Management Information System & Advanced IT Assignment

profilegiggles.desmoin
Ch14ManagementInformationSystems.pdf

CHAPTER

1 Information systems management

LEARNING OUTCOMES

After reading this chapter, you will be able to:

■ evaluate the relationship between IS spending and business benefits;

■ evaluate location alternatives for an organisation’s IS function;

■ assess the arguments for and against outsourcing;

■ apply IS governance concepts to the management of an organisation’s IS function.

MANAGEMENT ISSUES

Annual investment in BIS is signifi cant for many companies. But what return do organisations receive for this investment? To achieve more eff ective investment, a well-planned BIS strategy is required that supports the corporate goals. In this chapter we aim to answer the questions a newly installed manager seeking to develop an IS strategy would ask:

■ How can we ensure that our proposed IS/IT solutions will deliver value for money?

■ What are the main considerations when deciding where to locate the management of the IS/IT function within the organisation?

■ How can we determine the extent to which IS/IT services should be outsourced?

■ What management tools and techniques exist to help us manage the IS/IT portfolio effectively?

CHAPTER AT A GLANCE

MAIN TOPICS

■ Information systems investment appraisal 508

■ Determining investment levels for information systems in an organisation 509

■ Locating the information systems management function 512

■ Outsourcing 515

■ Beyond strategic information systems – the importance of IS capability 524

■ Pulling it together: IT governance and COBIT 527

FOCUS ON . . .

■ IT infrastructure flexibility 526

CASE STUDIES

14.1 Outsourcing: beware false economies 522

14.2 IT trends shape future corporate strategies 532

CHAPTER

14

M14_BOCI6455_05_SE_C14.indd 507 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT508

Earlier (in Chapter 13), we explored a number of tools and issues relating to the development if IS/IT strategies and their integration with an overall business strategy. This chapter explores a range of issues relating to the management of information systems within an organisation including investment appraisal, outsourcing and the organisation and implementation of the IS/IT management function within an organisation. By combining effective IS/IT strategies with effective implementation and management, it will then become more likely that an organisation will have IS/IT solutions that provide significant business benefits rather than ones which act as a drain on the organisation.

INTRODUCTION

There has been considerable discussion in academic journals regarding both ‘information systems value’ and ‘evaluating IS/IT investments’. While the former relates more closely to the ‘productivity paradox’ mentioned above, the latter deals more with the analysis of how organisations can identify and evaluate IS/IT investments and their associated benefits. Lubbe and Remenyi (1999) in their analysis of the management of IS/IT evaluation identified seven benefit objectives that provide a stimulus to organisational IS/ IT investment. In descending order of significance these are:

■ productivity; ■ new opportunities; ■ change; ■ competitive advantage; ■ contribution to organization; ■ increased turnover; ■ reduced risk.

Coupled with these factors, Lubbe and Remenyi also identified seven IS/IT investment drivers that will help determine the organisation’s response to the IS/IT investment opportunity. In descending order of importance, these are:

■ organisational strategy; ■ management decisions; ■ interfacing (of systems); ■ quality of service; ■ evaluation of IS/IT (tangible and intangible benefits); ■ business modelling (improving business processes); ■ budgets.

Given that there is a range of drivers that affect the IS/IT investment process and that both tangible and intangible benefits will be generated as a result of the IS/IT investment, a range of techniques can be employed to assess tangible benefits (typically through financial measures) and intangible benefits (using qualitative methods). Indeed, the existence of both financial and non-financial approaches to IS/IT investment appraisal could give us some clue as to why the so-called productivity paradox may appear to exist. In other words, there may not be a financial payback in the short or even medium term, but the very fact that business benefits (such as improved customer service) are perceived to come from

INFORMATION SYSTEMS INVESTMENT APPRAISAL

M14_BOCI6455_05_SE_C14.indd 508 30/09/14 7:26 AM

509ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

Earlier (in Chapter 8) we described the assessment of costs at the initiation phase of a single information systems project. In this chapter, we consider at an organisational level the amount of investment that should occur in information systems.

Managers in many organisations are concerned with the level of investment in information systems and whether they are getting value for money from that investment. One of the difficulties with measuring this is that while costs tend to be tangible in nature, benefits are often more difficult to quantify.

DETERMINING INVESTMENT LEVELS FOR INFORMATION SYSTEMS IN AN ORGANISATION

particular investments that have been assessed from a qualitative perspective, would lend some credence to the ‘time lag’ explanation of the paradox.

Financial approaches to information systems investment appraisal have already been covered earlier (in Chapter 8).

How much an organisation will spend on IS will depend both on the size of the organisation and on the nature of its business operations. Spending as a proportion of turnover will also vary over time, depending on the maturity of an organisation’s systems and on the organisation itself. There is a tendency for the proportion of spending on IS to increase as organisations mature and have to maintain legacy systems. Regardless of any of these considerations, the task facing senior managers remains the same: can we be sure that investment in IS will deliver more benefit than the costs incurred?

Investment levels

As described earlier (in Chapter 8), costs can be both tangible and intangible. As you would expect, tangible costs are more easily identified than intangible ones. Hochstrasser and Griffiths (1990) produced a checklist which can help organisations identify, quantify and evaluate information system costs. The main cost elements include:

■ hardware costs; ■ software costs; ■ installation costs; ■ environmental costs; ■ running costs; ■ maintenance costs; ■ security costs; ■ networking costs; ■ training costs; ■ wider organisational costs.

Since every information system that is acquired incurs operational and maintenance costs, IS expenditure will always be split between development costs and operational and maintenance costs.

Information systems costs

M14_BOCI6455_05_SE_C14.indd 509 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT510

While information systems costs are relatively easy to identify, the benefits that accrue from IS investment are harder to quantify. This is because benefits are often intangible in nature and, therefore, harder to ascribe a financial value to. Broadly speaking, benefits from IS investment result from the capability of the organisation to do things that it could not do or did not do very well before. This must be supported by information of good quality, as defined in Chapter 2. This will include:

■ Information relevance – is the information being provided relevant to the business decisions being made?

■ Is accurate information available on which business decisions can be made? ■ Speed of information delivery – does information reach the decision makers when they

need it? ■ The functionality of the IS to support decision making – will the system do what we want

it to do? ■ The reliability of the IS – can we rely on the system to give us the information we want

when we want it?

If the above questions can be answered positively, then the investment in IS is providing benefits to the organisation and, therefore, allows it to do things that it could not do before.

In making an IS investment decision, the value that accrues from the above elements must be measured in some way. However, as noted above, value from IS investment can often be intangible in nature and, therefore, harder to measure. Such items of intangible benefit include:

■ improved customer service; ■ gaining competitive advantage and avoiding competitive disadvantage; ■ support for core business functions; ■ improved management information; ■ improved product quality; ■ improved internal and external communication ■ impact on the business through innovation; ■ job enhancement for employees.

Each of these elements has a level of difficulty attached when we attempt to determine the value of the benefit. For example, impact on the business through innovation is very hard to measure quantitatively, while the benefit of improved product quality may be easier to measure.

Information system benefits

We can deduce from the above discussion that the more accurately we can identify the contribution of IS towards the value of business gain, the more accurately we can identify the value accruing from IS investments. It follows from this that in order to assess the value of future investments in IS, we must come up with a framework that allows us to weigh up the relative costs and benefits and so enables us to make properly considered IS investment decisions.

There are a number of approaches that attempt to evaluate IS investment decisions. In essence, a proposed or ongoing investment should proceed if the benefits from the investment outweigh the costs incurred. However, as Robson (1997) indicates, one of the

IS investment – balancing costs and benefits

M14_BOCI6455_05_SE_C14.indd 510 30/09/14 7:26 AM

511ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

main difficulties is the intangible benefits, which can amount to at least 30 per cent of all benefits obtained. In addition, even if a benefit can be quantified (e.g. a new system speeds up customer response to queries from an average of 10 minutes to 10 seconds), it is not always easy to put a monetary value on it. This leads to a division in approaches between those that concentrate purely on financial measures and those that attempt a non-monetary evaluation.

Earlier (in Chapter 8) we considered the basis of investment decisions taken at the feasibility assessment stage of the initiation of an individual project. It is the role of the IS manager to ensure that individual IS project decisions are consistent with the company’s overall IS strategy.

Financial justification methods look at the relationship between the monetary costs of IS investment and the monetary benefits that might be obtained from it. There are a number of techniques that can be used, including:

■ return on investment (ROI); ■ discounted cashflow (DCF), such as net present value (NPV) and internal rate of return

(IRR); ■ payback period.

These are described in more detail elsewhere (in Chapter 8), which also reviews how they are applied to a proposal for an individual system.

Risk assessment methods, on the other hand, look at a number of factors other than those related to pure financial return. Such considerations include:

■ the benefits that are designed to accrue from investment in different categories of IS; ■ the reasons that systems fail; ■ categories of risk and their likely impact on systems success.

Information systems fail when they do not deliver the benefits they were intended to achieve. Clearly, the greater the investment in IS, the greater the impact of a failed project, especially as that investment could have been made in another part of the business (e.g. investment in additional plant, people or equipment) with much greater effect.

We will now look at an alternative approach for prioritising investment in IS.

