2 IT Governance - Structures, Processes, and Relationships in IT Decision-Making
2 IT Governance - Structures, Processes, and Relationships in IT Decision-Making
2 IT Governance - Structures, Processes, and Relationships in IT Decision-Making
decision-making
In this chapter, major developments concerning the structuring and organization of the IS
function will be discussed and the existing body of IT governance research will be presented
in brief. As IT project portfolio management is embedded into a wider organizational context,
it is vital to consider IT governance from a broad perspective when investigating
organizational requirements for IT project portfolio management.
27
This is in accordance with the predominant use of the term in the relevant literature.
The early days of IT were characterized by large mainframe systems providing computational
resources for the entire company. Accordingly, corporate IS functions offered central services
and, therefore, were usually centralized to a large degree.29 When, at the beginning of the
1980s, minicomputers became available and, later, personal computers were introduced,
computational resources became more and more dispersed to decentralized units in many
companies.30 This in parallel led to a stronger decentralization of IS functions as local units
required local IT support for their information systems.31
Since the mid-1980s, rapidly falling prices for computer equipment and growing
computational performance lead to a fast adoption of information technology, but at the same
time resulted in rather chaotic system landscapes. In turn, many companies began to
recentralize their IS function.32 However, at this time, new forms of centralization emerged
that differed significantly from the kind of centralization in IS functions observable during the
initial phase.33 As IT became more pervasive in most companies the role of IS functions
changed. While in the 1960s and 1970s decisions about IT resources were made at the
locations where these resources resided, this was not necessarily the case anymore in the
1990s. Consequently, new governance arrangements for IT emerged. These were
characterized by centralized control over decentralized resources and coordination through
standardization.34
Due to technical and organizational innovations, the IS functions over time became
responsible for new fields of activities. In many companies, decentralized decision-making
had led to complex system landscapes causing huge operational costs. In order to simplify
these system landscapes and to provide for flexibility at the same time, IS architecture
management became an important task of the IS function.35
28
Although the developments in corporate IS functions certainly differ from company to company, there have
been a number of common trends in the historic development of IS functions. These general developments
are discussed here.
29
Cf. Ahituv et al., 1989, p. 389; Zmud, 1984, p. 80. Definitions of the terms centralization, decentralization
and federal arrangements are provided in section 2.2.1.
30
Cf. Kahai et al., 2003, p. 52; Tavakolian, 1989, p. 309; Zmud et al., 1986, p. 17f.
31
Cf. Kahai et al., 2002, p. 44.
32
Cf. Kahai et al., 2002, p. 44; von Simson, 1990, p. 158.
33
Cf. Kahai et al., 2002, p. 45.
34
Cf. Kahai et al., 2002, p. 45.
35
Cf. Allen & Boynton, 1991, p. 435.
Historical developments in corporate IS functions 9
In addition, as more and more processes were supported by IT systems and interconnection
within and between companies increased, the business impact of information technology
became stronger and the strategic value of IT moved into focus.36 As IT-enabled business
processes require cooperation between the IS function and different business units,
business/IT alignment became a growing challenge.37 IT architectures should support the
business strategy and, at the same time, business strategies often depend on underlying IT
capabilities.38 Therefore, in many companies, the spectrum of tasks of the internal IS function
has broadened in recent years and shifted towards supporting the business strategy.39 Over the
time, the traditional perception of the IS function as a single homogeneous entity became
obsolete.40 Nowadays, the spectrum of tasks may range from infrastructure and application
management activities over software development and project management tasks to
relationship management and consulting activities.
Today, de-facto standards (also referred to as best practice reference models) like Val IT,
COBIT, and ITIL provide frameworks of reference for the structuring of IT-related tasks.43
These standards support distinct IT governance and IT management subjects at different
levels of abstraction and detail.44 However, despite the growing availability of reference
frameworks, IT governance arrangements still have to be adjusted to the given organizational
context and contingency factors need to be taken into account.45 Furthermore, organizational
36
Cf. Chan & Reich, 2007b, p. 303; Sambamurthy & Zmud, 2000, p. 106; Venkatraman, 1997, p. 51. It should
be noted that the business impact of IT is subject to controversial debates. For example, a vivid discourse has
been started by Nicholas Carr who critically discussed the future role of information technology and hinted at
the potential commodity character of hardware and software (cf. Carr, 2004).
37
Cf. C. V. Brown & Magill, 1994, p. 371.
38
Cf. Ross, 2003, p. 31.
39
Cf. Kearns & Sabherwal, 2007, p. 131.
40
Cf. Peterson, 2004, p. 9.
41
Cf. Looso & Goeken, 2010, p. 5f.
