IT Governance
Content
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0968-5227.htm
IMCS
21,4
228
Received 3 August 2012
Revised 7 December 2012
29 January 2013
11 February 2013
Accepted 13 February 2013
Applying IT governance balanced
scorecard and
importance-performance analysis
for providing IT governance
strategy in university
Kallaya Jairak and Prasong Praneetpolgrang
Information Science Institute, Sripatum University, Bangkok, Thailand
Abstract
Purpose – The purpose of this paper is to identify the current situation and the future improvement
for IT governance and controls in developing country like Thailand.
Design/methodology/approach – Thai universities were selected and used as subjects for
capturing the perception of IT executives on IT governance performance measures. In the first step, a
global IT governance perspective was drawn from the literature review. In the second step, the
important-performance analysis was applied to the metrics of IT governance balanced scorecard with
collected survey data from 64 IT executives.
Findings – From a global perspective, the critical points that need to be concerned before
implementing IT governance have been illustrated. From a regional perspective, the paper generated
the strategic IT governance guidance for Thai universities.
Practical implications – This paper is beneficial for chief information officers, executive managers,
IT managers, and academics. They will gain more knowledge and understanding about the mixed
method of using metrics in IT governance balanced scorecard and importance-performance analysis in
order to identify the current situation of IT governance and controls in their organizations.
Additionally, the practical idea with this method can be applied to draw IT governance strategy in
their contexts.
Originality/value – This paper specifies the critical points and directions of IT governance for Thai
universities. The analysis covers global and regional viewpoints. This paper also provides the method
for applying IT governance balanced scorecard metrics and importance-performance analysis to
contribute IT governance strategy.
Keywords IT governance, IT governance balanced scorecard, Importance-performance analysis,
Thai universities
Paper type Research paper
Information Management &
Computer Security
Vol. 21 No. 4, 2013
pp. 228-249
q Emerald Group Publishing Limited
0968-5227
DOI 10.1108/IMCS-08-2012-0036
1. Introduction
Information technology (IT) has become a vital and integral part of many business
activities. The pervasive use of IT in many organizations brings IT governance to
become a more significant issue. After the concept of IT governance emerged in the
early 1990s, specialists and academics have attempted to clarify how to ensure the
value of aggressive action on IT governance (Van Grembergen and De Haes, 2010).
This curious question has been examined in a series of research projects during the
period 1999-2003 by Weill and Ross (2004). They have found a relationship between
corporate performance and proactive tuning for IT governance. The finding also
revealed that when the organizations performed proactive support for IT governance,
they could generate up to 20 percent more profit than organizations with poor support.
Van Grembergen and De Haes (2010) also clearly illustrated that IT governance should
be an integral part of corporate governance.
Principles of IT governance cover risk management, information security, service
quality, IT resources management and business/IT alignment. Ideally, risk
management and information security should be combined and closely examined. It
can be identified that information security governance (ISG) is a part of IT governance.
Nowadays, IT governance and ISG are controlled by a variety of practices such as
ISO/IEC 38500, ISO/IEC 27001, COBIT, and ITIL. However, COBIT is now accepted as
the preferred framework for IT governance. Currently, COBIT is at version 5.0 and
introduced as a single integrated framework for IT governance.
Due to a variety of standards and frameworks, organizations will need to decide
which approach is suitable for them. After many years of performing the insight case
studies on IT governance, Van Grembergen and De Haes (2010) have identified that the
successful implementation of IT governance is caused by the fine tuning of linkage for
structures, processes, and relational mechanisms within the organization itself. This
important finding expands our knowledge in order to understand that there is no silver
bullet solution for IT governance scenario. Different organizations need different
solutions for IT governance. The best practice from one place can become the bad one
in other places, especially when expanded and implemented under the different
conditions. For example, companies in developing countries that lack of adequate
industrial infrastructure are not able to jump into the technological dependence era to
stand at the same level as companies in developed countries. Therefore, the best
practice contributed from developed countries should be analyzed properly before
implementing in developing countries (Ferran, 2006). In the same manner, IT
governance implementation in developing countries needs a holistic approach to
support the complex mix of political, organizational, technical, and cultural concerns in
each country (Nfuka and Rusu, 2010).
The idea of trial and error to find the proper solution causes a waste of budget, time,
and workforce. Therefore, it is essential for an organization to clearly understand its
current situation of IT governance performance before taking any other action on IT
governance. Moreover, many organizations often ignore the planning of how to
implement IT governance. That will directly lead to an increased risk in many forms,
especially for stakeholder resistance. Those problems can also cause the failure of IT
governance implementation. Therefore, the purpose of this paper is to identify the
current situation and the future improvement for IT governance and controls in a
developing country like Thailand. We have limited our scope to select only the
universities in Thailand as the subjects of this study. By applying the metrics of IT
governance balanced scorecard (BSC) with importance-performance analysis (IPA), we
expect to provide the new insight for IT governance issue for Thai universities.
The research questions of this paper are:
RQ1. What are the important issues to take into consideration before implementing
IT governance?
RQ2. What is the current situation of IT governance performance in Thai
universities?
IT governance
balanced
scorecard
229
IMCS
21,4
230
RQ3. What is the proper IT governance strategy for Thai universities?
The objectives of this study are two-fold. First, we aim to examine the current trend of
research studies on IT governance and university IT governance from global
perspectives. Consequently, the information obtained from the first objective will
illustrate the direction of IT governance and controls that can be applied at regional
levels. Second, we aim to clarify the actual practice of IT governance in the university
and specify an IT governance strategy for Thai universities. Apart from the
introduction, this paper covers IT governance literature in Section 2, research
methodology in Section 3, the results and discussion in Sections 4 and 5, respectively,
and lastly, the conclusions in Section 6.
2. Literature review
2.1 Principles of IT governance
There are many diverse definitions of IT governance. Lee and Lee (2009) attempted to
classify them into three perspectives. First, based on decision rights and
accountabilities, IT governance is defined as:
[. . .] the decision-making in the IT domain, focusing on the distribution of decision rights and
accountabilities (or responsibilities) for the effective use of IT resources.
Second, from business/IT alignment perspective, IT governance is defined as:
[. . .] The activities to maximize business value through bringing about business/IT
alignment. In achieving this goal, business/IT strategies should emphasize the effective
control of resources, performance management, and risk management.
Third, based on structures and processes, IT governance is defined as:
[. . .] the responsibility of company executives and the board of directors, referring inclusively
to the leadership, organizational structures and processes ensuring that enterprises’ IT
sustains organizations strategies and objectives.
In addition, Gheorghe (2006) also suggested that IT governance principal objectives
should be focused on:
.
aligning IT activities with enterprise action plan;
.
exploiting opportunities and maximizing benefits from IT resources; and
.
managing IT risks efficiently.
These valuable references can lead us to conclude that the purpose of IT governance is
to clarify roles and responsibilities from the board to supplement IT activities in action
for balancing value and risk of IT assets. To achieve this goal, the continual action
should be leveraged across five key areas: business/IT alignment, value delivery, risk
management, resource management, and performance management (Gheorghe, 2006;
Lee and Lee, 2009; Nfuka and Rusu, 2010). According to the above definitions, we can
explain that IT governance could be employed in the principle, policy, process or the
activities that the organization specifies. Its objective is to control decision-making for
investment and effective IT utilization. The effectiveness covers the appropriate and
transparent appointment of executives’ roles and duties, business/IT strategy
alignment, good internal control systems or processes, balancing between the values
and the risks from IT investment, risk and security management, and the IT policies or
strategies that affect an organization’s sustainability.
2.2 IT governance research
We surveyed many research papers relating to IT governance subjects that are
published online. The investigated databases included IEEE, ACM, Science Direct and
SCOPUS. The keyword we used was “IT governance”. Later on, we carefully
considered the key issues and categorized them into five categories:
(1) IT governance implementation.
(2) IT governance framework development and guideline.
(3) Critical success factors and enablers of IT governance.
(4) Business/IT alignment.
(5) Prediction model and decision support system for IT governance.
IT governance
balanced
scorecard
231
The source of literature on IT governance research is provided in Table I and the
details of each category are described in the following subsections.
2.2.1 IT governance implementation. Prior research in this category has examined a
wide range of businesses including: financial services (Peterson, 2001), oil and gas
business (Schwarz and Hirschheim, 2003), assurance (De Haes and Van Grembergen,
2006), public sector (Bhattachariya and Chang, 2007; Sahraoui, 2009; Maidin and
Arshad, 2010), semiconductor business (Park et al., 2006), and small- and medium-sized
enterprise (Cai and Yu, 2009). After reviewing the consideration points for all cases, we
have realized that the concept of IT governance cannot occur in a vacuum, but should
begin as a journey inspired by executive boards. Sohal and Fitzpatrick (2002) also noted
Research focus area
Authors
IT governance implementation
Peterson (2001), Sohal and Fitzpatrick (2002),
Schwarz and Hirschheim (2003), Ridley et al.
(2004), De Haes and Van Grembergen (2006),
Bowen et al. (2007), Bhattachariya and Chang
(2007), Tu and Zhang (2008), Park et al. (2006),
Sahraoui (2009), Cai and Yu (2009), Maidin and
Arshad (2010)
IT governance framework development and
Ribbers et al. (2002), Fairchild (2004), Sherer
guideline
(2004), Brown and Grant (2005), De Oliveira
Alves et al. (2006), Larsen et al. (2006), Salle´ and
Di-Vitantonio (2006), Lee et al. (2009), Nassiri et al.
(2009), Afzali et al. (2010), Baka and Aziz (2010)
IT governance impact
Peterson and Fairchild (2003), Fink and Ploder
(2008), Lunardi et al. (2009), Nfuka et al. (2009),
Krey et al. (2010), Prasad et al. (2010)
Business/IT alignment
Cumps et al. (2006), Samanta (2007), Silva and
Chaix (2008), Beimborn et al. (2009), Cumps et al.
(2009), Chen (2010), Hosseinbeig et al. (2011)
Prediction model and decision support system for Fasanghari et al. (2008), Simonsson et al. (2008a, b),
IT governance
Xiao-Wen et al. (2009)
Table I.
Summary of research on
IT governance
IMCS
21,4
232
that top management commitment to IT is the primary cause for their organizations to
achieve a competitive advantage from their IT. In order to achieve a better interaction
between IT and business, the rigid form of IT structure should embrace a more social
and dynamic form (Schwarz and Hirschheim, 2003). Weill and Ross (2004) stated that
identifying the decision rights and accountability from the board can encourage
desirable behavior in using IT. After the roles and responsibilities have been committed,
organizations can embrace the solution for IT governance framework. A well balanced
mix of structures, processes, and relational mechanisms will enable better IT
governance outcomes (De Haes and Van Grembergen, 2006). Based on the review of IT
governance implementation research, we can infer that IT governance implementation
is concerned not only with well-established IT governance framework, but also with
well-communicated IT strategy and policy from the board (Bowen et al., 2007).
2.2.2 IT governance framework development and guideline. The research in this
category has mainly focused on providing a hybrid structure of framework or
guideline based on widely accepted industry standards or existing
concepts/frameworks. For example, De Oliveira Alves et al. (2006) proposed a single
framework for implementing ISG that developed from the integration of BSC, COBIT,
and ISO/IEC 27001; Larsen et al. (2006) unfolded the potential of existing IT
governance framework at a single case of biotech-based company; and Afzali et al.
(2010) applied the concept of COBIT and Val IT 2.0 to provide a broader framework for
IT governance. Nevertheless, there is no universal IT governance structure for IT
governance framework. The hybrid structure and processes are required for
developing a flexible environment for sustaining value through business/IT
engagement (Brown and Grant, 2005; Ribbers et al., 2002). In summary, the focus
area of IT governance research on framework development and guideline is still reliant
on the organizational context. Furthermore, focusing only on IT governance tools and
frameworks are insufficient for governing IT effectively (Ribbers et al., 2002).
2.2.3 Critical success factors and enablers of IT governance. For critical success
factors and enablers of IT governance, Fink and Ploder (2008) found that more
stakeholder involvement, employee integration, business process improvement, and
flexibility of the IT infrastructure are critical success factors for the use of IT governance
framework. Prasad et al. (2010) also found that effective commitment from top
management drives capabilities to manage IT resources, and also improves internal
process-level performance. Nevertheless, the widely adopted framework cannot
guarantee the success of IT governance implementation. The organizations should
appraise existing framework or best practices with their organizational processes before
adoption (Krey et al., 2010). For IT governance adoption in developing nation (Tanzania),
Nfuka et al. (2009) highlighted that the problems with IT governance in public sector are
lack of a specific IT strategic plan, lack of clear roles and responsibilities, inadequate
follow-up and enforcement mechanisms, lack of IT governance awareness, inadequate
budget, and lack of IT professional skills. In summary, the research in this category
commonly reflects the issues of logical coherence for implementing IT governance into
the organizational context.
2.2.4 Business/IT alignment. For business/IT alignment, the strategic key for
business/IT alignment is to ensure that business can gain a competitive advantage
through IT spending. Many studies in this category conducted a survey to determine the
pattern that organizations apply to achieve an optimal level for business/IT alignment
(Cumps et al., 2006, 2009; Beimborn et al., 2009; Chen, 2010; Hosseinbeig et al., 2011).
Additionally, many of articles also referred to strategic alignment maturity (SAM)
framework (Cumps et al., 2006; Samanta, 2007; Chen, 2010; Hosseinbeig et al., 2011).
SAM is used to evaluate the maturity of organizational strategy selection and alignment
activities. The organizations can utilize SAM to identify the current stage of business/IT
alignment and the goal setting for improving alignment. Research focusing on
business/IT alignment has been advanced in the development of models/frameworks
based on existing models/frameworks to support organizations for improving their
business/IT relationships.
