Auditing Information Systems (AIS) Lecture – 5 - ‘IT Governance’
5 IT Governance
Transcript of 5 IT Governance
-
7/29/2019 5 IT Governance
1/36
IT Governance
ITUThursday, March 2, 2006
Michael Holm Larsen, Ph.D.E-mail: [email protected]
-
7/29/2019 5 IT Governance
2/36
Agenda
IT Governance: Learning Objectives Highlights from last lecture IT Governance Mechanisms IT Decisions IT Governance Archetypes Case: Novozymes IT Governance Review and Design Summary
-
7/29/2019 5 IT Governance
3/36
Learning Objectives
To understand Concepts and Principles
of IT Governance.
To be able to reivew and design IT
Governance structures in organisations.
-
7/29/2019 5 IT Governance
4/36
Highlights from last lecture
E-Business Models
-
7/29/2019 5 IT Governance
5/36
Elements of a Business Model
Definition:An architecture for product, service and
information flows
Business actors
Actor roles
Potential benefits Sources of revenue
Timmers (1998)
-
7/29/2019 5 IT Governance
6/36
A List of E-Business Models (Taxonomi 2)
E-Shop
E-Procurement
E-Auction E-Mall
3rd
PartyMarketplace
VirtualCommunity
Value ChainService Provider
CollaborationPlatform
Information
Broker Timmers (1998)
-
7/29/2019 5 IT Governance
7/36
Evaluation of an E-Business Model- Lazer & Livnat (2001)
A five-step evaluation process of e-Business models based on specific questionsregarding the economic viability of the e-Business model. These are:
1. What market failures and transaction costs are addressed by the businessmodel?
2. How effective can the e-commerce firm be in reducing the market failures ortransaction costs?
3. Will the e-commerce company be able to expropriate benefits fromcustomers?
4. What are the necessary resources to conduct the business?5. Can competitors erode profits? (sustainable profits; risks (market,
technology, financial); sensitivity)
The transaction costs address in particular sellers transactions costs of ordertaking costs, recording costs, display costs, mailing costs, and marketingcosts; buyers transactions costs of transportation costs, timing oftransactions, information gathering costs, information processing costs; andother benefits as personalization, price transparency, market making, and
network externalities.Lazer & Livnat (2001)
-
7/29/2019 5 IT Governance
8/36
Evolving the Business Model
4 mechanisms (cf. Applegate 2001):
Enhance. By adding new features and improvingexisting ones.
Expand. By adding new offerings or entering newmarkets with the same offering.
Extend. By adding new BMs or new businesses. Exit. Exit the business or market or drop a
product/service offering.
Think also value webs as a supplement to value chains.
Applegate (2001)
-
7/29/2019 5 IT Governance
9/36
IT Governance
-
7/29/2019 5 IT Governance
10/36
What is IT Governance ?
Definition:
IT Governance is defined as specifyingthe decision rights and accountabilityframeworks to encourage desirable
behaviour in using IT.
Weill & Ross (2004:2)
-
7/29/2019 5 IT Governance
11/36
What is IT Governance ?
Definition: IT Governance is defined as specifying the
decision rights and accountability frameworks
to encourage desirable behaviour in using IT.
What do we need to investigate further:
Decision rights (for whom? individuals and groups) Accountability frameworks (IT Governance mechanisms)
Encourage (empower & control)
Desirable behaviour ( vision and values, strategy andpolicies, norms and culture)
Weill & Ross (2004:2)
-
7/29/2019 5 IT Governance
12/36
Past and
Present
Future
PERSPEC
TIVE
Outward
Inward
TIME FRAME
What kinds of decisions?
Monitoring Policy
Accountability Strategy
-
7/29/2019 5 IT Governance
13/36
Alternative Definitions of IT Governance
Definition: IT Governance is defined as a structure of
relationships and processes to control the enterprise inorder to achieve the enterprises goals by adding value
while balancing risk versus return over IT and itsprocesses.
IT Governance Institute, www.itgi.org (2000)
IT Governance is the organisational capacity exercisedby the board, executive management, and ITmanagement to control the formulation andimplementation of IT Strategy and in this way ensure
the fusion of business and IT. Grembergen (2002)
-
7/29/2019 5 IT Governance
14/36
The Role of IT Governance
IT-based innovationIT use management
IT infrastructuremanagement
Project management
IT GOVERNANCE
Source: Sambamurthyand Zmud, MISQ, June 1999
-
7/29/2019 5 IT Governance
15/36
Exercise: Pair & Share
What kind of IT Governance Principles exists, andwhat is their purpose ?
