Professional Documents
Culture Documents
ABSTRACT
IT governance aims to align business and information technology strategies. Organizations adopt IT governance
to ensure efficiency, decreased costs and increased control of IT infrastructures. Some believe that IT
governance will improve organizational accountability, thereby resulting in return on investments. IT
governance frameworks, such as COBIT and ITIL, are internationally accepted and promote these benefits.
Even though literature promotes IT governance, practitioners perspectives of IT governance might not always
agree. In a recent survey, 76% of CEOs and CIOs were aware of the benefits offered by IT governance
frameworks, yet only 42% of them had any intention of implementing such a framework. This paper provides a
limited indication of the perspectives organizations have on IT governance in comparison with theoretical
perspectives offered by the literature.
Key words
Keywords: IT governance, corporate governance, IT management, ITIL, COBIT
INTRODUCTION
IT governance aims to align business and information technology strategies effectively and efficiently. Boards
of directors, executives and IT Managers adopt IT governance in their businesses to ensure efficiency, decreased
costs and increased control of IT infrastructures (Van Grembergen, 2003: 242). Patel (2002: 3163) included
product and service quality in the definition of IT governance. He believes that IT governance will improve
organizational accountability, resulting in return on investments. IT governance frameworks such as COBIT and
ITIL (Carroll, Ridley & Young, 2004: 233) are internationally accepted and promote these benefits. ITIL,
described as the best practices for an organizations IT processes, is the most widely accepted framework for the
management and delivery of information technologies, according to Kim (2003: 13). COBIT, in turn, is defined
as the best framework to balance organizational IT goals and business objectives, according to Carroll, Ridley &
Young (2004: 233). It is important to note that these two frameworks share a limited, if any, amount of
functionality, even though they both qualify as IT governance frameworks.
Even though literature promotes IT governance forcefully (Hoffman (2003: 14), practitioners perspectives of IT
governance might not always agree. In a recent survey, conducted by Price Waterhouse Coopers, the following
unanticipated result was revealed: 76% of various CEOs and CIOs are aware of the benefits offered by IT
governance frameworks, yet only 42% of them had any intention of implementing such a framework.
This study focuses on organizational perspectives of IT governance, and specifically on benefits it claims to
offer. The result of this research will deliver a limited indication of the perspectives organizations have on IT
governance in comparison with theoretical perspectives offered by the literature.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
The research problem addressed in this paper is that there seems to be incongruence between the various
theoretical elements of IT governance, as proclaimed by IT governance framework developers, and the practical
perspectives perceived by organizations. Such examples include the management of IT governance, the
relationships that IT governance has with corporate governance, as well as IT management and the benefits IT
governance claims to deliver. This puts doubts in the mind of the executives having to allocate funding and
other resources to the implementation of IT governance, and therefore scientific investigation of the phenomenon
is required.
RESEARCH OBJECTIVES
This paper addresses various theoretical aspects of IT governance as well as the perspectives organizations have
on it. The main research question addressed in this paper is as follows: Is practicing IT Governance consistent
with the literature on the subject?
This paper attempts to answer the main research question by answering the following secondary research
questions:
What is IT governance?
What is the relationship between corporate governance, IT governance and IT management?
Which IT governance frameworks exist?
What are the theoretical benefits of an implemented IT governance framework as promoted by the
literature?
Do organizations obtain the theoretical benefits promised by the implementation of an IT governance
framework?
RESEARCH METHODOLOGY
In order to identify the perceptions that organizations have about IT governance, the key aspects of IT
governance as presented in literature, were identified. Only a limited number of academic publications focus on
IT governance and many cover the topic rather broadly. Other resources, typically consisting of industry
standards and frameworks such as COBIT, are also available. A limitation is that the majority of literature
resources are practitioner-oriented and not academically accredited, as confirmed by Carroll, Ridley & Young
(2004: 239).
The empirical study followed a qualitative approach. Three companies were identified and interviews conducted
with knowledgeable managers in order to provide a foundation for the empirical research. Semi-structured
interviews, mostly consisting of open questions, were conducted with specific managers of the three companies.
The objective of the interviews was to obtain answers to the research questions. Several critical points were
discussed and if the interview permitted it, some points enjoyed detailed attention.