2.2.5 Prediction model and decision support system for IT governance. For prediction
model and decision support system, Fasanghari et al. (2008) applied K-means analysis
for clustering available IT governance tools and standards. Simonsson et al. (2008a, b)
applied Bayesian network with decision support tool for predicting IT governance
performance. Xiao-Wen et al. (2009) developed a prototype decision supporting system
for IT governance planning. The research in this topic area has focused on the
development of automatic tool for encouraging IT governance prediction and decision
support.
After reviewing the focal point for each area of IT governance research, we have
gained knowledge and insights on IT governance that can be summarized as follows:
.
IT governance cannot occur in a vacuum, but should begin as a journey inspired
from the board;
.
focusing only on IT governance tools and frameworks are insufficient for
governing IT effectively;
.
the organizations should appraise existing frameworks or best practices with
their internal IT processes before adoption; and
.
the prediction model and decision support system are still a relatively young area
of IT governance research.
2.3 IT governance in universities
Even if researchers have conducted many frameworks relevant to IT governance, there
are a limited number of university-oriented IT governance frameworks. The situation of
IT governance implementation in practice within universities was not much different from
other industries. We have not found a single solution that can be applied at every
university. The solution has drastically changed from one campus to another. In 2007,
Bhattachariya and Chang (2007) stated that while institutions have to deal with low
staffing levels, this time is not suitable for adopting industry best practices. Each
institution can establish its own best practice that link to business needs and available
resources. In 2007, Joint Information Systems Committee (JISC, 2007) funding for the
University of Strathclyde to develop the flexible framework and self-assessment tool that
facilitate higher education institutions in the UK to identify the areas of improvement for
their IT resources. Based on the JISC model and ISO/IEC 38500:2008 (Standard for
Corporate Governance of IT), Martı´nez and Largo (2009), developed a university-oriented
IT governance framework (ITG4U) for the Spanish Association of University Rectors in
Spain that enable each university to reach a higher IT governance maturity level.
In Thailand, the whole university system is governed by the Office of the Higher
Education Commission (OHEC) and the Office for National Education Standards and
IT governance
balanced
scorecard
233
IMCS
21,4
234
Quality Assessment (ONESQA). The role of the OHEC is to maintain the internal
quality assurance in each university, while the control of external quality assurance
among Thai universities is responsible for the ONESQA. Both of theses two
organizations have the same vision to create the appropriate quality assurance system
for Thai universities. Based on the OHEC and the ONESQA approaches, we have
found many indicators for measuring university performance. However, there seems to
be a lack of IT governance indicators. Furthermore, IT governance indicators are not
mentioned in educational ICT master plan for higher education. To the best of our
knowledge, we have not found IT governance research conducted for Thai universities.
Therefore, this study is one of the few attempts to investigate the current situation of
Thai universities’ IT governance adoption.
2.4 IT governance BSC
The BSC, which was first described in the early 1990s, has become widely accepted for
evaluating business performance at the enterprise level (Cobbold and Lawrie, 2002).
Shifting the focus from traditional financial evaluation to stakeholders-based
evaluation, BSC combines financial measures and non-financial measures in a single
report. In addition to financial measures, BSC employs three other perspectives for
measuring customer satisfaction, internal processes, and future vision. With BSC,
organizations are able to create a linkage between short-term financial measures and
future growth (Kaplan and Norton, 1996).
Drawing from BSC, IT governance BSC is developed for assessing how well
organizations are performing IT governance. IT governance BSC is not only performed
as a measurement system for IT governance processes, but it can also demonstrate
cause and effect relationships between perspectives. Figure 1 shows the cause and
effect relationships among each perspective. The future orientation perspective can
improve the level of operational excellence perspective. The operational excellence
perspective can improve the level of stakeholder perspective. And lastly, the
stakeholder perspective can improve the level of corporate contribution perspective
(Van Grembergen, 2005).
The scope of each perspective in IT governance BSC can be described as follows.
First, the corporate contribution perspective measures the performance of IT
governance processes for ensuring that business can achieve maximum profit from IT
while reducing risk at a reasonable point. Second, the objectives of the stakeholder
Enables
Stakeholders
“Enhancing stakeholders’
satisfaction/needs and ensuring
legal/ethical compliance”
Figure 1.
IT governance BSC
perspectives and their
cause and effect
relationships
Corporate Contribution
“Ensuring maximum profit
through IT and reducing risk
at a reasonable point”
IT Governance
Cause
Effect
Future Orientation
“Building the foundations of
skills, knowledge, and
IT/business partnership for
IT governance delivery”
Operational Excellence
Enables
“Identifying the maturity of
IT governance structures
and processes”
Enables
perspective are to measure stakeholder satisfaction, management of stakeholder needs,
and legal/ethical compliance. Third, the operation excellence perspective identifies the
maturity of IT governance structures and processes. Lastly, the future orientation
perspective is designed to measure the foundations of skills, knowledge, and
IT/business partnership for IT governance delivery (Van Grembergen, 2005).
Abu-Musa (2007) revised IT governance BSC to explore the current performance of
IT governance in developing country (Saudi Arabia). The revised version of IT
governance BSC consists of five dimensions as follows:
(1) organization contribution;
(2) user orientation;
(3) operational excellence;
(4) future orientation; and
(5) environmental perspective.
IT governance
balanced
scorecard
235
Of the 500 questionnaires distributed to participants in Saudi organizations, the valid
and usable questionnaires were 24.2 percent response rate. The results reveal that a
vast majority of respondents are aware of the importance of IT governance
performance measures. Furthermore, the results also provide evidence that IT
governance BSC has been currently adopted from many Saudi organizations to track
the IT governance performance across the five dimensions.
The instrument of IT governance BSC introduced by Abu-Musa (2007) that
conducted in the developing country context is in line with our objective to explore IT
governance performance in developing nations like Thailand. For preliminary
investigation, we applied four dimensions of IT governance BSC to evaluate the
current situation of IT governance performance in Thai universities. Figure 2 shows
the applied IT governance BSC that perform for our study.
Corporate Contribution
•
•
•
•
•
Align IT with business objectives
Deliver value
Manage costs
Manage risks
Achieve inter-organization synergies
Stakeholder Orientation
•
•
•
•
Stakeholder satisfaction
Demonstrate competitive costs
Delivery good service
Develop good service
IT Governance
Future Orientation
• Attract and retain people with key competencies
• Focus on professional learning and development
• Build a climate of empowerment and
responsibility
• Measure/reward individual and team performance
• Capture knowledge to improve performance
synergies
Operational Excellence
• Mature internal IT processes
• Manage operational service performance
• Achieve economies of scale
• Build standard, reliable technology platforms
• Deliver successful IT Projects
• Understand business unit strategies
• Propose and validate enabling solutions
• Understand emerging technologies
• Develop organization architecture
Figure 2.
Applied IT governance
BSC
IMCS
21,4
236
2.5 The important-performance analysis
Martilla and James (1977) first introduced the IPA method which has been widely used
for developing and improving strategy in marketing research (Martilla and James,
1977). IPA can be used to analyze the operational strategy for prioritizing competitive
criteria among product/service attributes. Based on IPA concept, a series of
paired-sample t-test are performed to evaluate the mean difference between
performance score and importance score (Levenburg and Magal, 2004). Then, the
results are plotted graphically with performance on the x-axis and importance on the
y-axis. IPA have been applied to classify and prioritize attributes in improving services
for many industries such as tourism (Chu and Tat, 2000; Hudson et al., 2004), health
care (Hawes and Rao, 1985; Miranda, 2010; Yavas and Shemwell, 2001), bank
( Joseph et al., 2005; Ibrahim et al., 2006), education (Nale et al., 2000; O’Neill and Palmer,
2004), e-services (Seng Wong et al., 2011; Huang et al., 2009) and other sectors. IPA is
not only used to capture customer perception, but it also can be used to explore the
important of competitive criteria and operational performance from experienced
managers who have authority to establish actionable strategy in their organization. In
summary, IPA is the powerful evaluation tool for enabling practitioners and academics
to find out specific attributes that have been well practiced, attributes that need to be
improved, and attributes that are over performed (Wong et al., 2009).
As shown in Figure 3, the y-axis report perceived importance of each selected
attribute. While, the x-axis shows perceived product/service performance of each
selected attribute. The explanation of the original IPA is presented by the scatter plot
which divides the chart into four quadrants as follows:
.
Quadrant I is labelled “concentrate here”. Attributes that fall into this quadrant
are perceived as high importance, but identified as low performance. This means
that the improvement efforts should be concentrated here.
.
Quadrant II is labelled “keep up the good work”. Attributes that fall into this
quadrant are perceived as high importance, and identified as high performance.
The activities in this quadrant have been performed well, and the organization
should maintain its good work.
High Importance
Quadrant I
Concentrate Here
Quadrant II
Keep up the Good Work
Low Performance
High Performance
Quadrant III
Low Priority
Figure 3.
The original IPA
framework
Quadrant IV
Possible Overkill
Low Importance
Source: Martilla and James (1977)
Quadrant III is labelled “low priority”. Attributes that fall into this quadrant are
perceived as low importance, and relatively low performance. The organization
should limit the resource for all activities that fall into this cell.
Quadrant IV is labelled “possible overkill”. Attributes that fall into this quadrant
are perceived as low importance, but relatively high performance.
IT governance
balanced
scorecard
Respondents are satisfied with the performance of all activities in this cell, but
compared to perceived importance, the allocation of resources for these activities are
being over utilized.
This study applied IPA method to find out the IT governance attributes that
universities have performed well, and the critical points that need to be improved.
Furthermore, with IPA method, we can establish the guidance of IT governance
strategy for Thai universities.
237
.
.
3. Research methodology
In the first step of this research, we conducted a preliminary investigation with 40
articles on IT governance research to identify critical concerns of IT governance
implementation from a global perspective. In the second step, we conducted a
quantitative survey to identify the current state of IT governance for Thai universities.
A self-assessment was developed based on the metrics from IT governance BSC
introduced by Abu-Musa (2007). The questionnaire consists of 23 items within four
dimensions, as shown in Figure 3. According to these metrics (Abu-Musa, 2007), we
used three-point Likert scale to measure the importance (1 ¼ not important to 3 ¼ very
important) and performance (1 ¼ not monitoring to 3 ¼ always monitoring). The
questionnaires were distributed to 117 IT executives from 117 universities in Thailand.
They were asked to capture the perceived importance and performance for each
attribute. A total of 64 out of 117 IT executives completed the questionnaire over the
three month period in 2011, representing a response rate of 54.7 percent. The reliability
analysis was carried out by calculating the Cronbach’s a coefficient. The result showed
a high internal consistency as shown in Table II.
After reliability testing was performed, a paired-sample t-test was run to evaluate
the mean difference between performance and importance scores. IPA was then
applied to capture graphical demonstration for identifying the current stage of IT
governance and also providing the strategic actions for Thai universities.
Cronbach’s a
(importance)
Cronbach’s a
(performance)
Five items (V1, V2, V3, V4 and V5)
0.743
0.872
Five items (V6, V7, V8, V9 and V10)
0.811
0.937
Four items (V11, V12, V13 and V14)
0.720
0.852
Nine items (V15, V16, V17, V18, V19,
V20, V21, V22 and V23)
All items
0.834
0.919
0.915
0.958
Constructs
Items
1. Corporate
contribution
2. Future
orientation
3. Stakeholder
orientation
4. Operational
excellence
Table II.
Cronbach’s a and
reliability of scale
IMCS
21,4
238
4. Research results
This section presents the main results related to IT executives’ perception on the
importance of IT governance performance measures taken in their universities.
The result of IPA with IT governance BSC attributes is summarized in Table III. The
graphical plotting of the IPA is also shown in Figure 5. In addition, the implication of
the obtained results is also discussed.
According to Table II, a series of paired-sample t-test was conducted to identify the
significant gap between importance and performance. The attributes for manage risks
(V4), achieve inter-organization synergies (V5), stakeholder satisfaction (V11), and
building standard, reliable technology platforms (V18) show no significant difference
( p , 0.05) between the mean of importance and performance. Apart from these, other
19 attributes show a significant difference on t-test in negative direction. This is
indicative of the fact that most actual control of IT governance in universities is
monitored less than expected. Therefore, Thai universities should pay more attention
to the attributes that are identified as being important in order to balance the gap
between the importance and performance for those attributes.
The importance-performance matrix of IT governance BSC attributes is plotted in
four quadrants, as shown in Figure 4. The importance values are presented on the
vertical axis, while the performance values are presented on the horizontal axis.
Quadrant I indicates the attributes that need to be considered for improvement at a
first priority. Quadrant II represents the attributes that organization can perform well
and need to keep up the good work. Quadrant III indicates the attributes that
organization should restrict its resource allocation. Quadrant IV represents the
attributes that organization should reshape its policy to achieve the optimal resource
utilization. In addition, further details of the attributes in each quadrant can be
described as follows.
4.1 The concentrate here quadrant
In quadrant I, there is no attribute that fall into the concentrate here quadrant. This
means that all IT executives perceived the performance measurement of IT governance
in their universities can be conducted well. There is no important attributes that
perform a low level monitoring. Even if we found evidence for lower expected control
with 19 attributes in Table II, it would not be considered as a critical point when
comparing with the result reflected in this quadrant.
4.2 The keep up the good work quadrant
According to the IT executive perception, 11 attributes have been identified in the keep
up the good work quadrant. The important attributes that fall into quadrant II can be
measured in a consistent way. These attributes are expected to be the pillar of strength
for leading IT governance in the university. Therefore, all attributes in the keep up the
good work quadrant can be used as the baseline indicators for driving IT governance
in Thai universities.
