The core components and conceptual framework of IT governance based on quantitative content analysis

The core components and conceptual framework of IT governance

based on quantitative content analysis

1

Zhihao Tang ,

JinQi Meng ,

Yekui Wu

ZheJiang university of Finance and Economics, HangZhou 310018, China,

E-mail: [email protected]

Abstract

Based on the quantitative content analysis of existing literature from year 1996 to year 2010, this article refines twelve core components of the IT governance concept, including corporate governance, enterprise goals, senior managers, governance structure, governance process, relational mechanism, rights & accountability, IT strategy, IT acquisition, performance management, compliance & risk and stakeholders. Then a four-dimensional IT governance conceptual framework with governance body, governance aim, governance area and governance mechanism is reconstructed. The reliability test has validated the proposed concepts and conceptual framework of IT governance.

Keywords

1. Introduction

IT governance is a concept with abundant meaning. Many scholars and institutions all over the world have defined the concept of IT governance[1, 2]. Research findings in these existing literature can be roughly grouped into three categories: emphasis on control of IT governance, emphasis on the guidance of IT governance and emphasis on the relationship of IT governance [3], as shown in following Table 1.

Table 1. Summary of different perspectives of IT governance Control Perspective ITGI[4]，Van Grembergen[8], Hoffman[5]，ISO38500[6]

Guidance Perspective

Peterson[7], Brown[9] ,Weill & Ross[10] , Segars & Grover[11]， Loh & Venkatraman[12], Korac-Kakabadse& Andrew Kakabadse[13], WeiAn Li & DeLu Wang[14], ISO38500[6]

Relationship Perspective Sambamurthy & Zmud[15]，A.Schwarz & R.Hirschheim[16]

IT Governance Institute, Van Grembergen and Hoffman stands for control perspective. IT Governance Institute concludes that IT governance is the responsibility of the board of directors and executive management, and It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives. Van Grembergen put forward views that IT governance is the organizational capacity by the board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT.

There are many scholars who hold opinion of guidance perspective such as Weill and Ross, Brown & Magill, Peterson, Segars & Grover ,WeiAn Li & DeLu and so on. For example, Weill and Ross think that IT governance is specifying the decision rights and accountability framework to encourage desirable behavior in using IT. Brown and Magill have similar viewpoint that IT governance describes the locus of responsibility for IT functions. Luftman also suggest that IT governance is the degree to which the authority for making IT decisions is defined and shared among management, and the processes managers in both IT and business organizations apply in setting IT priorities and the allocation of IT resources

There are also some different opinion---relationship perspective. Sambamurthy and Zmud believe that IT Governance research should change from static organizational structure to dynamic, flexible internal and external organizational relationship [15].

the complexity and multi-face of IT governance, as shown in following Table 2. Table 2. Summary of IT governance core components scholars /institutions Core Components of IT governance

ITGI [4] Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Measurement

Peterson[7], Van Grembergen[8] , Brown[9] ,Weill & Ross[10]

Governance Mode, Governance Structure, Governance Processes and Governance Mechanism

Sambamurthy & Zmud[15]， A.Schwarz &

R.Hirschheim[16] ,Cross & Earl[18]

IT Capability, Relational Schema and Integrated Architecture

ISO38500[6] Responsibility, Strategy, IT acquisition, IT Performance, Compliance and Human Behavior

Webb & Pollard & Ridley[17]

Strategic Alignment, Delivery of Business Value through IT, Performance Management, Risk Management and Control & Accountability

IT Governance Institute considers that IT governance has five components: strategic alignment, value delivery, risk management, resource management and performance measurement[4]. Scholars who hold opinion of guidance perspective point out that IT governance as a system of IT rights and accountability need to be interacted with governance structure, process and relational mechanism[10]. The International Standard of IT Governance -- ISO38500 considers six components such as accountability, IT strategy, IT acquisition, IT performance, IT compliance and human behavior[6]. In addition, Clark and Vowler from the perspective of corporate governance proposed that compliance and internal control are the core components of IT governance. Webb & Pollard extract five components of IT governance from twelve IT governance definitions, which are strategic alignment, delivery of business value through IT, performance management, risk management and control & accountability [17].

Therefore, the core components of IT governance need to be systematically refined, and a clearly defined conceptual framework should be set up for contributing to the IT governance theory and practice.

2. Methodology and Data Analysis

Content analysis approach is a scientific method which can make a quantitative analysis of research papers systematically. By using this approach the "essence" of literature can be caught more profoundly and precisely.Quantitative content analysis approach mainly includes five key steps such as sample collection, coding catalogue, text encoding, reliability test, statistical description and analysis.