Investment categories of the IS applications portfolio

Sullivan (1985) identified four investment categories for information systems that provide a framework within which the strategic value of the investment to the company can be placed. It is useful to identify in which category a new system lies within the IS portfolio, in order to assess its importance and allocate resources to it accordingly. The investment categories are:

1. Strategic systems. These are designed to bring about innovation and change in the conduct of business and so bring about a competitive edge. Business processes may need to be designed and relationships with customers and suppliers changed. Risk occurs because of the level of uncertainty associated with these kinds of systems (we are dealing with unstructured decision making, the results of which are often hard to quantify).

2. Key operational systems. Existing processes are rationalised, integrated or reorganised in order to carry out the activities of business more effectively. The risk occurs in the complexity of the systems in this category and the need to integrate them with other systems (externally as well as internally).

3. Support systems. Such systems support well-structured, stable and well-understood business processes (i.e. decisions are usually made in a climate of relatively high business certainty). Benefits derive either from eliminating unnecessary processes or from automating regular and routine procedures. In either case, the aim is to reduce cost and raise efficiency. The risks occur in selecting the right kind of software (often packaged) and implementing it effectively to gain the benefits.

M14_BOCI6455_05_SE_C14.indd 511 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT512

4. High-potential projects. These are of research and development orientation and may have the capacity to deliver significant business benefits in the future. They are usually high-risk projects (in the sense that they may not deliver anything at all) and the main business risk lies in committing too much money to the project (i.e. the attitude that if we invest more, we must realise some benefits!).

The challenge for the organisation is to channel investment into the areas that are likely to yield the highest level of potential benefit at the lowest level of acceptable risk.

Risk factors

These have been summarised by Ward and Peppard (2002). They should be considered at the start of a project to attempt to reduce the risk of project failure. Risk management is described in more detail elsewhere (in Chapter 8).

There are two basic approaches to locating the information system function in an organisation that operates at more than one location. These are the centralisation of all IS services at one office (usually the head office) and decentralisation. It is unusual for a company to choose one extreme or the other; typically, the approach will vary for the different types of services. The approach chosen is significant, since it will have a direct correspondence to the quality of service available to the end-user departments and the cost of providing this service.

LOCATING THE INFORMATION SYSTEMS MANAGEMENT FUNCTION

It is useful to make a distinction between information systems and information technology. As has been stated before, we can view IT as the infrastructure and an enabler, while information systems give a business the applications that produce the information for decision-making purposes. IS cannot exist without the IT to support them, but IT on its own does not of itself confer any business benefits.

For information technology the following must be managed:

■ Hardware platforms. These need to be selected and supported (for example, it may be decided only to operate a client/server environment using Unix workstations).

■ Network architectures. An organisation currently operating a mixture of AS/400 computers and PCs may wish to focus on a particular network architecture for the PCs in order to facilitate easier integration with the AS/400 systems.

■ Development tools. It may be desirable to adopt tools that permit more rapid development of new information systems. Such tools will need to be able to run on the selected hardware platform and also be compatible with chosen database management systems.

■ Legacy systems. These systems may run on old hardware platforms and be difficult to integrate with planned systems development. While strictly an IS issue rather than an IT one, it may still be necessary in the short-to-medium term to provide the necessary IT support to allow these systems to continue to operate.

■ Operations management. This covers a number of areas, including hardware management, capacity planning, security (backups, access control, error detection, archiving), technical support (for hardware and systems software), telecommunications and network management.

What needs to be managed?

M14_BOCI6455_05_SE_C14.indd 512 30/09/14 7:26 AM

513ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

The areas that relate to information systems management are:

■ Business systems development. Applications development falls into two broad categories: those applications that deal with corporate data and those that are departmental or personal in nature.

■ Migration and conversion strategy. While strictly being part of the systems development process, migration from one system to another involves specialists from both IS/IT and functional business areas. For corporate information systems, many functional areas may be involved.

■ Database administration. Today’s information systems depend very much on database management systems (such as DB2, Oracle, Informix and Access).

■ User support and training. All applications software users require support at some point. The objective is to get the right support to the right people at the right time.

■ End-user application development. This is becoming increasingly popular, especially in medium-to-large organisations. Such development will not only require support (e.g. advice on appropriate development tools) but will require explicit management to ensure that wheels are not being re-invented and bug-ridden software not being produced.

■ Shared services. Recent innovations such as e-mail and collaborative work systems have both local and corporate application. The objective should be to maximise local flexibility while at the same time ensuring that organisation-wide standards are adhered to (the same could be said of end-user development).

■ IS/IT staffing. While this is more of a human resources issue than an IT one, it is, nevertheless, important to stress that for an IT strategy to be implemented, there need to be staff with expertise in hardware, communications, systems software and development software. Naturally, for a small business this expertise will be limited.

This analysis indicates that there are some aspects of IS/IT that need central control and management, but at the same time there are local needs that have to be addressed within individual functional areas of the business. Therefore, we should now move from what needs to be managed to where IS/IT needs to be managed and the factors that influence this.

In a large company with several sites, IS/IT management must be organised and located in such a way as to ensure full integration of business and IS/IT strategies, as well as full support for the IS/IT needs of each functional area of the business.

Questions that should be asked when ascertaining the best approach include:

■ Is information systems management (ISM) in tune with corporate strategy? Structures need to exist in such a way that an organisation’s information systems strategy is fully embedded within its business strategy. This means that mechanisms must exist that embrace all functional areas of the business as well as the most senior management.

■ Is ISM in tune with organisational shape? A heavily centralised approach to managing all aspects of IS/IT may conflict with a geographically dispersed organisation, or with one where individual functional areas enjoy a high degree of local autonomy.

■ Is the focus of ISM inward-looking on managing technology? If this is the case, it suggests that IS/IT is operating mainly in a support capacity rather than a strategic one. An alternative, less palatable explanation is that the IS/IT department is rooted in the past and does not see IS/IT as being an integral part of business strategy.

■ Is the focus of ISM outward-looking on helping the business plan the best use of technology? A positive answer to this question indicates a modern approach to IS/IT

Structuring information systems management

M14_BOCI6455_05_SE_C14.indd 513 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT514

management. One can look at all aspects of IS/IT, from getting the best management information from existing transaction processing systems to implementing a company- wide communications strategy to enable business processes to be re-engineered and facilitate better links to customers and suppliers.

There are a number of additional factors that will influence the structuring of information systems management. An organisation that operates in a single geographic location will have different needs from one that is spread over many sites (perhaps over many countries). Similarly, a business that has a diverse range of products and business operations may need an ISM different from that of a single-product company. If a large organisation has a number of discrete strategic business units, it may be appropriate to treat each distinct SBU as a separate entity in its own right for ISM purposes.

One must also not ignore the impact of organisational culture and management style on ISM structure. An organisation that has a decentralised management philosophy may find it easier to decentralise certain ISM functions than one that is highly centralised.

There are two approaches to IS/IT management. The centralised approach will concentrate all aspects of IS/IT management at a single point within the organisation, such as the data processing or management information systems (MIS) department. An MIS department may either report into a single functional business area (traditionally, the accounting department has been a popular choice) or it may report directly at board level. The modern trend is for MIS managers or chief information officers (CIOs) to report directly at board level in the same way as heads of functional areas such as HRM, sales and finance.

The decentralised approach recognises that some aspects of IS/IT management are best located close to the point of use. If any degree of decentralisation exists, the inference is that there will be staff located within the parts of the organisation that enjoy a degree of local autonomy. In some cases, the staff will be IS/IT professionals who might otherwise be located in a more centralised structure.

Alternatively, there may be ‘hybrid’ personnel who have both functional area expertise and good IS/IT skills. Aspects of IS/IT that lend themselves well to a degree of decentralisation are the development of end-user applications, use of report generators with corporate data as the main input, and information systems in functional areas that carry out discrete activities not connected with primary business functions (such as plant maintenance or HRM systems).

For centralised and decentralised approaches there are advantages. With the centralised approach, it is suggested that it is possible to:

■ achieve and control consistent IS/IT strategy without having to worry about what individual functional business areas are doing;

■ coordinate IS/IT activities more easily; ■ implement simpler control systems, since it will not be necessary to monitor the quality

of the distributed IS/IT activities; ■ allocate resources more efficiently, using the benefit of economies of scale and eliminating

the risk of similar applications being developed in different parts of the organisation; ■ achieve speedier strategic decision making because of fewer parties being involved.

Supporters of the decentralised approach also claim a number of advantages:

■ The presence of IS/IT expertise at a functional level allows for a rapid response to local problems without the competition for resources that exists with the centralised approach.

■ Where local decisions can be made about IS/IT that directly affects that area, improved motivation and commitment among staff to their information systems is likely.

■ The cumbersome overhead associated with purely centralised systems is reduced.

Decentralised IS management

Management of some IS services in individual operating companies or at regional offices, but with some centralised control.

Centralised IS management

The control of all IS services from a central location, typically in a company head office or data centre.

M14_BOCI6455_05_SE_C14.indd 514 30/09/14 7:26 AM

515ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

The decentralised approach also has a number of problems associated with it:

■ Where responsibilities are split (e.g. between operational and strategic matters), they need to be very carefully defined if matters are not to be forgotten.

■ Central management may become frustrated by what it perceives as an idiosyncratic approach being adopted within the functional business areas (and vice versa).

