Espacios. Vol. 36 (Nº 21) Año 2015. Pág. E-3

IT governance for public universities: Proposal for a framework using Design Science Research

Gobernanza de TI para universidades públicas: Propuesta de marco usando Diseño de Investigación en Ciencias

Isaias BIANCHI 1; Rui Dinis de SOUSA 2

Recibido: 10/07/2015 • Aprobado: 25/08/2015

Contenido

1. Introduction

2. IT governance frameworks

3. Proposal of a framework for universities

4. Expected Findings

5. Conclusion

6. References

1. Introduction

Information technology (IT) is a key element in support for sustainability and business growth, streamlining the routines supporting managers in making organizational decisions both at the operational level to the strategic level [De Haes and Van Grembergen 2009; De Haes et al. 2013]. Spremic, Bajgoric, & Turulja [2013] argue that organizations are dependent on information technology and to achieve goals and business objectives adopt mechanisms and IT governance practices to achieve quality in their services.

In the university context, the contributions and the impact that information technology generate for the teaching process in the generation of knowledge are invaluable, as a strong agent of change in educational practices of universities and indispensable tools in the knowledge society [Sarkar 2012]. Universities are complex organizations dependent on information technology to its technological infrastructure consists of a variety of applications, different platforms, academic systems, cloud applications and a heterogeneous range of technologies [Svensson and Hvolby 2012]. The governance of this complex environment to support the research, teaching, demanded the search for appropriate IT governance mechanisms such as maturity models and frameworks [Bajgoric 2014; Conger et al. 2008; Hicks et al. 2012]

IT governance is the instrument that allows control, management, structure and processes and the relationship of the organization's IT reaches the strategies and business objectives De Haes & Van Grembergen [2009],  Hicks et al. [2012] e Bajgoric  [2014] add that it is an essential instrument to assist corporate governance and meet the standards, legislation, strategies and organizational goals and achieve its mission.

A study of two hundred fifty organizations from twenty-three countries, pointed out that organizations have good IT governance models have superior performance by 20% in relation to their competitors[Weill and Ross 2004]. The research of Lunardi [2014] also concludes that organizations have adopted formal mechanisms of IT governance improved organizational performance in mediated profitability, efficiency and cost savings.

IT Governance can help manage this complex environment and is developed with a set of mechanisms involving structure, processes and relational mechanisms [De Haes and Van Grembergen 2004; De Haes and Van Grembergen 2005; De Haes and Van Grembergen 2009; Weill and Ross 2004] . Propose the most appropriate mechanisms for a given context is complex and depends on external and internal factors and mechanisms that can be effective for the organization, can not be effective and appropriate for other organizations [Brown and Grant 2005; De Haes and Van Grembergen 2008; Van Grembergen et al. 2004] .

The main research on IT governance are particularly restrictive to the industry in this sense, research in other environments, such as higher education, where the discussion of these issues is absent or incipient, is revealed as an opportunity starting from the knowledge gained in the industry. It stands out mainly in European countries and Latin America where there are presented articles on this topic, we can see the research opportunities compared to the models used in the industry are suitable for universities. The next section shows the main IT frameworks used by companies.

2. IT  governance frameworks

The development of an organization by the IT governance model is important; however, it is not an indicator that IT governance is being effective. Selecting a model and definition of what governance mechanisms used is the initial stage, the implementation of such mechanisms as an efficient solution is the main phase and bolder [Brown and Grant 2005; De Haes and Van Grembergen 2005].

The literature presents a variety of frameworks to help organizations implement IT governance. However, these frameworks are complex, complicated and difficult to interpret [Bin-Abbas and Bakry 2014; Pereira and da Silva 2011; Pereira and Silva 2010]. The statements of the authors demonstrate on the results of surveys.

A survey by IDC with 225 organizations includes the following standards used. Internal development of its own standards (43,6%); ITIL (27,1%); Six Sigma (23,6%);  ISO  20000  (14,7%);  COBIT  (12,9%);  CMM/CMMI  (8%); outro  (2.2%) [Broussard and Tero 2007].

Another survey by Tarantino [2008], it shows the following results. Framework developed internally by the company (33%) framework (33%); Not decided which one to use (22%); ISO 9000 (21%); ITIL (13%); COBIT (9%).

