Cobit Framework For It Governance

Published Date: 02 Nov 2017

BIS4430 SUBMISSION

Abstract

The aim of this paper is to identify the various governance models used by different types of organizations (functional, matrix, project-based, virtual etc.) in handling Information Technology (IT) and software development processes. The negative impact it has on monitoring, managing and delivering a successful project. As well as the setbacks in the development of Information Systems (IS) projects within organizations.

In recent years, the advent of Information Technology use in industries has increased tremendously. Many organizations are tapping from the benefits of IS/IT by investing in IT projects to expand its customer base and in gaining competitive advantage etc. However, the traditional IT project approach has been inefficient in handling projects successfully, leading to organizations going bankrupt or suffering heavy losses from their investment. One of the main contributing factors to project failures is attributed to project governance (Sharma et al. 2009). This is owing to the fact that it contains the structure that oversees all activities and steps including the decision making of the whole project instances.

The past decade has brought about foreseen changes to IT projects governance in delivering IS to suit different organizations strategy towards achieving competitive advantage and effective product delivery to satisfy their customers. Thus, IT projects are becoming more complex to handle due to the rigid governance structure applied to oversee its activities, often leading to bad decision making during the project life cycle (Pirson & Turnbull 2011). Many of these decisions have led to delays in project completion and wasteful investments. A question to answer is selecting the right governance model, how IT governance should share its decisions, responsibilities among IT and client departments (Marhawa & Wilmots 2006). According to Mahring (2002), project governance choices can alienate project decision rights from the expertise, which might be necessary for effectively exercising them. Research has shown that organizations have to evolve a framework to enable them choose an appropriate governance model for IT project management relating to their level of projectization (Muller 2009). This is to foster a good quality in delivery and to ensure real economic implementations of governance structures for project management. There are three forces which influence and determine the quality of project management for any specific project (Muller & Stawicki 2007): Education (What can be done), Management Demands (What should be done) and Perceived economic pressure (What is done).

This paper will explore and compare the different governance models in use by organizations in handling their projects. To identify the weakness of the governance structures (Corporate and IT governance) in terms of decision making, controlling and effective management. The reason for choosing corporate, project based and IT governance model is because they are the most common model in use in today’s business world. Moreover, it will allow us gain more insight into creating a generic model that will encompass IT projects as the governance of projects is moving towards a global approach. IT projects have been predicted to increase rapidly in the next decade due to the advancement of technology (Brandon 2006). This would enable the creation of an evolutionary governance model that can be adopted by any organizational structure to handle its IT projects effectively. In addition, also to analyze different case studies of failed IT projects with the aim of extracting relevant information concerning its governance. The results will be critically evaluated and assessed to produce a prescriptive model for IT project governance.

Keywords: IT (Information Technology), IS (Information Systems), Project Management, Project Governance, Decision Support

Title, Abstract, and Keywords

The 21st century has witnessed a sharp increase in the use of IS/IT in many organizations. Subsequently, it has increased capital spending on projects for implementing Information technology to improve their business processes: in gaining an edge in the highly competitive market. The growing importance of IT has shown that companies are beginning to spend 50 percent of their budgets on IT projects (Lewis and Milla 2009). Also, the evolution of IT has become global where most organizations are tapping from the technology. For this reason, many companies now rely heavily on IT for their survival and success in the business world (Thambain 2004). However, its growing importance has led to complexities in governing and managing IT projects. This is owing to the various IT governance models used for overseeing IT projects, which have led to problems in managing and controlling the project Lifecycle (Larsson et al 2006). Due to this negative impact, many organizations have gone bankrupt and lost their footing in the race of expanding its business. The past years have seen many debates and researches on subjects relating to IT project governance due to project failures e.g. ENRON and WorldCom in the United States. The HIH and OneTel in Australia, has stirred issues in IT and corporate governance models in related events (Lewis and Milla 2009).

