Critical Imperativeness of IT Governance

Examining the Critical Imperativeness of IT Governance: IT/Business Alignment, Value Creation and Risk Management

Goodluck Enimakpokpo, PMP -----------------------------------------------------------------------------------------------Tel: +234 808 725 4441; Email: goodluckomole@gmail.com ----------------------------------------------------------------------------------------------------------

Jan, 2012

Critical Imperativeness of IT Governance

Abstract Essentially, IT Governance deals with executive involvement and interest in IT systems investments and usage within an organization. In addition, IT Governance defines the patterns of authority for key IT activities within the enterprise value chain, including IT infrastructure, use, and project management. Proper IT Governance ensures that IT delivery structure, content, and processes are well aligned with the overall business goals and strategy of the organization. Universally, calls to ensure strategic alignment between information technology strategy and the overall corporate strategy have intensified over the last three decades. Several recent studies have demonstrated that sound IT strategy can be used as platform to drive performance, stimulate new opportunities, enhance sustainable growth, and profitability. Also, research evidences have shown abundantly too that the value impact of IT has grown beyond mere providing back-end support role to becoming front-end business enabler in most organizations. Therefore, it is critical to establish a business environment where there is strategic harmony between IT and the overall business objectives of the organization. This paper examines existing literatures on the subject of IT Governance specifically as it affects enterprise IT/Business alignment, value creation and risk management. The objective is to deepen existing insight as well as harmonize a few of the prior findings on how sound IT governance strategy can help secure the enterprise future, improve performance, sustain growth, and keep the organization ahead of the competition.

Critical Imperativeness of IT Governance

Introduction IT Governance generally refers to executive involvement and interest in the enterprise IT systems investments and usage. Increasingly across the globe, business leaders are realizing the significant extent that information technology can have on the overall business performance of the organization. This has significantly heightened management understanding and involvement of the way IT-related investment decisions are made and system utilizations within the enterprise. Generally, management has the responsibility to ensure that a IT/IS infrastructure is in place to provides the necessary platform to effectively manage business risks, create additional values, improve competitive advantage, and grow the enterprise bottom-line ( ITGI, 2003 ; Gillan, 2006). Unarguably, good IT governance is particularly important to business success in the sense that poor technology conception, planning, implementation, and utilization can significantly affect the future and competitive capability of any enterprise (Scheel, 2005, p.42). Thus, sound IT governance enforces executive involvements in IT system investment, business alignment, transparency, and accountability. IT governance is about delivery of value to business and IT risks mitigationwhile the former is driven by IT/Business strategies alignment, the latter is driven by enterprise transparency and accountability. In both cases, adequate resources must be allocated resources to support the process for optimal result. However, there are five domains of IT governance. They included: strategic alignment, resource management, performance measurement, value delivery and risk management. All domains are driven by stakeholders value creation.(Huff, Maher, & Munro, 2005). Also, IT governance is often described as continuous life cycle process which can be entered into at any point. Usually one starts with the strategy and its alignment throughout the organization system

Critical Imperativeness of IT Governance

follow by process implementation to delivering the value the strategy promised while mitigating evolving associated risks based progressive elaboration (Nolan & McFarlan, 2005). Figure 1 below represents the life cycle process of the five IT Governance domain process Figure 1 Five Domains of IT Governance

Source: ITGI, 2003 Monitoring and control processes, performance measurement, compliance audit, enforcement and reporting ensure that optimal results are derived from the business alignment and value creation processes. What it means is that top business executives must put strategic focus on these aspects in order to realize the full benefit a sound enterprise IT governance. This paper examines existing literatures on the subject of IT Governance specifically as it affects enterprise IT/Business alignment, value creation and risk management. Each of these three domains are arranged and discussed in separate sections. The objective is to deepen existing insight as well as harmonizes a few of the prior findings on how sound IT governance strategy can help secure the enterprise future, improve performance, sustain growth, and keep the organization ahead of the competition. Lastly, the concluding section consists of the conclusion as well as future research directions on IT governance.

Critical Imperativeness of IT Governance

IT/Business Strategies Alignment Globally, most 21st century organizations are already embarking on IT/Business strategic alignment in their corporate strategic planning and technologies execution processes. In the past, a lot of businesses failed due to lean interest in IT investment and poor IT governance culture (Avison, Gregor & Wilson, 2006, p. 89-93). Research evidences have shown clearly that enterprises that invested in robust and efficient IT systems succeeded in driving business performance, growth, and profitability (Scheel, 2005). Figure 2 below shows clearly Figure 2 IT/Business Alignment Model

Source: ITGI, 2003 Overall, it is the responsibility of the board and the management to ensure that a proper IT governance structure is instituted in the organization. The board takes the responsibility for the sound legislative and policy development. The executive management obligations include strategic and tactical adoption of the policies, monitoring and reporting, performance measurements, and operational compliance enforcement. It is imperative, therefore, that the board and management take unified responsibility to ensuring that IT investment, development,