4.3 The low priority quadrant
IT executives identified 11 attributes in the low priority quadrant which thus could be
considered to be adequate control for less important attributes. Even if IT executives did
not perceive these attributes as the critical concerns, but this does not mean that the
1. Corporate contribution
V1. Align IT with business objectives
V2. Deliver value
V3. Manage costs
V4. Manage risks
V5. Achieve inter-organization synergies
2. Future orientation
V6. Attract and retain people with key competencies
V7. Focus on professional learning and development
V8. Build a climate of empowerment and
responsibility
V9. Measure/reward individual and team
performance
V10. Capture knowledge to improve performance
3. Stakeholder orientation
V11. Stakeholder satisfaction
V12. Demonstrate competitive costs
V13. Delivery good service
V14. Develop good service
4. Operational excellence
V15. Mature internal IT processes
V16. Manage operational service performance
V17. Achieve economies of scale
V18. Build standard, reliable technology platforms
V19. Deliver successful IT projects
V20. Understand business unit strategies
V21. Propose and validate enabling solutions
V22. Understand emerging technologies
V23. Develop organization architecture
IT governance BSC attributes
2.12
2.19
2.07
2.28
2.36
2.21
2.24
2.19
2.16
2.12
2.50
1.88
2.28
2.24
2.07
2.12
1.81
2.03
2.26
2.21
2.00
1.98
1.95
2.66
2.59
2.48
2.34
2.38
2.50
2.14
2.60
2.62
2.29
2.36
2.19
2.19
2.53
2.45
2.21
2.38
2.36
Performance mean
2.38
2.43
2.33
2.41
2.48
Important mean
20.224
20.241
20.379
20.155
20.276
20.241
20.207
20.397
20.414
0.000
20.259
20.328
20.379
20.190
20.259
20.293
20.448
20.345
20.259
20.241
20.259
20.138
20.121
Gap (P 2 I)
22.35
22.92
23.75
21.76
23.26
22.91
22.45
24.48
25.06
0.00
22.66
23.94
24.68
22.27
23.40
22.89
25.71
23.80
22.76
22.23
22.51
21.59
21.35
t-value
0.022
0.005
0.000
0.083
0.002
0.005
0.017
0.000
0.000
1.000
0.010
0.000
0.000
0.026
0.001
0.005
0.000
0.000
0.008
0.029
0.015
0.117
0.180
Significance (two-tailed)
IT governance
balanced
scorecard
239
Table III.
IPA with IT governance
BSC attributes
IMCS
21,4
2.80
Quadrant I (Concentrate here)
Quadrant II (Keep Up the Good Work)
V6
2.70
V14
240
V13
V7
2.60
V19
V8
Important
V11
V5
2.50
V20
V2
V4
2.40
V10
V22 V1
V3
V16
V15
V23
2.30
2.20
V9
V21
V17
V18
V12
2.10
Figure 4.
Plotting of
importance-performance
matrix for IT governance
BSC attributes
Quadrant IV (Possible Overkill)
Quadrant III (Low Priority)
2.00
1.70
1.80
1.90
2.00
2.10
2.20
2.30
2.40
2.50
2.60
Performance
university should reduce the efforts on these attributes. This is caused by the fact that
attributes for IT governance BSC can perform not only as the performance measurement,
but the former groups of attributes can also affect the later groups/perspectives, as shown
in Figure 2. Lack of audit in source attributes can affect the control of destination
attributes. Therefore, all attributes in the low priority quadrant need to be reconsidered for
their outcomes and consequences.
4.4 The possible overkill quadrant
The measuring or rewarding individual and team performance (V9) is only one
attribute that falls into the possible overkill quadrant. The attribute in this cell is
considered to perform much control. Therefore, IT executives should reconsider the
importance of this attribute. If the final discussion identifies the same remark, then it
can reduce the efforts for this attribute.
5. Discussion
In this study, we applied IPA analysis with IT governance BSC to capture IT
executives’ perception on the importance of IT governance performance measures that
performed in their universities. Original IPA identifies that the attributes for quadrants
III and IV are considered to be low priority and over emphasized, respectively. When
applying the IPA to a strategic tool like IT governance BSC, the results should be
interpreted carefully in order to avoid being misleading. The obtained results should be
reshaped from original IPA analysis, because the metrics from IT governance BSC is
demonstrated in the cause and effect form. We cannot identify that the attributes in
quadrants III and IV are unnecessary metrics, but it can be interpreted in a way that
IT executives should pay close attention for reconsidering on the outcomes and
consequences of these metrics. If they confirm that the existing metrics are not
important, then the unnecessary metrics should be rejected. After getting rid of
unnecessary indicators, IT executives can follow up the three strategic actions to lift up
their capability for governing IT in their universities, as shown in Figure 5.
IT governance strategic guidance:
.
S1 strategy. The S1 strategy is intended to support the attributes that fall into
unimportant region to rise up to important region. By following S1 strategy, IT
executives should figure out an approach to raising awareness on internal IT
processes that lack of clarity concerns at both executive and operational levels.
Providing award for IT best practice development in subunit of each university
can also be used to motivate staff to realize the importance of IT performance
measures.
.
S2 strategy. The S2 strategy aims to rise up the attributes that fall into low
performance region to high performance region. According to S2 strategy, IT
executives should focus on identifying indicators that should be consistent with
their internal IT processes. Furthermore, all stakeholders should be involved in
the development of these indicators in order to gain broader acceptance.
.
S3 strategy. The final strategy is intended to rise up both attributes that fall
into low performance and unimportant region to high performance and
IT governance
balanced
scorecard
241
2.80
Quadrant I
(Concentrate here)
2.70
Quadrant II
(Keep Up the Good Work)
S2
2.60
Important
2.50
S3
S1
2.40
2.30
2.20
Quadrant IV
(Possible Overkill)
Quadrant III
(Low Priority)
2.10
2.00
1.70
1.80
1.90
2.00
2.10
2.20
Performance
2.30
2.40
2.50
2.60
Figure 5.
IT governance strategic
guidance for Thai
universities based on IPA
IMCS
21,4
important region. S3 strategy is a combination of S1 and S2 strategies. Choosing
this strategy can lead the university to encounter high pressures from rapid
improvement. IT executives need to get effective cooperation from all university
staff. In the case that IT executives cannot establish adequate collaboration for
leveraging all indicators, they can start executing S3 strategy with only the
indicators that are critical for driving internal IT processes.
242
6. Conclusions
There have been a few research studies conducted on the topic of IT governance in
developing countries, especially in Thailand. Therefore, this research aims to provide
the strategic action of IT governance for organizations in this region. In this case, we
have limited our scope to choose only universities in Thailand as the subjects of this
study. In order to answer the research questions, our conclusions are presented in the
following order.
First, the evidence on global perspective can lead us to conclude that IT governance
should begin as a journey inspired from the board. Even the well-established IT
governance frameworks will need to determine the coherence of organizational
processes before adoption. Therefore, the well-communicated IT strategy and policy
should be established before enabling IT governance in action. In the case of
university, in order to decrease capital risk and failure of trial and error, universities
should primarily analyze their current situations of IT governance performance before
performing any other actions on IT governance.
Second, IT executives can apply the metrics of IT governance BSC with IPA to
clarify the current situation of IT governance performance in their universities.
Consequently, the strategic action of IT governance for Thai universities can be
specified. Additionally, the control framework currently used in the university can be
adapted to the implications from IPA.
Third, based on the results from IPA, Thai universities can apply the attributes that
fall into the keep up the good work as the baseline indicators for driving IT governance
in their universities. In the long run, the IT executives can apply IT governance
strategic recommendations provided by this study as the guideline to improve the
effective control for their internal IT processes. In further studies, the insight review
articles based on the global IT governance perspective and the practical guideline from
regional survey can be combined to draw the flexible IT governance framework for
Thai universities.
References
Abu-Musa, A.A. (2007), “Exploring information technology governance (ITG) in developing
countries: an empirical study”, The International Journal of Digital Accounting Research,
Vol. 7 No. 13, pp. 71-117.
Afzali, P., Azmayandeh, E., Nassiri, R. and Shabgahi, G.L. (2010), “Effective governance through
simultaneous use of COBIT and Val IT”, Proceedings of the International Conference on
Education and Management Technology, pp. 46-50.
Baka, M. and Aziz, M. (2010), “Implementing a novel IT governance framework a case study the
Abu Dhabi water & electricity authority”, Proceedings of the Second International
Conference on Engineering Systems Management and Its Applications, pp. 1-5.
Beimborn, D., Schlosser, F. and Weitzel, T. (2009), “Proposing a theoretical model for IT
governance and IT business alignment”, Proceedings of the 42nd Hawaii International
Conference on System Sciences, Los Alamitos, CA, USA, pp. 1-11.
Bhattachariya, J. and Chang, V. (2007), “The role of IT governance in the evolution of
organizations in the digital economy: cases in Australian higher education”, Proceedings of
the International Conference on Digital Ecosystems and Technologies, School of
Information Systems, pp. 428-433.
Bowen, P.L., Cheung, M.Y.D. and Rohde, F.H. (2007), “Enhancing IT governance practices: a
model and case study of an organization’s efforts”, International Journal of Accounting
Information Systems, Vol. 8 No. 3, pp. 191-221.
Brown, A.E. and Grant, G.G. (2005), “Framing the frameworks: a review of IT governance
research”, Communications of the Association for Information Systems, Vol. 15,
pp. 696-712.
Cai, M. and Yu, J. (2009), “The pattern of IT governance in small and medium-sized garment
enterprise”, Proceedings of the International Conference on Management and Service
Science, pp. 1-4.
Chen, L. (2010), “Business-IT alignment maturity of companies in China”, Information
& Management, Vol. 47 No. 1, pp. 9-16.
Chu, R.K.S. and Tat, C. (2000), “An importance-performance analysis of hotel selection factors in
the Hong Kong hotel industry: a comparison of business and leisure travelers”, Tourism
Management, Vol. 21, pp. 363-377.
Cobbold, I. and Lawrie, G. (2002), “Development of the balanced scorecard as a strategic
management tool”, in Neely, A., Walters, A. and Austin, R. (Eds), Performance
Measurement and Management: Research and Action, Centre for Business Performance,
Cranfield, UK, pp. 125-132.
Cumps, B., Viaene, S. and Dedene, G. (2006), “Managing for better business-IT alignment”, IT
Professional, Vol. 8 No. 5, pp. 17-24.
Cumps, B., Martens, D., De Backer, M., Haesen, R., Viaene, S., Dedene, G., Baesens, B. and Snoeck,
M. (2009), “Inferring comprehensible business/ICT alignment rules”, Information
& Management, Vol. 46 No. 2, pp. 116-124.
De Haes, S. and Van Grembergen, W. (2006), “Information technology governance best practices
in Belgian organisations”, Proceedings of the 39th Annual Hawaii International
Conference on System Sciences.
De Oliveira Alves, G.A., Da Costa Carmo, L.F.R. and De Almeida, A.C.R.D. (2006), “Enterprise
security governance: a practical guide to implement and control information security
governance (ISG)”, Proceedings of the First IEEE/IFIP International Workshop on
Business-Driven IT Management, pp. 71-80.
Fairchild, A. (2004), “Information technology outsourcing (ITO) governance: an examination of
the outsourcing management maturity model”, Proceedings of the 37th Annual Hawaii
International Conference on System Sciences, Big Island, HI.
Fasanghari, M., Nasser Eslami, F. and Naghavi, M. (2008), “IT governance standard selection
based on two phase clustering method”, Proceedings of the Fourth International
Conference on Networked Computing and Advanced Information Management, Gyeongju,
South Korea, pp. 513-518.
Ferran, C. (2006), “Electronic business in developing countries: the digitalization of bad
practices”, in Tan, F.B. (Ed.), Global Information Technologies: Concepts, Methodologies,
Tools, and Applications, IGI Global, Hershey, PA, pp. 3091-3104.
IT governance
balanced
scorecard
243
IMCS
21,4
Fink, K. and Ploder, C. (2008), “Decision support framework for the implementation of
IT-governance”, Proceedings of the 41st Hawaii International Conference on System
Sciences, Los Alamitos, CA, USA.
Gheorghe, M. (2006), “IT governance principles”, Journal of Accounting and Management
Information Systems, No. 18, pp. 86-102.
244
Hawes, J.M. and Rao, C.P. (1985), “Using importance-performance analysis to develop health care
marketing strategies”, Journal of Health Care Marketing, Vol. 5 No. 4, pp. 19-25.
Hosseinbeig, S., Karimzadgan-Moghadam, D., Vahdat, D. and Moghadam, R.A. (2011), “IT
strategic alignment maturity and IT governance”, Proceedings of the 4th International
Conference on Interaction Sciences, pp. 67-72.
Huang, Y.K., Kuo, Y.W. and Xu, S.W. (2009), “Applying importance-performance analysis to
evaluate logistics service quality for online shopping among retailing delivery”,
International Journal of Electronic Business Management, Vol. 7 No. 2, pp. 128-136.
Hudson, S., Hudson, P. and Miller, G.A. (2004), “The measurement of service quality in the tour
operating sector: a methodological comparison”, Journal of Travel Research, Vol. 42,
pp. 305-312.
Ibrahim, E.E., Joseph, M. and Ibeh, K.I.N. (2006), “Customers’ perception of electronic service
delivery in the UK retail banking sector”, International Journal of Bank Marketing, Vol. 24
No. 7, pp. 475-493.
JISC (2007), “A framework for information systems management and governance:
self-assessment toolkit”, Joint Information Systems Committee, available at: www.jisc.a
c.uk/media/documents/programmes/jos/Governance_Toolkit.pdf (accessed 22 June 2012).
Joseph, M., Allbright, D., Stone, G., Sekhon, Y. and Tinson, J. (2005), “Importance-performance
analysis of UK and US bank customer perceptions of service delivery technologies”,
International Journal of Financial Services Management, Vol. 1 No. 1, pp. 66-88.
