Need Help with attached

Donno
ITGovernanceSlides.pdf

IT Governance

Key Points

• Understand how IT governance structures define how decisions are made

• Describe IT governance based on organization structure, decision rights, and control

IT Governance

• Recall that decision rights is an important org design variable!

• Governance structures identify who has power and accountability, and who makes what decisions.

• Governance is aligning behavior with business goals through empowerment and monitoring. • Empowerment: granting the right to make decisions. • Monitoring: evaluating performance.

Four Perspectives of IT Governance

• Traditional – Centralized vs decentralized, hybrid

• Allocation & accountability

• Digital ecosystems

• Control structures from legislation

Traditional Perspective

IT Governance

• IT governance focuses on how decision rights can be distributed differently to facilitate three possible modes of decision making: • centralized, • decentralized, or • hybrid

• Organizational structure plays a major role.

Centralized vs. Decentralized Organizational Structures

• Centralized – bring together all staff, hardware, software, data, and processing into a single location.

• Decentralized – the components in the centralized structure are scattered in different locations to address local business needs.

• Federalism – a hybrid of centralized and decentralized structures.

Federalism

• Most companies would like to achieve the advantages of both centralization and decentralization.

• Leads to federalism • Distributes, power, hardware, software, data and personnel

between a central IT group and IT in business units • Some decisions centralized; some decentralized

Federal IT

Decision Archetypes

IT Governance

• More finite structure needed that just centralized/decentralized

• Balance of decision rights and accountability encourage desirable behavior

• Must match the CIO/IT manager’s decision rights with accountability for the decisions.

IT Accountability and Decision Rights Mismatches

Accountability Low High

Decision Rights

High Technocentric Gap • Danger of overspending on IT creating

an oversupply

• IT assets may not be utilized to meet business demand

• Business group frustration with IT group

Strategic Norm (Level 3) • IT is viewed as competent

• IT is viewed as strategic to business

Low Support Norm (Level 1) • Works for organizations where IT is

viewed as a support function

• Focus is on business efficiency

Business Gap • Cost considerations dominate IT decision

• IT assets may not utilize internal competencies to meet business demand

• IT group frustration with business group

IT Governance

• Good IT governance • Provides a structure to make good decisions • Limits the negative impact of organizational policies in IT-related

decisions

• Two major components: 1. Assignments of decision-making authority and responsibility 2. Decision-making mechanisms, e.g. policies, steering committee, etc.

Five major categories of IT decisions

Category Description Examples of Affected IT

Activities

IT Principles How to determine IT assets that are

needed

Participating in setting strategic

direction

IT Architecture How to structure IT assets Establishing architecture and

standards

IT Infrastructure

Strategies

How to build IT assets Managing Internet and network

services; data; human resources;

mobile computing

Business

Application

Needs

How to acquire, implement and maintain IT

(insource or outsource)

Developing and maintaining

information systems

IT Investment

and Prioritization

How much to invest and where to invest in

IT assets

Anticipating new technologies

Important to use the proper decision right allocation pattern for each category.

Political Archetypes (Weill & Ross)

• Archetypes label the combinations of people who either provide information or have key IT decision rights • Business monarchy, IT monarchy, feudal, federal, IT duopoly,

and anarchy

• For each decision category, the organization adopts an archetype as the means to obtain inputs for decisions and to assign responsibility for them.

• There is no best arrangement for the allocation of decision rights. • Organizations vary widely in their archetypes selected

IT Governance Archetypes

Decision-Making Mechanisms

• Policies and standards

• Review boards approve, monitor, and review specific topics

• Steering committees are a popular approach • They include key stakeholders • They can be formed at different levels: •Higher level (focus on CIO effectiveness) •Lower level (focus on details of various projects)

Platform-based Governance

Emergent Governance: Platform-Based Governance

• Challenge a “top down” approach • Digital ecosystems can grow up all around you • Applications, firms, ditial entities

• Firms find opportunities to exploit new technologies that were not anticipated

• Emerging technologies demand agile governance approaches • Firm no longer controls decisions about the technologies

• Examples: • Mobile computing • Cloud computing • IoT • Social media

Summary of Three Governance Frameworks

Governance Framework

Main Concept Possible Best Practice

Centralization- Decentralization

Decisions can be made by a central authority or by autonomous individuals or groups in an organization.

A hybrid, Federal approach

Decision Archetypes

Specifying patterns based upon allocating decision rights and accountability.

Tailor the archetype to the situation

Digital Ecosystems

Members of the ecosystem contribute their strengths, giving the whole ecosystem a complete set of capabilities.

Build flexibility and adaptability into governance.

Legislation

Sarbanes-Oxley Act (SoX) (2002)

• In response to major accounting scandals such as Enron and WorldCom

• To increase regulatory visibility and accountability of public companies and their financial health • All companies subject to the SEC are subject to SoX. • CEOs and CFOs must personally certify and be accountable for their firm’s

financial records and accounting. • Firms must provide real-time disclosures of any events that may affect a

firm’s stock price or financial performance. • 20 year jail term is the alternative. • IT departments play a major role in ensuring the accuracy of financial data.

IT Control and Sarbanes-Oxley

• IT departments play a major role in the accuracy of financial data

• IT departments began to •Identify controls, •Determine design effectiveness, and •Test to validate operation of controls

• IT managers must assess level of controls needed to mitigate risk