Professional Documents
Culture Documents
discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/220630529
CITATIONS READS
114 629
2 authors:
All in-text references underlined in blue are linked to publications on ResearchGate, Available from: Steven De Haes
letting you access and read them immediately. Retrieved on: 27 July 2016
Information Systems Management, 26: 123–137
Copyright © Taylor & Francis Group, LLC
ISSN: 1058-0530 print/1934-8703 online
DOI: 10.1080/10580530902794786
UISM
Abstract IT governance is one of these concepts that suddenly emerged and became an important
issue in the information technology area. Many organisations started with the implementation of IT
governance to achieve a better alignment between business and IT. This paper carries interpretations
regarding important existing theories, models, and practices in the IT governance domain and presents
research questions derived from it. Next, multiple research strategies are triangulated in order to explore
how organisations are implementing IT governance and to analyse the relationship between these imple-
mentations and business/IT alignment. The major finding is that business/IT alignment maturity is
higher when organisations are applying a mix of mature IT governance practices.
Keywords IT governance, business/IT alignment, exploratory research
In many organisations, information technology (IT) has on how organisations are effectively implementing IT
become crucial in the support, sustainability, and growth governance in day-to-day practice and what the impact is
of the business. This pervasive use of technology has cre- of the IT governance implementation on business/IT
ated a critical dependency on IT that calls for a specific alignment. Via this research, we want to contribute to
focus on IT governance. IT governance consists of the new theory building in the IT governance domain of
leadership and organisational structures and processes knowledge and assist practitioners by providing more
that ensure that the organisation’s IT sustains and guidance on how IT governance can be effectively imple-
extends the organisation’s strategy and objectives (ITGI, mented. This research paper aims to comply with the
2003; Van Grembergen, 2001). concept of “consumable IS research,” as put forward by
Today, IT governance is high on the agenda and many O’Keefe and Paul (2000), being both academically rigor-
organisations are implementing IT governance practices ous and relevant to practice.
into day-to-day operations. Once a specific IT governance
model is chosen and implemented, it should, as indicated
in the above definition, enable that IT sustains and Defining the Research Questions
extends the business goals, or in other words, enable that
IT is aligned to the business needs (business/IT alignment). Two research questions (RQ) are put forward in this
The IT governance implementation challenge and the paper, as visualised in Figure 1, and discussed below.
subsequent impact on business/IT alignment constitute
the core domain of this research. This practice-oriented
research focus is relatively unexplored in academic liter- RQ1: How are Organisations Implementing
ature. Many research projects focused on the impact of IT Governance?
specific contingencies, for example centralised versus
decentralised governance structures (Ahituv et al., 1989; As proposed by work from amongst others Peterson
Brown and Magill, 1994) and on how strategic alignment (2003), Weill and Ross (2004), Peterson et al. (2002), and
impacts business performance (e.g., Bergeron et al., 2009; Van Grembergen et al. (2003), IT governance can be
Teo and King, 1999). However, less research can be found deployed using a mixture of various structures, processes,
and relational mechanisms. IT governance structures
Address correspondence to Steven De Haes, University of Antwerp include “structural (formal) devices and mechanisms for
Management School, St-Jacobsmarkt 13, 2000 Antwerp, Belgium. connecting and enabling horizontal, or liaison, contacts
E-mail: steven.dehaes@ua.ac.be between business and IT management (decision-making)
123
124 De Haes and Van Grembergen
RQ1: How are organisations is the Strategic Alignment Model (SAM) of Henderson
implementing IT governance? et al. (1993), addressing the required balance between
business strategies, IT strategies, business processes, and
IT Governance IT processes. Other researchers have complemented this
model with additional insights (e.g., Avison et al., 2004;
Processes
Feuer et al., 2000, Maes, 1999) and have offered more
Business/IT
alignment specific business/IT alignment definitions such as “the
Structures degree to which the information technology mission,
objectives and plans support and are supported by the
Relational RQ2: What is the relationship business mission, objectives and plans” (Sabherwahl &
mechanisms between IT governance and Chan, 2002). However, in a more recent publication Luft-
business/IT alignment?
man and Rajkumark (2007) point out that “many align-
Figure 1. Research framework. ment definitions in literature are frequently focused
only on how IT is aligned (e.g., converged, in harmony,
integrated, linked, synchronized) with the business.
