The Role Of Corporate Governance

Published Date: 02 Nov 2017

1. Overview:

The term "governance" was used a few years ago to designate how the government handled the economic and social resources of a country to develop. Then extended to the world of business leaders, it is now widely cited for the IT function. The concept is not new and was given a wide variety of definitions but the tendency was to define it as the process by which decisions are made and are either implemented or not.

Governance is a concept sometimes controversial, as defined and understood so diverse and sometimes contradictory. However, despite the multiple uses of the word, it seems to cover similar themes of "good governance". Recently this term "good governance" has emerged with the international organizations United Nations (UN) and the World Bank (WB) as their major donors are more and more requesting the adoption of good governance as basis for their loans and aids contribution. For example, the UNDP, United Nations Development Programme, (1997) notes that:

�Good governance is, among other things, participatory, transparent and accountable. It is also effective and equitable. And it promotes the rule of law. Good governance ensures that political, social and economic priorities are based on broad consensus in society and that the voices of the poorest and the most vulnerable are heard in decision-making over the allocation of resources� (UNDP, 1977).

Therefore, the UN and WB designed eight major characteristics of good governance as illustrated in the figure underneath:

Figure II.1: Characteristics of good governance

Participation:

All concerned parties are supposed to directly and legitimately take part in decision making

Rule of law:

It stipulates just legal frameworks that are enforced impartially.

Transparency:

It indicates that decisions taken must be enforced in conformity with rules and regulations.

Responsiveness:

All stakeholders must be served in a reasonable time frame.

Consensus oriented:

To achieve the goals, a broad consensus must be reached between all the related actors on what is in the best interest of all.

Equity and inclusiveness:

All concerned parties must be ensured to have a stake in their enterprise and an interest to its improvement.

Effectiveness and efficiency:

To achieve good governance, all resources and potentialities must be efficiently deployed and effectively used to meet the needs of the enterprise.

Accountability:

To have good governance, accountability must be connected to transparency and the rule of law; leaders must be accountable to their stakeholders and those affected by their decisions.

From the different contexts of governance, our research paper will focus on the IT governance but before to dive into it we must have a look at the corporate governance.

2. Corporate governance:

According to Kostyuk, Braendle and Apreda (2007) findings, the term corporate governance has a narrow and broad definitions depending on i) shareholders perspective which is based on the concept that management run the corporation for the sole interest of its shareholders and on ii) stakeholder perspective which take account of other constituents; Narrowly, the corporate governance depends upon the relationship between the corporate managers, boards of directors, shareholders and in same case the society; Broadly, corporate governance concerns the adoption and combination of laws, rules, regulations and best practices for the sake of attracting capital, performing efficiently, generating profit and meeting the legal and social obligations.

Blanpain et al (2011) state that the first documented use of corporate governance was by Richard Eells in 1960. However, Becht, Bolton and R�ell (2002) claim that the concept of corporate governance is older and it was in use, since the beginning of the 20th century, in finance textbooks.

2.1 The role of corporate governance:

Corporate governance leads to reduce long-term support costs. Organizations with no effective corporate governance are subject to a heightened risk exposure and low performance.

According to Stemberg (1998), cited in Kostyuk, Braendle and Apreda (2007), the corporate governance defines the ways that ensure the alignment of corporate actions and resources to achieving corporate objectives established by the corporation�s shareholders.

An organisation with bad corporate governance urges capitals and investors to flow to other countries. A good corporate governance results in an appropriate accountability to stakeholders.

2.2 The pillars of corporate governance:

The pillars, illustrated in figure II.2, constitute the basis of the corporate governance.

Figure II.2: Pillars of Corporate Governance

Accountability: accountability establishes and maintains the alignment of managerial and board and shareholders in a relationship of the first is accountable for the second and the latter is accountable for the third.

Fairness: fairness characterizes a relationship of protection and equity of shareholders' rights and the fact of precluding any kind of violations and providing redress in case of any.