Recently, the research of  Lunardi [2014] in 101 Brazilian organizations that have publicly traded on the stock market, they identified the following IT governance mechanisms that organizations use: COBIT (54%), ITIL (44%), SOX (36%), internal solutions (32%) BS7799 / ISO17799 (27%), PMI (23%), SLA / SLM (18%), BSC / iT BSC (10%) Others (27%), which form part COSO (Committee of Sponsoring Organizations ); the IT service catalog; shared domain knowledge; Six Sigma; SOA (Service Oriented Architecture); the IT project-linked compensation practices; BPM (Business Process Management); ISO9000. ITIL and COBIT are the two main frameworks used as references by organizations implementing IT governance.

Ko & Fink [2010], Selig [2008] and  Van Grembergen [2007] claim that ITIL is a framework with all the necessary features to support IT governance.  J. Iden & Eikebrokk [2014] ITIL is a popular and influential framework for implementing IT governance. In the concepts of De Haes, Van Grembergen, & Debreceny [2013] say that trend is that organizations adopt COBIT as an official practice for IT governance.

However, they are seen by Bin-Abbas & Bakry [2014], Pereira & da Silva [2012], Pereira & da Silva [2011] e Pereira & da Silva [2010] as complex, generic and difficult to interpret without knowing what to implement first and what is actually needed for a given organizational context.

Thus, we can see a gap in the literature to identify which framework or which parts of those frameworks to be used to meet the needs of organizations on IT governance. The results of surveys show that organizations still choose to develop their own framework, taking advantage of the strengths of several benchmarks. The identification of each of the available frameworks requires effort and adoption as well.

M. Marrone et al. [2014] claim that the adoption of IT governance frameworks depends on different factors and, using the institutional theory in a study, point to the following factors: size of the organization, country and type of organization. Pereira & da Silva [2010] and Pereira & Silva [2012] agree further confirm that the implementation of IT governance depends on contingent factors as the organization's context, size and its characteristic, whether it is public or private, and relies on external and internal environment.

The research findings identified are limited to industry and mainly concentrated in Australia and the US in particular management practices of IT services. In Europe, the main works are Belgium and Portugal focused on IT governance in the financial industry De Haes & Van Grembergen  [2005] and  Ruben Pereira, Almeida, & Silva [2014], in Brazil Lunardi [2014] with the identification of IT governance mechanisms in organizational performance in industries.

In the process a literature review, we identified only work on the implementation of IT governance practices using ITIL, COBIT Saleh & Almsafi [2013], Wan & Chan[2008], Zhen & Xin-y [2007], Bhattacharjya & Chang [2006], without the concern of building a model based on references that detail address the governance mechanisms.

It is understood that IT governance goes beyond the limits of selecting a specific practice. The choice of good practice is a first step and important. The following phases are arduous and the identification of contingency factors and appropriate governance mechanisms to set a framework for a given context and the use of appropriate technological tooling, identification and benchmarking the effectiveness of the practices of other universities and a model that includes mechanisms needed to It is implemented in a university reality, which is not identified in the literature review.

3. Proposal of a framework for universities

Summarizing, the literature presents a study of deficit on IT governance, especially at universities, identifying mechanisms, models, practices and tools used in IT governance[Arshad et al. 2014; De Haes and Grembergen 2008; Haes and Grembergen 2008; Iden and Eikebrokk 2014] . 

Thus, this paper proposes a framework for IT governance to universities using design science research. The proposed framework is intented to describe the necessary mechanisms linked structures, processes and relationships to IT governance.

Different theories argue that to manage with effectiveness, efficiency interactions between people, technology and organization, it is necessary the use of information systems [Hevner et al. 2004]. In this sense, research on information systems need to be aligned with the business strategy, IT strategy, organizational infrastructure and the IT infrastructure. This combination allows for different organizations conduct business, making information systems become emerging tools for this embodiment.

Therefore, to solve organizational problems, a method that has gained popularity mainly in the areas of information systems is DSR - Design Science Research. The purpose of DSR is the development of innovative devices that generate knowledge for solving a specific problem domain [Hevner, March, Park and Ram 2004; Kuechler and Vaishnavi 2012].

The generated IT artifact may be perceived as a software, a software module, processes or methods of organizational information systems [Kuechler and Vaishnavi 2012]. One of the major key element concepts DSR before the investigations in information systems, is the possibility of new fields of research, conduct testing and validation of theories, or build new theories.