Kaplan, R.S. and Norton, D.P. (1996), “Using the balanced scorecard as a strategic management
system”, Harvard Business Review, Vol. 74 No. 1, pp. 75-85.
Krey, M., Harriehausen, B., Knoll, M. and Furnell, S. (2010), “IT governance and its impact on the
Swiss healthcare”, Proceedings of the 12th International Conference on Computer
Modelling and Simulation, Cambridge, UK, pp. 340-345.
Larsen, M., Pedersen, M. and Viborg Andersen, K. (2006), “IT governance: reviewing 17 IT
governance tools and analysing the case of Novozymes A/S”, Proceedings of the 39th
Annual Hawaii International Conference on System Sciences, Kauia, HI, pp. 1-11.
Lee, J. and Lee, C. (2009), “IT governance-based IT strategy and management: literature review
and future”, in Cater-Steel, A. (Ed.), Information Technology Governance and Service
Management Framework and Adaptation, IGI Global, Hershey, PA, pp. 44-62.
Lee, J., Juhn, S. and Hwang, K. (2009), “New development of advanced ITG framework”,
Proceedings of the 42nd Hawaii International Conference on System Sciences, Waikoloa,
HI, pp. 1-10.
Levenburg, N.M. and Magal, S.R. (2004), “Applying importance-performance analysis to evaluate
e-business strategies among small firm”, E-service Journal, Vol. 3 No. 3, pp. 29-48.
Lunardi, G.L., Becker, J.L. and Macada, A.C.G. (2009), “The financial impact of IT governance
mechanisms’ adoption: an empirical analysis with Brazilian firms”, Proceedings of the
42nd Hawaii International Conference on System Sciences, Los Alamitos, CA, USA,
pp. 1-10.
Maidin, S.S. and Arshad, N.H. (2010), “IT governance practices model in IT project approval and
implementation in Malaysian public sector”, Proceedings of the International Conference
on Electronics and Information Engineering, pp. V1-532-V1-536.
Martilla, J.A. and James, J.C. (1977), “Importance-performance analysis”, Journal of Marketing,
Vol. 41 No. 1, pp. 77-79.
Martı´nez, A.F. and Largo, F.L. (2009), “An IT governance framework for universities in Spain”,
available at: http://rua.ua.es/dspace/bitstream/10045/11216/1/EUNIS%202009%20%
20An%20IT%20Governance%20Framework%20for%20Universities%20in%20Spain%
20-%20Fernandez%20y%20Llorens.pdf (accessed 11 June 2012).
Miranda, F.J. (2010), “An importance-performance analysis of primary health care services:
managers vs patients perceptions”, Journal of Service Science and Management, Vol. 3
No. 2, pp. 227-234.
Nale, R.D., Rauch, D.A. and Wathen, S.A. (2000), “An exploratory look at the use of importance
performance analysis as a curricular assessment tool in a school of business”, Journal of
Workplace Learning: Employee Counselling Today, Vol. 12 No. 4, pp. 139-145.
Nassiri, R., Ghayekhloo, S. and Shabgahi, G.L. (2009), “A novel approach for IT governance: a
practitioner view”, Proceedings of the International Conference on Computer Technology
and Development, Kota Kinabalu, Malaysia, pp. 217-221.
Nfuka, E.N. and Rusu, L. (2010), “Critical success factors for effective IT governance in the public
sector organisations in a developing country: the case of Tanzania”, Proceedings of the
European Conference on Information Systems, pp. 1-15.
Nfuka, E.N., Rusu, L., Johannesson, P. and Mutagahywa, B. (2009), “The state of IT governance
in organizations from the public sector in a developing country”, Proceedings of the 42nd
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA, pp. 1-12.
O’Neill, M.A. and Palmer, A. (2004), “Importance-performance analysis: a useful tool for directing
continuous quality improvement in higher education”, Quality Assurance in Education,
Vol. 12 No. 1, pp. 39-52.
Park, H., Jung, S., Lee, Y. and Jang, K. (2006), “The effect of improving IT standard in IT
governance”, Proceedings of the International Conference on Computational Inteligence for
Modelling Control and Automation and International Conference on Intelligent Agents Web
Technologies and International Commerce, Sydney, Australia.
Peterson, R.R. (2001), “Configurations and coordination for global information technology
governance: complex designs in a transnational European context”, Proceedings of the
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA.
Peterson, R.R. and Fairchild, A.M. (2003), “Exploring the impact of electronic business readiness
on leadership capabilities in information technology governance”, Proceedings of the 36th
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA.
Prasad, A., Heales, J. and Green, P. (2010), “A capabilities-based approach to obtaining a deeper
understanding of information technology governance effectiveness: evidence from IT
steering committees”, International Journal of Accounting Information Systems, Vol. 11
No. 3, pp. 214-232.
Ribbers, P., Peterson, R. and Parker-Priebe, M. (2002), “Designing information technology
governance processes: diagnosing contemporary practices and competing theories”,
Proceedings of the 35th Hawaii International Conference on System Sciences, pp. 3143-3154.
Ridley, G., Young, J. and Carroll, P. (2004), “COBIT and its utilization: a framework from the
literature”, Proceedings of the 37th Hawaii International Conference on System Sciences,
Los Alamitos, CA, USA.
IT governance
balanced
scorecard
245
IMCS
21,4
246
Sahraoui, S.M. (2009), “ICT governance in higher education: case study of the rise and fall of open
source in a Gulf university”, Proceedings of the International Conference on Information
and Communication Technologies and Development, pp. 348-356.
Salle´, M. and Di-Vitantonio, G. (2006), “Business service management: the impact of IT
governance models on IT management policies”, Proceedings of the International
Conference on Services Computing, Chicago, IL, USA, pp. 373-380.
Samanta, S. (2007), “Business-IT alignment strategies: a conceptual modeling”, Proceedings of
the Portland International Center for Management of Engineering and Technology, pp. 1-5.
Schwarz, A. and Hirschheim, R. (2003), “An extended platform logic perspective of IT
governance: managing perceptions and activities of IT”, Journal of Strategic Information
Systems, Vol. 12 No. 2, pp. 129-166.
Seng Wong, M., Hideki, N. and George, P. (2011), “The use of importance-performance analysis
(IPA) in evaluating Japan’s e-government services”, Journal of Theoretical and Applied
Electronic Commerce Research, Vol. 6 No. 2, pp. 17-30.
Sherer, S.A. (2004), “IS project selection: the role of strategic vision and IT governance”,
Proceedings of the 37th Hawaii International Conference on System Sciences, Los Alamitos,
CA, USA, pp. 1-8.
Silva, E. and Chaix, Y. (2008), “Business and IT governance alignment simulation essay on a
business process? And IT service model”, Proceedings of the 41st Hawaii International
Conference on System Sciences, Los Alamitos, CA, USA.
Simonsson, M., Johnson, P. and Ekstedt, M. (2008a), “IT governance decision support using the
IT organization modeling and assessment tool”, Proceedings of the Portland International
Conference on Management of Engineering & Technology, Cape Town, South Africa,
pp. 802-810.
Simonsson, M., Lagerstro¨m, R. and Johnson, P. (2008b), “A Bayesian network for IT governance
performance prediction”, Proceedings of the 10th International Conference on Electronic
Commerce, Innsbruck, Austria.
Sohal, A.S. and Fitzpatrick, P. (2002), “IT governance and management in large Australian
organizations”, International Journal of Production Economics, Vol. 75 No. 1, pp. 97-112.
Tu, W. and Zhang, J. (2008), “The components and practice of information technology
governance”, Proceedings of the First International Workshop on Knowledge Discovery and
Data Mining, Adelaide, Australia, pp. 465-468.
Van Grembergen, W. (2005), “Measuring and improving information technology governance
through the balanced scorecard”, available at: www.isaca.org/Journal/Past-Issues/2005/
Volume-2/Documents/jpdf052-measuring-and-improving.pdf (accessed 22 June 2012).
Van Grembergen, W. and De Haes, S. (2010), “A research journey into enterprise governance of
IT, business/IT alignment and value creation”, International Journal of IT/Business
Alignment and Governance, Vol. 1 No. 1, pp. 1-13.
Weill, P. and Ross, J.W. (2004), IT Governance: How Top Performers Manage IT Decision Rights
for Superior Results, Harvard Business School Publishing, Boston, MA.
Wong, M.S., Fearon, C. and Philip, G. (2009), “Evaluating e-government in Malaysia: an
importance-performance grid analysis (IPA) of citizens and service providers”,
International Journal of Electronic Business, Vol. 7 No. 2, pp. 105-129.
Xiao-Wen, L., Xiao-Chun, L. and Ke-Jin, H. (2009), “Design and implementation of IT governance
planning decision supporting”, Proceedings of the Chinese Control and Decision
Conference, pp. 5629-5632.
Yavas, U. and Shemwell, D.J. (2001), “Modified importance-performance analysis: an application
to hospitals”, International Journal of Health Care Quality Assurance, Vol. 14 No. 3,
pp. 104-110.
Further reading
Slack, N. (1994), “The importance-performance matrix as a determinant improvement priority”,
International Journal of Operations & Production Management, Vol. 14 No. 5, pp. 59-75.
Appendix. Research questionnaire
Dear sir
I am conducting a study entitled, “Applying IT governance balanced scorecard and
importance-performance analysis for providing IT governance strategy in university”. This
questionnaire is aimed to investigate the opinions of IT executives in Thai universities on the
perceptions of IT governance and IT governance measurement of each aspect implemented in
each university that covers:
.
corporate contribution;
.
future orientation;
.
stakeholder orientation; and
.
operational excellence.
Please kindly respond to this questionnaire yourself and give information which strongly
represents your opinions. You will be assured of complete confidentiality as your responses will
be kept confidential. The results of this study will be a beneficial guideline for executives of IT;
as well as executives of general administration to be able to strategically develop and improve
the benefits from utilization of IT in each university. Moreover, the findings, revealed from this
study, will provide effective methods on quality control of IT for Thai universities in the future.
Please take a few (approximately 20) minutes to complete the enclose questionnaire. You have
our personal assurance that all responses will remain anonymous. Your response is very
important to the study, and we thank you in advance for your co-operation participation.
1. General Information
1. University ________________________________________________________________
2. What is your current job title?
IT Project Manager
Chief Information Officer : CIO
IT Director
IT Specialist
Internal Auditor
Other-please list ______________
3. What is your role relevant of information technology function?
Planning IT budgets
Decision in IT Projects
Procurement decision maker on Hardware/Software
Participating in establishing university IT policy
Other – please List ____________________________________________
4. How many years of experience do you have in your current position? _____________
(continued)
IT governance
balanced
scorecard
247
IMCS
21,4
2. IT Governance Performance Measurement
Please Circle the most appropriate number for the Importance and Performance
of IT Governance Performance Measurement in your organization
Importance
Sometime Monitoring (2)
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
2
2
2
2
3
3
3
3
1
1
1
1
2
2
2
2
3
3
3
3
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
Always Monitoring (3)
Not Monitoring (1)
2
2
2
2
2
Importance (2)
1
1
1
1
1
Not Important (1)
IT Governance Performance Measurement
Performance
Very Important (3)
248
1. Corporate Contribution
1.1
1.2
1.3
1.4
1.5
Align IT with business objectives
Deliver value
Manage costs
Manage risks
Achieve inter-organization synergies
2. Future Orientation
2.1
2.2
2.3
2.4
2.5
Attract and retain people with key competencies
Focus on professional learning and development
Build a climate of empowerment and responsibility
Measure/reward individual and team performance
Capture knowledge to improve performance
3. Stakeholder Orientation
3.1
3.2
3.3
3.4
Stakeholder satisfaction
Demonstrate competitive costs
Delivery good service
Develop good service
4. Operational Excellence
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
Mature internal IT processes
Manage operational service performance
Achieve economies of scale
Build standard, reliable technology platforms
Deliver successful IT Projects
Understand business unit strategies
Propose and validate enabling solutions
Understand emerging technologies
Develop organization architecture
About the authors
Kallaya Jairak received the BSc in Economics from MAEJO University, Chiang Mai, Thailand, in
1998, and the MS in information technology and management from Chiang Mai University,
Chiang Mai, Thailand, in 2004. She is currently a PhD candidate in information technology,
Information Science Institute of Sripatum University (ISIS), Bangkok, Thailand. Her research
interests include IT governance, IT/business alignment, ICT sustainability and ICT in education
management. Her current focus is on IT governance strategy and framework. In addition, she
published more than five papers in these areas. Kallaya Jairak is the corresponding author and
can be contacted at: [email protected]
Prasong Praneetpolgrang received the BSc (1st Hons) in electrical engineering from the Royal
Thai Air Force Academy, Bangkok, Thailand, in 1987, the MS in computer engineering, in 1989,
the MS in electrical engineering, in 1993, and the PhD degree in computer engineering from
Florida Institute of Technology, Florida, USA, in 1994. He currently has the rank of Associate
Professor at the Information Science Institute, Sripatum University, Bangkok, Thailand. His
research interests are in the areas of computer and information security, trust management and
IT governance, e-Commerce and cloud applications. Dr Praneetpolgrang has more than 100
published articles in these areas. He has served on program committees of both international and
national conference on computer science and engineering, information technology and
e-Business. He is also member of IEEE and ACM. He has recorded in Who’s Who in the world in
information technology.
