Documente Academic
Documente Profesional
Documente Cultură
www.emeraldinsight.com/0968-5227.htm
IMCS
21,4
228
Received 3 August 2012
Revised 7 December 2012
29 January 2013
11 February 2013
Accepted 13 February 2013
1. Introduction
Information technology (IT) has become a vital and integral part of many business
activities. The pervasive use of IT in many organizations brings IT governance to
become a more significant issue. After the concept of IT governance emerged in the
early 1990s, specialists and academics have attempted to clarify how to ensure the
value of aggressive action on IT governance (Van Grembergen and De Haes, 2010).
This curious question has been examined in a series of research projects during the
period 1999-2003 by Weill and Ross (2004). They have found a relationship between
corporate performance and proactive tuning for IT governance. The finding also
revealed that when the organizations performed proactive support for IT governance,
they could generate up to 20 percent more profit than organizations with poor support.
Van Grembergen and De Haes (2010) also clearly illustrated that IT governance should
be an integral part of corporate governance.
Principles of IT governance cover risk management, information security, service
quality, IT resources management and business/IT alignment. Ideally, risk
management and information security should be combined and closely examined. It
can be identified that information security governance (ISG) is a part of IT governance.
Nowadays, IT governance and ISG are controlled by a variety of practices such as
ISO/IEC 38500, ISO/IEC 27001, COBIT, and ITIL. However, COBIT is now accepted as
the preferred framework for IT governance. Currently, COBIT is at version 5.0 and
introduced as a single integrated framework for IT governance.
Due to a variety of standards and frameworks, organizations will need to decide
which approach is suitable for them. After many years of performing the insight case
studies on IT governance, Van Grembergen and De Haes (2010) have identified that the
successful implementation of IT governance is caused by the fine tuning of linkage for
structures, processes, and relational mechanisms within the organization itself. This
important finding expands our knowledge in order to understand that there is no silver
bullet solution for IT governance scenario. Different organizations need different
solutions for IT governance. The best practice from one place can become the bad one
in other places, especially when expanded and implemented under the different
conditions. For example, companies in developing countries that lack of adequate
industrial infrastructure are not able to jump into the technological dependence era to
stand at the same level as companies in developed countries. Therefore, the best
practice contributed from developed countries should be analyzed properly before
implementing in developing countries (Ferran, 2006). In the same manner, IT
governance implementation in developing countries needs a holistic approach to
support the complex mix of political, organizational, technical, and cultural concerns in
each country (Nfuka and Rusu, 2010).
The idea of trial and error to find the proper solution causes a waste of budget, time,
and workforce. Therefore, it is essential for an organization to clearly understand its
current situation of IT governance performance before taking any other action on IT
governance. Moreover, many organizations often ignore the planning of how to
implement IT governance. That will directly lead to an increased risk in many forms,
especially for stakeholder resistance. Those problems can also cause the failure of IT
governance implementation. Therefore, the purpose of this paper is to identify the
current situation and the future improvement for IT governance and controls in a
developing country like Thailand. We have limited our scope to select only the
universities in Thailand as the subjects of this study. By applying the metrics of IT
governance balanced scorecard (BSC) with importance-performance analysis (IPA), we
expect to provide the new insight for IT governance issue for Thai universities.
The research questions of this paper are:
RQ1. What are the important issues to take into consideration before implementing
IT governance?
RQ2. What is the current situation of IT governance performance in Thai
universities?
IT governance
balanced
scorecard
229
IMCS
21,4
230
and the risks from IT investment, risk and security management, and the IT policies or
strategies that affect an organizations sustainability.
2.2 IT governance research
We surveyed many research papers relating to IT governance subjects that are
published online. The investigated databases included IEEE, ACM, Science Direct and
SCOPUS. The keyword we used was IT governance. Later on, we carefully
considered the key issues and categorized them into five categories:
(1) IT governance implementation.
(2) IT governance framework development and guideline.
(3) Critical success factors and enablers of IT governance.
(4) Business/IT alignment.
(5) Prediction model and decision support system for IT governance.
IT governance
balanced
scorecard
231
Authors
IT governance implementation
Table I.
Summary of research on
IT governance
IMCS
21,4
232
that top management commitment to IT is the primary cause for their organizations to
achieve a competitive advantage from their IT. In order to achieve a better interaction
between IT and business, the rigid form of IT structure should embrace a more social
and dynamic form (Schwarz and Hirschheim, 2003). Weill and Ross (2004) stated that
identifying the decision rights and accountability from the board can encourage
desirable behavior in using IT. After the roles and responsibilities have been committed,
organizations can embrace the solution for IT governance framework. A well balanced
mix of structures, processes, and relational mechanisms will enable better IT
governance outcomes (De Haes and Van Grembergen, 2006). Based on the review of IT
governance implementation research, we can infer that IT governance implementation
is concerned not only with well-established IT governance framework, but also with
well-communicated IT strategy and policy from the board (Bowen et al., 2007).
2.2.2 IT governance framework development and guideline. The research in this
category has mainly focused on providing a hybrid structure of framework or
guideline based on widely accepted industry standards or existing
concepts/frameworks. For example, De Oliveira Alves et al. (2006) proposed a single
framework for implementing ISG that developed from the integration of BSC, COBIT,
and ISO/IEC 27001; Larsen et al. (2006) unfolded the potential of existing IT
governance framework at a single case of biotech-based company; and Afzali et al.
(2010) applied the concept of COBIT and Val IT 2.0 to provide a broader framework for
IT governance. Nevertheless, there is no universal IT governance structure for IT
governance framework. The hybrid structure and processes are required for
developing a flexible environment for sustaining value through business/IT
engagement (Brown and Grant, 2005; Ribbers et al., 2002). In summary, the focus
area of IT governance research on framework development and guideline is still reliant
on the organizational context. Furthermore, focusing only on IT governance tools and
frameworks are insufficient for governing IT effectively (Ribbers et al., 2002).
2.2.3 Critical success factors and enablers of IT governance. For critical success
factors and enablers of IT governance, Fink and Ploder (2008) found that more
stakeholder involvement, employee integration, business process improvement, and
flexibility of the IT infrastructure are critical success factors for the use of IT governance
framework. Prasad et al. (2010) also found that effective commitment from top
management drives capabilities to manage IT resources, and also improves internal
process-level performance. Nevertheless, the widely adopted framework cannot
guarantee the success of IT governance implementation. The organizations should
appraise existing framework or best practices with their organizational processes before
adoption (Krey et al., 2010). For IT governance adoption in developing nation (Tanzania),
Nfuka et al. (2009) highlighted that the problems with IT governance in public sector are
lack of a specific IT strategic plan, lack of clear roles and responsibilities, inadequate
follow-up and enforcement mechanisms, lack of IT governance awareness, inadequate
budget, and lack of IT professional skills. In summary, the research in this category
commonly reflects the issues of logical coherence for implementing IT governance into
the organizational context.
2.2.4 Business/IT alignment. For business/IT alignment, the strategic key for
business/IT alignment is to ensure that business can gain a competitive advantage
through IT spending. Many studies in this category conducted a survey to determine the
pattern that organizations apply to achieve an optimal level for business/IT alignment
(Cumps et al., 2006, 2009; Beimborn et al., 2009; Chen, 2010; Hosseinbeig et al., 2011).
Additionally, many of articles also referred to strategic alignment maturity (SAM)
framework (Cumps et al., 2006; Samanta, 2007; Chen, 2010; Hosseinbeig et al., 2011).
SAM is used to evaluate the maturity of organizational strategy selection and alignment
activities. The organizations can utilize SAM to identify the current stage of business/IT
alignment and the goal setting for improving alignment. Research focusing on
business/IT alignment has been advanced in the development of models/frameworks
based on existing models/frameworks to support organizations for improving their
business/IT relationships.
2.2.5 Prediction model and decision support system for IT governance. For prediction
model and decision support system, Fasanghari et al. (2008) applied K-means analysis
for clustering available IT governance tools and standards. Simonsson et al. (2008a, b)
applied Bayesian network with decision support tool for predicting IT governance
performance. Xiao-Wen et al. (2009) developed a prototype decision supporting system
for IT governance planning. The research in this topic area has focused on the
development of automatic tool for encouraging IT governance prediction and decision
support.
After reviewing the focal point for each area of IT governance research, we have
gained knowledge and insights on IT governance that can be summarized as follows:
.
IT governance cannot occur in a vacuum, but should begin as a journey inspired
from the board;
.
focusing only on IT governance tools and frameworks are insufficient for
governing IT effectively;
.
the organizations should appraise existing frameworks or best practices with
their internal IT processes before adoption; and
.
the prediction model and decision support system are still a relatively young area
of IT governance research.
2.3 IT governance in universities
Even if researchers have conducted many frameworks relevant to IT governance, there
are a limited number of university-oriented IT governance frameworks. The situation of
IT governance implementation in practice within universities was not much different from
other industries. We have not found a single solution that can be applied at every
university. The solution has drastically changed from one campus to another. In 2007,
Bhattachariya and Chang (2007) stated that while institutions have to deal with low
staffing levels, this time is not suitable for adopting industry best practices. Each
institution can establish its own best practice that link to business needs and available
resources. In 2007, Joint Information Systems Committee (JISC, 2007) funding for the
University of Strathclyde to develop the flexible framework and self-assessment tool that
facilitate higher education institutions in the UK to identify the areas of improvement for
their IT resources. Based on the JISC model and ISO/IEC 38500:2008 (Standard for
Corporate Governance of IT), Martnez and Largo (2009), developed a university-oriented
IT governance framework (ITG4U) for the Spanish Association of University Rectors in
Spain that enable each university to reach a higher IT governance maturity level.
