Integration Strategies and Tactics for Information Technology Governance
Ryan R. Peterson
Information Management Research Center, Instituto de Empresa, Spain
Copyright 2004, Idea Group Inc. Copying or distributing in print or electronic forms without written permission of Idea Group Inc. is prohibited.
Abstract
Amidst the challenges and changes of the 21st century, involving hyper-competitive market spaces, electronically-enabled global network businesses, and corporate governance reform, IT Governance has become a fundamental business imperative. IT Governance is a top management priority, and rightfully so, because it is the single most important determinant of IT value realization. IT Governance is the system by which an organization's IT portfolio is directed and controlled. IT Governance describes (a) the distribution of IT decision-making rights and responsibilities among different stakeholders in the organization, and (b) the rules and procedures for making and monitoring decisions on strategic IT concerns. The objective of this chapter is threefold. First of all, to describe past developments and current challenges complex organizations are facing in governing the IT portfolio of IT applications, IT development, IT operations and IT platforms. Based upon the lessons we've learned from the past, one of the key objectives is to move beyond 'descriptives', and discuss how organizations can diagnose and design IT Governance architectures for future performance improvement and sustained business growth. The final objective of this chapter is to provide a thorough understanding and holistic picture of effective IT Governance practices, and present a new organizing logic for IT Governance.
Introduction
One morning in 1997, Ralph Larsen, CEO of Johnson & Johnson, called his controller, JoAnn Heisen, to his office for a meeting. Ralph had just launched a corporate-wide cost-cutting campaign to help finance a drive into highly competitive and costly new drug markets. That morning, Ralph wanted Johnson & Johnson's IT organization to be a bigger part of all of that — and to get smarter about how the company was using IT.
Johnson & Johnson was spending millions annually on IT, yet business executives and customers weren't getting the business information they needed, and the business value they wanted. Hospitals, for example, were asking Johnson & Johnson to help them cut their stashes of supplies, but Johnson & Johnson didn't have the Web-based tracking systems needed to deliver on that request. The electronic networks that did exist suffered frequent breakdowns. JoAnn recalls, "Nobody was talking to each other. And why should they? Nobody asked the business units to talk with each other before, and no one had asked IT how much we were spending on the business." Ralph told JoAnn he wanted to cut IT costs dramatically, but he also wanted to oversight reform.
That morning JoAnn left Ralph's office with a new job — as CIO — and a mission to standardize systems, cut IT costs, and align the IT organization with business strategies, while simultaneously acknowledging the decentralized culture of Johnson & Johnson's numerous business divisions across different countries.
Does the Johnson & Johnson chronicle (Alter, 2001; Scheier, 2001) seem familiar to you? This real-life case illustrates many of the problems and challenges large complex organizations have been facing for over a decade. It's almost clich that chief executives across the board have experienced many failures and disappointments with IT-enabled business transformations. Expecting strategic value innovation, executives have faced project cancellations, business disruptions, rising customer churn, decreasing shareholder value, and many other disappointments, including losing their jobs.
In fact, executives today are less concerned about getting 'Amazon-ed' than about getting 'Enron-ed'. Corporate responsibility, business sustainability and governance reform are currently high on the strategic agenda in many companies. The growing scrutiny over shareholder interests, lingering economic growth and corporate performance have now also prompted renewed soul-searching and interest into the governance of information and Internet-based technologies. Amidst all these changes and challenging responsibilities, governing IT for sustaining business value has become a fundamental business imperative for thriving in the 'old new' economy.
Re Information Technology Governance
Boards and business executives have come to recognize that whereas traditionally they could delegate, avoid, or ignore IT decisions, today they cannot conduct marketing, R&D or HR without depending on IT at some point in time. Metaphorically, a 'Speak-See-Hear No Evil' attitude towards IT Governance is no longer viable in today's business landscape (Figure 1).
Figure 1: IT Governance— No More 'Monkey Business'
With the dawning of the 21st century, organizations are experiencing a global digital revolution with profound impacts on their business models and electronic business processes, wherein the interdependency between business and IT is intensely reciprocal. This e-business genesis coincides with a business landscape, in which the intensity, unpredictability and diversity of change has accelerated to create a condition of hyper-competition (D'Aveni, 1994), in which there is no stable competitive position, bureau-cratic hierarchies become a competitive liability, organizational boundaries are being redefined, core competencies develop into core rigidities, and strategic fit is fleeting, all against a backdrop of global economic turmoil and market volatility.
The growing infusion of e-business technologies in and between organizations, and the 'e-wakening' from the dot.com frenzy, has made both business and IT executives recognize that getting IT right this time will not be about technology, but about governing IT. GartnerEXP's 2002 survey of its 1,500-member CIO community indeed confirms that the top management priorities are all within the domain of IT Governance (Figure 2). As business models and IT become virtually inseparable, managing their integration and co-evolution involves putting the right people in the right place to understand and take direct responsibility for making sure the organization meets its strategic goals, and that all efforts — including IT — are directed toward that end.
Rank |
Priority |
---|---|
1 |
Strategizing for business-IT alignment |
2 |
Providing leadership and guidance for the Board of Directors and senior executive |
3 |
Demonstrating business value of IT |
4 |
Developing IT senior management team |
5 |
Reducing total IT costs |
6 |
Strengthening program management, and project prioritization and selection |
7 |
Tightening security and privacy safeguards |
8 |
Developing electronic business architectures |
9 |
Attracting, nurturing and sustaining IT resources |
10 |
Reducing IT complexity |
Figure 2: Top Management Priorities in 2002 (GartnerEXP, 2002)
Nevertheless, how to govern IT for sustained value innovation remains an enduring and challenging question. In the case of Johnson & Johnson, questions the new CIO needed to answer were:
How can IT best support a complex organization composed of diverse, globally operating business units?
What and how much should we standardize? And who should be involved in making these strategic decisions?
How does a company choose the best arrangement for IT Governance? And what is the 'best' arrangement for our company?
At the heart of Johnson & Johnson's journey, as in many other organizations, has been a need to find answers to tough, almost timeless, questions of governance: how to organize for diversity and differentiation, while preserving integration and unity of direction? How to promote local innovation, yet reap the benefits of scale and scope in a global economy? In terms of IT Governance, the general question is how should we be governing our IT activities in order to manage the imperatives of the global, hyper-competitive, digital economy? More specifically, how to direct, organize and control IT in order to realize value for the enterprise and its key constituencies? In this chapter, these and other questions and their answers are explored and discussed.
Objectives and Organization of this Chapter
The purpose of this chapter is, first of all, to describe past developments and current challenges complex organizations are facing in IT Governance. Based upon the lessons we've learned from the past, one of the key objectives is to move beyond 'descriptives', and discuss how organizations can diagnose and design IT Governance solutions for future improvement and growth. The final aim of this chapter is to provide a thorough understanding and holistic picture of effective IT Governance practices, and present a new organizing logic for IT Governance.
This chapter is organized as follows. First, a review of previous studies and developments is presented, and contrasted with current changes and challenges in contemporary businesses. The fundamental problem underlying IT Governance is then described, along with a discussion of design strategies and integrative solutions. Next, the results of a multi-client study are summarized, and a diagnostic model for IT Governance is outlined. Several lessons for future architecting of IT Governance are presented, in which a 'new' logic for IT Governance is described. This chapter concludes with a discussion of the major implications and directions for practice and research on IT Governance.
Information Technology Grasping at Governance
In this section, the concept of IT Governance is discussed, and a review of previous studies is presented and contrasted with current business environments. Specifically, this section addresses the body of knowledge on IT Governance. A review of previous studies is presented, and compared to state-of-the-art developments in contemporary organizations. This section concludes with a discussion of existing IT Governance principles, and questions the suitability of the current paradigm.
Information Technology Governance Definitions and Myths
IT Governance has been the subject of much debate and speculation over the past decades, yet it remains an ephemeral and 'messy' phenomenon, emerging in ever-new forms with growing complexity. Despite more than 30 years of empirical research, and management theory and practices, there are still many breaches to be bridged.
Although questions and concerns regarding IT Governance have been around since the introduction of IT in companies, currently there is no consistent, well-established body of knowledge and skills regarding IT Governance. This is partly attributed to the simultaneous enduring and evolving nature of IT Governance, but partly also due to the specialization and disconnectedness between globally-dispersed IT Governance interest communities. For instance, the differentiation and dissonance among these professional communities has led to the use of various definitions and models on IT Governance (Figure 3), which consequently has not been beneficial to the development of a cumulative body of knowledge and skills on IT Governance [1].
Figure 3: IT Governance Definitions
Similar to corporate governance, IT Governance is a topic that has recently been rediscovered, and as yet, is ill-defined and consequently blurred at the edges. To cite Burt (1980), the rich vocabulary emerging from the literature is like a terminological jungle in which any newcomer may plant a tree. Considering the foregoing definitions, and consistent with Cadbury and in line with the OECD's definition of corporate governance, the following definition of IT Governance is used in this chapter (Peterson, 2001):
IT Governance is the system by which an organization's IT portfolio is directed and controlled. IT Governance describes (a) the distribution of IT decision-making rights and responsibilities among different stakeholders in the organization, and (b) the rules and procedures for making and monitoring decisions on strategic IT concerns.
IT Governance thus specifies the structure and processes through which the organization's IT objectives are set, and the means of attaining those objectives and monitoring performance. IT Governance is a second order phenomenon, i.e., governance is the set of decisions about who and how decisions on strategic IT concerns are made. The abovementioned definition also (implicitly) addresses several 'IT Governance myths' that have existed for a long time and still persist, yet, which need to be debunked (explicitly) if business and academic communities are to move forward in their IT Governance thinking and IT Governance practices.
IT Governance Myth: IT Governance is the Responsibility of the CIO
While IT Governance is certainly an essential element of a CIO's portfolio, the CIO is not the primary stakeholder. Still, too often, corporate executives and business managers assume that the CIO is taking care of IT Governance. Moreover, abdication of responsibility and accountability by the business, and 'pointing the finger' at IT will not resolve the 'IT productivity paradox', nor the many misalignments between business and IT.
More then a decade ago, Rockart (1988) argued that business management needs to take charge of IT. Remenyi (1997) also indicates that line leadership is an absolute necessity, and placing business management as the principle stakeholder repositions the locus of responsibility for realizing IT value squarely where it should be, i.e., with the business. IT Governance effectiveness is only partially dependent on the CIO and other IT executives, and should be viewed as a shared responsibility and enterprise-wide commitment towards sustaining and maximizing IT business value (Figure 4).
Figure 4: Primary and Secondary Stakeholders in IT Governance (Peterson, 1998)
Developing business-IT leadership and IT competencies in business management is pivotal for IT Governance effectiveness and realizing business value with IT (Peterson, 2001; Weill & Broadbent, 1998). In essence, IT Governance relies on the capability of business executives at all levels to set the strategic business — including IT — agenda, understand the business capabilities — not the technicalities — of IT, and monitor business value appropriation from IT.
IT Governance Myth: IT Governance is Concerned with Organizing the IT Function
Traditionally, the IT function has been regarded as a single homogenous function. However, given the widespread proliferation and infusion of IT in organizations, involving, e.g., technical platforms, shared IT services centers, and local business-embedded applications, the notion of a single homogenous IT function is obsolete.
