Copyright 2007 ISACA. All rights reserved. www.isaca.org.

The IT Balanced Scorecard Revisited

By Alec Cram, CISA, CISSP
What gets measured is what gets done.1 Carly Fiorina he intense spotlight on information technology (IT) governance within todays organizations has renewed the importance of management tools that help stakeholders cope with technology risks. Among these tools is the IT balanced scorecard (IT BSC), a derivative of the original balanced scorecard introduced in 1992. Although the IT BSC has evolved in recent years, should it be discounted as an outdated management fad or embraced as a fundamental resource relevant to modern IT issues? This article revisits the IT BSCits history, current status, and anticipated future as an IT management and control tool. modification of the traditional perspectives and measures proposed by Kaplan and Norton. Additionally, publications on the IT BSC were becoming increasingly implementationoriented, including more practical results on the study of the design, operation and management of an IT-specific scorecard. SpecializationMost recently, the content of IT BSCs has become increasingly specific, to track individual components of IT management issues. These BSCs cover topics such as IT governance, service level management, enterprise resource planning, knowledge management and IT audit. Additionally, the increasing publication of management-targeted articles began to emerge during this phase, expanding the literature beyond the previously academic-dominated environment. The three stages of the IT BSC and the initial introductory stage of the original BSC are outlined in figure 1.

A Brief History of the BSC and IT BSC

The original balanced scorecard concept, popularized by Harvard University professors Robert Kaplan and David Norton, is based on four fundamental perspectives: financial, customer, internal business process, and learning and growth. By applying a series of specific objectives, measures, targets and initiatives to each perspective, this balanced method allows management to plan and evaluate a range of important organizational areas with a single approach. For example, a company using the BSC could track objectives such as increased profitability (financial perspective), decreased customer complaints (customer perspective), improved manufacturing productivity (internal business process perspective) and reduced employee turnover (learning and growth perspective). Balanced scorecards designed specifically to address IT issues surfaced in the mid-1990s and evolved in design, complexity and content over the following decade. IT BSC advancements can be characterized into three distinct stages: IntroductionEarly development of the IT BSC concept focused on the challenges of IT evaluation techniques and the potential benefits that the new scorecard tool could provide. Introductory publications aligned closely with Kaplans and Nortons BSC techniques, including the original four perspectives. Due to the lack of practical IT BSC implementation experience during the introduction phase, much of the early research concentrated on the theory and concepts of the tool. RefinementAs experience with the IT BSC increased, practitioners and academics began to refine the tool based on contemporary ideas relating to IT and business integration, measurement and strategy. During this time, a number of case study results and lessons learned were beginning to form in industry and government. This knowledge was driving a more sophisticated approach to the IT BSC, including the

Current Drivers of Todays IT BSC

By assisting in the management of three current drivers, the IT BSC has increased its organizational importance to todays practitioners. These drivers are: 1. Demonstration of IT valueA recently published study found that demonstrating IT value to the business is one of the top five technology challenges for IT executives in Italy, the UK and the US.2 The IT BSC assists in managing this issue by providing a straightforward method of reporting on a range of IT metrics, enabling the value of IT to be quantified for business stakeholders. 2. IT governanceIT governance is considered another important technology challenge, particularly for IT executives in Japan and France.3 The IT BSC can be specifically customized to address IT governance issues, as outlined in an Information Systems Control Journal article published in 2005 by Wim Van Grembergen and Steven De Haes.4 Using this method, the IT BSC utilizes four perspectives to enable practitioners to manage governance issues: future orientation, operational excellence, stakeholders and corporate contribution of the IT function. The IT BSC also plays an important role in the Control Objectives for Information and related Technology (COBIT) framework, underscoring the tools relevance to todays IT governance practitioners. Performance measurement represents one of the five key IT governance focus areas in COBIT, and scorecards are recognized as a key method for organizations to manage issues such as strategy implementation, project completion, process performance and service delivery. 3. Cost cutting and efficiencyAnother key technology challenge for IT executives is cost savings, particularly in Japan and Germany.5 The IT BSC directly addresses this
1

I N F O R M AT I O N S Y S T E M S C O N T RO L J O U R NA L , VO L U M E 3 , 2 0 0 7

Figure 1The Evolution of the IT BSC

IT BSC Specialization (2000+)

IT BSC Refinement (1997+)

IT BSC Introduction (1994+)

BSC Introduction (1992+)

Development drivers: Rapidly changing IT environment Increasing pressure to demonstrate the value of IT and measure performance Development drivers: Application of the BSC tool to IT-specific environment Development drivers: Lack of a tool to measure financial and nonfinancial metrics Fundamental changes: Formal BSC structure development Widespread implementation Fundamental changes: Extension of BSC concept to include IT-related issues Focus on IT evaluation techniques and IT BSC theory Fundamental changes: Modification of the traditional perspectives and measures Preliminary development of best practice implementation techniques

