Role Of Corporate Governance

Published Date: 02 Nov 2017

1. Overview:

The term "governance" was used a few years ago to designate how the government handled the economic and social resources of a country to develop. Then extended to the world of business leaders, it is now widely cited for the IT function. The concept is not new and was given a wide variety of definitions but the tendency was to define it as the process by which decisions are made and are either implemented or not.

Governance is a concept sometimes controversial, as defined and understood so diverse and sometimes contradictory. However, despite the multiple uses of the word, it seems to cover similar themes of "good governance". Recently this term "good governance" has emerged with the international organizations United Nations (UN) and the World Bank (WB) as their major donors are more and more requesting the adoption of good governance as basis for their loans and aids contribution. For example, the UNDP, United Nations Development Programme, (1997) notes that:

�Good governance is, among other things, participatory, transparent and accountable. It is also effective and equitable. And it promotes the rule of law. Good governance ensures that political, social and economic priorities are based on broad consensus in society and that the voices of the poorest and the most vulnerable are heard in decision-making over the allocation of resources� (UNDP, 1977).

Therefore, the UN and WB designed eight major characteristics of good governance as illustrated in the figure underneath:

Figure II.1: Characteristics of good governance

Participation:

All concerned parties are supposed to directly and legitimately take part in decision making

Rule of law:

It stipulates just legal frameworks that are enforced impartially.

Transparency:

It indicates that decisions taken must be enforced in conformity with rules and regulations.

Responsiveness:

All stakeholders must be served in a reasonable time frame.

Consensus oriented:

To achieve the goals, a broad consensus must be reached between all the related actors on what is in the best interest of all.

Equity and inclusiveness:

All concerned parties must be ensured to have a stake in their enterprise and an interest to its improvement.

Effectiveness and efficiency:

To achieve good governance, all resources and potentialities must be efficiently deployed and effectively used to meet the needs of the enterprise.

Accountability:

To have good governance, accountability must be connected to transparency and the rule of law; leaders must be accountable to their stakeholders and those affected by their decisions.

From the different contexts of governance, our research paper will focus on the IT governance but before to dive into it we must have a look at the corporate governance.

2. Corporate governance:

According to Kostyuk, Braendle and Apreda (2007) findings, the term corporate governance has a narrow and broad definitions depending on i) shareholders perspective which is based on the concept that management run the corporation for the sole interest of its shareholders and on ii) stakeholder perspective which take account of other constituents; Narrowly, the corporate governance depends upon the relationship between the corporate managers, boards of directors, shareholders and in same case the society; Broadly, corporate governance concerns the adoption and combination of laws, rules, regulations and best practices for the sake of attracting capital, performing efficiently, generating profit and meeting the legal and social obligations.

Blanpain et al (2011) state that the first documented use of corporate governance was by Richard Eells in 1960. However, Becht, Bolton and R�ell (2002) claim that the concept of corporate governance is older and it was in use, since the beginning of the 20th century, in finance textbooks.

2.1 The role of corporate governance:

Corporate governance leads to reduce long-term support costs. Organizations with no effective corporate governance are subject to a heightened risk exposure and low performance.

According to Stemberg (1998), cited in Kostyuk, Braendle and Apreda (2007), the corporate governance defines the ways that ensure the alignment of corporate actions and resources to achieving corporate objectives established by the corporation�s shareholders.

An organisation with bad corporate governance urges capitals and investors to flow to other countries. A good corporate governance results in an appropriate accountability to stakeholders.

2.2 The pillars of corporate governance:

The pillars, illustrated in figure II.2, constitute the basis of the corporate governance.

Figure II.2: Pillars of Corporate Governance

Accountability: accountability establishes and maintains the alignment of managerial and board and shareholders in a relationship of the first is accountable for the second and the latter is accountable for the third.

Fairness: fairness characterizes a relationship of protection and equity of shareholders' rights and the fact of precluding any kind of violations and providing redress in case of any.

Transparency: Bennis et al (2010) perceive that the term transparency covers integrity, honesty, ethics, candour, full disclosure, legal compliance and any other thing that leads to fair conduct. Therefore, it is achieved by prompt and accurate information release.

Independence: all procedures should be taken independently to avoid contradiction and conflict of interest that may affect the continuity of corporate governance and this can be realised only by freeing directors from any kind of influence.

As aforesaid, corporate governance is considered to represent the process of managing the company business in order to improve the accountability and to direct the resources and action of the corporation towards the achievement of the corporate objectives set by the shareholders. Therefore, IT governance is considered as sub class of the corporate governance.

3. IT governance (ITG):

The term IT governance is perceived as the process of management and control of IT services and its levels acceptable to business. It stipulates the alignment to the business needs through direct problem support and fixing. It is also designed to define the different aspects of IT change and to define the project management and control. This context of governance covers the compliance of IT change process with regulations and with the deployment of IT staff. IT governance is the way to link between IT resources to the enterprise goals and strategies through frameworks that provide perfect practices for implementing, planning and monitoring IT performance; that is to say, IT governance is the way in which businesses achieve good results through aligning between its goals and objectives and IT resources.

It governance, as mentioned above, is a subset of corporate governance and is related to other subsets of corporate governance, as illustrated in figure 2, such as product development governance that coincides with It governance and that both of them shares the same subset the development governance (Maria Ericsson, 2007).

Figure II.3: Types of governance relationships within an enterprise (Maria Ericsson, 2007).

3.1 The role of IT governance (ITG):

IT governance provides competitiveness to business as it affects the business performance. IT governance increases the business productivity and quality. This role can be detected only through systematic surveys such as the ones we have conducted in our organisation to measure and improve the IT resource.

IT governance provides the business with the tools to outperform all its competitors. It also helps to ensure that the business performance realizes the promised benefits and to enable IT resources to be used effectively. It identifies the standards to follow and design the structure of the responsibilities by establishing effectiveness measures for the executive management to monitor the performance.