Weill and Broadbent (1998) indicate that contemporary organizations consist of a portfolio of different interdependent business functions and technical capabilities, some of which are allocated to different levels in the enterprise, and/or to third-party vendors. In discussing 'the new infrastructure', Weill and Broadbent (1998) graphically summarize the different IT functions in a portfolio of IT capabilities (Figure 5). IT capabilities are the organizational skills and knowledge that are essential to IT-enabled business transformation, and include IT infrastructure, and the competency to partner with business clients, executive management, dispersed and/or external IT specialists and vendors (Peterson, 2001).
Figure 5: IT Portfolio (Adapted from Weill & Broadbent, 1998)
The IT infrastructure is the base foundation of IT capabilities, delivered as reliable shared services throughout the organization, and centrally directed, usually by corporate IT management. The purpose of the IT infrastructure is to enable organization-wide data sharing and cross-business integration. The infrastructure capability describes the degree to which its resources are shareable and reusable. In contrast, local business-embedded applications are concerned with product/service specific needs in order to meet the changing demands of the business and its customers, usually directed by local business management. These applications utilize the infrastructure services and are built on the shared technical platforms.
IT Governance Myth: IT Governance is a New Form of 'Old-School' IT Management
Due to the enduring nature of IT Governance, and the perennial, often intractable problems associated with IT value delivery, some may draw the conclusion that IT Governance is simply a new form of 'old-school' IT management. However, although there may be a mere thin dotted line separating IT Governance from IT management, there is a fundamental difference between IT Governance and IT management that goes well beyond theory, which has profound implications for the design and effectiveness of IT Governance in practice.
Whereas the domain of IT management focuses on the efficient and effective supply of IT services and products, and the management of IT operations, IT Governance faces the dual demand of (1) contributing to present business operations and performance, and (2) transforming and positioning IT for meeting future business challenges (Figure 6). This does not undermine the importance or complexity of IT management, but goes to indicate that IT Governance is both internally and externally oriented, spanning both present and future time frames. One of the key challenges in IT Governance is therefore how to simultaneously perform and transform IT in order to meet the present and future demands of the business and the business' customers in a satisfying manner.
Figure 6: IT Governance and IT Management (Peterson, 2001)
The difference between IT Governance and IT management is akin to Parker and Benson's (1988) discussion of enterprise-wide information management, i.e., a shift in emphasis away from information technology, to the business/information relevance of IT. Whereas elements of IT management and the supply of (commodity) IT services and products can be commissioned to an external IT provider, IT Governance is organization-specific, and direction and control over IT cannot be relegated to the market.
IT Governance Myth: IT Governance Focuses on the (De)Centralization of IT
Acknowledging the rebuttal of the previous myth often leads to a fourth myth, i.e., IT Governance focuses on the locus of IT control, or where IT decision-making authority is allocated in the organization. The discussion on the formal allocation of IT decision-making as vested in organizational positions has led to much rhetoric and speculation on the 'best way' to organize IT Governance, and in the process has rekindled the classical 'centralization versus decentralization' debate. Yet, scholars have recently questioned whether the concept of IT Governance is simply about centralization or decentralization (Peterson et al., 2000; Sambamurthy & Zmud, 2000; Vitale, 2001; Whetherbe, 2001).
The keen reader will recognize that by building forth on the discussion of the previous three myths, the terms centralization and decentralization provide a dichotomy that is meaningless when employed as a generality to IT Governance. The centralization or decentralization can be applied to each of the main IT capabilities in the IT portfolio, yielding eight distinct patterns in IT Governance [2] [3] [4] [5]. In the first pattern, the corporate executive is responsible for IT infrastructure and IT development decisions, whereas (decentral) IT management is responsible for IT application decisions (Figure 7). In the second pattern, however, (decentral) business management is responsible for IT development and IT application decisions.
Figure 7: Example of Federal Patterns in IT Governance (Peterson et al., 2000)
The discussion of whether to centralize or decentralize IT Governance is based on a rational perspective of the organization, in which choices are reduced to one of internal efficiency and effectiveness (March & Simon, 1958). This view assumes a system of goal consonance and agreement on the means for achieving goals, i.e., rational and logical trade-off between (a) efficiency and standardization under centralization, versus (b) effectiveness and flexibility under decentralization (Figure 8). In general, it is assumed that centralization leads to greater specialization, consistency, and standardized controls, while decentralization provides local control, ownership and greater responsiveness and flexibility to business needs (Brown & Magill, 1998; King, 1983; Rockart et al., 1996). However, flexibility under decentralization may lead to variable standards, which ultimately result in lower flexibility, and specialization under centralization incurs risks due to bounded rationality and information overload (Mintzberg, 1979; Simon, 1961).
Design |
Centralized IT Governance |
Decentralized IT Governance |
Federal IT Governance |
---|---|---|---|
Drivers |
|||
Synergy |
+ |
- |
+ |
Standardization |
+ |
- |
+ |
Specialization |
+ |
- |
+ |
Customer responsiveness |
- |
+ |
+ |
Business ownership |
- |
+ |
+ |
Flexibility |
- |
+ |
+ |
Figure 8: Tradeoffs and the Best of Both
A socio-political view of IT Governance suggests that the debate concerning centralization versus decentralization is used to further the goals of specific organizational actors in a satisficing manner (Simon, 1961), in ways that might not help to meet organizational goals (Cyert & March, 1963). There are important differences among factions within organizations, leading to the presence of conflict and disagreement over organization goals and the means for achieving them. Consider, for instance, the notorious strategic conflicts between business and IT stakeholders. These stakeholders represent groups or individuals that influence, and are influenced by, strategic decisions regarding IT, and may thereby have different, often competing stakes in IT. Power struggles and cultural clashes are endemic to IT Governance, and the question is often 'whose way is it going to be?', rather than, 'which way is the best?'
The potential risk in contemporary business environments is that either centralization or decentralization fit the organization into a fixed structure. The challenge is therefore to balance the benefits of decentralized decision-making and business innovation and the benefits of central control and IT standardization. As Mintzberg (1979) points out, centralization and decentralization should not be treated as absolutes, but as two ends of a continuum.
Over the past decade, organizations have set out to achieve the 'best of both worlds' by adopting a federal IT Governance structure. In a federal IT Governance model, IT infrastructure decisions are centralized, and IT application decisions are decentralized (Brown & Magill, 1998; Rockart et al., 1996; Sambamurthy & Zmud, 1999; Weill & Broadbent, 1998). The federal IT Governance model thus represents a hybrid model of both centralization and decentralization. Across the Atlantic, a number of prominent companies in different industries have been actively experimenting with this relatively new model for IT Governance (Figure 9).
Figure 9: Examples of Leading Companies Adopting Federal IT Governance
Recall, for instance, the CIO's mission at Johnson & Johnson: to standardize systems, cut IT costs, and align the IT organization with business strategies, while simultaneously acknowledging the decentralized culture of the business divisions across different countries. The competing drives towards improving cost-efficiencies, but also business responsiveness, and IT standardization, yet also IT innovation, led the CIO at Johnson & Johnson to adoption and use of a federal IT Governance model (Alter, 2001; Scheier, 2001).
While the implementation of the federal IT Governance model has paid off for Johnson & Johnson (e.g., significant cost reduction, cheaper maintenance costs, eliminated duplicate IT developments, enhanced pharmaceutical R&D, improved time-to-market for new products, profit growth), and they have been able to develop unprecedented levels of cooperation between traditionally independent business units, it was a perilous and painstaking transformation.
Earlier attempts to (re-) centralize IT failed due to cultural barriers and business' resistance to change and relinquish of IT control. The CIO indicates that the federal IT Governance model is tricky to manage, and after commencing new IT Governance regime the CIO states (Alter, 2001; Scheier, 2001):
"It's hard getting all of Johnson &Johnson's businesses to go along with some of even the most benign changes in policy. Originally, we hoped to create a single, centralized strategy, but soon realized that only a federalized approach would work. We are too complex and independent from one business unit to the next to devise one strategy."
"I get '190 land mines' in any given day. Some business units, for example, try to convince me they can't adopt some corporate technology standards, or kick in their share of the cost for upgrades in infrastructure."
In sum, the federal IT Governance model is often easier contemplated than implemented. A federal approach towards IT Governance challenges managers in local business units to surrender control over certain business-specific IT domains for the well-being of the enterprise, and to develop business-to-corporate and business-to-IT partnerships. As the Johnson & Johnson case illustrates, this is a feat that many companies struggle with, especially considering the 'IT Governance legacy' large and complex organizations face.
Determinants of IT Governance Reviewing the Empirical Evidence
While the previous section discussed some of the myths regarding IT Governance and presented anecdotal cases concerning contemporary IT Governance practices, this section takes a more scientific view of IT Governance by reviewing the empirical data to date. Previous studies have sought an answer to the 'best way' of designing IT Governance, recognizing that this 'best way' is contingent upon internal and external factors (Brown & Magill, 1994; Sambamurthy & Zmud, 1999).
These studies examined the influence of various determinants, including organization size (Ahituv et al., 1989; Brown & Magill, 1994; Clark, 1992; Ein-Dor & Segev, 1982; Sambamurthy & Zmud, 1999; Tavakolian, 1989); business strategy (Brown & Magill, 1994; Peterson, 2001; Sambamurthy & Zmud, 1999; Tavakolian, 1989); and business governance structure (Ahituv et al., 1982; Brown & Magill, 1994; Peterson, 2001; Sambamurthy & Zmud, 1999; Tavakolian, 1989).
The cumulative of these empirical findings indicates that (Figure 10):
- Central IT Governance is associated with small-sized organizations following a cost-focused business (competitive) strategy, and characterized by a centralized business governance structure, environmental stability, low information-intensive business products/services, and low business experience and competency in managing IT.
- Decentral IT Governance is associated with large, complex organizations following an innovation-focused business (competitive) strategy, and characterized by a decentralized business governance structure, environmental volatility, high information-intensive business products/services and processes, and high business experience and competency in managing IT.
DETERMINANTS |
Centralized Model |
Federal Model |
Decentralized Model |
|
---|---|---|---|---|
Business strategy |
Cost-focus |
← |
→ |
Innovation-focus |
Business governance |
Centralized |
← |
→ |
Decentralized |
Firm size |
Small |
← |
→ |
Large |
Information-intensity |
Low |
← |
→ |
High |
Environment stability |
High |
← |
→ |
Low |
Business competency |
Low |
← |
→ |
High |
Figure 10: Determinants of IT Governance (Peterson, 1998)
But what type of IT Governance arrangement should a company adopt in the following (though hypothetical, certainly not unrealistic) scenarios?
Company A is a large bank focused on operational excellence and new product and service development, and whose business management, however, lacks the professional skills and knowledge to manage IT.
Company B is a small pharmaceutical company focused on product excellence, rapid innovation and quick commercialization, and whose business management is leading in IT innovation.
Company C is a large insurance company focused on achieving cost-efficiencies and providing customer value through customized products, and whose business management has developed the required competencies to manage IT projects.
Each of these scenarios describes a situation in which multiple contingency factors are active in determining IT Governance, yet provide conflicting solutions. Should Company A adopt decentral IT Governance because of its size and strategy? Yet, how does it reconcile this with the lack of business competency? Should Company B adopt central IT Governance because of its size? Yet, how does it combine this with its focus on innovation and business leadership? Should Company C decentralize due to size and customization, or should it centralize due to a focus on cost-efficiencies?
