Information Technology Reference
In-Depth Information
who are not committing with the legal obligations
(Sarbanes-Oxley 2002). But the definitively com-
mitment with corporate governance was due to the
publication of the OECD Principles of Corporate
Governance in 1999, updated in 2004 (OCDE
1999; OCDE 2004).
IT governance is the discipline of corporate
governance that covers information and IT assets
on the organization (Weill 2003). IT governance
is focusing on the way these assets are managed,
organized and controlled to provide the maximum
value to the organization. And this process of gov-
erning IT should be done by integrating IT into the
business strategy, with an efficient management
of the IT resources, and minimizing the risks;
complemented by constantly monitoring the busi-
ness and IT goals. Although widely accepted from
the IT perspective, the concept of IT governance
as a discipline of corporate governance is now
accepted from on the recent codes for corporate
governance (Africa 2009).
Researchers and practitioners have been work-
ing on IT governance, and different frameworks
have been defined to implement and manage IT
governance on companies and organizations:
COBIT version 4.1 (ITGovernanceInstitute 2007),
the framework defined by the CISR (Weill 2003;
Ross 2006); the structures, processes and relational
mechanisms (Van Grembergen 2004). And more
recently the ISO 38.500 standard (ISO 2008),
and other frameworks based on this standard,
such as Calder-Moir (Calder 2007). One the other
hand, other organizations are developing their
frameworks considering this standard and other
perspectives (d'Information 2005).
However, the different frameworks have been
more focused on big organizations, and there is no
research that deals with the specific particularities
of the medium and small companies. Also, there
is no research so far that covers the status of IT
Governance on the Spanish organizations.
This chapter will do an approach to know the
status of IT Governance in the Spanish organiza-
tions, particularly on SMOs, identify the status
of IT governance mechanisms, and set the basis
to define best practices for this type of organiza-
tions. This chapter describes the work done so
far by the authors, which consists basically on
two different research projects, which are based
on questionnaires and interviews with managers
of Spanish SMOs.
froM it goVernAnce to
corporAte goVernAnce
The conception of IT governance as a discipline
of IT governance was done in two steps. The
first consisted in separate the operation of the
company to the agenda issue, and then should
consider elements such as business strategy, value
creation and resource utilization. This was done
the first time on the report of CIMA (CIMA 2003).
Corporate governance is divided in two different
areas: corporate governance itself (that covers the
conformance issues and the relationship between
shareholders and managers) and business gover-
nance, focused on managing the business, on a
strategic and tactical view.
The second step was to identify the differ-
ent assets that are related to the operation of the
company. This is done by Weill and Ross (Weill
2003), who identified six assets that a company
should govern: human and financial resources,
physical assets, intellectual property, relationships
and, finally, IT and information(Figure 3).
This establishes the basis for IT governance
as a discipline itself, integrated in the corporate
governance. As seen in the figure, IT governance
is not to be managed by the senior executive team;
as a corporate discipline emanates from (and
should be directed and controlled by) the board
it goVernAnce
Researches and practitioners have analyzed IT
governance in different ways. From a theoretical
Search WWH ::
Custom Search