The purpose of this work is to develop a framework and solve a specific problem, in this case the IT governance of universities, it is considered that the DSR method is suitable for this work.

The DSR method is used in research in information systems, generally produce four artifacts. The main findings in the literature produced these artifacts are builders, models, methods and instantiations [Hevner and March 2003; Kuechler and Vaishnavi 2008; March and Smith 1995; March and Storey 2008]. The artifact of this paper created is a framework IT governance for universities. The steps suggested for the framework are of [Peffers et al. 2006].

1. Identification of the problem and motivation - The identification of the problem was through practical experience of the investigator and based on the literature review did not identify themselves references suitable for IT governance at universities. Considering the contingent factors and peculiarities of the university environment, to be pubic, requires processes and human capital dependent on information technologies need to be financially sustainable and it is recommended to adopt appropriate governance mechanisms.
2. Definition of goals for the solution - For the problem in question is intended to identify IT governance mechanisms in the literature and build an instrument the light of the theory to collect the data in the survey and case studies.
3. Design and development - The design and device development will be through literature review, survey and multiple case studies. The framework will be developed based on the mechanisms identified in carrying out the survey and interviews of case studies.
4. Demonstration - The artifact will be demonstrated with experts in a university in order to test their efficiency and effectiveness.
5. Evaluation - The evaluation of the proposed framework could be through a survey, interviews or workshops with the heads of information technology from universities or even academics and industry professionals.
6. Communication - The findings are published in conferences  and journals.

The steps suggested for the framework are:

• Identify in a literature review mechanisms that enable IT governance.
• Identify the mechanisms of IT governance used by universities with application of survey.
• To evaluate and compare the model used in IT governance between the best universities in the ranking of higher education based on the survey results.
• Compare the structures, processes and mechanisms of IT governance relationships in the universities.
• To propose an IT governance framework for universities based on the structure, processes and relational mechanisms identified in the survey, the case studies and the literature review; and
•  To assess the framework proposed by the experts and professionals in the field via survey, interviews and workshops.

The next section presents the main expected findings.

4. Expected Findings

The advantages of the construction and development of a framework based on the survey of specific data, are the characteristics and the essential mechanisms of IT governance that this framework should contain based on the identification of specific business reality in this case universities. The expected findings with a development of framework for universities are:

1. Contingency factors in specifically for the reality of the universities, which does not appear literature publications.
2. Identification of the structure, processes and relational mechanisms specific to the university environment.
3. Analysis of IT governance practices of universities and the grip level of these practices. Identification of tools, software used for IT governance.
4. Identify whether the information technology departments of universities adopt a culture based BPM.
5. Identification of key success factors as the country's characteristics, economics and organization size to implement IT governance mechanisms.
6. Innovation in business processes through the adoption of management and governance frameworks allowing the optimization of human and technological resources.
7. Standardization of used tools and benchmarking with other universities which thus identifying the most efficient technique for a given situation.
8. Allows control and audit in relation to technological resources and processes, obtaining a systemic vision and reallocation of resources.
9. Implementation using consolidated frameworks causes IT to be process-oriented allowing the identification of bottlenecks and opportunities.
10. Reference Guide to perform a benchmarking among IT governance mechanisms used by universities, thus generating knowledge about the tools and practices adopted by other universities

During the process of building a framework, we will need to identify the practices and experiences used in universities, key success factors of other frameworks, methods and mechanisms available in the literature, as well as lessons learned from case studies in similar environments.

5. Conclusion

IT governance is increasingly being used by organizations to help them achieve their goals and business objectives. In a study of two hundred and fifty organizations from twenty-three countries, pointed out that organizations have good IT governance models has superior performance by 20% over its competitors [Weill and Ross 2004].  The research of Lunardi [2014] also conclude that organization whicho one adopted formal mechanisms of IT governance improved the organizational performance in the measures of profitability, efficiency and cost reduce.

However,  Lunardi [2014] and Weill & Ross [2004] identify which IT governance brings benefits to the organization, the literature shows that currently there are few investigations and articles available on the subject of IT governance, especially with the implementation of frameworks and what the results and benefits of those in the organization's key business [De Haes and Van Grembergen 2009; Iden and Eikebrokk 2014].