Although previous studies have increased our understanding of IT Governance determinants, they have failed to assess the multiplicity of these determinants. In practice, IT Governance models are influenced by many factors simultaneously, and determining the right structure is a complex endeavor. While traditionally IT Governance focused on either efficiency or flexibility, often in a sequential manner — recall the continuous pendulum swing of centralization and decentralization — currently, IT Governance faces the dual demands for (a) flexibility and speed, and (b) efficiency and reliability. The latter concern is of long standing, in which IT Governance was concerned with efficiency and cost reduction, often directed at the operational level. Subsequently, IT Governance focused on managing IT as a strategic resource, in which the primary aim was to align IT with the business strategy in order to gain competitive advantage. Having emerged from both practices with ambiguous results and experiences, executives are recognizing the need to meet the demands for both (a) delivering customized, high quality IT products and services, and (b) compressing costs, risks and time in order to meet business needs in an efficient, reliable and effective manner.
Consider, for instance, the case of Johnson & Johnson. The competing drives towards improving cost-efficiencies but also business responsiveness, and IT standardization, yet also IT innovation, led Johnson & Johnson to adopt a federal IT Governance model. The complexity (size and span) of this organization would dictate a decentralized approach, which was the traditional IT Governance approach. Yet, the need to cut costs, standardize IT, and improve IT performance led Johnson & Johnson to centralize IT infrastructure decisions. Thus, the case of Johnson & Johnson illustrates how IT Governance is subject to the pulls and pressures of multiple, rather than singular, contingency forces.
Recent empirical evidence indicates that organizations adopt federal IT Governance when pursuing multiple competing objectives (Peterson, 2001; Sambamurthy & Zmud, 1999). Due to the relentless pace and unpredictable direction of change in contemporary business environments, it should be no surprise that many organizations need to focus on both standardization and innovation, and in the process have adopted a federal IT Governance model.
Strategic Flexibility The New Enterprise Logic
Business has embarked on a new era of competition that is faster, more turbulent, and increasingly global and digital, simultaneously requiring relentless cost-efficiencies as well as the flexibility to find new ways to innovate and create value. It is no secret that the contemporary business landscape is characterized by (D'Aveni, 1999; El Sawy et al., 1999):
- Time and cost compression in product-life and design cycles;
- Accelerating technological advancements;
- Fickle customer loyalty;
- Tailored, knowledge-intensive products and services;
- Unexpected entry by new competitors, and repositioning of incumbents;
- Redefinition of industry and organizational boundaries; and
- Global market volatility.
As the mosaic of these developments transpires simultaneously in unpredictable patterns, organizations face significant uncertainty and ambiguity in determining their strategic direction. Organizations operating in turbulent fields experience competing goals and performance demands, including, e.g., pressures to innovate and customize products and services, improve levels of responsiveness and speed, and increase productivity and efficiency (Daft, 1998; Mintzberg, 1979). These competing demands cause conflicting contingencies, which are endemic to complex open social systems and require both exploitation and exploration strategies (March, 1991).
Exploitation strategies involve taking advantage of what is already known, i.e., cashing in on the investments made in existing capabilities. Exploration strategies, on the other hand, involve the creation of new knowledge and capabilities. Whereas exploitation builds forth on the efficient supply of extant products and services, exploration is geared at developing new products and services in order to meet changing and ambiguous environmental demands (March, 1991). Organizations must determine the proper balance between these competing strategies for developing capabilities and preserving organizational conditions. Thus, turbulent environments require the ability to explore new opportunities effectively, and exploit existing opportunities efficiently.
Contemporary organizations do not have single goals, and face multiple, often conflicting, contingencies. The 'low-cost versus differentiation' dichotomy (Porter, 1980) is currently fallacious, as organizations are effectively pursuing both strategies simultaneously in order to meet the competing demands of volatile global electronic markets. D'Aveni (1999) concludes that under these conditions, there is no sustainable competitive advantage based on either a low-cost strategy or a differentiation strategy. Companies can only build temporary advantages in order to sustain strategic momentum through a series of initiatives, rather than achieve 'fit' with the external environment.
Instead, companies need to adopt simultaneous strategic thrusts, in rapid and surprising manners, in order to offset competitors and satisfy customer needs (D'Aveni, 1999). Adopting simultaneous strategic thrusts requires an organization to focus on multiple value-creating drivers, involving excellence in business operations, product development, and customer service delivery (Figure 11). Market leaders focus on at least one value driver, and meet a minimum threshold of competence in the other two (Treacy & Wiersema, 1995).
Figure 11: Complementary Value-Creating Drivers (Adapted from Treacy & Wiersema, 1995)
Avnet Inc. is a perfect example of how market leaders are transforming towards meeting multiple value drivers (El Sawy et al., 1999). In 1991, Avnet Inc., then Marshall Industries, realized that customers wanted products and services at the lowest possible cost, highest possible quality, greatest possible customization, and fastest possible delivery time. Avnet Inc. recognized that they needed to focus on all three value drivers. They realized that it was no longer adequate to think of operational excellence in terms of cost of individual transactions, and expanded that to include the total cost of value-added services (El Sawy et al., 1999). Avnet Inc. also focused on product excellence by enhancing product features, customization, and the anticipation of future needs. Service excellence was also improved by 24x7 services, reduced delivery time, and reduced time-to-market for customers' products (El Sawy et al., 1999).
Empirical studies indicate that value-creating organizations have learned to master more than one value driver (Boynton, 1993; Buenger et al., 1996; Khandwalla, 1976; Miller & Friesen, 1978; Peterson, 2001; Quinn & Rohrbaugh, 1983; Quinn et al., 2000; Treacy & Wiersema, 1995). Organizations learn to manage the conflicting pulls by becoming 'bi-focal', and recognize the requisite complementary — not competing — nature of value creation.
In order to satisfy complementary value-creating drivers, an organization should have a variety of capabilities at least as great as the demands and disturbances in the environment (Ashby, 1956; Hitt et al., 1998). Consequently, organizations develop a repertoire of competencies to respond to and influence their external environment. Whereas in the 70s and 80s organizations would integrate vertically, today organizations have recognized the need to focus on their core competencies. Yet, continuous differentiation leads to fragmentation, unless a corresponding process of integration complements it. The uncertainty and ambiguity associated with the complex of external demands and differentiated capabilities creates the need for integration to achieve clarity of direction and unity of purpose in responding decisively and swiftly (Lawrence & Lorsch, 1969; Hitt et al., 1998; Venkatraman, 2000).
The concentration on core competencies in the early 1990s, and the recent focus on (inter- and intra-) organizational collaboration are exemplary of the need to both differentiate and integrate in turbulent environments. Focusing on core competencies alone leads to a situation of professional disconnectedness, whereas collaboration without core competencies only provides for administrative coupling (Peterson, 2001). Value-creating organizations thus focus on both their core competencies and strategic collaboration (Figure 12). The degree to which organizations can achieve this is a measure of an organization's strategic flexibility, i.e., developing differentiated capabilities to pro-act in an integrated manner to unanticipated changes (Hitt et al., 1998). Organizations improve their chances of success and survival in a turbulent environment by creating strategic flexibility that gives them the ability to pursue alternative courses of actions in response to unexpected environmental conditions.
Figure 12: Strategic Flexibility— The New Enterprise Logic (Peterson, 2001)
Strategic flexibility in a turbulent and competitive business environment requires organizations to be dynamically stable (Marchand, 2000). Organizations need to simultaneously develop a variety of differentiated capabilities in order to serve a range of changing customer and market demands, and integrate these for developing joint expertise and providing direction (Hitt et al., 1998; Nadler & Tushman, 1998). The underlying enterprise architecture is an interconnected network of differentiated strategic capabilities in which IT is an integral part, wherein the interdependency between IT and business is intensely reciprocal. Consequently, the efficiency and flexibility with which IT capabilities are infused in the enterprise architecture become business critical. The business imperatives of strategic flexibility and dynamic stability thus require the business of IT to:
- Develop and deliver applications that facilitate business responsiveness to customer demands in a rapid and efficient manner;
- Provide cost-effective, scalable infrastructures and operations that enable cycle time improvement and streamlined, enterprise-wide business processes; and
- Add value to the enterprise by focusing on operational excellence, product excellence, and service excellence.
Similar to the business enterprise, IT needs to develop distinct strategic capabilities in order to satisfy multiple value drivers (Figure 13). The primary value drivers for IT focus on service delivery, solution integration and strategic innovation (Feeny & Willcocks, 1998; Sambamurthy & Zmud, 2000; Peterson et al., 2000).
Figure 13: Primary IT Value Drivers (Peterson et al., 2000)
Value-adding IT organizations focus and channel energy at excelling in a specific dimension, yet maintain threshold standards on the other performance dimensions. The strategic importance of measuring different performance criteria for IT has also been recognized in the development of a 'Balanced Scorecard' for IT (Van Grembergen & Bruggen, 1997). IT organizations today cannot afford to focus on service delivery at the expense of solution integration, or vice versa. Furthermore, strategic innovation is difficult, if not impossible, to achieve without some base-line performance in service delivery and solution integration.
In terms of cause-effect relationships, strategic innovation is the value link between IT performance and business performance. Whereas service delivery and solution integration provide the foundation for strategic innovation, the latter provides the strategic IT capability for operational, product and/or service excellence. Moreover, it is pivotal that key stakeholders involved in IT Governance recognize the multiplexity of value drivers, and develop a shared understanding of the value of IT (Figure 14).
Figure 14: IT Value Drivers— An Integrated Perspective (Peterson et al., 2000)
Similar to the business, the new enterprise logic for the IT business is based on developing the agility and flexibility to sense and respond to existing and emerging demands in an integrated and proactive manner (Peterson, 2001). The challenge for IT Governance is then, as discussed earlier, how to simultaneously perform and transform IT in order to meet the present and future demands of the business in a satisfying manner. Thus, the IT business also needs to manage the balance between exploitation and exploration.
Consequently, the IT business also needs to transform. Analogous to the business, IT requires a dynamically stable organizational architecture to deliver value to the business, i.e., stable enough to exploit IT capabilities for service delivery and solution integration, and sufficiently dynamic to explore new value innovation opportunities. Consistent with the 'law of requisite variety' (Ashby, 1956), the IT business should have a variety of capabilities at least as great as the demands and disturbances in the business enterprise environment.
The business of IT has indeed experienced a fundamental transformation over the past few decades. In the 1950s, accounting and controller departments mainly used electronic computers. Some of these departments were centralized, while others were decentralized, and decision-making defaulted to those departments that made use of the technology. The benefits gained from automating the business's processes and functions led most organizations to integrate and centralize their technologies in the 1960s and 1970s. Specialists skilled in a number of hardware and software fields were required, and often reported to a central IT group. This central or corporate IT group primarily served a manufacturing role in a function-oriented organization with different functional IT departments, e.g., development, operations and technology (Figure 15).
Figure 15: Transformation of the IT Organization (Peterson, 1998)
By the mid 1980s, both the business and IT environments had changed significantly. Business markets became more complex and competitive. Businesses adopted divisional structures, each with their own products and market services, and concurring responsibilities and accountabilities. The proliferation of IT also became more complex with the dispersion of IT to the business units. Local IT managers were given authority over IT in order to respond to the local needs of the business in the competitive environment.
