IFSM 301 - Strategic Plan Report Part 2
twinkletoes
IFSM-Week1ResourcesandCitations.pdf
IFSM 301 – Week 1 Citations
(Gaines, Hoover, Foxx, Matuszek, & Morrison, 2012)
(Van Grembergen & De Haes, 2004)
(Government Accountability Office, 2016)
Bibliography Gaines, C., Hoover, D., Foxx, W., Matuszek, T., & Morrison, R. (2012, May). Information Systems as a
Strategic Partner in Organizational Performance. Journal of Management and Marketing Research, 10, 1-17. Retrieved January 12, 2021, from http://www.aabri.com/manuscripts/11997.pdf
Government Accountability Office. (2016, November 8). Best Practices in Information Technology Investment Management. Retrieved January 12, 2021, from University of Maryland Global Campus: https://learn.umgc.edu/d2l/le/content/541520/viewContent/20543003/View
Van Grembergen, W., & De Haes, S. (2004). IT Governance and Its Mechanisms. Information Systems Audit and Control Association, 1-7. Retrieved January 12, 2021, from https://learn.umgc.edu/d2l/le/content/541520/viewContent/20543002/View
Journal of Management and Marketing Research
Information systems as strategic, Page 1
Information systems as a strategic
partner in organizational performance
Cleophus Gaines
Troy University
David Hoover
Troy University
William Foxx
Troy University
Tish Matuszek
Troy University
Rodger Morrison
Troy University
ABSTRACT
Initially seen as a support function, Information Systems (IS) department’s importance
has increased as the business environment has grown more dynamic and the power to collect,
assess, and disseminate information has expanded. Properly implemented information systems
have become an even more valuable strategic resource – one that any organization can use to
improve its competitive advantage. IS departments are rapidly becoming strategic partners with
other business functions and integral to the general success of the organization. This work
summarizes key issues related to the changing role of IS in the business environment for senior
practitioners and strategic planners focusing on legal, marketing, HR and corporate governance.
Keywords: Information systems, strategy, competitive advantage, management, technology
Journal of Management and Marketing Research
Information systems as strategic, Page 2
INTRODUCTION
The world is a rapidly changing canvas that visits a dynamic and turbulent environment
on senior managers (Boudreau, Loch, Robey, & Straud, 1998), changing how Information
Systems (IS) are used and needed in each organization. The power to collect, assess, and
disseminate information is a valuable strategic resource that any organization can use to improve
its competitive advantage. At the same time, technological advances are changing rapidly, thus
requiring frequent updates in hardware and software as well as new competencies for IS
professionals. As strategic managers face the challenges of optimizing the use of information
systems, they are called to address a number of issues so they can make informed and effective
decisions. A failure to understand the nature of the changing environment and the associated
consequences is certain to cause decision-making that is slow to meet the challenges of the
global market, thus creating a strategic disadvantage for the late mover. Managers must not only
understand the role of IS in corporate governance and corporate strategy formulation, but how
the accepted norms of this role are changing over time. This focus of this work is not on areas
where IS have been extensively applied, such as accounting or finance, but in relation to areas
where it has seen increasing applicability such as legal, marketing, HR and corporate
governance. This summary touches on key issues related to these changing roles for senior
practitioners involved in corporate governance and senior-level strategic planning.
THE IS RELATIONSHIP TO STRATEGIC GOVERNANCE
The changing environment of IS includes numerous issues that strategists must consider
as they make IS decisions. Some of the trends related to IS include flattened organizational
hierarchies, increasing reliance on intellectual capital, greater reliance on outsourcing and
strategic alliances, changing demographics, consumer focus, and a need to organize and control
an increasingly complex and turbulent environment (McNurlin, Sprague, & Bui, 2009). Further,
IS evolution is often at the heart of environmental complexity and turbulence, often causing
organizations to spend millions of dollars to remain competitive. These changes require new
competencies for IS leaders as well as IS technologists. They also require new competencies for
non-IS employees and senior managers. The complexity and turbulence of these changes create
an unrelenting need for continued education and system updating, along with increasing
demands for transparency. All are associated with significant costs for any organization, both in
terms of financial investments and in terms of effort to manage the related changes processes
themselves. The challenge becomes one of balancing constrained resources with a need to
remain competitive.
Even the mission of the IS function itself is changing, evolving from a focus on
efficiency and effectiveness in a support role to a focus on enterprise performance as the
foundation for competitiveness in a rapidly changing market. In many cases, IS becomes the
backbone for customer management and even product delivery. With this new direction, IS
becomes a strategic partner in organizational performance, working on a level comparable to
other functions such as accounting, marketing, and human resources. Strategically, this is a
notable change in status, because it moves IS from a position of supporting the traditional
business functions, to one of enabling them, thereby becoming a strategic necessity and a full
partner in the success of the organization.
Journal of Management and Marketing Research
Information systems as strategic, Page 3
All of this change places strong demands on IS governance in terms of the roles and
responsibilities that are required of senior managers with respect to IS decision making. The
change in organizational IS status brings with it a change in the roles of the Chief Information
Officer (CIO), a change that more closely aligns the function of IS leadership with that of chief
executive officers. For example, the CIO of the State of California “serves as IS advisor, leader,
strategic planner, and collaborator” (California, 2007). There is no mention of the CIO as a
technologist or as a technology manager. The proliferation of change and standardization of IS
infrastructures has driven a bifurcated role for CIOs. While some CIOs are still focusing on cost
minimization through leveraging IS infrastructure, others have become less focused on technical
management and more on leveraging IS processes as competitive advantages (Chun & Mooney,
2009). Similarly, McNurlin, Sprague, & Bui (2009) posits that currently there are four roles for
the CIO, namely, leading, governing, investing, and managing. In these four roles, the bifurcated
nature of the CIO role is evident with three of the four roles focusing on strategic direction and
one role continuing to focus on technology management.
Along with the changing nature of the CIO and technology management roles, senior
managers are challenged to address changing assumptions that underlay strategic decision
making with respect to technology. These assumptions result from a rapidly changing
environment, an environment that many senior leaders find daunting to assess and understand.
For example, Kelly and Erickson (2005) give the example of Radio Frequency Identification
(RFID) use by Benetton that caused a public outcry concerning privacy issues and forced a
reversal of the decision to implant RFID chips in clothing as a means of tracking. Other ethical
concerns that are likely to arise include security, legal issues, and voluntary and informed
consent. Nonetheless, understanding the underlying assumptions that provide strategic
advantage can give any organization a significant advantage through the strategic application of
IS resources.
One assumption that every senior manager needs to understand is that there is pervasive
ambiguity throughout strategic decision-making. Because the environment is dynamic and
turbulent, strategic managers are less capable of making precise forecasts about the future. Less
precision in forecasts indicates a need for current, accurate, and transparent information, one of
the competencies that can be developed through tactical IS implementation. Well engineered IS
processes provide leverage against the ambiguity that is inherent in a turbulent environment and
provide transparency in an environment that demands increasing accountability.
Another assumption that senior managers need to be aware of is that, because of rapid
technology proliferation, the window for creating strategic advantage through IS implementation
is considerably shorter than it has been in years past and continues to grow even shorter. This
indicates a need to recognize opportunities as they emerge, so that strategies can be developed in
a timely manner to create advantage through IS implementation. For example, the time from
design to completion for many clothing manufacturers is still several months. Through the
innovative use of information technology, one manufacturer has created a competitive edge by
streamlining the design-to-delivery time to 3 weeks, thus creating a significant advantage over
other clothing manufacturers (Apparel Search, 2010). Similarly, Wal-mart and Ford have used
IS applications to improve their business processes to provide strategic advantage. Wal-mart’s
inventory management system has eliminated the need for purchase orders while Ford’s
automated accounts payable function has eliminated the need for 300 staff positions (Lacity,
2010; Kelly and Erickson, 2005).
Journal of Management and Marketing Research
Information systems as strategic, Page 4
Another changed assumption is the need for IS to be recognized as a full partner in the
success of any organization, from the smallest of organizations that need to post information
online to satisfy customer expectations to the very large organizations significant online revenue-
generating divisions. This shift is apparent with companies such as United Parcel Service that
now is described as “the technology company that delivers packages” (Brewster & Dalzell, 2007,
p. 145). Similarly, through careful architecture and principles development, Dow Corning
recently moved the CIO position to one of equal authority to that of other chief officers, thus
creating a natural connection between IS strategy and business strategy (Weill & Ross, 2004).
There is also a necessary assumption that IS technologists must be educators as well as
technologists, and senior leaders of all organization divisions cannot lead an innovative, global
enterprise without being educated in IS initiatives. If senior managers want innovation, they
need to learn about information technology. Davenport (1993) identifies ten IS activities that
facilitate innovation, including:
“… identifying and selecting processes for redesign, identifying enablers for new
process design, defining business strategy and process vision, understanding the structure
and flow of the current process, measuring the performance of the current process,
designing the new process, prototyping the new process, implementing and
operationalizing the new process and associated systems, communicating ongoing results
of the effort, and building commitment toward the solution at each step.” (p. 200)
Additionally, there is evidence to suggest that, when managers are engaged with IT, a business is
more likely to leverage IS initiatives into a successful business opportunity, and consequently,
into a strategic advantage (Lacity, 2010).
Finally, because relationships between companies often lead to strategic advantage, one
must recognize the assumption that technologies facilitate relationships. Whether the
relationships are with customers, front line employees, strategic allies, or other senior leaders, IS
creates an environment of accessibility that fosters productive relationships. In this way, IS
helps level the competitive playing field for many organizations, allowing small, that is
geographically localized, organizations to have worldwide access to customers, and worldwide
organizations to have seemingly local access to employees. In terms of governance, use of IS
can create ethical issues with any of these stakeholders. For example, Mujtaba (2003)
investigates the multiple issues that are involved when using information technologies to monitor
employees and opens the discussion for leaders’ consideration before implementing an
information technology. Nonetheless, if communication is the process through which people are
connected with others to create relationships, then IS has become the conduit for modern
relationships.
Taken together, these assumptions along with the changing environment and emerging
governance roles are a call for senior managers to revisit strongly held beliefs about the IS
function, because they may point to potentially serious gaps in IS strategy, which often lead to
error and strategic disadvantage. “The fundamental error that most companies commit when
they look at technology is to view it through the lens of their existing processes. They ask, ‘How
can we use these new technological capabilities to enhance or streamline or improve what we are
already doing?’ Instead they should be asking, ‘How can we use technology to allow us to do
things that we are not already doing?” (Hammer & Champy, 1993, p. 85).