Faced with this gap in the literature, this article presents a bibliographic study on the issues related to the governance of IT presenting the different frameworks and mechanisms for the implementation of IT governance.

Different researchers claim that to implement the IT governance requires a combination structure of mechanisms, processes and relationships [De Haes and Van Grembergen 2004; De Haes and Van Grembergen 2009; Peterson 2004; Weill and Ross 2004]. 

De Haes & Van Grembergen [2009],  Peterson [2004] they have been in the financial industry. The authors also point out that, due to contingent factors the mechanisms that are effective for the financial industry may not be effective in another context, in this case to the university context.

The construction and identification of appropriate mechanisms for IT governance in an organization are carried out by means of case studies in a specific context. In the case of the identified work De Haes & Van Grembergen  [2008] , Brown & Grant [2005] they argue that a universal model for IT governance is nonexistent. Accordingly, suggest that for building a model it is necessary to identify a specific mechanisms for organizational context. In the present review did not identify up articles indexed in databases that propose mechanisms for universities.

The DSR research method means that is most appropriate for this study, since the goal is to generate a framework with appropriate mechanisms for universities govern information technology. Noteworthy is that in addition to the artifact to be generated in this work help solve a specific problem domain, intended to be something useful and to assist universities to govern IT effectively and efficiently, through mechanisms, appropriate tools and techniques to assist managers in this process.

References

Arshad, Y., Ahlan, A.R. AND Ajayi, B.A. 2014. Intelligent IT governance decision-making support framework for a developing country's public university. Intelligent Decision Technologies 8, 131-146.

Bajgoric, N. 2014. Business continuity management: a systemic framework for implementation. Kybernetes 43, 156-177.

Bhattacharjya, J. AND Chang, V. 2006. Adoption and implementation of IT governance: cases from Australian Higher Education.

Bin-Abbas, H. AND Bakry, S.H. 2014. Assessment of IT governance in organizations: A simple integrated approach. Computers in Human Behavior 32, 261-267.

Broussard, F.W. AND Tero, V. 2007. Configuration and Change Management for IT Compliance and Risk Management: The Tripwire Approach. White Paper. IDC.

Brown, A.E. AND Grant, G.G. 2005. Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems 15, 38.

Conger, S., Winniford, M. AND Erickson-Harris, L. 2008. Service management in operations. AMCIS 2008 Proceedings.

De Haes, S. AND Grembergen, W.V. 2008. Analysing the relationship between IT governance and business/IT alignment maturity IEEE, 428-428.

De Haes, S. AND Van Grembergen, W. 2004. IT governance and its mechanisms. Information Systems Control Journal 1, 27-33.

De Haes, S. AND Van Grembergen, W. 2005. IT governance structures, processes and relational mechanisms: Achieving IT/business alignment in a major Belgian financial group IEEE, 237b-237b.

De Haes, S. AND Van Grembergen, W. 2008. An exploratory study into the design of an IT Governance minimum baseline through Delphi research. Communications of the Association for Information Systems 22, 24.

De Haes, S. AND Van Grembergen, W. 2009. An exploratory study into IT governance implementations and its impact on business/IT alignment. Information Systems Management 26, 123-137.

De Haes, S., Van Grembergen, W. AND Debreceny, R.S. 2013. COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems 27, 307-324.

Haes, S.D. AND Grembergen, W.V. 2008. Analysing the relationship between IT governance and business/IT alignment maturity IEEE, 428-428.

Hevner, A.R. AND March, S.T. 2003. The information systems research cycle. Computer 36, 111-113.

Hevner, A.R., March, S.T., Park, J. AND Ram, S. 2004. Design science in information systems research. MIS Quarterly 28, 75-105.

Hicks, M., Pervan, G. AND Perrin, B. 2012. A study of the review and improvement of IT governance in Australian universities.

Iden, J. AND Eikebrokk, T.R. 2014. Using the ITIL Process Reference Model for Realizing IT Governance: An Empirical Investigation. Information Systems Management 31, 37-58.

Ko, D. AND Fink, D. 2010. Information technology governance: an evaluation of the theory-practice gap. Corporate Governance: The international journal of business in society 10, 662-674.

