Governance of enterprise Information and Technology: A new core competency for boards of directors

With the level of digital disruption that is affecting businesses around the globe, you might expect high levels of Governance of Enterprise Information and Technology (GEIT) capability within boards. Boards and their senior executives know technology is important. More than 90% of boards and senior executives currently identify technology as essential to their current businesses, and to their organization’s future. But as few as 16% have sufficient GEIT capability. Global Centre for Digital Business Transformation’s recent research contains strong indicators of the need for change. Despite board awareness of both the likelihood and impact of digital disruption, things digital are still not viewed as a board-level matter in 45% of companies. And, it’s not just the board. The lack of board attention to technology can be mirrored at senior executive level as well. When asked about their organization’s attitude towards digital disruption, 43% of executives said their business either did not recognise it as a priority or was not responding appropriately. A further 32% were taking a “follower” approach, a potentially risky move as we will explain. Given all the evidence that boards know information and technology (I&T***) is vital, that they understand the inevitably, impact and speed of digital change and disruption, why are so many boards dragging their heels? Ignoring I&T disruption and refusing to build capability at board level is nothing short of negligence. Too many boards risk flying blind without GEIT capability [2]. To help build decision quality and I&T governance capability, this research: • Confirms a pressing need to build individual competency and cumulative, across-board capability in governing I&T • Identifies six factors that have rapidly increased the need, risk and urgency • Finds that boards may risk not meeting their duty of care responsibilities when it comes to I&T oversight • Highlights barriers to building capability details three GEIT competencies that boards and executives can use for evaluation, selection, recruitment and professional development.

Exploring the role of the governing body (board) in information technology governance : a study of Australian universities

In this thesis, I advance the understanding of information technology (IT) governance research and corporate governance research by considering the question “How do boards govern IT?” The importance of IT to business has increased over the last decade, but there has been little academic research which has focused on boards and their role in the governance of IT (Van Grembergen, De Haes and Guldentops, 2004). Most of the research on information technology governance (ITG) has focused on advancing the understanding and measurement of the components of the ITG model (Buckby, Best & Stewart, 2008; Wilkin & Chenhall, 2010), a model recommended by the IT Governance Institute (2003) as ‘best practice’ for boards to use in governing IT. IT governance is considered to be the responsibility of the board and is said to form an important subset of an organisation’s corporate governance processes (Borth & Bradley, 2008). Boards need to govern IT as a result of the large capital investment in IT resources and high dependency on IT by organisations. Van Grembergen, De Haes and Guldentops (2004) and De Haes & Van Grembergen (2009) indicate that corporate governance matters are not able to be effectively discharged unless IT is being governed properly, and call for further specific research on the role of the board in ITG. Researchers also indicate that the link between corporate governance and IT governance has been neglected (Borth & Bradley, 2008; Musson & Jordan, 2005; Bhattacharjya & Chang, 2008). This thesis will address this gap in the ITG literature by providing the bridge between the ITG and corporate governance literatures. My thesis uses a critical realist epistemology and a mixed method approach to gather insights into my research question. In the first phase of my research I develop a survey instrument to assess whether boards consider the components of the ITG model in governing IT. The results of this first study indicated that directors do not conceptualise their role in governing IT using the elements of the ITG model. Thus, I moved to focus on whether prominent corporate governance theories might elucidate how boards govern IT. In the second phase of the research, I used a qualitative inductive case based study to assess whether agency, stewardship and resource dependence theories explain how boards govern IT in Australian universities. As the first in-depth study of university IT governance processes, my research contributes to the ITG research field by revealing that Australian university board governance of IT is characterized by a combination of agency theory and stewardship theory behaviours and processes. The study also identified strong links between a university’s IT structure and evidence of agency and stewardship theories. This link provides insight into the structures element of the emerging enterprise governance of IT framework (Van Grembergen, De Haes & Guldentops, 2004; De Haes & Van Grembergen, 2009; Van Grembergen & De Haes, 2009b; Ko & Fink, 2010). My research makes an important contribution to governance research by identifying a key link between corporate and ITG literatures and providing insight into board IT governance processes. The research conducted in my thesis should encourage future researchers to continue to explore the links between corporate and IT governance research.

