns, validate findings, and provide a holistic understanding of how RAID-logs support risk management in ERP projects.
Results – The results reveal significant inconsistencies in how RAID-logs are used across ERP projects, with trends showing that effective RAID practices enable faster resolution, better risk response alignment, and offer potential for continuous learning when supported by standardized labelling and active monitoring.
Conclusions – This study has shown that RAID-logs contribute to a better understanding of risks and enhance their impact on project risk management by revealing escalation patterns between RAID elements, supporting proactive decision-making, and enabling continuous learning.
Further research – Future research should explore longitudinal studies, and the role of organisational culture, while expanding to large, multi-organisational datasets to better capture RAID-log dynamics and enhance their application through advanced methods like machine learning.

Key words: ERP implementation, risk management, continuous learning, RAID-log analysis, and process improvement.