A common belief is that information security is only an issue for the IT Department. Review the following case study (attached) about IT governance and answer the following questions. B
A common belief is that information security is only an issue for the IT Department. Review the following case study (attached) about IT governance and answer the following questions.
Bhattacharjya, J., & Chang, V. (2007). The Role of IT Governance in the Evolution of Organizations in the Digital Economy: Cases in Australian Higher Education. 2007 Inaugural IEEE-IES Digital EcoSystems and Technologies Conference, 428-433.
> Do you believe IT security is only an issue for the IT Department? If yes, why? If not, why not?
> What do you believe are some key issues in the context of adopting formal IT governance processes in businesses or organizations?
> What are the business benefits of improving formal IT governance practices?
Need 3-4 pages. No introduction or conclusion needed. Must provide peer-reviewed citations including the attached paper.
Copyright © 2007 IEEE This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
Abstract — In recent years, IT governance has become a key
concern issue for senior IT decision makers across various in-
dustries. When appropriately implemented, IT governance can
play the role of a central nervous system effectively ensuring
the wellbeing of the organizational system. The health of the
organizational system ultimately contributes to the health of
the distributed business ecosystem in which the organization
co-exists with other organizations. The underlying goals for
adopting formal IT governance practices are improvement of
business performance and conformance with regulations. This
exploratory study examined how IT governance is imple-
mented in four Australian institutions of higher education
through a number of IT governance structures, processes, and
relational mechanisms. This paper discusses the importance of
these practices as these institutions increasingly compete and
collaborate with each other, various government agencies and
other research institutions in the digital economy.
Index Terms—business ecosystems, governance, IT govern-
ance processes, Australian higher education ecosystem
I. INTRODUCTION
IT governance has emerged as a vital issue for organiza-
tions across the world. This paper examines how formal IT
governance processes are implemented in four Australian
higher education institutions in the digital economy. A lit-
erature review of business ecosystems and IT governance
issues in the Australian higher education domain is pre-
sented in Section II. Section III discusses the research ques-
tions and methodology. The case study institutions are de-
scribed in Section IV. A discussion of IT governance proc-
esses in each institution is presented in Section V and a
summary in Section VI. Section VII discusses the evolu-
tionary status of the Australian higher education ecosystem
and the significance of IT governance practices in this con-
text with a conclusion in Section VIII.
II. LITERATURE REVIEW
A. Business Ecosystems
The term ‘ecosystem’ refers to a collection of organisms
living together with their environment and functioning as a
loosely interconnected dynamic unit [24]. The concept of a
‘business ecosystem’ was a strategic planning concept first
introduced by Moore [16], who wrote: “I suggest that a
company be viewed not as a member of a single industry
but as part of a business ecosystem that crosses a variety of
industries. In a business ecosystem, companies co-evolve
capabilities around a new innovation: they work
cooperatively and competitively to support new products,
satisfy customer needs, and eventually incorporate the next
round of innovation.” The elements of a business
ecosystem are: 1) governance, regulations and industrial
policy, 2) human capital, knowledge and practices, 3)
service and technical infrastructure, and 4) business and
financial conditions [9]. Nachira [9] describes the term
‘digital business ecosystem’ (DBE), as shown in Fig. 1, as a
complex ecosystem comprising of a business ecosystem
layer supported by a multilayer digital ecosystem.
D IG IT A L B U S IN E S S E C O S Y S T E M
D IG IT A L E C O S Y S T E M
NETWORK INFRASTRUCTURE
DIGITAL ECOSYSTEM
OPEN SOURCE KNOWLEDGE
AND SERVICE-ORIENTED
PLATFORM
DIGITAL ECOSYSTEM
COMPONENTS AND
SERVICES
BUSINESS ECOSYSTEM
Fig. 1 Multi-layer digital business ecosystem (after Nachira [9])
Although the Australian higher education ecosystem can
be discussed in terms of elements in all four layers of the
digital business ecosystem model in Fig. 1, this paper fo-
cuses on an important element associated with the top layer
(ie. business ecosystem layer) of the DBE – governance,
specifically IT governance. The wellbeing of the individual
enterprise can affect the wellbeing of the larger business
ecosystem in which it co-exists with other organizations.
Appropriate governance mechanisms therefore need to be in
place in individual enterprises to ensure that harmony in the
larger business ecosystem is maintained.