■ Split responsibilities may result in complicated control procedures which make decision making more difficult and time-consuming. No one location will be correct for all organisations. Indeed, as an organisation moves towards the maturity stage, it will evolve different locations for different areas of information systems management.

For those who get the balance right between centralised and decentralised services, they can expect to enjoy:

■ rapid information systems development; ■ harmonious IS and business relationships; ■ an IS service that is tailored for the user community; ■ a cost-effective IS/IT function; ■ development of technology infrastructures that support the required information

systems; ■ business success through successfully implemented IS/IT strategies; ■ adoption of appropriate IS strategies; ■ effective change management processes; ■ encouragement of end-user computing where appropriate; ■ accurate assessment of IS/IT costs and benefits, thus ensuring value for money from IS/

IT investments.

On the other hand, those organisations that fail can expect:

■ continual conflict between functional business areas and the IS/IT function; ■ continual complaints about information systems management as a whole; ■ business decline or inefficient service provision; ■ lack of interest in information systems by non-IS/IT personnel; ■ skills problems – either shortages in certain areas or wasteful duplication; ■ high staff turnover; ■ gaps and overlaps in the provision of IS/IT services.

This is an additional case study on the companion web site. You should suggest an appropriate strategy for SSL which is distributed over several sites in the UK.

Location of the IS function at Security Services Limited (SSL)Activity 14.1

Outsourcing occurs when a function of a company that was traditionally conducted internally by company staff is instead completed by a third party. The main reasons for doing this are usually cost reduction and to enable focus on the core business. Functions that are commonly outsourced include catering, cleaning, public relations and information systems.

OUTSOURCING

Information systems outsourcing

All or part of the information systems services of a company are subcontracted to a third party.

M14_BOCI6455_05_SE_C14.indd 515 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT516

Outsourcing is a major trend in the development and management of information systems. Major public and private organisations in the UK such as the Inland Revenue and Rolls-Royce have outsourced its IS management to Electronic Data Systems (EDS).

There are different degrees of outsourcing, varying from total outsourcing to partial management of services. It is best to consider the types of outsourcing services offered rather than specifics such as facilities management and time sharing, which are open to different interpretations. The main categories of services that can be managed include:

1. Hardware outsourcing. This may involve renting time on a high-capacity mainframe computer. Effectively, the company is sharing the expense of purchasing and maintaining the network with other companies that are also signed up to an outsourcing contract. This arrangement is sometimes known as a time-sharing contract.

2. Network management. Network management may also be involved when managing hardware: here a third party is responsible for maintaining the network. This is often referred to as facilities management (FM), and may also include management of PC and server hardware.

3. Outsourcing systems development. When specialised programs are required by a business, it is necessary either to develop bespoke software or to modify existing systems. This is also a significant outsourcing activity. When EDS undertook its contract with the Inland Revenue in the UK, one of its main tasks was to write the software to deal with changes to the way in which tax forms were submitted.

4. IS support. A company help desk can be outsourced to a third party. This could cover answering queries about operating systems, office applications or specific company applications. It could also include fixing problems, in which case an on-site presence would be required. Microsoft outsources much of its support for Windows 95 and 98 to third parties such as Digital.

5. Management of IS strategy. Determining and executing the information systems strategy is less common than the other types of outsourcing outlined above, because many companies want to retain this control. A great deal of trust will be placed in the outsourcing partner in this arrangement and it is most common in a total outsourcing contract.

6. Total outsourcing. An example of total outsourcing is the 1996 agreement between Thorn Europe and IBM Global Services. This five-year contract involves IBM taking over all IT operations on hardware from five different vendors, managing 90 staff and defining and implementing the IT strategy as well.

Types of outsourcing

Time sharing

The processing and storage capacity of a mainframe computer is rented to several companies using a leasing arrangement.

facilities management (FM)

The management of a range of IT services by an outsourcing provider. These commonly include network management and associated software and hardware.

Many businesses accept that poor management on their part and unrealistic expectations are largely to blame for failed IT outsourcing deals, according to a new report released today by sourcing advisory firm TPI. Meanwhile, a separate study has concluded that the potential for significant savings through outsourcing is expected to fuel growth in the offshoring market for the next 20 years at least. The TPI report, which is based on responses from 40 large firms undertaking outsourcing projects, found that almost a third admitted to placing more emphasis on setting up an

Customers admit blame for outsourcing failuresMini case study

M14_BOCI6455_05_SE_C14.indd 516 30/09/14 7:26 AM

517ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

outsourcing contract than they did on managing it. Over half also said that their own ‘unrealistic’ expectations were a major barrier to the success of the project. ‘Contrary to popular belief, many companies blame themselves at least as much as the service providers for their own dissatisfaction with outsourcing relationships’, said Stuart Harris, partner at TPI. ‘Moreover, problems encountered with outsourcing contracts prior to renegotiations often stem from a lack of clarity between the client and the service provider about the scope of the services to be provided – not the quality of the services themselves.’ Harris said the fact that only 18 percent of respondents had looked to replace their incumbent supplier during contract renegotiations suggested that most customers understood that relationships with outsourcers could change over time. ‘Most clients conclude that the industry’s service providers are generally adept at delivering on contractual commitments, and that courses of remedy must necessarily involve changes to service management and governance processes in the first instance’, explained Harris. The report will prove reassuring to outsourcing providers, many of whom have been roundly blamed for the high proportion of IT outsourcing projects that are deemed to have failed. How- ever, it also suggests that some outsourcers may be exploiting customers’ weak outsourcing management skills, with almost a third of respondents claiming their bargaining position had weakened during the renegotiation process compared with when the original deal was signed. Worryingly for the outsourcing sector, the report also found that best practice outsourcing management techniques are still not widespread. Almost half of respondents said they had no formal governance structure, while over a third fail to hold regular meetings for monitoring outsourcing deals. The findings are particularly concerning in the wake of a recent study from management consultancy AT Kearney that predicts offshore outsourcing sites such as India and China will retain their cost advantage for another 20 years, despite wage inflation. Paul Laudicina, managing office of AT Kearney, said that the report also revealed that while salaries in offshore locations are climbing, the quality and stability of their services are also improving. ‘These findings reinforce the message that corporations making global location decisions should focus less on short-term cost considerations, and more on long-term projections of talent supply and operating conditions’, he said. The report also identified Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam, as the strongest challengers to India and China in the offshore outsourcing market.

Source: IT Week, 20 March 2007, www.computing.co.uk/itweek/news/2185966/customers-admit-blame

The main reasons for IS outsourcing are to achieve the following:

■ Cost reduction. An outsourcing vendor can share its assets, such as mainframes and staff, between different companies and achieve economies of scale. It is also argued by outsourcing vendors that lower costs are achieved since they are in a contractual relationship, unlike most internal providers of IT services.

■ Quality improvements and customer satisfaction. Through outsourcing IS functions to a company that is expert in this field, it should be possible to deliver better-quality services to internal and external customers. Better quality could be in the form of systems that are more reliable and have appropriate features, a more reliable company network and better phone support.

■ Enables focus on core business. A company can concentrate its expertise on what it is familiar with, i.e. its market and customers, rather than being distracted by information systems development. This particular argument is weak in some industries such as the financial services sector where information systems are critical to operating in a particular market.

Why do companies outsource?

M14_BOCI6455_05_SE_C14.indd 517 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT518

■ Reduce risk of project failure. Owing to the contract, there is more pressure on the supplier compared with internal developers to deliver a quality product on time, hence it is more likely to succeed.

■ Implementation of a strategic objective. To implement a strategic objective may involve considerable risk if it is undertaken internally or resources are not available. For example, in the mid-1990s many companies undertook outsourcing to ensure that the ‘millennium bug’ could be fixed by using a third party with the expertise to solve the problem. Similarly, in the mid-1990s many companies were undertaking business process re-engineering initiatives that often involved major changes to information systems.

Whether these benefits are achievable is currently the subject of a great deal of debate, with the detractors of outsourcing arguing that although costs may be reduced, the quality of the service will also decline. Since outsourcing is a relatively new phenomenon, it is not clear whether the promises are achieved, but the number of companies signing up to outsourcing contracts indicates that it is a major industry trend. Other problems that may occur are that IT staff are likely to be unhappy, as they are transferred to a third-party company with new contracts. To summarise this section, reasons given by companies as to why they use outsourcing are given in Table 14.1.

Table 14.1 Main reasons for outsourcing

reason Percentage mentioning

Cost savings 57%

Improved quality of service 40%

Access to specialist expertise 37%

Increased flexibility 27%

Strategic business decision 21%

Free management time 19%

Lack of resources 11%

Improved financial control 8%

Reasons for outsourcing The top 10 reasons companies outsource (in alphabetical order), according to The Outsourcing Institute:

1. Accelerate re-engineering benefits

2. Access to world-class capabilities

3. Cash infusion

4. Free resources for other purposes

5. Function difficult to manage or out of control

6. Improve company focus

7. Make capital funds available

8. Reduce operating costs

9. Reduce risk

10. Resources not available internally

Source: The Outsourcing Institute, © 1998 The Outsourcing Institute, Jericho, NY.

