Governance of enterprise Information and Technology: A new core competency for boards of directors

With the level of digital disruption that is affecting businesses around the globe, you might expect high levels of Governance of Enterprise Information and Technology (GEIT) capability within boards. Boards and their senior executives know technology is important. More than 90% of boards and senior executives currently identify technology as essential to their current businesses, and to their organization’s future. But as few as 16% have sufficient GEIT capability. Global Centre for Digital Business Transformation’s recent research contains strong indicators of the need for change. Despite board awareness of both the likelihood and impact of digital disruption, things digital are still not viewed as a board-level matter in 45% of companies. And, it’s not just the board. The lack of board attention to technology can be mirrored at senior executive level as well. When asked about their organization’s attitude towards digital disruption, 43% of executives said their business either did not recognise it as a priority or was not responding appropriately. A further 32% were taking a “follower” approach, a potentially risky move as we will explain. Given all the evidence that boards know information and technology (I&T***) is vital, that they understand the inevitably, impact and speed of digital change and disruption, why are so many boards dragging their heels? Ignoring I&T disruption and refusing to build capability at board level is nothing short of negligence. Too many boards risk flying blind without GEIT capability [2]. To help build decision quality and I&T governance capability, this research: • Confirms a pressing need to build individual competency and cumulative, across-board capability in governing I&T • Identifies six factors that have rapidly increased the need, risk and urgency • Finds that boards may risk not meeting their duty of care responsibilities when it comes to I&T oversight • Highlights barriers to building capability details three GEIT competencies that boards and executives can use for evaluation, selection, recruitment and professional development.

Leading Digital Transformation: Building Technology and Information Governance Capability in Boards of Directors and the C-Suite

Information and technology and its use in organisation transformation presents unprecedented opportunities and risks. Increasingly, the Governance of Enterprise Information and Technology (GEIT) competency in the board room and executive is needed. Whether your organization is small or large, public, private or not for profit or whether your industry is not considered high-tech, IT is impacting your sector – no exceptions. But there is a skill shortage in boards: GEIT capability is concerningly low. This capability is urgently needed across the board, including those directors who come from finance, legal, marketing, operations and HR backgrounds. Digital disruption also affects all occupations. Putting in place a vision will help ensure emergency responses will meet technology-related duty of care responsibilities. When GEIT-related forward thinking and planning is carried out at the same time that you put your business strategy and plan in place, your organization has a significantly increased chance of not only surviving, but thriving into the future. Those organizations that don’t build GEIT capability risk joining the growing list of once-leading firms left behind in the digital ‘cloud of smoke’. Those organizations that do will be better placed to reap the benefits and hedge against the risks of a digital world. This chapter provides actionable, research-based considerations and processes for boards to use, to build awareness, knowledge and skills in governing technology-related organization strategy, risk and value creation.

Optimising COBIT 5 for IT governance : examples from the public sector

Control Objectives for Information and related Technology (COBIT) has grown to be one of the most significant IT Governance (ITG) frameworks available and also the best suited for audit, as it provides comprehensive guidance around IT processes and related business goals. However, given the constraints of both time and resources within which the Australian public sector is forced to operate, implementing an audit framework the size of COBIT in its entirety is often considered too large a task. As an alternative to full implementation it is not uncommon for the public sector to “cherry pick” controls from the framework in an effort to reduce its size. This paper reports on research undertaken to evaluate the potential to use an optimised sub-set of COBIT 5 for ITG audit in Australian public sector organisations. A survey methodology was employed to determine the control-objectives considered to be the most important to a selection of public sector organisations. Twelve control-objectives were identified as being most important to Queensland public sector organisations. As ten of these were also identified by previous studies, it appears possible to derive an optimised sub-set from COBIT 5 that would be both enduring and relevant across geographical and organisational contexts.