Journal of Management and Marketing Research
Information systems as strategic, Page 5
THE IS RELATIONSHIP TO HUMAN RESOURCE MANAGEMENT
In many organizations, IS and Human Resources Management (HRM) have become full
strategic partners at the governance level. The strategic potential of HRM is well recognized as
effective HRM practices support business goals and objectives. (Noe, Hollenbeck, Gerhart, &
Wright, 2010, p. 4; Wofford, 2002, p. 135). Jack Welch, former CFO and retired CEO of
General Electric, said that “CEOs should value their HR managers as much as their chief
financial officers.” (Trainor, 2009).
Organizations increasingly recognize the impact of radical changes like globalization,
technology and hypercompetition, particularly in the knowledge and service industries where “…
innovative and creative employees hold the key to organizational knowledge providing a
sustainable competitive advantage … Human capital is difficult for competitors to imitate.”
(Kavanagh & Thite, 2009, p. 10). Indicative of such changing paradigms, the relationship of
HRM and IS continues to evolve as have the assumptions on sustaining competitive advantage as
it relates to HRM. In years past, the assumption was that IS was a support function that provided
technology to help HRM meet its objectives. The changing paradigm gives us the new
assumption that IS is a strategic partner with HRM in executing decentralized HR initiatives. IS
staff are often responsible for outsourcing, purchasing, or developing new technological
solutions. Partnering with HRM is the obvious solution for many of the coordination issues
related to bringing contracted human capital to bear on corporate initiatives. Similarly, HRM
typically evaluates in-house delivery of services vs. outsourcing, particularly those involving e-
HR vendors. CEOs need to have the right HR and IS staff that can work together to encourage,
foster, and assess collaboration between those involved in order to maintain efficient and
effective staffing and compensation structures. Given the expanding role of IS and HRM and the
growing tendency for organizations to rely more heavily on knowledge capital rather than skill
capital, it is often the case the required knowledge capital must be acquired. Typically, hiring
qualified individuals is not an easy task (Buckley, 2008, p. 6), and can be cost prohibitive for
smaller projects. However, developing the talent of displaced, highly skilled workers may be a
strategically sound solution. Choosing to grow requisite expertise and knowledge in-house
makes for a much more versatile and stable work force, but doing so requires a close partnership
between HR and IS functions. HR provides input into the typical functions of compensation,
training management, etc. IS provides needs assessment related to expertise, often along with
actually providing much of the technology-related training necessary.
The specific knowledge, skill sets, and technical competence that are needed is often a
difficult question to answer. In terms of supporting the HRM function itself, there are several
types of IS applications that were once managed completely by the HRM function of
organizations but are now managed by the IS/HRM partnership. Some enhance organizational
performance through lowering transactional costs, others enhance business intelligence, and still
others foster employee collaboration. The first focuses on data, storage, processing and flows,
improving transaction efficiency (Stauss & Jedrassczyk, 2008, p. 22) through electronic data
processing (EDP). The needs met by early versions of these systems were simple and were
common to most businesses, which led to general-purpose HRM software. This is no longer the
case. Highly specialized systems have developed that require a more technology-heavy
management process. Dedicated HRM servers, often with ties to enterprise-wide processing
systems, typically require specialists to maintain. Hence, the importance of a solid relationship
between IS and HRM. The second type of application focuses on management information
Journal of Management and Marketing Research
Information systems as strategic, Page 6
systems (MIS) aimed at middle managers. These business intelligence systems include a broad
category of systems for, “analyzing and providing access to specialized data to help enterprise
users make better business decisions.” (Kavanagh & Thite, 2009, p. 425). Though business
intelligence is a term often used to describe the collecting of information regarding the
environment external to the organization, it also refers to understanding the forces at work within
the company. Hence, there is the need for an active partnership between HRM and IS. IS
provides the technology platform, and HRM works with the employees to define appropriate
levels of information regarding the human component to production and management. Related
to these systems are those that provide highly-specialized analytical power that augments
knowledge workers in the middle tiers of the organization’s hierarchy. These decision support
systems (DSS) are often used to assist, or even replace, workers with tasks that have in times
past been labor-intensive. For example, maintaining inventory levels at a large retailer such as
Wal-mart would be impossible without a small army of inventory managers or a very specialized
inventory management system. More often than not, the most cost-effective solution is not the
small army of inventory managers. On factory assembly lines, decision support systems are
often more efficient at detecting quality problems through statistical methods than are their
human counterparts. Where such systems now work in real-time and with a much lower
variance in data measurement than when performed by humans, losses related to poor quality are
much more tightly controlled.
Additionally, cost of labor entails much more than wages, salaries, and benefits. Costs
related to recruiting, selecting, orienting, training, turnover, compensation, labor/employee
relations, legal compliance, health and safety, conflict resolution and HR information security
drive up overall labor costs. IS helps to lower these costs by partnering with HRM to provide
and maintain applications related to reducing transaction costs related to these HRM functions.
The assumption now is that an HRM department cannot be effective unless these functions are
managed by an IS solution that ties HRM to the rest of the organization’s business systems.
Enterprise Resource Planning (ERP) had at its roots, among other things, a standalone
payroll solution to improve the efficiency and accuracy of processing payroll. Because of
HRM’s increasing complexity and frequency of change with regard to regulatory compliance
needs, it has been one of the last business functions to systematically develop applications to
replace the paperwork and related processes for each subfunctional HRM area. Over time,
vendors such as SAP and PeopleSoft have used technology to assist firms with costly HR
processes and integrate them with other organizational information systems. With Oracle’s
release of PeopleSoft 9.1, end-to-end HR, from planning, hiring, on-boarding, setting business
objectives and starting the employee working is brought into one holistic solution (Oracle, 2010).
Such applications continue to transform the way HR functions (Zeidner, 2008). Small to
medium enterprises are now able to pay vendors for only the application modules they want,
such as payroll or training management, and only for the time used. This type of solution is
known as utility computing, in which the user of an off-site information system is charged only
for the amount of processing time used, much like one pays a small amount for electricity when
only a small amount is used. This significantly lowers the cost and startup time for new
application implementation. It also often removes the need for the organization to spend
valuable IS manpower maintaining a routine system. The routine maintenance of these HRM
solutions is performed by the outsourced HRM application provider. An added benefit of these
systems is that employees typically have the ability to access their employee information while
away from the organization. Many times, employees are able to perform some tasks online,
Journal of Management and Marketing Research
Information systems as strategic, Page 7
rather than by physically going to the HR offices. These Employee Self-Service modules enable
employees to access their data anywhere, such as payroll information, updating contact
information, accessing copies of the employee handbook or benefits manual, signing up for
training classes, and in some cases, applying for vacation and notifying their supervisor of a
sickness-related absence. Though many organizations are becoming more cautious in
implementing organization-wide ERP solutions in such a changing competitive environment, the
HRM functions of ERP appear to be here to stay (Wailgum, 2007).
Similar to the employee-self-service portals, enterprise portals enable individuals to
interact electronically with corporate systems, or even with other employees. A web-based HR
Knowledge Portal is a browser-based solution that uses Internet technology to provide managers
access to databases and applications that allow them to work off-site on tasks related to things
such as salary planning, workforce budgeting, skill analysis, and performance appraisal. Note,
however, that while these types of systems improve access for legitimate users, they also bring
security concerns. Again, the solution lies with a strong partnership between the IS function and
the HRM function to oversee security needs. There is evidence to support the claim that
employee retention is improved when an effective ERP is in place (Buelen, 2009). Additionally,
these solutions, that is those solutions that provide off-site access for employees, also facilitates
the continuation of many HRM functions following catastrophic work-stoppages such as during
national emergency, or when employees are located in extremely remote regions without easy
access to HRM departments. All that is required to access these systems is often a source of
electricity and an available satellite signal. In short, a small and relatively secure HRM
department with solid a IS partnership can provide HRM functionality anywhere in the world.
Newer developments in HR information systems (HRIS) include e-HR, or HR functions
made available through cell phone networks and mobile telephone devices, on a 3G network.
These systems often facilitate group collaboration by allowing workflow to be routed through
smart-phone like devices such as Apple’s iPhone (Fan, 2009). According to the CedarCrestone
2009-2010 HR Systems Survey White Paper, 112 th
Annual Edition, the most significant
development in allowing workflow routes to include mobile devices relates to corporate social
networking (CedarCrestone, 2010). Early adopters have more than 100% higher sales growth
than those who were slower to adopt this technology. These tools support collaboration in online
social networking systems such as Facebook, Myspace, LinkedIn, and others, and have been
useful in recruiting both employees and customers, advertising and marketing products and
organizations, and knowledge sharing between customers, employees, and other stakeholders.
The use of these types of systems is currently in an explosive stage of growth. Of the 1,008
organizations from around the world who responded to a recent survey, 80% reported that rather
than pulling back, the weak economy incentivized expenditures on business process
improvement and innovation (CedarCrestone, 2009).
Another lesser known, but valuable and rapidly growing, result of partnerships between
IS and HRM is the practice of using the web for innovative learning techniques. However, Dell,
ADT, FedEx, and Volvo are using customized training simulations, podcasts, Second Life virtual
experiences and other learning solutions to answer training needs (Wright, 2010). Trainers now
working with IS technologists to create training solutions that harness the power of gaming,
social media, and virtual worlds.
A large-scale survey with a sample of 2,336 organizations in 23 European countries
reveals that e-HR is a common practice throughout Europe, with two-thirds of all respondents
having access (Strohmeier & Kabst, 2009, p. 495). The highest adoption rates were typically
Journal of Management and Marketing Research
Information systems as strategic, Page 8
among organizations in Eastern post-communist countries. Since the sample in the survey
included a broad range of industries and sizes of organizations, it suggests that if a firm has not
adopted e-HR, it may be at a strategic disadvantage globally. Additionally, size was a significant
factor related to adoption, with adoption rates being higher among medium and small-sized
firms.
While there are tangible benefits to adopting these and other HR-related information
systems, one intangible benefit relates to employee satisfaction, which often improves with
quicker and more accurate responses from the HR department. More importantly, these systems
free valuable HR manpower to focus on strategic utilization of available human resources to
sustain competitive advantage.
Just because a great technology for a HRIS has been found and has enthusiastic
champions, successful implementation is not guaranteed. There have been many costly failures.