Alignment must also address how the business is aligned
functions” (Peterson, 2003) (e.g. steering committees). IT with IT. Alignment must focus on how IT and the busi-
governance processes refer to “formalisation and institu- ness are aligned with each other; IT can both enable and
tionalisation of strategic IT decision making or IT moni- drive business change.” For this research, we strongly
toring procedures” (Peterson, 2003) (e.g. IT balanced adhere to the concepts of the Strategic Alignment Model
scorecard). The relational mechanisms finally are about (Henderson et al., 1993), focusing on aligning both strate-
“the active participation of, and collaborative relation- gies and operational processes, and acknowledge the bi-
ship among, corporate executives, IT management, and directional nature of alignment as put forward by Luft-
business management” (Peterson, 2003) (e.g., training). man and Rajkumark (2007).
Relational mechanisms are crucial in the IT governance By examining the relationship between IT governance
framework and paramount for attaining and sustaining and alignment, we respond to a need in this research
business/IT alignment, even when the appropriate struc- field, which was reported by Chan and Reich in 2007. In
tures and processes are in place (Keill, 2002; Callahan & their research, they provide a literature review of the
Keyes, 2003; Weill & Broadbent, 1998, Henderson et al., alignment domain until now and conclude that more
1993). It is important to recognise that each of the research and exploration is required into the means or
applied processes, structures, and relational mechanisms antecedents of alignment. They also stress it is important
serve specific or multiple goals in the complex align- to not only list potential antecedents of alignment (as
ment challenge. However, dividing the IT governance other research efforts did), but to also identify relation-
framework into smaller pieces, and solving each problem ships between them and towards alignment (Chan &
separately, does not always unravel the complete prob- Reich, 2007). One of the goals of this research is indeed to
lem (Peterson, 2003). An holistic approach towards IT identify a set of antecedents in terms of structures,
governance acknowledges its complex and dynamic processes, and relational mechanisms, to position these
nature, consisting of a set of interdependent subsystems antecedents into a holistic system and to explore the
(processes, structures, and relational mechanisms) that relationship towards alignment.
deliver a powerful whole (Sambamurthy & Zmud, 1999;
Peterson, 2003).
Defining the Research Scope
validity, and construct validity of the cause” (Cook & material developed on which we can build. The latter is
Campbell, 1979). As this research can be categorised as not only true because it is a new research domain, but as
applied research, the primary focus is on internal validity. denoted by Benbasat and Zmud (1999), “generally, IS
In the first place, it is acknowledged that the use of IT researchers have been less successful than their col-
governance practices might be different in different types leagues in other business school disciplines in develop-
of industries. Therefore, the main focus of this research ing a cumulative research tradition. Without such
is only on one sector, more specifically the financial cumulative results, it becomes difficult, if not impossi-
services sector. The choice of the financial services sector ble, to develop and assess strong theoretical models such
is made because, amongst different industries, financial that prescriptive actions can confidently be suggested for
services, together with manufacturing and retailing, is practice.” By exploring this research domain in detail, we
the first industry to use information technologies and as want to contribute to creating a basis for future research,
such is already more matured in these domains, making by exploring models and generating potential hypothe-
empirical research interesting (Chiasson & Davidson, ses to be tested.
2005). Exploratory research often builds on secondary
The scope was also reduced in geographic terms and research, “such as reviewing available literature and/or
regarding size of organisations. To avoid cultural differ- data, or qualitative approaches such as informal discus-
ences between regions worldwide and contingencies sions with consumers, employees, management or com-
related to the size of the organisations, it was decided to petitors, and more formal approaches through in-depth
only focus on typical Belgian financial services organisa- interviews, focus groups, projective methods, case
tions with headcounts ranging from 100 (mid-size) to studies or pilot studies” (Ryerson, 2007). Our research
over 1000 (large-size) employees. strategy therefore also triangulates between multiple
The final scope reduction focuses on the organisa- different research methods: literature research, pilot
tional level of IT governance practices. As indicated by case research, Delphi method research, benchmark
Van Grembergen et al. (2003), IT governance is situated at research and extreme case research. This triangulation
multiple layers in the organisation: at strategic level enables us to obtain a richer insight in reality, as also
where the board is involved, at management level within advocated by Mingers (2001): “. . . different research
the C-suite and senior management layer and finally at methods focus on different aspects of reality and there-
the operational level with operational IT and business fore a richer understanding of a research topic will be
management. However, Peterson (2003) makes a clear gained by combining several methods together in a sin-
distinction between IT governance and IT management. gle piece of research or research program.” The different
He states that IT management is focused on the effective research methods and phases are visualised in Figure 2
and efficient internal supply of IT services and products and described below.
