2 IT Governance - Structures, Processes, and Relationships in IT Decision-Making

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

2 IT governance Structures, processes, and relationships in IT

decision-making

Business processes in contemporary companies often heavily rely on the supporting


information systems. Moreover, today, many innovations are to a considerable extent based
on new IT capabilities. In order to warrant the continuous support of existing information
systems as well as the development of new IT-based solutions, organizational units are
required that provide the corresponding skills and resources. In the following, the term
information systems function (shortly IS function) will be employed in order to refer to the
entity of these organizational units within a firm.27 The dispersion of IT competencies
throughout the organization and the structuring of the IS function have been widely discussed
in the information management literature. However, due to the rapid development of
information technology, the role and structuring of IS functions has been subject to constant
changes over the past decades.

In this chapter, major developments concerning the structuring and organization of the IS
function will be discussed and the existing body of IT governance research will be presented
in brief. As IT project portfolio management is embedded into a wider organizational context,
it is vital to consider IT governance from a broad perspective when investigating
organizational requirements for IT project portfolio management.

Section 2.1 contains a brief discussion of historical developments in corporate IS functions.


Following, in section 2.2, the key terms centralization and decentralization are introduced in
the context of the organizational integration of the IS function. The common perception that
different fields of activities of the IS function require different decision-making arrangements
has led to the notion of the term IT governance. The corresponding transition in literature
towards contemporary IT governance conceptions is described in section 2.3. Findings from
the IT governance literature are discussed in section 2.4. Finally, in section 2.5, the
requirement for alignment between the IS function and different business units is discussed in
order to provide the theoretical foundation for a later discussion of coordination mechanisms
in the context of IT project portfolio management.

2.1 Historical developments in corporate IS functions


Studies on the structuring and the organizational integration of the IS function have a long
history in information systems research. Historically, the role and the internal organization of

27
This is in accordance with the predominant use of the term in the relevant literature.

T. Frey, Governance Arrangements for IT Project Portfolio Management,


DOI 10.1007/978-3-658-05661-2_2, Springer Fachmedien Wiesbaden 2014
8 IT governance

corporate IS functions has been largely influenced by rapid developments in information


technologies and the growing pervasiveness and heterogeneity of IT.28

The early days of IT were characterized by large mainframe systems providing computational
resources for the entire company. Accordingly, corporate IS functions offered central services
and, therefore, were usually centralized to a large degree.29 When, at the beginning of the
1980s, minicomputers became available and, later, personal computers were introduced,
computational resources became more and more dispersed to decentralized units in many
companies.30 This in parallel led to a stronger decentralization of IS functions as local units
required local IT support for their information systems.31

Since the mid-1980s, rapidly falling prices for computer equipment and growing
computational performance lead to a fast adoption of information technology, but at the same
time resulted in rather chaotic system landscapes. In turn, many companies began to
recentralize their IS function.32 However, at this time, new forms of centralization emerged
that differed significantly from the kind of centralization in IS functions observable during the
initial phase.33 As IT became more pervasive in most companies the role of IS functions
changed. While in the 1960s and 1970s decisions about IT resources were made at the
locations where these resources resided, this was not necessarily the case anymore in the
1990s. Consequently, new governance arrangements for IT emerged. These were
characterized by centralized control over decentralized resources and coordination through
standardization.34

Due to technical and organizational innovations, the IS functions over time became
responsible for new fields of activities. In many companies, decentralized decision-making
had led to complex system landscapes causing huge operational costs. In order to simplify
these system landscapes and to provide for flexibility at the same time, IS architecture
management became an important task of the IS function.35

28
Although the developments in corporate IS functions certainly differ from company to company, there have
been a number of common trends in the historic development of IS functions. These general developments
are discussed here.
29
Cf. Ahituv et al., 1989, p. 389; Zmud, 1984, p. 80. Definitions of the terms centralization, decentralization
and federal arrangements are provided in section 2.2.1.
30
Cf. Kahai et al., 2003, p. 52; Tavakolian, 1989, p. 309; Zmud et al., 1986, p. 17f.
31
Cf. Kahai et al., 2002, p. 44.
32
Cf. Kahai et al., 2002, p. 44; von Simson, 1990, p. 158.
33
Cf. Kahai et al., 2002, p. 45.
34
Cf. Kahai et al., 2002, p. 45.
35
Cf. Allen & Boynton, 1991, p. 435.
Historical developments in corporate IS functions 9