In Thailand, the whole university system is governed by the Office of the Higher
Education Commission (OHEC) and the Office for National Education Standards and
IT governance
balanced
scorecard
233
IMCS
21,4
234
Quality Assessment (ONESQA). The role of the OHEC is to maintain the internal
quality assurance in each university, while the control of external quality assurance
among Thai universities is responsible for the ONESQA. Both of theses two
organizations have the same vision to create the appropriate quality assurance system
for Thai universities. Based on the OHEC and the ONESQA approaches, we have
found many indicators for measuring university performance. However, there seems to
be a lack of IT governance indicators. Furthermore, IT governance indicators are not
mentioned in educational ICT master plan for higher education. To the best of our
knowledge, we have not found IT governance research conducted for Thai universities.
Therefore, this study is one of the few attempts to investigate the current situation of
Thai universities IT governance adoption.
2.4 IT governance BSC
The BSC, which was first described in the early 1990s, has become widely accepted for
evaluating business performance at the enterprise level (Cobbold and Lawrie, 2002).
Shifting the focus from traditional financial evaluation to stakeholders-based
evaluation, BSC combines financial measures and non-financial measures in a single
report. In addition to financial measures, BSC employs three other perspectives for
measuring customer satisfaction, internal processes, and future vision. With BSC,
organizations are able to create a linkage between short-term financial measures and
future growth (Kaplan and Norton, 1996).
Drawing from BSC, IT governance BSC is developed for assessing how well
organizations are performing IT governance. IT governance BSC is not only performed
as a measurement system for IT governance processes, but it can also demonstrate
cause and effect relationships between perspectives. Figure 1 shows the cause and
effect relationships among each perspective. The future orientation perspective can
improve the level of operational excellence perspective. The operational excellence
perspective can improve the level of stakeholder perspective. And lastly, the
stakeholder perspective can improve the level of corporate contribution perspective
(Van Grembergen, 2005).
The scope of each perspective in IT governance BSC can be described as follows.
First, the corporate contribution perspective measures the performance of IT
governance processes for ensuring that business can achieve maximum profit from IT
while reducing risk at a reasonable point. Second, the objectives of the stakeholder
Enables
Stakeholders
Enhancing stakeholders
satisfaction/needs and ensuring
legal/ethical compliance
Figure 1.
IT governance BSC
perspectives and their
cause and effect
relationships
Corporate Contribution
Ensuring maximum profit
through IT and reducing risk
at a reasonable point
IT Governance
Cause
Effect
Future Orientation
Building the foundations of
skills, knowledge, and
IT/business partnership for
IT governance delivery
Operational Excellence
Enables
Enables
IT governance
balanced
scorecard
235
Corporate Contribution
Stakeholder Orientation
Stakeholder satisfaction
Demonstrate competitive costs
Delivery good service
Develop good service
IT Governance
Future Orientation
Attract and retain people with key competencies
Focus on professional learning and development
Build a climate of empowerment and
responsibility
Measure/reward individual and team performance
Capture knowledge to improve performance
synergies
Operational Excellence
Mature internal IT processes
Manage operational service performance
Achieve economies of scale
Build standard, reliable technology platforms
Deliver successful IT Projects
Understand business unit strategies
Propose and validate enabling solutions
Understand emerging technologies
Develop organization architecture
Figure 2.
Applied IT governance
BSC
IMCS
21,4
236
High Importance
Quadrant I
Concentrate Here
Quadrant II
Keep up the Good Work
Low Performance
High Performance
Quadrant III
Low Priority
Figure 3.
The original IPA
framework
Quadrant IV
Possible Overkill
Low Importance
Quadrant III is labelled low priority. Attributes that fall into this quadrant are
perceived as low importance, and relatively low performance. The organization
should limit the resource for all activities that fall into this cell.
Quadrant IV is labelled possible overkill. Attributes that fall into this quadrant
are perceived as low importance, but relatively high performance.
IT governance
balanced
scorecard
Respondents are satisfied with the performance of all activities in this cell, but
compared to perceived importance, the allocation of resources for these activities are
being over utilized.
This study applied IPA method to find out the IT governance attributes that
universities have performed well, and the critical points that need to be improved.
Furthermore, with IPA method, we can establish the guidance of IT governance
strategy for Thai universities.
237
3. Research methodology
In the first step of this research, we conducted a preliminary investigation with 40
articles on IT governance research to identify critical concerns of IT governance
implementation from a global perspective. In the second step, we conducted a
quantitative survey to identify the current state of IT governance for Thai universities.
A self-assessment was developed based on the metrics from IT governance BSC
introduced by Abu-Musa (2007). The questionnaire consists of 23 items within four
dimensions, as shown in Figure 3. According to these metrics (Abu-Musa, 2007), we
used three-point Likert scale to measure the importance (1 not important to 3 very
important) and performance (1 not monitoring to 3 always monitoring). The
questionnaires were distributed to 117 IT executives from 117 universities in Thailand.
They were asked to capture the perceived importance and performance for each
attribute. A total of 64 out of 117 IT executives completed the questionnaire over the
three month period in 2011, representing a response rate of 54.7 percent. The reliability
analysis was carried out by calculating the Cronbachs a coefficient. The result showed
a high internal consistency as shown in Table II.
After reliability testing was performed, a paired-sample t-test was run to evaluate
the mean difference between performance and importance scores. IPA was then
applied to capture graphical demonstration for identifying the current stage of IT
governance and also providing the strategic actions for Thai universities.