This paper will investigate IT and corporate governance structural model in IT projects in relation to case studies of failed projects (DIA baggage and OneTel) using a qualitative analysis to identify the problem domain within the structure. Presently, COBIT (Control Objectives for Information and related Technology), Information Technology Infrastructure Library (ITILv3) and the VSM (Viable System Model) are the most popular frameworks in IT projects. They are used in both models (IT and Corporate) to manage governance of IT projects. However, their shortcomings have caused problems for many companies; leading to failed projects and loss of invested capital. These frameworks will be assessed and critically evaluated to create an evolutionary model for IT governance.

Research

In the research journal by Sharma et al (2009), two main questionable areas were addressed for conducting the study. First, the reason for major systems project success and failure using a qualitative study of project management and IT governance. Second, interviews were used for 10 different senior managers from different organizations that have been involved in information technology (IT) governance in projects. The focal point of the research was a follow up study on Stone et al (2008) concerning causes of success and failure in CRM (Customer Relationship Management) implementation. It gave a wide perspective in linking it to other major IT projects carried out by different organizations. Firstly, IT governance is a procedure that organizations use systematically to distribute their IT investments; ensuring the desired results is achieved. This covers many areas of managing IT including its principle, assets, strategy and financial investment. The author stated that "for effective governance of projects" IT governance should be seen as an essential integral part of corporate governance. The corporate governance focuses on processes, laws and policies for institutional stability. Concentrating on their different stakeholders (Manager, staff, supplier etc.) interaction and working together to achieve a common goal for the corporation. IT governance concerns itself with change management because it involves the movement of teams within the organization from an incumbent state to a desired state through a set of phases. This is to ascertain the successful and sustainable outcome for IT projects. Therefore, most organizations have to see it as a continuous process that requires changes along the way. Nolan and Mcfarlane (2005) suggested that more organizations change their tactics in government decisions and adopting newer technologies in order to stay competitive. The board level technology should rise to meet up with other sub-levels in its structure to improve decision making for its governance model. The shift to technology for many organizations has made them fully dependent on this for their information delivery, communication and strategic tuning into actions. However, this technological dependency trend has shifted focus on good IT governance, while focusing more time on strategies, policies and budgets. For example:

The problems that may arise are covered up

When the problem shows up, most times it is too late to address and the project slips

Then the cost rises over the budget and if the budget is increased the problem caused by the rising cost may still be evident

The management suffers from the slippage, which causes budget freezes

The solutions are scaled or not looked into properly

To address these issues:

The organization has to set a clearly defined strategy to resolve IT implications

They must state a clear set of rules that oversees governance of internal resources

The governing board must be explicit with sponsorship, ownership and governance policies of IT projects

They must show clarity in stating, quality, consistency and measurements of IT governance

They must put an encouragement mechanism in place for internal and external relationship to support their governance policies

This should liaise the governance of external suppliers to internal activities at large

The varied level of governance should be coupled as a coherent unit rather than different parts or independent sections

Corporate Governance

The way corporate governance is implemented will influence the conduct of IT governance in organizations. For example, a centralized corporate governance will tend to unify its IT governance structure while a decentralized governance will do the same as well (Sharma et al 2009). This is as a result of reducing coordination cost of running the organization during projects. It involves accruing benefits to enable the sharing of their resources for cross-functional effects across its structure. By this, it improves communicative knowledge and recognizable competencies for managers. All this arises the term called "Absorptive Capacity".

Absorptive Capacity

This qualifies the act of, adding value, assimilation and the application of new knowledge in its structural process. It requires a high level of communicating knowledge to determine learning in organizations, levelled aspirations and increased innovations for projects (Cohen & Levinthal 1990). This concept points at 2 main areas of governance;

Receptivity - The identification of needs, awareness and taking advantage of technology to ease the communication flow in governance structure.

Innovative routines - the definition of competencies and routines for overseeing the whole organization, which would maintain their focus on continuous innovation.

Norlan and farlane (2005) stated that the governance of IT will rely on the strength of its corporate governance. As it translates how it would be deployed in the whole organization and to support innovation. The decision-making should entail four important aspects, which is molded by two strategies (Defensive and Offensive). This is due to offensive IT projects being risky as a result of the significant changes it brings to the organization (change management) during projects.