Kuechler, B. AND Vaishnavi, V. 2008. On theory development in design science research: anatomy of a research project. European Journal of Information Systems 17, 489-504.

Kuechler, W. AND Vaishnavi, V. 2012. A framework for theory development in design science research: multiple perspectives. Journal of the Association for Information systems 13, 395-423.

Lunardi, G.L., Becker, J.L., Maçada, A.C.G. AND Dolci, P.C. 2014. The impact of adopting IT governance on financial performance: An empirical analysis among Brazilian firms. International Journal of Accounting Information Systems 15, 66-81.

March, S.T. AND Smith, G.F. 1995. Design and natural science research on information technology. Decision support systems 15, 251-266.

March, S.T. AND Storey, V.C. 2008. Design science in the information systems discipline: an introduction to the special issue on design science research. Management Information Systems Quarterly 32, 6.

Marrone, M., Gacenga, F., Cater-Steel, A. AND Kolbe, L. 2014. IT service management: A cross-national study of ITIL adoption. Communications of the Association for Information Systems 34, 865-892.

Peffers, K., Tuunanen, T., Gengler, C.E., Rossi, M., Hui, W., Virtanen, V. AND Bragge, J. 2006. The design science research process: a model for producing and presenting information systems research, 83-106.

Pereira, R., Almeida, R. AND Silva, M.M.d. 2014. IT Governance Patterns in the Portuguese Financial Industry. In 47th Hawaii International Conference on Systems Sciences, HICSS IEEE, Hawaii, USA., 4386-4395.

Pereira, R. AND da Silva, M.M. 2011. A maturity model for implementing ITIL V3 in practice. In Enterprise Distributed Object Computing Conference Workshops (EDOCW), 15th IEEE International IEEE, 259-268.

Pereira, R. AND da Silva, M.M. 2012. Designing a new Integrated IT Governance and IT Management Framework Based on Both Scientific and Practitioner Viewpoint. International Journal of Enterprise Information Systems (IJEIS) 8, 1-43.

Pereira, R. AND da Silva, M.M. 2012. IT Governance Implementation: The Determinant Factors. Communications of the IBIMA 2012.

Pereira, R.F.d.S. AND Silva, M.M.d. 2010. A maturity model for implementing ITIL v3. In 6th World Congress on Services, I.C. Society Ed. IEEE Computer Society, 399-406.

Peterson, R.R. 2004. Integration strategies and tactics for information technology governance. Strategies for information technology governance, 37-80.

Saleh, J.M. AND Almsafir, M.K. 2013. The Drivers of ITIL Adoption in UNITEN. In Advanced Computer Science Applications and Technologies (ACSAT), IEEE Ed. IEEE, 479-484.

Sarkar, S. 2012. The role of information and communication technology (ICT) in higher education for the 21st century. Science 1, 30-41.

Selig, G.J. 2008. Implementing IT Governance-A Practical Guide to Global Best Practices in IT Management. Van Haren.

Spremic, M., Bajgoric, N. AND Turulja, L. 2013. Implementation of IT Governance Standards and business continuity management in transition economies: The case of banking sector in Croatia and Bosnia-Herzegovina. Ekonomska Istrazivanja-Economic Research 26, 183-202.

Svensson, C. AND Hvolby, H.-H. 2012. Establishing a Business Process Reference Model for Universities. Procedia Technology 5, 635-642.

Tarantino, A. 2008. Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. John Wiley & Sons.

van Grembergen, W. 2007. Implementing Information Technology Governance: Models, Practices and Cases: Models, Practices and Cases. IGI Global.

Van Grembergen, W., De Haes, S. AND Guldentops, E. 2004. Structures, processes and relational mechanisms for IT governance. Strategies for information technology governance 2, 1-36.

Wan, S.H.C. AND Chan, Y.-H. 2008. Improving service management in campus IT operations. Campus-Wide Information Systems 25, 30-49.

Weill, P. AND Ross, J.W. 2004. IT governance: How top performers manage IT decision rights for superior results. Harvard Business Press.

Zhen, W. AND Xin-yu, Z. 2007. An ITIL-based IT service management model for chinese universities. In International Conference on Software Engineering Research. , 493-497.

1. University of Minho, Campus of Azurem, Guimaraes 4800-058 , Portugal

2. University of Minho, Campus of Azurem, Guimaraes 4800-058 , Portugal