Add to collection(s) Add to saved
  1. Business
  2. Finance

Discussion-of-IT-governance-drivers-of-process-maturity

advertisement 
Discussion of
“IT Governance Drivers of
Process Maturity,”
by Roger Debreceny and Glen Gray
Uday Murthy
University of South Florida
2011 UWCISA Symposium
Toronto, Canada
Agenda








Research questions
Theoretical foundation
Field study methodology
IT governance drivers
Process maturity measurement
Analysis & results
Contributions
Unanswered questions….future directions
2
Research Questions




Are there attributes of IT governance that govern
the level of process maturity? If so, which attributes
are more or less significant?
Are there domains or processes that are more
influential?
Are there other control variables such as size or
industry that explain the relationship between IT
governance and process maturity?
Is process maturity evenly distributed across
domain?
3
Theoretical Foundation




Resource Based View, Dynamic Capability
Theory, Contingency Theory
“…provide guidance on the relationship
between governance, strategy and resource
acquisition…”
Unclear how these theories inform the
relationship between IT governance and
process maturity
No propositions offered (as promised in intro)
4
Field Study



Nice cross-section of location and industry in
sample of 51 organizations
Developed countries more heavily represented
than developing countries
 Europe, Canada, US, Singapore: 76%
 Mexico, