The Impact of IT Governance on Strategic Aligment and Organization Performance

Chiu, Yi-chieh

19 January 2011

In modern dynamic business environment, every enterprise needs to emphasize more on IT in order to increase the benefit. The well-performed IT governance is the key to effectively apply IT resource. This research focus on the following dimension: IT governance maturity, IT Governance Archetype, Strategic alignment and Organization performance. Accoridng to the literature, an empirical research was performed to examine the relation among these four dimensions. Through the empirical research, this research verify the significant positive relation among IT governance maturity, strategic alignment and organization performance. Also among IT governance Archetype (the level of centralized) and strategic alignment. As for IT governance Archetype (the level of professionalize), there is significant positive relation between IT governance Archetype (the level of professionalize) and stragic alignment and significant negative relation between IT governance Archetype (the level of professionalize) and organization performance.

IT Governance Maturity

IT Governance Archetype

IT Governance

Strategic Alignment

Att främja mogen IT governance : en studie inom svensk offentlig sektor.

Wallentin, Rebecca

January 2015

Studien grundas i digitaliseringskommissionens krav på en ökad koppling mellan IT och verksamhet inom offentlig sektor samt att tidigare studier definierat en rådande problematik gällande IT-arbetet inom offentlig sektor. Vidare grundas studien även i en påvisad problematik gällande en otydlighet om vad organisationer kan arbeta med för att främja mogen IT governance. Studien har som syfte att identifiera faktorer som är viktiga att arbeta med för att en organisation ska nå en hög grad av IT governance-mognad. Med grund i detta formulerades forskningsfrågan ”vad arbetar organisationer inom offentlig sektor med för att främja mogen IT governance”. Data har empiriskt samlats in genom intervjuer och enkäter från 23 olika organisationer, samt teoretiskt genom en litteraturstudie. Det sammanställda materialet har analyserats via tematisk dataanalys. Resultatet är sammanställt i form av faktorer som beskriver vad organisationer kan arbeta  med för att främja en mogen IT governance. Resultaten visar att följande faktorer är viktiga att arbeta med: Engagemang, tydlig roll och ansvarsfördelning, IT integreras med andra enheter inom organisationen, IT governance finns med i organisationens framtidsvision, samspel mellan IT och verksamhet, medvetenhet av IT-relaterade risker, mätbarhet, beslutsprocesser gällande IT, tydlig kommunikation gällande IT, anpassad organisationsstruktur, tydligt definierade och uppdaterade ITstyrdokument samt uppföljning. Slutligen, påvisar resultaten även att  mogen IT governance är ett område som kräver ett aktivt engagemang över  längre tid för att nå sin fulla effekt. Studiens kunskapsbidrag är en tydlig definition av vad organisationer inom offentlig sektor kan fokusera på för att nå mogen IT governance. Detta kan främja den problematik som påvisats gällande IT governance och IT-styrning inom offentlig sektor.

IT governance

IT governance-mognad

offentlig sektor

IT Governance na MZV ČR - systémový pohled a praktické dopady / IT GOVERNANACE AT THE MINISTRY OF FOREIGN AFFAIRES OF THE CZECH REPUBLIC: SYSTEMIC APPROACH AND FIELD IMPLEMENTATION

Protiva, Tomáš

January 2008

The diploma thesis reacts on the interest of the Czech foreign ministry IT department to get an overview of ITIL 2 and COBIT 4.1 world-wide acknowledged IS/IT management best practice libraries. Both libraries are put in the framework of IT Governance theory and practice. COBIT is presented as world ITG standard, meaning the alignment of organization's strategic goals and IT goals. It is focused on organizations, where the shift of IT perception towards a strategic partnership with the business is driven by top-down board initiative. On the other hand, the ITIL core texts Service Support and Service Delivery are treated as a standard of IT service management, suitable as a framework to establish processes within the foreign ministry's IT department. Three alternative implementations of the two libraries are shown, in a situation of non-existent process management and information architecture. Moreover, the IT Governance initiative has a bottom-up character. The first variant connects ITIL and COBIT process models to the goals and projects outlaid in the 2008-2010 IT Strategy draft (IT BSC was used in the strategy to set up goals). The COBIT processes are aligned to the IT BSC domains and projects; further on, more detailed ITIL tools are assigned to the COBIT processes using the toolbox [IT GOVERNANCE INSTITUTE; OFFICE OF GOVERNMENT COMMERCE. Aligning COBIT, ITIL and ISO 17799 for Business Benefit]. As the projects formulated in the IT Strategy don't focus on the fundaments of process management, a stepwise approach to document the current processes using the ITIL: Service Support and Service Delivery framework is suggested. The second variant came into reality in mid 2008: COBIT has been used without success to estimate users' preferences. The reasons of the failure are discussed. Czech translation of COBIT 4.1 maturity models by the author intended to use as one of the tools in the opinion poll is attached as Annex 2. The last variant is not directly aligned to the problems of foreign ministry's IT/IS, but it is the most pragmatic guide to the implementation of the libraries. As an external help desk has been already launched, I suggest the establishment of ITIL Incident Management and Problem Management processes, supported with a CMDB configuration database.