M14_BOCI6455_05_SE_C14.indd 518 30/09/14 7:26 AM

519ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

Examine Table 14.1 and assess which of the reasons for outsourcing would be important to the following:

1. Financial manager (chief finance officer).

2. Information systems manager.

3. Managing director.

4. Departmental manager in human resources, marketing or production.

Reasons for outsourcingActivity 14.2

Strassmann (2002) checked on some of the largest recent multi-year contracts for firms that outsourced more than half their computing resources. An analysis of detailed financial information from 1996 to 2000 that was available for eight firms revealed that each of them had delivered declining returns on (shareholder) equity (ROE), with the average ROE for the entire group declining from 18.2 per cent in 1996 to 2.5 per cent in 2000.

This observation raises an interesting question: is it the outsourcing of computing resources that is the cause of the decline, or is it a symptom of outsourcing being used by a business in trouble as an attempt to reduce costs?

Collins and Millen (1995) cite the following concerns over outsourcing:

■ loss of control of IS ■ loss or degradation of internal IS services ■ corporate security issues ■ qualifications of outside personnel ■ negative impact on employee morale.

In addition to these problems, case studies seem to suggest that the principal objective of undertaking outsourcing, cost reduction, may not be achieved in many cases. Cost reduction is usually thought to occur because of a reduction in the number of staff employed and savings on the cost of acquisition of hardware and software through discounts available through economies of scale.

Lacity and Hirscheim (1995), in their classic study of outsourcing, identify the following reasons for escalating costs:

■ not identifying present and future requirements fully, and leaving loopholes in the contract;

■ failing to identify the full costs and service levels of existing in-house operations, with the result that contracts turn out to cost more than originally anticipated because in-house calculations were too low;

■ change-of-character clauses prompting excess fees for any changes in service or functions;

■ software licence transfer clauses making customers responsible for fees; ■ fixed prices that soon exceed market prices because the cost of IT is decreasing; ■ fluctuations in data processing volumes not covered by fixed limits under the contract,

and incurring significantly higher fees. ■ paying extra for services that the customer assumed were included in the fixed price,

because of poor analysis beforehand of services provided by the in-house group leading to a limited fixed-price contract;

Problems of outsourcing

M14_BOCI6455_05_SE_C14.indd 519 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT520

■ subsidising the vendor’s learning curve; ■ changes in technology: vendors offer services on existing platforms and subsequent

moves into new technology often cost more than anticipated.

To avoid some of the problems outlined above, the design of the contract is critical to ensure that the supplier provides a full service. For network management this can be achieved through service-level agreements (SLAs) that specify minimum acceptable values for availability of the network, such as 99.8 per cent access, or give the maximum number of failures per month. It is more difficult to specify in a contract services to be provided for developing software. As a result of this, the costs of outsourced software development can spiral. Further details on defining contracts for information systems development are given later in this chapter.

Outsourcing IS developments will have a direct impact on information systems staff and this needs to be managed. In the worst case staff may be made redundant, but in the majority of cases the outsourcing company will agree to employ existing IS staff while a core of IS staff remain with the company to manage the contract or functions that have not been outsourced. Redundancies tend not to occur, because this is part of the agreement between the company and the outsourcer to avoid resistance to change. Additionally, due to shortages of IS staff it is usually possible for the outsourcing company to redeploy staff if necessary.

Even if staff are not made redundant, transfer of staff will cause major disruption and often resentment. One main cause of this is that staff will be forced to sign a new contract when they transfer. While remuneration may be better, terms and conditions will change. For example, there may be no paid overtime, or staff may be asked to work elsewhere in the country on other outsourcing contracts. Positive aspects of outsourcing for staff may include:

■ improved rates of pay; ■ better training; ■ greater career opportunities for improving knowledge and promotion through working

in a range of companies.

Human factors and outsourcing

The critical role of the contract in ensuring that an outsourcing initiative will work has already been mentioned. In addition to this, other factors must be incorporated. These include:

■ Outsourcing strategy must be consistent with the business and information management strategy.

■ Level of outsourcing should be appropriate to the business: selective outsourcing for most businesses or total outsourcing where information systems play a mainly supporting role.

■ A method of retaining control and leverage over the suppliers is necessary. This could include a shorter-term contract, a risk and reward contract, and not including strategic planning in the services to be outsourced.

■ Human factors involved in outsourcing must be considered in conjunction with the human resources department, particularly where staff may be displaced or made redundant.

Making outsourcing work

M14_BOCI6455_05_SE_C14.indd 520 30/09/14 7:26 AM

521ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

■ If a company does not have previous experience of outsourcing, it may be valuable to get an independent specialist to assist in drawing up the outsourcing agreement.

■ Allocating time and using measurement systems to manage the outsourcing contract.

Feeny et al. (1995) have identified alternative scenarios to help an organisation decide whether to stay in-house or to outsource. These are summarised in Table 14.2.

The same authors cite the following statistics from the organisations they surveyed:

■ 80 per cent had considered outsourcing; ■ 47 per cent outsourced some or all of their information systems; ■ 70 per cent did not have formal outsourcing policy in place; ■ only 43 per cent of organisations that had outsourced actually have an outsourcing policy; ■ few organisations approach outsourcing in a strategic manner.

These rather alarming statistics clearly show that more than half of those organisations that outsource some of their information systems provision do not have a formal outsourcing policy in place. Perhaps it is not surprising then, that Paul Strassmann (2002) has described outsourcing as a ‘game for losers’.

In a review of outsourcing success factors, Gonzalez et al. (2005) summarise a number of success factors in the literature. The key success factors include:

■ Provider’s understanding of clients’ objectives – the client–provider relationship management should focus on the achievement of the clients’ aims; suppliers that have a good understanding and an interest in the outsourcing firm’s business will be better positioned to help define those goals essential for the middle- and long-term continuity of the outsourcing relationship.

■ Choosing the right provider – this can be key to the success or failure of the outsourcing agreement; therefore, prior to contract signature, a detailed evaluation and selection of potential vendors must be carried out and the provider must be chosen from a wide range of IT vendors in order to locate a potential outsourcing provider; an organisation should also investigate current outsourcing partnerships in the same sector as well as in related industries; factors such as the stab-ility, quality and reputation of the provider should also be considered.

■ A clear idea of what is sought through outsourcing – an accurate definition of the project’s scope and specifications is a clear prerequisite for outsourcing success; if firms resort to outsourcing with only a vague idea of what they want to obtain from the vendor, unavoidable uncertainty relating both to technological aspects of the IS service and to the volume of needs that must be met will result; the solution, therefore, is to outsource only those activities that are clearly understood and for which a solid contract can be drawn up. It is also recommended to sign the contract for a length of time that allows the firm to monitor its business requirements whilst the client firm must also make an effort to clarify the business objectives that will be reached through outsourcing.

Table 14.2 Decision matrix for deciding which IS services stay in-house

Business characteristics Outsource Don’t outsource

Business positioning impact Low High

Links to business strategy Low High

Future business uncertainty Low High

Technological maturity High Low

Level of IT integration Low High

In-house v. market expertise Low High

M14_BOCI6455_05_SE_C14.indd 521 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT522

■ Provider’s attention to clients’ specific problems – since each organisation is different, firms are advised against standard contracts and clients want to feel that the provider will take into account their special technological and business characteristics.

■ Frequent client–provider contacts – the literature suggests that these contacts will make it possible to build working relationships, confidence, comfort and trust; ensure the provider’s extensive acclimatisation to understand their customer’s style, standards and culture; good communication between client and vendor in order to make the outsourcing deal successful for everybody; enable continuity by designing relationships that anticipate change as business conditions and technology evolve, thus requiring relationship structures and management mechanisms that ensure successful work with the outsourcing vendor over time

■ A good-value-for-money relationship – since financial justification is seen as one of the top ten outsourcing success factors, outsourcing is likely to be successful when financial expectations such as the achievement of a cash infusion, cost reduction, production and transaction cost economies, financial slack or even tax advantages are covered.

■ Top management’s support and involvement – given that the involvement of the top management in IT-related decisions is largely the key determining factor for the good or bad performance of IS departments within organisations, senior management support is also crucial in the IT outsourcing process where both senior management and IT management involvement is required to conduct a rational outsourcing evaluation; by involving both in the outsourcing decision, financial, business and technical objectives can be defined, thus establishing the scope of the outsourcing evaluation, developing bid analysis criteria, and verification of the bid analysis, whilst the IT management ‘assumes the critical role of creating the detailed request for proposal, evaluating the legitimacy of vendor economies of scale, estimating the effects of price/performance improvements, and providing insights on emerging technologies that might affect the business’.

■ Proper contract structuring – if an organisation outsources its information systems, a written outsourcing contract is the only certain way to ensure that expectations will be realised – it is therefore essential to outsourcing success. Good outsourcing contracts must be as comprehensive as possible, defining all pertinent issues; they must discuss the obligations of each party, cost, duration, terms and conditions and must include clauses that refer to its evolution, reversibility, termination and penalisation. The contract can, therefore, ‘be viewed as a set of master terms and conditions, with details about the specific work required and the compensation for that work treated as additional components’.

Letting a contractor deal with ‘your mess for less’ is the conventional attraction of outsourcing – customers save money by handing over their hardware, software, networking and even information technology staff to a third party.

Clients often say they want to outsource to focus on their core business, to improve flexibility or to access

skilled staff, says Neville Howard, a partner in the technology integration team at Deloitte, the business advisers. ‘But I haven’t seen one yet that doesn’t want to save money on operating costs.’

Traditional IT outsourcing contracts last five, seven or even 10 years, and offer annual savings of about 20 per cent. Suppliers tend to lose money in the first year or

Outsourcing: beware false economies By Jane Bird

CASE STUDY 14.1

M14_BOCI6455_05_SE_C14.indd 522 30/09/14 7:26 AM

523ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

two because of the investment required in taking over legacy systems.

Over the long term, they save by shedding staff, streamlining systems and achieving economies of scale. In recent years, this pricing model has become harder to achieve because of a shortage of capital to borrow.

Clients’ discomfort with the idea of their IT being handled at long distances has also made it more difficult for suppliers to cut costs by offshoring. The advent of cloud computing and software as a service, with their pay-as-you-go pricing, has also increased the financial pressure on outsourcing suppliers.

Many have made unrealistic promises to win contracts and then underinvested. ‘Service levels dip and customers become frustrated. We hear that again and again,’ says Mr Howard. Customers should be careful about driving a hard bargain, he says, because what looks like a lower price might end up costing more.

Martin Burvill, group vice-president of global solutions at Verizon Business, the US IT services provider, says that customers who just want to save money by outsourcing and ruthlessly drive down suppliers on price are making a big mistake. ‘Suppliers try to recover their losses by charging for all the extras or cutting back resources, so there is a huge gulf between expectation and execution.’

Customers can’t expect to get a cheaper service unless they are prepared to let suppliers change the operating model and methodology, Mr Burvill says. ‘Without transformation, the supplier won’t make money. This is pure logic, but it gets forgotten,’ he says.

Customers have to be prepared to adapt, he adds, and the more they can move to the outsourcing provider’s systems, the greater the potential savings.

Customers can often get better value for money by focusing on how the outsourcing provider can make them more competitive or help to bring out products faster, says Jonathan Cooper-Bagnall, head of outsourcing at PA Consulting.

‘That might mean switching some services off or scaling them back, or shifting the speed of transition from legacy infrastructure to new customer-focused applications.’ They could also request fewer estimates for new applications, which are expensive, he says.

For outsourcing providers, moving away from guaranteed returns and minimum commitments is a big step, says Mr Cooper-Bagnall. ‘It fundamentally changes the way they can sell, because it’s not about

length of contract. They have to change the incentive structure for sales staff, and think about whether it cannibalises a service they already provide.’

Nick Grossman, group business development director of 2e2, an IT services provider, suggests that customers should set challenges for outsourcing suppliers, such as reducing the time and cost of processing documents. ‘With measurable targets, suppliers can be offered a share in the risks and rewards of improving business efficiency,’ he says.

Keeping outsourcing providers to a minimum also helps to reduce costs, says Don Herring, the New Jersey-based senior vice-president of network sourcing at AT&T, the communications company. AT&T encourages clients to engage a maximum of three suppliers to handle computing, applications and networking respectively, and to expect them to collaborate. This can result in savings of up to 35 per cent, says Mr Herring.

Having multiple suppliers can also help to keep prices low by introducing competition. It is smart to have a couple of providers for activities such as maintenance and application development, says Deloitte’s Mr Howard. Then you can have a mini contest between the two.

‘Otherwise,’ he says, ‘it’s very hard to know how long they need; you might get a low hourly rate that ends up costing more than another provider that charges more but does the job quicker.

Minimising the use of consultants also saves money, says Mr Burvill at Verizon. ‘Being paid by the day motivates consultants to prolong their contracts by continuously changing the specification.’

There is a lot of emotion in outsourcing, especially as it often involves transferring staff, which is upsetting and causes upheaval. This disruption is one reason why about 40 per cent of clients for which Deloitte looks at outsourcing end up keeping the service in-house. They decide there are not enough cost savings, or the risks outweigh the benefits, particularly for small and medium-sized businesses.

A number of Deloitte’s clients that have tried outsourcing are bringing it back in house, Mr Howard says. ‘It is a bit like marriage – there can be lots of suffering and violence, and occasionally a messy divorce.’

To avoid breakdown, customers should be prepared to share the financial rewards of improved efficiency. A level of mild dissatisfaction is not unusual in customers, Mr Howard says. ‘But responsibility for making it work rests as much with them as with suppliers.’

QUESTION

Discuss the economics of outsourcing.

Source: Bird, J. (2011) Outsourcing: beware false economies. Financial Times. 6 December. © The Financial Times Limited 2011. All Rights Reserved.

M14_BOCI6455_05_SE_C14.indd 523 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT524

Until relatively recently, the management of information systems within organisations can largely be described as belonging to the ‘strategic information systems (SIS) era: that is, management typically seeks out opportunities for competitive advantage through investment in IS/IT where those investments are aligned with corporate strategy and also where those investments can be used to shape business strategy. Peppard and Ward (2004), however, propose an alternative perspective whereby management of IS/IT in organisations can ‘continuously derive and leverage value through IT’. In a summary of antecedent literature, they point out that only IS management skills are likely to be a source of sustained competitive advantage and that ‘these skills are the ability of IS managers to understand and appreciate business needs; their ability to work with functional managers; the ability to co-ordinate IS activities in ways that support other functional managers; and the ability to anticipate future needs’.

In promoting a resource-based view of competitive advantage, Peppard and Ward identify three main elements of resource-based theory (RBT) to help establish a context for developing a model of IS/IT capability. These elements are:

■ Resources – resources in this context are available factors of production that are owned or controlled by the firm, including the information, systems and techno-logy owned or available to the firm are and ‘in the context of IS management the critical resources are the knowledge and skills residing in employees or the employees of third-party vendors’.

■ Competencies – the RBT perspective indicates that resources of themselves do not create value, but that value is created by an organisation’s ability to utilise and mobilise those resources. From an IS management perspective, competencies can be portrayed as the ability to deploy combinations of firm-specific resources to accomplish a given task and that they represent the collective knowledge of the firm in initiating or responding to change.

■ Capability – this refers to the strategic application of competencies and their use and deployment to accomplish given organisational goals; an organisation’s current capability is based on its existing competencies, will be either an enabler or inhibitor in terms of the goals it can actually achieve.

Peppard and Ward go on to suggest that one way to apply RBT to the management of IS is to focus on competencies within the IS function and that research has identified six domains of IS competence: strategy, defining the IS contribution, defining the IT capability, exploitation, delivering solutions and supply. They are defined as follows:

Strategy – ability to identify and evaluate the implications of IT based opportunities as an integral part of business strategy formulation and define the role of IS/IT in the organization

Define the IS contribution – the ability to translate the business strategy into processes, information and systems investments and change plans that match the business priorities (i.e. the IS strategy)

Define the IT capability – the ability to translate the business strategy into long term information architectures, technology infrastructure and resourcing plans that enable the implementation of the strategy (i.e. the IT strategy)

Exploitation – the ability to maximize the benefits realized from the implementation of IS/IT investments through effective use of information, applications and IT services

Deliver solutions – the ability to deploy resources to develop, implement and operate IS/IT business solutions, which exploit the capabilities of the technology

Supply – the ability to create and maintain an appropriate and adaptable information, technology and application supply chain and resource capacity.

BEYOND STRATEGIC INFORMATION SYSTEMS – THE IMPORTANCE OF IS CAPABILITY

M14_BOCI6455_05_SE_C14.indd 524 30/09/14 7:26 AM

525ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

Peppard and Ward propose that a model that can be constructed to represent the components of the IS capability as illustrated in Figure 14.1.

In order to arrive at an understanding of IS capability, they suggest that first one needs to understand the relationship between resources and IS competencies and then between IS competencies and IS capability. Competencies, it is suggested, are embedded in organisational processes which in turn are bounded by the structure of the organisation. By performing roles in organisational structures, people apply and integrate their knowledge by interacting with others and coordinating their actions. A competency is, therefore, an emergent property of organisational processes. From an information systems perspective, processes include ‘formulating strategies, management decision making processes for investments in IS/IT, managing the organisational and business changes required to deliver value, and the responsibilities and accountabilities for realizing specific benefits’. The roles that need to be performed to deliver these processes require individuals to have certain abilities including their skills (e.g. the ability to draw data flow diagrams), know-ledge (e.g. what might be involved in constructing a workable outsourcing contract) and behaviours and attitudes that make knowledge useful and enable skills to be acquired (e.g. having IS staff who empathise with the user in delivering IS services). Finally, structures need to be put in place that enable processes to be performed effectively and which allow skills to be harnessed (e.g. structures that easily facilitate cross-functional communication and delivery).

When examining the relationship between IS competency and IS capability, it is suggested that an organisation’s strategy and its investment decisions are the two key contributing factors. These two factors can determine whether an organisation’s IS capability is a source of competitive advantage, competitive parity or competitive disadvantage. IS capability, according to Peppard and Ward, has three interrelated attributes.

1. Fusing IS knowledge and business knowledge – this is essential to ensure that strategies involving technological innovation can be formulated, and appropriate IS choices made and implemented quickly and effectively. In addition, knowledge will need to

Figure 14.1 A model of the IS capability

Enterprise level

Organising level

Resource level

Processes Structure

Roles

IS Competencies

IS Capability

Strategy Investment allocation

Business skills, knowledge and experience

Behaviour and attitude

Technical skills, knowledge and experience

Source: Peppard and Ward (2004)

M14_BOCI6455_05_SE_C14.indd 525 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT526

be integrated and coordinated from many individuals from different disciplines and backgrounds, with varied experiences and expectations, located in different parts of the organisation. In order to achieve this, a close partnership between IS staff and business staff at all levels is needed.