DEFINING IT GOVERNANCE
According to most of the literature on the subject, the most important aspect of IT governance is the alignment of
an organizations IT operations with its business strategies. Van Grembergen (2003: 242) defines IT governance
as the organizational management of IT and business processes; but specifically in such a way that IT and
business are integrated. Patel (2002: 3167) agrees that IT governance is the alignment of IT with business
objectives, or in other words, the delivering of business opportunities from IT. This may not be as easy as it
seems. Burn & Szeto (1999: 197) state that the process of aligning business and IT is critical and increasingly
problematic. The basic description of IT governance as the fusion of business and IT, is also supported by
Parker, Peterson & Ribbers (2002: 3143). They state that IT governance is based on lateral decision-making
processes between the organisation and its IT divisions. This is in line with the view that Schwarz & Hirscheim
(2003: 131) have on IT governance, with the exception that they highlight the importance of organizational
strategies.
The inclusion of organizational strategies is vital when defining IT governance. The formulation of an
organizational strategy should reflect the blending of IT strategies and business strategies, as a way to ensure
effective IT governance (Parker, Peterson & Ribbers, 2002: 3143). Exler (2003) states that the success of an
organizations strategy will rely immensely on how executives incorporate IT into the organizational
environment.
Many organizations define IT governance as a set of processes in which IT-related costs are restrained. As
stated by Hoffman (2003: 14), IT governance is a way to ensure that technological and IT labour costs are
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
disciplined. Koch (2002) supports this aspect as part of his definition of IT governance. He states that
organizational units must be consistent in their IT governance, in order for business objectives to be aligned.
Kan (2003: 2) highlights another important IT governance aspect. He states that IT governance is a way of
guaranteeing the delivery of the expected benefits of IT. Ross & Weill (2004a) agree that IT governance is a
technique used to ensure the expected deliverables of IT, by ensuring the realization of the desirable IT
behaviour.
The IT Governance Institute (2000) expands on this definition by adding that IT governance is the delivery of IT,
while balancing risks. Risks can be minimized with the correct organizational decision-making structures and
the assignment of roles and responsibilities.
This paper defines IT governance as: A framework of IT-related processes, disciplined to deliver maximum IT
value, in order to complement business strategy, while balancing risks.
CORPORATE GOVERNANCE
Corporate governance is defined by Sohal & Fitzpatrick (2002: 97) as a setting in which others can manage
their tasks effectively. They expand on this definition by stating that corporate governance is the response to
the question on what must be done to add value to an organization, while including activities as administration,
coordination, appraising and planning. While this definition may seem very broad, corporate governance does
cover various aspects within an organization.
Corporate governance is a term describing what an organisation must do, how it must be done and the
structures required to do it, according to Koch (2002). This includes organizational policies, structures and
management processes (Schwarz & Hirschheim, 2003: 130). These processes and structures help ensure that the
organizational vision, values and strategies are realized, by supporting the key decisions that are directed by
corporate governance (Ross & Weill: 2004a). Patel (2002: 3165) states that corporate governance will ensure
the proficient and successful use of organizational resources, thus realizing their goals.
A profound statement which reads that without good governance, you wont get good decisions consistently,
was made by Koch (2002). He also divides corporate governance into two main sections:
Executive frameworks -e.g. committees, boards, policies.
Management responsibilities - to implement, maintain and report on these frameworks.
Interestingly enough, Nelson (2004: 28) emphasizes the role of shareholders in his definition of corporate
governance. He summarizes corporate governance as a set of constraints on the managers and shareholders
relating to organizational performance and value.
The allocation of roles and responsibilities is critical for an organization in order to successfully accomplish its
functions, when implementing corporate governance (Hwang, 2002: 14).
The final important aspect of corporate governance is the protection of shareholders interests (Exler, 2003).
This can be accomplished by the effective balancing of business opportunities and risks (Kan, 2003: 2). Exler
(2003) agrees that risk management is a critical aspect of corporate governance.
IT/IS MANAGEMENT
Information Technology- or Information System management is the execution of the processes of supervising IT
effectively and efficiently (Sohal & Fitzpatrick, 2002: 98). Therefore, it encapsulates the ensuring of
achievements within given boundaries, of deliverables set by higher management.