To purchase reprints of this article please e-mail: [email protected]
Or visit our web site for further details: www.emeraldinsight.com/reprints
IT governance
balanced
scorecard
249
Reproduced with permission of the copyright owner. Further reproduction prohibited without
permission.
www.emeraldinsight.com/0968-5227.htm
IMCS
21,4
228
Received 3 August 2012
Revised 7 December 2012
29 January 2013
11 February 2013
Accepted 13 February 2013
Applying IT governance balanced
scorecard and
importance-performance analysis
for providing IT governance
strategy in university
Kallaya Jairak and Prasong Praneetpolgrang
Information Science Institute, Sripatum University, Bangkok, Thailand
Abstract
Purpose – The purpose of this paper is to identify the current situation and the future improvement
for IT governance and controls in developing country like Thailand.
Design/methodology/approach – Thai universities were selected and used as subjects for
capturing the perception of IT executives on IT governance performance measures. In the first step, a
global IT governance perspective was drawn from the literature review. In the second step, the
important-performance analysis was applied to the metrics of IT governance balanced scorecard with
collected survey data from 64 IT executives.
Findings – From a global perspective, the critical points that need to be concerned before
implementing IT governance have been illustrated. From a regional perspective, the paper generated
the strategic IT governance guidance for Thai universities.
Practical implications – This paper is beneficial for chief information officers, executive managers,
IT managers, and academics. They will gain more knowledge and understanding about the mixed
method of using metrics in IT governance balanced scorecard and importance-performance analysis in
order to identify the current situation of IT governance and controls in their organizations.
Additionally, the practical idea with this method can be applied to draw IT governance strategy in
their contexts.
Originality/value – This paper specifies the critical points and directions of IT governance for Thai
universities. The analysis covers global and regional viewpoints. This paper also provides the method
for applying IT governance balanced scorecard metrics and importance-performance analysis to
contribute IT governance strategy.
Keywords IT governance, IT governance balanced scorecard, Importance-performance analysis,
Thai universities
Paper type Research paper
Information Management &
Computer Security
Vol. 21 No. 4, 2013
pp. 228-249
q Emerald Group Publishing Limited
0968-5227
DOI 10.1108/IMCS-08-2012-0036
1. Introduction
Information technology (IT) has become a vital and integral part of many business
activities. The pervasive use of IT in many organizations brings IT governance to
become a more significant issue. After the concept of IT governance emerged in the
early 1990s, specialists and academics have attempted to clarify how to ensure the
value of aggressive action on IT governance (Van Grembergen and De Haes, 2010).
This curious question has been examined in a series of research projects during the
period 1999-2003 by Weill and Ross (2004). They have found a relationship between
corporate performance and proactive tuning for IT governance. The finding also
revealed that when the organizations performed proactive support for IT governance,
they could generate up to 20 percent more profit than organizations with poor support.
Van Grembergen and De Haes (2010) also clearly illustrated that IT governance should
be an integral part of corporate governance.
Principles of IT governance cover risk management, information security, service
quality, IT resources management and business/IT alignment. Ideally, risk
management and information security should be combined and closely examined. It
can be identified that information security governance (ISG) is a part of IT governance.
Nowadays, IT governance and ISG are controlled by a variety of practices such as
ISO/IEC 38500, ISO/IEC 27001, COBIT, and ITIL. However, COBIT is now accepted as
the preferred framework for IT governance. Currently, COBIT is at version 5.0 and
introduced as a single integrated framework for IT governance.
Due to a variety of standards and frameworks, organizations will need to decide
which approach is suitable for them. After many years of performing the insight case
studies on IT governance, Van Grembergen and De Haes (2010) have identified that the
successful implementation of IT governance is caused by the fine tuning of linkage for
structures, processes, and relational mechanisms within the organization itself. This
important finding expands our knowledge in order to understand that there is no silver
bullet solution for IT governance scenario. Different organizations need different
solutions for IT governance. The best practice from one place can become the bad one
in other places, especially when expanded and implemented under the different
conditions. For example, companies in developing countries that lack of adequate
industrial infrastructure are not able to jump into the technological dependence era to
stand at the same level as companies in developed countries. Therefore, the best
practice contributed from developed countries should be analyzed properly before
implementing in developing countries (Ferran, 2006). In the same manner, IT
governance implementation in developing countries needs a holistic approach to
support the complex mix of political, organizational, technical, and cultural concerns in
each country (Nfuka and Rusu, 2010).
The idea of trial and error to find the proper solution causes a waste of budget, time,
and workforce. Therefore, it is essential for an organization to clearly understand its
current situation of IT governance performance before taking any other action on IT
governance. Moreover, many organizations often ignore the planning of how to
implement IT governance. That will directly lead to an increased risk in many forms,
especially for stakeholder resistance. Those problems can also cause the failure of IT
governance implementation. Therefore, the purpose of this paper is to identify the
current situation and the future improvement for IT governance and controls in a
developing country like Thailand. We have limited our scope to select only the
universities in Thailand as the subjects of this study. By applying the metrics of IT
governance balanced scorecard (BSC) with importance-performance analysis (IPA), we
expect to provide the new insight for IT governance issue for Thai universities.
The research questions of this paper are:
RQ1. What are the important issues to take into consideration before implementing
IT governance?
RQ2. What is the current situation of IT governance performance in Thai
universities?
IT governance
balanced
scorecard
229
IMCS
21,4
230
RQ3. What is the proper IT governance strategy for Thai universities?
The objectives of this study are two-fold. First, we aim to examine the current trend of
research studies on IT governance and university IT governance from global
perspectives. Consequently, the information obtained from the first objective will
illustrate the direction of IT governance and controls that can be applied at regional
levels. Second, we aim to clarify the actual practice of IT governance in the university
and specify an IT governance strategy for Thai universities. Apart from the
introduction, this paper covers IT governance literature in Section 2, research
methodology in Section 3, the results and discussion in Sections 4 and 5, respectively,
and lastly, the conclusions in Section 6.
2. Literature review
2.1 Principles of IT governance
There are many diverse definitions of IT governance. Lee and Lee (2009) attempted to
classify them into three perspectives. First, based on decision rights and
accountabilities, IT governance is defined as:
[. . .] the decision-making in the IT domain, focusing on the distribution of decision rights and
accountabilities (or responsibilities) for the effective use of IT resources.
Second, from business/IT alignment perspective, IT governance is defined as:
[. . .] The activities to maximize business value through bringing about business/IT
alignment. In achieving this goal, business/IT strategies should emphasize the effective
control of resources, performance management, and risk management.
Third, based on structures and processes, IT governance is defined as:
[. . .] the responsibility of company executives and the board of directors, referring inclusively
to the leadership, organizational structures and processes ensuring that enterprises’ IT
sustains organizations strategies and objectives.
In addition, Gheorghe (2006) also suggested that IT governance principal objectives
should be focused on:
.
aligning IT activities with enterprise action plan;
.
exploiting opportunities and maximizing benefits from IT resources; and
.
managing IT risks efficiently.
These valuable references can lead us to conclude that the purpose of IT governance is
to clarify roles and responsibilities from the board to supplement IT activities in action
for balancing value and risk of IT assets. To achieve this goal, the continual action
should be leveraged across five key areas: business/IT alignment, value delivery, risk
management, resource management, and performance management (Gheorghe, 2006;
Lee and Lee, 2009; Nfuka and Rusu, 2010). According to the above definitions, we can
explain that IT governance could be employed in the principle, policy, process or the
activities that the organization specifies. Its objective is to control decision-making for
investment and effective IT utilization. The effectiveness covers the appropriate and
transparent appointment of executives’ roles and duties, business/IT strategy
alignment, good internal control systems or processes, balancing between the values
and the risks from IT investment, risk and security management, and the IT policies or
strategies that affect an organization’s sustainability.
2.2 IT governance research
We surveyed many research papers relating to IT governance subjects that are
published online. The investigated databases included IEEE, ACM, Science Direct and
SCOPUS. The keyword we used was “IT governance”. Later on, we carefully
considered the key issues and categorized them into five categories:
(1) IT governance implementation.
(2) IT governance framework development and guideline.
(3) Critical success factors and enablers of IT governance.
(4) Business/IT alignment.
(5) Prediction model and decision support system for IT governance.
IT governance
balanced
scorecard
231
The source of literature on IT governance research is provided in Table I and the
details of each category are described in the following subsections.
2.2.1 IT governance implementation. Prior research in this category has examined a
wide range of businesses including: financial services (Peterson, 2001), oil and gas
business (Schwarz and Hirschheim, 2003), assurance (De Haes and Van Grembergen,
2006), public sector (Bhattachariya and Chang, 2007; Sahraoui, 2009; Maidin and
Arshad, 2010), semiconductor business (Park et al., 2006), and small- and medium-sized
enterprise (Cai and Yu, 2009). After reviewing the consideration points for all cases, we
have realized that the concept of IT governance cannot occur in a vacuum, but should
begin as a journey inspired by executive boards. Sohal and Fitzpatrick (2002) also noted
Research focus area
Authors
IT governance implementation
Peterson (2001), Sohal and Fitzpatrick (2002),
Schwarz and Hirschheim (2003), Ridley et al.
(2004), De Haes and Van Grembergen (2006),
Bowen et al. (2007), Bhattachariya and Chang
(2007), Tu and Zhang (2008), Park et al. (2006),
Sahraoui (2009), Cai and Yu (2009), Maidin and
Arshad (2010)
IT governance framework development and
Ribbers et al. (2002), Fairchild (2004), Sherer
guideline
(2004), Brown and Grant (2005), De Oliveira
Alves et al. (2006), Larsen et al. (2006), Salle´ and
Di-Vitantonio (2006), Lee et al. (2009), Nassiri et al.
(2009), Afzali et al. (2010), Baka and Aziz (2010)
IT governance impact
Peterson and Fairchild (2003), Fink and Ploder
(2008), Lunardi et al. (2009), Nfuka et al. (2009),
Krey et al. (2010), Prasad et al. (2010)
Business/IT alignment
Cumps et al. (2006), Samanta (2007), Silva and
Chaix (2008), Beimborn et al. (2009), Cumps et al.
(2009), Chen (2010), Hosseinbeig et al. (2011)
Prediction model and decision support system for Fasanghari et al. (2008), Simonsson et al. (2008a, b),
IT governance
Xiao-Wen et al. (2009)
Table I.
Summary of research on
IT governance
IMCS
21,4
232
that top management commitment to IT is the primary cause for their organizations to
achieve a competitive advantage from their IT. In order to achieve a better interaction
between IT and business, the rigid form of IT structure should embrace a more social
and dynamic form (Schwarz and Hirschheim, 2003). Weill and Ross (2004) stated that
identifying the decision rights and accountability from the board can encourage
desirable behavior in using IT. After the roles and responsibilities have been committed,
organizations can embrace the solution for IT governance framework. A well balanced
mix of structures, processes, and relational mechanisms will enable better IT
governance outcomes (De Haes and Van Grembergen, 2006). Based on the review of IT
governance implementation research, we can infer that IT governance implementation
is concerned not only with well-established IT governance framework, but also with
well-communicated IT strategy and policy from the board (Bowen et al., 2007).
2.2.2 IT governance framework development and guideline. The research in this
category has mainly focused on providing a hybrid structure of framework or
guideline based on widely accepted industry standards or existing
concepts/frameworks. For example, De Oliveira Alves et al. (2006) proposed a single
framework for implementing ISG that developed from the integration of BSC, COBIT,
and ISO/IEC 27001; Larsen et al. (2006) unfolded the potential of existing IT
governance framework at a single case of biotech-based company; and Afzali et al.
(2010) applied the concept of COBIT and Val IT 2.0 to provide a broader framework for
IT governance. Nevertheless, there is no universal IT governance structure for IT
governance framework. The hybrid structure and processes are required for
developing a flexible environment for sustaining value through business/IT
engagement (Brown and Grant, 2005; Ribbers et al., 2002). In summary, the focus
area of IT governance research on framework development and guideline is still reliant
on the organizational context. Furthermore, focusing only on IT governance tools and
frameworks are insufficient for governing IT effectively (Ribbers et al., 2002).
2.2.3 Critical success factors and enablers of IT governance. For critical success
factors and enablers of IT governance, Fink and Ploder (2008) found that more
stakeholder involvement, employee integration, business process improvement, and
flexibility of the IT infrastructure are critical success factors for the use of IT governance
framework. Prasad et al. (2010) also found that effective commitment from top
management drives capabilities to manage IT resources, and also improves internal
process-level performance. Nevertheless, the widely adopted framework cannot
guarantee the success of IT governance implementation. The organizations should
appraise existing framework or best practices with their organizational processes before
adoption (Krey et al., 2010). For IT governance adoption in developing nation (Tanzania),
Nfuka et al. (2009) highlighted that the problems with IT governance in public sector are
lack of a specific IT strategic plan, lack of clear roles and responsibilities, inadequate
follow-up and enforcement mechanisms, lack of IT governance awareness, inadequate
budget, and lack of IT professional skills. In summary, the research in this category
commonly reflects the issues of logical coherence for implementing IT governance into
the organizational context.
2.2.4 Business/IT alignment. For business/IT alignment, the strategic key for
business/IT alignment is to ensure that business can gain a competitive advantage
through IT spending. Many studies in this category conducted a survey to determine the
pattern that organizations apply to achieve an optimal level for business/IT alignment
(Cumps et al., 2006, 2009; Beimborn et al., 2009; Chen, 2010; Hosseinbeig et al., 2011).
Additionally, many of articles also referred to strategic alignment maturity (SAM)
framework (Cumps et al., 2006; Samanta, 2007; Chen, 2010; Hosseinbeig et al., 2011).
SAM is used to evaluate the maturity of organizational strategy selection and alignment
activities. The organizations can utilize SAM to identify the current stage of business/IT
alignment and the goal setting for improving alignment. Research focusing on
business/IT alignment has been advanced in the development of models/frameworks
based on existing models/frameworks to support organizations for improving their
business/IT relationships.