Critical Imperativeness of IT Governance

and utilization are not separate and independent, rather, it should be inseparably embedded in the corporate strategy of the enterprise ( ITGI, 2005; Tilman, 2006). Primarily, it has been re-emphasized that IT/Business strategy alignment is a very critical aspect of the IT governance domain which should not be perceived as a one-time event. It should be a continuous and gradual process that is sensitive and heavily dependent on the evolving investment climate. In view of this, part of the IT governance key component is to ensure that the management takes the leadership responsibility and accountability toward achieving these strategies resonance within the organization (ITGI, 2003). In fact, it has been noted that no organization can survive the pressure of tomorrows business environment without a clear and unique corporate strategy. Corporate strategy defines the projected course of business direction in order to realize the vision and mission of the organization. It puts on the fore organization issues that borders on business survivability, as well as growth sustainability. Thus, IT/Business strategies alignment indicates the patterns of authority for key IT activities within the organization, including IT infrastructure, IT use, and project management in line with the overall enterprise business goals. In addition, it ensure that IT/IS delivery structure, content, and processes are well aligned with the corporate objectives and strategy (Ward & Peppard, 2003; Avison, Gregor & Wilson, 2006). Similarly, Huff, Maher, and Munro (2005) provide the overall insight into the essence of IT/Business strategies alignment to include the following: - To add value to products and services - Supports competitive positioning and profitability of the enterprise - Resource optimization, controlled utilization, cost reduction and improved efficiency - Provide platform for improved managerial effectiveness

Critical Imperativeness of IT Governance

Essential Structure for Value Creation Of recent, enterprise value analysis has become a subject of vested interest in the scholar-practitioner domains. In the book, "Competitive Advantage: Creating and sustaining superior Performance, Porter describes value chain as the series of activities within and around an organization which results to the competitive performance of the organization. In a nutshell, value chain analysis refers to the activities firms perform and relate them to the source of the organizations competitive advantage (Porter, 1985). Figure 3 below is commonly called the Porters competitive force model. Figure 4 The Porters competitive force model

The Porters competitive force model has remained the most referenced and well-known framework for analyzing and describing firms value analysis and competitiveness. Many Forbess 500 firms have used this framework in developing competitive strategies for boosting internal efficiencies, value creation, margin improvement, growth and client s loyalty.

Critical Imperativeness of IT Governance

Fundamentally, the concept of Porters Value Chain Analysis is about implementing a honest assessment of the activities, and value-addition of each of the enterprise functional units in order to evaluate the true value addition of each and every unit of the organization value chain network. A well implemented governance structure ensures that such assessment is regularly done as part of the large processes of building a strong and competitive organization. Strong competitive advantage is a product of sound competitive strategy derived from institutionalized corporate governance structures (Scheel, 2005). Figure 4 below further explains how this integrated IT governance structure creates unique value towards meeting the strategic business objective of the organization (Weill & Broadbent, 1998). Figure 5 Views of IT Value Integrated enterprise value Creation

Source: Weill & Broadbent, 1998

Weill and Broadbent (1998) view of IT values indicates that different levels of management and users perceive the value of IT differently within the enterprise functional

Critical Imperativeness of IT Governance

structure. In addition, it shows that the higher one goes in the measurement hierarchy shown in the figure 5 above, the less influence IT management can exercise. Arguably, it means that measuring the impact of an IT investment is much easier at the bottom of the hierarchy than at the top. Apparently, however, successful investments in IT systems have a bottom-line positive impact on all four levels of the business value hierarchy. However, it is important to understand that the performance measurement should be based on two parameters organizations performance in creating value and the value realization itself based on the set indices contained in the overall corporate governance strategy of the organization (Jukic & Jukic, 2010) Thus, IT is a key component of that corporate governance strategy particularly as it affects the effectiveness and efficiency of the overall business delivery. The implication is that top executives must ensure that their business and IT strategy clearly aligns in such a way as to derive optimal returns on investment; also, it explicitly implied that such integrated sound IT governance structure will provide the required platform for upper management engagement,

involvement and compliance monitoring and performance visibility with respect to IT-related investment decision and utilization within the organization (Porter & Millar, 1985; Porter, 2005). Lastly on value creation, in the paper, Creating Economic Value Added through Enabling Technologies, Scheel provides a vivid picture of the impact of ICT on the GDP growth of USA (Scheel, 2005, p.42). Scheels work stimulate greater awareness among business leaders that a properly controlled IT/IS-enabled business environment can bring significantly more values and benefits to each networked players in value chain structure. It also confirms that firms can take advantage offers by the internet to establish business synergies through efficient connectivity and combinatorial networking harnessing driven by the availability of reliable IT/IS facilities and sound IT governance structure.