2.1. Sample collection

The sample articles are collected from academic databases. Chinese research papers were downloaded from CNKI database, and others were retrieved from EBSCO, ABI and ACM. This is a most effective method to cover most of IS academics and practical magazines suggested by Schwartz and Russo [19] Moreover, Google scholar was used as supplement to improve the timeliness and breadth of sample. Conference papers and dissertations are acquired from IEEE, PQDD and Chinese CNKI database.

The sample articles in this study are 64 papers, including 6 doctoral dissertations, 2 master dissertations, 2 monographs, 2 research reports, 44 papers from academic journals and 8 conference papers.

2.2. Coding catalogue

This paper makes a cluster analysis of these 64 articles and summarizes 13 coding entries such as corporate governance, enterprise goals, senior managers, governance structure, governance processes, relational mechanism , rights and accountability, IT strategy, IT acquisition, performance management, compliance & risk, stakeholders and resource management.

A clear coding catalogue need to be developed with precise meaning of coding entries for next text encoding. Detailed are shown in below Table 3. In table 3, the coding entry---"other components" is a supplement to complete the catalogue as a whole.

Table 3. Coding catalogue for IT governance concept

Coding Entry Definition

Corporate governance IT governance is an integral part to corporate governance;

Corporate governance provides an organizational environment for IT governance. Enterprise goals To support the completion of enterprise goals;

To promote the achievement of corporate strategy. Senior managers Board of Directors;

Team of senior management and CEO; Other authorized supervisors.

Governance structure Committee team, such as the governance committee, IT technical committee, IT investment committee, etc;

Other roles such as CTO, CIO, etc.

Governance process Implementation process of IT policy, such as IT strategic planning process, IT investment assessment process, service level agreement, etc;

Feedback process such as the IT Balanced Scorecard, IT project monitoring process, etc.

Relational mechanism Means of accelerating cooperation among various IT stakeholders, such as contact person between business and IT department, conflict resolution mechanism; Means of ensuring communication among various IT stakeholders, such as senior management announcement, formal committee meeting.

Rights & accountability IT decision framework with a clearly defined rights and responsibility. IT strategy Clear IT strategy;

IT strategic planning is an integral part of business strategic planning. IT acquisition IT acquisition reflects the business requirement clearly;

IT acquisition undergoes a rigorous feasibility analysis; Clear policy and procedure of IT acquistion

Performance management IT System operating performance meets business requirement; IT System with a good safety;

Good disaster recovery capability and business continuity; Flexible IT system that can quickly meet new business' needs. Compliance & Risk IT system obeys external laws and regulations such as SOX, etc;

IT system change management should be consistent with relevant industry standards such as ISO20000 and ISO27001;

Comprehensive IT compliance and control system such as Cobit, etc. Stakeholders Efficient knowledge transfer between IT and business department;

Adequate IT Skills training;

Full participation for stakeholders in IT total life cycle. Resource management Effective management of IT assets and resources;

Optimization and configuration of IT outsourcing resource. Other components Other entry does not belong to above coding entries.

2.3. Text encoding

Two coders analyze those coding entries independently in the sample articles, then record the occurrences of each entry. In order to clearly reflect the evolution of IT governance concept, this study arranges the concept in the sample by chronological order, the left in EXCEL is the latest definitions. The keywords related to concept of IT governance which appears in sample articles are recorded in coding entries, coding entries also show the ranking of each item and the sum of each entry. After several rounds of careful, repeated text-encoding, besides the above 13 coded entries, there are also three "other components" such as integrated architecture (14%), IT capability (3%), enterprise architecture (1.5%).

2.4. Reliability test

This article uses two methods to examine the reliability of content analysis: coders’ consistency coefficient and kappa coefficient.

Coders’consistency coefficient indicates the consistency degree of two coders, and It is generally believed that consistency coefficient above 0.8 is acceptable, and that above the level of 0.9 is well. And Kappa coefficient is a statistical indicator to compare the consistency of the results of two or more observers studying the same thing, or one individual observing the same thing twice or more times.

The calculation formulas of how to compute the consistency coefficient and Kappa coefficient are as follows: 3 2 1 3 2 1 t Coefficien y Consistenc T T T T T T      （1） Pe Pe Po    1 t Coefficien Kappa （2）

Po is the ratio of consistent number with actually observed and total number of checkers. Pe is the expected consistent rate, which is the rate caused by accidental opportunities form two tests. Kappa coefficient between 0.41-0.60 is moderate agreement, between 0.61-0.80 is good agreement, and very good agreement is between 0.81-1.00.