In addition, as more and more processes were supported by IT systems and interconnection
within and between companies increased, the business impact of information technology
became stronger and the strategic value of IT moved into focus.36 As IT-enabled business
processes require cooperation between the IS function and different business units,
business/IT alignment became a growing challenge.37 IT architectures should support the
business strategy and, at the same time, business strategies often depend on underlying IT
capabilities.38 Therefore, in many companies, the spectrum of tasks of the internal IS function
has broadened in recent years and shifted towards supporting the business strategy.39 Over the
time, the traditional perception of the IS function as a single homogeneous entity became
obsolete.40 Nowadays, the spectrum of tasks may range from infrastructure and application
management activities over software development and project management tasks to
relationship management and consulting activities.

Triggered by new corporate governance requirements (e.g. the Sarbanes-Oxley Act),


increasing IT controlling activities, and a growing need to justify IT expenses, recent years
have also seen a stronger structuring and professionalization of the IS function.41 In this
context, IT-internal processes and fields of activities like IT service management, IT demand
management, and IT portfolio management are subjected to a stronger formalization and
standardization. Maturity models and IT governance frameworks have emerged.42

Today, de-facto standards (also referred to as best practice reference models) like Val IT,
COBIT, and ITIL provide frameworks of reference for the structuring of IT-related tasks.43
These standards support distinct IT governance and IT management subjects at different
levels of abstraction and detail.44 However, despite the growing availability of reference
frameworks, IT governance arrangements still have to be adjusted to the given organizational
context and contingency factors need to be taken into account.45 Furthermore, organizational

36
Cf. Chan & Reich, 2007b, p. 303; Sambamurthy & Zmud, 2000, p. 106; Venkatraman, 1997, p. 51. It should
be noted that the business impact of IT is subject to controversial debates. For example, a vivid discourse has
been started by Nicholas Carr who critically discussed the future role of information technology and hinted at
the potential commodity character of hardware and software (cf. Carr, 2004).
37
Cf. C. V. Brown & Magill, 1994, p. 371.
38
Cf. Ross, 2003, p. 31.
39
Cf. Kearns & Sabherwal, 2007, p. 131.
40
Cf. Peterson, 2004, p. 9.
41
Cf. Looso & Goeken, 2010, p. 5f.
42
Cf. Simonsson et al., 2010, p. 11.
43
Cf. Looso & Goeken, 2010, p. 2f.
44
Cf. Simonsson et al., 2010, p. 11.
45
Cf. C. V. Brown & Magill, 1994.
10 IT governance

structures and strategies are subject to frequent changes.46 Therefore, IT governance


arrangements also have to be redesigned from time to time in order to cope with new external
or internal situations.47

Over the last decades, there has in particular been a trend towards outsourcing certain IT
activities in many companies.48 Especially IT infrastructure management and application
development are nowadays often provided by external service providers and offshoring
partners.49 Moreover, new forms of IT provisioning like Cloud Computing and Software as a
Service (SaaS) have led to changes in the tasks and governance arrangements of internal IS
functions.50 In consequence, some tasks like the provisioning and operation of hardware
have moved out of focus in a number of companies. However, the ability to effectively and
efficiently manage the existing IT resources whether internally or externally has remained
a fundamental requirement for contemporary IS functions.51 In order to effectively manage IT
spending and adequately address strategic objectives, IT projects have gained growing
importance in recent years.52 Consequently, the governance of IT investments via IT project
portfolio management has become a key challenge.53

Governance arrangements for IT project portfolio management are the key topic in this
dissertation, but before governance arrangements are investigated in the particular context of
IT project portfolio management, it is important to review the existing body of IT governance
research first. Thereby, a theoretical and conceptual foundation for the following chapters is
provided.