David Fairhurst, the senior HR officer of McDonald’s Restaurants for Northern Europe, shared
seven people requirements, identified by the consulting firm Changefirst, that are key to
successful information systems implementation success:
1.) leadership awareness and support of the change 2.) involvement of people in creating and sustaining a successful change process 3.) support for employees to change their behavior to fit new ways of working 4.) solid, consistent plans for communication, training, and rewards 5.) commitment to change at all levels of the organization 6.) measuring and monitoring measurables related to changes 7.) developing change leadership in the organization.
Note that these place primary emphasis on the people issues and secondary emphasis on the
technology related to the change (Fairhurst, 2009, p. 19). Other than addressing these people-
related issues, proper and complete documentation of the planning and development of an HRIS
system is thought to be one of the most important determinants of successful system
implementation and continued improvement (Kavanagh & Thite, 2009, p. 17).
One key vulnerability associated with the increased use of HRIS is the potential for HRIS
failure due to employee sabotage. One only needs to look at online news sources to see that
many organizations have been the victim of employee-placed viruses, deleted files, corrupted
databases, and even stolen customer identity information and proprietary corporate information
assets. Consequently, security is an important issue, particularly because of legal privacy
obligations with personnel records. Such information can have a significant black market value,
or can be valuable to dismissed employees as they seek employment with competitors. It is
important in planning to identify potential vulnerabilities to the criminal use of corporate
information, such as can be found in HR and other divisional systems. Again, the partnership
between IS and all other functions becomes a necessity when securing these strategic assets.
THE IS RELATIONSHIP TO MARKETING
Marketing is about creating, communicating, and delivering value. Organizations must
provide this value to their stakeholders - consumers, partners, investors - and do so while
meeting their own objectives. While all stakeholders must derive some type of value from their
continued interaction with an organization, the key stakeholders are consumers, the ultimate
users of an organization’s offerings in the marketplace. Whether they are individuals, other
organizations, or the government, activities that meet their needs and wants must remain at the
Journal of Management and Marketing Research
Information systems as strategic, Page 9
forefront of the strategic planning process if an organization desires to be profitable over the long
term (O'Connor, 2008). For an organization’s market offering to be viewed as of value, the
benefits derived from a product’s features, brand, or support services must outweigh the costs
incurred - financial, time and effort - to obtain them. Though this view of marketing seems
almost elementary, it is necessary to return to basics when considering the relationship between
marketing functions and IS in the new strategy paradigm. In short, traditional marketing efforts
are no longer the primary communications or product delivery route with the customer (Jackson,
2007). The new assumption is that these channels have been replaced with supplier- and
customer-facing information systems.
Keeping in mind that marketing is about the provision of value, several trends related to
IS are pertinent to discussions of marketing and marketing strategy. As is the case with other
organizational functions, IS has often been considered a support function, but this is no longer
the case. Changes in the technological, societal, and competitive environments have prompted
radical shifts in the role of IS. From a behind-the-scenes support function, IS has now become
an integral part of an organization’s efforts across the value chain (Gunasekaran & Ngai, 2004).
Applications of IS to a value strategy are generally intended to keep unit costs low. IS
had early and significant contributions where it was heavily involved in creating efficiencies in
supplier cultivation, logistics, and operations. A number of strategic applications, such as just-
in-time inventory systems for manufacturing and computerized quick response systems in
retailing are but a couple of the many examples of IS moving beyond a support function and
becoming a partner in creating strategic value by integrating the value chain within an
organizations physical boundaries. However, the trend for some time now has been for IS to
move outside organizations and interface directly up and down the value chain, integrating and
automating much of the communications process. In particular, sourcing, outsourcing, and co-
supplier collaboration are three areas of rapid growth in value-chain integration that are being
driven by IS. It is not just the communication channels that are being redefined, but also the
products themselves, or at least what the customer thinks the products are.
Products are blends of goods and services. Many times it is possible to separate a
product into its component parts and have them produced or provided in a more efficient manner.
The expansion and depth of services outsourcing is only one example of a trend based on this
premise (Stauss & Jedrassczyk 2008). Organizations offering products with large and
identifiable service components must always balance the level of customer service that
consumers desire with the costs involved in providing it. Some organizations have sought to
source the more labor-intensive functions in locations where labor costs are lower, such as
outsourcing help-desk functions offshore. IS has made shifts such as these possible. Services as
varied as customer service by hotels, X-ray evaluations by hospital radiology departments, and
tax preparation by accounting firms are now regularly outsourced to more inexpensive labor
markets, such as India, the Philippines, and Mexico. Over time, as services continue to become a
larger and larger component of market offerings and the technological infrastructure in these and
other outsourcing locations improves, there will be increased pressure to outsource knowledge-
intensive activities such as these to offshore locations, provided that the costs can be passed on to
the consumer and satisfactory service quality is maintained (Tanner, 2004). The assumption that
IS merely facilitates these activities is no longer valid. The new assumption is that IS takes a
leading role in planning, organizing, leading, and controlling these functions. In short,
management of service delivery to the customer is no longer in the hands of the traditional
marketing professionals with IS providing support. Rather, it is the other way around. IS
Journal of Management and Marketing Research
Information systems as strategic, Page 10
oversees the bulk of the outsourcing efforts, with marketing providing support as needed. Such
has also become the case when dealing with other, non-customer, organizations.
Michael Hammer (2001) suggests that collaboration with non-competitors is an area in
which cost-savings may also be obtained. If two organizations have the same customer groups
but do not offer competing products, they have the potential to coordinate their efforts for mutual
gain. Such cooperative efforts offer the potential to greatly reduce costs through the sharing of
similar resources and at the same time improve responsiveness. This approach to operational
excellence involves the synchronization of operations between organizations, which is built on
integrated information sharing between firms, a hurdle that is rapidly disappearing due to digital
communication technology. Too much integration, however, can ruin a good thing. Integration
with other organizations usually takes a fair amount of resources to set up effectively and, when
it is created in excess, the ability to rapidly re-orient communication channels to other
organizations may become a costly affair. The new assumption is that heavily integrated
relationships with other organizations, including suppliers, are only worthwhile when they
involve critical processes that hold the potential to provide significant value (Kahn & Mentzer,
1996). These integrated communication paths must be managed, just as with any other resource.
However, a key factor to consider with regard to automated communications channels with other
organizations reaches far beyond mere functionality. It must also address the human behavior
factors associated with corporate cultures of other organizations, namely, information security.
Again, the IS leadership becomes more than a mere support group. They are a key partner in the
developing, implementing, and managing of extra-organizational integrated communication
channels.
Similarly, as organizations require improved integrated communication channels between
remote sites, organizational functions, and even between individuals, security remains a key
consideration. For example, many organizations adopt a product leadership strategy that drives
the technology development of production and operation functions. Besides potentially shifting
some of the associated costs to cheaper locations as was mentioned earlier, IS partnerships allow
organizations to develop specialized communication channels that facilitate group work efforts
throughout the entire product development, production, and delivery processes. By using IS to
create a team design approach that includes team members from outside the R&D department
and communication through specialized knowledge portals, R&D efforts be spread across a
larger array of people, locations and organizational functions to help eliminate problems that
may remain undiscovered until production of the completed design (Lee, Kim, & Koh, 2008).
When organizations adopt a value strategy that involves high levels of customer
intimacy, the focus is on fostering long-term customer relationships. It has long been assumed
that the typical customer would interact with an organization in face-to-face sales or service
settings, which led the drive for a well-trained sales staff that was particularly adept at
developing face-to-face relationships. This assumption is no longer valid. Consumers have
shifted from a largely brick and mortar world in the past with its inherent restrictions, such as
limited hours of operation and the associated travel time, to one that incorporates e-business as
well. The competitive environment has shifted to a world in which a larger body of consumers
expect and desire communication from anywhere, and at any time on any day or night, for
information gathering, decision making, purchasing, arranging delivery, and product support.
Additionally, by integrating organizational databases with online customer portals, customers
have come to expect the ability to customize the communications channel to their individual
needs. For firms to meet the expectations of this new breed of customers, IS cannot be
Journal of Management and Marketing Research
Information systems as strategic, Page 11
considered a mere support function. Rather, as was mentioned before, IS takes the lead role in
developing these customer-side communication channels with other organizational functions
taking on a support role.
Another trend that requires consideration involves how organizations have come to view
the typical customer. The trend has been for organizations to shift from treating consumers as
one large market with uniform needs, to treating them as smaller and smaller segments of a
market with differing groups of needs. This has been one factor in driving the demand forces
from primarily a supply-push environment to a demand-pull environment. In supply-push,
organizations typically developed and produced products for a group based on the needs of the
average group member, then “pushed” what they produced to consumers. Consumers might or
might not get the blend of benefits and costs that they truly desired but options were limited.
The application of IS technology has radically changed this perspective. IS has allowed
organizations to reduce the size of market segments down to smaller and smaller numbers, even
down to individual consumers. Closer contact, even one-to-one relationships, between the buyer
and the seller have driven the development of a different business model, that of demand-pull. In
this model, interaction between the consumer and the organization is unique to the individual,
customer communication is more personalized, and the customer is more involved in the product
development process. One way in which product customization may be implemented is by
allowing customers to select among the components of a good or service so that it more fully fits
the individual customer’s preferences and provides greater value. Under this model, consumers
create demand for a personalized version of the product, which is then “pulled” through the
organization to the individual consumer. This approach capitalizes on consumer desires to have
goods and services tailored to their individual needs and thus more fully providing the benefits
they desire and restricting the costs they want to avoid (McNurlin et al., 2009). While this seems
fundamentally simple, it has one underlying requisite. It is imperative that the customer receive
what the customer asks for. This one requirement often places the demand-pull model outside
the reach of mass production, unless a system can be brought to bear that can track individual
customer specifications, along with the specific production unit, throughout the production,
delivery, and servicing processes. The sheer volume of information that must be tracked through
a mass-customization production system is typically beyond the reach of organizations without
heavily integrated production systems, driven by IS-backed production management systems.
Though it could be argued that IS still is primarily a support function when it comes to tangible-
product production, heavily integrated production systems are not as easily reconfigured as they
once were. Proper operation of such systems requires strong ties between the IS and the
Production functions of an organization for the production system to satisfy customer demands
(Volkoff, Strong, & Elmes, 2005). Note, however, that customer demands for situational control
do not begin with getting what they ask for. Rather, these demands actually begin during the
customer’s intelligence-gathering process, when the customer is deciding what to purchase in the
first place.