Development drivers: Demonstration of IT value IT regulatory compliance Cost cutting and efficiency Fundamental changes: Increasing specificity of topics Increasing management and practitioner literature

objective, as recognized in a 1999 article in Decision Support Systems. IS can be evaluated in terms of (1) the efficiency of the activities associated with IS development and operations; and (2) its contribution to the effectiveness of those that use IS to improve personal productivity and strive to help attain corporate goals. The balanced IS scorecard integrates these two dimensions.6 An effective IT BSC will track both the efficiency of IT activities (e.g., average time to respond to a high-priority user issue) and the effectiveness of contributions to organizational goals (e.g., consistent reductions of IT hardware maintenance costs).

Current Use of Todays IT BSC

Reliable statistics on the current volume of IT BSC use are somewhat varied: A CIO research report published in 2003 indicates that 30 percent of organizations use the IT BSC.7 The Working Council for Chief Information Officers estimates that 39 percent of organizations in 2003 had deployed an IT BSC.8 According to a Gartner report published in June 2006, 23 percent of IT departments regularly share BSC results with business leadership; however, an additional 16 percent plan to use the BSC as an additional reporting method in the future.9 Based on the history of the IT BSC and considering the tools current drivers, its lifespan can be roughly plotted on a hype cycle diagram, as illustrated in figure 2. Originally developed by Gartner, the hype cycle is a graphical representation of the maturity, adoption and business application of new technologies, and considers the over-enthusiasm that often surrounds their

I N F O R M AT I O N S Y S T E M S C O N T RO L J O U R NA L , VO L U M E 5 , 2 0 0 7

Figure 2Hype Cycle of the IT BSC

Widespread adoption of traditional BSCs, triggering heightened focus on the IT BSC

Failure to adhere to common implementation pitfalls Increasing legal compliance requirements related to IT Uncertain IT BSC cost/benefit results

Increasing press coverage and academic articles

Widespread development of highly tailored and specific IT BSCs

Visibility

Renewed dedication to demonstrating IT value Wavering IT value perception of management

Extension of BSC concept to include IT-related issues

Technology Trigger

Peak of Inflated Expectations

Trough of Disillusionment

Scope of Enlightenment

Plateau of Productivity

Time

introduction. As illustrated by the diagram, it appears likely that the IT BSC is reaching its maturity in terms of productivity and is unlikely to experience any significant future changes in practitioner visibility.

Management Issues of Todays IT BSC

Of particular interest to practitioners as the IT BSC ages is what can be learned from the practical experiences of others. Case studies and management guides are now available to share the knowledge obtained from companies that have implemented IT BSCs. The information in these publications provides not only useful scorecard templates, but also specific guidance on key success factors and cautions regarding common pitfalls. By gaining insight based on the experience of other practitioners, todays companies are more likely to achieve the benefits of the tool and avoid potential failures. In figure 3, a selection of commonly identified success factors is discussed.

Tomorrows IT BSC: The Tool of the Future

The continued use of a measurement and strategy tool such as the IT BSC is likely to last only as long as organizations continue to receive sufficient benefits. Alternative tools, such as applied information economics and earned value management, provide similar integrated techniques to evaluate IT resources, and this rivalry with the IT BSC is likely to continue into the future.

Based on the demonstrated flexibility of the IT BSC, it is likely to continue to be adapted to practitioner demands. This could include the application of the IT BSC to areas such as privacy, IT management in developing countries and software development. The organizational benefits of implementing an IT BSC can be challenging to evaluate. Like many systems of internal control or governance, value is likely to be derived from areas such as lowered risk, higher transparency and improved quality of information, which benefit the organization or department. The associated costs of development, implementation and ongoing maintenance of an IT BSC program can be significant, depending on the program scale and organization size. A technique to determine if the tools benefits are greater than its cost is largely overlooked in current publications and is an interesting topic for future investigation. As experience with the IT BSC continues to grow, an expansion of related management literature, research results and case study training materials will greatly assist organizations that plan to implement the tool in the future and current users of the tool who have areas in which to improve. As noted previously, a cost-benefit evaluation of the IT BSC, as well as mid- to long-term performance evaluations of the tool, will also assist managers in understanding and quantifying the tools value to organizational stakeholders.