-
7/29/2019 5 IT Governance
16/36
IT Governance Mechanisms
Formal integration structuresinvolve appointing ITexecutives and accounts, and institutionalizing special andstanding IT committees and councils (Decision structures)
Formal integration processesdescribe the formalization and
institutionalization of strategic decision-making/monitoringprocedures and performance (Alignment processes)
Relational integration structuresinvolve the activeparticipation of and collaborative relationships between
corporate executives, IT management, and businessmanagement (Communication structures)
Relational integration processesdescribe strategic dialogueand shared learning between principle business and ITstakeholders (Communication processes)
-
7/29/2019 5 IT Governance
17/36
How Are The Decisions Formed and Enacted ?
Service-level agreements
Business/IT relationship managers
IT council of business, IT executives
Architecture committee
Process teams with IT members
Executive committee
IT leadership committee
Chargeback arrangements
Specify, measure IT services
Ensure feedback, good iteration
Focus on driving value
Identify strategic technologies
Take a process view
Take a holistic view
Coordinate across the enterprise
Shape behavior, recoup costs
Governance Mechanisms Objective
-
7/29/2019 5 IT Governance
18/36
Effective IT Governance Principles- Examples
Decision-making structures Business/IT relation ship managers
Process teams with IT members
Achitecture committee
Alignment Processes Tracking of IT Projects and resources consumed
Service-level agreements (SLAs)
Formally tracking of business value of IT
Communication Approaches Office of CIO / IT Governance
Work with managers when they fail to follow the rules
Announcements from senior management
-
7/29/2019 5 IT Governance
19/36
5 Major IT Decisions
1. IT Principles
2. IT Architecture3. IT Infrastructure Strategies
4. Business Application Needs
5. IT Investments and Prioritasation
-
7/29/2019 5 IT Governance
20/36
Elaborating the IT Decisions
IT InfrastructureStrategies
IT Principles
IT Architecture
Business ApplicationNeeds
IT Investment and
Prioritisation
Strategies for the base foundation of budgeted-for IT capability(both technical and human), shared throughout the firm asreliable services, and centrally coordinated (e.g. network, helpdesk, shared data)
High level statements about how IT is used in the business
An integrated set of technical choices to guide the organization insatisfying business needs. The architecture is a set of policiesand rules that govern the use of IT and plot a migration path tothe way business will be done (includes data, technology, andapplications)
Business applications to be acquired or built
Decisions about how much and where to invest in IT includingproject approvals and justification techniques
-
7/29/2019 5 IT Governance
21/36
Some Governance Modes
Anarchy
Monarchy(Centralisation)
-
7/29/2019 5 IT Governance
22/36
Some Governance Modes
Federalism
Feudalism(Decentralisation)
-
7/29/2019 5 IT Governance
23/36
IT Governance Archetypes
Individual usersAnarchy
X
XX
XIT Execs + 1 groupIT Duopoly
XX
XXX
C-level Execs + min. 1Business groupFederal
XBU leaders, Pos or theirdelegates
Feudal
XIndividual or groups ofIT execsIT Monarchy
XIndividual or groups ofCxOs
BusinessMonarchy
Leaders /
ProcessOwners
Business
Unit IT
Execs
Decision Rightsor Input Rights
-
7/29/2019 5 IT Governance
24/36
3 Effective IT Governance Patterns
Anarchy
ITDuopoly
Federal
Feudal
ITMonarchy
BusinessMonarchy
IT
Investment &Prioritisation
Business
ApplicationsNeeds
IT
Infrastructure
IT
Architecture
IT
Principles
Domain
Style
Governance Performance = function of (cost effective use of IT, effective use of IT for assetutilasation, revenue growth, business flexibility)
3 3 3
3
3
2
2 2
2
2
1
1 1
1
1
Weill & Ross (2004:133)
-
7/29/2019 5 IT Governance
25/36
Exercise: Pair & Share
Is IT Governance a process or an outcome ?