According to Norlan and farlane (2005), organizations engaged activities with IT governance becomes different in relation to the four strategic modes and should depend on where they find themselves in the matrix because their IT governance might be an ordinary course of events handled by an audit team or needing a close scrutiny from the top level management (board of directors). The top-level management will need information on events and activities of IT based on the organizations strategic mode including their size, related industry and the competitive market. For example, aviation industries do not need high tech computing and those in the support mode will not depend heavily on IT. For strategic mode, they will face heavy losses if there is an interruption in systems deployed. Looking at it from the perspective of IT, it means complex projects should be delayed until they can be faultlessly implemented. Turnaround mode for organizations shows that they will rely solely on IT to improve processes and services. The technology will account for a higher percentage of their budgets and create a platform to migrate their manual systems to new IT systems. The IT governance institute puts forward the challenges faced by enterprises as follows:

IT strategic alignment with business

Putting strategy and goals into the organization's scope

Taking measures and putting in place an organization structure that facilitates appropriate strategy and goals implementation.

Providing a control framework for IT

Proper looping and feedback mechanism for IT measurements

Selig (2008) indicates that three important factors, creates a solid foundation for efficient IT governance.

The leadership and decision rights within the IT governance structure

The creation of a flexible scaling process to improve performances of activities

The use of sustainable IT for overall functions

Secondly, the interview with semi structure questions involved ten organizations, with regards to immediate IT projects which they had active involvement. The responders were a large retailer, five financial institutions, a regulatory authority, two governmental departments and an information service provider. They were selected from the middle management to the top level management including two CIO (chief information officer), a director of IT and the remaining were specialized roles in management. Their level of experience ranged from ten years to a year with backgrounds in project management. The questions asked covered three main sections:

Section 1 - Their demographic information

Section 2 - The projects they have been involved in recent years

Section 3 - Their governance approach

Findings

Three methods for data gathering were chosen; face to face interview, phone interview and questionnaire.

Section 2 Projects

These were different in particular ways. All the projects were large, with estimated costs of half a million pounds to thirty million pounds. Their project duration ranged from 1 to 3 years, which put the governance under loads of pressure that had to do project team stability. Here, one handled a system development for selling of products that had strict rules for its security requirement. The large retailer’s project was to replace a back office system with an ERP system. The government related project was to create an authorization system to manage control, accounts and assurance for a European fund that is being distributed to other regional projects. One financial firm was involved in the development of a new point of sale system while another was to create a new credit modelling system. The regulatory authority system required the centralization of all its transactions from regulated companies. The financial project dealt with replacement of a bank’s core platform and the last was developing a platform to integrate finance and risks.

Section 3

This procedure helped in the estimation of time scales, budgets, dealing with external suppliers and awareness of governance in large projects. It created a key starting point for balancing project incentives. The governance structure was based on a tier system overseen by a steering committee of the organization. A Project manager gets clearance from them before starting the next phase of the project, which caused lags for schedules of activities.

The main problems associated with the projects were poor communication and weak governance structure. At times, the suppliers were not invited to project board meetings, which increased the level of risks during projects. This raised concerns of misunderstanding between client and suppliers which would affect them in mitigating risks in the project Lifecycle. The findings from data gathering showed that effective communication played an essential part in good IT governance. Both parties have to create an enabling platform for agreeing on what, how and whom including the level of detail to be communicated. This is due to the complicated nature of IT projects, so the level of information exchange must be balanced to avoid confusion. Advertently, information exchange between parties (client and supplier) should be significant and appreciated by both parties. Also, information received should sieve for clarity before actions.

COBIT framework for IT governance

Furthermore, Ridley et al (2004) carried out a research on COBIT (Control Objectives for Information and related technology) a popular standard framework for adjusting the use of IT and its integration to suit the desired goals of an organization. The research focused on developing a framework to measure the different dimensions, extent of its applied theory within organizations and its level of use in IT governance. The authors aim was to identify the flaws in the available literature to give way for further research.