42
Cf. Simonsson et al., 2010, p. 11.
43
Cf. Looso & Goeken, 2010, p. 2f.
44
Cf. Simonsson et al., 2010, p. 11.
45
Cf. C. V. Brown & Magill, 1994.
10 IT governance
Over the last decades, there has in particular been a trend towards outsourcing certain IT
activities in many companies.48 Especially IT infrastructure management and application
development are nowadays often provided by external service providers and offshoring
partners.49 Moreover, new forms of IT provisioning like Cloud Computing and Software as a
Service (SaaS) have led to changes in the tasks and governance arrangements of internal IS
functions.50 In consequence, some tasks like the provisioning and operation of hardware
have moved out of focus in a number of companies. However, the ability to effectively and
efficiently manage the existing IT resources whether internally or externally has remained
a fundamental requirement for contemporary IS functions.51 In order to effectively manage IT
spending and adequately address strategic objectives, IT projects have gained growing
importance in recent years.52 Consequently, the governance of IT investments via IT project
portfolio management has become a key challenge.53
Governance arrangements for IT project portfolio management are the key topic in this
dissertation, but before governance arrangements are investigated in the particular context of
IT project portfolio management, it is important to review the existing body of IT governance
research first. Thereby, a theoretical and conceptual foundation for the following chapters is
provided.
46
Cf. Nickerson & Zenger, 2002.
47
Cf. Sabherwal et al., 2001.
48
Cf. Bossert et al., 2010, p. 94.
49
Cf. Beulen et al., 2005, p. 133f.; Buxmann et al., 2013, pp. 123131.
50
Cf. Winkler & Benlian, 2012; Winkler et al., 2011.
51
Cf. Chan & Reich, 2007b, p. 336; Dutta, 1996, p. 257; Maizlish & Handler, 2005, p. 1.
52
Cf. Canonico & Sderlund, 2010, p. 796.
53
Cf. Jeffery & Leliveld, 2004, p. 41.
54
E.g. Ahituv et al., 1989; C. V. Brown & Magill, 1998; Burlingame, 1961; Ein-Dor & Segev, 1982; Kahai et
al., 2003, 2002; Olson & Chervany, 1980.
Centralization and decentralization 11
the terms will be subjected to a critical discussion and the evolution of contemporary concepts
of IT governance research will be outlined.
2.2.1 Definitions
As the terms centralization and decentralization are fundamental for the following chapters,
both terms will be defined and discussed in detail in section 2.2.1.1 in order to ensure a
concise understanding. The term federal arrangement, which is also commonly used in IT
governance research, will be defined in section 2.2.1.2.
One of the first descriptions of the concept of decentralization in IS research has been
provided by Burlingame. Burlingame uses this concept in order to characterize the impact of
advances in information technology on the future role of middle managers. Therefore, the
description applies to the company as a whole and not specifically to the IS function.55
For the purposes of our discussion, the concept of decentralization can be simply
stated. Decision-making responsibility is assigned at the lowest point in the
organization where the needed skills and competence, on the one hand, and the needed
information, on the other hand, can reasonably be brought together.56
Olson & Chervany name Centralization of Authority as one of six characteristics of the
overall organization. They examine the influence of these characteristics on the positioning of
the IS function.57 In this context, Olson & Chervany define Centralization of Authority as
follows:
55
Burlingame, 1961, p. 121.
56
Burlingame, 1961, p. 121f.
57
Olson & Chervany, 1980, p. 60.
12 IT governance
In a highly centralized company, most decisions are made at the top of the
management hierarchy. In a decentralized company, many decisions are delegated to
lower management levels.58
Tavakolian investigates the impact of the strategic orientation of the firm on the degree of
centralization of IT activities.59 In this definition, a connection between the degree of
centralization of IT activities and users responsibilities is outlined:
Kahai et al. examine the congruence between the location of resources in the IS function and
the location of decision-making rights for these resources. They perceive centralization and
decentralization as two extreme ends of a continuum. Similar to Tavakolian, they hint at the
different roles of a centralized IS function and users of IT products and services. Moreover,
Kahai et al. highlight the aspect of geographical dispersion:
58
Olson & Chervany, 1980, p. 60
59
Cf. Tavakolian, 1989, p. 311.
60
Tavakolian, 1989, p. 311.
61
Kahai et al., 2002, p. 45.
62
Cf. C. V. Brown & Magill, 1994, p. 373.
