Search results

The purpose of this paper is to develop a conceptual framework that examines information technology (IT) governance effectiveness, its determinants, and its impacts on private organizations.

The research draws on extant literature in IT governance, strategic information systems planning, strategic alignment maturity, information systems security, business and IT alignment, International Organization for Standardization in information systems, and organizational performance to identify determining factors for IT governance effectiveness, IT governance effectiveness factors, and organizational performance.

The results of review suggest 14 propositions and five factors grouped into determinants including organizational demographics, information intensity, organizational culture, external environment characteristics, and IT function characteristics. Linking organizational practices with strategy, the proposed framework adopts the Balanced Scorecard four perspectives approach for monitoring organizational performance as the impact of IT governance effectiveness. IT governance dimensions in the research comprise structure, process, and relational mechanisms.

IT governance is a part of corporate governance to help organizations manage risks and protect themselves from technology‐related losses. The framework provides a starting point for researchers and practitioners to further examine IT governance practices. For researchers, the framework clarifies the determining factors of IT governance, dimensions of IT governance, and impacts through proposed relationships. For practitioners, the framework can be used to gain insight into the contributing factors of IT governance effectiveness.

The purpose of this paper is to develop a formal set of information technology (IT) governance practices based on sufficiency economy philosophy (SEP) to support the generic context for Thai universities.

The research methodology in this study is divided into two main phases that are conceptualization and operationalization. In the phase of conceptualization, the authors reviewed literature related to the implementation of IT governance in universities and the principles of SEP in order to conceptualize an initial idea of IT governance on the basis of SEP. In the phase of operationalization, the authors performed in-depth interviews with the CIOs of 20 universities, five IT experts, and five SEP experts in order to verify the proposed concept.

This study provides two key findings: the IT governance practices based on SEP for Thai universities and the mapping of IT governance practices based on SEP with ISO/IEC 38500.

The total of 65 practices presented in this study can be used as a guideline for handling of IT governance issues in Thai universities.

This study provides university IT governance practices based on the principles of SEP that is widely accepted and highly appreciated in Thailand.

This paper aims to discuss the still immature concept of information governance (IG) from a records and information management (RIM) perspective and attempts to identify some critical aspects, essential elements and challenges, drawing on lessons learned from corporate experience in a global setup.

After a critical consideration of the notion “information governance” the paper reports some issues which turned out to be major barriers to success during IG implementation within a given organisation.

Practical experience highlights the importance of carefully scoping IG frameworks in larger organisations; in particular, balancing the representation of all relevant stakeholders (especially lines of business) and targeting investment in initiatives that foster an information management culture. Equally critical to success is corporate communication which truly values information as a corporate asset and highlights the importance of information lifecycle management rather than technology under the motto “putting the ‘I’ into IT”.

This paper draws on experience from a single case study to discuss some of the cultural factors that influence the design and implementation of IG in general. However, more empirical research is needed in order to broaden the understanding of the impact of IG programmes in real-world organisations.

When implementing IG programmes in global organisations it should not be limited to an IT perspective alone. The biggest challenge is the fact that no department or discipline alone can achieve the desired results. Success is only possible in an orchestrated scenario with clear value propositions for specific business functions.

Based on a small selection of professional literature on the IG approach, the paper presents findings about issues and pitfalls when setting up and implementing an IG programme. It is hoped that it will inspire more exploratory research of this kind from members of the records management community to encourage them to raise the need for IG in their own organisations.

Many thought leaders are promoting information technology (IT) governance and its supporting practices as an approach to improve business/IT alignment. This paper aims to further explore this assumed positive relationship between IT governance practices and business/IT alignment.

This paper explores the relationship between the use of IT governance practices and business/IT alignment, by creating a business/IT alignment maturity benchmark and qualitatively comparing the use of IT governance practices in the extreme cases.