Table 4. Result of consistent coefficient and kappa coefficient Coding Entry Consistency of coders Kappa Coefficient

Corporate governance _0.90625 0.810 Enterprise goals _0.828125 0.631 Senior managers 0.890625 0.775 Governance structure _0.859375 0.692 Governance processes 0.875 0.742 Relational mechanism _0.890625 0.842

Rights and accountability _0.84375 0.680

IT strategy _0.84375 0.630

IT acquisition _0.8125 0.586

Performance management _0.828125 0.651

Compliance and Risk _0.859375 0.704

Stakeholders 0.921875 0.838 Resource management _0.875 0.671 Integrated architecture 0.9375 0.741 IT capability _0.90625 0.824 Enterprise architecture _0.96875 0.856 The Average 0.883789 0.729563

From results listed in table 4, all consistent coefficients reach the ideal level: consistent coefficient of all coding entries are greater than 0.8, the overall consistent coefficient is greater than 0.8, and also the overall kappa coefficient is greater than 0.7.

2.5. Statistical description and analysis

Figure 2 shows the frequency of each entry in coding catalogue. Figure 1 shows that the frequency of each coding entry is not balanced, some of which are up to 75% (IT Strategy), 73% (enterprise goals), and some are only 3% (IT capability), 1.5 % (enterprise architecture). That result confirms IT

governance concept acturlly has different focus and diversified features just like what many scholars has said.

On the other hand, the frequency of these entries also show some concentration. There are 7 entries which have get more than 60% scholars consensus such as enterprise goals, governance structure, governance processes, IT strategy, IT acquision, performance management and compliance & risk. And 5 entries get more than 40% scholars consensus which are corporate governance, senior managers, relational mechanism, rights & accountability and stakeholders. Even 2 entries such as stakeholders and corporate governance are up to 81.25%.

Figure1. Frequency of each coding entry

Three “other components” -- integrated architecture, IT capability and business structure only have very low frequency. The frequency of IT capability and enterprise architecture is less than 5%, and that of integrated architecture does not meet 15%. This study believes that these three coding entries are not current scholars' common understanding of IT governance.

Therefore, by comparing and analyzing the frequency of each entry, this article concludes that although with diversified focus, there are 12 components in the coding catalogue except “resource management” entry get consensus in academics, which are corporate governance, enterprise goals, senior managers, governance structure, governance processes, relational mechanism, rights and accountability, IT strategy, IT acquisition, performance management ,compliance & risk and stakeholders.

2. Evolution Tendency

This article classifies those papers before 2003 into a group and others into another set, then calculates frequency of each encoding entry in respective set to show the evolution tendency of core components of IT governance concept. The result is shown in following Figure 2.

Firstly, this article examines the correlation coefficient(69.4% with passing 1% significance test) of these two sets, which indicates that the two sets have a good correlation, that is coding catalogue remain relatively stable.

Secondly, Figure2 shows there are some common components (above 40%) in two sets such as: enterprise goals, senior managers, governance structure, governance processes, rights and accountability, IT strategy, IT acquisition and compliance & risk. Particularly, those entries such as enterprise goals, governance structure, management processes and IT strategy have got more than 50% of the scholars consensus.

In addition, Figure2 also shows the two sets have some differences. For example, the frequency of "rights and accountability" has been decreased (from 50% down to 31%) because of scholars' research focus shifted. Indeed, as we all know, the origin of IT governance research focused on "rights and accountability" , later scholars found "rights and accountability" could not always guarantee IT governance effectiveness, governance process, governance mechanism and organizational environment all need to be interacted. However, there are also some properties such as compliance and stakeholders in IT governance concept have got scholoars’ more and more attention gradually. So the frequency of "rights and accountability" has been reduced, while "compliance and risk (growing rate--70.7%)", "stakeholders (growing rate--96%)" has substantially increased. This tendency shows that the research on IT governance is gradually changed to be more comprehensive from focusing on original "rights and accountability" .

3. Findings and Discussion

3.1. The core components and conceptual framework of IT governance

After the above horizontal and vertical comparison, the 12 core components of IT governance which get scholars consesus are refined as follows: corporate governance, enterprise goals, senior managers, governance structure, governance process, relational mechanism , rights&accountability, IT strategy, IT acquisition, performance management, compliance & risk and stakeholders.