B. Corporate and IT governance
Corporate governance has become important worldwide,
especially in the wake of the Enron and MCI WorldCom
incidents in the US. The Australian Stock Exchange Corpo-
rate Governance Council defines corporate governance as
“… the system by which companies are directed and man-
aged. It influences how the objectives of the company are
set and achieved, how risk is monitored and assessed, and
how performance is optimised” [1]. IT governance has be-
come a key area under the umbrella of corporate govern-
ance because of the pervasive influence of information sys-
tems (IS) and the associated technology infrastructure in
every area of an organization’s activities. The IT Govern-
ance Institute describes IT governance as an integral part of
the corporate governance which consists of “the leadership
and organizational structures and processes that ensure an
organization’s IT sustains and extends the organization’s
Jyotirmoyee Bhattacharjya 1 and Vanessa Chang
2
1, 2 School of Information Systems, Curtin University of Technology, Perth, Australia
e-mail: j[email protected] ; [email protected]
The Role of IT Governance in the Evolution of Organizations in the
Digital Economy: Cases in Australian Higher Education
428
strategy and objectives” [12].
C. Previous research in IT governance
The term IT governance, started to appear in the litera-
ture towards the late 1990s, with its main proponent being
the IT Governance Research Institute [19]. Since then, the
need to implement and improve IT governance is recognized
by senior IT management across the world. However, im-
plementing IT governance is a complex undertaking (eg.
[5],[23],[15],[18],[20],[19]). A survey of top 10 priorities
for senior IT management by Gartner Inc. in 2003, found
the need to improve IT governance to be included for the
first time [20]. In 2003, the IT Governance Institute con-
ducted a survey through PricewaterhouseCoopers of 335
CEO/CIO level executives around the world to determine
their IT governance priorities [12]. The survey found while
75% executives recognized the requirement for implement-
ing IT governance only 40% were taking any action in this
direction.
De Haes and Van Grembergen [21] propose that IT gov-
ernance, as listed in Table 1, can be implemented through a
framework of structures, processes and relational mecha-
nisms. Structures include the existence of well defined roles
and responsibilities and IT steering committees. Processes
involve strategic IS planning and the use of various IT gov-
ernance frameworks which provide the IS organization with
the means to examine its activities and value to business.
Relational mechanisms include shared learning and strategic
dialogue between business and IT.
Key Elements in the implementation of IT governance
Structures: Roles and responsibilities, IT organisation structure, CIO on
board, IT strategy committee, IT steering committee(s)
Processes: Strategic information systems planning, Balanced IT score-
cards, Information Economics, Service Level Agreements, COBIT and
ITIL, IT alignment/governance maturity models
Relational mechanisms: Active participation and collaboration between
principle stakeholders, Partnership rewards and incentives, Business/IT
collocation, Cross-functional business/IT training and rotation
Table 1. Structures, process and relational mechanisms for
implementing IT Governance (De Haes and Van Grembergen [21])
D. IT governance frameworks and standards
A number of IT best practice frameworks and standards
such as Control Objectives for Information and Related
Technology (COBIT), ISO17799, IT Infrastructure Library
(ITIL) and Capability Maturity Model (CMM) are available
to IT organizations to help them improve their accountabil-
ity, governance, and management. COBIT is designed by the
IT Governance Institute as a high-level “umbrella” frame-
work for IT governance and it works well with frameworks
like ITIL and ISO17799 which focus on specific aspects of
IT management [8]. It contains 34 high-level control objec-
tives and 318 detailed control objectives defined for four IT
domains: planning and organization, acquisition and im-
plementation, delivery and support, and monitoring. ITIL is
the de-facto standard for IT service management and is or-
ganized around five areas: business perspective, application
management, infrastructure management, service delivery,
and service support. ISO17799 provides guidelines for
managing the security aspect of IT.
A recent Forrester Research survey of 135 IT managers
in North America revealed that about 20% rely on COBIT
while another 20% use ITIL [6]. These frameworks are not
necessarily mutually exclusive and increasing the value of
IT from a business perspective requires an understanding of
their strengths, weaknesses and focus [4]. IT governance
frameworks are being increasingly adopted because they not
only assure conformance with regulations but also help in
ensuring performance [17]. Organizations may benefit from
adopting what they find useful from each framework rather
than just adopting a single one [8].
In addition to these frameworks and standards, Austra-
lian organizations have 3 local standards available to guide
their IT governance and management practices [22]. These
are AS 8015-2005 (ICT governance standard), AS 8018.1-
2004 (specification for ICT service management) and AS
8018.2-2004 (code of practice for ICT service manage-
ment). The information and communication technology
(ICT) governance standard, AS 8015-2005, provides a set
of principles for business decision makers regarding the ef-
fective and efficient use of ICT within their organizations,
irrespective of the industry sector. The ICT service man-
agement standard, AS 8018.1-2004 adopts the British stan-
dard BS 15000-1:2002, and specifies the requirements for
delivering an acceptable quality of managed IT services.
The related standard, AS 8018.2-2004 adopts BS 15000-
2:2003 and recommends a common terminology for IT ser-
vice providers.
