International Journal of Accounting Information Systems
Enhancing IT governance practices: A model and case study of an organization's efforts
Introduction
Failures, unfulfilled promises, and disappointments associated with IT initiatives are rife (Hollaway, 2005, ITGI, 2002b, Willcocks et al., 2002). Publicized examples include Nike's supply chain software that resulted in a US $200 million loss (Songini, 2001) and Hershey's experience of a major IT induced nightmare immediately before their Halloween season (The Wall Street Journal, 1999). Unfortunately, only 29% of all IT projects succeed (The Standish Group, 2004) with CIOs of Fortune 1000 companies estimating that 40% of all their IT projects failed to yield a positive return (Watters, 2004).
Many organizations make huge investments in IT to secure or maintain competitive advantages (Applegate et al., 2003). IT-enabled business investment projects are still believed to present the possibility of higher rates of return on investment than traditional types of investments (ING Investor Relations, 2004). The success of many organizations depends on how effectively they manage and control IT to ensure that the expected rewards are realized. Effective IT governance generates real business benefits such as enhanced reputation, trust, product leadership, and reduced costs. As examples, IBM implemented supply chain improvements that saved US $12 billion by reducing inventory levels and the UK Royal Mail adopted business and accounting systems that resulted in a positive profitability change of £3 million per day (ITGI, 2006).
IT governance arrangements encompass mechanisms that enable business and IT executives to formulate policies and procedures, implement them in specific applications, and monitor outcomes (Weill and Broadbent, 1998). Thus, governance arrangements include structural, process, and outcome metric dimensions. Structural arrangements consist of the organizational units and roles responsible for making IT-related decisions. Process dimensions focus on the implementation of IT management techniques and procedures in compliance with established IT strategies and policies. Outcome metrics are the mechanisms used to assess the effectiveness of IT governance and to identify improvement opportunities.
To date, little experience-based research has investigated what IT governance arrangements work best (Weill and Ross, 2004). Devising IT governance arrangements is challenging because the success of IT strategies and procedures is contingent upon a variety of internal and external factors, such as workgroup interdependencies, value chain alliances, and competitive environments. Furthermore, successfully implementing an IT governance framework is also a complex endeavour because organizations must integrate the unique expertise of diverse stakeholders and service providers. For example, sharing domain knowledge promotes effective business manager involvement in IT planning as well as IT manager participation in business planning (Kearns and Sabherwal, 2006/07).
The purpose of this study is to increase our understanding of the factors influencing IT governance structures, processes, and outcome metrics. This study addresses the gap that exists between theoretical frameworks, prior empirical research, and contemporary practices on effective IT governance. This study develops a model of the factors influencing IT governance effectiveness in an organization and enriches the existing IT governance research by providing an in-depth case study of both structural and non-structural IT governance arrangements. This research is expected to help organizations in a number of ways. First, it provides insights that executive management can use to establish effective IT steering committees. Second, the research can assist organizations develop ideas for implementing their IT strategies and policies. Third, it can assist IT management to identify action plans for establishing IT project metrics. Fourth, the study can serve as a reference to which organizations can compare their IT governance effectiveness.
The remainder of this paper consists of four sections. Section 2, the next section, provides an overview of IT governance, presents the research model, and develops the five propositions examined in this research. Section 3 describes the case study used to examine factors associated with effective IT governance and successful IT implementations. Section 4 reports the results from investigating each of the five propositions. Section 5, the final section, summarizes the overall research project, acknowledges the major limitations, and offers suggestions for future research.