Self-service is one area in which consumers have shown a strong interest in doing
business on their own if they desire to do so. Consumers want to be able to access a firm’s
website to collect information, compare products, and make purchases if desired. Such processes
rest on the integration of IS throughout the organization. The strategic value to the organization
lies in encouraging consumer empowerment, thus creating greater value in the eyes of consumers
(Pires, Stanton, & Rita, 2006). Organizations may also gain additional intangible benefits from
the greater loyalty that consumer involvement fosters, as well as from freed-up employees being
Journal of Management and Marketing Research
Information systems as strategic, Page 12
able to shift their efforts from customer interaction to other types of work. Unfortunately,
tangible and intangible gains gotten by passing some control to the customer are often
accompanied by increased exposure to risk, especially as it relates to the management of
information assets such as confidential customer data, regulatory compliance records, and other
confidential organizational information (Gauzente & Ranchhod, 2001).
THE IS RELATIONSHIP TO LAW AND ETHICS
Information-based products and services industries are among the economy's largest and
fastest sources of employment growth. The main medium for growth in these industries is
expected to be the persistent evolution of technology, along with increasing efforts to integrate
information resources to enhance productivity and expand market opportunities. With respect to
executives and company heads, the use of IS introduces a host of new issues and concerns.
Among the issues that executives must consider is the issue of which areas of IS should receive
the focused application of resources in terms of time, manpower, and money. Many executives
would agree that the basic areas of investment should include improved IS governance,
infrastructure development, and possibly outsourcing of standardized, low-risk business
functions to external service providers. IS security, however, is one area where the risk is so
great that most organizations opt to maintain direct control rather than outsource. With the
increasing security risks associated with prolific sharing of proprietary or confidential
information, information security has emerged as a significant investment focus (Allen &
Westby, 2007). Unfortunately, many executives have difficulty embracing increased investment
in security because the risks are often less tangible, especially involving those areas of
cyberspace where many of the key players are relatively anonymous, such as potential
customers, snooping competitors, and even foreign governments. Conceptually, this is similar to
consumers that have a clear understanding of the importance of locking their doors at night, but
have difficulty with the concept of controlling the amount of information they reveal in online
communication environments. Often, executives as well as consumers are not sure where
protection begins and ends, whether protection is sufficient, and even what information must be
protected from whom.
It has been stated recently that, “Technology is the latest theatre in the war on terror, with
computer networks that control our vital infrastructure vulnerable to attack…” (Allard, 2008).
With this in mind, executives should make security a priority for investment. By not investing in
security, executives may create vulnerabilities to various attacks by both consumers and
employees, which often take the form of a legal confrontation. Because IS is used in the
majority of industries to manage everything from single small organizations to large webs of
supplier networks, if security were not given a higher priority than earlier practices, vital
information would slip through the web of portals, access points, unlocked databases, and
improperly secured firewalls. While the need for security proprietary corporate information,
such as patent information, trade secrets, and the like, has been understood by most successful
companies for many decades, recent trends toward more intimate relationships with consumers
and employees alike has led to a significantly increased risk to organizations due to
mismanagement of security related to these areas (Erickson & Howard, 2007). The occurrence
of a recent string of high-profile security debacles has led to litigation that now holds senior
executives personally accountable for the management of security by the organizations they
manage. This trend in legislation has led to a new assumption that protecting against the
Journal of Management and Marketing Research
Information systems as strategic, Page 13
improper release of confidential information, and that protecting the accuracy of released
information, is no longer something for which the organization only is held accountable. It is
now the personal responsibility for the individual executives. As one example, consider the
Sarbanes-Oxley Act, which came about because of information-related issues at WorldCom,
Enron, and several other companies. This legislation was a direct answer to a lack of accuracy in
released financial information resulted from the acts of senior executives (Botts, 2004).
Similarly, both the Gramm-Leach-Bliley Act of 1999, and the Health Insurance Portability and
Accountability Act of 1996, mandate protection of certain types of consumer information and
provide for specific criminal penalties for those that fail to exercise their mandated security
responsibilities (Scholl & Hollander, 2003).
In short, managers at all levels can be classified as fiduciaries of the information that their
companies store and maintain. The term fiduciary is generally defined as a person who holds
assets in trust for a beneficiary. Moreover, it is generally illegal for a fiduciary to misappropriate
whatever is being held in trust for personal gain. Similarly, executives are generally not allowed
to misappropriate the information being held or permit the information being held to be under-
secured. As fiduciaries, there is a duty to safeguard that information to a certain reasonable level
of protection. In the legal field, numerous types of lawsuits can be brought when a person or
entity failed to do all that is possible in protecting a certain class of persons or assets. Put
another way, a fiduciary is at increased risk for lawsuit failing at their fiduciary duty, whether it
be a duty of appropriate levels of care or even a duty of loyalty. The same would be true for
executives that allowed their IS infrastructure to be compromised because of a lack of security
investment. Whether or not an executive has the technology skills to adequately understand all
aspects of information security is no longer relevant. Simply holding the position of a
governance-level manager brings accountability to address IS-related issues, included
information security. Nevertheless, many organizations still fail to maintain adequate security,
which is leading to increased targeting by those that can profit from an organization’s poor
security management. Particularly, issues related to protecting consumer identity are growing at
an alarming pace (Milne, Rohm, & Bahl, 2004).
Unfortunately, once a consumer’s or employee’s identity is stolen, dealing with the result
may be a formidable task and may involve prolonged communications with multiple credit
reporting bureaus, businesses, and may even involve answering criminal accusations perpetrated
by wrong-doers in the customer or employee’s name. This process is typically expensive and
time-consuming, involving multiple layers of specialists in law, law enforcement, and financial
management, among others. As fiduciaries, executives should be aware of this and be mindful of
any perceived fiduciary duty. The assumption that customers and employees can be treated as
anonymous entities in a group of many is no longer valid. Now, executives must take a personal
interest in the protection of their individual interests related to information security.
Another significant issue related to law and IS involves the global shift to doing business
on the World Wide Web, referred to as cyberspace. It was not that long ago that most consumers
dealt primarily with organizations with only a brick and mortar existence for a majority of their
business transactions. Doing business in cyberspace, however, raises issues of jurisdiction.
Specifically, the issue of a lack of jurisdiction has not yet been addressed by society’s legal
systems. Jurisdiction is normally associated with clear and definite boundaries, or a clearly
defined geographic presence. Cyberspace has neither. Jurisdiction has become an intensely
important subject to executives because of the way in which companies transact business. When
a company does business in cyberspace, the specifics of which laws apply, which taxes are due,
Journal of Management and Marketing Research
Information systems as strategic, Page 14
and even which consumer protections may be applicable becomes clouded (Wilske & Schiller,
1998). Consider the example of a fictitious company headquartered in China, serving its
customers from a website that pulls together information from webservers across Europe and
does its banking in Switzerland. If a customer in Alabama placed an order for a product online,
and paid for the order with a credit card from a Bank in Canada, and the product was actually
produced in South Africa, and shipped by a contracted carrier from some other country, where
would the customer turn if their money was taken and the product never arrived? To what legal
authority would that customer turn? In short, most legal systems have not yet addressed these
types of issues involving jurisdiction, and because executives are still charged with protecting the
interests of their consumers and employees, this has lead to the new assumption that significantly
increased attention to the security and accuracy of information is a key component to corporate
survival.
Moreover, cyberspace has evolved so rapidly that it is almost impossible to enact laws
fast enough to cope with the issues that flow from the lack of jurisdiction. Of course, most
companies and consumers are attracted to cyberspace’s openness, which is one of the key
components that drive its evolution and adoption by all parties. However, from a security
standpoint, cyberspace’s openness is also one of the most significant sources of risk. Because
clear definitions of jurisdiction currently do not apply in cyberspace as it does in the real world,
many businesses act as though there were a total lack of accountability for all parties. Because
of this, and of increased anonymity in cyberspace, identifying sources of information, both
incoming and outgoing, becomes problematic (Post, 1996). Again, the only solution available at
present is a dedicated effort led by IS that brings specialized knowledge workers and investment
resources together to protect information traffic from improper monitoring or tampering.
CONCLUSION
It should be obvious by now that viewing IS as a support function is no longer sufficient.
Executives should work to avoid the once-common practice of just dumping scarce resources on
IS-related projects. Rather, executives should remember to view IS from a strategic standpoint,
working to maximize their return on investments by using IS to their advantage. The
management of IS-related issues is a dynamic process that takes into consideration the ability
that IS brings to an organization to become more flexible in answering the forces of the
competitive environment. Thus, executives responsible for any organizational function should
be mindful to partner with IS wherever possible, or risk failure. Organizations that do not
include IS as a key strategic function will likely be doomed to failure also. Executives must
constantly monitor their alignment with the overall business strategy, which must also include an
overall IS strategy, especially as the competitive environment changes, technology changes,
customer expectations change, and regulatory requirements change.
REFERENCES
Allard, T. (2008). Terror's new frontier: Cyberspace. The Age Retrieved 28 March, 2010, from
http://www.theage.com.au/news/in-depth/terrors-new-frontier-
cyberspace/2008/04/18/1208025468962.html?page=fullpage#contentSwap1
Journal of Management and Marketing Research
Information systems as strategic, Page 15
Allen, J., & Westby, J. (2007). Characteristics of Effective Security Governance. Governing for
Enterprise Security (GES) Implementation Guide
Retrieved 28 March, 2010, from www.cert.org/archive/pdf/GES_IG_1_0702.pdf
Apparel Search (2010). Retrieved 28 March, 2010, from
http://www.apparelsearch.com/America.htm
Botts, N. O. (2004). Internal controls and corporate governance: under the Sarbanes-Oxley Act.
Austin, Tex.: AlexInformation.
Boudreau, M.-C., Loch, K. D., Robey, D., & Straud, D. (1998). Going Global: Using
information technology to advance the competitiveness of the virtual transnational
organization. Academy of Management Executive, 12(4), 120-128.
Brewster, M., & Dalzell, F. (2007). Driving change: the UPS approach to business (1st ed.).
New York: Hyperion.
Buckley, M. R., Carraher, S. M., Carraher, S. C., Ferris, G. R., & Carraher, C. E. (2008) Human
Resource Issues in Global Entrepreneurial High Technology Firms: Do they Differ?
Journal of Applied Management and Entrepreneurship, 13(1), 4-14.
Buelen, E. (2009). The contribution of a global service provider's Human Resources Information
System (HRIS) to staff retention in emerging markets: Comparing issues and
implications in six developing countries. Information Technology & People, 22(3), 270-
288.