IT Governance; COBIT; ITIL

Towards eXplainable Artificial Intelligence (XAI) in cybersecurity

Lopez, Eduardo

January 2024

A 2023 cybersecurity research study highlighted the risk of increased technology investment not being matched by a proportional investment in cybersecurity, exposing organizations to greater cyber identity compromise vulnerabilities and risk. The result is that a survey of security professionals found that 240\% expected growth in digital identities, 68\% were concerned about insider threats from employee layoffs and churn, 99\% expect identity compromise due to financial cutbacks, geopolitical factors, cloud adoption and hybrid work, while 74\% were concerned about confidential data loss through employees, ex-employees and third party vendors. In the light of continuing growth of this type of criminal activity, those responsible for keeping such risks under control have no alternative than to use continually more defensive measures to prevent them from happening and causing unnecessary businesses losses. This research project explores a real-life case study: an Artificial Intelligence (AI) information systems solution implemented in a mid-size organization facing significant cybersecurity threats. A holistic approach was taken, where AI was complemented with key non-technical elements such as organizational structures, business processes, standard operating documentation and training - oriented towards driving behaviours conducive to a strong cybersecurity posture for the organization. Using Design Science Research (DSR) guidelines, the process for conceptualizing, designing, planning and implementing the AI project was richly described from both a technical and information systems perspective. In alignment with DSR, key artifacts are documented in this research, such as a model for AI implementation that can create significant value for practitioners. The research results illustrate how an iterative, data-driven approach to development and operations is essential, with explainability and interpretability taking centre stage in driving adoption and trust. This case study highlighted how critical communication, training and cost-containment strategies can be to the success of an AI project in a mid-size organization. / Thesis / Doctor of Science (PhD) / Artificial Intelligence (AI) is now pervasive in our lives, intertwined with myriad other technology elements in the fabric of society and organizations. Instant translations, complex fraud detection and AI assistants are not the fodder of science fiction any longer. However, realizing its bene fits in an organization can be challenging. Current AI implementations are different from traditional information systems development. AI models need to be trained with large amounts of data, iteratively focusing on outcomes rather than business requirements. AI projects may require an atypical set of skills and significant financial resources, while creating risks such as bias, security, interpretability, and privacy. The research explores a real-life case study in a mid-size organization using Generative AI to improve its cybersecurity posture. A model for successful AI implementations is proposed, including the non-technical elements that practitioners should consider when pursuing AI in their organizations.

XAI cybersecurity IT governance

IT Governance Practices : A Multiple Case Study of Tanzanian Public Government Organizations

Niyonsenga, Theogene, Mwaulambo, Cleophace

January 2018

Previous studies have been made on various aspects of IT governance in public government organizations in developing countries and revealed several major issues. However, due to limited knowledge, it is unclear what IT Governance (ITG) practice is in place in public organizations. The purpose of this study is therefore to investigate the adopted IT management practices and their influence on the effectiveness of IT management in the Tanzanian public government organization. A qualitative study was done using the holistic multiple case study strategy. Data was collected using the semi-structured interview method with heads of IT in three Tanzanian public government organizations. The analysis of this study showed that senior managers involvement in IT projects, Office of CIO and the IT leadership are key ITG practices adopted in the three Tanzanian public government organizations. Senior management involvement in IT projects was found to influence knowledge sharing through collaboration between IT and business units. Furthermore, the CIO office was found to influence the organization's decision-making through direct representation to the decision-making body by a person who monitors and issues IT directives. Furthermore, IT management was found to have an influence on simplifying knowledge sharing between IT and business units, as well as monitoring IT issues and issuing IT directives in the organization. Given these findings, our study contributes knowledge into the literature on IT governance with special emphasis on governmental organizations in developing countries.