2. A flexible and re-usable IT infrastructure – this is the supply-side component of the IS capability that provides the technical platform, services and specialist resources needed to respond quickly to required business changes together with the capacity to develop innovative IS applications. Since an organisation’s IT infrastructure provides the shared foundation of the organisation’s ability for building and using business applications, it is one of the main elements that will determine an organisation’s level of agility as it seeks to respond to changing business needs and opportunities. Therefore, IT infrastructure and services needs to be adequately planned for, rather than simply grow in an ad-hoc manner over time. Indeed, the whole issue of IT infrastructure flexibility has been well explored by Byrd and Turner (2000) who conclude that ‘a flexible IT infra-structure is positively related to an increase in costs and competitive advantage for adopting organisations’.

3. An effective use process – since technology by itself has no inherent value, its value must be unlocked through people applying the technology and creating an environment conducive to collecting, organising and maintaining information, together with embracing the right behaviours for working with information. Therefore, business and management processes need to deploy technology to deliver business benefits, which in turn requires knowledge and skills from within the organisation. Of benefit here is the suggestion that organisations should place more emphasis on ‘human-centred information management’ in order to improve the ways in which people use and share information.

This section has emphasised the importance of management processes in providing organisations with an IS capability that is a source of competitive advantage through the harnessing of human and technical resources. Peppard and Ward rather wistfully conclude in their 2004 paper that ‘the recent re-labelling of IS/IT as “e” seemed to re-ignite that inherently flawed notion (that merely possessing a technology will deliver untold benefits). The stock market boom in technology stocks and unsubstantiated claims for the “new economy” increased that misplaced confidence for a short time – but long enough for vast sums to be wasted on failed IT investments! This suggests a significant level of incompetence exists.’

IT INFRASTRUCTURE FLEXIBILITYFOCUS ON…

Byrd and Turner (2000) have noted that, on average, IT infrastructure expenditures account for over 58 per cent of an organisation’s IT budget and this is growing annually at a rate of 11 per cent. Given that an organisation’s IT infrastructure is a key factor in its ability to respond to changing information system needs, it is useful to consider what is meant by infrastructure flexibility.

Byrd and Turner also highlight a Society for Information Management (SIM) Delphi study where IT managers indicated that the building and development of a flexible and responsive IT infrastructure was the most important issue of IT management. In a review of relevant literature they also note that there are two main components of IT infrastructure: a technical IT infrastructure relating to applications, data and technology configurations and a human IT infrastructure relating to the knowledge and capabilities required to manage effectively the IT resources within the organisation. They also point to relevant management literature where flexibility is defined as ‘the degree to which an organisation possesses a variety of actual and potential procedures, and the rapidity with which it can implement these procedures to increase the control capability of the management and improve the controllability of the organisation over its environment’.

M14_BOCI6455_05_SE_C14.indd 526 30/09/14 7:26 AM

527ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

They go on to suggest that ‘IT infrastructure is the shared IT resources consisting of a technical physical base of hardware, software, communications technologies, data, and core applications and a human component of skills, expertise, competencies, commitments, values, norms, and knowledge that combine to create IT services that are typically unique to an organisation. These IT services provide a foundation for communications interchange across the entire organisation and for the development and implementation of present and future business applications.’ And when combining the above definition with the concept of flexibility, IT infrastructure flexibility can be defined as ‘the ability to easily and readily diffuse or support a wide variety of hardware, software, communications technologies, data, core applications, skills and competencies, commitments, and values within the technical physical base and the human component of the existing IT infrastructure’.

As Duncan (1995) points out, infrastructure flexibility is perceived as critical to information-intensive firms because of the amount of unplanned systems requirements faced by IT departments. Inflexibility exists when developers have difficulties with users’ demands that require systems to do things they were not designed to do. In this situation, the historic solution has been either to update the systems to do those things, or to build a new system to reflect the new requirements. The alternative approach is to develop an infrastructure that allows flexible manufacturing of systems so that the systems developers’ ability to design and build systems is improved.

The links here with agile approaches to software development, reusable code, open hardware and communications technologies are clear. From a systems management perspective, it suggests that if an organisation is to be agile in its response to a changing internal and external business environment, then it needs a flexible IS/IT infrastructure, embracing both technical and human infrastructures.

Very few models and texts embrace an overall methodology for determining the relationship between IS/IT processes, IS/IT resources and information to organisational strategies and objectives. The Control Objectives for Information and related Technology (COBIT) approach aims to address these relationships and, according to the IT Governance Institute, ‘integrates and institutionalises good (or best) practices of planning and organising, acquiring and implementing, delivering and supporting, and monitoring IT performance to ensure that the enterprise’s information and related technology support its business objectives’ (COBIT, 3rd edition, Executive Summary, July 2000).

Business objectives and the organisational activities that stem from them both provide an input to the COBIT IT processes and are themselves informed by the capabilities afforded by IS/IT. Effective governance of an organisation requires that individual and group expertise be applied where it can be most productive. IT governance provides the structure that enables IT resources and information to be incorporated as an integral part of organisational strategies and objectives. COBIT in its Control Objectives document summarises the relationship thus:

Enterprise activities require information from IT activities in order to meet business objectives. Successful organisations ensure interdependence between their strategic planning and their IT activities. IT must be aligned with and enable the enterprise to take full advantage of its information, thereby maximising benefits, capitalising on opportunities and gaining a competitive advantage.

The COBIT framework adopts seven requirements to which an organisation’s systems should comply, together with five principal categories of IT resource that are used to deliver business information. The business inputs to the COBIT framework stem from business events including business objectives, business opportunities, external requirements,

PULLING IT TOGETHER: IT GOVERNANCE AND COBIT

M14_BOCI6455_05_SE_C14.indd 527 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT528

regulations and risks, and it is through the application of the five categories of IT resource that the seven information requirements can be controlled. These requirements are:

■ Effectiveness: delivery of relevant information that is pertinent to the business process in a timely, correct and consistent manner.

■ Efficiency: the provision of information through the optimal use of resources. ■ Confidentiality: the protection of sensitive information from unauthorised disclosure. ■ Integrity: the accuracy, validity and completeness of information. ■ Availability: information being available as and when required by the business process; it

also refers to the safeguarding of necessary resources and associated capabilities. ■ Compliance: the externally imposed business criteria that apply, such as laws, regulations

and contractual arrangements. ■ Reliability of information: the provision of appropriate information such that the

organisation can continue to operate and for the management to exercise its fiscal and compliance reporting responsibilities.

The resources used to achieve these information objectives are:

■ Data: both internal and internal, structured and non-structured that need to be captured and stored.

■ Application systems: the sum of all manual and programmed procedures (i.e. paper-based as well as computer-based applications).

■ Technology: the hardware, operating systems, DBMS, networks etc. within the organisation.

■ Facilities: the resources needed to house and support information systems. ■ People: this includes staff skills needed to plan, organise, acquire, deliver, support and

monitor information systems and services.

The complete COBIT framework identifies four domains with a total of 34 high-level control objectives. These high-level control objectives are broken down into 318 detailed control objectives. In addition to the framework is a set of Management Guidelines which

provides management direction for getting the enterprise’s information and related processes under control, for monitoring achievement of organisational goals, for monitoring performance within each IT process and for benchmarking organisational achievement.

These comprise four elements and we will deal with each in turn.

Maturity models

The thinking here is not unlike Nolan’s stage model discussed earlier (in Chapter 13). An organisation can analyse its own position with respect to the model and in so doing can identify the steps needed to improve its IT governance. The six stages are as follows:

0. Non-existent: There is a complete lack of any recognisable IT governance process and the organisation may not even realise that there is an issue to be addressed.

1. Initial/ad hoc: IT governance is recognised as an issue, but management’s approach is chaotic; no standardised processes exist, but one-off approaches may be taken on a case- by-case basis.

2. Repeatable but intuitive: There is awareness of IT governance issues and IT gov- ernance activities are under development; basic measurement and assessment

Management guidelines

M14_BOCI6455_05_SE_C14.indd 528 30/09/14 7:26 AM

529ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

methods and techniques are in use, but they have not been adopted across the organisation.

3. Defined process: The need to act with respect to IT governance is understood and ac- cepted; procedures have been standardised, documented and implemented; balanced business scorecard ideas are being adopted by the organisation; individuals are left to get training, follow standards and apply them; root cause analysis is rarely applied.

4. Managed and measurable: There is full understanding of IT governance issues at all levels, supported by formal training; responsibilities are clear and process ownership is established; all process stakeholders are aware of risks, the importance of IT and the opportunities it can offer; continuous improvement is beginning to be addressed; IT governance activities are becoming integrated with the enterprise governance process.

5. Optimised: There is advanced and forward-looking understanding of IT governance is- sues and solutions; processes have been refined to a level of external best practice; the organisation, people and processes are quick to adapt and fully support IT governance requirements; all problems and deviations are root-cause-analysed and efficient action taken; risks and returns of IT processes are defined, balanced and communicated across the organisation; enterprise and IT governance are strategically linked so that technol- ogy, human and financial resources can be leveraged to increase the competitive advan- tage of the enterprise.