Transparency: Bennis et al (2010) perceive that the term transparency covers integrity, honesty, ethics, candour, full disclosure, legal compliance and any other thing that leads to fair conduct. Therefore, it is achieved by prompt and accurate information release.

Independence: all procedures should be taken independently to avoid contradiction and conflict of interest that may affect the continuity of corporate governance and this can be realised only by freeing directors from any kind of influence.

As aforesaid, corporate governance is considered to represent the process of managing the company business in order to improve the accountability and to direct the resources and action of the corporation towards the achievement of the corporate objectives set by the shareholders. Therefore, IT governance is considered as sub class of the corporate governance.

3. IT governance (ITG):

The term IT governance is perceived as the process of management and control of IT services and its levels acceptable to business. It stipulates the alignment to the business needs through direct problem support and fixing. It is also designed to define the different aspects of IT change and to define the project management and control. This context of governance covers the compliance of IT change process with regulations and with the deployment of IT staff. IT governance is the way to link between IT resources to the enterprise goals and strategies through frameworks that provide perfect practices for implementing, planning and monitoring IT performance; that is to say, IT governance is the way in which businesses achieve good results through aligning between its goals and objectives and IT resources.

It governance, as mentioned above, is a subset of corporate governance and is related to other subsets of corporate governance, as illustrated in figure 2, such as product development governance that coincides with It governance and that both of them shares the same subset the development governance (Maria Ericsson, 2007).

Figure II.3: Types of governance relationships within an enterprise (Maria Ericsson, 2007).

3.1 The role of IT governance (ITG):

IT governance provides competitiveness to business as it affects the business performance. IT governance increases the business productivity and quality. This role can be detected only through systematic surveys such as the ones we have conducted in our organisation to measure and improve the IT resource.

IT governance provides the business with the tools to outperform all its competitors. It also helps to ensure that the business performance realizes the promised benefits and to enable IT resources to be used effectively. It identifies the standards to follow and design the structure of the responsibilities by establishing effectiveness measures for the executive management to monitor the performance.

3.2 The pillars of IT governance (ITG):

The building of effective IT governance cannot stand without challenges as to implement IT governance; to achieve the strategic goals and realise IT vision, we must follow the process of top-down approach. The following fundamental pillars of IT governance characterise this approach. These pillars are vital to the organisation's governance process to pass from IT as a business cost to IT as a value.

3.2.1 Enterprise Architecture

Project management always looks for an effective architecture governance that reduces longer-term support costs and provide the IT component with the appropriate tools to meet the organisation's needs. The pressures for capabilities delivery never synchronizes with the long-term strategic objectives and goals.

3.2.2 Portfolio Management

Portfolio management is a process that provides a metrics to assess the value of IT investments and an organization, to manage high project demand with limited resources, is supposed to have a portfolio that yield the most business value. This process is a timing which should not exceed the limits neither little nor to too much as establishing a portfolio that responds on a balanced basis.

Enterprise architecture uses IT Portfolio management to determine the optimal roadmap from the current enterprise architecture to future enterprise architecture. It enables enterprise architecture to identify where value is wasted. It helps maximizing the value of IT investments while minimizing the risk.

3.2.3 Information Risk and Security

The IT security risk management life cycle focuses on the proper identification, assessment and report of information risk. Governance of policies and frameworks is demanded more and more due to the diversity of risks experienced by the organisation. It informs about the way of performing risk assessment regarding emerging threats and vulnerabilities, identifying the current level of risk and reporting the situation to the senior management.

4. The principles of IT governance (ITG):

IT Governance is grounded by the following principles:

4.1 IT Strategic Alignment

IT governance aligns the enterprise strategy and IT by creating the necessary structures and processes around IT investments. Aligning IT to enterprise strategy results into the delivery of sustainable business value and the ensuring that IT governance is properly functioning to achieve this.