3.2 The pillars of IT governance (ITG):

The building of effective IT governance cannot stand without challenges as to implement IT governance; to achieve the strategic goals and realise IT vision, we must follow the process of top-down approach. The following fundamental pillars of IT governance characterise this approach. These pillars are vital to the organisation's governance process to pass from IT as a business cost to IT as a value.

3.2.1 Enterprise Architecture

Project management always looks for an effective architecture governance that reduces longer-term support costs and provide the IT component with the appropriate tools to meet the organisation's needs. The pressures for capabilities delivery never synchronizes with the long-term strategic objectives and goals.

3.2.2 Portfolio Management

Portfolio management is a process that provides a metrics to assess the value of IT investments and an organization, to manage high project demand with limited resources, is supposed to have a portfolio that yield the most business value. This process is a timing which should not exceed the limits neither little nor to too much as establishing a portfolio that responds on a balanced basis.

Enterprise architecture uses IT Portfolio management to determine the optimal roadmap from the current enterprise architecture to future enterprise architecture. It enables enterprise architecture to identify where value is wasted. It helps maximizing the value of IT investments while minimizing the risk.

3.2.3 Information Risk and Security

The IT security risk management life cycle focuses on the proper identification, assessment and report of information risk. Governance of policies and frameworks is demanded more and more due to the diversity of risks experienced by the organisation. It informs about the way of performing risk assessment regarding emerging threats and vulnerabilities, identifying the current level of risk and reporting the situation to the senior management.

4. The principles of IT governance (ITG):

IT Governance is grounded by the following principles:

4.1 IT Strategic Alignment

IT governance aligns the enterprise strategy and IT by creating the necessary structures and processes around IT investments. Aligning IT to enterprise strategy results into the delivery of sustainable business value and the ensuring that IT governance is properly functioning to achieve this.

IT Management ensures that strategic projects are aligned with strategic objectives and they are subject to be approved and prioritized. Alignment works to realize the balance between business investments, business grow and business ability of transformation. So, a successful IT strategic alignment means maintaining a perfect relationship between IT and business.

However, aligning IT and business strategy always stands as one of the top challenges that business executives and CIOs have struggled to achieve but little progress seems to be made. No matter how the economic conditions are, enterprises are required to maximize value from IT investment as enterprises with strong IT strategic alignment practices deliver better value Henderson (1993).

4.2 Value Delivery

It refers primarily to how IT delivers appropriate quality on-time and within budget; it represents the investment strategy and how those investments are to be realized in the business. This arrangement ensures that IT delivers value to the business by focusing on cutting costs and showing the value of IT through things such as improving customer satisfaction, increasing revenue, growing market share, and decreasing expenses. The IT value exposes the relationship between the objectives and outcomes as the strategic goal is to create value via IT through enabling the business to develop innovative services that result in IT value and customer satisfaction for the sake of transforming the equation from intangible assets into tangible results. So, the mission is to empower IT to bring value to the business and to lessen risks, to deliver the expected return from IT investments, to guarantee to all parties in the sequence from supply to disposal of IT services to apply good governance principles and to monitor and put into effect good governance across all suppliers (Henderson, 1993).

4.3 Resource Management

The resources of a company incorporate equipment, financial resources and human resources. The IT function significantly optimizes company resources in terms of infrastructure and human resources. As already mentioned, one of the key component of IT governance is the right use and management of the enterprise resources to create value. The good management of resources is to effectively deploy staff depending on their skills to open opportunities for various lines of business and to avoid overabundance and ensure employees are assigned to right tasks. Thus, the mission of this principle is the optimisation of resources usage and leverage knowledge, the effective management of the information assets and the guarantee of information and systems integrity and availability through the implementation of disaster recovery and business continuity mechanism.

4.4 Risk Management

IT risk management is to evaluate risks relating to technology used in your organisation and how you are supposed to mitigate that risk. IT risks include security risks and project failure risks. Risk management concerns the implementation of a risk framework that sets discipline and rigour on how IT risk is measured, accepted and managed. Risk management automates the IT risk assessment process and generates risk management reporting mechanisms to increase the awareness of the IT security staff on the risks and their impact on the organisation, to augment the level of service and to justify the required investments for strategic prevention and recovery solutions. This kind of reporting mechanisms increases the ability to identify the potential of IT failures and as such perform an intervention to control and mitigate the risk. The challenge resides in not being able to detect the risk at an early stage which becomes an IT failure. So, the mission of this principle is to minimise risks, to implement a risk management process, to conform to applicable laws and regulations, to maintain an IT risk record, to perform continual risk assessments, to consider and implement appropriate risk responses and to implement an information security strategy (IT Governance Network, 2009).

4.5 Performance Management

Performance management is one of the best practices within IT governance. The need for performance management begins within IT. This principle is used to make grasp the rationale behind the relationship between IT and business through taking into consideration alignment, benefits and risks and through proving the importance of IT in the business and its users. It can also tracks and monitors the implementation of business strategy via project completion, service delivery and process performance. IT performance management is aimed at identifying and quantifying IT costs and IT benefits by using automated systems providing performance data and information. Its mission, therefore, is to measure and manage IT performance via implementing processes to ensure the report of IT performance to the IT senior management and to the board of directors (De Haes, 2005).

5. IT Governance and IT Service Management:

Service management represents set of processes and capabilities of the organisation that cooperate to provide value to customers and to ensure the quality of live outcomes in the form of services. It is expected to deliver services which enhance business process through improving the effectiveness and the efficiency of the business, reducing the costs and risks. Service management leads to governance and as such IT service management leads to IT governance. IT Service Management concerns the delivery and support of IT services that are required for the organization business. IT governance is realized only when IT and strategic organization objectives are aligned, internal processes are executed effectively and efficiently, risks are managed and eliminated, costs are reduced and performance is measured. More to the point, IT service management focuses on the definition, management and delivery of IT services via IT operations to empower customers achieve their outcomes (Galup et al, 2009). IT service management enables the management of the IT services in a systematic approach through the complete IT services lifecycle from the design to the continuous improvement and allows the alignment of IT services and functions to the organization strategy (Marrone and Kolbe, 2010, p.365). According to Marrone and Kolbe (2010), the focal point of the management of IT services is on the costs of the whole lifecycle and not simply focussing on the cost one part lifecycle.