Cronbachs a
(importance)
Cronbachs a
(performance)
0.743
0.872
0.811
0.937
0.720
0.852
0.834
0.919
0.915
0.958
Constructs
Items
1. Corporate
contribution
2. Future
orientation
3. Stakeholder
orientation
4. Operational
excellence
Table II.
Cronbachs a and
reliability of scale
IMCS
21,4
238
4. Research results
This section presents the main results related to IT executives perception on the
importance of IT governance performance measures taken in their universities.
The result of IPA with IT governance BSC attributes is summarized in Table III. The
graphical plotting of the IPA is also shown in Figure 5. In addition, the implication of
the obtained results is also discussed.
According to Table II, a series of paired-sample t-test was conducted to identify the
significant gap between importance and performance. The attributes for manage risks
(V4), achieve inter-organization synergies (V5), stakeholder satisfaction (V11), and
building standard, reliable technology platforms (V18) show no significant difference
( p , 0.05) between the mean of importance and performance. Apart from these, other
19 attributes show a significant difference on t-test in negative direction. This is
indicative of the fact that most actual control of IT governance in universities is
monitored less than expected. Therefore, Thai universities should pay more attention
to the attributes that are identified as being important in order to balance the gap
between the importance and performance for those attributes.
The importance-performance matrix of IT governance BSC attributes is plotted in
four quadrants, as shown in Figure 4. The importance values are presented on the
vertical axis, while the performance values are presented on the horizontal axis.
Quadrant I indicates the attributes that need to be considered for improvement at a
first priority. Quadrant II represents the attributes that organization can perform well
and need to keep up the good work. Quadrant III indicates the attributes that
organization should restrict its resource allocation. Quadrant IV represents the
attributes that organization should reshape its policy to achieve the optimal resource
utilization. In addition, further details of the attributes in each quadrant can be
described as follows.
4.1 The concentrate here quadrant
In quadrant I, there is no attribute that fall into the concentrate here quadrant. This
means that all IT executives perceived the performance measurement of IT governance
in their universities can be conducted well. There is no important attributes that
perform a low level monitoring. Even if we found evidence for lower expected control
with 19 attributes in Table II, it would not be considered as a critical point when
comparing with the result reflected in this quadrant.
4.2 The keep up the good work quadrant
According to the IT executive perception, 11 attributes have been identified in the keep
up the good work quadrant. The important attributes that fall into quadrant II can be
measured in a consistent way. These attributes are expected to be the pillar of strength
for leading IT governance in the university. Therefore, all attributes in the keep up the
good work quadrant can be used as the baseline indicators for driving IT governance
in Thai universities.
4.3 The low priority quadrant
IT executives identified 11 attributes in the low priority quadrant which thus could be
considered to be adequate control for less important attributes. Even if IT executives did
not perceive these attributes as the critical concerns, but this does not mean that the
1. Corporate contribution
V1. Align IT with business objectives
V2. Deliver value
V3. Manage costs
V4. Manage risks
V5. Achieve inter-organization synergies
2. Future orientation
V6. Attract and retain people with key competencies
V7. Focus on professional learning and development
V8. Build a climate of empowerment and
responsibility
V9. Measure/reward individual and team
performance
V10. Capture knowledge to improve performance
3. Stakeholder orientation
V11. Stakeholder satisfaction
V12. Demonstrate competitive costs
V13. Delivery good service
V14. Develop good service
4. Operational excellence
V15. Mature internal IT processes
V16. Manage operational service performance
V17. Achieve economies of scale
V18. Build standard, reliable technology platforms
V19. Deliver successful IT projects
V20. Understand business unit strategies
V21. Propose and validate enabling solutions
V22. Understand emerging technologies
V23. Develop organization architecture
2.66
2.59
2.48
2.34
2.38
2.50
2.14
2.60
2.62
2.29
2.36
2.19
2.19
2.53
2.45
2.21
2.38
2.36
Performance mean
2.38
2.43
2.33
2.41
2.48
Important mean
20.224
20.241
20.379
20.155
20.276
20.241
20.207
20.397
20.414
0.000
20.259
20.328
20.379
20.190
20.259
20.293
20.448
20.345
20.259
20.241
20.259
20.138
20.121
Gap (P 2 I)
22.35
22.92
23.75
21.76
23.26
22.91
22.45
24.48
25.06
0.00
22.66
23.94
24.68
22.27
23.40
22.89
25.71
23.80
22.76
22.23
22.51
21.59
21.35
t-value
0.022
0.005
0.000
0.083
0.002
0.005
0.017
0.000
0.000
1.000
0.010
0.000
0.000
0.026
0.001
0.005
0.000
0.000
0.008
0.029
0.015
0.117
0.180
Significance (two-tailed)
IT governance
balanced
scorecard
239
Table III.
IPA with IT governance
BSC attributes
IMCS
21,4
2.80
2.70
V14
240
V13
V7
2.60
V19
V8
Important
V11
V5
2.50
V20
V2
V4
2.40
V10
V22 V1
V3
V16
V15
V23
2.30
2.20
V9
V21
V17
V18
V12
2.10
Figure 4.