IT Management ensures that strategic projects are aligned with strategic business objectives and they are subject to be approved, funded, and prioritized. Alignment works to realize the balance between business investments, business grow and business ability of transformation. So, a successful IT strategic alignment means maintaining a perfect relationship between IT and business.

However, aligning IT and business strategy always stands as one of the top challenges that business executives and CIOs have struggled to achieve but little progress seems to be made. No matter how the economic conditions are, enterprises are required to maximize value from IT investment as enterprises with strong IT strategic alignment practices deliver better value Henderson (1993).

4.2 Value Delivery

It refers primarily to how IT delivers appropriate quality on-time and within budget; it represents the investment strategy and how those investments are to be realized in the business. This arrangement ensures that IT delivers value to the business by focusing on cutting costs and showing the value of IT through things such as improving customer satisfaction, increasing revenue, growing market share, and decreasing expenses. The IT value exposes the relationship between the objectives and outcomes as the strategic goal is to create value via IT through enabling the business to develop innovative services that result in IT value and customer satisfaction for the sake of transforming the equation from intangible assets into tangible results. So, the mission is to enable IT to add value to the business and mitigate risks, to deliver the expected return from IT investments, to ensure all parties in the chain from supply to disposal of IT services and goods apply good governance principles and to monitor and enforce good governance across all suppliers (Henderson, 1993).

4.3 Resource Management

The resources of a company incorporate equipment, financial resources and human resources. The IT function significantly optimizes company resources in terms of infrastructure and human resources. As already mentioned, one of the key component of IT governance is the right use and management of the enterprise resources to create value. The good management of resources is to effectively deploy staff depending on their skills to open opportunities for various lines of business and to avoid overabundance and ensure employees are assigned to right tasks. Thus, the mission of this principle is the optimisation of resources usage and leverage knowledge, the effective management of the information assets and the guarantee of information and systems integrity and availability through the implementation of disaster recovery and business continuity mechanism.

4.4 Risk Management

IT risk management is to evaluate risks relating to technology used in your organisation and how you are supposed to mitigate that risk. IT risks include security risks and project failure risks. Risk management concerns the implementation of a risk framework that sets discipline and rigour on how IT risk is measured, accepted and managed. Risk management automates the IT risk assessment process and generates risk management reporting mechanisms to increase the awareness of the IT security staff on the risks and their impact on the organisation, to augment the level of service and to justify the required investments for strategic prevention and recovery solutions. This kind of reporting mechanisms increases the ability to identify the potential of IT failures and as such perform an intervention to control and mitigate the risk. The challenge resides in not being able to detect the risk at an early stage which becomes an IT failure. So, the mission of this principle is to minimise risks, to implement a risk management process, to conform to applicable laws and regulations, to maintain an IT risk record, to perform continual risk assessments, to consider and implement appropriate risk responses and to implement an information security strategy (IT Governance Network, 2009).

4.5 Performance Management

Performance management is one of the best practices within IT governance. The need for performance management begins within IT. This principle is used to make grasp the rationale behind the relationship between IT and business through taking into consideration alignment, benefits and risks and through proving the importance of IT in the business and its users. It can also tracks and monitors the implementation of business strategy via project completion, service delivery and process performance. IT performance management is aimed at identifying and quantifying IT costs and IT benefits by using automated systems providing performance data and information. Its mission, therefore, is to measure and manage IT performance via implementing processes to ensure the report of IT performance to the IT senior management and to the board of directors (De Haes, 2005).