Obviously, these IT governance core components need to be further classified in order to obtain a clear understanding. Marcus suggests that if “why, who, what, how, when, where” can be answered, then the meaning of a concept can be explained clearly[20].

In the light of Marcus’s idea, the study constructs a four-dimensional conceptual framework of IT governance: IT governance whose purpose is to achieve enterprise goals, being an integral part of corporate governance, is the system for senior managers to guide and control IT application by using governance structure, processes and relational mechanism , which includes six areas such as rights and accountability, IT strategy, IT acquisition, performance management, compliance & risk and stakeholders.

Table 5. The core components and IT governance conceptual framework governance goals (why) enterprise goals

governance body (who) senior managers

governance mechanism (how) governance structure, governance processes, relational mechanism

governance area (What to do) rights and accountability, IT strategy, IT acquisition, performance

management, compliance and risk, stakeholders

3.2. External comparison

In order to better understand the twelve refined components, the subsequent section will draw a detailed comparison between those components and other scholars’ viewpoint.

IT Governance has two theory source: strategic information systems planning and corporate governance. According to Earl’s view, strategic information systems planning(SISP) has four key themes: aligning IS investment with business goal, exploiting IT for competitive advantage, directing efficient and effective management of IS resources, and developing technology policies and architectures[21]. Corporate governance has five core components: strategic direction, balance stakeholders, control(monitor, risk management), accountability system, transparency(information disclosure , compliance) and so on[22].

From Table 6，we know the twelve core components can be well traced back to its source of IT governance theory.

Table 6. Comparison components between IT governance and its source theory IT Governance

in this article

Corporate

governance SISP

IT Strategy

Strategic direction aligning IS investment with business goal

developing technology policies and architectures

IT acquisition exploiting IT for competitive

advantage,

Stakeholders Balance stakeholders

Rights and accountability Accountability system

Performance management directing efficient and effective management of IS resources Compliance & Risk Control

Transparency

2.Comparison with other scholars’ viewpoint

From the literature review in table 2, there are three typical viewpoints on IT governance’s core components from ISO38500, ITGI and Webb. The comparison is shown in Table 7.

ISO38500 points out that 6 major principles of IT Governance should be reflected: responsibility, strategy, acquisition, performance, conformance and human behaviors. These six components plus risk element become the view of this article. IT risk management is mentioned a little in the strategy components of ISO38500, but the tendency analysis has indicated risk management has became the focus of IT governance research gradually with 70.7% growing rate. Therefore, this study suggests that the "Compliance & risk" better embodies the control property of IT governance concept, and also adapts to today’s social atmosphere of calling for strengthening governance, risk and control (GRC).

Table 7. Comparison with ISO38500, ITGI and Webb

ISO38500 ITGI Webb IT Governance

in this article Responsibility Strategy Acquisition Performance Conformance Human behavior Strategic Alignment Value Delivery Risk Management Resource Management Performance Measurement Strategic Alignment, Delivery of Business Value through IT

Performance Management Risk Management Control & Accountability

Rights & accountability IT Strategy

IT acquisition

Performance management Compliance & Risk Stakeholders

Compared with the definition of ITGI, the concept of this article has two more components: "rights and accountability" and "stakeholders". The concept of ITGI and its report--COBIT reflect obvious IT process-control idea and little organizational management thoughts. The term of "rights and accountability" and "coordination of the stakeholders" has always been governance essence. Therefore, this study suggests that "rights and accountability " and "stakeholders" are useful addition. "resource management" of ITGI concept, which means resource scheduling and allocation of all kinds of IT assets. Due to the sophisticated connection among resource management and other four components, this study

deletes this element, but the relevant content is separated into the IT strategic planning, IT acquisition, performance management, compliance & risk and stakeholders.

Webb, Pollard and Ridley[17]from Australia analyzed twelve IT governance concepts, and they think that IT governance should contain five components: strategic alignment, delivery of business value through IT , performance management, risk management and control & accountability. This article, by contrast, has a wide range of literature (64), and also includes 38 new published literatures after 2006 to catch something new of IT governance research. So the terms of "compliance" and "stakeholders"---- new tendency are embraced into this IT governance concept.

All in all, the external comparison shows that these twelve core components not only show the continuity and consistency from those existing research, but also reflect new tendency of IT governance research in recent five years.

4. Conclusion

Given all that, this paper refines the twelve core components of IT governance, and reconstructs a four-dimensional conceptual framework with governance body, governance aim, governance area and governance mechanism, which embody both the succession and new tendency of IT governance research.