and the management of present IT operations. IT gover-
nance in turn is much broader, and concentrates on per-
forming and transforming IT to meet present and future
demands of the business (internal focus) and business
customers (external focus). This “higher-level” focus of IT
governance is confirmed in the IT governance definition
of ITGI (2003), which states “IT governance is the respon-
sibility of executives and the board of directors.” Based
on these considerations, we will discard the operational
oriented level, which according to Peterson (2003) maps
to IT management instead of IT governance.
Literature and Pilot Case Research from a predefined set of IT governance practices based on
findings of the literature research and the in-depth
The research process started with exploring the research exploratory case research. In the first round, the respon-
domain and defining the research questions through a dents were asked only to provide their feedback on the
detailed literature research in the domain of business/IT predefined list of practices, giving them the opportunity
alignment and IT governance. The focus was on defining to make recommendations to add, change, or delete
and refining the research questions and on finding an some of the practices. The focus of this first round was on
initial list of structures, processes, and relational mecha- validating the predefined list of practices specifically for
nisms that organisations can leverage to implement IT the financial services sector, so no other input or feed-
governance. At this moment, the research was not yet back was requested at this stage. In the second round, the
scoped down to only the Belgian financial services sector. respondents were asked to rate on a scale of zero to five,
To complement the list of IT governance practices for each of the reviewed IT governance practices, the
found in the literature, pilot cases were described. These “perceived effectiveness (0 = not effective, 5 = very effec-
cases consisted of one in-depth case and five mini-cases tive) and the “perceived ease of implementation” (0 = not
and are based on multiple interviews with both business easy, 5 = very easy). The respondents were also asked to
and IT managers (Table 1). provide the top 10 most important IT governance prac-
tices, taking the previous attributes (effectiveness - ease
of implementation) and their personal experience into
Delphi Research account. In their opinion, these are crucial elements or a
minimum baseline of an optimal IT governance mix (the
In further completing the initial list of IT governance most important practice score 1, the second most impor-
practices and specifying it for the Belgian financial tant score 2, the 10th most important score 10). In the
organisations, the Delphi research methodology was third and final round, the respondents were asked to re-
leveraged. The Delphi method can be characterized “as a evaluate their own scores from round two, considering
method for structuring a group communication process the group averages. The goal of this round was primarily
so that the process is effective in allowing a group of indi- to come to a greater consensus in the group. At the end
viduals, as a whole, to deal with a complex problem” of the third round, the degree of consensus between the
(Linstone & Turoff, 1975). This method is particularly experts was measured leveraging Kendall’s W coefficient
suited as a methodology for this research as “the Delphi (Schmidt & Roy, 1997; Siegel, 1998), specifically for the
method technique lends itself especially well to explor- question on the minimum baseline. Schmidt & Roy
atory theory building on complex, interdisciplinary (1997) offer an interpretation of Kendall’s W, indicating
issues, often involving a number of new or future trends” that the reached level of consensus in this research of
(Akkermans et al., 2003). An expert panel was composed of 0.53 can be considered moderate providing a fair degree
29 consultants—senior IT and senior business professionals— of confidence in the results.