5. IT Governance and IT Service Management:

Service management represents set of processes and capabilities of the organisation that cooperate to provide value to customers and to ensure the quality of live outcomes in the form of services. It is expected to deliver services which enhance business process through improving the effectiveness and the efficiency of the business, reducing the costs and risks. Service management leads to governance and as such IT service management leads to IT governance. IT Service Management concerns the delivery and support of IT services that are required for the organization business. IT governance is realized only when IT and strategic organization objectives are aligned, internal processes are executed effectively and efficiently, risks are managed and eliminated, costs are reduced and performance is measured. More to the point, IT service management focuses on the definition, management and delivery of IT services via IT operations to empower customers achieve their outcomes (Galup et al, 2009). IT service management enables the management of the IT services in a systematic approach through the complete IT services lifecycle from the design to the continuous improvement and allows the alignment of IT services and functions to the organization strategy (Marrone and Kolbe, 2010, p.365). According to Marrone and Kolbe (2010), the focal point of the management of IT services is on the costs of the whole lifecycle and not simply focussing on the cost one part lifecycle.

5.1 The changing role of IT:

The role of IT has changed throughout the years. It has begun serving as a technology provider to finish its role as the backbone of all business. The existence of IT in life of every enterprise has become more essential and thus this new role influences its function in the life of the enterprise as illustrated in figure II.4:

Figure II.4: Evolution of the IT Function within organizations (Sall�, 2004).

As depicted in the figure above, Sall� (2004) shows that IT organizations follow a three stage approach, in which each stage builds on the others; it begins with IT infrastructure management (ITIM) stage, during which the IT organizations concentrate on enhancing the management of the enterprise infrastructure. The infrastructure management seeks the maximization of the IT assets return and the control of the infrastructure including hardware, software and data. Then the IT evolves to the other stage of the IT service management (ITSM), in which the IT identifies the services needed by its customers and focuses on the delivery of those services to attain availability, performance, and security requirements (Sall�, 2004). To reach the final stage as illustrated above, the (20) IT evolves to the management of IT business value or the IT governance. In this stage, where IT evolves from technology provider into strategic partner and during which (27) IT processes fully integrates the phases of the IT service lifecycle resulting in service quality improvement and business agility and as such IT is managing internal and external service-level agreements to meet agreed-upon quality and costs targets (Sall�, 2004).

The IT mission in an organization is changing; many say that within small number of years, the role of information technology role has become to enable the growth of revenue. With the expansion of IT�s mission to be extended to accommodate revenue generation, it is becoming a corporate mandate. IT strategy, therefore, becomes more thoroughly aligned with the overall business objectives. Now, IT cooperates and partners with other departments, and not serves them as before. This expansion and change of role does not mean that the mission to improve cost efficiency will wane since priorities still contain reducing operational costs (Young, 2004).

The role of IT within an organization has changed from being a server to a provider of services to customers and continues to evolve. The changing role of IT as it has moved to a �T-shaped� IT Operations. That is to say, IT Operations can no more think in the vertical part of the �T�, in technical terms about storage, servers and network infrastructure; they, from then on, have to take into account the increasingly complex business perspective or the horizontal part of the �T�. Now more than ever, IT and business functions need to partner to deliver solutions besides technology. IT becomes a way to become a factor for differentiating and attaining prosperity and competitive advantage. For IT to achieve this stage, it has adopted an IT service management and has established IT Governance that aligns IT to the company objectives (Van Grembergen and De Haes, 2009).

To sum up, IT organizations has progressed from provider of technology to a provider of service which stipulates that services destined to customer are the focal point of IT Management. IT�s role has become to enable revenue growth and IT cooperates and partners with other departments, and not serve them as before (Young, 2004).

5.2 The dissimilarities of IT governance and IT service management:

The IT Governance, as defined above, is the way to link between IT resources to the enterprise goals and strategies through frameworks that provide perfect practices for implementing, planning and monitoring IT performance; However, IT Service management is a set of organisation processes and capabilities that cooperate to provide value to customers and to ensure the quality of live outcomes in the form of services; it focuses on the delivery and support of IT services required by the business. The difference between IT Service Management and IT Governance has been subject to confusion. For instance, the main concern of IT Management is the efficiency in providing IT services and the effectiveness in managing IT operations, however, for IT Governance to meet business challenges, it has to participate in introducing the performance of business (Van Grembergen, 2004).

