A Systems View of IS Governance and IT Governance: A Case Study of the Virginia Department of Transportation

Farkas, Bernard

01 January 2017

A review of the research related to Information Technology (IT) governance reveals that researchers have yet to use systems theory directly as a basis for understanding IT governance; however, analysis of these researchers’ various definitions of IT governance shows a concurrence between these definitions and the characteristics of a system. This case study research adopts a systems imagination to observe IS and IT governance in the Virginia Department of Transportation (VDOT), which has a budget of over $5 billion and over 7,500 employees and has recently conducted a strategic assessment of its IT organization - including IS and IT governance. The case study posits that VDOT is an indivisible, purposeful, goal seeking (teleological) system where (1) there are three peer elements (governance, management, and operations); (2) there is a governance feedback mechanism (auditing and monitoring); (3) there are peer areas within the governance element that are specialized for a VDOT asset (e.g., capital asset governance, financial governance, human resource governance, etc.) and IS governance is the peer area that is specialized for IT assets; and (4) there are sub-peer areas within IS governance that are specialized for an IT, and this specialized form of IS governance is named IT governance.

Systems Thinking

IS Governance

IT Governance

Case Study

Management Information Systems

Analýza různých forem zajišťování ICT služeb / Analysis of Various Service Provisioning Practices

Šebesta, Michal

January 2009

The topic of the thesis focuses on the analysis of various service provisioning practices from the view point of a prospect customer organization. Introductory part of the thesis summarizes the actual challenges of IS/ICT for an appropriate business alignment, defines the theoretical foundations of sourcing and ICT services, considering the contemporary state of these fields. Moreover, it identifies the related areas of these fields, like enterprise architecture, IS/ICT management, and systems integration. The central part deals with the identification and analysis of the areas that influence the decision making of ICT service sourcing. Results of this analysis are summarized and further developed by creating a framework to assist companies in deciding the most suited ICT sourcing solution. Within this framework the thesis summarizes important criteria to be considered for a much suited ICT service provisioning practice. It details the prerequisites for the use of this approach and its limitations. Subsequently, it presents an evaluation of certain ICT services within the SaaS market, that could be applicable in the enterprise environment. Finally, the thesis provides a simplified case study, demonstrating a required mindset for exercising the framework in practice.

Agilní metodiky v komplexním prostředí / Agile methodologies in complex environment

Balada, Jakub

January 2008

Only a small number of projects of information system development succeed. Agile methodologies have contributed to a higher level of success of specific projects developed by small teams. Nevertheless, most IT companies still refuse this approach with large-scale projects. This paper comments on the conditions that must be fulfilled for agile adoption, analyzes the limitation of such processes, and describes the approaches for the solutions of such problems with the focus on projects in a complex environment. By means of a case study, the next part of the paper shows the advantages of adopting an agile approach in a real project in a complex environment, which is in conflict with the so far presented limitations of this methodology. The project was evaluated as a success, primary, due to the implementation of the agile methodology during the development phase. This implementation helped meet all the project deadlines, accelerate bug-fixing, and especially deliver functionalities which brought an additional value to the customer. Based on the findings of the case study, the procedures and practices extending the chosen agile methodology are defined. Such procedures and practices can be used in other projects in complex environments in the future. Thus, the paper shows more options for the use of these methodologies, which may help its wider use in the future and hence increasing the success of projects focused on the development of information systems. Such situation would lead to an effective interconnectedness of ICT and business strategies, especially due to the flexible delivery of currently needed ICT services.

IT effectiveness efforts as predictors of organizational outcomes : a normative model for assessing IT quality

Curry, Michael

January 2014

Information technology (IT) is a key enabler of modern business practices, yet reliably effective IT systems remain a significant challenge for many organizations. The consequences when systems fail to behave as expected becomes ever-more problematic as IT dependence grows. Therefore, methods for assessing IT effectiveness and generating actionable recommendations for improvement are key drivers of success. For this reason, large organizations often adopt IT best practice frameworks such as COBIT, ITIL or ISO/IEC standards which can offer greater assurances of IT effectiveness. However smaller organizations are rarely able to adopt these frameworks due, in part, to resource constraints, and a preference to eschew authoritative practices in favour of informal guides to action. Consequently, a significant research gap is the lack of IT effectiveness approaches for organizations unable or unwilling to adopt formal IT best practice frameworks. This thesis presents an alternative norms-based approach to IT effectiveness which some organizations might find more suitable. Norms are informal beliefs (e.g. ‘using a complex password helps safeguard data’) which motivate behaviours and can often be expressed using non-technical language. We review the literature to formulate a predictive model connecting norms to IT quality. Employing a scientific methodology defensible on philosophical grounds and accepted research practices, we distil a set of IT effectiveness norms from the COBIT 4.1 IT governance framework and adapt theories of motivation to justify our assertion that IT effectiveness norms can motivate actions. Our work is signficant in its formulation of an alternative approach for assessing IT operations and improving organizational IT outcomes. Our survey instrument –validated in four studies, which include a non-profit and government organization, multiple small businesses, a large pharmaceutical company and a university –is a light-weight and reliable assessment tool. Our predictive model is able to explain 26% of observed variance, and can offer actionable and non-technical insights which can improve organizational outcomes. A norms-based approach may bring many of the same IT effectiveness benefits offered by formal IT best practices into organizations, such as small businesses, which lack the resources for their implementation. This approach may also help bridge important communication gaps between IT professionals and others in the organization by providing a different, less technical perspective for framing, assessing, diagnosing, and communicating about IT processes.