IT Governance

IT Governance mechanisms

IT Governance Awareness

IT Governance Practices

IT Governance in Developing Countries

Information Systems

Information Technology Governance in the public sector : to investigate, examine and analyse the institutional and indvidual dimensions that impact decision making in the public sector for the adoption of IT governance

Al-Farsi, Khalifa Ali Said

January 2017

Information Technology Governance (ITG) is one of the most innovative practices through its provision of support for decision-makers in organisations. Interestingly, it has increasingly become a de facto strategy for organisations that are seeking to optimise their performance. ITG has emerged to support agencies in the integration of information technology (IT) infrastructures and the delivery of high-quality services. On the other hand, decision-making processes in public sector organisations can be multi-faceted and complex, and decision-makers play a major role in the adoption of innovation and technology in the government agencies. While formally adopting IT governance (ITG) has numerous reported benefits, many studies have shown that few organisations have adopted the ITG practice, particularly in the government sector. Therefore, this study attempts to identify and understand the dimensions that hinder ITG adoption and its successful use. The main objective of this research is to investigate and develop a theoretical model of the obstacles preventing formal ITG adoption, from both institutional and individual perspectives. Based on empirical evidence gathered via semi-structured interviews (n=32) with IT directors in government organisations as a qualitative inquiry, this study attempts to investigate institutional and individual dimensions that impact decision making for the adoption of ITG in the context of the public sector in development countries such as Oman. Furthermore, this study focuses on combining institutional and individual perspectives to explain how individuals can make decisions in response to institutional impacts via the integration of theories such as Institutional Theory and the Theory of Planned Behaviour (TPB). It also explores the key dimensions that influence decision-making in the public sector concerning the adoption of ITG. The findings of this study illustrate and analyse the institutional and individual dimensions that impact on decisions for the adoption of ITG and contribute to the body of knowledge by highlighting the dimensions impacting decision-making for adopting ITG in public sector organisations. In doing so, this study contributes to better understand the applicability of integrating both TPB and IS theories to explore and develop a model of ITG adoption in the public sector organization and advances the scholarship by developing a more holistic model. This adoption has benefits such as reaching organisations' strategic goals, improving performance and conferring other competitive advantages. As a final point, this study advises accelerating the adoption of ITG to increase the efficiency, productivity and transparency of government work as well as to make available integrated smart electronic services. Further studies on the adoption of ITG in the public sector in different contexts, or comparative research, may help to develop a deep understanding of the value of ITG innovation in government organisations to enable evaluation of its significance in enhancing e-government.

Nasadzovanie a hodnotenie IT Governance v organizáciách / Implementation and Evaluation of IT Governance in Organizations

Tarbajovský, Maroš

January 2009

The main objective of this thesis is to meet Governance as a new approach in company organization, especially in IT sector. The idea is about harmonization of IT and business strategy, that should ensure achieving company goals and missions, and lead company in the right direction of advancement, what is directly connected with implementation of relevant measures of IT processes. As chapter "Governance", is describing how this approach should by ensure in whole organization on a different levels. We can translate Governance as implementation of certain best practices and procedures that lead company to process standardization and formalization. The most exercising methodologies and guidelines in IT sphere as ITIL, Val IT, CobiT, ISO 27000 are reviewed in thesis. By these methodologies organizations should be able to better optimize processes and accomplish regulation frame in particular industry. Another very important contribution of process standardization is by providing better possibilities for measurement and assessment, that is reviewed in chapter "Evaluation of IT processes performance". There is also transparent guideline which provides a simple steps procedure how to implement IT Governance in organization using CobiT and Vat IT. As this branch is relatively "young", especially in Czech Republic, management is still familiarizing with it. Last chapter is dedicated to analyze approach to ITG in Czech Republic banking sector.