In the early 1990s, as companies experienced the demise of traditional geographic and business boundaries, and the emergence of 'the new infrastructure' (Weill & Broadbent, 1998), IT was again resorted to a central IT group. The title and function of CIO emerged on organizational charts, and many organizations were characterized by both a corporate IT department, often led by a CIO or IT director, and several local IT departments, often still functionally organized. During this period, IT organizations also began to see the benefits of employing a process-based IT organization (Figure 15), and reengineering IT around value added process, both upstream (e.g., source IT, manage IT investment) and downstream (deploy IT applications, deliver IT services, manage customer relations).
Consider, for instance, the transformation of British Petroleum IT's function. In 1989, the IT function set out to transform itself, in line with its mission to "...become the best in class in its support of BP's goal to be the best upstream company in the world" (Cross et al., 1997). They supported this mission by changing their direction, with the explicit purpose of moving from "system provider" to "infrastructure planner". By 1994, the IT function was truly an "infrastructure planner", overseeing technical integrity and value creation through information sharing. Although some IT resources remain in the local businesses, the top IT management team provides global vision for infrastructure planning (Cross et al., 1997).
Today, a new transformation is transpiring. IT organizations are transforming toward a 'core-peripheral' organization design, in which the IT infrastructure is directed by Corporate IT management, and local business applications are managed by business or IT management. At the 'core' of the organization, IT infrastructure decisions are centralized and allocated to the corporate unit, whereas IT application decisions are decentralized and allocated to the different operational business units at the organization 'periphery'. This Network IT Enterprise (NITE) is built around solution integration delivery (SID) teams that focus on the needs of the business, and contracts with external service providers (xSPs). The (internal) SID and (external) SP components 'hover' around a center that manages and provides core IT competencies (e.g., IT services and IT skills). NITE resembles the enterprise architecture in contemporary organizations, and embodies the principles of strategic flexibility and dynamic stability.
A good example of NITE is found at Verizon Communications Inc., one of the world's largest investors in global communications markets. Verizon Communications, formed by the merger of Bell Atlantic and GTE, is a leading provider of communications services. Verizon companies are the largest providers of wireline and wireless communications in the US, with nearly 134 million access line equivalents and more than 29 million wireless customers. Verizon is also the world's largest provider of print and online directory information. With more than 247,000 employees and $67 billion in 2001 revenues, Verizon's global presence extends to 45 countries in the Americas, Europe, Asia and the Pacific.
In 1996, Verizon (then Bell Atlantic) adopted a core-peripheral design in molding a network IT enterprise. The NITE at Verizon reflects a 'centers of excellence' (CoE) approach (Figure 16), in which roles and processes are differentiated for conceptualizing IT applications, delivering IT services and building the requisite IT competencies (Clark et al., 1997). The implementation of NITE has enabled Verizon to develop a flexible IT organization focused on IT-based value innovation.
Figure 16: Verizon's NITE (Adapted from Clark et al., 1997)
Discussion
In retrospect, comparing the empirical evidence on IT Governance with the new business imperatives of strategic flexibility and dynamic stability, it is clear how and why the federal IT Governance model has emerged as the dominant design in contemporary organizations. Already forecasted by Zmud et al. (1986), different studies indicate that this federal model is the dominant IT Governance practice in contemporary organizations (Feeny et al., 1989; Hodgkinson, 1996; Sambamurthy & Zmud, 1999). The federal model is also propagated as the best model, 'capturing the best of both — centralized and decentralized — worlds' (Von Simson, 1990). Rockart et al. (1996) describe the federal model as one of the fundamental imperatives of IT in the late 1990s, and urge organizations to adopt the federal model, regardless of organizational contingencies. Recently, Earl (2000) argues that every company needs to build a degree of IT federalism.
From a strategic perspective, both business and IT are facing multiple, competing objectives to reduce costs, standardize, innovate and provide customer value. From an organizational perspective, the enterprise architecture is characterized by a dynamic network of integrated business-IT capabilities (Figure 17). The federal IT Governance model, by dividing direction and control over IT between central and local offices, across different business and IT constituencies, creates a structure that is consistent with the enterprise architecture, i.e., both stable and dynamic, and enables IT-based strategic differentiation of the business.
Figure 17: Evolution of Value Drivers, Enterprise Architectures and the Governance of IT (Peterson, 2001)
However, some researchers have recently questioned whether 'the truth' regarding IT Governance is still out there. Is the federal IT Governance model really where the buck stops? Is dividing the locus of IT decision-making authority the answer in our quest for IT value?
Peppard and Ward (1999) state that while appealing at present, the federal IT Governance model is more of a theoretical construction than a direct practical solution. The problem, according to Sauer and Yetton (1997), is that on the surface, the federal model seems to provide a solution to the competing demands of corporate efficiency and business flexibility. However, the structure it creates depends on IT managers ensuring that activities of the different business units, which have competing interests, are integrated across the organization. The reality is that local IT units tend to be 'captured' by the goals of the business unit, while the central IT unit tends to become divorced from the business (Sauer & Yetton, 1997).
Sambamurthy and Zmud (2000) argue that there are some signs that the accumulated wisdom on IT Governance might still be inadequate. Further, Peterson (1998; 2001) states that our understanding of IT Governance is not only inadequate, it is incomplete. To cite Simon (1960), the current federal IT Governance model is like designing an unreliable ship with risky steersmanship:
"…there is no use in one group of experts producing the hull, another the design for the power plant, and a third the plans for the passenger quarters, unless great pains are taken at each step to see that all these parts fit a seaworthy ship."
[1]Two exceptions and noteworthy initiatives undertaken to address the development of a cumulative body of knowledge and skills are the organization of a special 'IT Governance research track' at the 35th Hawaii International Conference on System Sciences (2002), and the IT Governance Institute™, established by the Information Systems Audit and Control Association ISACA™ in 1998.
[2]Theoretically, there are eight distinct federal patterns in IT Governance (excluding the completely centralized and the fully decentralized IT Governance model).
[3]IT application decisions address applications prioritization and planning, budgeting, and the delivery of application services.
[4]IT development involves blending knowledge of business processes and functions with IT infrastructure capabilities along the complete IT systems development life cycle.
[5]In a federal IT Governance model, enterprise IT infrastructure decisions are always allocated to a central corporate IT office. IT infrastructure decisions address the hardware/software platforms, network and data architectures, and the standards for procurement and deployment of IT resources.
Designing Effective IT Governance Architectures
In this section, the fundamental IT Governance problmatique is addressed, and architectural solutions are discussed. Specifically, this section describes how and why our current framing of IT Governance is incomplete, and needs a fundamentally different approach, and how strategic risks can be mitigated through effective IT Governance architectures, and integration strategies and tactics. This section concludes by discussing the need to align IT Governance architectures with value drivers and enterprise architectures.
Federal IT Governance What is Wrong with this Picture?
In The Blind Men and the Elephant, American poet John Godfrey Saxe (1816–1887) retells an ancient Indian fable of six blind men who visit the palace of the Rajah and encounter an elephant for the first time (Figure 18). The first blind man put out his hand and touched the side of the elephant: "How smooth! An elephant is like a wall." The second blind man put out his hand and touched the trunk of the elephant: "How round! An elephant is like a snake." The third blind man put out his hand and touched the tusk of the elephant: "How sharp! An elephant is like a spear." The fourth blind man put out his hand and touched the leg of the elephant: "How tall! An elephant is like a tree." The fifth blind man reached out his hand and touched the ear of the elephant: "How wide! An elephant is like a fan." The sixth blind man put out his hand and touched the tail of the elephant: "How thin! An elephant is like a rope."
Figure 18: Framing Federal IT Governance
Although a well-known, simple story, the morale of this ancient Indian fable applies equally well to IT Governance, and in particular, the federal IT Governance model. Much like an elephant, or any other large living organism, the federal IT Governance model is a complex system, involving different stakeholder constituencies with specific perceptions, views and motivations. Similar to the blind men, these stakeholders have specific stakes and responsibilities in governing IT. This is especially the case with federal IT Governance, in which corporate executives are focused on creating enterprise-wide synergies, standardizing IT, and controlling the IT infrastructure, whereas local business and IT managers are concerned with improving flexibility and responsiveness to business-specific problems and opportunities. Though each constituency may be correct in pursuing their own strategic objectives, their 'blinded' focus impedes effective governance of IT.
While research insists on the dominance and importance of the federal IT Governance model, previous studies have failed to specify how and which of the eight distinct patterns of federal IT Governance are adopted, and under what circumstances these distinct patterns are effective. The federal model is not a single design, but consists of different patterns in dividing IT decision-making authority (Figure 18). Furthermore, the federal IT Governance model introduces a 'new division', in which the decision-making actions of individual units are divided, thus becoming interdependent, thereby requiring coordination, especially considering the dynamic task environments. Previous studies, however, assume that once IT decision-making is allocated to corporate executives, business management, and IT management, coordination will follow automatically through hierarchical lines of reporting. Thus, while previous studies focus on the differentiation of decision-making for IT, they do not address the integration of decision-making for IT.
In terms of Mintzberg (1979), previous studies address the division of responsibilities, but fail to take into account coordination to accomplish activities. Lorsch and Lawrence (1970) state that the real difference between centralization and decentralization is much more complex than patterns of decision-making:
"Another shortcoming in the traditional views about centralization and decentralization is a failure to recognize that the issue is really one of a vertical division of labor and coordination. Therefore, it is not just a question of dividing responsibility up and down the hierarchy, but it is also a question of organizing the flow of information and coordinating devices. If these labels are to capture the realities of how complex organizations operate, they must refer to systems of organizational variables which include division of work and differentiation; the integration among divisions and the headquarters; the types of integrative structural devices used, as well as the information flows and decision-making processes operating within the organization."
Although this discussion may seem utterly theoretical and outdated, consider the symptoms and strategic risks associated with the lack of integration in companies today (Figure 19), involving not only internal IT troubles, but moreover, major business tribulations.
Symptoms and Strategic Risks |
|
|
|
Figure 19: Symptoms and Strategic Risks Associated with the Lack of Integration (Peterson, 2001)
To create value for the business and mitigate strategic risks, IT Governance should have a variety of capabilities at least as great as the demands posed by the multiplicity of value drivers. Consequently, IT Governance requires a fusion of different business and IT competencies, involving both corporate executives and business and IT management. However, the differentiated fusion of business and IT competencies leads to fragmentation, unless there is a corresponding balanced process of integration. The complexity associated with the multiplicity of value drivers and stakeholder constituencies creates the need for integration to achieve clarity of direction and unity of purpose in governing IT effectively (Peterson, 2001).
The organizing logic is similar to that of the enterprise, albeit at a different level of governance. Whereas the enterprise logic focuses on core competencies and strategic collaboration at the inter-organizational level, the organizing logic for IT Governance focuses on the differentiation and integration of IT decision-making and monitoring at the intra-organizational level (Figure 20).