who are all knowledgeable about organisations operat-
ing in the Belgian financial services sector. From this
group, 22 experts continued to be involved in the full Business/IT Alignment Benchmarking
Delphi research effort (25% drop off rate), with six senior
business/audit managers, eight senior IT managers, and The following research step was aimed at measuring
eight senior business/IT consultants. business/IT alignment in a sample of Belgian financial
Using the Delphi method, these financial services services organisations. To achieve this measurement, 13
sector experts needed to complete questionnaires in organisations were contacted, of which 10 committed
three consecutive rounds. Similar to the Delphi research to participate. In each organisation, it was asked that
work of Keill et al. (2002), the Delphi research started five to ten senior business and IT managers complete a
questionnaire measuring business/IT alignment matu-
rity. This questionnaire was based on an instrument
Table 1. Exploratory Pilot Case Studies already used in previous research of Luftman (2000)
and Cumps, Viaene, Dedene, and Vandenbulcke (2006)
Company Industry # Interviewees and later validated by Sledgianowski, Luftman, and
Reilly (2006). The latter validation work resulted in
KBC (in-depth case) Finance 6
Vanbreda (mini case) Insurance 3 an “assessment instrument based on a model using
Sidmar-Arcelor (mini case) Steel 2 multiple criteria and multiple levels to represent differ-
CM (mini case) Insurance 3 ent degrees of alignment, from less mature to more
AGF Belgium (mini case) Insurance 2 mature” (Sledgianowski, Luftman, & Reilly, 2006).
Huntsman (mini case) Chemicals 2
The assessment instrument covers 22 questions in six
IT Governance Implementations and its Impact on Business/IT Alignment 127
domains: communication, competency and value mea- practices within the case organisation. These work-
surement, governance, partnership, scope and architec- shops were structured according to the list of
ture and skills. Each question had to be rated on a scale 33 IT governance practices as defined earlier in the
from zero to five. Delphi research. During the workshop, the partici-
pants were asked to come to a consensus regarding the
maturity for each of the 33 practices. This maturity
Extreme Case Research assessment was based on a generic maturity model
(Table 2) as proposed by the IT Governance Institute
From the established business/IT alignment bench- (ITGI, 2003), providing a scale from 0 (non-existent) to
mark, extreme cases were selected for further case 5 (optimised).
study investigation. Extreme cases research is particu-
larly useful “to obtain information on unusual cases,
which can be especially problematic or especially good Comparing Extreme Cases
in a more closely defined sense” (Flyvbjerg, 2006). The
two organisations with the highest alignment matu- The data collected in the previous step allowed for
rity, and the two organisations with the lowest detailed cross-case analysis, looking for causes that could
alignment maturity, were retained for further analy- explain why some organisations achieved a higher busi-
sis. Having four case organisations was found to be ness/IT alignment score compared to other organisations.
sufficient to allow for in-depth cross-case analysis, as Comparisons were made between the high and low per-
also argued by Eisenhardt (1989): “With fewer than formers in terms of the mix of IT governance practices
4 cases, it is often difficult to generate theory with applied and in terms of the maturity of each of these
much complexity. . . . With more than 10 cases, it practices.
quickly becomes difficult to cope with the complexity
and volume of the data.”
Within each of those extreme cases, a workshop was Research Results and Discussion
organised (two to three hours meeting) with a senior
IT and senior business manager to investigate what the This section will discuss the results of each of the
maturity was of the used individual IT governance research steps.
Literature and Case Research which are indeed complex processes to realise, as they
require a close involvement and collaboration of busi-
The main goal of the literature and pilot case research ness and IT people. Other practices received lower scores
was to get a better view on how organisations are address- than expected, when compared to current thinking in lit-
ing IT governance these days and to come up with an ini- erature. An interesting case of a practice receiving “unex-
tial list of IT governance practices from practice. From the pectedly” low scores is the “architecture committee.” The
case studies, different drivers for adopting IT governance relatively low score for effectiveness for this practice con-
were identified. An important one was certainly the need tradicts with research by Cumps et al. (2006) who con-
to comply with Sarbanes-Oxley requirements, which clude “. . . organisations that have more extensive and
impacts heavily on the control environment in IT. Other mature enterprise architecture management practices
important drivers for IT governance were the push to have a higher probability of belonging to the group of
achieve economies of scales after mergers and acquisi- highly aligned organisations.” Within the Delphi expert
tions and budget pressure, resulting in a smaller budget group, the lowest score for ease of implementation for
for new projects. Challenge of course is then to optimally this practice was assigned by the IT group, probably peo-
assign the remaining budget to projects and activities ple who have already experienced the difficulty of IT
that are delivering value to the business. Finally, some architecture issues in a concrete environment. Indeed, it
pilot case companies mentioned that the IT governance might be that in the group of IT respondents, the archi-
project was more an effort of formalizing and structuring tecture committee implementations took place only
existing mechanisms already applied. recently, and the benefits still have to be proven over
Based on the findings of the literature research, and time. Weill and Ross (2004) also refer to the start up of
the pilot case research, an initial list of IT governance architecture committees: “At many enterprises, architec-
practices was compiled, as shown below (see Table 3). For ture committees get off to a rocky start, usually because
each of these practices, a short definition was developed the committees are formed to “impose” technology stan-
based on the literature and input from the pilot cases. dards on the enterprise. . . . As long as senior manage-
ment espouses the standardisation for business reasons,
however, standards gradually gain acceptance.”
