IT Governance and Infrastructure

Learning Outcomes

Understand what IT governance is.

Understand what a manager should expect from
the MIS organization.
Describe why a manager must know the
organizations particular needs.
Define what a lean, competitive enterprise looks
like and what role IT plays.
Understand how decision rights are allocated.
Identify the risks of a global MIS organization.
 What is IT Governance?

IT Governance focuses specifically on

information technology systems, their
performance and risk management.
The primary goals of IT Governance are to
assure that the investments in IT generate
business value, and to mitigate the risks that are
associated with IT.

This can be done by implementing an

organisational structure with well-defined roles
outlining the responsibility of information,
business processes, applications and
infrastructure.
 What is IT Governance?

IT governance should be viewed as:

How IT creates value that fits into the overall

Corporate Governance Strategy of the
organisation...
 IT Governance Definitions..
The structure, oversight and management processes which
ensure the delivery of the expected benefits of IT in a
controlled way to help enhance the long-term sustainable
success of the enterprise.
IT governance is the responsibility of the board of directors
and executive management. It is an integral part of
enterprise governance and consists of the leadership and
organisational structures and processes that ensure that
the organisations IT sustains and extends the
organisations strategies and objectives.
A structure of relationships and processes to direct and
control the enterprise in order to achieve the enterprises
goals by adding value while balancing risk versus return
over IT and its processes.
 IT Governance Definitions..

Specifying the decision rights and accountability framework

to encourage desirable behaviours in the use of IT.

Governance is not about what decisions get made that is

management but it is about who makes the decisions and
how they are made.

IT governance is the term used to describe how those

persons entrusted with governance of an entity will
consider IT in their supervision, monitoring, control and
direction of the entity. How IT is applied will have an
immense impact on whether the entity will attain its vision,
mission or strategic goals.
 Why is IT Governance Necessary?

IT governance is needed to ensure that the

investments in IT generate value-reward - and
mitigate IT-associated risks, avoiding failure.

How to balance risk and rewards when using IT

to enable organisational change...
 UNDERSTANDING
THE
IS ORGANIZATION
 CIO

The CIO (Chief Information Officer) is at the

helm of the IS organization.
CIOs primary goal is to manage IT resources to
implement enterprise strategy.
Provide technology vision and leadership for
developing and implementing IT initiatives to
help the enterprise maintain a competitive
advantage.
As the importance of technology has increased
so has the position of the CIO.
Must work effectively with ALL units of the
company, not just IS.
Twelve Main CIO Responsibilities
The following responsibilities often define the
role of the CIO:

1. Championing the organization.

2. Architecture management.
3. Business strategy consultant.
4. Business technology planning.
5. Application development.
6. IT infrastructure management.
7. Sourcing.
8. Partnership developer.
9. Technology transfer agent.
10. Customer satisfaction management.
11. Training.
12. Business discontinuity/disaster recovery planning.
 CIO

Must have both technical and business

skills.
Must see the business vision and how
IT can help facilitate that vision.
Is both a strategist and operations
manager.
Some organizations do not have a
CIO.
They hire someone to run their computer
systems and do not give them much
decision making authority.
 CTO, CPO, and Other Roles
The CIO, particularly in larger
organizations, cannot guide the
enterprise toward the future alone.
Other strategic areas require more
focused guidance.
The CTO is a critical role.
Works alongside the CIO.
Needs business savvy and communication
skills.
Must be able to create an organizational
vision.
New positions created to deal with this
growing need.
WHAT A MANAGER CAN
EXPECT FROM THE IS
ORGANIZATION
 Business Continuity Plan
Approved set of preparations and sufficient procedures for
responding to a variety of disaster events.
What do we do in case of an emergency such as
9/11?
Three major stages of BCP:
Pre-planning - managements responsibility is defined,
possible risks are evaluated, and a business impact
analysis is performed.
Planning - alternative business recovery operating
strategies are determined.
Post-planning - familiarizes employees with the plan
through awareness and training programs.
 Managing Data, Information and
Knowledge
Managing information and knowledge in
the enterprise is of particular concern to
IS.
Database administration.
Includes the collecting and storing the
actual data created, developed, or
discovered.
Deciding on format, location, and indexing
of stored data.
 Managing Internet and Network Services

Intranets, extranets, Web pages, and e-mail are

becoming essential in most business
environments.
General managers must interact with the Web
master, Web designers, and Web developers.
Networking groups design, build, maintain, and
manage the network architecture.
Managers must be concerned with
telecommunications and their costs.
 Managing Human Resources

IS must manage its own resources.

Provide business and technical
training.
Hiring and firing of staff.
Tracking time, managing budgets, etc.
Maintain skills inventory.
Individual managers are responsible.
 Operating Data Centre

Houses large mainframe computers or rows of

servers on which the companys data and
business applications reside.
Managers rarely have direct contact with data
centre staff.
Many organizations outsource data centre
operations.
 Providing General Support
Providing support for users of IS.
Support requests are normally
centralized.
Centralized help desk first contact
point.
Forward requests to knowledgeable staff.
Many companies outsource this
function.
Not uncommon to call support and speak to
someone in another country.
User management activities
 What IS Does Not Do
Does not perform core business functions
such as:
Selling
Manufacturing
Accounting.