Level of Governance |
Design Logic |
|
---|---|---|
Inter-Organizational |
Core Competency |
Strategic Collaboration |
Intra-Organizational |
Differentiation |
Integration |
Figure 20: Design Logic at Different Levels of Governance
In the past, however, there has been a strong bias toward defining and designing IT Governance in a disjointed manner, i.e., reductionism. This predisposition is often instilled upon us — both executives and researchers — through years of professional education and indoctrination. We have been taught, especially in Western cultures, when faced with a complex problem, to divide the problem into smaller pieces, and solve each piece separately. This 'divide-and-conquer' mentality prevails in much problem-solving in both business and information systems communities (e.g., IT business investment processes, IT program management, algorithm design). However, solving each piece of the problem does not address the complete problem, i.e., addressing subsystems sequentially or in parallel is no guarantee that the supra-system will function effectively (Von Bertalanffy, 1968). The classic Indian parable thus illustrates the need for a holistic systems view of IT Governance.
Designing Effective IT Governance Architectures
A holistic systems [6] view emphasizes the need to view IT Governance as a complex open social system interacting with its environment, and consisting of a set of interdependent subsystems that produce a purposeful whole (Peterson, 2001). Complex systems are characterized by reciprocal interdependence (Thompson, 1967), in which decisions made by subunits are mutually dependent and influential, thereby increasing the need to exchange information. In complex governance systems, each decision-making unit presents direct decision contingencies for every other unit (Lorsch & Lawrence, 1970). Interacting subsystems in a social system imply that stakeholders are interdependent and need to work together in a coordinated fashion to achieve objectives. A systems thinking approach towards IT Governance acknowledges its complex and dynamic nature, and underscores the importance of personal mastery and mental models, and team learning and shared vision (Senge, 1990).
The systems logic underlying governance is the division and coordination of decision-making in order to direct the operational system towards the realization of the goals of the organizational system (Simon, 1961). This systems logic is the foundation for Organization Design Economics [7]. The design logic of organizing revolves around the processes of (a) division of labor into various tasks to be performed, and (b) coordination of these tasks to accomplish the activity and achieve the organization's goals. Thompson (1967) describes the basic logic of organizing in the following manner:
"By delimiting tasks, responsibilities and other matters, organizations provide their participating members with boundaries within which efficiency may be achieved. But if structure affords numerous spheres of bounded rationality, it must also facilitate the coordinated action of those interdependent elements."
In terms of IT Governance, and specifically the 'new division' of federal IT Governance, this involves centralizing and decentralizing specific aspects of the IT portfolio. In order to achieve the organization's objectives, IT Governance also needs to integrate these different aspects of the IT portfolio across the principle stakeholders, i.e., corporate executives, IT management and business management.
The manner in which responsibilities and accountabilities for the IT portfolio are organized and integrated is defined as an IT Governance architecture. An IT Governance architecture describes the differentiation and integration of strategic decision-making for IT (Peterson, 2001). The IT Governance architecture specifies the strategic policies and business rules that provide direction to strategic IT decision-making, and plots a path for achieving business objectives (Weill & Broadbent, 1998). Designing an effective IT Governance architecture is thus dependent on both the differentiation and integration of strategic decision-making for IT (Peterson et al., 2000). However, whereas executives and scientists have been keen to adopt and propagate a federal model of IT Governance, i.e., differentiate IT decision-making, following through on integration has been somewhat undermined and still remains a challenge.
Traditionally, organizations and IT Governance relied on the hierarchy and standardization for coordination. Hierarchy or vertical coordination describes the hierarchical referral of infrequent situations for which standardized programs have no solution (Galbraith, 1973). The hierarchy achieves coordination by having one person (e.g., CIO-Chief Information Officer) take responsibility for the work of others, issuing instructions and monitoring actions (Figure 21). If the hierarchy gets overloaded, additional levels or positions can be added to the hierarchy (e.g., DIOs-Division Information Officers). Standardization or coordination by plan, on the other hand, describes the use of standard programs, formal rules and procedures, and the specification of outputs, goals and targets (Galbraith, 1973; March & Simon, 1958). The adoption and use of Balanced Scorecard methodologies (BSC) and service level agreements (SLAs) are typical examples of how contemporary organizations coordinate by plan (Peterson & Ribbers, 2002).
Figure 21: Example of Vertical Coordination and Coordination by Plan in IT Governance
Vertical coordination and standardization, however, only provide limited coordination capability in complex and uncertain environments (Daft, 1998; Galbraith, 1973, 1994; Mintzberg, 1979). With the profusion of electronically-enabled, globally-operating organizations characterized by a multiplicity of value drivers in a dynamic network of strategic capabilities, the best CIOs, DIOs, BSCs and/or SLAs will not suffice in designing effective IT Governance architectures. Instead, IT Governance needs to focus on lateral coordination capabilities.
Traditionally described as 'informal mutual adjustment' (March & Simon, 1958; Thompson, 1967), lateral coordination and horizontal relationships represent the most significant contemporary development in practice and theory. Lateral coordination has recently been rediscovered as a strategic organizational capability for competing in contemporary hyper-competitive environments (Galbraith, 1994; Hitt et al., 1998). In turbulent environments, performance is driven by an organization's resources that are valuable and unique (Collis & Montgomery, 1995). From a resource-based perspective, lateral coordination is a resource that is hard to imitate, cannot be purchased, and is time-dependent and socially complex (Hitt et al., 1998; Powell, 1992).
How, then, can organizations develop this requisite lateral coordination capability, and what (horizontal) integration mechanisms should be used for governing IT effectively?
Integration Strategies and Tactics for IT Governance
Integration strategies for IT Governance can be classified according to two dimensions. Vertically, integration mechanisms can focus either on integration structures or integration processes, whereas horizontally, a division is made between formal positions and processes, and relational networks and capabilities (Peterson, 2001). Collectively, this provides four types of integration strategies for IT Governance (Figure 22):
- Formal integration structures;
- Formal integration processes;
- Relational integration structures;
- Relational integration processes.
Figure 22: Integration Strategies and Tactics for IT Governance (Peterson, 2001)
Formal integration structures involve appointing IT executives and accounts, and institutionalizing special and standing IT committees and councils. The use of account and/or relationship managers aid IT managers to develop an improved understanding of business needs, and aid in proactive — versus reactive — behavior by IT managers (Peterson, 2001). Committees and/or executive teams can take the form of temporary task forces — e.g., project steering committees — or can alternatively be institutionalized as an overlay structure in the organization in the form of executive or IT management councils (Figure 22). Committees vary in the degree to which they have an advisory function or have formal decision-making authority. Advisory steering committees are also referred to as advisory, review or guidance committees. Contrary to specialized task forces, steering committees and advisory boards bring together different stakeholders on a relatively permanent basis for resolving Business/IT decision-making questions and problems.
Formal integration processes describe the formalization and institutionalization of strategic IT decision-making/monitoring procedures and performance. Formal integration processes vary with levels of (Peterson, 2001):
- Comprehensiveness: the degree to which IT decision-making/monitoring activities are systematically and exhaustively addressed, i.e., (1) the identification and formulation of the business case and/or 'business rationale' for IT decisions, (2) the prioritization and selection of business-IT course-of-action, and (3) monitoring and evaluating of IT decision-implementation and IT performance (Parker & Benson, 1988; Luftman & Brier, 1999; Willcocks, 1996).
- Formalization: the degree to which IT decision-making/monitoring follows specified rules and standard procedures, often embedded in formalized decision-making methodologies and management frameworks (e.g., BITS-Balanced IT Scorecard, SAM-Strategic Alignment Model, CSF-Critical Success Factors, and/or IE-Information Economics, etc.).
- Integration: the degree to which business and IT decisions are integrated, i.e., (1) administrative integration, in which budgets and schedules are pooled between business and IT, (2) sequential integration, in which business decisions provide directions for IT decision-making, (3) reciprocal integration, in which business and IT decisions are mutually influential, and (4) full integration, in which business and IT decisions are made concurrently in the same process (Teo & King, 1999).
Whereas the foregoing formal integration mechanisms tend to be mandatory, tangible, and often implemented in a 'top-down' manner, relational integration mechanisms are 'voluntary actions', which cannot be programmed and/or formalized, and which are often intangible and tacitly present in the organization (Peterson, 2001). Kahn and McDonough (1997) refer to integration as a composite of interaction and collaboration. Interaction describes the formal structures and processes used for information-exchange and communication, whereas collaboration is described as the affective, participative and shared element of integration, corresponding to a willingness to work together. Galbraith (1994) and Malone and Crowston (1994) describe these levels as a layered system of successively deeper levels of coordination, i.e., higher levels of lateral coordination capability (Figure 23). Recent evidence indicates that while formal integration mechanisms are necessary, they are insufficient for designing effective IT Governance architectures in competitive environments (Peterson et al., 2000).
Figure 23: Operationalization of Integration Strategies and Tactics for IT Governance (Peterson et al., 2000)
Relational integration structures involve the active participation of and collaborative relationships between corporate executives, IT management, and business management. Central to relational integration is the participative behavior of different stakeholders to clarify differences and solve problems in order to find integrative solutions. The ability to integrate relationally allows an organization to find broader solutions, and unleashes the creativity involved in joint exploration of solutions that transcend functional boundaries and define future possibilities (Peterson, 2001).
Relational integration structures are characterized by their participative and shared nature. Participation is a process in which influence is exercised and shared among stakeholders, regardless of their formal position or hierarchical level in the organization. Active stakeholder participation balances the involvement of business and IT communities in information processing, decision-making and problem-structuring/solving (Peterson, 2001). Collaboration integration refers to a close, functionally interdependent relationship in which organizational units strive to create mutually beneficial outcomes. Henderson (1990) describes this as a strategic partnership that reflects a working relationship of long-term commitment, a sense of mutual collaboration, and shared risks and benefits. Mechanisms that facilitate relational integration include joint performance incentives and rewards, co-location of business and IT managers, and the creation of 'virtual meeting-points' for business and IT managers (Peterson et al., 2000; Ross et al., 1996; Weill & Broadbent, 1998).
Relational integration processes describe strategic dialogue and shared learning between principle business and IT stakeholders. Strategic dialogue involves exploring and debating ideas and issues in depth prior to decision-making or outside the pressure of immediate IT decision-making (Van der Heijden, 1996). A strategic IT dialogue incorporates a wide range of initially unstructured business perspectives and IT views, and involves rich conversation and communication to resolve diverging perspectives and stakeholder conflicts. Conflicts are resolved through the use of active and passive resolution strategies. Active conflict resolution involves confrontation and competition strategies, whereas passive conflict resolution involves avoidance and smoothing-over strategies, i.e., conflicts remain and are not explicitly resolved (Lawrence & Lorsch, 1969; Robbins, 1994).
Shared learning is defined as the co-creation of mutual understanding by members of organizational subunits of each other's goals and objectives (Peterson, 2001). The essence of organizational coordination capability is the integration of domain-specific expertise and tacit knowledge. Shared learning is developed when people in close collaboration enact a single memory, with differentiated competencies and responsibilities (Weick & Roberts, 1993). Shared learning resides in specialized relationships among stakeholders, and in particular, the information flows and decision-making processes that shape their dealings with each other (Lorsch & Lawrence, 1970). Parker et al. (1997) argue that identifying acceptable solutions to ambiguous problems in complex and dynamic environments requires the collaboration of different stakeholders, working with different paradigms, and offering different insights. Shared learning is inherently dynamic, and results in coordinated decision-making and collaborative relationships, which are particularly relevant and beneficial when the need for reliability is high, and decision-making is non-routine, involving interactive complexity, i.e., the combination of complex interpersonal interactions with a high degree of interdependence (Weick & Roberts, 1993).