IT Governance; CobiT; ITIL; Cobit

Predicting IT Governance Performance : A Method for Model-Based Decision Making

Simonsson, Mårten

January 2008

Contemporary enterprises are largely dependent on Information Technology (IT), which makes decision making on IT matters important. There are numerous issues that confuse IT decision making, including contradictive business needs, financial constraints, lack of communication between business and IT stakeholders and difficulty in understanding the often heterogeneous and integrated IT systems. The discipline of IT governance aims at providing the decision making structures, processes, and relational mechanisms, needed in order for IT to support and perpetuate the business. The adjacent discipline of enterprise architecture provides a broad range of frameworks and tools for model-based management of IT. Enterprise architecture is a commonly and successfully used approach, but the frameworks need to be adapted with respect to the concerns at stake in order to become truly useful. The IT organization includes all people involved in decision making regarding IT. The quality of the IT organization differs between enterprises and depends on aspects such as: are rights and responsibilities assigned to the appropriate people, are formalized processes implemented, and does proper documentation exist? This internal IT organization efficiency is labeled IT governance maturity. One might argue that internal efficiency metrics of the IT organization are of moderate interest only. What really matters is the external effectiveness of services that the IT organization delivers to the business. This latter effectiveness is labeled IT governance performance. Even though it is reasonable to believe that enterprises with good IT governance maturity also achieve high IT governance performance, the validity of this assumption has never been tested. IT management’s ability to make well-informed decisions regarding internal IT organization matters would increase if it were possible to predict IT governance performance. The contribution of this thesis is a method for model-based IT governance decision making. The method includes a metamodel, i.e. a modeling language, and a framework for the assessment of IT governance maturity and performance. The method also allows prediction of IT governance performance.  This thesis is a composite thesis consisting of four papers and an introduction. Paper A presents an overview of the method for model-based IT governance decision making. Paper B presents the mathematical foundation of the prediction apparatus, i.e. a Bayesian network that is based on statistical data. Paper C presents how the method can be used in practice to support IT governance decision making. Finally, Paper D analyzes the correlation of IT governance maturity and performance. The analysis is based on statistical data from case studies in 35 organizations. / QC 20100909

IT governance

IT governance maturity

IT governance performance

Enter-prise Architecture

Bayesian networks.

Informatik, data- och systemvetenskap

Aplikace metodiky ITIL pro řízení informatiky / Implementation of ITIL methodology for IT Governance

Koliš, Karel

January 2010

The Diploma thesis Implementation of ITIL methodology for IT Governance describes the importance of IT Governance in an organization, ways of using several methodologies, the differences between those methodologies and preferred methodology ITIL. The ITIL methodology is described in all stages of the Service lifecycle. In the second part, the methodology is applied on a real organization: Faculty of Business Administration. On the real IT services, provided by the faculty IT unit in all 5 stages of the Service lifecycle.

Model for IT governance to improve information technology alignment of multi-campuses in South African institutions of higher learning

Ngqondi, Tembisa Grace

January 2014

Information Technology (IT) has emerged as an important issue for the public and private sectors. It has been initially identified as a vehicle in supporting business processes by speeding up the process of decision making and easy access of information as required for the competitive advantage of businesses. Organisations regarded IT as an enabler of their business processes. As IT has grown, its shape and definition have drastically changed from being an enabler of the business processes to become a central and strategic concern within the organisation that drives the business processes. The new IT landscape has made organisations completely dependant on IT for their decision making and effective functioning. The dependence on IT has created a need for unified and effective structures, standards and best practices that ensure the effective execution of business processes using IT. The establishment of IT Governance for institutions of higher learning has created the dual challenges of how IT Governance can work within the culture of inclusiveness and shared decision making while better aligning existing IT structures. These dual challenges vary from one university to another based on the culture of the specific university. This study therefore suggests possible ways that IT Governance can shape an institution of higher learning by strategically aligning the institution’s IT strategy with the overall university strategy through the development of an IT Governance Model. To come up with the said proposed model, qualitative research techniques such as document analysis, observations, interviews, a questionnaire and briefing sessions were used during the research process. The comparative analysis of the case studied was used to identify different IT Governance models adopted by other universities. Literature was reviewed to establish the emerging IT Governance practices established and implemented by different authors. The result from this study is that an IT Governance model specific to WSU has been developed. This model can be used as guiding tool in establishing new IT Governance structures and also modify and improve the existing IT Governance structure of different institutions of higher learning. This model can further be used to guide the development of the institution IT Governance implementation architecture framework.

IT Governance

Institution of higher learning

Strategic alignment