Enterprise technology governance: New information and technology core competencies for boards of directors

Boards of directors have legal and ethical responsibilities to be competent. Yet, in a world where business models and whole sectors are being disrupted by rapid information and technology change, a majority of directors lack IT governance knowledge and skills. Individual IT competency and collective board Enterprise Technology Governance capability is a global problem. Without capability, boards are potentially flying blind, and risk is increased and opportunities to lead and govern digital transformation lost. To address this capability gap, this research provides the first multi-industry validated Enterprise Technology Governance competency set for use in board evaluation, recruitment and professional development.

On IT governance structures and their effectiveness in collaborative organizational structures

Organizations today engage in various forms of alliances to manage their existing business processes or to diversify into new processes to sustain their competitive positions. Many of today’s alliances use the IT resources as their backbone. The results of these alliances are collaborative organizational structures with little or no ownership stakes between the parties. The emergence of Web 2.0 tools is having a profound effect on the nature and form of these alliance structures. These alliances heavily depend on and make radical use of the IT resources in a collaborative environment. This situation requires a deeper understanding of the governance of these IT resources to ensure the sustainability of the collaborative organizational structures. This study first suggests the types of IT governance structures required for collaborative organizational structures. Semi-structured interviews with senior executives who operate in such alliances reveal that co-created IT governance structures are necessary. Such structures include co-created IT-steering committees, co-created operational committees, and inter-organizational performance management and communication systems. The findings paved the way for the development of a model for understanding approaches to governing IT and evaluating the effectiveness for such governance mechanisms in today’s IT dependent alliances. This study presents a sustainable IT-related capabilities approach to assessing the effectiveness of suggested IT governance structures for collaborative alliances. The findings indicate a favourable association between organizations IT governance efforts and their ability to sustain their capabilities to leverage their IT resources. These IT-related capabilities also relate to measures business value at the process and firm level. This makes it possible to infer that collaborative organizations’ IT governance efforts contribute to business value.

IT governance in collaborative organizational structures

Organizations today engage in various forms of alliances to manage their existing business processes or to diversify into new processes to sustain their competitive positions. Many of today’s alliances use the IT resources as their backbone. The results of these alliances are collaborative organizational structures with little or no ownership stakes between the parties. The emergence of Web 2.0 tools is having a profound effect on the nature and form of these alliance structures. These alliances heavily depend on and make radical use of the IT resources in a collaborative environment. This situation requires a deeper understanding of the governance of these IT resources to ensure the sustainability of the collaborative organizational structures. This study reports on the first stage of this initiative. It suggest the types of IT governance structures required for collaborative organizational structures. Semi-structured interviews with senior executives who operate in such alliances reveal that co-created IT governance structures are necessary. Such structures include co-created IT-steering committees, cocreated operational committees, and inter-organizational performance management and communication systems. The findings pave the way for the development of a model for understanding approaches to governing IT and evaluating the effectiveness for such governance mechanisms in today’s IT dependent alliances.

IT governance adoption in Malaysia : a preliminary investigation

IT Governance (ITG) adoption remains a relevant topic of study. While extensive research has been done looking into the drivers and critical success factors of ITG practice, there seems to be a lack of interest in identifying the barriers to its adoption. This study reports on a survey conducted to first: provide some primary data that suggest ITG adoption and maturity levels are still low, especially in a developing country like Malaysia; and second: to provide initial empirical support for model development. Results obtained supported our assumptions that: (1) ITG adoption and maturity levels are still relatively low in Malaysia, therefore justifying Malaysia as a suitable case; (2) organizational factors, environmental factors and characteristics of the innovation as identified from the literature may serve as possible barriers to adoption.

Towards an effective IT governance structure for organizations in developing economies

The pervasive use of IT is prominent amongst organizations in developing economies. However, there is growing evidence that these economies fail to capitalize on their IT investment to transform their organizations to be competitive both locally and globally. IT-related benefits are possible with appropriate governance of the IT-related resources, and we need to broaden our understanding on the IT governance mechanics suitable for organizations in the developing economies. In this study, we adopted an initial interpretive design to obtain a deeper understanding of the IT governance (ITG) environment and conceptions of the stakeholders on effective IT governance structures for the developing economies. We found that the presence of an IT Strategic Planning Committee, Multiple level of authority, and a Forum for informal discussions as the crucial components of an ITG structure in developing economies.