Centralization and decentralization 13
Peterson defines the term centralized IT governance mode. He emphasizes that the term
should not be applied to IT and IT governance in general but to the main elements in the
portfolio of IT.64
From the former definitions it becomes obvious that the terms centralization and
decentralization are used to refer to the overall organizational context in which the IS
function is embedded, as well as to the role and structuring of the IS function itself. In this
regard, the degree of centralization of the overall organization can be understood as a
potential contingency factor for the degree of centralization of the IS function.
We also learn from the former definitions that the terms centralization and decentralization
are typically applied to the distribution of decision-making rights and responsibilities.
However, they can also relate to the distribution of resources like, for example, hardware, or
IT personnel. Kahai et al. name these two aspects of centralization/decentralization the
decision aspect and the location aspect.67 In the particular context of IT project portfolio
management governance, the main focus lies on the assignment of decision-making rights and
responsibilities concerning the available resources (like funds and IT project staff). Therefore,
when the terms centralization and decentralization are employed in this dissertation they
usually relate to the decision aspect. However, as the impact of the structuring of the overall
63
C. V. Brown & Magill, 1994, p. 373.
64
Cf. Peterson, 2004, p. 10.
65
Peterson, 2004, p. 10.
66
Peterson, 2004, p. 10.
67
Kahai et al., 2002, p. 44.
14 IT governance
From the definitions presented above, it becomes apparent that the degree of centralization of
the IS function does not only affect the IS function itself but also IT users from outside the IS
function, i.e., the different business units in the overall organization. Particularly in more
recent contributions, centralization is attributed to a strong involvement of a centralized IS
function, while decentralization is understood as a strong involvement of different business
units.68 In contemporary organizations, the IS function is often organized as a corporate-wide
center. Consequently, assigning decision-making rights to the IS function usually corresponds
to centralizing decision-making competencies.
68
Also compare Winkler et al., 2011, p. 4.
69
The concept of business/IT alignment in general will be discussed in more detail in section 2.5.
70
Cf. Chiang & Nunez, 2009, p. 104f.; Legner & Lhe, 2012, p. 3. A definition of the term IT project as it
applies to this dissertation will be introduced in section 3.2.1.1.
71
Oxford Dictionaries, 2012.
Centralization and decentralization 15
federal IT governance arrangements local units may exercise some decision-making rights
independently from the corporate center.
Already in 1986 Zmud et al. envisaged a federal government role of the IS function. In this
context, he noted the following:
In carrying out a similar federal government role [like the federal government] within
the enterprise's information economy, the information systems department cannot
dictate how business units are to handle their information processing activities. Still,
they can and must influence the actions of these business units through policies,
regulations and standards.72
Based on this description, the conflict between local and corporate IT requirements becomes
apparent. The IS function by its very nature is in a key position for bridging the gap between
the need for local autonomy and the need for coordination. The IS function should support the
local requirements of the business units but at the same time has to protect and facilitate the
efficiency and integrity of the corporate-wide IT landscape. Zmud et al. relate this
requirement to a federal government role of the IS function:
In short, this federal government role for the information systems function stresses
both the desirability of entrepreneurial information-related behaviors by business
units, as well as the need to insure that these behaviors are not detrimental to the
enterprise's information technology posture in either the short or long run.73
Brown & Magill also employ the term federal governance role to describe the relationship
between the IS organization and the business units:
Like Zmud et al., Brown & Magill comprehend the IS function as a central instance
responsible for unit-overarching activities. Nevertheless, the role of the IS function described
by Brown & Magill significantly differs from the role described by Zmud et al.. While Zmud
et al. see the IS function as a coordinator employing policies, regulations and standards in
72
Zmud et al., 1986, p. 18.
73
Zmud et al., 1986, p. 18.
74
C. V. Brown & Magill, 1994, p. 372.
16 IT governance
order to influence and align the actions of the different units, Brown & Magill see the
responsibility of the IS function in managing a central architecture, while the business units
independently manage their own application systems. In this concept, the IS function and the
business units are responsible for separate IT-related decisions. Consequently, the two
definitions presented above demonstrate that there are different perceptions of the
configuration of federal arrangements.
Weill & Ross, for example, distinguish between six different general governance archetypes,
one of them being the federal archetype.78 In this context, Weill & Ross provide the following
quite general definition of the federal archetype:
Combination of the corporate center and the business units with or without IT people
involved79
75
Cf. C. V. Brown & Magill, 1994, p. 373f.
76
Cf. De Haes & Van Grembergen, 2009, p. 130f.
77
Cf. De Haes & Van Grembergen, 2009, p. 123; Sambamurthy & Zmud, 2000, p. 107; Weill & Ross, 2004, pp.
85116.
78
Cf. Weill & Ross, 2004, p. 12.
79
Weill & Ross, 2004, p. 12.
http://www.springer.com/978-3-658-05660-5