The maturity model would suggest that the adoption of a framework such as COBIT will result in a seamless interface and integration between business and IS/IT strategies. The following three tools can be used to help with the alignment process.

Critical success factors

These are discussed in more detail in earlier (Chapter 13). Within the context of the COBIT model, CSFs define the most important management-oriented implementation guidelines to achieve control over and within an organisation’s IT processes. Example CSFs include:

■ integration and smooth interoperability of the more complex IS/IT processes such as problem, change and configuration management;

■ the implementation of management practices that increase the efficient and optimal use of resources and increase the effectiveness of IS/IT processes;

■ the integration of IS/IT governance activities into the enterprise governance process and leadership behaviours;

■ focusing IS/IT governance on the organisational goals, strategic initiatives, the use of technology to enhance the business and on the availability of sufficient resources and capabilities to keep up with the business demands.

Key goal indicators

These define the measures that tell management whether an IT process has achieved its business requirement. An example might be an organisation that is seeking to be the most profitable company in the industry, and that to help achieve this, investment in procurement software to help reduce materials costs has been undertaken. Therefore, the measures used might include a ‘before and after’ analysis of materials purchase costs. Needless to say, this is an ‘after the fact’ approach! Further indicators might include the following:

■ improved time-to-market; ■ reaching new and satisfying existing customers; ■ creation of new service delivery channels;

M14_BOCI6455_05_SE_C14.indd 529 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT530

■ appropriately integrated and standardised business processes; ■ improved return on major IS/IT investments.

Key performance indicators (KPIs)

KPIs are the lead indicators that define measures of how well the IT process is performing in enabling a key goal to be reached. For example, suppose that a hospital has a required systems availability of 99.99 per cent up-time in order to ensure that patient care is fully supported. A KPI would be the reported systems up-time when compared with the target value. Further examples include:

■ improved performance as measured by balanced scorecards; ■ improved staff productivity and morale; ■ increased satisfaction of stakeholders; ■ increased availability of knowledge and information for managing the enterprise; ■ increased linkage between IS/IT and enterprise governance.

Figure 14.2 COBIT’s four domains

IS/IT resources

Planning and

organisation

Acquisition and

implementation

Monitoring

Information

Business objectives

Delivery and

support

It is easiest to consider these if COBIT is considered as a ‘lifecycle’ model. Figure 14.2 illustrates the approach and also shows how information and IS/IT resources are embedded in the process. The diagram illustrates that the information both drives and enables business objectives and that business objectives generate the need for information as enabled through the utilisation and application of IS/IT resources. We will now consider each of the four domains.

COBIT IT processes – the four domains

M14_BOCI6455_05_SE_C14.indd 530 30/09/14 7:26 AM

531ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

Planning and organisation

This domain is principally concerned with the way IS/IT can best contribute to the achievement of the business objectives. This means that an IS/IT strategy needs to be clearly articulated, particularly with respect to linkages with the overarching business strategy. The strategic vision needs to be planned, communicated and managed for different perspectives within the organisation (for example, those perspectives identified as part of the balanced scorecard method). Finally, a proper organisation as well as technological infrastructure must be put in place. This will include hardware, operating environment and communications technologies (in other words the delivery platforms that enable the right information to be delivered to decision makers). As with each of the following domains, there are a number of specific processes involved with implementing the control objectives:

■ define a strategic IT plan; ■ define the information architecture; ■ determine technological direction; ■ define the IT organisation and relationships; ■ manage the IT investment; ■ communicate management aims and direction; ■ manage human resources; ■ ensure compliance with external requirements; ■ assess risks; ■ manage projects; ■ manage quality.

Acquisition and implementation

Earlier chapters have dealt with issues relating to information systems acquisition and implementation. Therefore, in order to bring about the IS/IT strategy, solutions need to be identified, developed or acquired, as well as implemented and integrated into business processes. In addition, ongoing systems evolution and maintenance are included in this domain to make sure that the lifecycle is continued for these systems (which naturally become legacy systems once implemented). The processes involved in this domain include:

■ identify automated solutions; ■ acquire and maintain application software; ■ acquire and maintain technology infrastructure; ■ develop and maintain procedures; ■ install and accredit systems; ■ manage changes.

Delivery and support

This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. In order to deliver services, the necessary support processes must be set up. One thing that perhaps sets this apart from more traditional strategy models is the fact that the actual processing of data by application systems is included, even though this would typically be regarded as more the operational domain of the functional business area concerned. The specific processes involved within this domain are:

■ define and manage service levels; ■ manage third-party services;

M14_BOCI6455_05_SE_C14.indd 531 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT532

■ manage performance and capacity; ■ ensure continuous service; ■ ensure systems security; ■ identify and allocate costs; ■ educate and train users; ■ assist and advise customers; ■ manage the configuration; ■ manage problems and incidents; ■ manage data; ■ manage facilities; ■ manage operations.

Monitoring

It is necessary to assess regularly all IS/IT processes to ensure that they meet the required quality standards and that they comply with control requirements. This domain, therefore, helps to address management’s oversight of the organisation’s control process through internal and external auditing and/or benchmarking against best practice. Specific activities include the following processes:

■ monitor the processes; ■ assess internal control adequacy; ■ obtain independent assurance; ■ provide for independent audit.

In conclusion, COBIT would appear to provide a control framework whereby IS/IT strategy can be more readily aligned with an organisation’s business strategy. In particular, it articulates a number of processes that organisations need to perform in order to deliver appropriate and cost-effective IS/IT strategies.

As the impact of technology change on business grows, McKinsey, has identified 10 IT-enabled business trends that it says will help shape corporate strategies over the next decade.

In the article, published in the McKinsey’s Quarterly, authors Jacques Bughin, Michael Chui and James Manyika argue that since they last reviewed the IT landscape in 2010, ‘the implications of those trends for companies’ strategies, business models, organisational approaches and relationships with customers and employees have only grown.’

Since then, they say the pace of technology change, innovation and business adoption since then has been

stunning. ‘Consider that the world’s stock of data are now doubling every 20 months; the number of Internet- connected devices has reached 12bn; and payments by mobile phone are hurtling toward the $1,000bn mark.’

In particular, the authors argue that the dramatic pace at which two trends in particular have been advancing is transforming them into 21st-century business ‘antes’: competitive necessities for most if not all companies.

‘Big data and advanced analytics have swiftly moved from the frontier of our trends to a set of capabilities that need to be deeply embedded across functions and operations, enabling managers to have a better basis

IT trends shape future corporate strategies By Paul Taylor

CASE STUDY 14.2

M14_BOCI6455_05_SE_C14.indd 532 30/09/14 7:26 AM

533ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

for understanding markets and making business decisions,’ they write. ‘Meanwhile, social technologies are becoming a powerful social matrix – a key piece of organisational infrastructure that links and engages employees, customers and suppliers as never before.’

They note that the ‘Internet of All Things,’ the linking of physical objects with embedded sensors, is being exploited at breakneck pace, simultaneously creating massive network effects and opportunities.

Meanwhile ‘the cloud,’ with its ability to deliver digital power at low cost and in small increments, is not only changing the profile of corporate IT departments but also helping to spawn a range of new business models by shifting the economics of ‘rent versus buy’ trade-offs for companies and consumers.

‘The result is an acceleration of a trend we identified in 2010: the delivery of anything as a service,’ they say. ‘The creeping automation of knowledge work, which affects the fastest-growing employee segment worldwide, promises a new phase of corporate productivity.

‘Finally, up to 3bn new consumers, mostly in emerging markets, could soon become fully digital players, thanks chiefly to mobile technologies. Our research suggests that the collective economic impact (in the applications that we examined) of information technologies underlying these four trends could range from $10,000bn to $20,000bn annually in 2025.’

The next three trends identified in the article, ‘will be most familiar to digital marketers, but their relevance is expanding across the enterprise, starting with customer- experience, product and channel management,’ say the authors.

‘The integration of digital and physical experiences is creating new ways for businesses to interact with customers, by using digital information to augment individual experiences with products and services. Consumer demand is rising for products that are free, intuitive and radically user oriented. And the rapid evolution of IT-enabled commerce is reducing entry barriers and opening new revenue streams to a range of individuals and companies.’

Finally, McKinsey highlights the extent to which government, education and healthcare – which often seem outside the purview of business leaders – could benefit from adopting digital technologies at the same level as many industries have.

‘Productivity gains could help address the imperative (created by ageing populations) to do more with less, while technological innovation could improve the quality and reach of many services. The embrace of digital technologies by these sectors is thus a trend of immense importance to business, which indirectly finances many services and would benefit greatly from the rising skills and improved health of citizens everywhere.’

The trends identified in the report are:

1. Joining the social matrix – Social technologies are much more than a consumer phenomenon: they connect many organisations internally and increasingly reach outside their borders. Now it has become the environment in which more and more business is conducted.

2. Competing with ‘big data’ and advanced analytics – Three years ago, McKinsey described new opportunities to experiment with and segment consumer markets using big data. As with the social matrix, the firm now sees data and analytics as part of a new foundation for competitiveness.

3. Deploying the Internet of All Things – Tiny sensors and actuators, proliferating at astounding rates, are expected to explode in number over the next decade, potentially linking over 50bn physical entities as costs plummet and networks become more pervasive. What McKinsey described as nascent three years ago is fast becoming ubiquitous, which gives managers unimagined possibilities to fine- tune processes and manage operations.