5.1 The changing role of IT:

The role of IT has changed throughout the years. It has begun serving as a technology provider to finish its role as the backbone of all business. The existence of IT in life of every enterprise has become more essential and thus this new role influences its function in the life of the enterprise as illustrated in figure II.4:

Figure II.4: Evolution of the IT Function within organizations (Sall�, 2004).

As depicted in the figure above, Sall� (2004) shows that IT organizations follow a three stage approach, in which each stage builds on the others; it begins with IT infrastructure management (ITIM) stage, during which the IT organizations concentrate on enhancing the management of the enterprise infrastructure. The infrastructure management seeks the maximization of the IT assets return and the control of the infrastructure including hardware, software and data. Then the IT evolves to the other stage of the IT service management (ITSM), in which the IT identifies the services needed by its customers and focuses on the delivery of those services to attain availability, performance, and security requirements (Sall�, 2004). To reach the final stage as illustrated above, the IT evolves to the management of IT business value or the IT governance. In this stage, where IT evolves from technology provider into strategic partner and during which IT processes fully integrates the phases of the IT service lifecycle resulting in service quality improvement and business agility and as such IT is managing internal and external service-level agreements to meet agreed-upon quality and costs targets (Sall�, 2004).

The IT mission in an organization is changing; many say that within small number of years, the role of information technology role has become to enable the growth of revenue. With the expansion of IT�s mission to be extended to accommodate revenue generation, it is becoming a corporate mandate. IT strategy, therefore, becomes more thoroughly aligned with the overall business objectives. Now, IT cooperates and partners with other departments, and not serves them as before. This expansion and change of role does not mean that the mission to improve cost efficiency will wane since priorities still contain reducing operational costs (Young, 2004).

The role of IT within an organization has changed from being a server to a provider of services to customers and continues to evolve. The changing role of IT as it has moved to a �T-shaped� IT Operations. That is to say, IT Operations can no more think in the vertical part of the �T�, in technical terms about storage, servers and network infrastructure; they, from then on, have to take into account the increasingly complex business perspective or the horizontal part of the �T�. Now more than ever, IT and business functions need to partner to deliver solutions besides technology. IT becomes a way to become a factor for differentiating and attaining prosperity and competitive advantage. For IT to achieve this stage, it has adopted an IT service management and has established IT Governance that aligns IT to the company objectives (Van Grembergen and De Haes, 2009).

To sum up, IT organizations has progressed from provider of technology to a provider of service which stipulates that services destined to customer are the focal point of IT Management. IT�s role has become to enable revenue growth and IT cooperates and partners with other departments, and not serve them as before (Young, 2004).

5.2 The dissimilarities of IT governance and IT service management:

The IT Governance, as defined above, is the way to link between IT resources to the enterprise goals and strategies through frameworks that provide perfect practices for implementing, planning and monitoring IT performance; However, IT Service management is a set of organisation processes and capabilities that cooperate to provide value to customers and to ensure the quality of live outcomes in the form of services; it focuses on the delivery and support of IT services required by the business. The difference between IT Service Management and IT Governance has been subject to confusion. For instance, the main concern of IT Management is the efficiency in providing IT services and the effectiveness in managing IT operations, however, for IT Governance to meet business challenges, it has to participate in introducing the performance of business (Van Grembergen, 2004).

Figure II.5: (26) Relationship between IT Governance, ITSM and IT operations and services (Sall�, 2004).

Sall� (2004), in the figure above, models the relationship between IT Governance and IT service Management. IT governance is realized only when IT meets the strategic objectives trough the efficient and effective execution of internal processes, the management and elimination of risks, the reduction of costs and the measurement of performance. IT governance aims to align the IT function to the business objectives, which are defined by the enterprise governance, which basis the definition of goals and performance metrics for the effective management of IT. In the meanwhile, the auditing processes are set up so as to measure and analyse the organization performance (Sall�, 2004).

During the transition of organizations from technology providers to strategic partners, they need to consider the IT governance frameworks and their influence on IT service management.

6. IT governance frameworks:

The core aim of IT governance is the effective and efficient alignment of Information Technology and business strategies. The choice to adopt IT governance in a business intends to ensure efficiency, to reduce costs and to increase control of IT infrastructure (Wessels and Loggerenberg, 2006). The evolution of IT from a provider of technology to a provider of services entails taking a different perspective on IT management (Sall�, 2004). In order to enable IT departments or organizations transiting to the strategic partner position, numerous IT service management frameworks and methodologies have emerged for the evolution of the maturity of Service Management. As IT management had witnessed its dark time during the seventies; since there was no acquaintance of the notion IT systems management but the focus was only on IT operations. After the emergence, in the 1980s, of the Network Management and Application Management disciplines as main drivers of the IT management and the creation of the Network management standard �Simple Network Management Protocol� (SNMP), it became necessary to develop a comprehensive management framework of the IT function. Amongst the Information Technology governance frameworks, we find the widely adopted standard �Information Technology Infrastructure Library� (ITIL); since its development in the late 1980�s, it has proved its usefulness through all sectors and become the de-facto standard in IT Service Management (CAI, 2008). The power of COBIT resides on being the best to balance the organizational IT goals and business objectives (Webb, Pollard and Ridley, 2006). The third major framework is the ISO 17799 which has been developed by the International Organization for Standardization, based on the British Standard 7799, to be the Information Technology Code of Practice for Information Security Management (Symons and al, 2005). It is essential to notice here (10) that COBIT and ISO 17799 share a limited amount of functionality (Van Grembergen, 2003).

Even though that each framework emerged with its own strengths and limitations, its own focus and purpose, they, except few of them, revolve around ISO standards. However, these frameworks are designed to improve the efficiency of the IT function and to gain maximum benefits for it; for instance, COBIT and ITIL may play the role of identifying IT activities alignment with the objectives. What is more challenging is the fact of managing effectively and efficiently the use of IT resources within each framework and keeping each one aligned with the organisation's strategic objectives (Patel, 2002).