Plotting of
importance-performance
matrix for IT governance
BSC attributes
2.00
1.70
1.80
1.90
2.00
2.10
2.20
2.30
2.40
2.50
2.60
Performance
university should reduce the efforts on these attributes. This is caused by the fact that
attributes for IT governance BSC can perform not only as the performance measurement,
but the former groups of attributes can also affect the later groups/perspectives, as shown
in Figure 2. Lack of audit in source attributes can affect the control of destination
attributes. Therefore, all attributes in the low priority quadrant need to be reconsidered for
their outcomes and consequences.
4.4 The possible overkill quadrant
The measuring or rewarding individual and team performance (V9) is only one
attribute that falls into the possible overkill quadrant. The attribute in this cell is
considered to perform much control. Therefore, IT executives should reconsider the
importance of this attribute. If the final discussion identifies the same remark, then it
can reduce the efforts for this attribute.
5. Discussion
In this study, we applied IPA analysis with IT governance BSC to capture IT
executives perception on the importance of IT governance performance measures that
performed in their universities. Original IPA identifies that the attributes for quadrants
III and IV are considered to be low priority and over emphasized, respectively. When
applying the IPA to a strategic tool like IT governance BSC, the results should be
interpreted carefully in order to avoid being misleading. The obtained results should be
reshaped from original IPA analysis, because the metrics from IT governance BSC is
demonstrated in the cause and effect form. We cannot identify that the attributes in
quadrants III and IV are unnecessary metrics, but it can be interpreted in a way that
IT executives should pay close attention for reconsidering on the outcomes and
consequences of these metrics. If they confirm that the existing metrics are not
important, then the unnecessary metrics should be rejected. After getting rid of
unnecessary indicators, IT executives can follow up the three strategic actions to lift up
their capability for governing IT in their universities, as shown in Figure 5.
IT governance strategic guidance:
.
S1 strategy. The S1 strategy is intended to support the attributes that fall into
unimportant region to rise up to important region. By following S1 strategy, IT
executives should figure out an approach to raising awareness on internal IT
processes that lack of clarity concerns at both executive and operational levels.
Providing award for IT best practice development in subunit of each university
can also be used to motivate staff to realize the importance of IT performance
measures.
.
S2 strategy. The S2 strategy aims to rise up the attributes that fall into low
performance region to high performance region. According to S2 strategy, IT
executives should focus on identifying indicators that should be consistent with
their internal IT processes. Furthermore, all stakeholders should be involved in
the development of these indicators in order to gain broader acceptance.
.
S3 strategy. The final strategy is intended to rise up both attributes that fall
into low performance and unimportant region to high performance and
IT governance
balanced
scorecard
241
2.80
Quadrant I
(Concentrate here)
2.70
Quadrant II
(Keep Up the Good Work)
S2
2.60
Important
2.50
S3
S1
2.40
2.30
2.20
Quadrant IV
(Possible Overkill)
Quadrant III
(Low Priority)
2.10
2.00
1.70
1.80
1.90
2.00
2.10
2.20
Performance
2.30
2.40
2.50
2.60
Figure 5.
IT governance strategic
guidance for Thai
universities based on IPA
IMCS
21,4
242
6. Conclusions
There have been a few research studies conducted on the topic of IT governance in
developing countries, especially in Thailand. Therefore, this research aims to provide
the strategic action of IT governance for organizations in this region. In this case, we
have limited our scope to choose only universities in Thailand as the subjects of this
study. In order to answer the research questions, our conclusions are presented in the
following order.
First, the evidence on global perspective can lead us to conclude that IT governance
should begin as a journey inspired from the board. Even the well-established IT
governance frameworks will need to determine the coherence of organizational
processes before adoption. Therefore, the well-communicated IT strategy and policy
should be established before enabling IT governance in action. In the case of
university, in order to decrease capital risk and failure of trial and error, universities
should primarily analyze their current situations of IT governance performance before
performing any other actions on IT governance.
Second, IT executives can apply the metrics of IT governance BSC with IPA to
clarify the current situation of IT governance performance in their universities.
Consequently, the strategic action of IT governance for Thai universities can be
specified. Additionally, the control framework currently used in the university can be
adapted to the implications from IPA.
Third, based on the results from IPA, Thai universities can apply the attributes that
fall into the keep up the good work as the baseline indicators for driving IT governance
in their universities. In the long run, the IT executives can apply IT governance
strategic recommendations provided by this study as the guideline to improve the
effective control for their internal IT processes. In further studies, the insight review
articles based on the global IT governance perspective and the practical guideline from
regional survey can be combined to draw the flexible IT governance framework for
Thai universities.
References
Abu-Musa, A.A. (2007), Exploring information technology governance (ITG) in developing
countries: an empirical study, The International Journal of Digital Accounting Research,
Vol. 7 No. 13, pp. 71-117.
Afzali, P., Azmayandeh, E., Nassiri, R. and Shabgahi, G.L. (2010), Effective governance through
simultaneous use of COBIT and Val IT, Proceedings of the International Conference on
Education and Management Technology, pp. 46-50.