COBIT is a built on four pillars of the organization, which is planning, organizing, acquisition and implementing with delivering and monitoring support for corporate IT governance. The IT activities and processes are split in these domains (pillars). It helps to manage these processes in achieving the main business objectives at full strength in tune with the tactical and strategic plans. The first domain gives insight into aligning strategy and business plan to ensure appropriate IT solutions. The second domain talks about acquiring the right IT solutions and implementing to achieve business objectives. Lastly, the third explains the delivery mechanism of IT to improve services. It consist of 34 high level and more than 300 details of control objectives for management and IT governance. These details are guidelines, best practises for organizations to create effective IT governance but this paper will not address the areas.

Figure 2 COBIT and implementation in the literature (adapted from the IT governance institute)

Level 1 Illustrating control of IT governance

Level 2: reviewing the methods of governance governanace

Level 3: the sector, organization, size and its utilization

Level 1(literature) gives an illustration of relevant documents on IT governance control. It links the explained theories in the aspect of governing of IT , controlling objectives and auditing approaches. The discussion was more at a conceptual level that its application in the real project world.

Level 2 presents a comparison between different methods of controlling IT governance with reliance on surveys. It discusses the various criteria of implementation for classification at this level. Nevertheless, the surveys were not able to provide enough details for validating the classification in level 3.

Level 3 focuses on the implementation aspect of COBIT taking into consideration, facts surrounding its use by organizations with related case studies. The published literature laid emphasis on dimensions, the sector of the organization, size and its degree of implementation.

Table 1 The number of papers accessed in level 1 to 3

Environment

Total

Level 1

Illustration

Practitioner

4

Academician

13

17

Level 2

Comparison of COBIT

COBIT

1

1

27

3

28

4

Level 3

Implementation of COBIT

34

34

Total

6

77

83

Results

The resulting phenomenon from the analysis of COBIT shows that many of the published journals focused on the private sector. There will have to be more experiment to test with all cases of governance. There was also an observation of low implementation in organizations. However, it was difficult to classify the organizations based on this criterion due to lack of sufficient details in the examined published material. Nevertheless, financial firms were inclined to its use due to their traditional process of implementing IT. The investigation used a simplified framework to evaluate 83 published literatures in reference to COBIT. It revealed the need for further research of COBIT and its implementation for IT governance.

IT governance institute defined IT governance "as an essential part of the enterprise structure that consist of leader’s role and organizational processes to spur its IT towards sustaining the organization objectives." Grembergene (2002) calls it the capacity of the governing board; management and IT control formulation synergy with strategy, in meeting the required business needs. Sahibbudin (2008) maintained that for a well-defined IT governance framework, it should merge the three main elements (structure, process and communication) with 4 objectives (value and IT alignment, measurement of performance, accountability and management of risks) that moves IT governance. His research covers the ITIL V3 (Information Technology Infrastructure library) a framework for best practises in managing IT governance. The importance of implementing a structure that fits in good governance for IT. Starting with three main elements (structure, process and communication):

Structure – This should bring questions evaluating the present stance of the organization like knowing the decision makers, who will take part in the new structural for governance? Who are those to take responsibilities for decision-making? What are the procedures for these decisions?

Process – This asks the questions surrounding IT processes in relation to the amount of investments, reviews and prioritizing to scale services. All these are analysed to ensure strategic alignment with objectives.

Communication – This deals with the results from all these processes, which will be monitored based on the decision measurement and communication. In addition, a communicative mechanism should in place to relay investment decisions to the governing board and all stakeholders (management, employee, IT management).

ITILV3

It was introduced by the office of Government Commerce (OGC) in 2007. The IT governance model relies on five prescribed volume as guidelines covering different kinds of organization that provides service for their businesses. The five volumes are:

Service Strategy – It provides a set of published guidelines in developing, designing and implementing the management of service as an organization capacity; also strategically as an asset. Here, policies are set linking with the guidelines and processes of its lifecycle (ITIL V3).