Does not set business strategy.

General managers must not delegate critical technology
decisions.
 Centralized vs. Decentralized
Organizational Structures

Centralized bring together all staff,

hardware, software, data, and processing into
a single location.

Decentralized the components in the

centralized structure are scattered in different
locations to address local business needs.

Federalism a combination of centralized and

decentralized structures.
Federal IT
 Another Perspective on IT Governance

Weill and his colleagues define IT governance

as specifying the decision rights and
accountability framework to encourage
desirable behavior in using IT.
The focus is not what, but who!
Good IT governance provides a structure to
make good decisions.
The assignment of decision-making authority
and responsibility
The decision-making mechanisms
 Examples of Affected
Category Description IS Activities
High-level statements about how IT is Participating in Setting
IT Principles used in the business Strategic Direction
An integrated set of technical choices to Establishing architecture
IT Architecture guide the organization in satisfying and standards
business needs. The architecture is a
set of policies and rules for the use of IT
and plots a migration path to the way
business will be done
IT Infrastructure Strategies for the base foundation of Managing internet and
Strategies budgeted-for IT capability (both technical network services; providing
and human) shared throughout the firm general support; Managing
as reliable services, and centrally data; Managing human
coordinated resources
Business Application Specification of the business need for Developing and
Needs purchased or internally developed IT maintaining information
applications systems
IT Investment & Decision about how much and where to Anticipating new
Prioritization invest in IT including project approvals technologies
and justification techniques

Five major categories of IT decisions

 Decision-Making Mechanisms

Policies may be used.

The steering committee is common and works
well in the federal archetype.
IT Governance Council steering committee at
the highest level.
Reports to board or CEO.
Comprised of top-level executives.
Provides strategic direction and funding
authority.
Lower level steering committees are responsible
for effectively allocating scarce resources.
Companies usually have one or the other.
 Managing the Global Considerations

Large global MIS organizations face

many of the same organizational issues
as any other global department.

For IS, a number of issues arise that

put the business at risk beyond the
typical global considerations.

Table in the next slide summarizes how

a global IT perspective affects six
information management issues.
Issue Global IT Perspective
Political How risky is investment in a
country with an unstable
Stability
government ?
Transparency Domestically, an IT network can
be end-to-end with little effort
compared to global networks
Business When crossing borders, it is
important to make sure that
Continuity
contingency plans are in place
Planning
Cultural IT systems must not offend or
insult those of a different culture
Differences
Sourcing Some technologies cannot be
exported or imported into specific
countries
Data Flow Data, especially private or
personal data, is not allowed to
across Borders
cross some borders.
Global Considerations for the MIS Organization
Example
India, a country that faces
conflict with Pakistan
SAP-R3 can be used to support
production processes but only if
installed
Concern when crossing
boarders is will data center be
available when/if needed
Using images or artifacts may
be insulting to another culture
Exporting it to some countries,
especially those who are not
political allies is not possible
For example: Brazil
 Summary

The CIO is a high-level IS officer.

There are a variety of key job titles in
the IS organization.
IS organizations can be expected to
anticipate new technologies, set
strategic direction, etc.
Managers must work with IT leaders to
develop a lean, competitive enterprise,
where IT acts as a strategic enabler.
 Seminar

Read the case study and answer the following

questions:

1. Describe the IT governance mechanisms used at

UPS.
2. What does the representation of UPSs executive
steering committee suggest to you? Do you think
that IT plays a strategic role at UPS? Why or why
not?
 Solutions

1. Answer: Most students have some work experience on

which to draw an answer to this question. Some students
will be familiar with very large fortune 500 companies,
consulting firms or service organizations, which usually
have a CIO. In that case, they will most likely describe an
executive type individual who is a strategist for the
company. In other cases, the student will have worked for
a company where the most senior information systems
person is either the person running the data center or
someone who makes sure all the PCs are running. IN that
case, the description will be of an operationalist, someone
concerned with operations but not involved with the
business strategy on a regular basis.
 Solutions
2. Answer: The CIO brings both a business and a technical perspective to
a business. He or she typically has a technical background (although not
always) and a general business background. The CIO helps the senior
executive team make decisions with information systems impacts in mind.
Not having a CIO might mean that a business decision is made which
either costs too much to implement or is technically infeasible. A
disadvantage of having a CIO might be that this person is often
expensive. Finding someone who understands the business side of the
equation as well as the technical side is difficult, and for some
organizations it is too costly. Another disadvantage is that in some cases,
having a CIO is seen by other managers as a signal that they,
themselves, do not have to understand or worry about information
systems impacts. Their thinking goes like this, if there is a CIO, then
he/she is going to worry about the IS side of things and I dont have to.
But in an increasingly web-based marketplace every manager must be
knowledgeable about IS and understand the impacts as they are wide
reaching and devastating if problems occur.