Figure II.5: (26) Relationship between IT Governance, ITSM and IT operations and services (Sall�, 2004).

Sall� (2004), in the figure above, models the relationship between IT Governance and IT service Management. IT governance is realized only when IT meets the strategic objectives trough the efficient and effective execution of internal processes, the management and elimination of risks, the reduction of costs and the measurement of performance. IT governance aims to align the IT function to the business objectives, which are defined by the enterprise governance, which basis the definition of goals and performance metrics for the effective management of IT. In the meanwhile, the auditing processes are set up so as to measure and analyse the organization performance (Sall�, 2004).

During the transition of organizations from technology providers to strategic partners, they need to consider the IT governance frameworks and their influence on IT service management.

6. IT governance frameworks:

The core aim of IT governance is the effective and efficient alignment of Information Technology and business strategies. The choice to adopt IT governance in a business intends to ensure efficiency, to reduce costs and to increase control of IT infrastructure (Wessels and Loggerenberg, 2006). The evolution of IT from a provider of technology to a provider of services entails taking a different perspective on IT management (Sall�, 2004). In order to enable IT departments or organizations transiting to the strategic partner position, numerous IT service management frameworks and methodologies have emerged for the evolution of the maturity of Service Management. As IT management had witnessed its dark time during the seventies; since there was no acquaintance of the notion IT systems management but the focus was only on IT operations. After the emergence, in the 1980s, of the Network Management and Application Management disciplines as main drivers of the IT management and the creation of the Network management standard �Simple Network Management Protocol� (SNMP), it became necessary to develop a comprehensive management framework of the IT function. Amongst the Information Technology governance frameworks, we find the widely adopted standard �Information Technology Infrastructure Library� (ITIL); since its development in the late 1980�s, it has proved its usefulness through all sectors and become the de-facto standard in IT Service Management (CAI, 2008). The power of COBIT resides on being the best to balance the organizational IT goals and business objectives (Webb, Pollard and Ridley, 2006). The third major framework is the ISO 17799 which has been developed by the International Organization for Standardization, based on the British Standard 7799, to be the Information Technology Code of Practice for Information Security Management (Symons and al, 2005). It is essential to notice here (10) that COBIT and ISO 17799 share a limited amount of functionality (Van Grembergen, 2003).

Even though that each framework emerged with its own strengths and limitations, its own focus and purpose, they, except few of them, revolve around ISO standards. However, these frameworks are designed to improve the efficiency of the IT function and to gain maximum benefits for it; for instance, COBIT and ITIL may play the role of identifying IT activities alignment with the objectives. What is more challenging is the fact of managing effectively and efficiently the use of IT resources within each framework and keeping each one aligned with the organisation's strategic objectives (Patel, 2002).

Indeed, the majority of IT governance frameworks are complementary, but each with strengths in different areas. The Three frameworks are reviewed in the coming sections with an in-depth analysis to the infrastructure library (ITIL).

6.1 COBIT framework:

6.1.1 The scope:

IT Governance Institute (ITGI) developed, in 1996, the COBIT (Control Objectives for Information and related Technology) framework with the main focus of developing clear policies and good practices for security and control in Information Technology (IT Governance Institute, 2004). IT Governance Institute (2007) offers IT departments and organizations, through the adoption of COBIT, a set of good practices, which represent the consensus of experts, with clear structure and process model presenting activities in manageable and logical structure. However, it is strongly focused on control as illustrated in figure II.6.

Figure II.6: COBIT Framework (ITGI, 2007)

IT Governance Institute (2007), in the COBIT 4.1 executive summary document, presents the COBIT principles in a continuous and circular flow where the business requirements derive the demand for IT resources that are used by the IT processes to deliver the Enterprise information which responds to the business requirements. These principles are described in the figure II.7.

Figure II.7: COBIT Principles (ITGI, 2007)

As illustrated in the figure II.8, COBIT model is perceived in a three dimensional perspective where the visible surfaces represent business requirements, IT resources and IT processes. Each of these three components relates to the two other connecting dimensions.

