Need Help with attached
IT Governance
Key Points
• Understand how IT governance structures define how decisions are made
• Describe IT governance based on organization structure, decision rights, and control
IT Governance
• Recall that decision rights is an important org design variable!
• Governance structures identify who has power and accountability, and who makes what decisions.
• Governance is aligning behavior with business goals through empowerment and monitoring. • Empowerment: granting the right to make decisions. • Monitoring: evaluating performance.
Four Perspectives of IT Governance
• Traditional – Centralized vs decentralized, hybrid
• Allocation & accountability
• Digital ecosystems
• Control structures from legislation
Traditional Perspective
IT Governance
• IT governance focuses on how decision rights can be distributed differently to facilitate three possible modes of decision making: • centralized, • decentralized, or • hybrid
• Organizational structure plays a major role.
Centralized vs. Decentralized Organizational Structures
• Centralized – bring together all staff, hardware, software, data, and processing into a single location.
• Decentralized – the components in the centralized structure are scattered in different locations to address local business needs.
• Federalism – a hybrid of centralized and decentralized structures.
Federalism
• Most companies would like to achieve the advantages of both centralization and decentralization.
• Leads to federalism • Distributes, power, hardware, software, data and personnel
between a central IT group and IT in business units • Some decisions centralized; some decentralized
Federal IT
Decision Archetypes
IT Governance
• More finite structure needed that just centralized/decentralized
• Balance of decision rights and accountability encourage desirable behavior
• Must match the CIO/IT manager’s decision rights with accountability for the decisions.
IT Accountability and Decision Rights Mismatches
Accountability Low High
Decision Rights
High Technocentric Gap • Danger of overspending on IT creating
an oversupply
• IT assets may not be utilized to meet business demand
• Business group frustration with IT group
Strategic Norm (Level 3) • IT is viewed as competent
• IT is viewed as strategic to business
Low Support Norm (Level 1) • Works for organizations where IT is
viewed as a support function
• Focus is on business efficiency
Business Gap • Cost considerations dominate IT decision
• IT assets may not utilize internal competencies to meet business demand
• IT group frustration with business group
IT Governance
• Good IT governance • Provides a structure to make good decisions • Limits the negative impact of organizational policies in IT-related
decisions
• Two major components: 1. Assignments of decision-making authority and responsibility 2. Decision-making mechanisms, e.g. policies, steering committee, etc.
Five major categories of IT decisions
Category Description Examples of Affected IT
Activities
IT Principles How to determine IT assets that are
needed
Participating in setting strategic
direction
IT Architecture How to structure IT assets Establishing architecture and
standards
IT Infrastructure
Strategies
How to build IT assets Managing Internet and network
services; data; human resources;
mobile computing
Business
Application
Needs
How to acquire, implement and maintain IT
(insource or outsource)
Developing and maintaining
information systems
IT Investment
and Prioritization
How much to invest and where to invest in
IT assets
Anticipating new technologies
Important to use the proper decision right allocation pattern for each category.
Political Archetypes (Weill & Ross)
• Archetypes label the combinations of people who either provide information or have key IT decision rights • Business monarchy, IT monarchy, feudal, federal, IT duopoly,
and anarchy
• For each decision category, the organization adopts an archetype as the means to obtain inputs for decisions and to assign responsibility for them.
• There is no best arrangement for the allocation of decision rights. • Organizations vary widely in their archetypes selected
IT Governance Archetypes
Decision-Making Mechanisms
• Policies and standards
• Review boards approve, monitor, and review specific topics
• Steering committees are a popular approach • They include key stakeholders • They can be formed at different levels: •Higher level (focus on CIO effectiveness) •Lower level (focus on details of various projects)
Platform-based Governance
Emergent Governance: Platform-Based Governance
• Challenge a “top down” approach • Digital ecosystems can grow up all around you • Applications, firms, ditial entities
• Firms find opportunities to exploit new technologies that were not anticipated
• Emerging technologies demand agile governance approaches • Firm no longer controls decisions about the technologies
• Examples: • Mobile computing • Cloud computing • IoT • Social media
Summary of Three Governance Frameworks
Governance Framework
Main Concept Possible Best Practice
Centralization- Decentralization
Decisions can be made by a central authority or by autonomous individuals or groups in an organization.
A hybrid, Federal approach
Decision Archetypes
Specifying patterns based upon allocating decision rights and accountability.
Tailor the archetype to the situation
Digital Ecosystems
Members of the ecosystem contribute their strengths, giving the whole ecosystem a complete set of capabilities.
Build flexibility and adaptability into governance.
Legislation
Sarbanes-Oxley Act (SoX) (2002)
• In response to major accounting scandals such as Enron and WorldCom
• To increase regulatory visibility and accountability of public companies and their financial health • All companies subject to the SEC are subject to SoX. • CEOs and CFOs must personally certify and be accountable for their firm’s
financial records and accounting. • Firms must provide real-time disclosures of any events that may affect a
firm’s stock price or financial performance. • 20 year jail term is the alternative. • IT departments play a major role in ensuring the accuracy of financial data.
IT Control and Sarbanes-Oxley
• IT departments play a major role in the accuracy of financial data
• IT departments began to •Identify controls, •Determine design effectiveness, and •Test to validate operation of controls
• IT managers must assess level of controls needed to mitigate risk