The management of Information Technology or Information Systems is considered by Lin & Pervan (2003: 15)
to be a technical issue. Therefore, as IT management may have a more hands-on view of the organizations IT
environment, it is their responsibility to suggest and manage new projects. The IT manager is also responsible
for the escalation of project information, which may include data on project development status, budgets and
staff performance. Bearing in mind that the IT manager ideally is in close contact with the organizations
employees, the statement by Siriram & Snaddon (2003: 2) is credible. They state that IT management can
influence employee performance significantly and that IT management also consists of the management of
lower-level employee activities such as scheduling, performance appraisals, training, logistics, team
collaboration and motivation.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
corporate governance. Exler (2003) also confirms that IT management is an element of corporate governance.
This proves that IT management and IT governance are both parts of corporate governance. In a study done by
Parker, Peterson & Ribbers (2002: 3148) it was demonstrated that if business management is not committed to
IT management, misinterpretations and inconsistency are to be expected. Bearing in mind that IT governance
aims to align business and IT, this point strongly supports the proposition that IT management is only one aspect
of IT governance.
A typical organization has corporate governance, IT governance and IT management present. Corporate
governance is the combination of various specialized governance frameworks such as financial governance and
IT governance; the latter focusing purely on the IT function within the organization. Another example is asset
governance, which predictably governs all functions that assets play within organizations. Chances are that these
sub-components of corporate governance might overlap, for example, an asset function might use IT - such as
hardware and software - to calculate its monthly depreciation for financial statements. Corporate governance
must align these sub-components in order to ensure that all sub-components move in the same direction towards
a common organizational goal.
IT governance itself also has a relationship with IT management. IT management may occur in various business
units within an organization, even if the business unit is not dedicated to a pure IT function, and only uses IT to
complete other business functions. It is primarily these encapsulated business units that do not have uniform and
consistent functions such as IT expenditure, IT functions and IT strategies, to name but a few. IT governance is
designed to group the IT function of these business units and to centrally discipline it.
IT GOVERNANCE FRAMEWORKS
As discussed earlier, an IT governance framework is unique to each organization. However, there is no
shortageof generic frameworks to govern IT effectively within organizations. Barton (2004) agrees that even
though these frameworks vary in content, they are all designed to improve the efficiency of IT. Anthes (2004:
41) also recognizes the differences in the various IT governance frameworks but mentions the similarities and
overlapping between them too. According to Anthes (2004: 41), all IT governance frameworks do have the
same goal of gaining maximum benefits for IT.
ITIL
The IT Infrastructure Library (ITIL) framework was originally developed by the UK Government and consists of
a set of best practices that is collected and updated by a wide range of practitioners. The ITIL version used in
this study was Version Two.
Kim (2003: 13) describes the ITIL framework as a process-based approach to IT activity, and states that ITIL is
not focused on technology, but rather based on processes critical to organizations. The ITIL framework defines
a set of best practices for these processes. Kim (2003: 13) suggests that organizations use ITIL to identify and
improve business processes, using a set of best practices and then maturing these processes by using appropriate
technologies.
The Office of Government commerce (2002: 1-4) and the Central Computer and Telecommunications Agency
(2000: 4-5) has divided the ITIL framework into the following sets:
The Business Perspective
Service Delivery
Service Support
ICT Infrastructure Management
Application Management
Planning to implement Service Management
Security Management.
The Business Perspective set aims to improve management perceptions concerning the ICT infrastructure, as part
of their business processes, and to gain an understanding and appreciation of Service Management standards and
best practices. This includes issues such as business continuity management, partnerships and outsourcing,
change survival and business practice transformation through radical change.
The Service Delivery set identifies which services the organization must deliver in order to provide the users
with adequate support, and includes capacity management, financial management for IT services, availability
management, service level management, IT service continuity management and customer relationships
management.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
The Service Support set has the aim of ensuring that the services supporting various business functions are
accessible to customers, without any difficulties. Issues such as service desks, incidents management, problem
managements, configuration management, change management and release management are discussed.
The ICT Infrastructure Management set covers more technical issues such as network service management,
operations management, management of local processors, computer installation and acceptance and systems
management.
The Application Management set focuses on the complex software development lifecycle process, specifically
emphasizing the integration between business objectives and application development. Application
Management relates to various issues discussed in the previous four sections.
The Planning to implement the Service Management set explains the challenging process of introducing IT
governance (specifically ITIL) into an organization, together with the approach and steps of implementing it.
Finally, the Security Management set is dedicated to all security-related issues within an organization to ensure
the secure delivery of all organizational services.