The service design - this focuses guidance on the design and developing services management processes. It establishes a fundamental principle of design and strategic conversion into set of services for the organization objectives. The design moves further to include necessary changes and improvements in adding value to all services in lifecycle.

The service transition – provides guidance for the developed capacity and its improvement, making it ready for transitioning into operation. Its published guidelines determine how the service requirements are included in the service strategy to realise an effective operation, which outputs less failure and disruption. The guidelines make use of release management, risk management etc. in the context of management of services.

The service operation – this volume represents how to achieve effectiveness and service efficiency for smooth delivery of support to all stakeholders.

The service continual agreement – this volume combines related principles, methods from quality management, change management and improvement policies as a loop through all the volumes for continual improvement. It serves as a guide in maintaining value through a qualitative design for operational services.

Strategy as an IT governance framework model

VALUE OF IT AND ALIGNMENT

MEASURING PERFORMANCE

IT GOVERNANCE

ACCOUNTABILITY

MANAGEMENT OF RISKS

The value of IT and alignment - IT governance must ensure the alignment of all business parts with IT to allow value-adding processes and services for them.

Accountability - IT governance should ensure ROI (Return of Investment) for investment on its IT

Management of risks - The management of risks in IT is important and check areas like privacy, security and unforeseen events that may lead to project failures.

Measuring performance - Some measurement metrics should be introduced to overhaul other parts, to see if business objects are being met.

COMPARATIVE ANALYSIS

In general, IT governance relies on the corporate structure of an organization. Many of these organizations possess different characteristics that define the corporate governance in terms of decision-making and IT project management. Sharma et al (2009) qualitative research shows the similarities among 10 different organizations, IT governance for large projects. They explained the importance of the top-level management active involvement with project boards to achieve smooth project transitions. Communication was mentioned as an integral part of IT governance, supported by the interviews with senior executives, which shows its relation to good decision making. The literature review by Ridley et al (2003) added to claims of good communication for effective IT governance. Sahibbudin (2008) also gave an insight into communication as essential for making corporate IT governance with the ITIL (Information Technology Infrastructure Library) framework realistic. All the points made by these authors in previous paragraphs can be compared to case studies of DIA baggage and OneTel to link the problem space;

DIA BAGGAGE

The Denver International Airport Baggage Handling System was a project undertaken in the 90’s but failed owing to a slack governance structure. Denver at the time was in need of a wider airport capacity, fueling the dream for what was to be the largest airport within the United States. An important aspect of this plan happened to be the "automated" baggage handling system which if successfully implemented would have served as a vital element of competitive advantage, owing to the fact that the idea of automation was intended to reduce aircraft turnaround time to as low as 30minutes, thereby creating room for more efficient processes (de Neufville, 1994). It was to be the most complex system ever put into action.

As it turned out, the beneficial motives proved insufficient to keep the project afloat as the repercussions of the lack of principles, communication and strategies led to a 16 month delay in the airport’s launching, costing Denver an estimated $1.1M daily for the maintenance of the unused airport throughout the delay (Gibbs, 1994). When the reality surfaced that the automated system would not meet its goals, improvisations had to be made to get the system running (Schloh, 1996). Finally, in August 2005, the project was abandoned.

In summation, the complexity underestimation from the onset on the part of the decision makers, kicked off the project’s failure. Inefficient planning from inception, leading to strategy changes also contributed gainfully as the top management was unable to handle change processes. Also, failure to take into consideration the airlines were key stakeholders in the project resulted in a more or less big bang design approach and led to the final poor design as expected. To round up on the various reasons for the project failure would be a lack of knowledge concerning the repercussions of change requests.

OneTel

The case of OneTel can in all retrospect also be classified as an example of a structural setup. The company crumbled rapidly in a short time all due to the inefficiency of the top management to construct a solid rule-based work ethical environment. OneTel was a company filled with a lot of promise for the future but could only hang in for 6 years (Barry, 2002).