For researchers, this components and conceptual framework deepen and expand IT governance concept research. Further studies can try to develop an IT governance scale based on this concept and carry out empirical studies.

For practitioners, Given the increasing external pressure of IT governance, compliance and control(GRC), and also internal IT return-on-investment, senior management are pursuing a better operational IT governance framework for their organization. Giving aid to practitioners, this article may provide some guidance with clear understanding on who undertake IT governance responsibility, also how and what can be done to improve IT governance maturity.

5. References

[1] F NasserEslami,M Fasanghari,H R Khodabandeh, A Abdollahi, "Classification of IT Governance Tools for Selecting the Suitable One in an Enterprise", JDCTA: International Journal of Digital Content Technology and its Applications,vol.2,no.2,pp. 4-10, 2008.

[2] Y H Chiu,L Liu, Y P Chi, "Study on Correlation between Critical Successful Factors of IT Governance and Governance Performance", JCIT: Journal of Convergence Information Technology,vol.6,no.5,pp. 329 ~ 338, 2011.

[3] ZhihaoTang,Chunyang Ji, Kejin Hu, "A Review of Researches on IT Governance", Chinese Accounting Research,no.5,pp. 76-82, 2008.

[4] ITGI. "Board Briefing on IT Governance, 2nd Edition". USA, 2006.

[5] Hoffman, "Disparate view of IT governance spark debate", Computer World,vol.37,no.18,pp. 14, 2003.

[6] ISO, IEC. "ISO/IEC 38500:2008 corporate governance of information technology ". Switzerland, 2008.

[7] R Peterson, "Crafting information technology governance", Information Systems Management,vol.21,no.4,pp. 7-22, 2004.

[8] W Van Grembergen,S De Haes, E Guldentops, "Structures, Processes and Relational Mechanisms for IT Governance", Hershey, PA: Idea Group Publishing pp. 1-36, 2004.

[9] C V Brown, "Examining the emergence of hybrid IS governance solutions: Evidence from a single case site", Information Systems Research,vol.8,no.1,pp. 69-94, 1997.

[10] P Weill, "Don’t Just Lead, Govern: How Top-Performing Firms Govern IT", MIS Quarterly Executive,vol.3,no.1,pp. 1-17, 2004.

[11] A H Segars, V Grover, "Designing company-wide information systems: risk factors and coping strategies", Long Range Planning,vol.29,no.3,pp. 381-392, 1999.

[12] L Loh, N Venkatraman, "Diffusion of information technology outsourcing: influence sources and the Kodak effect", Information Systems Research,vol.3,no.4,pp. 334-335, 1992.

[13] N Korac-Kakabadse, A Kakabadse, "IS/IT governance: need for an integrated model", Corporate Governance,vol.1,no.4,pp. 9-11, 2001.

[14] WeiAn Li, DeLu Wang, "The Review of IT Governance and the Comparative Analysis of Two Models ", Journal of Capital University of Economics and Business,vol.5,pp. 44-48, 2005. [15] V Sambamurthy, R W Zmud, "Arrangements for information technology governance: A theory of

multiple contingencies", Mis Quarterly,vol.23,no.2,pp. 261-290, 1999.

[16] A Schwarz, R Hirschheim, "An extended platform logic perspective of IT governance: managing perceptions and activities of IT", Journal of Strategic Information Systems,vol.12,no.2,pp. 129-166, 2003.

[17] P Webb,C Pollard, G Ridley. "Attempting to Define IT Governance: Wisdom or Folly?" in Proceedings of Proceedings of the 39th Annual Hawaii International Conference on System Sciences,pp. 1-10, 2006.

[18] J Cross,M J Earl, J L Sampler, "Transformation of the IT Function at British Petroleum", MIS Quarterly,vol.21,no.4,pp. 401-423, 1997.

[19] R B Schwartz, M C Russo, "How to quickly find articles in the top IS journals", Communications of the ACM,vol.47,no.2,pp. 98-101, 2004.

[20] J Clifford, G E Marcus, "Writing culture: The poetics and politics of ethnography": Univ of California Prpp., 1986.

[21] M J Earl. Experiences in strategic information systems planning: Management Information Systems Research Center, University of Minnesota: 1-24.

[22] Zhihao Tang,Chunyang Ji, Kejin Hu, "Research on interaction of IT governance and corporate governance ", Science of science and management of science & technology,no.1,pp. 113-116, 2008.