Delphi Research An interesting finding to pinpoint is that many IT gov-
ernance definitions stress the prime responsibility of the
The goal of the Delphi research was to further complete board of directors in IT governance, while these results
the initial list of IT governance practices and to make the reveal that the mechanisms to achieve this board involve-
list specific for the Belgian Financial services sector. ment (“IT expertise at level of board of directors” and “IT
The Delphi research revealed a list of 33 IT governance strategy committee”) are rated relatively low in terms of
practices for the Belgian financial services sector. It perceived effectiveness. This result can possibly be
should be noted that this list cannot be exhaustive, and explained by the fact that making the board of directors
the practices at operational level are discarded in this more IT literate is not easy to achieve, which is con-
research. These practices are shown in the first two col- firmed by the second to last score in term of ease of
umns of Table 4, with Sx being the structures, Px being implementation of “IT expertise at the level of the board
the processes and Rx being the relational mechanisms. of directors.” The results of this research raise questions
The research demonstrated that, according to the on how financial services organisations realise this board
expert group, some of the addressed practices are involvement in practice.
perceived as being more effective or easy to implement If averages are calculated for effectiveness and ease of
compared to others (see columns at the right in Table 4: implementation for all the structures, processes and rela-
effectiveness and ease of implementation). The five prac- tional mechanisms (see Figure 3), it appears that struc-
tices perceived as the most effective for the Belgian finan- tures and processes are in general perceived as being
cial services sector are “IT steering committees,” “CIO equally effective. However, it appears that IT governance
reporting to the CEO/COO,” “CIO on executive commit- structures are perceived as being easier to implement
tee,” “IT budget control and reporting,” and “portfolio compared to IT governance processes, although in many
management.” All these practices were also identified as cases they are closely related. A good example here is the
being relatively easy to implement. The least effective “IT steering committee”, which is a crucial element to
practices are “IT governance assurance and self-assess- build up a “portfolio management” process, but the
ment,” “job-rotation,” and “COSO/ERM.” steering committee is perceived as much easier to imple-
Some practices were perceived as effective but not easy ment compared to the whole “portfolio management”
to implement. Good examples in this high-effectiveness/ process. Relational mechanisms are also perceived as
low ease of implementation domain are “benefits manage- being easier to implement compared to IT governance
ment and reporting” and “charge back arrangements,” processes, probably because some relational mechanisms
IT Governance Implementations and its Impact on Business/IT Alignment 129
(Continued)
IT Governance Implementations and its Impact on Business/IT Alignment 131
Table 4. (Continued)
Effectiveness Ease of Implementation
Index IT Governance Practice Definition (from 0–5) (from 0–5)
P5 Service level agree- Formal agreements between business and 3,47 3,13
ments IT about IT development projects or IT
operations
P6 IT governance Process based IT governance and control 3,36 2,42
framework COBIT framework
P7 IT governance Regular self-assessments or indepent 2,79 2,54
assurance and assurance activities on the governance
self-assessment and control over IT
P8 Project governance / Processes and methodologies to govern 4,1 2,94
management and manage IT projects
methodologies
P9 IT budget control and Processes to control and report upon 4,13 4
reporting budgets of IT
P10 Benefits management Processes to monitor the planned business 2,85 2,36
and reporting benefits during and after implementa-
tion of the IT investments / projects.