CedarCrestone (2009). What are the latest trends in HR applications adoption. HR Focus, 86(12),
10-11.
CedarCrestone (2010). CedarCrestone 2009-2010 HR Systems Survey: HR Technologies,
Deployment Approaches, Value, and Metrics: CedarCrestone.
Chun, M., & Mooney, J. (2009). CIO Roles and Responsibilities: Twenty-five years of evolution
and change. Information and Management, 46(6), 323-334.
Davenport, T. H. (1993). Process innovation: reengineering work through information
technology. Boston, Mass.: Harvard Business School Press.
Erickson, K., & Howard, P. (2007). A case of mistaken identity? News accounts of hacker,
consumer, and organizational responsibility for compromised digital records. Journal of
Computer-Mediated Communication, 12(4), 1229-1247.
Fairhurst, D. (2009). Turn accepted thinking on its head. Human Resources, June, 2009.
Fan, W. (2009). Research on technology development of human resource management
information system. Management Science and Engineering, 3(2), 34-37.
Gauzente, C., & Ranchhod, A. (2001). Ethical Marketing for Competitive Advantage on the
Internet. Academy of Marketing Science Review, (10), 1-7.
Gunasekaran, A., & Ngai, E. W. T. (2004). Information systems in supply chain integration and
management. European Journal of Operational Research, 159(2), 269-295.
Hammer, M. (2001). The agenda: what every business must do to dominate the decade (1st ed.).
New York: Crown Business.
Hammer, M., & Champy, J. (1993). Reengineering the corporation: a manifesto for business
revolution (1st ed.). New York, NY: HarperBusiness.
Jackson, G. (2007). Compartments, Customers, or Convergence? EDUCAUSE Review, 42(3),
35-49.
Kahn, K., & Mentzer, J. (1996). Logistics and Interdepartmental Integration. International
Journal of Physical Distribution & Logistics Management, 26(8), 6-14.
Journal of Management and Marketing Research
Information systems as strategic, Page 16
Kavanagh, M. J., & Thite, M. (2009). Human resource information systems: basics,
applications, and future directions. Los Angeles: Sage.
Kelly, E. P. & Erickson, G. S. (2005) Ethical Perspectives on the Use of Radio Frequency
Identification Tags. Journal of Applied Management and Entrepreneurship, 10(3), 78-86.
Lacity, M. C. (2010). Why General Managers Need to Actively Participate in Information
Technology Decisions. Retrieved 10 April, 2010, from
http://www.umsl.edu/~lacitym/whymis.html
Lee, H. J., Kim, J. W., & Koh, J. (2008). A Contingent Approach to Knowledge Portal Design
for R&D Teams: Relative Importance of Knowledge Portal Functionalities. Expert
Systems with Applications, 36(2), 3662-3670.
McNurlin, B. C., Sprague, R. H., & Bui, T. X. (2009). Information systems management in
practice (8th ed.). Upper Saddle River, N.J.: Prentice Hall.
Milne, G. R., Rohm, A. J., & Bahl, S. (2004). Consumers' protection of online privacy and
identity. The Journal of Consumer Affairs, 38(2), 217-232.
Mujtaba, B. G. (2003). Ethical Implications of Employee Monitoring: What Leaders Should
Consider. Journal of Applied Management and Entrepreneurship, 8(3), 22-47.
Noe, R., Hollenbeck, J., Gerhart, B., & Wright, P. (2010). Human resource management:
gaining a competitive advantage (7th ed.). New York: McGraw-Hill.
O'Connor, R. (2008). Business Sense: More strategies to remain profitable in an economic
downturn. Motor (November, 2008), 53-56.
Pires, G., Stanton, J., & Rita, P. (2006). The Internet, Consumer Empowerment and Marketing
Strategies. European Journal of Marketing, 40(9/10), 936-949.
Post, D. (1996). Pooling Intellectual Capital: Thoughts on Anonymity, Pseudonymity, and
Limited Liability in Cyberspace. University of Chicago Legal Forum, 140.
Scholl, F., & Hollander, J. (2003). The Changing Privacy and Security Landscape. Business
Communications Review, May 2003.
Senate Bill No. 90 (2007). Committee on Budget and Fiscal Review. State Government:
Information Technology, Section 1 C.F.R. (2007).
Stauss, B. & Jedrassczyk, M. (2008) Business Process Outsourcing (BPO): Value creation
through external service providers. Journal of Applied Management and
Entrepreneurship, 13(3), 20-34.
Strohmeier, S., & Kabst, R. (2009). Organizational adoption of e-HRM in Europe: An empirical
exploration of major adoption factors. Journal of Managerial Psychology, 24(6), 482-
501.
Tanner, L. (2004). Why Outsource Now? Electric Perspectives, 29(2) 26.
Trainor, P. (2009). Jack Welch Says HR Managers Have the Most Important Job in America.
Retrieved 28 March, 2010, from http://hr.blr.com/HR-news/HR-
Administration/Workplace-Ethics/Jack-Welch-Says-HR-Managers-Have-the-Most-
Importan/
Volkoff, O., Strong, D., & Elmes, M. (2005). Understanding Enterprise Systems-Enabled
Integration. European Journal of Information Systems, 14, 110-120.
Wailgum, T. (2007). ERP Definition and Solutions. Retrieved 28 March, 2010, from
http://www.cio.com/article/40323/ERP_Definition_and_Solutions?page=9
Weill, P., & Ross, J. W. (2004). IT governance: how top performers manage IT decision rights
for superior results. Boston: Harvard Business School Press.
Journal of Management and Marketing Research
Information systems as strategic, Page 17
Wilske, S., & Schiller, T. (1998). International Jurisdiction in Cyberspace: Which states may
regulate the Internet? Federal Communications Law Journal, 50(a).
Wofford, T. D. (2002). Competitive Advantage: Strategy and human resources. Journal of
Applied Management and Entrepreneurship, 7(1). 135.
Wright, A. (2010). Forget the Classroom: Turn to the Web for Innovative Learning Techniques.
Retrieved 28 March, 2010, from
http://www.shrm.org/hrdisciplines/technology/Articles/Pages/WebTraining.aspx
Zeidner, R. (2008). Technology - A critical emerging competency for HR professionals.
Retrieved 28 March, 2010, from
http://www.shrm.org/hrdisciplines/technology/Pages/TechnologyIntro.aspx
IT Governance and its mechanisms Wim Van Grembergen, Ph.D., University of Antwerp (UFSIA), University of Antwerp Management School (UAMS)
Steven De Haes, University of Antwerp Management School (UAMS)
INTRODUCTION
IT governance is one of these words or concepts that suddenly emerged and became an important
issue in the information technology area. We don’t know exactly when this new challenge was
surfacing, but what we certainly know is that it is now a discussion issue within most organizations.
Some corporations and government agencies have started with the implementation of IT governance in
order to achieve the fusion between business and IT and to obtain the needed IT involvement of senior
management. In surveys, CIO’s also indicate IT governance as an important management priority. E.g.
in Gartner’s Topten CIO Management Priorities for 2003, “Improving IT governance” is for the first
time included and ranked third, and the linked issue “Providing guidance for the Board/Executive” is
ranked first.
In this article, we will define what IT governance is and explain its relationship with enterprise
governance. IT governance will be defined as the leadership and organizational structures, processes
ITAG RESEARCH INSTITUTE
1/14www.uams.be/itagwww.uams.be/itag
and relational mechanisms that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives. The article will also provide an IT governance framework
containing supporting structures, processes and relational mechanisms. The main objective of this
article is to contribute to the understanding of IT governance and how it can be achieved in practice.
Page 2
IT Governance and its mechanisms 2/14
IT GOVERNANCE DEFINITION
A variety of IT governance definitions has been developed of which we retain the two following
definitions (see also Van Grembergen et al., 2003b):
“IT governance is the responsibility of the Board of Directors and executive management. It is an
integral part of enterprise governance and consists of the leadership and organizational structures and
processes that ensure that the organization’s IT sustains and extends the organization’s strategy and
objectives” (IT Governance Institute, 2001).
“IT governance is the organizational capacity exercised by the Board, executive management and IT
management to control the formulation and implementation of IT strategy and in this way ensure the
fusion of business and IT” (Van Grembergen, 2002).
Although these definitions differ in some aspects, they focus to the same issues such as achieving the
link between business and IT and the primary responsibility of the Board. In Van Grembergen’s
definition it is indicated that also IT management must be involved in the IT governance processes.
However, there is a clear difference between IT governance and IT management. IT management is
focused on the effective supply of IT services and products and the management of the IT operations.
IT governance in turn is much broader and concentrates on performing and transforming IT to meet
present and future demands of the business and the business’ customers (Peterson, 2003). The
2/14www.uams.be/itagwww.uams.be/itag
definition of the IT Governance Institute states that IT governance is an integral part of enterprise or corporate governance. Indeed, to make sure that corporate governance matters are covered, IT needs
to be governed properly first. This relationship can be made more eloquent by translating the corporate
governance questions (Shleifer and Vishny, 1997) into specific IT governance questions (Table 1).
Table 1: IT Governance and Corporate Governance questions
Corporate Governance questions ⇨ IT Governance questions
How do suppliers of finance get
managers to return some of the profits
to them?
⇨ How does top management get
their CIO and IT organization to
return some business value to
them?
How do suppliers of finance make sure
that managers do not steal the capital
they supply or invest it in bad projects?
⇨ How does top management make
sure that their CIO and IT
organizations do not steal the
capital they supply or invest in bad
projects?
How do suppliers of finance control
managers?
⇨ How does top management control
their CIO and IT organization?
Adapted from: SHLEIFER A. AND VISHNY W., 1997, A survey on corporate governance, Journal of Finance, vol. 52, no.2
Page 3
IT Governance and its mechanisms 3/14
IT GOVERNANCE STRUCTURES, PROCESSES AND RELATIONAL MECHANISMS
The question is how enterprises can pragmatically implement IT governance? IT governance can be
deployed using a mixture of various structures, processes and relational mechanisms. When designing
IT governance for an organization, it is important to recognize that it is contingent upon a variety of
sometimes conflicting internal and external factors. Determining the right combination of mechanisms
is therefore a complex endeavor and it should be recognized that what works for one company does
not necessarily works for another. This means that different organizations may need a different
combination of different structures, processes and relational mechanisms.
