IS+Governance

IT Governance
Sunday, September 18, 2011 <>

Topic overview:
As we have seen, there are many decisions that managers and executives need to make regarding investment in, and the management of, information systems. This is true even if they have little responsibility for, or training in, information technology. As a result, it can be very challenging for an organization to make good decisions regarding IT in a predictable and repeatable way. That's where the concept of IT Governance comes in handy.

The authors Peter Weill and Jeanne Ross define IT Governance as: "... specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT" [WR04]. That is, IT governance is about setting up a framework in which an organization can repeatedly and predictably make good decisions about IT, rather than a specific guide about what those decisions should be. When an organization has set up a solid IT governance framework then the managers of that organization can use that framework to deal with issues, challenges, and opportunities as they arise. Having a solid IT governance framework allows them to focus on the immediate problem without needing to also invent the way to address it, evaluate it, or come to a decision about moving forward.

Weill and Ross studied more than 250 organizations worldwide trying to understand why some organizations get so much more value out of their IT investments than other organizations. As they describe in their book [WR04], their studies revealed a very strong correlation between how effective a company's IT governance framework is and that company's return on its IT investments. In class today we will explore what this all means, and why it is important.

By the end of today's class you should be able to:
 * Explain what //IT Governance// and //IT Management//are, as well as the difference between the two.
 * List and explain five categories of decisions that an effective IT governance structure addresses.
 * Explain the concept of //decision rights//and how it relates to IT governance
 * Understand the importance of deliberately designing a governance structure for your company's IT decision making process.

**Preparation for class:** Prior to class you need to read the article 'Ten Principles of IT Governance" by Peter Weill and Jeanne W. Ross. The article is available for free download at:
 * []

The article provides a brief overview of their book on the subject titled "IT Governance".
 * [WR04] Peter Weill and Jeanne W. Ross, IT Governance, Harvard Business School Press, 2004. ISBN: 978-1-59139-253-8.

The book provides much more detail on the topic than the summary article and is a useful resource for those who wish to dive more deeply into the subject. For our discussion in class, however, the summary article should be sufficient.

**Reference materials:** Slides:

**Pre-class exercise:** After completing today's reading, reflect on what you have read and compose a thoughtful question that the reading raised for you.

[Bob Monroe] What are the standard IT-related decisions that an IT governance framework needs to address?

[Bob Monroe] Should there be different IT governance frameworks for different sizes of IT projects?

[Firas Bata] What is the link between an IT decision and a strategic one? When does an IT decision become a strategic one that requires upper management interference?

[Ayah Abujarbou] Would the IT governance be as effective if the individuals involved refused to change their behaviors to match that change? and should IT governance remain as dependent on that change in behavior as it currently is?

[Hind Al Khulaifi] What is an example illustrating when an exception should be made to IT governance?

[Nahan Arif] How important is the size of firm for introducing IT governance newly into the business? What is the success rate? Will small/medium firms benefit more due to fewer trade-offs and 'choices'?

[Maryam Al-Thani]: What is the significance of the assignment of ownership and accountability for IT governance to a company? Is it always necessary? Is there room for miscommunication and loss of accountability?

[Nasser Al Khori] How does IT governance align its priorities and strategy with those of a business? What is the process involved?

[Khadeejah Al-Husseiny] What are the exceptions and limitations to involving senior management and how much should they contribute?

[Amal Osman] how transparent can the company afford to be? is there any undesirable effects that might occur because of the transparency of the company?

[Nijat Ibrahimov] How managers should decide how to approach IT for the organisation, what goals should be identified and targeted?

[Fatima Abdulla]: What are the required behaviors that will allow the business to re-design its IT governance? Are there common and specific behaviors between businesses that allow them to change their IT governance?

[M Hammad Abbasi]: The reading tells us "governance redesign should be infrequent" and recommends to initiate redesign when the organization changes behavior at the strategic level. What other conditions would motivate a redesign in IT?

[Dua'a althabatah]: Why does the demand for the synergies increase at the lower levels in the multiple organizational levels which use design governance?

[Maryam Al-Subaie]: Why is the reward system a primary issue to look at if well-designed IT governance is not as effective as expected? Are financial incentives and disincentives (to desirable behavior) equally significant?

[Mohammed Al Ahmadani]: The author states that enterprises sometimes end up creating conflicting goals when it comes to IT. What can these enterprises do in order to improve communication between the many parties involved in such decisions?