2.2 Centralization and decentralization


Historically, a huge part of information systems research has been concerned with the
positioning and structuring of the IS function. In this context, the concept of centralization
and decentralization, borrowed from organizational theory, has been widely used.54 In the
current section, the terms centralization and decentralization will be defined and general
advantages and disadvantages of both extremes will be discussed. In the following sections,

46
Cf. Nickerson & Zenger, 2002.
47
Cf. Sabherwal et al., 2001.
48
Cf. Bossert et al., 2010, p. 94.
49
Cf. Beulen et al., 2005, p. 133f.; Buxmann et al., 2013, pp. 123131.
50
Cf. Winkler & Benlian, 2012; Winkler et al., 2011.
51
Cf. Chan & Reich, 2007b, p. 336; Dutta, 1996, p. 257; Maizlish & Handler, 2005, p. 1.
52
Cf. Canonico & Sderlund, 2010, p. 796.
53
Cf. Jeffery & Leliveld, 2004, p. 41.
54
E.g. Ahituv et al., 1989; C. V. Brown & Magill, 1998; Burlingame, 1961; Ein-Dor & Segev, 1982; Kahai et
al., 2003, 2002; Olson & Chervany, 1980.
Centralization and decentralization 11

the terms will be subjected to a critical discussion and the evolution of contemporary concepts
of IT governance research will be outlined.

2.2.1 Definitions
As the terms centralization and decentralization are fundamental for the following chapters,
both terms will be defined and discussed in detail in section 2.2.1.1 in order to ensure a
concise understanding. The term federal arrangement, which is also commonly used in IT
governance research, will be defined in section 2.2.1.2.

2.2.1.1 Centralization and decentralization


Although the terms centralization and decentralization are omnipresent in IS management
literature, the search for a general definition is compounded by the fact that the terms have
been used in different contexts. In the following, a number of definitions extracted from the
existing literature will be presented. Based on these definitions, commonalities and
differences in the perception of the two terms will be discussed. The definitions will be
presented chronologically in order to demonstrate evolutions in the IS management literature.

One of the first descriptions of the concept of decentralization in IS research has been
provided by Burlingame. Burlingame uses this concept in order to characterize the impact of
advances in information technology on the future role of middle managers. Therefore, the
description applies to the company as a whole and not specifically to the IS function.55

For the purposes of our discussion, the concept of decentralization can be simply
stated. Decision-making responsibility is assigned at the lowest point in the
organization where the needed skills and competence, on the one hand, and the needed
information, on the other hand, can reasonably be brought together.56

Olson & Chervany name Centralization of Authority as one of six characteristics of the
overall organization. They examine the influence of these characteristics on the positioning of
the IS function.57 In this context, Olson & Chervany define Centralization of Authority as
follows:

55
Burlingame, 1961, p. 121.
56
Burlingame, 1961, p. 121f.
57
Olson & Chervany, 1980, p. 60.
12 IT governance

In a highly centralized company, most decisions are made at the top of the
management hierarchy. In a decentralized company, many decisions are delegated to
lower management levels.58

Tavakolian investigates the impact of the strategic orientation of the firm on the degree of
centralization of IT activities.59 In this definition, a connection between the degree of
centralization of IT activities and users responsibilities is outlined:

[] the degree of centralization of IT activities refers to the locus of responsibilities


for the IT activities. The higher the degree of centralization, the lower the users'
responsibilities.60

Kahai et al. examine the congruence between the location of resources in the IS function and
the location of decision-making rights for these resources. They perceive centralization and
decentralization as two extreme ends of a continuum. Similar to Tavakolian, they hint at the
different roles of a centralized IS function and users of IT products and services. Moreover,
Kahai et al. highlight the aspect of geographical dispersion:

At one extreme of the continuum, i.e., in a centralized environment [], resources


are located, operated, and managed exclusively by an IS group in a central location.
Any interaction of the organization's employees with the IS function is in the form of
products and services that they receive, regardless of their geographical location. At
the other extreme of the continuum, i.e., in a decentralized environment [] IS
resources are located near and operated and managed exclusively by users who are
dispersed throughout the organization. Employees make decisions about the resources
without consultation with, or input from, a central IS function [].61