Indeed, the majority of IT governance frameworks are complementary, but each with strengths in different areas. The Three frameworks are reviewed in the coming sections with an in-depth analysis to the infrastructure library (ITIL).

6.1 COBIT framework:

6.1.1 The scope:

IT Governance Institute (ITGI) developed, in 1996, the COBIT (Control Objectives for Information and related Technology) framework with the main focus of developing clear policies and good practices for security and control in Information Technology (IT Governance Institute, 2004). IT Governance Institute (2007) offers IT departments and organizations, through the adoption of COBIT, a set of good practices, which represent the consensus of experts, with clear structure and process model presenting activities in manageable and logical structure. However, it is strongly focused on control as illustrated in figure II.6.

Figure II.6: COBIT Framework (ITGI, 2007)

IT Governance Institute (2007), in the COBIT 4.1 executive summary document, presents the COBIT principles in a continuous and circular flow where the business requirements derive the demand for IT resources that are used by the IT processes to deliver the Enterprise information which responds to the business requirements. These principles are described in the figure II.7.

Figure II.7: COBIT Principles (ITGI, 2007)

As illustrated in the figure II.8, COBIT model is perceived in a three dimensional perspective where the visible surfaces represent business requirements, IT resources and IT processes. Each of these three components relates to the two other connecting dimensions.

Figure II.8: COBIT Cube (ITGI, 2007)

The IT resources component of the COBIT cube represents the enterprise IT assets including its staffs, the information systems, the used technology, the IT infrastructure facilities and the generated data (Moeller, 2010).

The management of IT resources considers three levels of IT efforts that start at the bottom and working up level by a series of activities and tasks needed for the achievement of measurable results. Joined activities and tasks represent processes which are located at one level up in the second. In the highest and third level, processes are grouped together by the nature of responsibility into domains in line with the management cycle of IT (IT governance Institute, 2005). COBIT defines four domain areas that comprise the Planning and Organization covering the strategy and tactics that enable IT to participate in and support the achievement of strategic business objectives; the acquisition and implementation where IT solutions are identified, developed or procured and deployed with the business processes; the delivery and support of required services, applications and facilities; and the monitoring and evaluation covering the internal and external control processes (Moeller,2010).

The third dimension concerns the business requirements which define seven criteria areas including effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability that constitute the basis against which the IT systems and processes are evaluated (Moeller, 2010).

6.1.2 The limitations of COBIT:

Among the limitations of this framework, we can cite that it takes considerable time to implement and analyse it. COBIT cannot be used alone due to its shortcomings in terms of technical details. It requires high level of expertise and skill due to its width and complexity. The COBIT framework is very much generic. It only documents the directions that IT must follow and not how to follow these directions. COBIT, like ITIL, also fails to address software development life cycles. The main shortcoming of COBIT is that it does not cater for continuous process improvement.

Overall, COBIT is both a comprehensive framework and a structured management approach for aligning resources with the strategic objectives of the company. It is a unifying tool that combines within its process inputs from other standards such as ISO 17799, ITIL. Among the benefits to the adoption of COBIT as an IT governance framework, we find a greater cohesion between IT and business, better perception of management inputs from the computer and a better understanding of all stakeholders through a common language.

6.2 ISO 17799 framework:

6.2.1 The scope:

The International Standards Organization, an international body that develops and publishes well-recognized international standards covering wide ranges of areas and businesses, issued the Information Security Standard ISO 17799 that comprises a comprehensive set of controls including best practices in Information security (Computer Security News, 2010).

The ISO 17799 framework defines the information as an asset that needs suitable protection due to the increasing number of vulnerabilities and threats that appeared with the increase of interconnectivity and the fast growing of the IT technology. The intent of the standard is to protect the information from the wide range of threats in order to ensure business continuity, risks mitigation, return on investment and to support the business in the value and opportunities creation (ISO/IEC 17799, 2005).

The ISO/IEC 17799 (2005) manual defines a set of controls that include policies, processes, procedures, organization structures and IT functions. The establishment, implementation, monitoring review and improvement of those controls maintain the competitive edge and ensure that security meets the organization business objectives.

ISO 17799 remains a security-centred standard and cannot provide IT governance means alone. Due to its relevance, parts of the standard can be used to build the IT governance framework or combined with another framework to complete the IT governance function. The figure II.8 presents a visual overview of the structure and content of the 17799 standard.

Figure II.8: ISO 17799 Security Plan. (Mind mapping ISO17799:2005, 2007)

6.2.1 The limitations of ISO 17799:

In this framework, the bad experience of accreditation bodies in relation to the specific issues in IT security systems leads to a devaluation of the accreditation process. The implementation of framework does not reduce significantly the risk for security violation and theft of confidential information.

Our research paper aim is to gain an understanding on the impacts and benefits of implementing ITIL specifically on IT service management and generally on organization. This research paper will focus on the challenges that face the IT department in United Nations peacekeeping missions and on the impacts and benefits from the implementation of ITIL framework at various levels. ITIL, therefore, will be highlighted more than the previous frameworks due to its importance to our organisation.

6.3 ITIL framework:

6.3.1 Overview:

The UK Office of Government Commerce (OGC) develops and publishes the Information Technology Infrastructure Library (ITIL) framework that was launched by the Central Computer and Telecommunications Agency in 1980�s. After being a guide for UK government and proving its effectiveness and efficiency, the framework quickly spread over organization both public and private, gained international recognition and became the de-facto standard in IT Service management (CAI, 2008). The ITIL framework comprises a set of best practices for the management of IT services focusing on the alignment of IT operations to the business needs and objectives (IT Governance Institute, 2005).

The UK government developed the ITIL framework to cut costs and improve the management of IT service delivery in response to a serious economic recession. ITIL represented a new approach to IT service management with the focus to improve the service efficiency, the usage of IT assets and resources and to align the IT processes to the business operations and objectives. The early adoption of the standard by the industry leaders such as HP and the rapid grow internally then internationally lead to the consideration of the ITIL framework as the de-facto standard of the IT industry (Sall�, 2004). In 2011, the OGC issued an update to the ITIL V3 and named it ITIL 2011 edition (http://www.best-management-practice.com, 2011).