To be able to place IT governance structures, processes and relational mechanisms in a
comprehensible relationship to each other, we propose the framework displayed in Table 2 which is
3/14www.uams.be/itagwww.uams.be/itag
based on Peterson’s framework (Peterson, 2003). Structures involve the existence of responsible functions such as IT executives and a diversity of IT committees. Processes refer to strategic decision
making and monitoring. The relational mechanisms include business/IT participation, strategic
dialogue, shared learning and proper communication.
Table 2: Structures, processes and relational mechanism for IT Governance
Structures Processes Relational
mechanisms
Tactics
IT Executives & accounts
Committees & councils
Strategic IT decision – making
Strategic IT monitorin
Stakeholder participation
BusinessIT partnerships
Strategic dialogue
Shared learning
Mechanisms
Roles and responsibilities
IT organization structure
CIO on Board
IT strategy committee
IT steering committee(s)
Strategic Informatio Systems Planning
Balanced (IT) scorecards
Information Economics
Service Level Agreements
COBIT and ITIL
IT alignment / governance maturity models
Active participation by principle stakeholders
Collaboration between principle stakeholders
Partnership rewards and incentives
Business/IT co location
Shared understanding of business/IT objectives
Active conflict resolution (‘non avoidance’)
Crossfunctional business/IT training
Crossfunctional business/IT job rotation
Based on: PETERSON, R. 2003, Information strategies and tactics for information technology governance, in Strategies for information technology governance, book edited by Van Grembergen W., Idea Group Publishing
Page 4
IT Governance and its mechanisms 4/14
Roles and responsibilities
Clear and unambiguous definitions of the roles and the responsibilities of the involved parties are
crucial and prerequisite for an effective IT governance framework. It is the role of the Board and
Executive Management to communicate these roles and responsibilities and to make sure that they are
4/14www.uams.be/itagwww.uams.be/itag
clearly understood throughout the whole organization. The Board as well as the business and IT management have to play an important role in assuring the governance of IT. The CIO is an important
but certainly not the only stakeholder in the IT governance process. The CEO has singular
responsibility for carrying out the strategic plans and policies that have been established by the Board,
and he should ensure that the CIO is part of and accepted in the seniorlevel decisionmaking process.
The CIO and the CEO should report on a regular basis to the Board, and the Board in its turn has to
play the role of independent overseer of business performance and compliance. The Board members
should keep their knowledge uptodate of current business models, management techniques,
technologies, and of course the potential risks and benefits associated with each of them (Duffy, 2002).
IT organization structure
Effective IT governance is of course also determined by the way the IT function is organized and where
the IT decisionmaking authority is located within the organization. In the past several models are
developed and implemented such as a centralized, a decentralized and a federal IT organization. A
dominant model in many contemporary enterprises is the federal structure that is often a hybrid design
of centralized infrastructure control and decentralized application control. This model tries to achieve
“the best of both worlds”, efficiency and standardization for the infrastructure and effectiveness and
flexibility for the development of applications.
IT Strategy Committee and IT Steering Committee
IT governance should be an integral part of enterprise governance, and in this way a primary concern
of the Board of Directors that is responsible for governing the enterprise. Boards may carry out their
governance duties through committees and considering the criticality of IT through an IT Strategy
Committee. The IT Strategy Committee, composed of Board and nonBoard members, should assist
the Board in governing and overseeing the enterprise’s ITrelated matters. This Committee should
ensure that IT is a regular item on the Board’s agenda and that it is addressed in a structured manner.
The IT Strategy Committee should of course work in close partnership with the other Board committees
and management committees to provide input to, review and amend the aligned enterprise and IT
strategies (IT Governance Institute, 2002). The implementation of the IT strategy will be the
responsibility of Executive Management assisted by one or more IT Steering Committees. Typically,
such a steering committee has the specific responsibility for overseeing major projects and managing
IT priorities, IT costs and IT resource allocation. While the IT Strategy Committee operates at the
Page 5 IT Governance and its mechanisms 5/14
Board level, the IT Steering Committee is situated at Executive level, which implies that they have
different membership and authority.
Strategic Information Systems Planning
An important element of IT governance is the alignment of IT with the business. Henderson and
Venkatraman (1993) developed their Strategic Alignment Model (SAM) to conceptualize and direct the
area of strategic management of IT. They were the first to describe in a clear way the interrelationship
between business strategies and IT. The model is based on two building blocks: strategic fit and
functional integration (Figure 1). Strategic fit recognizes that the IT strategy should be articulated in
terms of an external domain (how the firm is positioned in the IT marketplace) and an internal domain
(how the IT infrastructure should be configured and management). Strategic fit is equally relevant in
the business domain with similar attributes but focused to the business. Two types of functional
integration exist: strategic an operational integration. Strategic integration is the link between business
strategy and IT strategy reflecting the external components which is important since for many
companies IT emerged as a source of strategic advantage. Operational integration covers the internal
domain and deals with the link between organizational infrastructure and processes and IT
infrastructure and processes.
Figure 1: Strategic Alignment Model
Business Strategy
IT Strategy
Organizational infrastructure and
processes
IS infrastructure and processes
Ex te rn al
Inte
rn al
Business Information Technology
Functional Integration
Strategic fit
Business Strategy
IT Strategy
Organizational infrastructure and
processes
IS infrastructure and processes
Ex te rn al
Inte
rn al
Business Information Technology
Functional Integration
Strategic fit
HENSERSON J.C. AND VENKATRAMAN N., 1993, Strategic alignment: leveraging Information Technology for
5/14www.uams.be/itagwww.uams.be/itag
transforming organizations”, IBM Systems Journal, vol. 32, nr. 1
Page 6
IT Governance and its mechanisms 6/14
Although the SAMmodel clearly recognizes the need for continual alignment, it does not provide a
practical framework to implement this. But over the years, a broad variety of alignment mechanisms
has been developed and are used in organizations to achieve the business/IT fusion: Business
Systems Planning, Critical Success Factors, the competitive forces model and the value chain of
Porter, and Business Process Reengineering. Recently, Porter adapted his models to the ebusiness
(ecommerce) phenomenon concluding that “the internet per se will rarely be a competitive advantage”
and “many of the companies that succeed will be ones that use the internet as a complement to
traditional ways of competing, not those that set their internet initiatives apart from their established
operations” (Porter, 2001).
Balanced Scorecard
Another approach for the practical implementation of strategic alignment is the Balanced Scorecard
(BSC). Kaplan and Norton (1992) have introduced the BSC at enterprise level. Their fundamental
premise is that the evaluation of a firm should not be restricted to a traditional evaluation but should be
supplemented with measures concerning customer satisfaction, internal processes, and the ability to
innovate. Results achieved within these additional perspective areas should assure future financial
results and drive the organization towards its strategic goals while keeping all four perspectives in
balance. This concept has been applied to the IT function and its processes (see e.g. Van Grembergen
et al., 2003). Recognizing that IT is an internal service provider, the proposed perspectives of the
balanced scorecard should be changed accordingly, with corporate contribution, user orientation,
operational excellence and future orientation as perspectives. By using a cascade or waterfall of
balanced scorecards, a method for business and IT fusion is provided to senior management. To
achieve this, an IT development scorecard and an IT operational scorecard are defined as enablers for
the strategic IT balanced scorecard that in turn is the enabler of a business balanced scorecard (Figure
2). Linking the business BSC and the IT BSCs is a supportive mechanism for IT governance (Van
Gremberegen et al., (2003a).
Figure 2: Cascade of balanced scorecards
6/14www.uams.be/itagwww.uams.be/itag
IT Development
BSC
Business BSC IT
Strategic BSC
IT Operational
BSC
IT Development
BSC
Business BSC IT
Strategic BSC
IT Operational
BSC
VAN GREMBERGEN W. AND SAULL R., 2001, Aligning Business and Information Technology through the Balanced Scorecard at a Major Canadian Financial Group: its Status measured with and IT BSC Maturity Model, In proceedings of the 34the Hawaiï International Conference on System Sciences (HICCS), CDROM, Maui
Page 7
IT Governance and its mechanisms 7/14
Information Economics
The information economics method developed by Benson and Parker (1996) can be used as an
alignment/governance technique whereby both business and IT people score IT projects and in this
way prioritize and select projects. It departs from the Return On Investment (ROI) of a project and
different nontangibles such as “strategic match of the project” (business evaluation) and “match with
the strategic IT architecture” (IT evaluation). In essence, information economics is a scoring technique
resulting in a weighted total score based on the scores for the ROI and the nontangibles (see Figure
3). Typically scores from 0 to 5 are attributed whereby 0 means no contribution and 5 refers to a high
contribution; the values obtain a positive score and the risks a negative score.
Figure 3: Information Economics
Traditional ROI (+)
+ value linking (+) + value acceleration (+)
+ value restructuring (+) + innovation (+)
+ Business Value + IT Value= Adjusted ROI
∎ Strategic match (+) ∎ Competitive advantage (+) ∎ Competitive response (+) ∎ Management information (+) ∎ Service and quality (+) ∎ Environmental quality (+) ∎ Empowerment (+)
∎ Strategic IT architecture (+)
Traditional ROI (+)
+ value linking (+) + value acceleration (+)
+ value restructuring (+) + innovation (+)
+ Business Value + IT Value= Adjusted ROI
∎ Strategic match (+) ∎ Competitive advantage (+) ∎ Competitive response (+) ∎ Management information (+) ∎ Service and quality (+) ∎ Environmental quality (+) ∎ Empowerment (+)
∎ Strategic IT architecture (+)
7/14www.uams.be/itagwww.uams.be/itag
∎ Cycle time (+) ∎ Mass customization (+)
Business Risk IT Risk
∎ Business strategy risk () ∎ Business organization risk ()
∎ IT Strategy risk () ∎ Definitional uncertainty () ∎ Technical risk () ∎ IT service delivery risk ()
= VALUE (business contribution)
∎ Cycle time (+) ∎ Mass customization (+)
Business Risk IT Risk
∎ Business strategy risk () ∎ Business organization risk ()
∎ IT Strategy risk () ∎ Definitional uncertainty () ∎ Technical risk () ∎ IT service delivery risk ()
= VALUE (business contribution)
VAN GREMBERGEN W. AND VAN BRUGGEN R., 1997, Measuring and improving corporate Information Technology through the balanced scorecard technique, In proceedings of the European Conference on the Evaluation of Information Technology,
Delft, The Netherlands
Service Level Agreements
In a maturing IT governance environment, Service Level Agreements (SLAs) and their supporting
Service Level Management (SLM) process need to play an important. The functions of SLAs are (1) to
define of what levels of service are acceptable by users and are attainable by the service provider and
(2) to define the mutually acceptable and agreed upon set of indicators of the quality of service. The
SLM process includes the definition of a SLA framework, establishing SLAs including level of service
Page 8
IT Governance and its mechanisms 8/14
and their corresponding metrics, monitoring and reporting on the achieved services and problems
encountered, reviewing SLAs, and establishing improvement programs. The major governance
challenges are that the service levels are to be expressed in business terms and that the right
SLM/SLA process has to be put in place (Van Grembergen et al., 2003c).