Brown & Magill present a definition of the term centralization/decentralization (C/D)


solution in the context of the distribution of responsibility between a corporate IS unit and
business units with own IT personnel. They claim that this is the most common definition:62

58
Olson & Chervany, 1980, p. 60
59
Cf. Tavakolian, 1989, p. 311.
60
Tavakolian, 1989, p. 311.
61
Kahai et al., 2002, p. 45.
62
Cf. C. V. Brown & Magill, 1994, p. 373.
Centralization and decentralization 13

In a centralized solution, the IS responsibility is held totally within a centralized or


corporate IS unit. In a decentralized solution, the IS responsibility is held totally
within business units, resulting in multiple units with IS personnel dispersed
throughout a firm. 63

Peterson defines the term centralized IT governance mode. He emphasizes that the term
should not be applied to IT and IT governance in general but to the main elements in the
portfolio of IT.64

In a centralized IT governance model, corporate and senior-level executives have


decision-making authority for IT investments []65

Analogously Peterson also provides a detailed definition of a decentralized IT governance


model:

When all IT decision-making authority is allocated to different lines of business


(LoB), separate (global) business divisions (GBD), or strategic business units (SBU),
the structure is described as a completely decentralized IT governance model.66

From the former definitions it becomes obvious that the terms centralization and
decentralization are used to refer to the overall organizational context in which the IS
function is embedded, as well as to the role and structuring of the IS function itself. In this
regard, the degree of centralization of the overall organization can be understood as a
potential contingency factor for the degree of centralization of the IS function.

We also learn from the former definitions that the terms centralization and decentralization
are typically applied to the distribution of decision-making rights and responsibilities.
However, they can also relate to the distribution of resources like, for example, hardware, or
IT personnel. Kahai et al. name these two aspects of centralization/decentralization the
decision aspect and the location aspect.67 In the particular context of IT project portfolio
management governance, the main focus lies on the assignment of decision-making rights and
responsibilities concerning the available resources (like funds and IT project staff). Therefore,
when the terms centralization and decentralization are employed in this dissertation they
usually relate to the decision aspect. However, as the impact of the structuring of the overall

63
C. V. Brown & Magill, 1994, p. 373.
64
Cf. Peterson, 2004, p. 10.
65
Peterson, 2004, p. 10.
66
Peterson, 2004, p. 10.
67
Kahai et al., 2002, p. 44.
14 IT governance

organization on the governance arrangements employed for IT project portfolio management


is also investigated in the following, the location of resources will also be of interest.

From the definitions presented above, it becomes apparent that the degree of centralization of
the IS function does not only affect the IS function itself but also IT users from outside the IS
function, i.e., the different business units in the overall organization. Particularly in more
recent contributions, centralization is attributed to a strong involvement of a centralized IS
function, while decentralization is understood as a strong involvement of different business
units.68 In contemporary organizations, the IS function is often organized as a corporate-wide
center. Consequently, assigning decision-making rights to the IS function usually corresponds
to centralizing decision-making competencies.

In this context, it is important to highlight the close relationship between IT governance


research and the concept of business/IT alignment.69 Particularly in the IT project portfolio
management context, the interplay between the IS function and different business units is of
high relevance. The demand for new IT projects usually originates from various stakeholders
in different business units.70 Therefore, the degree of centralization of governance
arrangements for IT project portfolio management does not only affect the IS function but
also the business units.

2.2.1.2 Federal arrangements


Centralization and decentralization have been widely used as basic concepts in IS research.
However, already at a relatively early stage of IT governance research it has been recognized,
that these two concepts are rather extreme cases of the continuum of potential governance
arrangements. In practice, decision-making rights are often distributed to different decision
makers or decisions are jointly taken in a committee. These alternative forms of governance
have been labeled as federal arrangements or hybrid structures.

In general, federal arrangements represent a compromise between centralized and


decentralized arrangements. They involve representatives from a central authority as well as
local authorities. Originally, the term federal refers to a [] system of government in
which several states form a unity but remain independent in internal affairs.71 Similarly, in

68
Also compare Winkler et al., 2011, p. 4.
69
The concept of business/IT alignment in general will be discussed in more detail in section 2.5.
70
Cf. Chiang & Nunez, 2009, p. 104f.; Legner & Lhe, 2012, p. 3. A definition of the term IT project as it
applies to this dissertation will be introduced in section 3.2.1.1.
71
Oxford Dictionaries, 2012.
Centralization and decentralization 15

federal IT governance arrangements local units may exercise some decision-making rights
independently from the corporate center.