Strengths of ITIL
The main strength that ITIL offers is its reputation. ITIL has shown itself to be entrenched and mature by
providing a detailed focus on the quality of IT production and operational processes. Because ITIL is based on
best practices, it is an excellent tool for enhancing operational systems (Anthes, 2004: 42).
Weaknesses of ITIL
ITIL does, however, have a few limitations. The development of quality management services and the failure to
address a software development life cycle are the major restrictions of ITIL. Quality issues relating to
operational systemsare not addressed by ITIL (Anthes, 2004: 42). Instead, these can be measured and improved
by using ISO 9000 or Six Sigma.
COBIT
The framework for Control Objectives for Information and Related Technology (COBIT) was developed by the
IT Governance Institute (ITC) and aims to balance IT risks with investments in IT controls (Carroll, Ridley &
Young, 2004: 234). The COBIT version used in this study was Version Three.
The IT Governance Institute (2002: 4-5) developed the COBIT framework, which consists of 34 high-level
control objectives, and is divided into the following main domains:
Planning and Organisation
Acquisition and Implementation
Delivery and Support
Monitoring.
The Planning and Organization domain consists of control objectives on IT strategy, information architecture, IT
organization and relationships, IT investments, communication management aims and directions, human
resources management, external requirements compliance, risks assessment, and project and quality
management.
The Acquisition and Implementation domain is concerned with automating key solutions, application software,
technology infrastructure, procedures development and maintenance, system installation and accreditation, and
change management.
The Delivery and Support domain, in turn, provides control objectives on service levels, the management of
third-party services, performance and capacity management, systems security assurance, cost identification and
allocation, user education, configuration management, incident management, data management, facilities
management and operations management.
The Monitoring domain focuses on issues such as the assessment of internal controls, the obtaining of
independent assurance, process monitoring and independent auditing.
Strengths of COBIT
Because COBIT is extremely audit-orientated, it provides excellent checklists for various aspects of IT within
organizations (Anthes, 2004: 43).
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
Weakness of COBIT
The COBIT framework is very much generic. It only documents the directions that IT must follow and not how
to follow these directions. COBIT, like ITIL, also fails to address software development life cycles. The main
shortcoming of the COBIT framework is the fact that it doe not cater for continuous process improvement
(Anthes, 2004: 43).
Effective Management of IT (Schwarz & Hirscheim, 2003: 129) (Hwang & Liu, 2003: 13)
As discussed earlier, the CEO, CIO, unit managers and an IT governance committee all have different
management responsibilities relating to IT within an organization. IT governance creates a clear and common
direction for these executives to work towards and in accordance with.
By disciplining IT-related functions and creating clear roles and responsibilities for IT processes, IT governance
will ease the burden on managers.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
Increased IT Control and Standards (Hwang & Liu, 2003: 13)
Controls are not only required to detect, prevent and correct unlawful events, but also to try to ensure that
objectives are achieved (IT Governance Institute, 2000: 3).
The key to effective controls is not to implement as many controls as possible chances are that the framework
will drastically decrease in effectiveness. The target of an IT governance framework should be to implement the
maximum control with the minimum processes.
Standards are the criteria according to which IT functions must be carried out. Quality standards like ISO 9000
are practised globally and are important components of an organizations IT governance framework.
IT governance raises the need for effective controls and standards within an organisation and is usually
implemented using ISO 9000 and / or ISO 19977, to name but a few.
Improved Product or Service Quality More Satisfied Clients (Patel, 2002: 3163)
Both the IT governance frameworks COBIT and ITIL provide a comprehensive set of processes and standards,
which is developed to not only improve an organizations product, but also to increase customer service.
According to the Central Computer and Telecommunications Agency (2002: 27), world-class service can
influence the success or failure of organizations to a significant degree, and can be considered a competitive
advantage. IT governance aims to deliver customer service as a competitive advantage.
Control (Hoffman, 2004: 6) and Lower (Patel, 2002: 3163) IT-Related Costs
One of the main goals of IT governance is to create uniformity and consistency of all IT-related issues within
organizations. IT governance prohibits business units from managing their IT functions as individual
preferences. Instead, all IT functions of business units are managed consistently.
IT governance aims to manage IT consistently and on a high level, in order to create uniformity, which in turn
will improve the control of IT and decrease IT costs.