In the past, the tendency of IT organizations was to internally focus and concentrate on the technical side of their daily operations. Nowadays, the organizations are expected to deliver high quality services and adapt quickly to the Information technology growth. Therefore, Information Technology departments or organizations are called to be customer oriented, to concentrate on service quality, to apply strategic cost management, to monitor the effectiveness and efficiency of IT operations, to acquire and retain the right skills, to improve continuously, to build and maintain the right partnerships and to deliver the required IT services that support and boost the business which simply means they should run IT as a business that leverages competitive advantage (OGC, 2002; CAI, 2008).

6.3.2 ITIL service lifecycle:

Conducting an analysis to the ITIL Framework will provide an understanding of IT Service Management and the processes it covers and to come up with a comprehensive analysis to ITIL. Below is a diagram that introduces the ITIL v3.0 Framework with an illustration of the functions and processes required within a Service Management Lifecycle and how each phase of the lifecycle transitions to the next. OGC transcripts the ITIL standards in a set of five publications representing the core of the framework which provides the structure, processes and abilities of the organization IT service management. The figure II.9 represents the Service lifecycle that forms the core structure of ITIL (CAI, 2008). This service lifecycle represents the fundamental operational model that bases and constitutes the ITIL map for the design, delivery and support of IT services to IT customers. As diagrammed in the figure II.9, each portion specifies one phase of the IT service lifecycle. The lifecycle phases include Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement (Bon et al, 2007).

All the phases are linked to each other and transitioned. The output of each phase constitutes the input of the following phase. However, each phases needs input and some processes to yield output.

Figure II.9: The Service Life-cycle (Bon et al., 2007).

6.3.3 Service Strategy:

The ITIL Service management lifecycle starts with this phase. The service strategy represents the core element that orients the implementation and processing of other ITIL phases. This phase of the lifecycle describes what services will be delivered, to whom they will be delivered, and the value of each. It results in the institution of an overall strategy that directs the operations of IT service management. This concludes in a strategic plan describing how processes, policies, and planed IT services are employed to attain the defined objectives. It helps also guarantee that business is ready to manage costs and risks appearing after initiating any new service. This phase describes how the Service Portfolio is managed as well as other core processes for risk and financial management (CAI, 2008, p.12). Service strategy processes include:

� Strategy Management for IT Services,

� Service Portfolio Management,

� Demand Management,

� Financial Management for IT Services,

� Business Relationship Management (IT process maps, 2013).

During this phase, the IT department or organization defines the market space for its planed IT services, setts the performance expectations to serve its customers, identifies, prioritizes and selects opportunities, and develops policies, guidelines, and processes (CAI, 2008, p.13).

This outputs the service package which comprises a detailed description of the IT service which is delivered to customers, a strategic plan to attain business objectives, a financial budget and performance plan, and a service level package defining the level of utility and warranty for IT services (CAI, 2008, p.13).

6.3.4 Service Design:

The Service design phase focuses on the design of new or altered services and impeccably integrating them into the existing IT infrastructure. It is the place where services as security, availability, and capacity are coordinated (CAI, 2008, p.14). It includes:

� Design Coordination,

� Service Catalogue Management,

� Service Level Management,

� Risk Management,

� Capacity Management,

� Availability Management,

� IT Service Continuity Management,

� Information Security Management,

� Compliance Management (IT process maps, 2013).

In This phase, we begin with a group of new or altered business demands and we end up with the construction of a solution destined to be aligned with the business (CAI, 2008, p.14).

6.3.5 Service Transition:

Service Transition is the phase where new or altered services are switched into Service Operations. It focuses on new or changed services into a supported environment (CAI, 2008, p.17). Its processes include:

� Change Management,

� Change Evaluation,

� Project Management (Transition Planning and Support),

� Application Development,

� Release and Deployment Management,

� Service Validation and Testing,

� Service Asset and Configuration Management,

� Knowledge Management (IT process maps, 2013).

During this phase, service providers appraise the related risks and track the value. In this phase service providers fetch and evaluate information and knowledge (CAI, 2008, p.18).

6.3.6 Service Operation:

This phase is focused on coordinating and carrying out the activities for delivering the services to business users and customers. It is where we manage and measure the performance of the services. It is really where the real value is considered (CAI, 2008, p.19). Its processes include:

� Event Management,

� Incident Management,

� Request Fulfilment,

� Access Management,

� Problem Management,

� IT Operations Control,

� Facilities Management,

� Application Management,

� Technical Management (IT process maps, 2013).

In This phase, we detect and filter the trigger event and the root cause of it. It is where we remedy the reduction of the quality of service and manage the feedbacks of users. It is also where we manage the access rights of users to IT users (CAI, 2008, p.20) (Cater-Steel, 2005).

6.3.7 Continual Service Improvement:

This phase is accountable to continually adjust and tune the IT services through an on-going process across all the phases of the ITIL Service Lifecycle that focuses on improving the alignment of service with the business needs through on-going, incremental improvement across the lifecycle. The Continual Service Improvement classifies and outfits improvements for IT services. It finds out means to enhance the efficiency of processes and cost-effectiveness which provide a good health check against the enterprise architecture and outputs can be folded into the continuing execution(CAI, 2008, p.22) (Cater-Steel, 2005).

6.3.8 The impact of Implementing ITIL:

ITIL implementation is a complex process requiring capital investment and time consuming. It stipulates the redefinition of how IT resources should be deployed (Rudd et al, 2007).

The presentation of ITIL to be implemented in an IT organization is a real challenge to whole staff of IT department due to the changes and impacts that will affect the whole IT department including rearrangement and redeployment of IT department staff. The implementation of ITIL is subject to many requirements as it stipulates an integrated IT service management system to be implemented. It also requires a sincere dedication of the managers and all staff members as the process of implementation may take years (Rudd et al, 2007).