On IT governance structures and their effectiveness in collaborative organizational structures

Organizations today engage in various forms of alliances to manage their existing business processes or to diversify into new processes to sustain their competitive positions. Many of today’s alliances use the IT resources as their backbone. The results of these alliances are collaborative organizational structures with little or no ownership stakes between the parties. The emergence of Web 2.0 tools is having a profound effect on the nature and form of these alliance structures. These alliances heavily depend on and make radical use of the IT resources in a collaborative environment. This situation requires a deeper understanding of the governance of these IT resources to ensure the sustainability of the collaborative organizational structures. This study first suggests the types of IT governance structures required for collaborative organizational structures. Semi-structured interviews with senior executives who operate in such alliances reveal that co-created IT governance structures are necessary. Such structures include co-created IT-steering committees, co-created operational committees, and inter-organizational performance management and communication systems. The findings paved the way for the development of a model for understanding approaches to governing IT and evaluating the effectiveness for such governance mechanisms in today’s IT dependent alliances. This study presents a sustainable IT-related capabilities approach to assessing the effectiveness of suggested IT governance structures for collaborative alliances. The findings indicate a favourable association between organizations IT governance efforts and their ability to sustain their capabilities to leverage their IT resources. These IT-related capabilities also relate to measures business value at the process and firm level. This makes it possible to infer that collaborative organizations’ IT governance efforts contribute to business value.

IT governance in collaborative organizational structures

Organizations today engage in various forms of alliances to manage their existing business processes or to diversify into new processes to sustain their competitive positions. Many of today’s alliances use the IT resources as their backbone. The results of these alliances are collaborative organizational structures with little or no ownership stakes between the parties. The emergence of Web 2.0 tools is having a profound effect on the nature and form of these alliance structures. These alliances heavily depend on and make radical use of the IT resources in a collaborative environment. This situation requires a deeper understanding of the governance of these IT resources to ensure the sustainability of the collaborative organizational structures. This study reports on the first stage of this initiative. It suggest the types of IT governance structures required for collaborative organizational structures. Semi-structured interviews with senior executives who operate in such alliances reveal that co-created IT governance structures are necessary. Such structures include co-created IT-steering committees, cocreated operational committees, and inter-organizational performance management and communication systems. The findings pave the way for the development of a model for understanding approaches to governing IT and evaluating the effectiveness for such governance mechanisms in today’s IT dependent alliances.

Towards an effective IT governance structure for organizations in developing economies

The pervasive use of IT is prominent amongst organizations in developing economies. However, there is growing evidence that these economies fail to capitalize on their IT investment to transform their organizations to be competitive both locally and globally. IT-related benefits are possible with appropriate governance of the IT-related resources, and we need to broaden our understanding on the IT governance mechanics suitable for organizations in the developing economies. In this study, we adopted an initial interpretive design to obtain a deeper understanding of the IT governance (ITG) environment and conceptions of the stakeholders on effective IT governance structures for the developing economies. We found that the presence of an IT Strategic Planning Committee, Multiple level of authority, and a Forum for informal discussions as the crucial components of an ITG structure in developing economies.

On reconsideration of IT governance structures to govern cloud computing services

There is an increase in the uptake of cloud computing services (CCS). CCS is adopted in the form of a utility, and it incorporates business risks of the service providers and intermediaries. Thus, the adoption of CCS will change the risk profile of an organization. In this situation, organisations need to develop competencies by reconsidering their IT governance structures to achieve a desired level of IT-business alignment and maintain their risk appetite to source business value from CCS. We use the resource-based theories to suggest that collaborative board oversight of CCS, competencies relating to CCS information and financial management, and a CCS-related continuous audit program can contribute to business process performance improvements and overall firm performance. Using survey data, we find evidence of a positive association between these IT governance considerations and business process performance. We also find evidence of positive association between business process performance improvements and overall firm performance. The results suggest that the suggested considerations on IT governance structures can contribute to CCS-related IT-business alignment and lead to anticipated business value from CCS. This study provides guidance to organizations on competencies required to secure business value from CCS.

Governing cloud computing services: Reconsideration of IT governance structures

There is an increase in the uptake of cloud computing services (CCS). CCS is adopted in the form of a utility, and it incorporates business risks of the service providers and intermediaries. Thus, the adoption of CCS will change the risk profile of an organization. In this situation, organizations need to develop competencies by reconsidering their IT governance structures to achieve a desired level of IT-business alignment and maintain their risk appetite to source business value from CCS. We use the resource-based theories to suggest that collaborative board oversight of CCS, competencies relating to CCS information and financial management, and a CCS-related continuous audit program can contribute to business process performance improvements and overall firm performance. Using survey data, we find evidence of a positive association between these IT governance considerations and business process performance. We also find evidence of positive association between business process performance improvements and overall firm performance. The results suggest that the suggested considerations on IT governance structures can contribute to CCS-related IT-business alignment and lead to anticipated business value from CCS. This study provides guidance to organizations on competencies required to secure business value from CCS.

Evaluating the interdependencies between managing business change, IT sourcing and IT governance

Organisations need the right business and IT capabilities in order to achieve future business success. It follows that the sourcing of these capabilities is an important decision. Yet, there is a lack of consensus on the approach to decid-ing where and how to source the core operational capabilities. Furthermore, de-veloping its dynamic capability enables an organisation to effectively manage change its operational capabilities. Recent research has proposed that analysing business capabilities is a key pre-requisite to defining its Information Technology (IT) solutions. This research builds on these findings by considering the interde-pendencies between the dynamic business change capability and the sourcing of IT capabilities. Further it examines the decision-making oversight of these areas as implemented through IT governance. There is a good understanding of the direct impact of IT sourcing decision on operational capabilities However, there is a lack of research on the indirect impact to the capability of managing business change. Through a review of prior research and initial pilot field research, a capability framework and three main propositions are proposed, each examining a two-way interdependency. This paper describes the development of the integrated capa-bility framework and the rationale for the propositions. These respectively cover managing business change, IT sourcing and IT governance. Firstly, the sourcing of IT affects both the operational capabilities and the capability to manage business change. Similarly a business change may result in new or revised operational ca-pabilities, which can influence the IT sourcing decision resulting in a two-way rela-tionship. Secondly, this IT sourcing is directed under IT governance, which pro-vides a decision-making framework for the organisation. At the same time, the IT sourcing can have an impact on the IT governance capability, for example by out-sourcing key capabilities; hence this is potentially again a two-way relationship. Finally, there is a postulated two-way relationship between IT governance and managing business change in that IT governance provides an oversight of manag-ing business change through portfolio management while IT governance is a key element of the business change capability. Given the nature and novelty of this framework, a philosophical paradigm of constructivism is preferred. To illustrate and explore the theoretical perspectives provided, this paper reports on the find-ings of a case study incorporating eight high-level interviews with senior execu-tives in a German bank with 2300 employees. The collected data also include or-ganisational charts, annual reports, project and activity portfolio and benchmark reports for the IT budget. Recommendations are made for practitioners. An understanding of the interdependencies can support professionals in improving business success through effectively managing business change. Additionally, they can be assisted to evaluate the impact of IT sourcing decisions on the organisa-tion’s operational and dynamic capabilities, using an appropriate IT governance framework.