An exploratory study into audit challenges in IT governance : a Delphi approach

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

A Delphi study into the audit challenges of IT governance in the Australian public sector

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

Barriers to formal IT Governance practice - insights from a qualitative study

IT Governance (ITG) continues to be a top priority for organizations, public and non-public. While the level of awareness towards ITG is evident, it is hardly manifested in practice. The purpose of this study is to elicit factors that act as barriers to the adoption of formal ITG practice. This qualitative study consists of 9 semi-structured interviews with the key person in charge of ITG adoption and practice within their respective organizations. The interviews were analyzed using thematic content analysis, guided by themes previously obtained from the literature and from an earlier pilot study. Findings obtained supported previous findings and also reveal new factors noticeably absent from the ITG literature. The findings will provide useful input towards the development of a causal model on barriers to formal ITG practice

IT governance stability in a political changing environment : exploring potential impacts in the public sector

Public sector organisations (PSOs) operate in information-intensive environments often within operational contexts where efficiency is a goal. What's more, the rapid adoption of IT is expected to facilitate good governance within public sector organisations but it often clashes with the bureaucratic culture of these organisations. Accordingly, models such as IT Governance (ITG) and government reform -in particular the new public management (NPM)- were introduced in PSOs in an effort to address the inefficiencies of bureaucracy and under performance. This work explores the potential effect of change in political direction and policy on the stability of IT governance in Australian public sector organisations. The aim of this paper is to examine implications of a change of government and the resulting political environment on the effectiveness of the audit function of ITG. The empirical data discussed here indicate that a number of aspects of audit functionality were negatively affected by change in political direction and resultant policy changes. The results indicate a perceived decline in capacity and capability which in turn disrupts the stability of IT governance systems in public sector organisations.

On reconsideration of IT governance structures to govern cloud computing services

There is an increase in the uptake of cloud computing services (CCS). CCS is adopted in the form of a utility, and it incorporates business risks of the service providers and intermediaries. Thus, the adoption of CCS will change the risk profile of an organization. In this situation, organisations need to develop competencies by reconsidering their IT governance structures to achieve a desired level of IT-business alignment and maintain their risk appetite to source business value from CCS. We use the resource-based theories to suggest that collaborative board oversight of CCS, competencies relating to CCS information and financial management, and a CCS-related continuous audit program can contribute to business process performance improvements and overall firm performance. Using survey data, we find evidence of a positive association between these IT governance considerations and business process performance. We also find evidence of positive association between business process performance improvements and overall firm performance. The results suggest that the suggested considerations on IT governance structures can contribute to CCS-related IT-business alignment and lead to anticipated business value from CCS. This study provides guidance to organizations on competencies required to secure business value from CCS.

Governing cloud computing services: Reconsideration of IT governance structures

There is an increase in the uptake of cloud computing services (CCS). CCS is adopted in the form of a utility, and it incorporates business risks of the service providers and intermediaries. Thus, the adoption of CCS will change the risk profile of an organization. In this situation, organizations need to develop competencies by reconsidering their IT governance structures to achieve a desired level of IT-business alignment and maintain their risk appetite to source business value from CCS. We use the resource-based theories to suggest that collaborative board oversight of CCS, competencies relating to CCS information and financial management, and a CCS-related continuous audit program can contribute to business process performance improvements and overall firm performance. Using survey data, we find evidence of a positive association between these IT governance considerations and business process performance. We also find evidence of positive association between business process performance improvements and overall firm performance. The results suggest that the suggested considerations on IT governance structures can contribute to CCS-related IT-business alignment and lead to anticipated business value from CCS. This study provides guidance to organizations on competencies required to secure business value from CCS.