658.4

Portfolio management pro malé a střední společnosti v oblasti podnikání ICT / Portfolio management pro malé a střední společnosti v oblasti podnikání ICT

Altschmied, Martin

January 2008

Cílem práce je zařadit koncept IT Portfolio Management do kontextu strategického řízení firmy a dále navrhnout model IT Portfolio Managementu, který by byl universálně použitelný v malých a středních podnicích. Model zohledňuje odlišnosti malých a středních podniků a zestručňuje obecný postup implementace IT Portfolio Managementu popsaný v literatuře tak, aby byl lépe srozumitelný pro management takovýchto podniků. Přínos autora je zejména v syntéze teoretických poznatků s praktickými zkušenostmi nabytými během dlouholeté praxe v IT společnosti.

Elektroniska val i Sverige / E-elections in Sweden

Axborn, Ludwig, Rydberg, Robin

January 2019

This research report aims to provide a picture of Sweden's current attitude and approach to future digitization of the election system and how this change process can take place. It also aims to provide answers to our formulated research questions:   What is people's attitude to the current election system and future digitization of the election system?   How could the current Swedish electoral system be changed with the help of digitalisation and what could these changes look like?   Furthermore, it describes the methods and tools used for the collection of information and thus provides an accurate basis of the current situation through a summary of previous research on the subject through a literature study. Furthermore, the method chapter describes in detail the collection of information that was done through a quantitative and a qualitative study. First, an investigation is done on the current situation at the Swedish electoral authority. This investigation then forms the basis of the online survey that collected information from private individuals to give an understanding of their view and attitude on an electronic voting system. The results of this information collection are compiled and then presented in our results. This result is then discussed in our method chapter where we ourselves reflect on the information and responses we collected. In our discussion we also give examples of whether and how the introduction of a digital election system can and should take place. We do this by identifying different levels of digitization based on the results and presenting them together with a number of identified criteria. Finally, this research report can serve as a basis for answering the question of and in what way Sweden should introduce a digital election system.

E-voting

electronic democracy

e-government

IT governance

digitization

e-elections

Computer and Information Sciences

Data- och informationsvetenskap

Säkerhetsstyrning inom den Finansiella Sektorn : En Studie på Best Practice hos Tre Svenska Banker

Mirbaz, Jamshid

January 2012

For organizations that handle sensitive information, IT governance and information security are necessities in order to maintain credibility and to conduct its business efficiently. There are several known processes to increase security governance – which is a fusion of information security and IT governance. This master thesis examines if organizations use recognized processes and if it in that case would lead to higher security. The study is qualitative and conducted in the financial sector and based on Best Practice frameworks of the security governance in Swedish banks. Data collection was done through interviews and surveys that were triangulated to get a gathered picture of the quality of the security governance activities. The questionnaire surveys were graded according to the Likert scale. This work shows that banks use the processes described in the theory section, Chapter 3, and that they have adapted them to the business. The results from both the interviews and questionnaires show that Bank 3 has a high degree of security governance in the organization. This bank also had good cooperation and communication between the business and the IT side - they worked well aligned. There are clear indications that show that the banks take the methods and processes described in the study into consideration, but that they were adapted to the banks' operations. It is important that business and IT find meeting places - both parties need to contribute with their expertise to achieve the best possible outcome - a safe basis for security governance.

IT Governance

IT Infrastructure

Information Security

Security

Elektroteknik och elektronik

Information technology governance implementation in a South African public sector agency: institutional influences and outcomes