COBIT and ITIL
COBIT (Control OBjectives for Information and related Technology) provides for 34 identified IT
processes their corresponding highlevel control objectives and management guidelines (see
www.isaca.org). The management guidelines include the processes’ maturity models and their
scorecards in the form of key goal indicators and key performance indicators. As illustrated in other
paragraphs of this article, maturity models and scorecards can assist organizations in achieving IT
governance. The control objectives can help to support IT governance within an enterprise. The
8/14www.uams.be/itagwww.uams.be/itag
control objectives of the “Assist and advise IT customers” process e.g. consist of establishing a help desk, registration of the customer queries, customer query escalation, monitoring of clearance, and
trend analysis and reporting. These highlevel control objectives can be implemented through the use
of the IT Infrastructure Library (ITIL) of the Central Computer and Telecommunications Agency (UK).
Its help desk module (CCTA, 1998) e.g. complements and provides details on the help desk process
including the planning, implementation, postimplementation, benefits and costs, and tools. So,
COBIT’s control objectives tell what to do and ITIL explains how to do it.
IT alignment/governance maturity models
To be able to measure alignment and governance maturity, organizations can use a maturity model.
This is a method of scoring that enables the organization to grade itself from nonexistent to (0) to
optimized (5). This tool offers an easytounderstand way to determine the “asis” and the “tobe”
position and enables the organization to benchmark itself against best practices and standard
guidelines. In this way, gaps can be identified and specific actions can be defined to move towards the
desired level of strategic alignment/governance maturity (Guldentops, 2003). Good examples of IT
maturity models are developed by Luftman (2003) and the IT Governance Institute (see www.itgi.org).
Both models use criteria composed of a variety of attributes to build different levels of maturity.
Luftman defines five maturity levels using the criteria and attributes described in the first two columns
of Table 3. The last two columns indicate the characteristics or values of each attribute to obtain a level
1 or level 5. When performing a maturity assessment, it is important to comply with the basic principles
of maturity measurement. One can only move to a higher maturity when all conditions described in a
certain maturity level are fulfilled. This implies that, in order to obtain maturity level 5, all attributes must
have the values described in the last column of Table 3.
Page 9
IT Governance and its mechanisms 9/14
Table 3: Strategic alignment maturity levels (Luftman)
Criteria Attribute Characteristics level 1 Characteristics level 5
Communications Understanding of business by IT Understanding of IT by
Minimum
Minimum
Pervasive
Pervasive
9/14www.uams.be/itagwww.uams.be/itag
business Inter/intraorganisational learning Protocol rigidity Knowledge sharing Liaison(s) breadth/effectiveness
Casual, adhoc
Command and control Adhoc None or adhoc
Strong and structured
Informal Extraenterprise Extraenterprise
Competency/valu e measurement
IT metrics
Business metrics
Balanced metrics
Service Level Agreements
Benchmarking
Formal assessments/reviews Continuous improvement
Technical, not related to business Adhoc, not related to IT
Adhoc unlinked
Sporadically present
Not generally practised
None None
Extended to external partners Extended to external partners Business, partner, & IT metrics Extended to external partners Routinely performed with partners Routinely performed Routinely performed
Governance Business strategic planning IT strategic planning Reporting/organization structure Budgetary control
IT investment management Steering committee(s) Prioritization process
Adhoc Adhoc Central/decentral, CIO report to CFO Cost center, erratic spending
Cost based, erratic spending Not formal/regular Reactive
Integrated across, external Integrated across, external CIO reports to CEO, federated Investment center, profit center Business value Partnership Value added partner
Partnership Business perception of IT value Role of IT in strategic business planning Shared goals, risks, rewards/penalties IT program management Relationship/trust style Business sponsor/champion
IT perceived as a cost of business No seat at the business table
IT takes risk with little reward Adhoc Conflict/minimum None
IT coadapts with business
Coadaptive with business
Risks & rewards shared
Continuous improvement Valued partnership At the CEO level
Scope and architecture
Traditional enabler/driver, external Standards articulation Architectural integration
Functional organization Enterprise
Interenterprise Architectural transparency, flexibility
Traditional (e.g. accounting, email) None or adhoc No formal integration
None
External scope, business strategy driver/enabler Interenterprise standards Evolve with partners
Integrated
Standard enterprise architecture With all partners
Across the infrastructure Skills Innovation, Discouraged The norm
Page 10 IT Governance and its mechanisms 10/14
entrepreneurship Locus of Power
Management style Change readiness Career crossover Education, crosstraining Attract and retain best talent
In the business
Command and control Resistant to change None None No program
All executives, including CIO Relationship based High, focused Across the enterprise Across the enterprise Effective program for hiring and retaining
LUFTMAN J, 2000, Assessing BusinessIT alignment Maturity, Communications of AIS, vol. 4
Within the management guidelines of COBIT, one of the products delivered are the maturity models for
each of the 34 IT processes. The first process identified by COBIT is “Define a strategic information
technology plan”. This process plays a very important role in the strategic alignment. Maturity level 1
entails that the need for IT strategic planning is known by IT management, but there is no structured
decision process in place. To achieve the highest level of 5, IT strategic planning should at least be a
documented and a living process, continuously be considered in business goal setting an result in
discernable business value through investments in IT. To be able to benchmark against other
organizations, Guldentops et al. (2002) conducted a maturity survey in 2002 asking the respondents to
assign a maturity score for 15 of the 34 IT processes. The main result of this survey is that, on the
average, the selfassessed maturity for these processes fluctuates between 2.00 and 2.5. The average
for IT strategic planning was also in this range. The IT Governance Institute recently developed a
specific IT Governance maturity model (Table 4). According to this model, enterprises that are
assessed at level 0 are characterized by a complete lack of any recognizable IT Governance process.
To move up to level 1, the organization at least needs to recognize the importance of addressing IT
Governance issues. Maturity 5 implies an advanced and forwardlooking understanding of IT
Governance issues and solutions, supported by an established framework and best practices of
structures, processes and relational mechanisms. It should be noted that the desired “tobe” position
should be identified in function of the context where one operates (industry, geography, size, etc.) and
of the enterprise strategy. When the “asis” and “tobe” positions are known, gaps can be determined,
project defined and specific actions be taken.
Table 1: IT Governance maturity model (IT Governance Institute)
0 Nonexistent There is a complete lack of any recognizable IT Governance process. The organization has not even recognized that there is an issue to be addressed and hence there is no communication about the issue. Governance, such as it is, is predominantly centralized within the IT organization, and IT budgets and decisions are made centrally. Business unit input is informal and done on a project basis. In some cases, a steering committee may be in place to help make resource decisions. 1 Initial /Ad Hoc The organization has recognized that IT Governance issues exist and need to be addressed. There are, however, no standardized review processes, but instead management considers IT management
10/14www.uams.be/itagwww.uams.be/itag
issues on an individual or casebycase basis. Management’s approach is unstructured and there isinconsistent communication on issues and approaches to address the problems that arise. Although it is recognized that the performance of the IT function ought to be measured, there are no proper metrics in place—reviews are based on individual managers’ requests. IT monitoring is implemented only reactively to an incident that has caused some loss or embarrassment to the organization.
Page 11
IT Governance and its mechanisms 11/14
Governance is difficult to initiate and the central IT organization and business units may even have an adversarial relationship. The organization is trying to increase trust between IT and the business and there are normally periodic joint meetings to review operational issues and new projects. Upper management is involved only when there are major problems or successes. 2 Repeatable but Intuitive There is awareness of IT Governance objectives, and practices are developed and applied by individual managers. IT Governance activities are becoming established within the organization’s change management process, with active senior management involvement and oversight. Selected IT processes have been identified for improvement that would impact key business processes. IT management is beginning to define standards for processes and technical architectures. Management has identified basic IT Governance measurements, assessment methods and techniques, but the process has not been adopted across the organization. There is no formal training and communication on governance standards and responsibilities are left to the individual. An IT steering committee has begun to formalize and establish its roles and responsibilities. There is a draft governance charter (e.g., participants, roles, responsibilities, delegated powers, retained powers, shared resources and policy). Small and pilot governance projects are initiated to see what works and what does not. General guidelines are emerging for standards and architecture that make sense for the enterprise and a dialogue has started to sell the reasons for their need in the enterprise. 3 Defined Process The need to act with respect to IT Governance is understood and accepted. A baseline set of IT Governance indicators is developed, where linkages between outcome measures and performance drivers are defined, documented and integrated into strategic and operational planning and monitoring processes. Procedures have been standardized, documented and implemented. Management has communicated standardized procedures and informal training is established. Performance indicators over all IT Governance activities are being recorded and tracked, leading to enterprisewide improvements. Although measurable, procedures are not sophisticated, but are the formalization of existing practices. Tools are standardized, using currently available techniques. IT balanced business scorecard ideas are being adopted by the organization. It is, however, left to the individual to get training, to follow the standards and to apply them. Root cause analysis is only occasionally applied. Most processes are monitored against some (baseline) metrics, but any deviation, while mostly being acted upon by individual initiative, would unlikely be detected by management. Nevertheless, overall accountability of key process performance is clear and management is rewarded based on key performance measures. The IT steering committee is formalized and operational, with defined participation and responsibilities agreed to by all stakeholders. The governance charter and policy is also formalied and documented. The governance organization beyond the IT steering committee is established and staffed. 4 Managed and Measurable There is full understanding of IT Governance issues at all levels, supported by formal training. There is a clear understanding of who the customer is and responsibilities are defined and monitored through service level agreements. Responsibilities are clear and process ownership is established. IT processes are aligned with the enterprise and with the IT strategy. Improvement in IT processes is based primarily upon a quantitative understanding and it is possible to monitor and measure compliance with procedures and process metrics. All process stakeholders are aware of risks, the importance of IT and the opportunities it can offer. Management has defined tolerances under which
11/14www.uams.be/itagwww.uams.be/itag
processes must operate. Action is taken in many, but not all cases where processes appear not to be working effectively or efficiently. Processes are occasionally improved and best internal practices are enforced. Root cause analysis is being standardized. Continuous improvement is beginning to be addressed. There is limited, primarily tactical, use of technology, based on mature techniques and enforced standard tools. There is involvement of all required internal domain experts. IT Governance evolves into an enterprisewide process. IT Governance activities are becoming integrated with the enterprise governance process. There is a fully operational governance structure that addresses a consistent architecture for re engineering and interoperation of business processes across the enterprise, and ensures competition for enterprise resources and ongoing incremental investments in the IT infrastructure. IT is not solely an IT organizational responsibility but is shared with the business units. 5 Optimized There is advanced and forwardlooking understanding of IT Governance issues and solutions. Training and communication is supported by leadingedge concepts and techniques. Processes have been refined to a level of external best practice, based on results of continuous improvement and maturity
Page 12
IT Governance and its mechanisms 12/14
modeling with other organizations. The implementation of these policies has led to an organization, people and processes that are quick to adapt and fully support IT Governance requirements. All problems and deviations are root cause analyzed and efficient action is expediently identified and initiated. IT is used in an extensive, integrated and optimized manner to automate the workflow and provide tools to improve quality and effectiveness. The risks and returns of the IT processes are defined, balanced and communicated across the enterprise. External experts are leveraged and benchmarks are used for guidance. Monitoring, selfassessment and communication about governance expectations are pervasive within the organization and there is optimal use of technology to support measurement, analysis, communication and training. Enterprise governance and IT Governance are strategically linked, leveraging technology and human and financial resources to increase the competitive advantage of the enterprise. The governance concept and structure forms the core of the enterprise IT governing body including provisions for amending the structure for changes in enterprise strategy, organization or new technologies
Relational mechanisms
Relational mechanisms are very important. It is possible that an organization has all IT governance
structures and processes in place, but that it doesn’t work out because business and IT do not
understand each other and/or are not working together. Or it may be that there is little business
awareness on the part of IT or little IT appreciation from the business. So, to reach an effective IT
governance a twoway communication and a good participation/collaboration relationship between the
business and IT people is needed. Ensuring ongoing knowledge sharing across departments and
organizations is paramount for attaining and sustaining business/IT alignment. It is crucial to facilitate
the sharing and the management of knowledge by using mechanisms such as career crossover (IT
staff working in the business units and business people working in IT), continuous education, cross
12/14www.uams.be/itagwww.uams.be/itag
training, etc.