Research indicates that when business and IT managers understand each other's perspectives in IT decision-making, they can accurately interpret and anticipate actions, and coordinate adaptively (Peterson, 2001). Within the context of IT Governance, shared learning describes the mutual understanding of business and IT objectives and plans by business and IT executives (Reich & Benbasat, 1996; Weill & Broadbent, 1998). Mechanisms that support shared learning include strategic dialogues between business and IT executives, cross-functional business-IT training, and cross-functional business-IT job-rotation/transfers (Luftman & Brier, 1999; Peterson et al., 2000; Ross et al., 1996; Weill & Broadbent, 1998).
Discussion
Designing an effective IT Governance architecture is dependent on both the differentiation and integration of strategic decision-making for IT. Whereas differentiation focuses on the distribution of IT decision-making rights and responsibilities among different stakeholders in the organization, integration focuses the coordination of IT decision-making/-monitoring processes and structures across stakeholder constituencies. The notion of an IT Governance architecture emphasizes the need to define and control the interfaces between the separate components of the IT Governance system. Designers of IT Governance architectures thus need to consider and implement integration strategies and tactics for governing IT effectively.
Contrary to the IT Governance evolution described earlier in this chapter (e.g., Figure 17), the governance of IT has evolved not only from a monolithic toward a differentiated structure, but moreover, towards an integrated system of differentiated business and IT capabilities. Similar to the enterprise architecture, but then at a 'micro-level', an IT Governance architecture resembles a dynamic network of strategic capabilities for directing and controlling IT in line with the business, and the business' objectives. Embedding the IT Governance architecture in the enterprise architecture, and aligning IT Governance with IT value drivers enables an organization to realize its business value drivers (Figure 24). Effective IT Governance architectures should be consistent with the enterprise architecture and IT value drivers, whereas enterprise architectures and IT value drivers should be in sync with business value drivers (Peterson, 2001). Given the multiplexity of value drivers and the dynamic stability of the enterprise architecture, aligning value drivers, enterprise architectures and IT Governance architectures is inherently dynamic.
Figure 24: Aligning Value Drivers, Enterprise Architectures and IT Governance Architectures (Peterson, 2001)
The key question which then arises is, of course, how do we — executives and researchers — know whether an IT Governance architecture is effective, and what measures can be taken to redesign and improve the effectiveness of the IT Governance architecture? In the next section, this challenging question is addressed.
[6]The systems view (Ashby, 1956; Von Bertalanffy, 1968) is based on cybernetic principles (Wiener, 1956), which draws upon the Greek word Kubernesis — steersmanship, the task of keeping a ship on its course in the midst of unexpected changing circumstances.
[7]Organization Design Economics is an interdisciplinary field of study based on the work of, e.g., March & Simon, 1958; Cyert & March, 1963; Lawrence & Lorsch, 1967, 1969; Thompson, 1967; Galbraith, 1973, 1994; Daft & Lengel, 1984; 1986; Williamson, 1996; Malone & Crowston, 1994; Hitt et al., 1998; Nadler & Tushman, 1998.
Diagnosing IT Governance Effectiveness
In this section, the design of a measurement system for diagnosing IT Governance effectiveness is discussed. In the following sections, the rationale and foundation for an IT Governance diagnostic is described. This section presents the IT Governance diagnostic model, and discusses how it can be used to diagnose and track IT Governance effectiveness.
Motivation and Methodology
A critical part in designing effective IT Governance architectures is devising a measurement system to assess and affect IT Governance effectiveness. However, while our descriptive knowledge of IT Governance has increased dramatically over the past three decades, prescriptive actions with regard to designing effective IT Governance architectures are scant. Recently, Weill and Vitale (2002) indicate that executives moving into e-business should examine their IT Governance and determine whether IT Governance encourages the necessary communication and control of e-business initiatives. Diagnosing IT Governance effectiveness and establishing an IT Governance measurement system that links cause and effect is consequently strategically important and highly relevant (Weill & Woodham, 2002).
Drawing upon the results of a longitudinal study on the design and effectiveness of IT Governance (Peterson, 1997, 1998, 2000, 2001), an IT Governance diagnostic model is developed and implemented in several large, multi-business-unit organizations across different industries in Europe. This comprehensive multi-client study was based on several in-depth case studies conducted in different sectors of the economy, including Banking, Insurance, Manufacturing, Health Care, Telecom & IT, and Travel & Leisure. Data was collected and analyzed on (1) the strategic challenges and IT value drivers in business transformations, (2) the locus and distribution of IT decision-making/monitoring responsibilities, (3) the integration strategies and tactics, and coordination capability and maturity of IT Governance, and (4) the impact of IT Governance on IT value realization.
More than 100 interviews were conducted with senior executives, directors and managers in both business and IT organizations and departments. These interviews were complemented by the collection and analysis of strategic company reports (e.g., IT investment analysis, Service Delivery Audits), and industry trends publications. In several of the client-organizations, executive workshops were organized to (1) present the main findings of the study, and (2) discuss the implications for the design and effectiveness of IT Governance in their organization. In the next section, the results of this comprehensive study are described.
The IT Governance Diagnostic Diamond
This section (Peterson, 2001) describes a holistic, high-level assessment model of IT Governance design and effectiveness. The model is theoretically inspired by Organization Design Economics, specifically, the congruency model of organizations (Galbraith & Lawler, 1993; Nadler & Tushman, 1998), a balanced strategic management system (Kaplan & Norton, 1992, 1996), and conversion effectiveness (Weill & Broadbent, 1998). Each of these concepts and underlying models are used extensively in practice, and has been empirically validated.
The congruency model directs our attention towards the contextualistic nature of effective designs, emphasizing the interplay between context, design and effectiveness. The balanced strategic management system reminds us that different (types of) measures should be used to assess performance, and that these measures are embedded in a process linking strategic objectives with adaptive actions (i.e., strategic flexibility). In contrast to the micro-economic 'black-box' model of IT value, conversion effectiveness recognizes that realizing IT value is based on the level of Value Conversion Process Maturity — VCPM — which is characterized by (Peterson, 2001):
- Senior (business) executive input and involvement (not 'abdication');
- Collaborative relationships and shared learning (not 'political clout');
- Integrated business-IT decision-making/monitoring (not 'management-by-budget');
- Business-IT competence (not 'ignorance').
Note |
high VCPM is primarily dependent upon the business organization and its executives, and only secondly on the IT organization. Furthermore, high VCPM is directly related to the level of lateral coordination capability, i.e., the adoption and use of relational integration structures and processes (see Figure 23). |
The IT Governance diagnostic diamond is organized into two axes (Figure 25). Vertically, the model depicts the IT Governance architecture consisting of the:
- differentiation of IT decision-making, i.e., who has what authority and responsibility to make decisions regarding the IT portfolio?;
- integration of IT decision-making, i.e., what integration strategies, tactics and mechanisms are used to coordinate IT Governance?
Figure 25: IT Governance Diagnostic Diamond (Peterson, 2001)
Answering the first question regarding differentiation provides (1) a specific federal profile of IT Governance (see Figure 8), and (2) improves transparency into the distribution and allocation of IT decision-making authority and responsibility. Answering the second question regarding integration provides (1) a description of the integration strategies and tactics used, and (2) an assessment of the current level of lateral coordination capability (see Figure 23).
Horizontally, the IT Governance diagnostic diamond distinguishes between strategic direction and strategic control, i.e., what are the value drivers and strategic intents, and to what extent have these value drivers been realized, or is IT contributing to business performance? The latter is the ultimate measure of true IT Governance effectiveness.
In assessing the value drivers, organizations focus on the value propositions for IT (i.e., Strategic Innovation, Solution Integration, and Service Delivery), and the operationalization of these value drivers into operational goals, and specific measures and targets. Moreover, it is vital that executives also indicate what initiatives are currently underway, and planned for the future, that address this value driver, and who are involved and affected by these programs.
In determining IT value realization, the IT Governance diagnostic diamond recognizes the dilution of IT impacts, and consequently distinguishes four generic measures for assessing IT value realization, i.e.:
- IT services, consistent with 'Service Delivery' value driver (see Figure 14);
- IT solutions, consistent with 'Solution Integration' value driver (see Figure 14);
- Business impact, addressing the business value drivers, i.e., 'Operational Excellence', 'Product Excellence', and 'Service Excellence', and the respective foci and operationalization (see Figure 12);
- Business value, addressing (future) financial performance, e.g., revenue growth, sales growth, return on assets, market share, shareholder value.
Similar to strategic direction, assessing strategic control involves the specification of the measures and targets involved, and to what extent the specific initiatives and programs have achieved their targets and objects, including level of stakeholder satisfaction.
Diagnosing IT Governance effectiveness and applying the IT Governance diagnostic diamond follows a 'left-to-right' logic in a step-wise process. The following four steps are followed for both the 'Ist' (current 'as-is' position), as well as for the 'Soll' (desired 'to-be' position) situation.
- Describe and assess the current/future business and IT value drivers for the organization:
- What are the main business value drivers?
- What are the main IT value drivers?
- What specific goals and targets, and initiatives and programs are underway that address the IT value drivers and business value drivers?
- Describe and assess the current/future differentiation of IT decision-making authority for the IT portfolio:
- Who is responsible for IT-business applications decisions, IT innovation decisions, and/or IT infrastructure decisions?
- How clearly are these responsibilities formulated, and made transparent to the organization, especially other key stakeholders?
- Is the differentiation of IT decision-making in line with the value drivers?
- Describe and assess the current/future integration of IT decision-making:
- What integration strategies, tactics and mechanisms are employed by the organization?
- What is the level of lateral coordination capability and value conversion process maturity?
- Are IT Governance integration strategies, tactics and mechanisms in line with the type value drivers and IT Governance differentiation employed by the organization (now and in the future)?
- Describe and assess the current/future IT value realization:
- What is the contribution of IT to improved business performance?
- What are the main business impacts, and how do these relate to the business value drivers, goals and measures?
- How is the IT organization performing on service delivery, solution integration, and strategic innovation?
Applying the IT Governance diagnostic diamond and following this step-wise approach for both the current and the desirable situation provides a diagnosis of the suitability of the existing IT Governance architecture, and identifies strategic discrepancies with the future, desirable position, and measures to redesign and improve the IT Governance architecture.
Conclusion Toward a New IT Governance Paradigm
This section concludes the chapter on Integration Strategies and Tactics for IT Governance. In this final section, the main lessons we have learned are summarized, and based upon the previous sections, a new IT Governance paradigm is presented. In the final section, directions and opportunities for practitioners and researchers of IT Governance are outlined.
What Have We Learned? Implications for Management
Despite the many bridges that still remain to be breached in the (theories and practices) of IT Governance, there are a number of important lessons we have learned over the past decades, which were addressed in this chapter. When contemplating and/ or studying IT Governance, both executives and researchers would do well to consider these important lessons learned.
Amidst the challenges and changes of the 21st century, involving hyper-competitive market spaces, electronically-enabled global network businesses, and corporate governance reform, IT Governance has become a fundamental business imperative. IT Governance is a top management priority, and rightfully so, because it is the single most important determinant of IT value realization.