Alignment Between IT and Business Strategies (Parker, Peterson & Ribbers, 2002: 3143)
The alignment of IT with business strategies is the most important aim of IT governance and has been
extensively discussed in the previous sections. Closely related to this point is another advantage offered by IT
governance, which is the consistency of IT strategies (Hwang & Liu, 2003: 13): there is no point in aligning
business strategies with IT, if the IT strategies itself are contradictory.
The alignment of IT with business strategies is considered to be the most urgent reason for organizations to
implement IT governance.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
Increased Organizational Success (Kan 2003: 2) and Value (Hwang, 2002: 15)
Organizational success is the collaboration of various processes, of which IT governance is only one.
Nevertheless, effective IT governance does contribute enormously towards the success and value of an
organisation.
Shareholders Contentment with the Organizations Success (Parker, Peterson & Ribbers, 2002: 3143)
Closely related to the discussion on return on investment and increased organizational success and value, IT
governance also aims to increase the satisfaction of the shareholders of an organization. This not only includes
financial issues like savings on IT costs - which could potentially implicate bigger dividends - but also gives
shareholders ease of mind regarding their investments. At the bare minimum, IT governance might serve as a
mutual platform for the executive committee and shareholders to communicate.
EduSoft
EduSoft is an organization based in South Africa, with various offices located internationally, employing 200
employees. EduSoft specializes in the development of software packages for the higher education market and
the company expects significant market increase in their market segment within the near future. EduSoft is in
the initial stages of implementing an IT governance framework internally, but the implementation process has
not materialized yet. Nevertheless because it had done adequate investigations on available IT governance
frameworks and the process of implementing a customized version, EduSoft was included in the paper for the
purpose of identifying their expectations of IT governance. Two candidates where interviewed, namely the CEO
and the manager responsible for the implementation of the framework.
ServiceSA
ServiceSA is one of the worlds largest ICT service providers and has offices in 23 countries worldwide -
consisting of 43500 employees in total. It has 1500 multinational clients and supports a global network,
spanning 40 countries. ServiceSA offers a number of services, including software development and
maintenance, but their niche lies in the management of their clients IT infrastructures (outsourcing). ServiceSA
has, in their opinion, nearly perfected the management of IT governance. They are so confident about their
ability to implement IT governance frameworks successfully, that they have created a team dedicated to
outsourcing their knowledge to other organizations, assisting clients in implementing effective ITIL frameworks.
The person interviewed plays a leading part in the implementation of the processes defined in their IT
governance framework.
BankSA
BankSA is a leader in the South African banking industry and has approximately 32000 employees. BankSA
offers their financial services to personal, commercial and corporate clients residing locally and internationally,
including the United States, United Kingdom, China, Singapore, Hong Kong and the rest of Africa. BankSA
uses the latest information technology in offering their services to various South African locations. They believe
that without IT, their organization would cease to exist. BankSAs Head of IT strategy was interviewed, being
the person responsible for IT governance. The interviewee is well qualified and has represented BankSA at
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
various conferences focusing on IT governance, often including excellent presentations by the interviewee
himself.
IT Governance Relationships
Both candidates at EduSoft agreed that corporate governance includes IT governance. However, their opinions
were divided on the relationship that IT governance has with IT management. The CEO of EduSoft was of the
opinion that IT governance includes IT management, but is not limited to it. The manager argued that IT
governance and IT management are one and the same. ServiceSA also confirmed that IT governance is one of
many aspects that corporate governance includes. According to ServiceSA, IT governance is the implementation
of the processes defined by IT management thus IT management consists of IT governance. BankSA was
under the impression that corporate governance consists of IT governance, and IT governance in return consists
of IT management.
Both the literature and empirical study agree that IT governance is part of corporate governance. However, the
inconsistent perspectives which organizations have on the relationship between IT governance and IT
management, motivates the researchers to agree with the literature: IT management is one aspect of IT
governance.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
While the literature strongly supports the proposition that the CIO should manage IT governance, no consistency
could be established between the organizations perspectives on who should manage IT governance.
The researchers conclusion concerning the role-player that should manage IT governance is fairly closely
aligned with that of Ross & Weill (2004b). The executive ultimately responsible for IT governance is the CIO.