Baka, M. and Aziz, M. (2010), Implementing a novel IT governance framework a case study the
Abu Dhabi water & electricity authority, Proceedings of the Second International
Conference on Engineering Systems Management and Its Applications, pp. 1-5.
Beimborn, D., Schlosser, F. and Weitzel, T. (2009), Proposing a theoretical model for IT
governance and IT business alignment, Proceedings of the 42nd Hawaii International
Conference on System Sciences, Los Alamitos, CA, USA, pp. 1-11.
Bhattachariya, J. and Chang, V. (2007), The role of IT governance in the evolution of
organizations in the digital economy: cases in Australian higher education, Proceedings of
the International Conference on Digital Ecosystems and Technologies, School of
Information Systems, pp. 428-433.
Bowen, P.L., Cheung, M.Y.D. and Rohde, F.H. (2007), Enhancing IT governance practices: a
model and case study of an organizations efforts, International Journal of Accounting
Information Systems, Vol. 8 No. 3, pp. 191-221.
Brown, A.E. and Grant, G.G. (2005), Framing the frameworks: a review of IT governance
research, Communications of the Association for Information Systems, Vol. 15,
pp. 696-712.
Cai, M. and Yu, J. (2009), The pattern of IT governance in small and medium-sized garment
enterprise, Proceedings of the International Conference on Management and Service
Science, pp. 1-4.
Chen, L. (2010), Business-IT alignment maturity of companies in China, Information
& Management, Vol. 47 No. 1, pp. 9-16.
Chu, R.K.S. and Tat, C. (2000), An importance-performance analysis of hotel selection factors in
the Hong Kong hotel industry: a comparison of business and leisure travelers, Tourism
Management, Vol. 21, pp. 363-377.
Cobbold, I. and Lawrie, G. (2002), Development of the balanced scorecard as a strategic
management tool, in Neely, A., Walters, A. and Austin, R. (Eds), Performance
Measurement and Management: Research and Action, Centre for Business Performance,
Cranfield, UK, pp. 125-132.
Cumps, B., Viaene, S. and Dedene, G. (2006), Managing for better business-IT alignment, IT
Professional, Vol. 8 No. 5, pp. 17-24.
Cumps, B., Martens, D., De Backer, M., Haesen, R., Viaene, S., Dedene, G., Baesens, B. and Snoeck,
M. (2009), Inferring comprehensible business/ICT alignment rules, Information
& Management, Vol. 46 No. 2, pp. 116-124.
De Haes, S. and Van Grembergen, W. (2006), Information technology governance best practices
in Belgian organisations, Proceedings of the 39th Annual Hawaii International
Conference on System Sciences.
De Oliveira Alves, G.A., Da Costa Carmo, L.F.R. and De Almeida, A.C.R.D. (2006), Enterprise
security governance: a practical guide to implement and control information security
governance (ISG), Proceedings of the First IEEE/IFIP International Workshop on
Business-Driven IT Management, pp. 71-80.
Fairchild, A. (2004), Information technology outsourcing (ITO) governance: an examination of
the outsourcing management maturity model, Proceedings of the 37th Annual Hawaii
International Conference on System Sciences, Big Island, HI.
Fasanghari, M., Nasser Eslami, F. and Naghavi, M. (2008), IT governance standard selection
based on two phase clustering method, Proceedings of the Fourth International
Conference on Networked Computing and Advanced Information Management, Gyeongju,
South Korea, pp. 513-518.
Ferran, C. (2006), Electronic business in developing countries: the digitalization of bad
practices, in Tan, F.B. (Ed.), Global Information Technologies: Concepts, Methodologies,
Tools, and Applications, IGI Global, Hershey, PA, pp. 3091-3104.
IT governance
balanced
scorecard
243
IMCS
21,4
Fink, K. and Ploder, C. (2008), Decision support framework for the implementation of
IT-governance, Proceedings of the 41st Hawaii International Conference on System
Sciences, Los Alamitos, CA, USA.
Gheorghe, M. (2006), IT governance principles, Journal of Accounting and Management
Information Systems, No. 18, pp. 86-102.
244
Hawes, J.M. and Rao, C.P. (1985), Using importance-performance analysis to develop health care
marketing strategies, Journal of Health Care Marketing, Vol. 5 No. 4, pp. 19-25.
Hosseinbeig, S., Karimzadgan-Moghadam, D., Vahdat, D. and Moghadam, R.A. (2011), IT
strategic alignment maturity and IT governance, Proceedings of the 4th International
Conference on Interaction Sciences, pp. 67-72.
Huang, Y.K., Kuo, Y.W. and Xu, S.W. (2009), Applying importance-performance analysis to
evaluate logistics service quality for online shopping among retailing delivery,
International Journal of Electronic Business Management, Vol. 7 No. 2, pp. 128-136.
Hudson, S., Hudson, P. and Miller, G.A. (2004), The measurement of service quality in the tour
operating sector: a methodological comparison, Journal of Travel Research, Vol. 42,
pp. 305-312.