2.2.5 Prediction model and decision support system for IT governance. For prediction
model and decision support system, Fasanghari et al. (2008) applied K-means analysis
for clustering available IT governance tools and standards. Simonsson et al. (2008a, b)
applied Bayesian network with decision support tool for predicting IT governance
performance. Xiao-Wen et al. (2009) developed a prototype decision supporting system
for IT governance planning. The research in this topic area has focused on the
development of automatic tool for encouraging IT governance prediction and decision
support.
After reviewing the focal point for each area of IT governance research, we have
gained knowledge and insights on IT governance that can be summarized as follows:
.
IT governance cannot occur in a vacuum, but should begin as a journey inspired
from the board;
.
focusing only on IT governance tools and frameworks are insufficient for
governing IT effectively;
.
the organizations should appraise existing frameworks or best practices with
their internal IT processes before adoption; and
.
the prediction model and decision support system are still a relatively young area
of IT governance research.
2.3 IT governance in universities
Even if researchers have conducted many frameworks relevant to IT governance, there
are a limited number of university-oriented IT governance frameworks. The situation of
IT governance implementation in practice within universities was not much different from
other industries. We have not found a single solution that can be applied at every
university. The solution has drastically changed from one campus to another. In 2007,
Bhattachariya and Chang (2007) stated that while institutions have to deal with low
staffing levels, this time is not suitable for adopting industry best practices. Each
institution can establish its own best practice that link to business needs and available
resources. In 2007, Joint Information Systems Committee (JISC, 2007) funding for the
University of Strathclyde to develop the flexible framework and self-assessment tool that
facilitate higher education institutions in the UK to identify the areas of improvement for
their IT resources. Based on the JISC model and ISO/IEC 38500:2008 (Standard for
Corporate Governance of IT), Martı´nez and Largo (2009), developed a university-oriented
IT governance framework (ITG4U) for the Spanish Association of University Rectors in
Spain that enable each university to reach a higher IT governance maturity level.
In Thailand, the whole university system is governed by the Office of the Higher
Education Commission (OHEC) and the Office for National Education Standards and
IT governance
balanced
scorecard
233
IMCS
21,4
234
Quality Assessment (ONESQA). The role of the OHEC is to maintain the internal
quality assurance in each university, while the control of external quality assurance
among Thai universities is responsible for the ONESQA. Both of theses two
organizations have the same vision to create the appropriate quality assurance system
for Thai universities. Based on the OHEC and the ONESQA approaches, we have
found many indicators for measuring university performance. However, there seems to
be a lack of IT governance indicators. Furthermore, IT governance indicators are not
mentioned in educational ICT master plan for higher education. To the best of our
knowledge, we have not found IT governance research conducted for Thai universities.
Therefore, this study is one of the few attempts to investigate the current situation of
Thai universities’ IT governance adoption.
2.4 IT governance BSC
The BSC, which was first described in the early 1990s, has become widely accepted for
evaluating business performance at the enterprise level (Cobbold and Lawrie, 2002).
Shifting the focus from traditional financial evaluation to stakeholders-based
evaluation, BSC combines financial measures and non-financial measures in a single
report. In addition to financial measures, BSC employs three other perspectives for
measuring customer satisfaction, internal processes, and future vision. With BSC,
organizations are able to create a linkage between short-term financial measures and
future growth (Kaplan and Norton, 1996).
Drawing from BSC, IT governance BSC is developed for assessing how well
organizations are performing IT governance. IT governance BSC is not only performed
as a measurement system for IT governance processes, but it can also demonstrate
cause and effect relationships between perspectives. Figure 1 shows the cause and
effect relationships among each perspective. The future orientation perspective can
improve the level of operational excellence perspective. The operational excellence
perspective can improve the level of stakeholder perspective. And lastly, the
stakeholder perspective can improve the level of corporate contribution perspective
(Van Grembergen, 2005).
The scope of each perspective in IT governance BSC can be described as follows.
First, the corporate contribution perspective measures the performance of IT
governance processes for ensuring that business can achieve maximum profit from IT
while reducing risk at a reasonable point. Second, the objectives of the stakeholder
Enables
Stakeholders
“Enhancing stakeholders’
satisfaction/needs and ensuring
legal/ethical compliance”
Figure 1.
IT governance BSC
perspectives and their
cause and effect
relationships
Corporate Contribution
“Ensuring maximum profit
through IT and reducing risk
at a reasonable point”
IT Governance
Cause
Effect
Future Orientation
“Building the foundations of
skills, knowledge, and
IT/business partnership for
IT governance delivery”
Operational Excellence
Enables
“Identifying the maturity of
IT governance structures
and processes”
Enables
perspective are to measure stakeholder satisfaction, management of stakeholder needs,
and legal/ethical compliance. Third, the operation excellence perspective identifies the
maturity of IT governance structures and processes. Lastly, the future orientation
perspective is designed to measure the foundations of skills, knowledge, and
IT/business partnership for IT governance delivery (Van Grembergen, 2005).
Abu-Musa (2007) revised IT governance BSC to explore the current performance of
IT governance in developing country (Saudi Arabia). The revised version of IT
governance BSC consists of five dimensions as follows:
(1) organization contribution;
(2) user orientation;
(3) operational excellence;
(4) future orientation; and
(5) environmental perspective.
IT governance
balanced
scorecard
235
Of the 500 questionnaires distributed to participants in Saudi organizations, the valid
and usable questionnaires were 24.2 percent response rate. The results reveal that a
vast majority of respondents are aware of the importance of IT governance
performance measures. Furthermore, the results also provide evidence that IT
governance BSC has been currently adopted from many Saudi organizations to track
the IT governance performance across the five dimensions.
The instrument of IT governance BSC introduced by Abu-Musa (2007) that
conducted in the developing country context is in line with our objective to explore IT
governance performance in developing nations like Thailand. For preliminary
investigation, we applied four dimensions of IT governance BSC to evaluate the
current situation of IT governance performance in Thai universities. Figure 2 shows
the applied IT governance BSC that perform for our study.
Corporate Contribution
•
•
•
•
•
Align IT with business objectives
Deliver value
Manage costs
Manage risks
Achieve inter-organization synergies
Stakeholder Orientation
•
•
•
•
Stakeholder satisfaction
Demonstrate competitive costs
Delivery good service
Develop good service
IT Governance
Future Orientation
• Attract and retain people with key competencies
• Focus on professional learning and development
• Build a climate of empowerment and
responsibility
• Measure/reward individual and team performance
• Capture knowledge to improve performance
synergies
Operational Excellence
• Mature internal IT processes
• Manage operational service performance
• Achieve economies of scale
• Build standard, reliable technology platforms
• Deliver successful IT Projects
• Understand business unit strategies
• Propose and validate enabling solutions
• Understand emerging technologies
• Develop organization architecture
Figure 2.
Applied IT governance
BSC
IMCS
21,4
236
2.5 The important-performance analysis
Martilla and James (1977) first introduced the IPA method which has been widely used
for developing and improving strategy in marketing research (Martilla and James,
1977). IPA can be used to analyze the operational strategy for prioritizing competitive
criteria among product/service attributes. Based on IPA concept, a series of
paired-sample t-test are performed to evaluate the mean difference between
performance score and importance score (Levenburg and Magal, 2004). Then, the
results are plotted graphically with performance on the x-axis and importance on the
y-axis. IPA have been applied to classify and prioritize attributes in improving services
for many industries such as tourism (Chu and Tat, 2000; Hudson et al., 2004), health
care (Hawes and Rao, 1985; Miranda, 2010; Yavas and Shemwell, 2001), bank
( Joseph et al., 2005; Ibrahim et al., 2006), education (Nale et al., 2000; O’Neill and Palmer,
2004), e-services (Seng Wong et al., 2011; Huang et al., 2009) and other sectors. IPA is
not only used to capture customer perception, but it also can be used to explore the
important of competitive criteria and operational performance from experienced
managers who have authority to establish actionable strategy in their organization. In
summary, IPA is the powerful evaluation tool for enabling practitioners and academics
to find out specific attributes that have been well practiced, attributes that need to be
improved, and attributes that are over performed (Wong et al., 2009).
As shown in Figure 3, the y-axis report perceived importance of each selected
attribute. While, the x-axis shows perceived product/service performance of each
selected attribute. The explanation of the original IPA is presented by the scatter plot
which divides the chart into four quadrants as follows:
.
Quadrant I is labelled “concentrate here”. Attributes that fall into this quadrant
are perceived as high importance, but identified as low performance. This means
that the improvement efforts should be concentrated here.
.
Quadrant II is labelled “keep up the good work”. Attributes that fall into this
quadrant are perceived as high importance, and identified as high performance.
The activities in this quadrant have been performed well, and the organization
should maintain its good work.
High Importance
Quadrant I
Concentrate Here
Quadrant II
Keep up the Good Work
Low Performance
High Performance
Quadrant III
Low Priority
Figure 3.
The original IPA
framework
Quadrant IV
Possible Overkill
Low Importance
Source: Martilla and James (1977)
Quadrant III is labelled “low priority”. Attributes that fall into this quadrant are
perceived as low importance, and relatively low performance. The organization
should limit the resource for all activities that fall into this cell.
Quadrant IV is labelled “possible overkill”. Attributes that fall into this quadrant
are perceived as low importance, but relatively high performance.
IT governance
balanced
scorecard
Respondents are satisfied with the performance of all activities in this cell, but
compared to perceived importance, the allocation of resources for these activities are
being over utilized.
This study applied IPA method to find out the IT governance attributes that
universities have performed well, and the critical points that need to be improved.
Furthermore, with IPA method, we can establish the guidance of IT governance
strategy for Thai universities.
237
.
.
3. Research methodology
In the first step of this research, we conducted a preliminary investigation with 40
articles on IT governance research to identify critical concerns of IT governance
implementation from a global perspective. In the second step, we conducted a
quantitative survey to identify the current state of IT governance for Thai universities.
A self-assessment was developed based on the metrics from IT governance BSC
introduced by Abu-Musa (2007). The questionnaire consists of 23 items within four
dimensions, as shown in Figure 3. According to these metrics (Abu-Musa, 2007), we
used three-point Likert scale to measure the importance (1 ¼ not important to 3 ¼ very
important) and performance (1 ¼ not monitoring to 3 ¼ always monitoring). The
questionnaires were distributed to 117 IT executives from 117 universities in Thailand.
They were asked to capture the perceived importance and performance for each
attribute. A total of 64 out of 117 IT executives completed the questionnaire over the
three month period in 2011, representing a response rate of 54.7 percent. The reliability
analysis was carried out by calculating the Cronbach’s a coefficient. The result showed
a high internal consistency as shown in Table II.
After reliability testing was performed, a paired-sample t-test was run to evaluate
the mean difference between performance and importance scores. IPA was then
applied to capture graphical demonstration for identifying the current stage of IT
governance and also providing the strategic actions for Thai universities.
Cronbach’s a
(importance)
Cronbach’s a
(performance)
Five items (V1, V2, V3, V4 and V5)
0.743
0.872
Five items (V6, V7, V8, V9 and V10)
0.811
0.937
Four items (V11, V12, V13 and V14)
0.720
0.852
Nine items (V15, V16, V17, V18, V19,
V20, V21, V22 and V23)
All items
0.834
0.919
0.915
0.958
Constructs
Items
1. Corporate
contribution
2. Future
orientation
3. Stakeholder
orientation
4. Operational
excellence
Table II.
Cronbach’s a and
reliability of scale
IMCS
21,4
238
4. Research results
This section presents the main results related to IT executives’ perception on the
importance of IT governance performance measures taken in their universities.
The result of IPA with IT governance BSC attributes is summarized in Table III. The
graphical plotting of the IPA is also shown in Figure 5. In addition, the implication of
the obtained results is also discussed.
According to Table II, a series of paired-sample t-test was conducted to identify the
significant gap between importance and performance. The attributes for manage risks
(V4), achieve inter-organization synergies (V5), stakeholder satisfaction (V11), and
building standard, reliable technology platforms (V18) show no significant difference
( p , 0.05) between the mean of importance and performance. Apart from these, other
19 attributes show a significant difference on t-test in negative direction. This is
indicative of the fact that most actual control of IT governance in universities is
monitored less than expected. Therefore, Thai universities should pay more attention
to the attributes that are identified as being important in order to balance the gap
between the importance and performance for those attributes.
The importance-performance matrix of IT governance BSC attributes is plotted in
four quadrants, as shown in Figure 4. The importance values are presented on the
vertical axis, while the performance values are presented on the horizontal axis.
Quadrant I indicates the attributes that need to be considered for improvement at a
first priority. Quadrant II represents the attributes that organization can perform well
and need to keep up the good work. Quadrant III indicates the attributes that
organization should restrict its resource allocation. Quadrant IV represents the
attributes that organization should reshape its policy to achieve the optimal resource
utilization. In addition, further details of the attributes in each quadrant can be
described as follows.
4.1 The concentrate here quadrant
In quadrant I, there is no attribute that fall into the concentrate here quadrant. This
means that all IT executives perceived the performance measurement of IT governance
in their universities can be conducted well. There is no important attributes that
perform a low level monitoring. Even if we found evidence for lower expected control
with 19 attributes in Table II, it would not be considered as a critical point when
comparing with the result reflected in this quadrant.
4.2 The keep up the good work quadrant
According to the IT executive perception, 11 attributes have been identified in the keep
up the good work quadrant. The important attributes that fall into quadrant II can be
measured in a consistent way. These attributes are expected to be the pillar of strength
for leading IT governance in the university. Therefore, all attributes in the keep up the
good work quadrant can be used as the baseline indicators for driving IT governance
in Thai universities.