The main conclusion of the research is that all extreme case organisations are leveraging a broad set of IT governance practices, and that IT governance practices need to obtain at least a maturity level 2 (on a scale of 5) to positively influence business/IT alignment. Also, a list of 11 key enabling IT governance practices is identified.

This research adheres to the process theory, implying a limited definition of prediction. An important opportunity for future research lies in the domain of complementary statistical correlation research.

This research identifies key IT governance practices that organisations can leverage to improve business/IT alignment.

This research contributes to new theory building in the IT governance and alignment domain and provides practitioners with insight on how to implement IT governance in their organisations.

The purpose of this study is to examine the effect of business uncertainty on the information technology (IT) governance of listed firms in Indonesia.

The samples are listed firms in Indonesia Stock Exchange for the years 2015–2018. Total observations are 1,215 firm years. The authors used the random effect panel regression to test the hypotheses.

The authors find that business uncertainty has a significant positive association with IT governance, consistent with the prediction. Companies with higher business uncertainty are in higher demand for implementing IT governance.

The authors have not found previous studies that examine business uncertainty as to the determinant of IT governance. The authors also examined the IT governance in Indonesia, one of the emerging countries. Most previous studies on IT governance were conducted in developed countries, which results may not be generalized to emerging countries.

This paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.

An empirical survey, using a self‐administered questionnaire, is conducted to explore and evaluate the current status and the main features of ISG in the Saudi environment. The questionnaire is developed based on ISG guidelines for boards of directors and executive management issued by the Information Technology (IT) Governance Institute and other related materials available in the literature. A total of 167 valid questionnaires are collected and processed using the Statistical Package for Social Sciences, version 16.

The results of the study reveal that although the majority of Saudi organizations recognize the importance of ISG as an integrant factor for the success of IT and corporate governance, most of them have no clear information security strategies or written information security policy statements. The majority of Saudi organizations have no disaster recovery plans to deal with information security incidents and emergencies; information security roles and responsibilities are not clearly defined and communicated. The results also show that alignment between ISG and the organization's overall business strategy is relatively poor and not adequately implemented. The results also show that risk assessment procedures are not adequately and effectively implemented, ISG is not a regular item in the board's agenda, and there are no properly functioning ISG processes or performance‐measuring systems in the majority of Saudi organizations. Accordingly, appropriate actions should be taken to improve implementing and measuring the ISG performance in Saudi organizations.

From a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The results of the paper enable them to better understand and evaluate ISG and to champion IT development for business success in Saudi organizations.

The purpose of this paper is to identify the current situation and the future improvement for IT governance and controls in developing country like Thailand.

Thai universities were selected and used as subjects for capturing the perception of IT executives on IT governance performance measures. In the first step, a global IT governance perspective was drawn from the literature review. In the second step, the important-performance analysis was applied to the metrics of IT governance balanced scorecard with collected survey data from 64 IT executives.

From a global perspective, the critical points that need to be concerned before implementing IT governance have been illustrated. From a regional perspective, the paper generated the strategic IT governance guidance for Thai universities.

This paper is beneficial for chief information officers, executive managers, IT managers, and academics. They will gain more knowledge and understanding about the mixed method of using metrics in IT governance balanced scorecard and importance-performance analysis in order to identify the current situation of IT governance and controls in their organizations. Additionally, the practical idea with this method can be applied to draw IT governance strategy in their contexts.

This paper specifies the critical points and directions of IT governance for Thai universities. The analysis covers global and regional viewpoints. This paper also provides the method for applying IT governance balanced scorecard metrics and importance-performance analysis to contribute IT governance strategy.

To determine if there is confusion in governance terminology amongst experienced management and project management practitioners.

Practitioner interviews and subsequent analysis.

Significant differences in governance terminology were found. The participants had nevertheless arrived at similar operating arrangements for their committees, even though they came from different segments of different industries and did not agree on the definition of governance. It was possible to develop a list of working parameters for operation of these committees from their responses. The labelling of committees associated with governance as steering or decision-making was found to be problematic and various causes/motivations for the differing definitions of governance having arisen were detected. These ranged from altruism, through dogmatic belief in particular frameworks, to enhancing career prospects/ego.