IT Governance is the system by which an organization's IT portfolio is directed and controlled. IT Governance describes (1) the distribution of IT decision-making rights and responsibilities among different stakeholders in the organization, and (2) the rules and procedures for making and monitoring decisions on strategic IT concerns. IT Governance is thus corporate governance focused on IT, and it is not (only) the responsibility of the CIO or the organization of the IT function, in which an 'old new' IT management form is introduced to choose between centralization or decentralization.
The terms centralization and decentralization provide a dichotomy that is meaningless when employed as a generality to IT Governance. The centralization or decentralization can be applied to each of the main IT capabilities in the IT portfolio, yielding distinct patterns of federal IT Governance. The federal IT Governance model is currently the dominant model in contemporary organizations, as they seek to combine the benefits of synergy, standardization and specialization with the advantages of autonomy, innovation and flexibility.
The dominance of the federal IT Governance model is a strategic response to the needs of strategic flexibility and dynamic stability in contemporary organizations and markets, in which both business and IT organizations are adopting multiple, complementary value drivers. However, it should be emphasized that redesigning for federalism challenges managers in local business units to surrender control over certain business-specific IT domains for the well-being of the enterprise, and to develop business-to-corporate and business-to-IT partnerships.
An IT Governance architecture recognizes this coordination challenge, and emphasizes the need to take a holistic systems view of IT Governance. An IT Governance architecture is defined as the manner in which responsibilities and accountabilities for the IT portfolio are organized and integrated, and describes the differentiation and integration of strategic decision-making for IT (Peterson, 2001). Four types of integration strategies, each consisting of several integration tactics and integration mechanisms, can be employed to assure the level of coordination capability in the IT Governance architecture. Embedding the IT Governance architecture in the enterprise architecture and aligning IT Governance with IT value drivers enables an organization to realize its business value drivers.
Consequently, diagnosing the IT Governance architecture and developing a balanced strategic measurement system to assess and track IT Governance effectiveness is essential. Applying the IT Governance diagnostic diamond and utilizing the proposed step-wise approach provides a diagnosis of the suitability of the existing IT Governance architecture, and identifies strategic discrepancies with the future, desirable position, and measures to redesign and improve the IT Governance architecture in terms of strategic flexibility and dynamic stability.
Toward a New IT Governance Paradigm
Until recently, efficiency was the keyword in designing IT Governance. This made sense in a world characterized by a stable placid environment, in which neither the core technology nor the markets in which companies were operating changed drastically over time. Organizations could afford to use a 'command-and-control' structure to govern IT. However, with the business imperatives and new enterprise logic of strategic flexibility and dynamic stability, this 'old' IT Governance paradigm no longer seems viable, nor prudent.
Rather than being a system of command-and-control, focusing on the locus of IT decision-making authority, this chapter concludes that effective IT Governance in contemporary organizations is more likely to resemble a network of multiple business-IT collaborative relationships based on competencies and flexibility (Figure 26). IT is less about who is hierarchically positioned to be in control, and more about the complementary — business and IT — competencies an organization possess, and how it can integrate these in order to develop the required strategic flexibility for realizing and sustaining business value from IT in a complex and dynamic environment. The emerging IT Governance paradigm is based on principles of collaboration, competency and flexibility — not control, authority and efficiency.
Figure 26: The Emerging IT Governance Paradigm (Peterson, 2001)
These principles of the emerging IT Governance paradigm underscore and reaffirm the importance of flexible management systems in complex and uncertain environments. The organizing logic in the emerging IT Governance paradigm is characterized by a collaborative network structure, where communication is more likely to be lateral, task definitions are more fluid and flexible — related to competencies and skills, rather than being a function of position in the organization — and where influencing of business-IT decisions is based on expertise rather than an individual (or group's) position in the hierarchy.
In collaborative relationships between business and IT stakeholder constituencies, managers work together to understand business and IT competencies, opportunities, risks and benefits. This collaborative relationship demands that both business and IT managers take responsibility for business operations and IT innovation, which is achievable only when stakeholder constituencies share their unique expertise and competencies. This emerging paradigm for IT Governance is based on a 'philosophy' of collaboration where the need for distinct competencies are recognized and developed, and shared adaptively across functional, organizational, cultural and geographic boundaries.
Directions and Opportunities for Future Research
In Spanish there is a saying, "el camino se hace al caminar", which roughly translates into English as the road is paved as you go. While we have come a long way in understanding and implementing strategies for IT Governance, and designing effective IT Governance architectures, the real journey still lays ahead of us. Specifically, there are (at least) five areas of theoretical and empirical study that seem particularly fruitful for future research and practice of IT Governance. These are:
- The development and integration of multiple complementary business and IT value drivers, e.g., how do organizations and networks of organizations develop and integrate the multiplicity of business and IT value drivers? How do organizations develop the requisite capabilities to become strategically flexible and dynamically stable?
- The development of lateral coordination capability and value conversion process maturity, e.g., what are the interrelations between the different integration strategies and tactics? Is relational integration dependent upon formal integration, or does it enable formal integration? Are certain integration mechanisms 'multi-modal', i.e., do they facilitate more than one integration strategy?
- The alignment of the IT Governance architecture with IT value drivers and the enterprise architecture, e.g., how do organizations evolve and maintain such a complex and dynamic alignment? Are there different paths to aligning the IT Governance architecture?
- The application of the IT Governance diagnostic diamond, e.g., what are the experiences of (other) organizations applying the IT Governance diagnostic diamond? What actions does an organization take after diagnosing IT Governance effectiveness?
- The emerging IT Governance paradigm, e.g., how can the new principles be operationalized for research and practice? Is this emerging paradigm typical for contemporary firms in Europe, or are these principles also emerging in other continents? And what about the 'dot.coms'?
These five directions provide ample opportunities to expand our knowledge on strategies for IT Governance, and will enable us — executives and researchers — to improve IT Governance effectiveness.
References
Ahituv, N.,Neumann, S., & Zviran, M. (1989). Factors affecting the policy for distributing computing resources. MIS Quarterly, 13(4), 389–401.
Alter, A. (2001). Thinking out loud: Interview with JoAnn Heissen. CIO INSIGHT, (December).
Ashby, W. R. (1956). Introduction to cybernetics. New York: John Wiley & Sons.
The Blind Men and the Elephant (1963). McGraw-Hill Book Company.
Boynton, A. C. (1993). Achieving dynamic stability through information technology. California Management Review, 35(2), 58–77.
Brown, C. V., & Magill, S. L. (1994). Alignment of the IS function with the enterprise: Toward a model of antecedents. MIS Quarterly, 18(4), 371–403.
Brown, C. V., & Magill, S. L. (1998). Reconceptualizing the context-design issue for the information systems function. Organization Science, 9(2), 176–194.
Buenger, V.,Daft, R. L.,Conlon, E. J., & Austin, J. (1996). Competing values in organizations: Contextual influences and structural consequences. Organization Science, 7(5), 557–576.
Burt, R. S. (1980). Models of network structure. Annual Review of Sociology, 6, 79–141.
Clark, C.,Cavanaugh, N.,Brown, C. V., & Sambamurthy, V. (1997). Building change-readiness IT capabilities: Insights from the Bell Atlantic experience. MIS Quarterly, 21(4), 425–455.
Clark, T. D. (1992). Corporate systems management: An overview and research perspective. Communications of the ACM, 35(2), 61–75.
Collis, D. J., & Montgomery, C. A. (1995). Competing on resources: Strategy in the 1990s. Harvard Business Review, 73(4), 118–128.
Cross, J.,Earl, M., & Sampler, J. L. (1997). Transformation of the IT function at British Petroleum. MIS Quarterly, 21(4), 401–423.
Cyert, R. M., & March, J. G. (1963). A behavioral theory of the firm. Englewood Cliffs, NJ: Prentice Hall.
Daft, R. L. (1998). Organization theory and design. (6th ed.). Cincinnati, OH: South Western College Publishing.
D'Aveni, R. A. (1994). Hypercompetition: Managing the dynamics of strategic maneuvering. New York [etc.]: Free Press.
D'Aveni, R. A. (1999). Strategic supremacy through disruption and dominance. Sloan Management Review, 40(3), 127–135.
Earl, M. (2000). Local lessons for global businesses. In D.A. Marchand, T.H. Davenport, & T. Dickson, T. (Eds.), Mastering Information Management (pp. 86–91). London: Financial Times/Prentice Hall.
Ein-Dor, P., & Segev, E. (1982). Organizational context and MIS structure: Some empirical evidence. MIS Quarterly, 6(3), 55–68.
El Sawy, O.,Malhotra, A.,Gosain, S., & Young, K. (1999). IT-intensive value innovation in the electronic economy: Insights from Marshall industries. MIS Quarterly, 23(3), 305–335.
Feeny, D. F., & Willcocks, L. (1998). Core IS capabilities for exploiting information technology. Sloan Management Review, 39(3), 9–21.
Feeny, D. F.,Edwards, B. R., & Earl, M. (1989). Complex organizations and the information systems function. Oxford Institute for Information Management, Oxford, RDP 87/7.
Galbraith, J. R. (1973). Designing complex organizations. MA: Addison-Wesley.
Galbraith, J. R. (1974). Organization design: An information processing view. Interfaces, 4(3), 28–39.
Galbraith, J. R. (1987). Organizational design. In J. W. Lorsch (Ed.), Handbook of Organizational Behavior. Englewood Cliffs: Prentice Hall.
Galbraith, J. R. (1994). Competing with flexible lateral organizations. MA: Addison-Wesley.
Galbraith, J. R., & Lawler, E. E. (1993). Organizing the future: The new logic of managing complex organizations. San Francisco, CA: Jossey-Bass.
Henderson, J. C. (1990). Plugging into strategic partnerships: The critical IS connection. Sloan Management Review, 31(3), 7–18.
Hitt, M. A.,Keats, B. W., & DeMarie, S. M. (1998). Navigating the new competitive landscape: Building strategic flexibility and competitive advantage in the 21st century. Academy of Management Executive, 12(4), 22–42.
Hodgkinson, S. L. (1996). The role of the corporate IT function in the federal IT organization. In M. Earl (Ed.), Information Management: The Organizational Dimension (pp. 247–268). Oxford: Oxford University Press.
IT Governance Institute. (2001). Board briefing on IT Governance. Available online: http://www.itgovernance.org.
Kahn, K. B., & McDonough, F. (1997). An empirical study of the relationships among co-location, integration, performance, and satisfaction. Journal of Production Innovation Management, 14, 161–178.
Kaplan, R. S., & Norton, D. P. (1992). The balanced scorecard: Measures that drive performance. Harvard Business Review, 70(1), 71–79.
Kaplan, R. S., & Norton, D. P. (1996). Using the balanced scorecard as a strategic management system. Harvard Business Review, 74(1), 75–85.
Khandwalla, P. N. (1976). The techno-economic ecology of corporate strategy. Journal of Management Studies, 13(1), 62–75.
King, J. L. (1983). Centralized versus decentralized computing: Organizational considerations and management options. Computing Surveys, 15(4), 319–349.
Lawrence, P.R., & Lorsch, J.W. (1967). Differentiation and integration in complex organizations. Administrative Science Quarterly, 12(1), 1–47.
Lawrence, P.R., & Lorsch, J.W. (1969). Developing organizations: Diagnosis and action. Addison-Wesley.
