chapter 9 information, organization, and control...

1

John Wiley & Sons, Inc. & Dr. Chen, Information Systems – Theory and Practices

Chapter 9

Governance of the Information

Systems Organization

Jason C. H. Chen, Ph.D.

Professor of MIS

School of Business Administration

Gonzaga University

Spokane, WA 99258

[email protected]

1


Information, Organization,

and Control

• “The important point is that technology neither

__________ nor __________ centralized or

decentralized or other structures and controls, but …

N

offers new possibilities.”

2


Twelve Main Responsibilities

• The following responsibilities often define the role of the CIO: 1. Championing the organization.

2. Architecture management.

3. Business strategy consultant.

4. Business technology planning.

5. Application development.

6. IT infrastructure management.

7. Sourcing.

8. Partnership developer.

9. Technology transfer agent.

10. Customer satisfaction management.

11. Training.

12. Business discontinuity/disaster recovery planning.

3 John Wiley & Sons, Inc. & Dr. Chen, Information Systems – Theory and Practices

How Is the IS Department Organized?

Fig 9-Extra Typical Senior-level Reporting Relationships

This organizational structure chart shows the typical top-level reporting

relationships. Depending on the organization, the Chief Information

Officer (CIO) may report to the Chief Executive Officer (CEO), the

Chief Operating Officer (COO), or the Chief Financial Officer (CFO).

CFO

4

CKO, CTO

(telcom.)

CNO, CRO,

CPO

John Wiley & Sons, Inc. & Dr. Chen, Information Systems – Theory and Practices 5

Information System Strategy Triangle

Business (Firm)

Strategy

Organizational Strategy IS/IT Strategy

Where is the business

going and why?

What is required? How it can be delivered?

Needs and priorities

Infrastructure and

services

Strategy Triangle

1. Architecture/Infrastructure,

2. MIS Organization (sourcing and IT

governance),

3. Funding (investment and prioritization)

4. Project Management John Wiley & Sons, Inc. & Dr. Chen, Information Systems – Theory and Practices

IT Governance

• Governance in the context of business enterprises is all

about making decisions that define expectations, grant

authority, or ensure performance.

– Aligning behavior with business goals through

empowerment and monitoring.

• Empowerment comes from granting the right to make

decisions.

• Monitoring comes from evaluating performance.

• IT governance focuses on how decision ______ can be

distributed differently to facilitate centralized,

decentralized, or hybrid modes of decision making.

• The organizational _________ plays a major role.

6

2


Four Perspectives

1. ________ of decision making – Traditional

Centralized vs decentralized

2. Decision _____: Accountability and allocation

of decision rights

3. Digital _________ : Emergent governance

Ecosystems represent disparate and self-interested

companies that provide services that involve synergies

with those of others.

4. ________ structures from legislation

(regulation)

IT control and Sarbanes-Oxley Act of 2002 7


Figure 9.3 - Federal IT The federal IT attempts to capture the benefits of centralized and decentralized

organizations while eliminating the drawbacks of each

IT Vision and

Leadership

Scale Economies

Control of Standards

Critical Mass of Skills

Users Control IT

Priorities

Business Units Have

Ownership

Responsive to Business Unit’s

Needs

Strategic control

Synergy

Groupwide IT

Strategy and

Architecture

Federal IT

Centralized IT Decentralized IT

Unresponsive

No Business Unit Ownership of Systems

No Business Unit Control of Central Overhead Costs

Doesn’t Meet Every Business Unit’s Needs

Excessive Overall Costs to Group

Variable Standards of IS Competence

Reinvention of Wheels

No Synergy and

Integration

8

Distributes power,

hardware, software,

data and personnel


Recent Global Survey

Percent of firms reporting that they are:

• Centralized: 70.6%

• Decentralized: 13.5%

• Federated: 12.7%


Another Perspective on IT Governance

• Peter Weill and his colleagues define IT governance as

– “specifying the ______ ______ and ____________

framework to encourage desirable behavior in using IT.”

• IT governance is not about what decisions are actually

made, but ____:

– “Who is making the decisions (i.e., who holds the decision rights)

and how the decision makers are held accountable for them.”

• Match the manager’s decision rights with his or her

accountability for a decision.

• Figure 9.4 indicates what happens when there is a

mismatch.

10


A FOURTH – OUT OF A FIRM’S

CONTROL:

Legislation –

Sarbanes-Oxley Act of 2002

11


Sarbanes-Oxley Act of 2002

Summary

• The Sarbanes-Oxley (SoX) Act of 2002 was enacted to increase regulatory ________ and ___________ of public companies and their financial health.

– All companies subject to the SEC are subject to the requirements of the act.

– CEO’s and CFO’s must personally certify and be accountable for their firm’s financial records and accounting (stiff penalties).

– Firms must provide real-time disclosures of any events that may affect a firm’s stock price or financial performance.

– IT departments realized that they played a major role in ensuring the accuracy of financial data.

12

3


What IS Does Not Do

• Does not perform _____ business functions such as:

– Selling

– Manufacturing

– Accounting.

• Does not set ________ strategy

– General managers must not delegate critical technology decisions.


• The power of IS department now and the future will come from leadership, influence and capability - and less from control.

• The roadblock to competitive advantage generally is not technology, but _______________ - with people.

• Alternative governance approaches are possible: centralized, decentralized and federalism (hybrid).

• A second governance approach involves decision rights

– How to allocate decision rights in such a way as to encourage desirable behavior in the use of IT (Figure 1.6 Managerial Levers)

• A third view is digital ecosystem an emergent governance that disparate and self-interested companies that provide services that involve synergies with those of others.

• A fourth governance approach is based on controls

– Sarbanes-Oxley Act an IT governance framework based on control that can be used to promote IT-related internal controls and Sarbanes-Oxley compliance.

Conclusions

TM -14 Dr. Chen, Information, Organization, and Control

chapter 9 information, organization, and control...

Documents