Ibrahim, E.E., Joseph, M. and Ibeh, K.I.N. (2006), Customers perception of electronic service
delivery in the UK retail banking sector, International Journal of Bank Marketing, Vol. 24
No. 7, pp. 475-493.
JISC (2007), A framework for information systems management and governance:
self-assessment toolkit, Joint Information Systems Committee, available at: www.jisc.a
c.uk/media/documents/programmes/jos/Governance_Toolkit.pdf (accessed 22 June 2012).
Joseph, M., Allbright, D., Stone, G., Sekhon, Y. and Tinson, J. (2005), Importance-performance
analysis of UK and US bank customer perceptions of service delivery technologies,
International Journal of Financial Services Management, Vol. 1 No. 1, pp. 66-88.
Kaplan, R.S. and Norton, D.P. (1996), Using the balanced scorecard as a strategic management
system, Harvard Business Review, Vol. 74 No. 1, pp. 75-85.
Krey, M., Harriehausen, B., Knoll, M. and Furnell, S. (2010), IT governance and its impact on the
Swiss healthcare, Proceedings of the 12th International Conference on Computer
Modelling and Simulation, Cambridge, UK, pp. 340-345.
Larsen, M., Pedersen, M. and Viborg Andersen, K. (2006), IT governance: reviewing 17 IT
governance tools and analysing the case of Novozymes A/S, Proceedings of the 39th
Annual Hawaii International Conference on System Sciences, Kauia, HI, pp. 1-11.
Lee, J. and Lee, C. (2009), IT governance-based IT strategy and management: literature review
and future, in Cater-Steel, A. (Ed.), Information Technology Governance and Service
Management Framework and Adaptation, IGI Global, Hershey, PA, pp. 44-62.
Lee, J., Juhn, S. and Hwang, K. (2009), New development of advanced ITG framework,
Proceedings of the 42nd Hawaii International Conference on System Sciences, Waikoloa,
HI, pp. 1-10.
Levenburg, N.M. and Magal, S.R. (2004), Applying importance-performance analysis to evaluate
e-business strategies among small firm, E-service Journal, Vol. 3 No. 3, pp. 29-48.
Lunardi, G.L., Becker, J.L. and Macada, A.C.G. (2009), The financial impact of IT governance
mechanisms adoption: an empirical analysis with Brazilian firms, Proceedings of the
42nd Hawaii International Conference on System Sciences, Los Alamitos, CA, USA,
pp. 1-10.
Maidin, S.S. and Arshad, N.H. (2010), IT governance practices model in IT project approval and
implementation in Malaysian public sector, Proceedings of the International Conference
on Electronics and Information Engineering, pp. V1-532-V1-536.
Martilla, J.A. and James, J.C. (1977), Importance-performance analysis, Journal of Marketing,
Vol. 41 No. 1, pp. 77-79.
Martnez, A.F. and Largo, F.L. (2009), An IT governance framework for universities in Spain,
available at: http://rua.ua.es/dspace/bitstream/10045/11216/1/EUNIS%202009%20%
20An%20IT%20Governance%20Framework%20for%20Universities%20in%20Spain%
20-%20Fernandez%20y%20Llorens.pdf (accessed 11 June 2012).
Miranda, F.J. (2010), An importance-performance analysis of primary health care services:
managers vs patients perceptions, Journal of Service Science and Management, Vol. 3
No. 2, pp. 227-234.
Nale, R.D., Rauch, D.A. and Wathen, S.A. (2000), An exploratory look at the use of importance
performance analysis as a curricular assessment tool in a school of business, Journal of
Workplace Learning: Employee Counselling Today, Vol. 12 No. 4, pp. 139-145.
Nassiri, R., Ghayekhloo, S. and Shabgahi, G.L. (2009), A novel approach for IT governance: a
practitioner view, Proceedings of the International Conference on Computer Technology
and Development, Kota Kinabalu, Malaysia, pp. 217-221.
Nfuka, E.N. and Rusu, L. (2010), Critical success factors for effective IT governance in the public
sector organisations in a developing country: the case of Tanzania, Proceedings of the
European Conference on Information Systems, pp. 1-15.
Nfuka, E.N., Rusu, L., Johannesson, P. and Mutagahywa, B. (2009), The state of IT governance
in organizations from the public sector in a developing country, Proceedings of the 42nd
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA, pp. 1-12.
ONeill, M.A. and Palmer, A. (2004), Importance-performance analysis: a useful tool for directing
continuous quality improvement in higher education, Quality Assurance in Education,
Vol. 12 No. 1, pp. 39-52.
Park, H., Jung, S., Lee, Y. and Jang, K. (2006), The effect of improving IT standard in IT
governance, Proceedings of the International Conference on Computational Inteligence for
Modelling Control and Automation and International Conference on Intelligent Agents Web
Technologies and International Commerce, Sydney, Australia.
Peterson, R.R. (2001), Configurations and coordination for global information technology
governance: complex designs in a transnational European context, Proceedings of the
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA.
Peterson, R.R. and Fairchild, A.M. (2003), Exploring the impact of electronic business readiness
on leadership capabilities in information technology governance, Proceedings of the 36th
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA.