The sample came from organisations and industries in one state in one country. The need for review of governance terminology used in various project management practitioner reference documents and methodologies was identified.

Projects and business alike can potentially achieve improvements in efficiency and effectiveness through consistency of terminology and the clarity this brings to governance arrangements and committee operations.

Creation of a unifying feature within the project and management literature, shifting the understanding of governance and its boundaries and limitations. This will help progress governance from complexity to simplicity, from an art to an understandable practice, from a concept that has been hijacked for partisan and political gain to a lean social tool which can be put to use for the benefit of organisations, whether public, charitable or private.

The value is clarity – resulting in the avoidance of confusion and misunderstanding together with their consequent waste of time, resources and money.

The aim of this paper is to provide an understanding of information technology (IT) governance, from both a theory and practice perspective, and to identify current theory‐practice gaps within the organisations studied.

This study developed a complementary and collaborative model of IT governance and used a multiple case approach in which IT governance is examined against the model in four major universities. Case study research is qualitative in nature enabling insights into the “how” and “why” of IT governance to be gained.

Based on underlying theory, the study was able to develop propositions regarding IT governance practices, observe current practices within the participating universities and establish gaps between theory and practice. The study identified theory‐practice gaps in each of three IT governance dimensions: structure, process and people. Gaps ranged in significance from small to large. Two large gaps existed which require attention: they are in respect of integrating IT governance mechanisms and raising the awareness and understanding of the concept among senior management.

The model of IT governance developed for the research can be further developed and refined. In addition, the university context may have imposed limitations as different findings could arise in different contexts. Furthermore, the participating CIOs and IT directors could have brought their own values and beliefs to the research when interpreting the IT governance objectives of their university.

The model of IT governance developed for the research enables organisations to assess and map their IT governance against theoretical dimensions. By mapping observed practice against theory, the study was able to provide a mechanism of identifying theory‐practice gaps, where they existed.

IT is ubiquitous in nature because modern IT crosses organisational activities and has become strongly aligned with business activities. Thus IT governance can be viewed as an integral part of corporate governance and requires senior management's attention. However, because of the specialised nature of IT, governance in this domain has unique characteristics. Yet, current literature reflects a lack of maturity and points to diverse and inconsistent concepts of IT governance as well as variations in how IT governance is implemented. The paper reduces uncertainty for corporate executives by systematically synthesising current literature, developing a theoretical model and testing it against current practice.

The purpose of this paper is to analyse the effect of critical success factors (CSFs) on information technology (IT) governance performance in public sector organizations in a developing country such as Tanzania.

Based on a previous study and a further literature review, a research model was developed for analysing the relationship between the CSFs found for effective IT governance in this environment and their effect on IT governance performance. A survey research method was applied for data collection and sample data from Tanzanian public sector organizations (this environment) obtained. Subsequently, a second‐generation structural equation modelling technique, namely partial least squares, was applied to test statistically the correlated effect.

The results indicate significant small to strong positive correlated effects on IT governance performance. The CSF with the most significant correlated effect was “involve and get support of senior management” and the one with the least “consolidate, standardize and manage IT infrastructure and application to optimize costs and information flow across the organization”. Finally, a CSF model for effective IT governance in this environment was proposed.

The findings imply that decision makers can optimize IT‐related plans and use of scarce resources by concentrating on the CSFs that have a significant effect on IT governance performance that could lead to an improvement of public service delivery. This study is limited to a single developing country but future studies can involve more such countries to broaden the insights into the effect of CSFs on IT governance performance in such environments.

By establishing the correlated effects between these CSFs and the IT governance performance, this study has revealed a significant impact of CSFs on IT governance performance. It also suggests a CSFs model for effective IT governance in this less‐resourced environment in which such studies have not been conducted before, yet which are vital for analysing and improving IT governance.