4. Offering anything as a service – The buying and sell- ing of services derived from physical products is a business-model shift that’s gaining steam. An attrac- tion for buyers is the opportunity to replace big blocks of capital investment with more flexible and granular operating expenditures. A prominent example of this shift is the embrace of cloud-based IT services.

5. Automating knowledge work – Physical labour and transactional tasks have been widely automated over the last three decades. Now advances in data analytics, low-cost computer power, machine learning and interfaces that ‘understand’ humans are moving the automation frontier rapidly toward the world’s more than 200m knowledge workers.

6. Engaging the next 3bn digital citizens – As incomes rise in developing nations, their citizens are becoming wired, connected by mobile computing devices, particularly smartphones that will only increase in power and versatility. Although several emerging markets have experienced double-digit growth in internet adoption, enormous growth potential remains. Rising levels of connectivity will stimulate financial inclusion, local entrepreneurship and enormous opportunities for business.

7. Charting experiences where digital meets physical – The borders of the digital and physical world have been blurring for many years as consumers learnt to shop in virtual stores and to meet in virtual spaces. In those cases, the online world mirrors experiences of the physical world. Increasingly, we’re seeing an inversion as real-life activities, from shopping to factory work, become rich with digital information and as the mobile internet and advances in natural user interfaces give the physical world digital characteristics.

M14_BOCI6455_05_SE_C14.indd 533 30/09/14 7:26 AM

534 Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT

1. The relationship between IS/IT investments and productivity can be problematic. The intangible nature of many benefits means that it can be difficult to put a money value on them.

2. Appropriately targeted IS/IT investments need to be rooted in a coherent IS/IT strategy so that the IS/IT applications portfolio is distributed as needed between support, key operational, high potential and strategic information systems.

3. The alternatives for structuring or locating IS within an organisation range from centralised to decentralised. A hybrid approach is often used with some aspects of IS management, such as IS strategy and security centralised and others such as user support decentralised.

4. Outsourcing is a significant trend in IS management. It involves a third party undertaking some or all of the following IS activities:

■ hardware outsourcing; ■ network management or facilities management (FM); ■ systems development; ■ IS support; ■ management of IS strategy.

When all activities are performed by the external company, this is known as ‘total outsourcing’. When some activities are performed by the external company, this is known as ‘selective outsourcing’. Outsourcing is driven by a desire to reduce costs while improving the quality of IS and user services. The debate on whether this is frequently achieved is still raging!

SUMMARY

8. ‘Freeing’ your business model through Internet- inspired personalisation and simplification – After nearly two decades of shopping, reading, watching, seeking information and interacting on the internet, customers expect services to be free, personalised and easy to use without instructions. This ethos presents a challenge for business, since customers expect instant results, as well as superb and transparent customer service, for all interactions – from web sites to brick-and-mortar stores. Fail to deliver, and competitors’ offerings are only an app download away.

9. Buying and selling as digital commerce leaps ahead – The rise of the mobile Internet and the evolution of core technologies that cut costs and vastly simplify the process of completing transactions online are reducing barriers to entry across a wide swath of economic activity. Amped-up technology platforms are enabling peer-to-peer commerce to replace activities traditionally carried out by companies and giving birth to new kinds of payment systems and monetisation models.

10. Transforming government, healthcare, and education – The private sector has a big stake in the successful transformation of government, healthcare, and education, which together account

for a third of global GDP. They have lagged behind in productivity growth at least in part because they have been slow to adopt Web-based platforms, big-data analytics, and other IT innovations. Technology-enabled productivity growth could help reduce the cost burden while improving the quality of services and outcomes, as well as boosting long- term global-growth prospects.

What does all this mean for busy senior executives? The McKinsey authors suggest that the era of pervasive connectedness underlying these trends also implies a need for more focused attention on issues such as transparent and innovative business models, talent. organisation, privacy and security.

‘In short, as these trends take hold, leaders must prepare for the disruption of longstanding commercial and social relationships, as well as the emergence of unforeseen business priorities, the authors say. ‘The difficulty of embracing those realities while addressing related risks and concerns may give some leaders pause. But it’s worth keeping in mind that if the future traces past experience, these technology-enabled business trends will not only be a boon for consumers but also stimulate growth, innovation and a new wave of pacesetting companies.’

QUESTION

Write a short essay on any of the 10 IT trends described in the case study.

Source: Taylor, P. (2013) IT trends shape future corporate strategies. Financial Times. 23 May. © The Financial Times Limited 2013. All Rights Reserved.

M14_BOCI6455_05_SE_C14.indd 534 30/09/14 7:26 AM

535ChaPter 14 INFORMATION SYSTEMS MANAGEMENT

1. When information systems costs are being considered, what kinds of costs would be considered development costs and what would be considered operations/maintenance costs?

2. How do strategic systems differ from high-potential projects?

3. Why do information systems projects fail?

4. Explain the difference between project size and project complexity when evaluating information systems risk.

5. What are the main different types of outsourcing?

EXERCISES

Self-assessment exercises

Discussion questions

1. ‘The millennium bug has demonstrated that organisations, more often than not, take a short- term view in their approach to information systems rather than a strategic one.’ Discuss.

2. ‘Public-sector organisations such as the police and health service are incapable of delivering good-quality information systems because they are dominated by the need to demonstrate tangible benefits before any investment decisions are made.’ Discuss.

3. Would you outsource the HRM or accounting functions of a company? If not, what is so different about IS/IT?

Essay questions

1. Why do many new information systems seem to deliver poor value for money?

2. It has been said that when making IS investment decisions, organisations are dominated by organisational politics. Is this really true or are there other, more important issues at stake?

3. What do you see as the main problems with outsourcing, and how can they be overcome?

4. ‘The IS capability model proposed by Peppard and Ward reaffirms the old adage that “technology is easy, people are difficult”.’ Discuss.

Examination questions

1. What are the two main alternatives for a company’s location of its information systems? Summarise the benefits and disadvantages in terms of cost and control.

2. What information systems management activities would occur with a total outsourcing contract?

M14_BOCI6455_05_SE_C14.indd 535 30/09/14 7:26 AM

Part 3 BUSINESS INFORMATION SYSTEMS MANAGEMENT536

Byrd, T. and Turner, D.E. (2000) ‘Measuring the flexibility of information technology infrastructure: exploratory analysis of a construct’, Journal of Management Information Systems, 17, 1, 167–208

Collins, J.S. and Millen, R.A. (1995) ‘Information systems outsourcing by large American firms: choices and impacts’, Information Resources Management Journal, 8, 1, 9–14

Duncan, N.B. (1995) ‘Capturing flexibility of information technology infrastructure: a study of resource characteristics and their measure’, Journal of Management Information Systems, 12, 2, 37–57

Feeny, D., Fitzgerald, G. and Willcocks, L. (1995) ‘Outsourcing IT: the strategic implications’, Long Range Planning, 28, 5, 59–71

Gonzalez, R., Gasco, J. and Llopis, J. (2005) ‘Information systems outsourcing success factors: a review and some results’, Information Management and Computer Security, 13, 5, 399–418

Hochstrasser, B. and Griffiths, C. (1990) Regaining Control of IS Investments: A Handbook for Senior UK Managenment, Kobler Unit, Berlin

Lacity, M.C. and Hirscheim, R. (1995) Beyond the Information Systems Outsourcing Bandwagon – the Insourcing Response, John Wiley, Chichester

Lubbe, S. and Remenyi, D. (1999) ‘Management of information technology evaluation – the development of a managerial thesis’, Logistics Information Management, 12, 1/2, 145–56

Peppard, J. and Ward, J. (2004) ‘Beyond strategic information systems: towards an IS capability’, Journal of Strategic Information Systems, 13, 167–94

Robson, W. (1997) Strategic Management and Information Systems: An Integrated Approach, Financial Times Pitman Publishing, London

Strassmann, P. (2002) ‘Still a loser’s game’, Computerworld, 4 February.

Sullivan, C.H. (1985) ‘Systems planning in the information age’, Sloan Management Review, Winter, 3–12

Ward, J. and Peppard, J. (2002) Strategic Planning for Information Systems, 3rd edition, John Wiley, Chichester

References

Further reading

Curtis, G. and Cobham, D. (2008) Business Information Systems: Analysis, Design and Practice, 6th edition, Addison-Wesley, Harlow.

Johnson, G., Whittington, R., Scholes, K., Angwin, D. and Regnér, P. (2014) Exploring Strategy, 10th edition, Prentice Hall Europe, Hemel Hempstead.

Kendall, K.E. and Kendall, J.E. (2013) Systems Analysis and Design, 9th edition, Prentice-Hall, Englewood Cliffs, NJ.

Ward, J. and Peppard, J. (2012) Strategic Planning for Information Systems, 4th edition, John Wiley, Chichester.

Web links

www.outsourcing.com Outsourcing Institute web site.

www.strassmann.com The web site of Paul Strassmann includes many of his articles on the value of information and issues such as outsourcing and IS investment.

www.isaca.org/cobit.htm This website provides further information about the COBIT methodology for IT security and governance. COBIT is issued by the IT Governance Institute.

M14_BOCI6455_05_SE_C14.indd 536 30/09/14 7:26 AM