-
7/29/2019 5 IT Governance
26/36
IT Governance Arrangements Matrix(GAM)
Input Decision
IT Principles
Input Decision
IT InfrastructureStrategies
Input Decision
IT Architecture
Input Decision
BusinessApplication Needs
Input Decision
IT Investment andPrioritization
BusinessMonarchy
ITMonarchy
Feudal
Federal
Duopoly
Domain
Style
-
7/29/2019 5 IT Governance
27/36
IT Governance Design Framework(GDF)
EnterpriseStrategy andOrganisation
IT Organisationand Desirable
Behaviour
ITGovernance
Arrangements
BusinessPerformance
Goals
ITGovernanceMechanisms
IT Metricsand
Accountabilities
Harmonise what ? Harmonise how ?
-
7/29/2019 5 IT Governance
28/36
Exercise: Group Work- The Case og Novozymes
Questions to consider:
1. Which Governance Arrangements does Novozymes apply ?
2. To what extend is the IT Governance Design of Novozymes
harmonised ?
3. To what extend is the current IT Governance structure sensitiveto corporate and national culture (a Globalisation question) ?
4. Which theoretical challenges/discussions may the case lead to?
Readings (you may skip section 2):Larsen, M.H. & Pedersen, M.K. & Andersen, K.V. (2006). IT Governance: Reviewing 17 IT
Governance Tools and Analysing the Case of Novozymes A/S. Proceedings of theHawaii International Conference on System Sciences (HICSS-39).
-
7/29/2019 5 IT Governance
29/36
Reviewing and Designing IT Governance
Map the organisations current governance Governance Design Framework (GDF) Governance Arrangements Matrix (GAM)
Gompare the GDF and GAM How well are the objectives of the GDF achieved by the arrangements of theGAM? Focus on performance goals not being achieved. How might governance arrangements be tweaked to adress performance
goals?
Audit IT Governance Mechanisms How many mechanisms are in use? Do the mechanisms overlap across more than one key IT decision? Are the mechanisms also used to govern the enterprises other assets?
Are the mechanisms effective independently and together?
As-Is Analysis
-
7/29/2019 5 IT Governance
30/36
Reviewing and Designing IT Governance
Design the To-Be Governance Structure Debate GDF with senior management Particular focus on upper left and right boxes of GDF, and the middle box of
GDF. Benchmark governance patterns with industry-leading organisations based on
similar performance goals. Governance design: Tailor a Governance Template to the organisations
culture, structure, strategy, and goals. Emphasis on alignment of incentive and reward systems with IT Governance.
Transform to the To-Be of the GDF and GAM of the organisation Communicate, teach, convince, refine, and measure the success of IT
Governance.
To-Be Analysis
Implementation
-
7/29/2019 5 IT Governance
31/36
Variations in Governance Patterns
Factors: Strategic and performance goals
Organisational structure Governance experience
Organisational size and diversity
Industry differences
Regional and cultural differences
-
7/29/2019 5 IT Governance
32/36
8 IT Governance CSFs
Critical Success Factors:1. Transparancy
2. Actively designed
3. Infrequently redesigned4. Education about IT Governance
5. Simplicity
6. An exeption-handling process7. Governance designed at multiple
organisational levels
8. Aligned incentives
-
7/29/2019 5 IT Governance
33/36
Exercise: Pair & Share
Structure
Style
Sharedvalues
Staff
Skills
Systems
Strategy
7S
McKinseys 7SManagementFramework
How does ITGovernance affectmanagement of
the 7S of anorganisation ?
Peters & Waterman (1982).In Search of Excellence.
-
7/29/2019 5 IT Governance
34/36
IT Governance andCorporate Governance
Definition of Corporate Governance: Corporate Governance is defined as
providing the structure for determining
organisational objectives and monitoringperformance to ensure that objectives areattained. (OECD 1999).
What is the relation between IT andCorporate Governance ?
-
7/29/2019 5 IT Governance
35/36
Lessons Learned: Manglende Corporateog IT Governance Mekanismer i Lego
De rapporterings- og planlgningsvrktjer, vihavde i Lego var bygget til en anden verden.
S det, jeg nok har lrt som bestyrelsesformand,er, at du selv er ndt til at g helt ned og sikre dig, atsystemerne fungere selv om det lyder pedantisk ogbogholderagtigt. Det er ikke nok at sidde og vre en
stor strateg.
Mads vlisen, Januar 2005.
-
7/29/2019 5 IT Governance
36/36
Sprgsml ?