CONCLUSION
This article defined IT Governance and discussed its relevant structures, processes and relational
mechanisms. Key element in IT governance is the alignment of the business and IT that must lead to
the achievement of business value. This high level goal can be achieved by acknowledging IT
governance as a part of enterprise governance and by setting up an IT governance framework with
best practices. Such a framework and practices should be composed of a variety of structures,
processes and relational mechanisms and will be contingent: what works for one organization may not
work for other organizations (e.g. the balanced scorecard method can be successful in some
organizations and not in other enterprises).
Page 13
IT Governance and its mechanisms 13/14
REFERENCES
• CCTA, 1998, Helpdesk. The stationary office • Duffy, J., 2002, IT/business alignment: Is it an option or is it mandatory?, IDC document, # 26831 • Duffy, J., 2002, IT governance and business value part I: IT governance – An issue of critical
importance, IDC document #27291 • Duffy, J., 2002, IT governance and business value part 2: Who’s responsible for what? IDC
document # 27807 • Guldentops, E., Van Grembergen, W. and De Haes, S., 2002, Control and governance maturity
survey: establishing a reference benchmark and a selfassessment tool, Journal of Information Systems Control, vol. 6
• Guldentops, E., 2003, Part and parcel of corporate governance, CIO Summit, European Financial
Management & Marketing Conference, Brussels • Henderson, J. and Venkatraman, N., 1993, Strategic alignment: leveraging information technology
for transforming organizations, IBM Systems Journal, 32, (1) • Luftman, J, 2000, Assessing BusinessIT alignment Maturity, Communications of AIS, vol. 4 • IT Governance Institute, 2001, Board briefing on IT governance, online available at www.itgi.org • IT Governance Institute, 2002, IT Strategy Committee, online available at www.itgi.org
13/14www.uams.be/itagwww.uams.be/itag
• Kaplan, R. and Norton, D., 1992, The balanced scorecard – measures that drive performance, Harvard Business Review, January/February, pp. 7179.
• Parker, M., 1996, Strategic transformation and information technology, Upper Saddle River (NJ). • Peterson, R., 2003, Information strategies and tactics for information technology governance, in
Strategies for information technology governance, book edited by Van Grembergen, W., Idea Group Publishing, Hershey (PA)
• Porter, M.E., 2001, Strategy and the internet, Harvard Business Review, MarchApril, pp.6378 • Shleifer, A. and Vishny, W., 1997, A survey on corporate governance, Journal of Finance, vol. 52,
no.2 • Van Grembergen, W. and Van Bruggen, R., 1997, Measuring and improving corporate Information
Technology through the balanced scorecard technique, In proceedings of the European Conference on the Evaluation of Information Technology, Delft, The Netherlands
• Van Grembergen, W., 2002, Introduction to the minitrack IT Governance and its Mechansims,
Proceedings of the 35th Hawaii International Conference on System Sciences (HICSS). • Van Grembergen, W., and Saull, R., 2001, Aligning Business and Information Technology through
the Balanced Scorecard at a Major Canadian Financial Group: its Status measured with and IT BSC Maturity Model, In proceedings of the 34the Hawaiï International Conference on System Sciences (HICCS), CDROM, Maui
• Van Grembergen, W., Saull, R. and De Haes, S., 2003a, Linking the IT balanced scorecard to the
business objectives at a major Canadian financial group, Journal of Information Technology Cases and applications, vo. 5, no. 1, pp. 2350..
• Van Grembergen, W., De Haes, S. and Guldentops, E., 2003b, Structures, processes and
relational mechanisms for information technology governance: theories and practices, in Strategies for information technology governance, book edited by Van Grembergen, W., Idea Group Publishing, Hershey (PA)
• Van Grembergen, W., De Haes, S. and Amelinckx, I., 2003c, Using COBIT and the balanced
scorecard as instruments for Service Level Management, Journal of Information Systems Control, vol. 4, pp. 5662.
Page 14
IT Governance and its mechanisms 14/14
About UAMS UAMS (University Antwerp Management School) has the ambition to be a “learning partner in management”, by offering a broad range of training programmes for future and current managers in the business world, in public services and socialprofit organizations. The priorities cover optimal quality
14/14www.uams.be/itagwww.uams.be/itag
control, interactive teaching methods, an emphasis on researchbased knowledge and best practice, an international orientation and a continuous adaptation of our programmes to the needs of the market.
About ITAG The Information Technology Alignment and Governance (ITAG) Research Institute, was established in within UAMS to host applied research in the domains of IT Governance and business/IT alignment. The research centre is an initiative of Prof. dr. Wim Van Grembergen and dr. Steven De Haes. Both have research and practical experience in the IT Governance and Strategic Alignment domains. Recently, this team was reinforced by senior researcher Hilde Van Brempt.
Contact UAMS ITAG Research Institute SintJacobsmarkt 913 B2000 Antwerpen Belgium www.uams.be/itag
Wim Van Grembergen, Ph.D. is a professor at the Information Systems Management Department of the University of Antwerp and an executive professor at the University of Antwerp Management School. He is academic director of the Information Technology and Alignment (ITAG) Research Institute and has conducted research in the areas of IT governance, value management and performance management. Over the past years, he has been involved in research and development activities of several COBIT products. He can be contacted at [email protected].
Steven De Haes, Ph.D. is responsible for the information systems management executive programs and research at the University of Antwerp Management School. He is managing director of the Information Technology and Alignment (ITAG) Research Institute and recently finalised a Ph.D. on IT governance and business/IT alignment. He has been involved in research and development activities of several COBIT products. He can be contacted at [email protected].
Best Practices in Information Technology Investment Management
Downloaded 11/8/2016 from: http://www.gao.gov/key_issues/leading_practices_information_technology_management/issue_summary#t=0 Source document, a U.S. government resource, has been modified for general applicability, clarity, and relevance to the course.
The Government Accountability Office (GAO) has identified a set of essential and complementary management disciplines that provide a sound foundation for information technology (IT) management. These include: IT Strategic Planning, Enterprise Architecture, IT Investment Management, and Information Security. Although these best practices are discussed as they apply to the federal government, they apply equally to any organization.
IT Investment Management
IT projects can significantly improve an organization's performance, but they can also become costly, risky, and unproductive. Organizations can maximize the value of IT investments and minimize the risks of IT acquisitions when they have an effective and efficient IT investment management process, which can be developed following these five stages:
• Stage 1: Create awareness o Raise awareness about the importance of a disciplined investment management
processes. • Stage 2: Build the foundation
o Create an investment review board, and define its membership, guiding policies, operations, roles, responsibilities, and authorities.
o For each project, develop a business case that identifies the key executive sponsor, business customers (or end users), and the business needs that the IT project will support.
o Introduce a defined process that the organization can use to select new IT proposals and reselect ongoing projects.
o Monitor projects against cost and schedule expectations as well as anticipated benefits and risks.
• Stage 3: Develop a complete investment portfolio o Define criteria for determining which investments to include in the investment
portfolio. Criteria could include quantitative or qualitative factors such as cost, benefit, schedule, and risk.
o Use the criteria to select investments for the portfolio. o Evaluate the portfolio by adding the element of portfolio performance to the
organization's control process activities. o Review IT projects by comparing actual results to estimates in order to learn
from past investments and initiatives.
• Stage 4: Improve the process o Evaluate the performance of the portfolio to improve both current IT investment
management processes and the future performance of the IT portfolio. o Analyze and manage the replacement of IT investments and assets with their
higher-value successors. • Stage 5: Leverage IT for strategic outcomes
o Optimize the investment management process and exploit IT decision making to improve the value of an IT investment management process.
o Learn about and implement other organizations' best practices for IT investment. o Use IT to renovate and transform work processes and to push the organization
to explore new and better ways to execute its mission.
- IFSM 301 - Week 1 Citations
- Bibliography
- Information Systems as a Strategic Partner in Organizational Performance
- IT Governance and its mechanisms (14)
- Best Practices in IT Investment Management - GAO
- Best Practices in Information Technology Investment Management