Prasad, A., Heales, J. and Green, P. (2010), A capabilities-based approach to obtaining a deeper
understanding of information technology governance effectiveness: evidence from IT
steering committees, International Journal of Accounting Information Systems, Vol. 11
No. 3, pp. 214-232.
Ribbers, P., Peterson, R. and Parker-Priebe, M. (2002), Designing information technology
governance processes: diagnosing contemporary practices and competing theories,
Proceedings of the 35th Hawaii International Conference on System Sciences, pp. 3143-3154.
Ridley, G., Young, J. and Carroll, P. (2004), COBIT and its utilization: a framework from the
literature, Proceedings of the 37th Hawaii International Conference on System Sciences,
Los Alamitos, CA, USA.
IT governance
balanced
scorecard
245
IMCS
21,4
246
Sahraoui, S.M. (2009), ICT governance in higher education: case study of the rise and fall of open
source in a Gulf university, Proceedings of the International Conference on Information
and Communication Technologies and Development, pp. 348-356.
Salle, M. and Di-Vitantonio, G. (2006), Business service management: the impact of IT
governance models on IT management policies, Proceedings of the International
Conference on Services Computing, Chicago, IL, USA, pp. 373-380.
Samanta, S. (2007), Business-IT alignment strategies: a conceptual modeling, Proceedings of
the Portland International Center for Management of Engineering and Technology, pp. 1-5.
Schwarz, A. and Hirschheim, R. (2003), An extended platform logic perspective of IT
governance: managing perceptions and activities of IT, Journal of Strategic Information
Systems, Vol. 12 No. 2, pp. 129-166.
Seng Wong, M., Hideki, N. and George, P. (2011), The use of importance-performance analysis
(IPA) in evaluating Japans e-government services, Journal of Theoretical and Applied
Electronic Commerce Research, Vol. 6 No. 2, pp. 17-30.
Sherer, S.A. (2004), IS project selection: the role of strategic vision and IT governance,
Proceedings of the 37th Hawaii International Conference on System Sciences, Los Alamitos,
CA, USA, pp. 1-8.
Silva, E. and Chaix, Y. (2008), Business and IT governance alignment simulation essay on a
business process? And IT service model, Proceedings of the 41st Hawaii International
Conference on System Sciences, Los Alamitos, CA, USA.
Simonsson, M., Johnson, P. and Ekstedt, M. (2008a), IT governance decision support using the
IT organization modeling and assessment tool, Proceedings of the Portland International
Conference on Management of Engineering & Technology, Cape Town, South Africa,
pp. 802-810.
Simonsson, M., Lagerstrom, R. and Johnson, P. (2008b), A Bayesian network for IT governance
performance prediction, Proceedings of the 10th International Conference on Electronic
Commerce, Innsbruck, Austria.
Sohal, A.S. and Fitzpatrick, P. (2002), IT governance and management in large Australian
organizations, International Journal of Production Economics, Vol. 75 No. 1, pp. 97-112.
Tu, W. and Zhang, J. (2008), The components and practice of information technology
governance, Proceedings of the First International Workshop on Knowledge Discovery and
Data Mining, Adelaide, Australia, pp. 465-468.
Van Grembergen, W. (2005), Measuring and improving information technology governance
through the balanced scorecard, available at: www.isaca.org/Journal/Past-Issues/2005/
Volume-2/Documents/jpdf052-measuring-and-improving.pdf (accessed 22 June 2012).
Van Grembergen, W. and De Haes, S. (2010), A research journey into enterprise governance of
IT, business/IT alignment and value creation, International Journal of IT/Business
Alignment and Governance, Vol. 1 No. 1, pp. 1-13.
Weill, P. and Ross, J.W. (2004), IT Governance: How Top Performers Manage IT Decision Rights
for Superior Results, Harvard Business School Publishing, Boston, MA.
Wong, M.S., Fearon, C. and Philip, G. (2009), Evaluating e-government in Malaysia: an
importance-performance grid analysis (IPA) of citizens and service providers,
International Journal of Electronic Business, Vol. 7 No. 2, pp. 105-129.
Xiao-Wen, L., Xiao-Chun, L. and Ke-Jin, H. (2009), Design and implementation of IT governance
planning decision supporting, Proceedings of the Chinese Control and Decision
Conference, pp. 5629-5632.
(continued)
IT governance
balanced
scorecard
247
IMCS
21,4
Importance
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
2
2
2
2
3
3
3
3
1
1
1
1
2
2
2
2
3
3
3
3
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
2
2
2
2
2
Importance (2)
1
1
1
1
1
Performance
248
1. Corporate Contribution
1.1
1.2
1.3
1.4
1.5
2. Future Orientation
2.1
2.2
2.3
2.4
2.5
3. Stakeholder Orientation
3.1
3.2
3.3
3.4
Stakeholder satisfaction
Demonstrate competitive costs
Delivery good service
Develop good service
4. Operational Excellence
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
IT governance
balanced
scorecard
249
Reproduced with permission of the copyright owner. Further reproduction prohibited without
permission.