P11 COSO / ERM Framework for internal control 2,39 2,04
IT governance R1 Job-rotation IT staff working in the business units and 2,35 2,36
relational business people working in IT
mechanisms R2 Co-location Physically locating business and IT people 2,79 3,01
close to each other
R3 Cross-training Training business people about IT and/or 2,76 2,82
training IT people about business
R4 Knowledge Systems (intranet,. . .) to share and distrib- 3,24 2,68
management ute knowledge about IT governance
(on IT governance) framework, responsibilities, tasks, etc.
R5 Business/IT account Bridging the gap between business and IT 3,79 3,36
management by means of account managers who act
as in-between
R6 Executive / senior Senior business and IT management acting 3,88 2,81
management giving as “partners”
the good example
R7 Informal meetings Informal meetings, with no agenda, where 3,79 3,88
between business business and IT senior management talk
and IT executive/ about general activities, directions,
senior management
R8 IT leadership Ability of CIO or similar role to articulate a 3,89 2,82
vision for IT’s role in the company and
ensure that this vision is clearly
understood by managers throughout the
organisation
R9 Corporate internal Internal corporate communication 3,43 3,69
communication regularly addresses general IT issues.
addressing IT on a
regular basis
R10 IT governance aware- Campaigns to explain to business and IT 2,83 3,14
ness campaigns people the need for IT governance
can have a very informal character (e.g. R7: Informal within a specific financial services organisation, these
meetings between business and IT executive/senior minimum baseline mechanisms may play an important
management). role. As can be seen in Table 5, most of the top 10 IT
During the Delphi research, the experts also had to governance practices are consistent with the one that
define the top 10 most important IT governance prac- received the highest scores for “perceived effectiveness”
tices, which were in their opinion crucial elements or a in Table 4.
minimum baseline of an optimal IT governance mix It was surprising that only one relational mechanism
(specifically for the Belgian financial services sector). This was reported in this minimum baseline (“IT leadership,”
top 10 suggests that, in implementing IT governance Table 5); while many authors in literature stress that the
132 De Haes and Van Grembergen
Number of
Total Deviation
Total number Number of IT business Alignment from
of respondents respondents respondents maturity Score average
A 9 5 4 2,10 –0,59
B 5 3 2 2,16 –0,52
C 9 3 6 2,56 –0,12
D 6 3 3 2,67 –0,02
E 9 5 4 2,71 0,03
F 8 3 5 2,72 0,04
G 10 5 5 2,74 0,06
H 9 6 2 2,91 0,22
I 8 5 4 3,11 0,43
J 11 6 5 3,17 0,48
G
F
<< A B C D E H I J >>
1,0 1,1 1,2 1,3 1,4 1,5 1,6 1,7 1,8 1,9 2,0 2,1 2,2 2,3 2,4 2,5 2,6 2,7 2,8 2,9 3,0 3,1 3,2 3,3 3,4 3,5 3,6 3,7 3,8 3,9 4,0
question “what is the level of alignment between the IT industries, such as manufacturing, because of the high-
strategy and the business?” (McKinsey, 2006). dependency on IT and the strong impact of regulations.
Assuming that this sample of ten organisations is rep-
resentative of the Belgian financial services sector, our
conclusion is that the average business/IT alignment Extreme Case Research
maturity in the entire Belgian financial services sector is
2.69. Such a maturity score only becomes meaningful In the extreme cases of the business/IT alignment bench-
when it can be compared against a target or against mark (two highest aligned organisations and two lowest
results in other sectors. An interesting consideration aligned organisations), it was investigated how mature
here is what the desired target or to-be situation would they were in using each of the 33 IT governance practices
be for the financial services sector. There is no literature based on a generic maturity model (from 0 to 5) (ITGI,
available in this domain, but taking the high-dependency 2003). During a workshop, business and IT managers
on IT into account, one could argue that at least a matu- came to a consensus regarding the appropriate maturity
rity level 3 would be required, which implies standard- scores for each of the practices. The results of this assess-
ised and documented processes and procedures. There is ment are shown in Table 7.
also not much data available to compare this result The average maturity over all IT governance practices
against other sectors. However, one could reference the for organisation A is 1.50, for organisation B 1.37, for
study by Luftman (2003), who created a benchmark organisation I 2.21 and for organisation J 3.11. This dif-
within 25 Fortune 500 organisations and came up with a ference between IT governance practices maturity
total average of 2.17. This result would imply that the already provides a high-level indication that might lead
Belgian Financial Services sector on average performs to a better understanding of the gap in business/IT align-
somewhat better on business/IT alignment compared to ment maturity between organisations A-B and I-J. This
the sample of Fortune 500 organisations, although these outcome is discussed in more detail in the next section.