None can deny that the adoption of ITIL will automatically lead to the enhancement of the IT service management which urges our organization to follow its peers and thus to conduct the implementation of this framework.

III. Methodology:

1. Research Objectives:

The aim of this research study is to explore the impact of adopting the IT governance framework �ITIL� on the IT service management performance in non-profit international organisations such as United Nations. This study will shed light on the comparison between two peacekeeping missions; one has already implemented the Information Technology Infrastructure Library (ITIL) and the other seeking to implement.

This research paper sets forth the following objectives:

- Identify the major challenges encountered by the IT management in absence of ITIL practices

- Measure the performance of the IT service management in absence of ITIL practices

- Identify the impact of ITIL on the IT Service Management.

- Measure the IT service performance after the implementation of ITIL.

- Compare the IT service management performances before and after the implementation.

2. Case Study Methodology and Research Paradigm:

This research paper adopts the case study as a form of empirical inquiry investigating ITIL as a contemporary phenomenon in a real-life context where multiple sources of evidence are used to scrutinize and illuminates the subject from different perspectives and views (Yin, 2002; Thomas, 2011).

The strategy of this research project aims to identify the impact of implementing ITIL in peacekeeping missions IT departments by comparing the challenges and service performance of a mission which did not yet adopt ITIL, case here is MINURSO (United Nations Mission for the Referendum in Western Sahara) and a mission which is adopting ITIL, represented by UNIFIL (United Nations Interim Force in Lebanon).

The in-depth investigation nature of the case study implies to diversify the source of information by collecting data from different channels and presenting the subject from different perspectives. Through this exercise, multiple surveys were conducted in form of group-focused, face to face or phone interviews of the different categories of participant. Also, an online survey was distributed to 4 different samples to measure the performance of the IT service inside the two organizations under study. Moreover, audit reports, internal documentation and article was a rich source of information that it either reinforced or validated the findings.

The data collection was realized in two phases. Initially, IT manager of MINURSO, the mission that is not using ITIL, are interviewed to identify what are the challenges that block the IT service operations from delivering the expected value, also the technicians are providing their input in the same subject.

Meanwhile, the IT customers, which represent all the missions� staffs, are surveyed to measure their satisfaction from the IT services. The same survey, with slight rephrasing, is answered by the IT staff to get their perception of the customer satisfaction from their IT services. The employed survey is SERVPERF, a variant version of the SERVQUAL survey that represents the GAP model of the service quality. This tool was first introduced by Parasuraman et al in 1985 (Parasuraman, Zeithaml and Berry, 1985), which intends to calculate the gaps between the consumer expectation and the Service provider perception. Many researchers including Jain and Gupta (2004) attacked the necessity to measure the expectation and the perception. Cronin and Taylor (1992) provided theoretical arguments and empirical evidence about the superiority of the �performance-only� instrument over disconfirmation-based SERVQUAL scale.

The SERVPERF survey is comprised of 22 items (refer to the attached survey in Appendices). These 22 questions represent five attributes that characterise the service quality.

Figure III.1: GAP Model - Service Dimensions

Tangibility: It represents the appearance of physical facilities, tools, staffs and communication materials (Parasuraman, Zeithaml and Berry, 1985).

Reliability: The ability to perform dependably and accurately the promised or agreed upon services (Parasuraman, Zeithaml and Berry, 1985).

Responsiveness: it is willingness to assist clients and to provide prompt service (Parasuraman, Zeithaml and Berry, 1985).

Assurance: The knowledge and courtesy of staffs and their ability to convey trust and confidence (Parasuraman, Zeithaml and Berry, 1985).

Empathy: It concerns delivery of individualized attention and caring to customers (Parasuraman, Zeithaml and Berry, 1985).

In the second stage, IT managers, IT technicians and customers in UNIFIL, the mission that is adopting ITIL, are contacted to collect their input about the impact that they experienced explicitly or implicitly from the implementation of the ITIL practices and tools in their peace keeping mission. Therefore, IT managers are interviewed by phone and through online survey to provide their views and evaluation of the level of impact that the new practices, ITIL, have on the challenges found in the first stage. Also, the SERVPERF survey is broadcasted to the IT department technicians and to a sample of the mission customers. The SERVPERF results are compared to the findings of the first mission. The comparison will identify if there is a change in the GAP between the service providers, the Information technology department, and the consumer, the mission staffs, or not. Moreover, the GAP model tool, SERVPERF, can identify precisely the dimensions of IT service that were impacted.

3. Population and Sample Size:

This case study addresses three different samples at each mission. The samples were:

- IT Managers: Each mission has around 5 IT managers who were all questioned without exception on the Challenges and the impact of ITIL.

- IT technicians: Eight IT technicians were subject to survey on both the challenges and the SERVPERF.

- IT customer: the survey of the service quality evaluation was broadcasted to 100 persons in MINURSO and 50 in UNIFIL. The sample represents all the different components of the mission and different staff categories (Civilians, military and UN police)

Furthermore, the chosen samples belong to the same environment and have served in many peacekeeping missions. These samples represent all the categories of staff members.

4. Data Collection:

In this research paper, multiple sources of evidence were collected and stored in a comprehensive and systematic way (Soy, 1997). Indeed, the data collection techniques include direct interviews, and online surveys. The majority of United Nations employees have long years of experience and have served in multiple places all over the world. They are a rich and valuable source of observation. This research took benefits of observations that were accumulated through long years of diverse experiences.

4.1 Managers Opinion:

IT Managers in the peacekeeping missions are valuable sources to identify the challenges and the impacts of absence of IT governance frameworks. They are also the best to observe the changes brought by the adoption of IT governance framework �ITIL�.

4.1.1 Managers Opinion in None ITIL environment:

In order to identify the challenges that IT department is encountering, direct interviews were conducted with the IT managers. The questionnaire included open ended questions focusing on the IT practices and challenges (Appendix 1). The IT managers were supposed to respond to the 5 likert-scale question.