4.3 The low priority quadrant
IT executives identified 11 attributes in the low priority quadrant which thus could be
considered to be adequate control for less important attributes. Even if IT executives did
not perceive these attributes as the critical concerns, but this does not mean that the
1. Corporate contribution
V1. Align IT with business objectives
V2. Deliver value
V3. Manage costs
V4. Manage risks
V5. Achieve inter-organization synergies
2. Future orientation
V6. Attract and retain people with key competencies
V7. Focus on professional learning and development
V8. Build a climate of empowerment and
responsibility
V9. Measure/reward individual and team
performance
V10. Capture knowledge to improve performance
3. Stakeholder orientation
V11. Stakeholder satisfaction
V12. Demonstrate competitive costs
V13. Delivery good service
V14. Develop good service
4. Operational excellence
V15. Mature internal IT processes
V16. Manage operational service performance
V17. Achieve economies of scale
V18. Build standard, reliable technology platforms
V19. Deliver successful IT projects
V20. Understand business unit strategies
V21. Propose and validate enabling solutions
V22. Understand emerging technologies
V23. Develop organization architecture
IT governance BSC attributes
2.12
2.19
2.07
2.28
2.36
2.21
2.24
2.19
2.16
2.12
2.50
1.88
2.28
2.24
2.07
2.12
1.81
2.03
2.26
2.21
2.00
1.98
1.95
2.66
2.59
2.48
2.34
2.38
2.50
2.14
2.60
2.62
2.29
2.36
2.19
2.19
2.53
2.45
2.21
2.38
2.36
Performance mean
2.38
2.43
2.33
2.41
2.48
Important mean
20.224
20.241
20.379
20.155
20.276
20.241
20.207
20.397
20.414
0.000
20.259
20.328
20.379
20.190
20.259
20.293
20.448
20.345
20.259
20.241
20.259
20.138
20.121
Gap (P 2 I)
22.35
22.92
23.75
21.76
23.26
22.91
22.45
24.48
25.06
0.00
22.66
23.94
24.68
22.27
23.40
22.89
25.71
23.80
22.76
22.23
22.51
21.59
21.35
t-value
0.022
0.005
0.000
0.083
0.002
0.005
0.017
0.000
0.000
1.000
0.010
0.000
0.000
0.026
0.001
0.005
0.000
0.000
0.008
0.029
0.015
0.117
0.180
Significance (two-tailed)
IT governance
balanced
scorecard
239
Table III.
IPA with IT governance
BSC attributes
IMCS
21,4
2.80
Quadrant I (Concentrate here)
Quadrant II (Keep Up the Good Work)
V6
2.70
V14
240
V13
V7
2.60
V19
V8
Important
V11
V5
2.50
V20
V2
V4
2.40
V10
V22 V1
V3
V16
V15
V23
2.30
2.20
V9
V21
V17
V18
V12
2.10
Figure 4.
Plotting of
importance-performance
matrix for IT governance
BSC attributes
Quadrant IV (Possible Overkill)
Quadrant III (Low Priority)
2.00
1.70
1.80
1.90
2.00
2.10
2.20
2.30
2.40
2.50
2.60
Performance
university should reduce the efforts on these attributes. This is caused by the fact that
attributes for IT governance BSC can perform not only as the performance measurement,
but the former groups of attributes can also affect the later groups/perspectives, as shown
in Figure 2. Lack of audit in source attributes can affect the control of destination
attributes. Therefore, all attributes in the low priority quadrant need to be reconsidered for
their outcomes and consequences.
4.4 The possible overkill quadrant
The measuring or rewarding individual and team performance (V9) is only one
attribute that falls into the possible overkill quadrant. The attribute in this cell is
considered to perform much control. Therefore, IT executives should reconsider the
importance of this attribute. If the final discussion identifies the same remark, then it
can reduce the efforts for this attribute.
5. Discussion
In this study, we applied IPA analysis with IT governance BSC to capture IT
executives’ perception on the importance of IT governance performance measures that
performed in their universities. Original IPA identifies that the attributes for quadrants
III and IV are considered to be low priority and over emphasized, respectively. When
applying the IPA to a strategic tool like IT governance BSC, the results should be
interpreted carefully in order to avoid being misleading. The obtained results should be
reshaped from original IPA analysis, because the metrics from IT governance BSC is
demonstrated in the cause and effect form. We cannot identify that the attributes in
quadrants III and IV are unnecessary metrics, but it can be interpreted in a way that
IT executives should pay close attention for reconsidering on the outcomes and
consequences of these metrics. If they confirm that the existing metrics are not
important, then the unnecessary metrics should be rejected. After getting rid of
unnecessary indicators, IT executives can follow up the three strategic actions to lift up
their capability for governing IT in their universities, as shown in Figure 5.
IT governance strategic guidance:
.
S1 strategy. The S1 strategy is intended to support the attributes that fall into
unimportant region to rise up to important region. By following S1 strategy, IT
executives should figure out an approach to raising awareness on internal IT
processes that lack of clarity concerns at both executive and operational levels.
Providing award for IT best practice development in subunit of each university
can also be used to motivate staff to realize the importance of IT performance
measures.
.
S2 strategy. The S2 strategy aims to rise up the attributes that fall into low
performance region to high performance region. According to S2 strategy, IT
executives should focus on identifying indicators that should be consistent with
their internal IT processes. Furthermore, all stakeholders should be involved in
the development of these indicators in order to gain broader acceptance.
.
S3 strategy. The final strategy is intended to rise up both attributes that fall
into low performance and unimportant region to high performance and
IT governance
balanced
scorecard
241
2.80
Quadrant I
(Concentrate here)
2.70
Quadrant II
(Keep Up the Good Work)
S2
2.60
Important
2.50
S3
S1
2.40
2.30
2.20
Quadrant IV
(Possible Overkill)
Quadrant III
(Low Priority)
2.10
2.00
1.70
1.80
1.90
2.00
2.10
2.20
Performance
2.30
2.40
2.50
2.60
Figure 5.
IT governance strategic
guidance for Thai
universities based on IPA
IMCS
21,4
important region. S3 strategy is a combination of S1 and S2 strategies. Choosing
this strategy can lead the university to encounter high pressures from rapid
improvement. IT executives need to get effective cooperation from all university
staff. In the case that IT executives cannot establish adequate collaboration for
leveraging all indicators, they can start executing S3 strategy with only the
indicators that are critical for driving internal IT processes.
242
6. Conclusions
There have been a few research studies conducted on the topic of IT governance in
developing countries, especially in Thailand. Therefore, this research aims to provide
the strategic action of IT governance for organizations in this region. In this case, we
have limited our scope to choose only universities in Thailand as the subjects of this
study. In order to answer the research questions, our conclusions are presented in the
following order.
First, the evidence on global perspective can lead us to conclude that IT governance
should begin as a journey inspired from the board. Even the well-established IT
governance frameworks will need to determine the coherence of organizational
processes before adoption. Therefore, the well-communicated IT strategy and policy
should be established before enabling IT governance in action. In the case of
university, in order to decrease capital risk and failure of trial and error, universities
should primarily analyze their current situations of IT governance performance before
performing any other actions on IT governance.
Second, IT executives can apply the metrics of IT governance BSC with IPA to
clarify the current situation of IT governance performance in their universities.
Consequently, the strategic action of IT governance for Thai universities can be
specified. Additionally, the control framework currently used in the university can be
adapted to the implications from IPA.
Third, based on the results from IPA, Thai universities can apply the attributes that
fall into the keep up the good work as the baseline indicators for driving IT governance
in their universities. In the long run, the IT executives can apply IT governance
strategic recommendations provided by this study as the guideline to improve the
effective control for their internal IT processes. In further studies, the insight review
articles based on the global IT governance perspective and the practical guideline from
regional survey can be combined to draw the flexible IT governance framework for
Thai universities.
References
Abu-Musa, A.A. (2007), “Exploring information technology governance (ITG) in developing
countries: an empirical study”, The International Journal of Digital Accounting Research,
Vol. 7 No. 13, pp. 71-117.
Afzali, P., Azmayandeh, E., Nassiri, R. and Shabgahi, G.L. (2010), “Effective governance through
simultaneous use of COBIT and Val IT”, Proceedings of the International Conference on
Education and Management Technology, pp. 46-50.
Baka, M. and Aziz, M. (2010), “Implementing a novel IT governance framework a case study the
Abu Dhabi water & electricity authority”, Proceedings of the Second International
Conference on Engineering Systems Management and Its Applications, pp. 1-5.
Beimborn, D., Schlosser, F. and Weitzel, T. (2009), “Proposing a theoretical model for IT
governance and IT business alignment”, Proceedings of the 42nd Hawaii International
Conference on System Sciences, Los Alamitos, CA, USA, pp. 1-11.
Bhattachariya, J. and Chang, V. (2007), “The role of IT governance in the evolution of
organizations in the digital economy: cases in Australian higher education”, Proceedings of
the International Conference on Digital Ecosystems and Technologies, School of
Information Systems, pp. 428-433.
Bowen, P.L., Cheung, M.Y.D. and Rohde, F.H. (2007), “Enhancing IT governance practices: a
model and case study of an organization’s efforts”, International Journal of Accounting
Information Systems, Vol. 8 No. 3, pp. 191-221.
Brown, A.E. and Grant, G.G. (2005), “Framing the frameworks: a review of IT governance
research”, Communications of the Association for Information Systems, Vol. 15,
pp. 696-712.
Cai, M. and Yu, J. (2009), “The pattern of IT governance in small and medium-sized garment
enterprise”, Proceedings of the International Conference on Management and Service
Science, pp. 1-4.
Chen, L. (2010), “Business-IT alignment maturity of companies in China”, Information
& Management, Vol. 47 No. 1, pp. 9-16.
Chu, R.K.S. and Tat, C. (2000), “An importance-performance analysis of hotel selection factors in
the Hong Kong hotel industry: a comparison of business and leisure travelers”, Tourism
Management, Vol. 21, pp. 363-377.
Cobbold, I. and Lawrie, G. (2002), “Development of the balanced scorecard as a strategic
management tool”, in Neely, A., Walters, A. and Austin, R. (Eds), Performance
Measurement and Management: Research and Action, Centre for Business Performance,
Cranfield, UK, pp. 125-132.
Cumps, B., Viaene, S. and Dedene, G. (2006), “Managing for better business-IT alignment”, IT
Professional, Vol. 8 No. 5, pp. 17-24.
Cumps, B., Martens, D., De Backer, M., Haesen, R., Viaene, S., Dedene, G., Baesens, B. and Snoeck,
M. (2009), “Inferring comprehensible business/ICT alignment rules”, Information
& Management, Vol. 46 No. 2, pp. 116-124.
De Haes, S. and Van Grembergen, W. (2006), “Information technology governance best practices
in Belgian organisations”, Proceedings of the 39th Annual Hawaii International
Conference on System Sciences.
De Oliveira Alves, G.A., Da Costa Carmo, L.F.R. and De Almeida, A.C.R.D. (2006), “Enterprise
security governance: a practical guide to implement and control information security
governance (ISG)”, Proceedings of the First IEEE/IFIP International Workshop on
Business-Driven IT Management, pp. 71-80.
Fairchild, A. (2004), “Information technology outsourcing (ITO) governance: an examination of
the outsourcing management maturity model”, Proceedings of the 37th Annual Hawaii
International Conference on System Sciences, Big Island, HI.
Fasanghari, M., Nasser Eslami, F. and Naghavi, M. (2008), “IT governance standard selection
based on two phase clustering method”, Proceedings of the Fourth International
Conference on Networked Computing and Advanced Information Management, Gyeongju,
South Korea, pp. 513-518.
Ferran, C. (2006), “Electronic business in developing countries: the digitalization of bad
practices”, in Tan, F.B. (Ed.), Global Information Technologies: Concepts, Methodologies,
Tools, and Applications, IGI Global, Hershey, PA, pp. 3091-3104.
IT governance
balanced
scorecard
243
IMCS
21,4
Fink, K. and Ploder, C. (2008), “Decision support framework for the implementation of
IT-governance”, Proceedings of the 41st Hawaii International Conference on System
Sciences, Los Alamitos, CA, USA.
Gheorghe, M. (2006), “IT governance principles”, Journal of Accounting and Management
Information Systems, No. 18, pp. 86-102.
244
Hawes, J.M. and Rao, C.P. (1985), “Using importance-performance analysis to develop health care
marketing strategies”, Journal of Health Care Marketing, Vol. 5 No. 4, pp. 19-25.
Hosseinbeig, S., Karimzadgan-Moghadam, D., Vahdat, D. and Moghadam, R.A. (2011), “IT
strategic alignment maturity and IT governance”, Proceedings of the 4th International
Conference on Interaction Sciences, pp. 67-72.
Huang, Y.K., Kuo, Y.W. and Xu, S.W. (2009), “Applying importance-performance analysis to
evaluate logistics service quality for online shopping among retailing delivery”,
International Journal of Electronic Business Management, Vol. 7 No. 2, pp. 128-136.
Hudson, S., Hudson, P. and Miller, G.A. (2004), “The measurement of service quality in the tour
operating sector: a methodological comparison”, Journal of Travel Research, Vol. 42,
pp. 305-312.
Ibrahim, E.E., Joseph, M. and Ibeh, K.I.N. (2006), “Customers’ perception of electronic service
delivery in the UK retail banking sector”, International Journal of Bank Marketing, Vol. 24
No. 7, pp. 475-493.
JISC (2007), “A framework for information systems management and governance:
self-assessment toolkit”, Joint Information Systems Committee, available at: www.jisc.a
c.uk/media/documents/programmes/jos/Governance_Toolkit.pdf (accessed 22 June 2012).
Joseph, M., Allbright, D., Stone, G., Sekhon, Y. and Tinson, J. (2005), “Importance-performance
analysis of UK and US bank customer perceptions of service delivery technologies”,
International Journal of Financial Services Management, Vol. 1 No. 1, pp. 66-88.