results have to be interpreted with great care as the study
of Luftman was based on an initial version of the mea-
surement instrument (not yet validated at that time). On Comparing Extreme Cases
the other hand, this positive result is maybe not that sur-
prising as the sample in this research is only focused at When comparing the averages of maturity of IT gover-
the financial services sector for which one could expect nance practices (structures, processes and relational
an above average alignment maturity compared to other mechanisms) in those extreme cases, in appears that in
134 De Haes and Van Grembergen
A B I J 3
2,5
S1 0 0 0 0 2
S2 4 1 0 1
S3 3 3 3 3 1,5
S4 2 5 2 0 1
S5 2 5 4 5 0,5
S6 2 2 4 4
0
S7 2 0 4 4
A B I J
S8 2 3 4 5
S9 2 2 4 4 Figure 6. Comparing extreme cases (2).
S10 0 0 0 4
S11 0 0 1 3
S12 2 1 2 5
P1 1 2 1 4
P2 1 2 4 4 It was also shown that the organisations with low
P3 1 2 4 4 business/alignment maturity did have a lot of practices
P4 0 0 2 5 in place, but the average maturity of these practices was
P5 0 0 2 4 below maturity level 2, as shown in Figure 6. This might
P6 0 0 1 4
indicate that the impact on business/IT alignment of IT
P7 1 0 1 1
P8 2 3 3 4 governance practices that have a maturity level lower
P9 1 2 4 5 than 2, is limited.
P10 0 1 1 3 The impact of relational mechanisms on business/IT
P11 0 0 0 0 alignment maturity was not clearly demonstrated in this
R1 1 0 1 2
research. (cf. Figure 5). However, a finding was that the
R2 5 2 3 3
R3 2 0 2 1 two high performers had started their IT governance
R4 3 3 4 4 implementation many years ago, and the interviewees
R5 2 0 0 4 made reference to the fact that in the initiating phases of
R6 2 2 5 5 the IT governance implementation project, a lot of
R7 2 0 0 0
energy was spent in business change management,
R8 1 4 4 4
R9 2 0 2 3
awareness creation, and so on. At this moment, these
R10 1 1 1 1 organisations however came to a point where many
1,48 1,39 2,21 3,12 structures and processes were embedded in day-to-day
practice, leading to less attention and need for these
change management aspects. The relational mecha-
nisms, certainly the ones focused at motivating people,
4,00 creating awareness, etc., are likely very important in the
3,50 initiating phase of IT governance, in which the two low
3,00 performers were situated. This preliminary finding
J
2,50 should be researched further in more detail.
I
2,00
B Analysing the high-performers in more detail revealed
1,50
A that they distinguish themselves by a set of IT gover-
1,00
nance practices that were also proposed in the Delphi
0,50
research as minimum baseline IT governance practices.
0,00
Structures Processes Relational Mech. From this earlier defined set of ten minimum baseline
practices (Table 4), seven appear to be clearly present and
Figure 5. Comparing extreme cases (1). mature (above maturity level 2) in the high-performers.
This reduced set is called the key minimum baseline and
constitutes the seven practices shown in Table 8.
general the high performers have more mature IT gov- An interesting IT governance practice that was not
ernance structures and processes, as shown in Figure 5. used by any of the organisations, although being pro-
This figure also shows that that processes on average moted by experts and thought leaders as very important
were less mature compared to structures, indicating (ITGI, 2003; Monnoyer and Willmott, 2005), is the “IT
that it is more difficult to implement processes strategy committee at the level of the board of directors.”