Already in 1986 Zmud et al. envisaged a federal government role of the IS function. In this
context, he noted the following:

In carrying out a similar federal government role [like the federal government] within
the enterprise's information economy, the information systems department cannot
dictate how business units are to handle their information processing activities. Still,
they can and must influence the actions of these business units through policies,
regulations and standards.72

Based on this description, the conflict between local and corporate IT requirements becomes
apparent. The IS function by its very nature is in a key position for bridging the gap between
the need for local autonomy and the need for coordination. The IS function should support the
local requirements of the business units but at the same time has to protect and facilitate the
efficiency and integrity of the corporate-wide IT landscape. Zmud et al. relate this
requirement to a federal government role of the IS function:

In short, this federal government role for the information systems function stresses
both the desirability of entrepreneurial information-related behaviors by business
units, as well as the need to insure that these behaviors are not detrimental to the
enterprise's information technology posture in either the short or long run.73

Brown & Magill also employ the term federal governance role to describe the relationship
between the IS organization and the business units:

Within the information economy of a firm, a federal government role is prescribed


for the central IS organization that is responsible for the transportation architecture
(processors, databases, and networks), while the business units provide information
products and services (i.e., plan, build, and run their own application systems).74

Like Zmud et al., Brown & Magill comprehend the IS function as a central instance
responsible for unit-overarching activities. Nevertheless, the role of the IS function described
by Brown & Magill significantly differs from the role described by Zmud et al.. While Zmud
et al. see the IS function as a coordinator employing policies, regulations and standards in

72
Zmud et al., 1986, p. 18.
73
Zmud et al., 1986, p. 18.
74
C. V. Brown & Magill, 1994, p. 372.
16 IT governance

order to influence and align the actions of the different units, Brown & Magill see the
responsibility of the IS function in managing a central architecture, while the business units
independently manage their own application systems. In this concept, the IS function and the
business units are responsible for separate IT-related decisions. Consequently, the two
definitions presented above demonstrate that there are different perceptions of the
configuration of federal arrangements.

In general, the emergence of the concept of federal arrangements in IT governance research


historically led to a broadening of the continuum of governance arrangements and to more
differentiated conceptualizations of IT governance arrangements in different contexts. As
pointed out by Brown & Magill, IT governance arrangements have often been described as a
tri-partite centralization/decentralization choice with a federal or hybrid structure between
the two extremes but also as a continuum of centralization/decentralization choices.75
Research in recent years, however, has taken a much deeper look into the complete spectrum
of formal and informal structures, processes, and relational mechanisms that can be used in
order to govern IT decisions.76

In practice, there are nearly unlimited options to shape IT governance arrangements.


Structures, processes, and relational mechanisms as well as rights and responsibilities of the
units involved can differ in various degrees and dimensions.77 However, in order to be able to
compare different IT governance arrangements in a research context, it is common to abstract
from the specifics and to distinguish between a limited number of prototypical arrangements.

Weill & Ross, for example, distinguish between six different general governance archetypes,
one of them being the federal archetype.78 In this context, Weill & Ross provide the following
quite general definition of the federal archetype:

Combination of the corporate center and the business units with or without IT people
involved79

As this definition demonstrates, a characteristic feature of federal arrangements is the


interplay between a centralized unit and different decentralized units. Moreover, the
relationship between the IS function and different stakeholders from the business-side is of

75
Cf. C. V. Brown & Magill, 1994, p. 373f.
76
Cf. De Haes & Van Grembergen, 2009, p. 130f.
77
Cf. De Haes & Van Grembergen, 2009, p. 123; Sambamurthy & Zmud, 2000, p. 107; Weill & Ross, 2004, pp.
85116.
78
Cf. Weill & Ross, 2004, p. 12.
79
Weill & Ross, 2004, p. 12.
http://www.springer.com/978-3-658-05660-5

You might also like