Because the CEOs position within an organizational structure is more senior, the CEO is responsible for the
corporate governance. The CEO must ensure that IT governance is aligned with corporate governance, in order
for an organizations departments to work in a common direction. Typically, an organizations CEO will
nominate the CIO to be responsible for IT governance. The CIO must implement and maintain the IT
governance framework, and will typically assemble an IT governance committee to assist in the design,
implementation and maintenance of it. It is the responsibility of the CIO to inform the CEO about the status of
their IT governance framework on a regular basis, and to ensure that IT-related strategies and goals remain well
defined and aligned with the rest of the organization.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
Theoretical benefits:
Practitioners benefits:
Marketing * * *
Client Expectations * *
Like EduSoft, ServiceSAs reason for implementing IT governance is not the alignment of IT and business.
Instead, examples of the main motivations to implement IT governance are the establishment of standards, cost
prevention and the delivery of expected IT objectives, by using best practices. One of the foremost reasons why
ServiceSA has decided to implement IT governance is the dual advantages it offers to their organization.
ServiceSA itself not only expected major internal benefits, but also recognized and grasped a business
opportunity in outsourcing their expertise to other organizations. Before implementation, BankSA expected 67%
of the theoretical benefits to materialize. A satisfactory 71% of these benefits were obtained, of which 29% were
not anticipated before implementation. The benefits ServiceSA achieved after implementation are roughly in
line with the benefits expected before implementation, with the major exception of costs. According to
ServiceSA, their IT-related costs did not drastically decrease, if at all. A benefit that entirely overwhelmed
ServiceSAs expectations was their marketing expectations. This not only includes the ease of mind clients have
regarding their investments in ServiceSA, but also the market share they have gained by delivering these services
to clients. The expectations that BankSA had when implementing IT governance, were extremely business-
oriented; unlike the previous two organizations discussed. The alignment of IT and business strategy was the
foremost motivation for BankSA to implement a framework. Differing from EduSoft and ServiceSA, BankSA
makes extensive use of IT in order to achieve their business goals. Thus, BankSAs primary objectives are
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
business-oriented, and not IT-oriented. Almost five years after BankSAs initial IT governance framework
implementation, they are still in the process of aligning IT, in order to complement their business strategies.
Even though BankSA admits that it hasnt yet reached the point of total satisfaction, its progress for an
organization of its magnitude is more than satisfactory. BankSA confesses that they have hoped to see more
confident IT decisions being made by business representatives one benefit IT governance failed to deliver.
LikeServiceSA, BankSA also failed to cut IT costs drastically by implementing IT governance. Some of the
main benefits BankSA did achieve by implementing an IT governance framework are: increased value from IT
investments, secure shareholder investments and the prioritization of IT projects by business representatives. In
total, BankSA claims to have achieved a superb 91% of the theoretical benefits identified before implementation.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
Organizations implement an IT governance framework to achieve only a limited or specific number of
benefits as promoted by the literature.
The literature propagates a lengthy list of possible benefits organizations can achieve by implementing an IT
governance framework. It was found that in practice, organizations only identified a few benefits as the
motivation to implement a framework. It would seem that organizations implement IT governance with the main
objective of solving specific problems within their organizations, rather than preventing future IT-related
failures. Even though organizations do implement IT governance to prevent future IT-related failures, it is not
their main motivation.
IT organizations do not implement IT governance frameworks with the aim of aligning business strategies
with IT initiatives.
This result is unexpected, as the main definition of IT governance is to aim and align business and IT strategies.
The researchers concluded that, for IT organizations, information technology is the business they conduct with
clients and therefore their business and IT would automatically be aligned. In other words, because IT
organizations prime product or service offered to clients is information technology (e.g. development of
software), and not a means of complementing a non-IT-related product or service (e.g. financial services), their
IT and business is integrated by default.
Based on the comparison between the literature and the empirical study, the researchers identified a limited
number of similarities between the organizational perspectives of IT governance and the viewpoints of the
literature. Therefore, the majority of topics discussed in this research indicated an inconsistency between the
organizations and the literature. Consequently, the researchers are of the opinion that the organizational
perspectives of IT governance are not consistent with the viewpoints of the literature.
REFERENCES
1. ANTHES, G.H. 2004. Model Mania. Computer World (US), 8 March 2004, vol.38, no.10, p.41-44.
2. BARTON, N. 2004. This Years Model: Performance Improvement Complements IT Best Practices
Frameworks. [Online]. Available: http://www2.cio.com/analyst/report2669.html [Cited 9 August 2004].