Kaplan, R.S. and Norton, D.P. (1996), “Using the balanced scorecard as a strategic management
system”, Harvard Business Review, Vol. 74 No. 1, pp. 75-85.
Krey, M., Harriehausen, B., Knoll, M. and Furnell, S. (2010), “IT governance and its impact on the
Swiss healthcare”, Proceedings of the 12th International Conference on Computer
Modelling and Simulation, Cambridge, UK, pp. 340-345.
Larsen, M., Pedersen, M. and Viborg Andersen, K. (2006), “IT governance: reviewing 17 IT
governance tools and analysing the case of Novozymes A/S”, Proceedings of the 39th
Annual Hawaii International Conference on System Sciences, Kauia, HI, pp. 1-11.
Lee, J. and Lee, C. (2009), “IT governance-based IT strategy and management: literature review
and future”, in Cater-Steel, A. (Ed.), Information Technology Governance and Service
Management Framework and Adaptation, IGI Global, Hershey, PA, pp. 44-62.
Lee, J., Juhn, S. and Hwang, K. (2009), “New development of advanced ITG framework”,
Proceedings of the 42nd Hawaii International Conference on System Sciences, Waikoloa,
HI, pp. 1-10.
Levenburg, N.M. and Magal, S.R. (2004), “Applying importance-performance analysis to evaluate
e-business strategies among small firm”, E-service Journal, Vol. 3 No. 3, pp. 29-48.
Lunardi, G.L., Becker, J.L. and Macada, A.C.G. (2009), “The financial impact of IT governance
mechanisms’ adoption: an empirical analysis with Brazilian firms”, Proceedings of the
42nd Hawaii International Conference on System Sciences, Los Alamitos, CA, USA,
pp. 1-10.
Maidin, S.S. and Arshad, N.H. (2010), “IT governance practices model in IT project approval and
implementation in Malaysian public sector”, Proceedings of the International Conference
on Electronics and Information Engineering, pp. V1-532-V1-536.
Martilla, J.A. and James, J.C. (1977), “Importance-performance analysis”, Journal of Marketing,
Vol. 41 No. 1, pp. 77-79.
Martı´nez, A.F. and Largo, F.L. (2009), “An IT governance framework for universities in Spain”,
available at: http://rua.ua.es/dspace/bitstream/10045/11216/1/EUNIS%202009%20%
20An%20IT%20Governance%20Framework%20for%20Universities%20in%20Spain%
20-%20Fernandez%20y%20Llorens.pdf (accessed 11 June 2012).
Miranda, F.J. (2010), “An importance-performance analysis of primary health care services:
managers vs patients perceptions”, Journal of Service Science and Management, Vol. 3
No. 2, pp. 227-234.
Nale, R.D., Rauch, D.A. and Wathen, S.A. (2000), “An exploratory look at the use of importance
performance analysis as a curricular assessment tool in a school of business”, Journal of
Workplace Learning: Employee Counselling Today, Vol. 12 No. 4, pp. 139-145.
Nassiri, R., Ghayekhloo, S. and Shabgahi, G.L. (2009), “A novel approach for IT governance: a
practitioner view”, Proceedings of the International Conference on Computer Technology
and Development, Kota Kinabalu, Malaysia, pp. 217-221.
Nfuka, E.N. and Rusu, L. (2010), “Critical success factors for effective IT governance in the public
sector organisations in a developing country: the case of Tanzania”, Proceedings of the
European Conference on Information Systems, pp. 1-15.
Nfuka, E.N., Rusu, L., Johannesson, P. and Mutagahywa, B. (2009), “The state of IT governance
in organizations from the public sector in a developing country”, Proceedings of the 42nd
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA, pp. 1-12.
O’Neill, M.A. and Palmer, A. (2004), “Importance-performance analysis: a useful tool for directing
continuous quality improvement in higher education”, Quality Assurance in Education,
Vol. 12 No. 1, pp. 39-52.
Park, H., Jung, S., Lee, Y. and Jang, K. (2006), “The effect of improving IT standard in IT
governance”, Proceedings of the International Conference on Computational Inteligence for
Modelling Control and Automation and International Conference on Intelligent Agents Web
Technologies and International Commerce, Sydney, Australia.
Peterson, R.R. (2001), “Configurations and coordination for global information technology
governance: complex designs in a transnational European context”, Proceedings of the
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA.
Peterson, R.R. and Fairchild, A.M. (2003), “Exploring the impact of electronic business readiness
on leadership capabilities in information technology governance”, Proceedings of the 36th
Hawaii International Conference on System Sciences, Los Alamitos, CA, USA.
Prasad, A., Heales, J. and Green, P. (2010), “A capabilities-based approach to obtaining a deeper
understanding of information technology governance effectiveness: evidence from IT
steering committees”, International Journal of Accounting Information Systems, Vol. 11
No. 3, pp. 214-232.
Ribbers, P., Peterson, R. and Parker-Priebe, M. (2002), “Designing information technology
governance processes: diagnosing contemporary practices and competing theories”,
Proceedings of the 35th Hawaii International Conference on System Sciences, pp. 3143-3154.
Ridley, G., Young, J. and Carroll, P. (2004), “COBIT and its utilization: a framework from the
literature”, Proceedings of the 37th Hawaii International Conference on System Sciences,
Los Alamitos, CA, USA.
IT governance
balanced
scorecard
245
IMCS
21,4
246
Sahraoui, S.M. (2009), “ICT governance in higher education: case study of the rise and fall of open
source in a Gulf university”, Proceedings of the International Conference on Information
and Communication Technologies and Development, pp. 348-356.
Salle´, M. and Di-Vitantonio, G. (2006), “Business service management: the impact of IT
governance models on IT management policies”, Proceedings of the International
Conference on Services Computing, Chicago, IL, USA, pp. 373-380.
Samanta, S. (2007), “Business-IT alignment strategies: a conceptual modeling”, Proceedings of
the Portland International Center for Management of Engineering and Technology, pp. 1-5.
Schwarz, A. and Hirschheim, R. (2003), “An extended platform logic perspective of IT
governance: managing perceptions and activities of IT”, Journal of Strategic Information
Systems, Vol. 12 No. 2, pp. 129-166.
Seng Wong, M., Hideki, N. and George, P. (2011), “The use of importance-performance analysis
(IPA) in evaluating Japan’s e-government services”, Journal of Theoretical and Applied
Electronic Commerce Research, Vol. 6 No. 2, pp. 17-30.
Sherer, S.A. (2004), “IS project selection: the role of strategic vision and IT governance”,
Proceedings of the 37th Hawaii International Conference on System Sciences, Los Alamitos,
CA, USA, pp. 1-8.
Silva, E. and Chaix, Y. (2008), “Business and IT governance alignment simulation essay on a
business process? And IT service model”, Proceedings of the 41st Hawaii International
Conference on System Sciences, Los Alamitos, CA, USA.
Simonsson, M., Johnson, P. and Ekstedt, M. (2008a), “IT governance decision support using the
IT organization modeling and assessment tool”, Proceedings of the Portland International
Conference on Management of Engineering & Technology, Cape Town, South Africa,
pp. 802-810.
Simonsson, M., Lagerstro¨m, R. and Johnson, P. (2008b), “A Bayesian network for IT governance
performance prediction”, Proceedings of the 10th International Conference on Electronic
Commerce, Innsbruck, Austria.
Sohal, A.S. and Fitzpatrick, P. (2002), “IT governance and management in large Australian
organizations”, International Journal of Production Economics, Vol. 75 No. 1, pp. 97-112.
Tu, W. and Zhang, J. (2008), “The components and practice of information technology
governance”, Proceedings of the First International Workshop on Knowledge Discovery and
Data Mining, Adelaide, Australia, pp. 465-468.
Van Grembergen, W. (2005), “Measuring and improving information technology governance
through the balanced scorecard”, available at: www.isaca.org/Journal/Past-Issues/2005/
Volume-2/Documents/jpdf052-measuring-and-improving.pdf (accessed 22 June 2012).
Van Grembergen, W. and De Haes, S. (2010), “A research journey into enterprise governance of
IT, business/IT alignment and value creation”, International Journal of IT/Business
Alignment and Governance, Vol. 1 No. 1, pp. 1-13.
Weill, P. and Ross, J.W. (2004), IT Governance: How Top Performers Manage IT Decision Rights
for Superior Results, Harvard Business School Publishing, Boston, MA.
Wong, M.S., Fearon, C. and Philip, G. (2009), “Evaluating e-government in Malaysia: an
importance-performance grid analysis (IPA) of citizens and service providers”,
International Journal of Electronic Business, Vol. 7 No. 2, pp. 105-129.
Xiao-Wen, L., Xiao-Chun, L. and Ke-Jin, H. (2009), “Design and implementation of IT governance
planning decision supporting”, Proceedings of the Chinese Control and Decision
Conference, pp. 5629-5632.
Yavas, U. and Shemwell, D.J. (2001), “Modified importance-performance analysis: an application
to hospitals”, International Journal of Health Care Quality Assurance, Vol. 14 No. 3,
pp. 104-110.
Further reading
Slack, N. (1994), “The importance-performance matrix as a determinant improvement priority”,
International Journal of Operations & Production Management, Vol. 14 No. 5, pp. 59-75.
Appendix. Research questionnaire
Dear sir
I am conducting a study entitled, “Applying IT governance balanced scorecard and
importance-performance analysis for providing IT governance strategy in university”. This
questionnaire is aimed to investigate the opinions of IT executives in Thai universities on the
perceptions of IT governance and IT governance measurement of each aspect implemented in
each university that covers:
.
corporate contribution;
.
future orientation;
.
stakeholder orientation; and
.
operational excellence.
Please kindly respond to this questionnaire yourself and give information which strongly
represents your opinions. You will be assured of complete confidentiality as your responses will
be kept confidential. The results of this study will be a beneficial guideline for executives of IT;
as well as executives of general administration to be able to strategically develop and improve
the benefits from utilization of IT in each university. Moreover, the findings, revealed from this
study, will provide effective methods on quality control of IT for Thai universities in the future.
Please take a few (approximately 20) minutes to complete the enclose questionnaire. You have
our personal assurance that all responses will remain anonymous. Your response is very
important to the study, and we thank you in advance for your co-operation participation.
1. General Information
1. University ________________________________________________________________
2. What is your current job title?
IT Project Manager
Chief Information Officer : CIO
IT Director
IT Specialist
Internal Auditor
Other-please list ______________
3. What is your role relevant of information technology function?
Planning IT budgets
Decision in IT Projects
Procurement decision maker on Hardware/Software
Participating in establishing university IT policy
Other – please List ____________________________________________
4. How many years of experience do you have in your current position? _____________
(continued)
IT governance
balanced
scorecard
247
IMCS
21,4
2. IT Governance Performance Measurement
Please Circle the most appropriate number for the Importance and Performance
of IT Governance Performance Measurement in your organization
Importance
Sometime Monitoring (2)
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
1
2
2
2
2
2
3
3
3
3
3
1
1
1
1
2
2
2
2
3
3
3
3
1
1
1
1
2
2
2
2
3
3
3
3
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
Always Monitoring (3)
Not Monitoring (1)
2
2
2
2
2
Importance (2)
1
1
1
1
1
Not Important (1)
IT Governance Performance Measurement
Performance
Very Important (3)
248
1. Corporate Contribution
1.1
1.2
1.3
1.4
1.5
Align IT with business objectives
Deliver value
Manage costs
Manage risks
Achieve inter-organization synergies
2. Future Orientation
2.1
2.2
2.3
2.4
2.5
Attract and retain people with key competencies
Focus on professional learning and development
Build a climate of empowerment and responsibility
Measure/reward individual and team performance
Capture knowledge to improve performance
3. Stakeholder Orientation
3.1
3.2
3.3
3.4
Stakeholder satisfaction
Demonstrate competitive costs
Delivery good service
Develop good service
4. Operational Excellence
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
Mature internal IT processes
Manage operational service performance
Achieve economies of scale
Build standard, reliable technology platforms
Deliver successful IT Projects
Understand business unit strategies
Propose and validate enabling solutions
Understand emerging technologies
Develop organization architecture
About the authors
Kallaya Jairak received the BSc in Economics from MAEJO University, Chiang Mai, Thailand, in
1998, and the MS in information technology and management from Chiang Mai University,
Chiang Mai, Thailand, in 2004. She is currently a PhD candidate in information technology,
Information Science Institute of Sripatum University (ISIS), Bangkok, Thailand. Her research
interests include IT governance, IT/business alignment, ICT sustainability and ICT in education
management. Her current focus is on IT governance strategy and framework. In addition, she
published more than five papers in these areas. Kallaya Jairak is the corresponding author and
can be contacted at: [email protected]
Prasong Praneetpolgrang received the BSc (1st Hons) in electrical engineering from the Royal
Thai Air Force Academy, Bangkok, Thailand, in 1987, the MS in computer engineering, in 1989,
the MS in electrical engineering, in 1993, and the PhD degree in computer engineering from
Florida Institute of Technology, Florida, USA, in 1994. He currently has the rank of Associate
Professor at the Information Science Institute, Sripatum University, Bangkok, Thailand. His
research interests are in the areas of computer and information security, trust management and
IT governance, e-Commerce and cloud applications. Dr Praneetpolgrang has more than 100
published articles in these areas. He has served on program committees of both international and
national conference on computer science and engineering, information technology and
e-Business. He is also member of IEEE and ACM. He has recorded in Who’s Who in the world in
information technology.
To purchase reprints of this article please e-mail: [email protected]
Or visit our web site for further details: www.emeraldinsight.com/reprints
IT governance
balanced
scorecard
249
Reproduced with permission of the copyright owner. Further reproduction prohibited without
permission.