OneTel ran their operations with an informal flat organizational structure broken into small working teams. The effort of each team was weighed according to achievement indicators and were offered incentives based on their performance levels (OneTel Annual Report, 2000). The idea of this structure was targeted at maximizing staff work rate levels at lower cost while also serving as a means of distinction from their competitors but in return cultured an in-disciplined work environment which gave rise to numerous problematic situations.

Most of their in-house IT developed systems, lacked proper documentation and standards mainly owing to the need for the developers to meet achievement indicators without respect for quality of deliverables coupled with the lack of supervision and communication between the top management and the developing teams through the project’s Lifecycle. The company forged through having to depend long-term on deficient designs, lacking checks and balances coupled with a lack of prioritization and forward planning, finally resulting in their closure (Avison and Wilson, 2002).

Both case studies shows the epidemic caused by poor communication that spreads causing bad decisions to crash the whole project. It is noted that communication stands out as the foundation for any given project. From the onset of the project initiation, the governance structure showed weakness of collaboration with all the stakeholders, lack of IT framework for communication between the board and project manager. This led to a breakdown of project scope, thus slowing the progress of project activities.

However, the author’s researches into IT governance were restricted to specific areas. Sharma et al (2009) based the qualitative investigation on CRM system (Customer Relation Management). It reflects a bias approach towards covering IT governance for large, medium and organizations. They could have chosen sample respondents from this category. To broaden the research scope on different IT governance models for managing their IT projects. Hence, the findings will only work for organizations that need a framework for implementing CRM at large. The other software development implementation might not be able to incorporate the prescribed process for their governance models. Besides that, the interview only picked 10 companies at random, which handled large IT projects. These shows the companies have been long established with a well-defined IT governance model to manage their projects. The data gathering and findings will only represent a category of large enterprises that runs a distributed type of corporate IT governance. Thus, the results from the findings will not support building strong models for medium and small organizations. The generalization of facts that was drawn from success factors of large organizations IT governance implementation, cannot be attributed to other organization’s corporate existence. According to Norlan and Farlane (2005), the corporate governance will determine the type of IT governance since it relies on it for structuring. A suitable framework will have to be adopted for operating its governance of IT.

The COBIT framework for IT governance is a detailed theory of different domains of an organization. This is split into 34 high levels including over 300 sub processes to control IT implementation and adding value to its services. Evidently, it shows a high amount of detail and processes, which has to be interpreted by most organizations willing to implement it. This might lead to an overload of information during implementation; the copious amount of steps will make it difficult to create flexible and effective IT governance. According to Ridley et al (2004), financial firms prefer COBIT for governance of IT because it suits their traditional business process environment. Apart from that, the strength of COBIT lies in process auditing to improve areas of IT control weakness in governance. It also maintains internal control structure of rigid corporate organizations. Large corporations and financial firms can use its strength to add value to their IT governance and auditing of business processes. For IT based organizations, they will have to extract areas of importance like (governance control and review) for establishing adaptive models in line with their organizational structure and corporate existence. This will serve as a starting point towards building a solid foundation for an effective IT governance model.

The ITIL V3 framework focuses on 5 published volumes (service strategy, design, transition, operation and improvement) to manage service management as a provision for IT governance (OGC 2007). Sahibbudin (2008) stated that the five volumes would help guide and build better IT governance. Nevertheless, IT governance will demand a more practical approach than conceptual theories because good communication should be the basis of building an effective governance. Besides, applying concepts and guidance rules might mislead the organization during its application, which could cause more harm than good. Applying the volumes would require some kind of training for personnel’s to understand its documentation and how to implement the framework in their organization. This is because different organizations will have different characteristics in terms of size, location and industry. Direct application of ITIL might push the organization back from its current state of IT governance. The author (Sahibbudin 2008) also mentioned components (structure, process and communication) as supporting pillars coupled with the objectives (value of IT, accountability, measurements and management of risks) that are essential processes for IT governance. Obviously, there has to be components that support governance, but we have to remember the corporate existence of these organizations before implementing IT governance. The corporate governance beforehand will surely influence the blueprint of any given model applied for governance of IT. Similarly, the style of corporate governance will determine the way IT governance shaped (Sharma et al 2009). In addition, the author did not explain how the pillars will support good decision-making since the main objective of IT governance is improving the decision making process.