3. BURN, M.J. & SZETO, C. 1999. A comparison of the views of business and IT management on the
success factors for strategic alignment. Information and Management, 28 September 1999, vol.37, no.4,
p.197-216.
4. CALDER, A. & WATKINS, S. 2002. IT governance: data security & BS 7799/ISO 17799: a manager's
guide to effective information security. London: Kogan Page.
5. CARROLL, P., RIDLEY, G. & YOUNG, J. 2004. COBIT and its utilization: a framework from the
literature. System Sciences, January 2004, p.233-240.
6. CENTRAL COMPUTER AND TELECOMMUNICATIONS AGENCY. 2002. Service Support. London:
The Stationery Office.
7. EXLER, R. 2003. IT governance frameworks. [Online]. Available:
8. http://www2.cio.com/analyst/report1559.html [Cited 16 June 2004].
9. HOFFMAN, T. 2003. Disparate views of IT governance spark debate. Computer World (US), 5 May
2003, vol.37, no.18, p.14.
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006
Wessels and van Loggerenberg IT Governance: Theory and Practice
10. HWANG, J.D. 2002. Information resources management: new era, new rules. IT Professional,
November/December 2002, vol.4, no.6, p.9-18.
11. IT GOVERNANCE INSTITUTE. 2000. COBIT 3rd edition executive summary. [Online]. Available:
http://www.isaca.org/execsum.pdf [Cited 28 June, 2004].
12. KAN, A.R. 2003. Managing a multi-billion dollar IT budget. Software Maintenance, September 2003, p.2.
13. KIM, G. 2003. Sarbanes-Oxley, Fraud Prevention, and IMCA: A Framework for Effective Controls
Assurance. Computer Fraud & Security, September 2003, vol.2003, no.9, p.12-16.
14. KOCH, C. 2002. The powers that should be Governance. [Online]. Available:
http://www.cio.com/archive/091502/powers.html?printversion=yes [Cited 30 March, 2004].
15. LIN, C. & PERVAN, G. 2003. The practice of IS/IT benefits management in large Australian
organisations. Information and Management, October 2003, vol.41, no.1, p.13-24.
16. NELSON, J. 2004. Corporate governance practices, CEO characteristics and firm performance. Journal of
Corporate Finance, 27 February 2004, p.1-32.
17. OFFICE OF GOVERNMENT COMMERCE. 2002. Application Management. London: The Stationery
Office.
18. PARKER, M.M., PETERSON, R.R. & RIBBERS, P.M.A. 2002. Designing information technology
governance processes: diagnosing contemporary practices and competing theories. System Sciences,
January 2002, p.3143-3154.
19. PATEL, N.V. 2002. Global e-business IT governance: radical re-directions. System Sciences, January
2002, p.3163-3172.
20. PATEL, N.V. 2003. Health informatics governance: researching deferred IS/IT mechanisms. System
Sciences, January 2003, p.244-250.
21. ROSS, J. & WEILL, P. 2004a. Recipe for good governance. [Online]. Available:
22. http://www.cio.com/archive/061504/keynote.html [Cited 3 April, 2004].
23. ROSS, J. & WEILL, P. 2004b. Ten principles of IT governance. [Online]. Available:
http://hbswk.hbs.edu/tools/print_item.jhtml?id=4241&t=strategy [Cited 12 November, 2004].
24. SCHWARZ, A & HIRSCHHEIM, R. 2003. An extended platform logic perspective of IT governance:
managing perceptions and activations of IT. Journal of Strategic Information Systems, 2003, vol.12, no.12,
p.129-166.
25. SIRIRAM, R. & SNADDON, D.R. 2003. Verifying links in technology management, transaction processes
and governance structures. Technovation, 3 October 2003, p.1-17.
26. SOHAL, A.S. & FITZPATRICK, P. 2002. IT governance and management in large Australian
organisations. International Journal of Production Economics (Elsevier Science), 2002, vol.75, no.1, p.97-
112.
27. VAN GREMBERGEN, W. 2003. Introduction to the minitrack "IT governance and its mechanisms"
HICSS 2003. System Sciences, January 2003, p.242
Proceedings of the Conference on Information Technology in Tertiary Education, Pretoria, South Africa, 18 20 September
2006