E. IT governance in Higher Education Domain
Higher education is a multi-billion dollar industry in
Australia, and as such, is importance to the country’s econ-
omy [10] [2]. It is a major consumer of IT products and ser-
vices as well as a major provider of services using ICT. IT
has helped the improvement of a range of activities includ-
ing research, teaching, learning and administration. Signifi-
cant developments have been made in the area of online
teaching and learning. The demand for IT based products
and services has also increased in the last 15 years due to a
rapid increase in student population.
Much work is required to be done by university govern-
ing bodies and policy makers in order for these universities
to tap and capitalize on emerging information technologies
to maintain their competitive positions internationally [10].
The issues range from infrastructure, applications, delivery
and services to staffing and appropriate regulatory frame-
works. Also, IT applications have not penetrated all aspects
of university teaching and effort is required to improve this
area. Despite the wide range of concerns facing IT govern-
ing bodies in Australian universities in the digital economy,
there has been very little research regarding how IT govern-
ance may be implemented in these institutions for it to pro-
vide optimal benefits to higher education.
III. RESEARCH QUESTION AND METHODOLOGY
The paper investigates the adoption of IT governance
practices in four Australian higher education institutions
and discusses the significance of these practices in the
higher education ecosystem. The research questions are:
429
1) How are formal IT governance practices adopted and
implemented within the higher education environment
in Australia?
2) What is the significance of formal IT governance prac-
tices in the context of the evolving higher education
ecosystem in Australia?
As suggested by Benbasat et al [11], the case research is
useful for addressing the “how” questions, ie., in the ex-
ploratory stage of knowledge building. This is particularly
useful for a study on IT governance in the context of higher
education institutions in Australia, where the knowledge of
researchers regarding new methods, techniques, problems
and prospects lags that of practitioners. Four leading Aus-
tralian institutions in different stages of adopting and im-
plementing formal IT governance practices were selected.
In keeping with participants’ requests for anonymity, the
institutions are referred to as Institutions A, B, C and D.
The data collected was primarily qualitative in nature. The
data was gathered from semi-structured interviews with 7
senior IT and 5 business decision makers as well as from
relevant documents obtained from interviewees and the
websites of the institutions. The interviews were recorded
and later transcribed and analyzed.
IV. THE CASE STUDY INSTITUTIONS
The four institutions all have documented corporate gov-
ernance structures and are in different stages of implement-
ing formal IT governance practices. Institutions A and C
have adopted formal IT governance practices since 2000.
Institution B has started formalizing its practices since the
beginning of 2006. Institution D has adopted formal IT
governance practices since 2004. The institutions have
revenues of between 300 to 500 million dollars and spend
between 6-10% of their revenue on IT. All four institutions
are members of the Australian Vice-Chancellor’s Commit-
tee (AVCC). While they cooperate for advancing Australian
higher education through this forum, they also compete
amongst each other for market share both locally and inter-
nationally.
V. IT GOVERNANCE FRAMEWORK
As indicated previously and also shown in Table 1, the
key elements of structures, processes, and relational mecha-
nisms are required to implement IT governance [21]. The
IT governance structures and relational mechanisms in these
institutions have been discussed elsewhere [13] [14], and
will only be discussed briefly here. The overall trend in
these institutions with IT governance structures is toward
centralization of the IT organization. IT governance rela-
tional mechanisms are directed at building closer ties with
the business. As stated earlier, IT governance processes in-
volve strategic decision making and the use of various per-
formance monitoring frameworks and tools such as Strate-
gic IS Planning, COBIT, ITIL, Balanced Scorecard, and oth-
ers [20]. This paper concentrates on the IT governance
processes in these institutions. Each institution’s strategic IS
planning is discussed first. This is followed with a discus-
sion of the adoption of various performance monitoring
frameworks and standards, and tools in each institution.
Issues surrounding the implementation of the above will
also be discussed.
A. Institution A
The institution has an overall strategic plan and follows a
balanced scorecard. IT has an ICT enabling plan, which is
regularly updated. An important issue is that this ICT ena-
bling plan is not directly associated with a budget for strate-
gic expenditures. The present budget allocation for ICT is
for staff, software licenses, site licenses, and refreshing the
IT infrastructure.
IT management decision making within the institution is
influenced by the guiding principles of the Australian ICT
governance standard AS 8015-2005 and the service man-
agement standards AS 8018.1-2004 and AS 8018.2-2004.
COBIT is adopted since the year 2000 for assessing and
improving the institution’s IT governance processes. A di-
rect effect of this has been the realization by senior IT deci-
sion makers that the effective utilization of COBIT across
the institution requires a centralized IT governance envi-
ronment. Given the size of the COBIT framework, only a
small number of processes and objectives are identified for
review each year. The objectives were initially based on a
large number of interviews conducted across the campus in
2000. In subsequent years, objectives have been identified
based on the original interviews and results of an annual
survey of student and staff satisfaction on IT issues.