compared to structures, which was also discussed in This practice is promoted as a structure to ensure that the
previous section. board gets involved in a structured way in IT governance
IT Governance Implementations and its Impact on Business/IT Alignment 135
issues. During the interviews, three out of four organisa- Recommendations for Practitioners
tions stated that board involvement in IT governance is
not feasible and probably not required. The representa- A recommendation to practitioners resulting from these
tives of the shareholders are more concerned with the findings is that the best approach to implement IT gover-
core financial services activities and less worried about nance is to start with setting up these seven key mini-
(operational) IT issues. Another IT governance practices mum baseline IT governance practices. This core set of
that was indicated as not being relevant for alignment practices should be supplemented with other key prac-
purpose was “COSO/ERM.” While the latter was recogn- tices that are highly effective and relatively easy to imple-
ised as probably a very good framework for general inter- ment. At the initial stages of such IT governance project,
nal control, the value for governance or impact on sufficient attention should be given to relational mecha-
alignment did not appear at all. nisms to ensure commitment of all the involved people
in the process. Once the “governance culture” is embed-
ded in the implemented structures and processes, these
Conclusions relational mechanisms require less attention.
McKinsey (2006). Annual European Banking IT Cost Benchmark Study. Schmidt, R. (1997). Managing Delphi surveys using nonparamet-
Confidential Report, McKinsey and Company, Brussels, Belgium. ric statistical techniques. Decision Sciences, 28 (3): 763–774.
Mingers, J. (2001). Combining IT research methods: towards a plu- Siegel, S. (1998). Nonparametric statistics for the behavioural sciences.
ralist methodology. Information Systems Research, 12 (3): 240–259. New-York: McGraw-Hill.
Monnoyer, E. & Willmott, P. (2005, Fall). What IT leaders do: Sledgianowski, D., Luftman, J. & Reilly, R. R. (2006). Develop-
Companies that rely on IT governance systems alone will ment and Validation of an Instrument to Measure Maturity of
come up short. McKinsey Quarterly on IT, 2–6. IT Business Strategic Alignment Mechanisms. Information
Nolan, R., & McFarlan, F.W. (2005, Fall). Information Technol- Resources Management, 19 (3), 18–33.
ogy and the Board of Directors. Harvard Business Review, 83 Smith, G. (2006). Straight to the Top - Becoming a World-Class CIO.
(10), 96–106. Chichester, West Sussex, UK: John Wiley & Sons.
O’Keefe, B., & Paul, R. B. (2000). Editorial. European Journal of Infor- Teo, T.S.H., & King, W. (1999). An empirical study of the
mation Systems, 9, 1–2. impacts of integrating business planning and informa-
Peterson, R. R. (2003). Information Strategies and Tactics for tion systems planning. European Journal on Information
Information Technology Governance. In W. Van Grembergen Systems. 8 (3): 200–210.
(Ed.), Strategies for Information Technology Governance. Hershey, Van Grembergen, W. (2001). Introduction to the Minitrack: IT
PA: Idea Group Publishing. Governance and its Mechanisms. In Proceedings of the 35th
Peterson, R., Parker, M. M., & Ribbers, P. (2002). Information Hawaii International Conference on System Sciences (HICSS), HICSS-
Technology Governance Processes under environmental 35, January 7–10, 2002, Hilton Waileoloa Village, Island of
dynamism: investigating competing theories of decision- Hawaii.
making and knowledge sharing. In Proceedings of the 23th Inter- Van Grembergen, W., De Haes, S., & Guldentops, E. (2003).
national Conference on Information Systems, December 15–18 Structures, Processes and Relational Mechanisms for IT
2002, Barcelona, Spain. Governance. In Van Grembergen (ed), Strategies for Infor-
Ryerson (2007). Exploratory Research. Retrieved 10 June 2007 at www. mation Technology Governance. Hershey, PA: Idea Group
ryerson.ca/∼mjoppe/ResearchProcess/ExploratoryResearch.htm Publishing.
Sabherwal, R., & Chan, Y. (2001). Alignment between business Weill, P., & Broadbent (1998). Leveraging the New Infrastructure:
and IS strategies: a study of prospectors, analyzers and how Market Leaders Capitalize on Information Technology. Boston:
defenders. Information Systems Research, 12 (1), 11–33. Harvard Business School Press.
Sambamurthy, V., & Zmud, R. W. (1999). Arrangements for Weill, P., & Ross, J. (2004). IT Governance: How Top Performers Manage IT
Information Technology Governance: a theory of multiple Decision Rights for Superior Results. Boston: Harvard Business School
contingencies. MIS Quarterly, 23 (2), 261–290. Press.