I N F O R M AT I O N S Y S T E M S C O N T RO L J O U R NA L , VO L U M E 5 , 2 0 0 7

Figure 3IT BSC Success Factors

Theme Leadership commitment Suggested Action Obtain a strong senior leadership commitment from both the business and IT. This is a key success factor in designing the IT BSC, selecting metrics and reviewing the proposed plan. Ensure that the IT BSC maintains strong links to financial outcomes and organizational IT strategy. These are two important elements of a successful design. Create a formal project management structure to assist in the oversight, construction and implementation of the IT BSC. Achieve teamwork and consensus between the business and IT. These are fundamental in creating a successful IT BSC that will fulfill stakeholder expectations. Key Contributors Chief executive officer, chief financial officer, chief information officer (CIO), IT director IT director, controller

Design

Oversight Teamwork

CIO, IT BSC program manager IT director, operations director, controller

Summary
In the decade since the IT BSCs emergence, the tool has experienced a significant evolution, driven by a series of external factors. Its resilience in remaining part of present-day control frameworks indicates that the IT BSC is not an outdated management fad, but an important component of modern organizations. Its contribution as an IT management and control tool is clear, and the IT BSC is likely to continue as a valued tool in the years to come.

Wikipedia, definition of hype cycle, http://en.wikipedia.org/ wiki/Gartners_Hype_Cycle, 10 January 2007 Willcocks, L.; Information Management: The Evaluation of Information Systems Investments, Chapman & Hall, 1994 Working Council for Chief Information Officers, IT Balanced Scorecards: End to End Performance Measurement for the Corporate IT Function, 2002

Endnotes References
Cram, A.; Defining and Measuring IT Audit Value, ISACA London Datawatch, Winter 2005 Federation of Chief Information Officers Council, Lessons Learned on Information Technology Performance Management, www.cio.gov IT Governance Institute, COBIT, USA, 1998-2007 Kaplan, Robert S.; David P. Norton; The Balanced Scorecard: Translating Strategy into Action, Harvard Business School Publishing, 1996 Keyes, J.; Implementing the IT Balanced Scorecard, Auerbach Publishers Inc., 2005 Rosemann, M.; J. Wiese; Measuring the Performance of ERP SoftwareA Balanced Scorecard Approach, Proceedings of the10th Australasian Conference on Information Systems, 1999 US General Accounting Office, Measuring Performance and Demonstrating Results of Information Technology Investments, www.gao.gov, March 1998 Van Grembergen, W.; The Balanced Scorecard and IT Governance, Information Systems Control Journal, vol. 2, 2000 Van Grembergen, W.; Strategies for Information Technology Governance, Idea Publishing Group, September 2003 Van Grembergen, W.; R. Saull; S. De Haes; Linking the IT Balanced Scorecard to the Business Objectives at a Major Canadian Financial Group, www.ua.ac.be Van Grembergen, W.; R. Van Bruggen; Measuring and Improving Corporate Information Technology Through the Balanced Scorecard Technique, The Fourth European Conference on the Evaluation of Information Technology, Delft University Press, 1997 Van Grembergen, W.; S. De Haes; I. Amelinckx; Using COBIT and the Balanced Scorecard as Instruments for Service Level Management, Information Systems Control Journal, vol. 4, 2003
4

Bowley, Graham; Breakfast With the FT: Soul Survivor, FT Magazine, 11/12 November 2006 2 Accenture, Accenture Survey of Information Technology Executives Finds Improving Service Vies With Cost Reduction as Top Challenge, 6 December 2006 3 Ibid. 4 Van Grembergen, W.; S. De Haes; Measuring and Improving Information Technology Governance Through the Balanced Scorecard, Information Systems Control Journal, vol. 2, 2005 5 Op. cit., Accenture 6 Martinsons, M.; R. Davidson; D. Tse; The Balanced Scorecard: A Foundation for the Strategic Management of Information Systems, Decision Support Systems, vol. 25, 1999 7 CIO, Best Practices of Resourceful CIOs, www.cio.com, August 2003 8 Working Council for Chief Information Officers, IT Balanced Scorecards: End to End Performance Measurement for the Corporate IT Function, 2002 9 Kirwin, B.; IT Performance Reporting Inadequacies Impact IT Value Proposition, Gartner, June 2006
1

Alec Cram, CISA, CISSP is a manager in the enterprise risk service line of Deloitte. Recently returning from secondment in the London, UK, office, Cram is based in Toronto, Ontario, Canada, where he provides control assurance services to clients in the technology, media and telecommunications industries. Cram is a member of the ISACA Publications Committee.

I N F O R M AT I O N S Y S T E M S C O N T RO L J O U R NA L , VO L U M E 5 , 2 0 0 7

Information Systems Control Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the Information Systems Control Journal. Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of authors' content. 2007 ISACA. All rights reserved. Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25 per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited. www.isaca.org

I N F O R M AT I O N S Y S T E M S C O N T RO L J O U R NA L , VO L U M E 5 , 2 0 0 7