Section snippets
COSO, CobiT, and IFAC
The Committee of Sponsoring Organizations of the Treadway Commission (COSO),1 a voluntary private sector organization, seeks to improve financial reporting through business
Research method
A case study was designed to identify and examine the factors believed to be relevant to IT governance effectiveness and IT implementation success. Organization M has a long history throughout Australia and New Zealand. Organization M was selected for this study because of its complex, dynamic, and information intensive environment. The organization is a large (over 3000 staff), multi-divisional (5 business units), established organization with in-house responsibilities for IT. The organization
Assessment of IT governance effectiveness
Evaluating IT governance performance involves assessing the level of effectiveness in delivering the four objectives identified by Weill and Ross (2004). A fifth objective, compliance with the legal and regulatory requirements, was included in the assessment. Table 1 lists the items used to assess the effectiveness of each of the five objectives and provides a measure of overall IT governance effectiveness. When assessing governance performance, senior managers first identified the importance
Conclusions, limitations, and future research
This research study was motivated by the desire to improve our understanding of how large and complex organizations devise, implement, and assess their IT governance arrangements. This research investigated the factors influencing the IT governance effectiveness and project implementation success. Data (both quantitative via closed-ended questions and qualitative via open-ended questions) were collected from a single case site in which the governance structural variables were studied at the
References (76)
- et al.
An empirical examination of the influence of organizational constraints on information systems development
Int J Account Inf Syst
(2001) Enterprise risk management: a systems-thinking framework for the event identification stage
Int J Account Inf Syst
(2005)- et al.
An extended platform logic perspective of IT governance: managing perceptions and activities of IT
J Strateg Inf Syst
(2003) - et al.
IT governance and management in large Australian organizations
Int J Prod Econ
(2002) Director responsibility for IT governance
Int J Account Inf Syst
(2004)- et al.
Principles and models for organizing the IT function
MIS Q
(2002) - et al.
Corporate information strategy and management: text and cases
(2003) IT Metrics For Success, viewed 17
Supporting the information technology champion
MIS Q
(1991)A resource-based perspective on information technology capability and firm performance: an empirical investigation
MIS Q
(2000)
Software risk management: principles and practices
IEEE Softw
The right combination
Retooling retail
Strategic investment decisions: theory, practice and process
Software engineering risk analysis and management
Grounding in communication
Building change-readiness IT capabilities: insights from the Bell Atlantic experience
MIS Q
Focus issue on legacy information systems and business process change: the role of stakeholders in managing change
Commun ACM
Rolling meadows
Internal control — integrated framework
Transformation of the IT function at British petroleum
MIS Q
Organization theory and design
IT-intensive value innovation in the electronic economy: insights from Marshall industries
MIS Q
Critical issues in abandoned information systems development projects
Commun ACM
How to assess your IT investment: a study of methods and practice
After implementation what's next? Evaluation
J Syst Manage
The new organization: growing the culture of organizational networking
The strategy concept and process: a pragmatic approach
Productivity business profitability, and consumer surplus: three different measures of information technology value
MIS Q
KPMG Highlights IT Project Failures
IT investment and shareholder return
Board briefing on IT governance. Information technology governance institute
IT governance executive summary. Information technology governance institute
IT strategy committee. Information technology governance institute
IT control objectives for Sarbanes–Oxley and board briefing on IT governance. Information technology governance institute
Enterprise value: governance of IT investments, the Val IT framework
The effect of communication frequency and channel richness on the convergence between chief executive and chief information officers
J Manage Inf Syst
Strategic IT portfolio management: governing enterprise transformation
Cited by (214)
Finding the missing pieces to an optimal corporate tax savings: Information technology governance and internal information quality
2024, International Journal of Accounting Information SystemsSecurity First, Security by Design, or Security Pragmatism – Strategic Roles of IT Security in Digitalization Projects
2022, Computers and SecurityCitation Excerpt :Existing works shed light on the contextual factors that affect decisions regarding IT security and entailed investments. Bowen et al. (2007) pointed out that IT-related decision-making can be an essential part of the IT governance mechanism to achieve strategic alignment (Wu et al., 2015). In this paper, we use the conceptual work on IT security investment decision-making as a theoretical lens to elaborate on IT security's strategic role in the context of digitalization projects that builds on the essential components of a technology-organization-environment framework (Depietro et al., 1990) (see Figure 1).
How the three lines of defense can contribute to public firms’ cybersecurity effectiveness
2024, International Journal of Disclosure and GovernanceSocial media platforms’ responses to COVID-19-related mis- and disinformation: the insufficiency of self-governance
2024, Journal of Management and Governance