Figure II.8: COBIT Cube (ITGI, 2007)

The IT resources component of the COBIT cube represents the enterprise IT assets including its staffs, the information systems, the used technology, the IT infrastructure facilities and the generated data (Moeller, 2010).

The management of IT resources considers three levels of IT efforts that start at the bottom and working up level by a series of activities and tasks needed for the achievement of measurable results. Joined activities and tasks represent processes which are located at one level up in the second. In the highest and third level, processes are grouped together by the nature of responsibility into domains in line with the management cycle of IT (IT governance Institute, 2005). COBIT defines four domain areas that comprise the Planning and Organization covering the strategy and tactics that enable IT to participate in and support the achievement of strategic business objectives; the acquisition and implementation where IT solutions are identified, developed or procured and deployed with the business processes; the delivery and support of required services, applications and facilities; and the monitoring and evaluation covering the internal and external control processes (Moeller,2010).

The third dimension concerns the business requirements which define seven criteria areas including effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability that constitute the basis against which the IT systems and processes are evaluated (Moeller, 2010).

6.1.2 The limitations of COBIT:

Among the limitations of this framework, we can cite that it takes considerable time to implement and analyse it. COBIT cannot be used alone due to its shortcomings in terms of technical details. It requires high level of expertise and skill due to its width and complexity. The COBIT framework is very much generic. It only documents the directions that IT must follow and not how to follow these directions. COBIT, like ITIL, also fails to address software development life cycles. The main shortcoming of COBIT is that it does not cater for continuous process improvement.

Overall, COBIT is both a comprehensive framework and a structured management approach for aligning resources with the strategic objectives of the company. It is a unifying tool that combines within its process inputs from other standards such as ISO 17799, ITIL. Among the benefits to the adoption of COBIT as an IT governance framework, we find a greater cohesion between IT and business, better perception of management inputs from the computer and a better understanding of all stakeholders through a common language.

6.2 ISO 17799 framework:

6.2.1 The scope:

The International Standards Organization, an international body that develops and publishes well-recognized international standards covering wide ranges of areas and businesses, issued the Information Security Standard ISO 17799 that comprises a comprehensive set of controls including best practices in Information security (Computer Security News, 2010).

The ISO 17799 framework defines the information as an asset that needs suitable protection due to the increasing number of vulnerabilities and threats that appeared with the increase of interconnectivity and the fast growing of the IT technology. The intent of the standard is to protect the information from the wide range of threats in order to ensure business continuity, risks mitigation, return on investment and to support the business in the value and opportunities creation (ISO/IEC 17799, 2005).

The ISO/IEC 17799 (2005) manual defines a set of controls that include policies, processes, procedures, organization structures and IT functions. The establishment, implementation, monitoring review and improvement of those controls maintain the competitive edge and ensure that security meets the organization business objectives.

ISO 17799 remains a security-centred standard and cannot provide IT governance means alone. Due to its relevance, parts of the standard can be used to build the IT governance framework or combined with another framework to complete the IT governance function. The figure II.8 presents a visual overview of the structure and content of the 17799 standard.

Figure II.8: ISO 17799 Security Plan. (Mind mapping ISO17799:2005, 2007)

6.2.1 The limitations of ISO 17799:

In this framework, the bad experience of accreditation bodies in relation to the specific issues in IT security systems leads to a devaluation of the accreditation process. The implementation of framework does not reduce significantly the risk for security violation and theft of confidential information.

Our research paper aim is to gain an understanding on the impacts and benefits of implementing ITIL specifically on IT service management and generally on organization. This research paper will focus on the challenges that face the IT department in United Nations peacekeeping missions and on the impacts and benefits from the implementation of ITIL framework at various levels. ITIL, therefore, will be highlighted more than the previous frameworks due to its importance to our organisation.