Developing sustainable IT-related capabilities : instrument development and test

Research has established that firms' IT-related capabilities at a point in time explain IT-related performance differences across firms. IT resources, however, are dynamic, and evolve at an exponential rate. This means we need to understand how to sustain firms' existing capabilities to leverage opportunities offered by new IT resources. Wet suggests a higher-level resource that can sustain firms' existing IT-related capabilities. Second, we report on the development of a valid and reliable measurement instrument for measuring this higher-level resource in four stages, which includes expert feedback and a field test. The validated instrument would be useful in extending the IT business value studies to investigate how firms can sustain their IT-related capabilities. This effort will provide a deeper understanding of how firms can secure sustainable IT-related business value from their acquired IT resources.

IT governance adoption in Malaysia : a preliminary investigation

IT Governance (ITG) adoption remains a relevant topic of study. While extensive research has been done looking into the drivers and critical success factors of ITG practice, there seems to be a lack of interest in identifying the barriers to its adoption. This study reports on a survey conducted to first: provide some primary data that suggest ITG adoption and maturity levels are still low, especially in a developing country like Malaysia; and second: to provide initial empirical support for model development. Results obtained supported our assumptions that: (1) ITG adoption and maturity levels are still relatively low in Malaysia, therefore justifying Malaysia as a suitable case; (2) organizational factors, environmental factors and characteristics of the innovation as identified from the literature may serve as possible barriers to adoption.

An exploratory study into audit challenges in IT governance : a Delphi approach

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

Optimising COBIT 5 for IT governance : examples from the public sector

Control Objectives for Information and related Technology (COBIT) has grown to be one of the most significant IT Governance (ITG) frameworks available and also the best suited for audit, as it provides comprehensive guidance around IT processes and related business goals. However, given the constraints of both time and resources within which the Australian public sector is forced to operate, implementing an audit framework the size of COBIT in its entirety is often considered too large a task. As an alternative to full implementation it is not uncommon for the public sector to “cherry pick” controls from the framework in an effort to reduce its size. This paper reports on research undertaken to evaluate the potential to use an optimised sub-set of COBIT 5 for ITG audit in Australian public sector organisations. A survey methodology was employed to determine the control-objectives considered to be the most important to a selection of public sector organisations. Twelve control-objectives were identified as being most important to Queensland public sector organisations. As ten of these were also identified by previous studies, it appears possible to derive an optimised sub-set from COBIT 5 that would be both enduring and relevant across geographical and organisational contexts.

A Delphi study into the audit challenges of IT governance in the Australian public sector

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

Barriers to formal IT Governance practice - insights from a qualitative study

IT Governance (ITG) continues to be a top priority for organizations, public and non-public. While the level of awareness towards ITG is evident, it is hardly manifested in practice. The purpose of this study is to elicit factors that act as barriers to the adoption of formal ITG practice. This qualitative study consists of 9 semi-structured interviews with the key person in charge of ITG adoption and practice within their respective organizations. The interviews were analyzed using thematic content analysis, guided by themes previously obtained from the literature and from an earlier pilot study. Findings obtained supported previous findings and also reveal new factors noticeably absent from the ITG literature. The findings will provide useful input towards the development of a causal model on barriers to formal ITG practice

Beyond normal competencies : understanding organisation designs to develop and sustain IT-related capabilities

It is apparent that IT resources are important for organisations. It is also clear that organisations unique competencies, their IT-related capabilities, leverage the IT resources uniquely to create and sustain competitive advantage. However, IT resources are dynamic, and evolve at an exponential rate. This means that organisations will need to sustain their competencies to leverage opportunities offered by new IT resources. Research on ways to sustain IT-related capabilities is limited and a deeper understanding of this situation is important. Amongst other factors, a possible reason for this lack of progress in this area could be due to the lack of validated measurement items of the theoretical constructs to conduct such studies. We suggest an environment in which organisations could build new and sustain their existing IT-related capabilities. We then report on the development of valid and reliable measures for this environment. The validated measures would be useful in extending our understanding on how firms could sustain their IT-related capabilities. This effort will provide a deeper understanding of how firms can secure sustainable IT-related business value from their acquired IT resources.