Lorsch, J. W., & Lawrence, P. R. (1970). Studies in organization design. Georgetown, Ontario: Irwin-Dorsey Limited.
Luftman, J., & Brier, T. (1999). Achieving and sustaining business-IT alignment. California Management Review, 42(1), 109–122.
Malone, T. W., & Crowston, K. (1994). The interdisciplinary study of coordination. ACM Computing Surveys, 26(1), 87–118.
March, J. G. (1991). Exploration and exploitation of organizational learning. Organization Science, 2, 71–87.
March, J. G., & Simon, H. A. (1958). Organizations3. (2nd ed.). John Wiley & Sons.
Marchand, D. A. (2000). Hard IM choices for senior managers. In D. A. Marchand, T. H. Davenport, & T. Dickson (Eds.), Mastering Information Management (pp. 295–300). London: Financial Times/Prentice Hall.
Marchand, D. A. (2000). How to keep up with the hypercompetition. In D. A. Marchand, T. H. Davenport, & T. Dickson (Eds.), Mastering Information Management (pp. 120–126). London: Financial Times/Prentice Hall.
Miller, D. (1988). Relating Porter's business strategies to environment and structure: Analysis and performance implications. Academy of Management Journal, 31(2), 280–308.
Miller, D., & Friesen, P. H. (1978). Archetypes of strategy formulation. Management Science, 24(9), 921–933.
Mintzberg, H. (1979). The structuring of organizations. Englewood Cliffs: Prentice Hall.
Nadler, D., & Tushman, M. L. (1998). Competing by design: The power of organizational architecture. Oxford: Oxford University Press.
Parker, M.,Benson, R., & Trainor, H. (1988). Information economics: Linking business performance to information technology. Englewood Cliffs, NJ: Prentice Hall.
Parker, M.,Trainor, H., & Benson, R. (1989). Information strategy and economics: Linking business performance to information technology. Englewood Cliffs, NJ: Prentice Hall.
Parker, M. M., & Benson, R.J. (1989). Enterprisewide information management: State-of-the-art strategic planning. Journal of Information Systems Management, (Summer), 14–23.
Parker, M. M.,Ribbers, P. M., & Parker, S. R. (1997). Critical IT issues for business transformation. Handbook BIK, D 1005-1, Tilburg University.
Peppard, J., & Ward, S. (1999). Mind the gap: Diagnosing the relationship between the IT organization and the rest of the business. Journal of Strategic Information Systems, 8, 29–60.
Peterson, R., & Ribbers, P. M. A (2002). Service Level Agreements: Noodzakelijk en toereikend? Available online: http://www.sbit.nl/ego/archief.php.
Peterson, R .R. (1998). Successful exploitation of Information Technology in financial services. The role of IT Governance. Proceedings of the International Conference on Information Systems (Doctoral Consortium), Helsinki, Finland (December 13–16, 1998).
Peterson, R. R. (2000). Emerging capabilities for IT Governance: Exploring stakeholder perspectives in Financial Services. Conference Proceedings European Conference on Information Systems 2000, Vienna, Austria.
Peterson, R. R. (2000). Examining ambidextrous designs for information governance: Evidence from a longitudinal comparative case study in Financial Services. Conference proceedings of the European Conference on IT Evaluation 2000, Dublin, Ireland.
Peterson, R. R. (2001). Configurations and coordination for global information governance: Complex designs in a transnational European context. Proceedings of the 34th HICSS Conference, Hawaii.
Peterson, R. R. (2001). Information Governance: An empirical investigation into the differentiation and integration of strategic decision-making for IT. The Netherlands: Tilburg University.
Peterson, R. R.,O'Callaghan, R., & Ribbers, P. M. A. (2000). Information Technology governance by design. Conference proceedings of the International Conference on Information Systems 2000, Brisbane, Australia.
Peterson, R. R.,Smits, M., & Spanjers, R. (2000). Exploring IT-enabled networked organizations in health care: Emerging practices and phases of development. Conference Proceedings the European Conference on Information Systems 2000, Vienna, Austria.
Porter, M. E. (1980). Competitive advantage. Harvard Business Press.
Powell, T. C. (1992). Organizational alignment as competitive advantage. Strategic Management Journal, 13, 119–134.
Quinn, R. E., & Rohrbaugh, J. (1983). A spatial model of effectiveness criteria: Towards a competing values approach to organizational analysis. Management Science, 29(3), 363–377.
Quinn, R. E.,DeGraff, J., & Thakor, A. (2000). Creating shareholder value — and dispelling some myths. In T. Dickson (Ed.), Mastering Strategy. London: Pearson Education Limited.
Reich, B. H., & Benbasat, I. (1996). Measuring the linkage between business and information technology objectives. MIS Quarterly, 20(1), 55–81.
Remenyi, D. (2000). The elusive nature of delivering benefits from IT investment. Electronic Journal of Information Systems Evaluation, 3(1). Available online: http://www.iteva.rug.nl/ejise/index.html.
Robbins, S. P. (1994). Essentials of organizational behavior. London: Prentice Hall International.
Rockart, J. F. (1988). The line takes the leadership: IS management in a wired society. Sloan Management Review, 29(4), 57–64.
Rockart, J. F.,Earl, M., & Ross, J. W. (1996). Eight imperatives for the new IT organization. Sloan Management Review, 38(1), 43–55.
Ross, J. W.,Beath, C. M., & Goodhue, D. L. (1996). Develop long-term competitiveness through IT assets. Sloan Management Review, 38(1), 31–42.
Sambamurthy, V., & Zmud, R. W. (1999). Arrangements for information technology governance: A theory of multiple contingencies. MIS Quarterly, 23(2), 261–290.
Sambamurthy, V., & Zmud, R. W. (2000).Research commentary. The organizing logic for an enterprise's IT activities in the digital era: A prognosis of practice and a call for research. Information Systems Research, 11(2), 105–114.
Sauer, C., & Yetton, P. W. (1997). The right stuff: An introduction to new thinking about IT management. In C. Sauer, P. W. Yetton, & Associates (Eds.), Steps to the Future: Fresh Thinking on the Management of IT-Based Organizational Transformation (pp. 1–25). San Francisco, CA: Jossey-Bass.
Scheier, R. (2001). Central intelligence: Johnson & Johnson case study. CIO INSIGHT, (December).
Senge, P. M. (1990). The fifth discipline. New York: DoubleDay.
Simon, H. A., & Barnard, C. I. (1961). Administrative behavior: A study of decision-making processes in administrative organization. New York: The Macmillan Company.
Simson, E. M. v. (1990). The centrally decentralized IS organization. Harvard Business Review, 68(4), 158–160.
Simson, E. M. v. (1995). The recentralization of IT. Computerworld, 1(11), 2–7.
Tavakolian, H. (1989). Linking the information technology structure with organizational competitive strategy: A survey. MIS Quarterly, 13(3), 309–317.
Teo, T. S. H., & King, W. R. (1999). An empirical study of the impacts of integrating business planning and information systems planning. European Journal of Information Systems, 8, 200–210.
Thompson, J. (1967). Organizations in action: Social sciences bases of administrative theory. New York: McGraw-Hill.
Treacy, M., & Wiersema, F. (1993). Customer intimacy and other value disciplines. Harvard Business Review, 71(1), 84–93.
Treacy, M., & Wiersema, F. (1995). The discipline of market leaders. MA: Addison-Wesley.
Van der Heijden, K. (1996). Scenarios. The art of strategic conversation. New York: John Wiley & Sons.
Van Grembergen, W. (2002). Introduction to the Minitrack: IT Governance and its mechanisms. Proceedings of the 35th Hawaii International Conference on System Sciences (HICSS), IEEE.
Van Grembergen, W., & Saull, R. (2001). Information Technology governance through the balanced scorecard. Proceedings of the 34th Hawaii International Conference on System Sciences (HICSS), IEEE.
Van Grembergen, W., & Van Bruggen, R. (1997). Measuring and improving corporate information technology through the balanced scorecard technique. Proceedings of the 4th European Conference on the Evaluation of Information Technology, Delft, (pp. 163–171).
Venkatraman, N. (2000). Five steps to a dot-com strategy: How to find your footing on the web. Sloan Management Review, 41(3), 15–28.
Vitale, M. (2001). The dot.com legacy: Governing IT on internet time. Working Paper. Information Systems Research Center, University of Houston, Houston, Texas, USA.
Von Bertalanffy, L. (1968). General System Theory: Foundations, development, applications. New York: George Braziller.
Weick, K. E., & Roberts, K. H. (1993). Collective mind in organizations: Heedful interrelating on flight decks. Academy of Science Quarterly, 38, 357–381.
Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure: How market leaders capitalize on information technology. Boston, MA: Harvard Business School Press.
Weill, P., & Vitale, M. (2001). Place to space. Migrating to eBusiness models. Boston, MA: Harvard Business School Press.
Weill, P., & Vitale, M. (2002). What IT infrastructural capabilities are needed to implement e-business models. MIS Quarterly Executive, 1(1), 17–34.
Weill, P., & Woodam, R. (2002). Don't just lead, govern: Implementing effective IT Governance. CISR Working Paper No. 326. Sloan School of Management, Cambridge, Massachusetts, USA.
Whetherbe, J. (2001). Achieving the high-performance, information-based networked organization. Working Paper, Information Systems Research Center, University of Houston, Houston, Texas, USA.
Willcocks, L. (1996). Investing in information systems: Evaluation and management. London, Chapman & Hall.
Willcocks, L. P.,Feeny, D. F., & Islei, G. (1997). Managing IT as a strategic resource. London: McGraw-Hill Companies.
Zachman, J. A. (1987). A framework for information systems architecture. IBM Systems Journal, 26(3), 276–292.
Zmud, R. W.,Boynton, A. C., & Jacobs, G. C. (1986). The information economy: A new perspective for effective information systems management. Database, (Fall), 17–23.
Endnotes
1 Two exceptions and noteworthy initiatives undertaken to address the development of a cumulative body of knowledge and skills are the organization of a special 'IT Governance research track' at the 35th Hawaii International Conference on System Sciences (2002), and the IT Governance Institute™, established by the Information Systems Audit and Control Association ISACA™ in 1998.
2 Theoretically, there are eight distinct federal patterns in IT Governance (excluding the completely centralized and the fully decentralized IT Governance model).
3 IT application decisions address applications prioritization and planning, budgeting, and the delivery of application services.
4 IT development involves blending knowledge of business processes and functions with IT infrastructure capabilities along the complete IT systems development life cycle.
5 In a federal IT Governance model, enterprise IT infrastructure decisions are always allocated to a central corporate IT office. IT infrastructure decisions address the hardware/software platforms, network and data architectures, and the standards for procurement and deployment of IT resources.
6 The systems view (Ashby, 1956; Von Bertalanffy, 1968) is based on cybernetic principles (Wiener, 1956), which draws upon the Greek word Kubernesis — steersmanship, the task of keeping a ship on its course in the midst of unexpected changing circumstances.
7 Organization Design Economics is an interdisciplinary field of study based on the work of, e.g., March & Simon, 1958; Cyert & March, 1963; Lawrence & Lorsch, 1967, 1969; Thompson, 1967; Galbraith, 1973, 1994; Daft & Lengel, 1984; 1986; Williamson, 1996; Malone & Crowston, 1994; Hitt et al., 1998; Nadler & Tushman, 1998.