Njenge, Yandisa Lusapho

January 2015

Thesis (M.Com. (Information Systems))--University of the Witwatersrand, Faculty of Commerce, Law and Management, School of Economic and Business Sciences, 2015 / Information technology (IT) governance, which embodies how organisations arrange and manage their IT assets, continues to be of interest to those involved in the research and practice of information systems (IS). Most of the interest is because of the positive relationship between IT governance and organisational performance. Organisations are increasing their IT expenditure, which results in increased expectations by stakeholders. Public sector organisations have also gradually recognised the importance of IT governance to successful implementation of mandates, but the research conducted globally to understand how IT governance is actually implemented in the public sector has been limited. A case study of ENTDEV (a public sector agency) was used to explore how IT governance implementation takes in a public sector organisation. The case study sought to understand how institutional influences (e.g. regulative, normative and cultural-cognitive) play a role in IT governance adoption and the selection of IT governance mechanisms, how IT governance implementation actually takes place and what IT outcomes are achieved as a result of the implementation - using institutional theory, IT governance mechanisms framework, and the IT outcomes framework, as lenses. The case study identified regulatory influences as playing a role in IT governance adoption, and also uncovered the role of the Chief Information Officer (CIO) as important. Normative and culture cognitive influences were seen as not playing a role at the IT governance adoption stage. Regulatory and normative influences and the CIO have an influence in the implementation of IT governance mechanisms. The skills and capacity of people involved in implementing IT governance mechanisms, together with the positioning and organisation’s perception of IT are some of the issues that impact on IT governance implementation. The study recognised cost effective use of IT and improved compliance as the immediate IT outcomes as a result of IT governance implementation. Strategy enablement outcomes are recognised over time. Informed by the empirical evidence and literature, a framework for IT governance implementation in public sector organisations is conceptualised as a contribution to theory. It is envisaged that the framework may be used by public sector institutions to improve their understanding of IT governance and subsequently improve how they implement IT governance.

IT governance

IT outcomes

Chief information officer

Strategy enablement

Public sector

The Governance of AI-based Information Technologies within Corporate Environments

Lobana, Jodie

January 2021

Artificial Intelligence (AI) is making significant progress in recent times and is gaining a strong foothold in business. Currently, there is no generally accepted scholarly framework for the governance of AI-based information technologies within corporate environments. Boards of directors who have the responsibility of overseeing corporate operations need to know how best to govern AI technologies within their companies. In response, this dissertation aims to understand the key elements that can assist boards in the governance of AI-based information technologies. Further, it attempts to understand how AI governance elements dynamically interact within a holistic system. As AI governance is a novel phenomenon, an exploratory investigation was conducted via a qualitative approach. Specifically, the study adopted a grounded theory methodology, within the constructivist paradigm, with the intent of generating theory instead of validating existing theory. Data collection included in-depth interviews with key experts in AI research, development, management, and governance processes in corporate and academic settings. Data were further supplemented with data received from conference presentations given by AI experts. Findings from this dissertation elicited a theoretical model of AI governance that shows various AI governance areas and constituting elements, their dynamic interaction, as well as the impact of these elements in enhancing the organizational performance of AI-based projects and reducing the risks associated with those projects. This dissertation provides a scholarly contribution by comparing governance elements within the IT governance domain and the new AI governance domain. In addition to theoretical contributions, this study provides practical contributions for the benefit of the boards of directors. These include a holistic AI governance framework that pictorially represents twenty-two AI governance elements that boards can use to build their own custom AI governance frameworks. In addition, recommendations are provided to assist boards in starting or enhancing their AI governance journeys. / Thesis / Doctor of Philosophy (PhD) / Artificial Intelligence (AI) refers to a set of technologies that seek to perform cognitive functions associated with human minds, such as learning, planning, and problem-solving. AI brings abundant opportunities as well as substantial risks. Major companies are trying to figure out how best to benefit from AI technologies. Boards of directors, with the responsibility of overseeing company operations, need to know how best to govern such technologies. In response, this study was conducted to uncover key AI governance elements that can assist boards in the governance of AI. Data were collected through in-depth interviews with AI experts and by attending AI conference presentations. Findings yield a theoretical model of AI governance that can assist scholars in enhancing their understanding of this emerging governance area. Findings also provide a holistic framework of AI governance that boards can use as a practical tool to enhance their effectiveness of the AI governance process.

Governance

Artificial Intelligence

AI Governance

IT Governance

Grounded Theory

Constructivist Grounded Theory

Board of Directors

AI Ethics

Effects Of It Governance On Information Security

Wu, Yu

01 January 2007

This dissertation is composed by three essays that explore the relationship between good IT governance and effective information security services. Governance steers and verifies performance of fiduciary duties, through the implementation of proper governance mechanisms. With a focus on information security, this essay presents three categories of governance mechanisms - process-based, structural, and relational. When properly instituted, they work together to ensure that IT understands business requirements for information security and strives to fulfill them. An explanation is offered about the efficacy of those mechanisms, based on an agency theory perspective that views IT as an agent for business. The two underlying causes for agency problems are goal incongruence and information asymmetry between the agent and the principal. Governance mechanisms help to reduce both goal incongruence and information asymmetry. Hence, they lead to desired outcomes. A theoretical framework is presented and empirical tested.

information security

IT governance

agency relationships

decision rights

Management Information Systems