Critical Imperativeness of IT Governance

10

Platform for Strategic Enterprise Risk Management A good Risk Management Strategy is possible when there is clear understanding of the enterprises risk tolerant level. It involves putting in place a strategic IT structure that supports high level visibility of all functional activities within the enterprise system and subsystems strong internal control mechanism, oversight functions, and IT/IS Systems. Shareholders and customers are always consciously concerned about the safety and security of their investment; therefore, the only way to re-assure their confidence is to demonstrate a solid corporate governance strategy. Organization risk comes in variety of forms financial, operational, and systemic risk, within which technology risk and information security issues could be significantly present (Filatotchev, 2007; ITGI, 2005). Fundamentally, the key thing about enterprise risk management is strong internal control structure. The Sarbanes-Oxley Act demonstrates strict determination by the America Congress to improve corporate responsibility and accountability. The Act became necessary to restore investor confidence in America public markets that was badly affected by the lapses in corporate governance. By the provisions of the Act passed by the US congress and signed by the President in July 2002, good corporate governance and ethical business practices are no longer selectively based on convenience. Thus, The Sarbanes-Oxley Act has made it explicitly clear that business leaders are responsible for formulating, evaluating and monitoring the effectiveness of internal control over financial reporting (ITGI, 2006). In many large organizations, IT/IS systems plays a significant role to achieving this goal. Consequently, many enterprises now pay serious attention IT/IS Systems investments to provide unified ERP system (e.g. SAP) to support effective internal control and financial reporting. At the moment, there is increasing dependence on IT control environment - IT governance process,

Critical Imperativeness of IT Governance

11

monitoring, and reporting in many enterprises. As discussed earlier, by IT governance process, it means information systems plan, IT risk management process, monitoring, compliance enforcement, procedures, and standards. In particular, system tracking and reporting are required to align IT with business requirements. Similarly, the IT governance structure should be mapped to clearly show how IT adds value to the business and IT risks are mitigated. Figure 6 below shows the IT Compliance Road Map of the Sarbanes-Oxley Compliance Provisions. Figure 6 Sarbanes-Oxley Compliance IT Compliance Road Map

Sources: ITGI, 2006

Critical Imperativeness of IT Governance

12

Conclusion and Future Literature Review Aspects This paper examines existing literatures on the subject of IT Governance specifically as it affects enterprise IT/Business alignment process, value creation and risk management. In the light of the paper review objective, it has significantly deepened existing insight and relevantly harmonizes a few of the previous research findings on the subject. However, there are other aspects of IT Governance domain issues that have not been covered in this review paper which offers future research review opportunities. They include IT resource management and performance measurement (ITGI, 2005). These are two major domains of the IT Governance processes that require extensive future review.

Critical Imperativeness of IT Governance

13

References Avison, D., Gregor, S., & Wilson, D. (2006). Managerial information technology unconsciousness. Communications of the ACM, 49 (7). Filatotchev, I. (2007).Corporate governance and the firms dynamics: Contingencies and complementarities. Journal of Management Studies, 44(6), 1041-1056. Gillan, S.L.(2006).Recent developments in corporate governance: An overview. Journal of Corporate Finance, 12(3), 381- 402. Huff, S.L., Maher, P.M., & Munro M.C.(2006). Information technology and the board of directors: Is there an information technology attention deficit. MIS Quarterly Executive, 5(2). Huff, S.L., Maher, P.M., & Munro, M.C. (2005).Adding value: The case for adding IT-savvy directors to the board. Ivey Business Journal, 70 (2), 1-5. IT Governance Institutes. (2003). Board briefing on information technology governance. 2nd ed. Retrieved from Retrieved from www.itgi.org. IT Governance Institutes. (2005). Information technology alignment: Who is charge?. 2nd ed., USA. Retrieved from Retrieved from www.itgi.org. IT Governance Institutes. (2006). Information technology control objectives for sarbanes-oxley: The role of information technology in the design and implementation of internal control over financial reporting. 2nd ed., USA, Retrieved from www.itgi.org. Jukic, B., & Jukic, N. (2010). Information system planning and decision making framework: a case study. Information Systems Management, 27 (1). DOI: 10.1080/10580530903455221 Nolan, R., & McFarlan, W.F. (2005). Information technology and the board of directors. Harvard Business Review, 83(10), 96-106. Porter, M. E., & Miller, V. E. (1985). How information gives you competitive advantage. Harvard Business Review. Robert, L. J. (2006). Strategy, success, a dynamic economy and the 21st century manager. The Business Review, Cambridge. Hollywood, 5(2), 23-29 Scheel, C. (2005). Creating economic value added through, enabling technologies. Society for Design and Process Science. Printed in the United States of America. Shailer, G.E.P. (2004). An introduction to corporate governance in australia. Frenchs Forest, Pearson Education Australia, SW.

Critical Imperativeness of IT Governance

14

Tilman, A. (2006). Governance patterns in value chains and their development impact, The European Journal of Development Research, 18 (4), 498521 DOI: 10.1080/09578810601070795 Ward, J., & Peppard, J. (2009). Strategic planning for information systems. John Wiley & Sons, LTD. Retrieved from Http://site.ebrary.com.library.capella.edu/lib/capella/doc,Detail.action? DocID=10307734 Weill, P., & Ross, J. (2004). IT governance. Harvard Business School Press, Cambridge, MA. Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure: How market leaders capitalize on information technology. Harvard Business School Press.