ITIL is used as the standard for service management. A
number of operational level staff members have ITIL Foun-
dation training. The current focus is on getting better at in-
cident management, change management, problem man-
agement, IT strategic planning and managing the IT archi-
tecture. Consultative, Objective and Bi-functional Risk
Analysis (COBRA), based on ISO17799 is used for facili-
tating risk management.
Since COBIT requires the use of a standard project man-
agement methodology, Project Management Body of
Knowledge (PMBOK) is selected as the guide. Based on
the perceptions of business decision makers, in the last two
years IT has shown considerable maturity in project man-
agement and delivery. This is the result of adopting a strong
project management methodology. People Capability Ma-
turity Model (P-CMM) is the standard of IT staff manage-
ment and development. However, a lot of work is required
for staff development.
The value to business from the implementation of best
practice frameworks has been in terms of reducing the num-
ber of ad-hoc processes, bringing discipline to IT support
activities and improving accountability. Whilst IT has made
significant strides since the year 2000, the IT management
recognizes that there is a long journey ahead.
One problem in implementing frameworks like COBIT
has been the shortage of adequate staff. The demand for
staff time and services are also increasing. Most of the cen-
tral IT teams find it difficult and at times challenging to
achieve their operational objectives. Staffing in the server
support area, for example, consists of about 10 people sup-
porting 300 servers of various kinds, implementing, changes
to the infrastructure and managing large applications used
430
by thousands of people. Despite this, process improvements
continue to take place because of the continued commitment
of senior IT management.
Another difficulty area is finding appropriate perform-
ance metrics measurement. Current technical measures in-
clude percentage downtime, percentage access failure, and
the number of students accessing their email on the official
communications channel. A particular measure, the number
of available desktops in the laboratories was found to be not
particularly useful. It was found that when the number of
desktops was doubled based on survey responses; the satis-
faction level was actually lower than in the previous year.
Management decision makers in the institution attribute this
to the increasing expectations from ICT facilities. The insti-
tution continues to work on developing a balanced business-
IT metrics.
B. Institution B
Institution B has an overall strategic plan and central IT
undertakes strategic IS planning under the supervision of
the IT steering committee. While Institution A has primarily
used COBIT to evaluate and improve key IT processes, In-
stitution B used COBIT to develop its overall IT governance
model and outline the various roles and responsibilities. The
development of the IT governance model has resulted in
substantial involvement of business decision makers in
making decisions regarding IT investment, risk and priori-
ties. This has made it easier for business decision makers to
appreciate the value of key decisions regarding IT. The ini-
tial problem in the implementation of the model was the
lack of IT governance concepts amongst business decision
makers and resistance to change. This is gradually over-
come and the need for accountability for IT related decision
making across the institution is better accepted. This is
achieved by communicating to business decision makers
their roles and responsibilities in IT related decision making
for the benefit of the business, without making it necessary
for them to know the technical details of COBIT.
COBIT is also used for risk assessment and management.
While ISO17799 provides guidance with security, COBIT
guides management on how these goals should be achieved.
The IT security manager is trained in ISO17799 and will
undertake the security management training program pro-
vided by the developers of COBIT.
Capability is also being built up in the project manage-
ment and business process analysis domain to reduce the
current dependence on external consultants. Service level
agreements (SLAs) are in place for hosting and managing
application systems including the student system, the facili-
ties management system, the HR and finance system. At
present there is a lack of enterprise-wide standards for infra-
structure and applications. Other issues include the lack of
standards and controls and the existence of multiple help-
desks. As part of the central IT service desk project, it is
planned to implement ITIL to handle change and incident
management. Service desk staff are required to undertake
ITIL Foundation level training.
As in the case of Institution A there is difficulty in decid-
ing on which metrics to measure. Current metrics used in-
clude the number of service calls being answered to com-
pletion, the number of network and database administrators
and the ratio of total IT cost to organizational cost. How-
ever, there is a realization that these metrics are not ade-
quate for representing the value of IT to business.
C. Institution C
Intra-industry benchmarking is important in Institution C
due to the experience of the senior IT decision-maker with
IT benchmarking practices. IT undertakes strategic IS plan-
ning regularly and maintains SLAs with its clients within
the institution. Disaster recovery planning and business con-
tinuity planning (BCP) have been undertaken since 2004.
Being able to successfully involve the business side has re-
sulted in this institution being ahead of the others with re-
spect to BCP.
At present central IT is in the process of adopting ITIL
and both management and staff have received basic ITIL
training. While incident management with ITIL has been
accomplished satisfacto
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.