Conclusion and Recommendation

The governance of IT is an integral aspect of organizations nowadays. Careful consideration of selecting a governance model is important for their survival. In fact, it was found that popular models (generic, COBIT, ITIL V3) contain lots of documentation, guidelines and rules, which make it very complex to implement. Its reliance on existing corporate and organization structure makes it difficult to integrate seamlessly. Even though, they have strong areas to strengthen IT governance. Their misapplication during implementation could cause a setback for many organizations, which could also lead to loss of capital investments in IT projects. The research reveals that corporate governance is responsible for the setting of IT governance within any organization. As a result, the different category (large, medium and small) of organizations will have to analyze their present position, size and industry before implementing their IT governance structure and processes. From our findings, structure, planning and good communication are essential for the foundation of effective IT governance. They should be used in all categories of organizations as supporting platforms for building their IT governance and choosing the right model. The steering board governance has strength in structuring and policies. It will work better for large corporations that handle large IT projects. This is because of their long established years of corporate existence. COBIT framework audits processes and compliance rules, detecting weakness of IT control for correction. Financial firms prefer it because it suits their traditional business processes of compliance. ITIL V3 is a set of five published volumes (service strategy, design, transition, operation and improvement) with guidance on managing and adding value to services including the metrics of performance and management of risks. This works better for IT service providers because of their stringent procedures of operation. Our results can be applied in the context different category of organizations to implement a sustainable IT governance model.

However, a more definite conclusion would have been possible if more time was granted for a qualitative research in sampling respondents that covers all the categories of organization.

Recommendation

We recommend an evolutionary IT governance model that combines the strength of the most popular frameworks used presently by various organizations for IT projects. Evidently, their similarities show a coherent theme for good communication as an underlying platform of efficient and effective governance of IT. Also, their different strengths can be aligned together to formulate the EITG (Evolutionary Information Technology Governance) framework. The framework consists of four main parts taken from (Steering , COBIT and ITIL V3):

Governance structure - Create an IT governance structure according to processes

Communication - Enable a flexible communication mechanism for the structure and decision making

Measure performance - Attach process auditing for feedback loops and correction

IT control - Improve the processes, assess and manage risks

The framework will help all categories of organizations to maintain a starting point for its IT governance;

Governance structure - they can create a governance structure based on their main objectives, taking into consideration, size and industry. This will help plan in founding realistic IT governance and setting a clear direction. The corporate board should not try to influence the structure because IT governance is based on the requirement of the organization and the kind of projects they handle. Corporate governance should not decide the implementation; it should focus more on supporting to create a solid structure to protect its investment (ROI). This is because top-level board involvement is very important.

Communication - the governance board should allow the flexibility of information exchange and keeping it balanced among parties. This is due to the complex nature of IT projects, which can be complicated by too much or less detail. The governance has to ensure the significance of information exchange at any given time.

IT control - The management of organizational processes, people for effective control and coordination of available resources. The governance should enable this control of IT to maintain input and output smoothly in attaining goals and objectives for the organization. This will also strengthen the decision process by making information readily available to people that needs it. This is because good decision-making is the backbone of IT governance.

Measure performance - the governance board should enable a platform to measure processes against business objectives, financial, decisions and communication mechanism. This will detect areas of weakness within these contexts and what needs to be done before it becomes a malign problem for the organization.

Recommendations for future research

Further research is needed on IT governance structures and EITG (Evolutionary Information Technology Governance) model. Presently, IT governance relies on existing structures of organizations for implementation. We propose two areas of research which should start off with a field and qualitative research of the most used IT governance structures for IT projects followed by practical adaptations of EITG models for these structures.

References and Citations