4.1.2 Managers Opinion in ITIL environment:

UNIFIL is a mission implementing ITIL practices. After the collection of IT challenges, a survey is designed and addressed to UNIFIL managers to measure the impact of ITIL on IT services (Appendix 2).

4.2 Technicians Opinion:

The IT technicians are the appropriate source for measuring the IT perception in relation to the service provided. The SERVPERF survey was customized to fit the peacekeeping environment. The survey is answered through the online google document platform (Appendix 4).

4.2.1 Technicians Opinion in None ITIL environment:

In addition to the twenty two questions of the SERVPERF survey, the technicians evaluated the overall IT services quality and expressed their views on the IT challenges.

4.2.2 Technicians Opinion in ITIL environment:

UNFIL technicians received and answered on line the same version of the IT technician SERVPERF survey. However the open ended questions changed to capture the Challenges that appear after the adoption of ITIL.

4.3 Customer Opinion:

It is vital to gather the opinion of the IT customers via using the SERVPERF instrument.

4.3.1 Customers Opinion in none ITIL environment:

Hundred persons from all the mission sections and staff categories (Civilian, military and UN police) were requested to electronically fill in the SERVPERF survey. The survey stayed open for one month with regular encouragement to participation (Appendix 3).

4.3.2 Customers Opinion in ITIL environment:

The same SERVPERF survey, used previously, was addressed to a sample of 40 staffs of different categories in the UNIFIL mission (Appendix 3).

5. Data Analysis:

5.1 Data Analysis Procedure:

5.1.1 Qualitative Analysis:

It is dedicated to the identification of the major challenges that Managers encounter during the delivery and management of IT services. It starts by interviewing managers and technicians about their views on the obstacles and problems experiencing throughout their daily duty.

5.1.2 Quantitative Analysis:

The quantitative data is collected from the four surveys that include the SERVPERF 22 items measured using a 7 point likert scale ranging from strongly disagree to strongly agree; In addition, a 5 point scale question will measure the overall IT service quality.

The SERVPERF is measured using the following formula:

Figure III.2: SERVPERF Formula

The analysis of the overall service quality depicts a general view of the service performance and constitutes an introduction to a deeper analysis of the SERVPERF within which the following themes are recognized:

� Identify the GAP between the Service provider (IT department) and the customers by comparing the IT perception and the customer satisfaction in each mission

� Identify the enhancement of the IT perception

� Identify the improvement of the customer satisfaction

� Identify the impact of ITIL on the GAP between the Customer expectation and the Service perception

5.2 Validity and Reliability:

This case study produced concrete and context-dependant knowledge. Bent Flyvbjerg (2001) indicated that this kind of context-dependant knowledge rules out the possibility to emulate natural science in developing theory which is explanatory and predictive.

My 8 years of experience in the environment that is subject to study and the continuous feedback from the population about the IT services lead to a stimulated learning process where the effect and usefulness of research becomes clear and tested (Denzin, 2011). Moreover, I am equipped to identify misleading data that could affect the validity of the findings. Also, data extracted from internal documents and audit reports matched to the secondary research finding harden the accuracy of this study.

In the line with the standardization of services and in conformity with the role of peacekeeping missions, the IT department are alike, same structure, processes and services, across the different missions over the world. Therefore, the impact of adopting ITIL will be the same in all United Nations peacekeeping missions.

This study collected an amalgam of qualitative and quantitative data. The qualitative data is collected using the instrument SERVPERF. The reliability of each item in the 4 SERVPERF surveys is assessed using the standardized cronbach�s alpha.

6. Research Limitations:

It was remarked that the staff needed reassurance of the academic purpose of the surveys. However, many times staffs were reminded to participate and sometimes to explain the content and the purpose of the tools. It is an essential to spread the utility of the survey and explain its mechanism but it is a time consuming process.

Generally, the level of participation is very high comparing to what it is usually recorded in the past experiences when mission staffs are surveyed about mission related issues.

7. Conclusion:

This case study used a mix approach, qualitative and quantitative, to explore and analyse the impact of adopting ITIL practices and tools in United Nations peace keeping missions. Information was gathered from multiple sources and through diverse instruments.

IV. Data and Analysis:

1. Overview:

This case study employed a mix of qualitative and quantitative instruments to collect:

� IT department view and perspective on the challenges that enlarge the gap between the perception of service provider and the customer satisfaction.

� Measurement of the overall customer satisfaction and the overall perception of the IT departments about the quality of its performance in absence of ITIL

� Measurement of the customer satisfaction from the IT services using the SERVPERF in non ITIL environment

� Measurement of the IT department perception about its service using the SERVPERF in absence of ITIL

� IT managers view and evaluation of the impact of ITIL on IT Service processes and structure

� Measurement of the overall customer satisfaction and IT perception in presence of ITIL

� Measurement of the customer satisfaction about the IT services in presence of ITIL

� Measurement of the perception of IT department about the services it provides using the SERVPERF in presence of ITIL

� IT managers and technicians view of the different challenges that appears after the implementation of ITIL

The data analysis of these data sets permits the measurement and identification of the impact of ITIL on IT service management.

The IT department performance depends mainly on the quality of IT service management and on the level of satisfaction of its customers. Therefore, the enhancement of the IT service quality will obviously improve the IT department performance, improve the IT processes and IT resource utilization, and most importantly align the IT operations to the organization strategy.

Thus, the positive or negative impact of the ITIL practices and tools on the IT service management influence the IT department and organization performance.

2. ITIL in the Peacekeeping missions

Since 2010, the Information and Communications Technology Division is deploying ITIL practices mission by mission. Also, a service desk solution is implemented globally to enable a common technology that supports different customer requests and inquiries. This commercial service desk solution is built upon ITIL standards and provides the following features:

� Incident Management (IM) � Incidents are tracked and reported to the service specialist in the Service desk.

� Request for Service (RFS) � Service desks are able to track and manage request fulfilments (requests for new services).

� Problem Management (PM) � Problems are tracked and managed.

� Service Level Management � Service desks can define time based metrics and costs related to service level agreements (SLA). This allows service desks to track and manage their SLAs.