[Orkhan Rustamzade]: The author point out that having several layers in IT Department can lower the synergy;however, then he states that the designing governance should be at multiple levels. So how does a manager decide where is limit to segmentation of the department?

[Haya Al_Mannai] Many organizations don't have a clear accountablity to it's IT governance. How does the article "Ten principles of IT governance" solve this issue?

[Walied El Hag Ali]: The writer mentions that "enterprises using the same mechanisms to govern more than one of the six key assets have better governance ", however, wouldn't this lead to a failure in the governance mechanism since six key assets are managed differently and might need different governance mechanisms? How can this be avoided?

[Layal Al-Alami]: Is IT governance beneficial for both big and small businesses? How does it affect the operations of both business types, given their different structures?

[Najla Al-Madhadi]: The article says "starting enterprise-wide is sometimes not possible for political or focus reasons." What political reasons can cause the starting of enterprise-wide IT governance to be not possible in some cases?

[Fatima Al-Khayat]: The authors said, “Firms in our study with more effective governance also had more effective governance communication.” So if a firm has ineffective communication, is it an indicator for ineffective IT Governance? If not, then how IT Governance and communication are linked together and what are the effects they have on each other?

[Noof Al-muzaffar ]: What should senior management do to avoid the difference behavior between governance & incentive and reward system ?

[Ahmad Al-Sarraf ]: What are the advantages from delegating an individual or group to be accountable for IT performance? Which option is more efficient, the individual or group?

[Abdullrahman Al-Muftah]: The author says that educating employees/senior staff is crucial to understanding what the framework is for IT governance in the company. However, what are some possible cost-efficient ways a company can educate all its employees on when decisions should be made, how to react in certain matters, and when a possible change is needed. Is there a training process that would take place, and if so, what are some of the points all employees should know.

[Ognjen Popovic]: In the long run, how much impact can choosing a wrong starting point for the enterprise IT governance system can have? If a company starts with the enterprise-wide IT governance, and this proofs to be less effective than if initially they started on a business level, should the company redesign or not?

[Hussain Hejji]: Do transparency and education really go together or there is a different approach towards it? How much do you agree with the following qoute "the more education, the more transparency, and vice versa"?

[Mohammed Al-Rawahi]: If a company initiates multiple IT governance, is the relationship between them very important to ensure maximum effectiveness? In other words, can the relationship act as an obstacle in achieving the overall goal?

[Al-Jawhra Al-Mana] "Our recommendation is that a change in governance is required with a change in desirable behavior" - Ten Principles of IT Governance, How do an enterprise know when and which behaviors need to be changed?

[Sara Al-Mannai]: What are other examples that lead organizations and corporates to change or redesign their IT governance?

[Dalia Hassan]: " Many senior managers are willing to be involved but are not sure where to best contribute." What ban the senior manager to be involved? Which characteristics or degrees or levels should be in senior managers to let them involve?

[Anas Ali Chaudry]: The article shows ten different principles for IT's governance. Do these measures apply to all the sectors which deal with IT and whether or not it is feasible for firms to follow these principles when it comes to govern its IT?

[Jevika Shetty]: When are the right instances for the management to redesign its IT governance? Also how can the management identify the "good" or "beneficial" exceptions processes while redesigning its IT governance?

[Mughees Ahmed]: Does educational development play a major role in determining the levels of IT governance or is it the about the right people? If the latter isn't true, how can you develop education in terms of the proper governance?

[Patrick Steinhagen]: What exactly constitutes an exception and who is accountable for deciding the strategic value thereof?

[Noor Al-Mohannadi]: How can senior managers explain their IT governance decisions to shareholders and potential shareholders given their complexity?

[Mohammed Hadi Takiddin]: The author is implying that upper management level should be included in the IT. Isn’t it better to hire or have an upper management person who is responsible only for IT?

[Mashael Al-Misnad]: The author says "usually the demand for synergies increases at the lower levels, whereas the need for autonomy between units is greatest at the top of the organization." Why is there a demand for synergies at lowers levels and need for autonomy at higher levels of governance? How effective has a 'separate but connected' layer of IT governance been on large multi business unit enterprises and why cant this type of governance work on small business?

[Fatima Fikree]: Does changing governance economically affect a business in the long term? The author states that redesigning governance takes time and should be infrequent, however it is required with a change in desirable behavior. What is defined by a change in desirable behavior? And how does an enterprise know that a change is required? Who decides when a redesign in governance needs to occur?

[Jim Briggs] What strategic impact does I.T governance play in shaping an enterprise goals?