� Asset Management � Assets of any type are tracked, such as computers, monitors, etc. These assets are associated with customers of the service desk and the information is available to service agents when responding to incidents and requests.

� Preventative Maintenance Management �Any asset managed in the system has a preventative maintenance schedule associated with it.

� Self-Service Portal without approval - Customers can submit incidents and requests themselves. They can also obtain real-time status of their requests and provide additional information, without intervention of an agent. The portal also includes a knowledge base to answer questions customers might have regarding their service incidents and requests. The knowledge base is administered by your service desk.

� Self-Service Portal with approval � Same functionality of self-service portal without approval plus customers can submit requests themselves and have the request go through an approval process as a step in the submission, or after being received.

3. Peacekeeping mission without ITIL:

3.1 Service Management Practices:

In absence of ITIL or any other IT governance framework, the IT department in peacekeeping mission has no formal way of service management. However, the processes and procedures of IT services are run based on the UN IT corporate and local policies. This absence equals the absence of advanced tools to effectively manage the customer�s service calls.

3.2 Challenges:

The interviews conducted inside the mission lead to the identification of the following challenges:

� Unclear visibility and lack of proper monitoring of IT processes and resources

� Unsatisfactory resource utilization

� Repetition and redundant work

� Overload of customer request and shortage of staff

� No centralized processes and services

� No streamline of request and no proper escalation of work

� Efficiency and productivity of staff are unbalanced. There are staffs that are highly productive and other not. Plus, there is no advanced system to monitor the performance neither the efficiency of staff in a daily basis

� No documented knowledge from previous experiences. There is no formal knowledge base system.

� Weak client orientation. Most of IT staffs are technical oriented; they lack the customer service culture.

� Weak collaboration and coordination among IT elements

� Slow reaction of customers to change which impact the implementation new solutions and systems.

� No feedback on the processing of requests

3.3 Customers Satisfaction:

The customers of the mission, that is not using ITIL, answered a survey that evaluated their satisfaction from the IT services in a general way and measured their opinion of the 22 items of the SERVPERF. In this survey, two likert-scale rating systems were adopted. The first scale includes 5 point values that are [1= Very Poor], [2= Poor], [3= Average], [4= Good], and [5= Excellent]. The second scale is used to measure the values of the SERVPERF items and it is based on 7 points scale and it includes [1=Strongly disagree], [2= Disagree], [3= Somewhat disagree], [4= Neither agree or disagree], [5= Somewhat agree], [6= Agree], and [7= Strongly agree].

3.3.1 Overall Satisfaction:

In the absence of ITIL, the IT department is providing services whose quality is average (mean = 2.92). The high variance (=1.51) shows that IT has an unbalanced quality of service.

However, calculating this overall service quality as average depending the frequency of rating which fluctuates between Average to excellent (52%=19.5 % + 18.4% + 14.1%) and very poor to poor (45.4%= 8.7%+36.7%).

In absence of formal IT governance tools, the IT department is not able to provide a consistent service quality as illustrated in tables (IV.1 and IV.2).

3.3.2 IT Customer evaluation of Service Quality:

In table IV.3, we find out that highest values are recorded by the items Q2 (5.62) and Q1 (5.49) and the lowest ones are related to Q22 (3.22) and Q6 (3.71) which indicates that the organization provides equipments and facilities acceptable to the customer. On the other hand, the availability of services after working hours and keeping promises trigger unsatisfactory customer feedback.

The table IV.4 provides more clarification to the impressions noticed in the previous table. Indeed, it displays that, in the absence of IT governance frameworks, the IT service reliability, responsiveness and empathy are qualified as poor by the customers.

3.4 IT Perception:

3.4.1 Overall perception:

The table IV.5 displays that the IT department has a very satisfactory evaluation (mean = 4.86) of the overall quality of service they provide. This high satisfaction comes from the level of efforts they invest to serve the mission customers.

Variable Number of cases Mean S.E. Mean Std Dev Variance

Overall Satisfaction 7 4.86 0.26 0.69 0.48

Table: Valid cases = 7; cases with missing value(s) = 1; a = 0.97

Table IV.5: IT perception of the overall service quality

3.4.2 Perception of the IT service performance:

Table IV.6: SERPERF IT perception

Table: Valid cases = 7; cases with missing value(s) = 1; a = 0.97

Table IV.7: Values of Service quality dimensions from the SERVPERF IT perception

From the tables IV.6 and IV.7, it is obvious that IT staffs perceive the quality of services as elevated.

3.5 GAP:

3.5.1 GAP between overall customer satisfaction and overall IT perception:

In both the table IV.8 and the chart IV.1, we notice that there is huge gap between the customer satisfaction and the IT perception. This gap is due to the absence of IT staffs feedback to customers, weak collaboration among IT elements, lack of customer service oriented culture and in particular no centralization of services and streamline of requests.

Variable Customer Evaluation IT Perception GAP

Overall Service Quality 2.92 4.86 -1.94

Table IV.8: GAP between customer satisfaction and IT perception

Chart IV.1: GAP between Customer satisfaction and IT Perception

3.5.2 GAP between customer satisfaction and IT perception:

The table IV.9 shows that there is a negative gap 95.45% (21 of 22) of SERPVEPF items. United Nations uses the latest technology and facilities to support the peacekeeping operations. Therefore, the gap in tangibility takes the lowest value among the Service quality dimensions.

Table IV.9: Detailed SERVPERF GAP between customer satisfaction and IT perception

Chart IV.2: Chart of SERVPERF detailed GAP

Table IV.10: GAP of SERVPERF dimensions

Chart IV.3: GAP of SERVPERF dimensions

As illustrated in the charts IV.2 and IV.3, the challenges that IT department is encountering in absence of IT governance frameworks, results in negative GAP. The most negatively influenced are empathy, responsiveness, reliability and assurance.

4. Peacekeeping Mission with ITIL:

4.1 Practices:

Since one year, UNIFIL has adopted ITIL as a formal framework for the management of its services. Moreover, they use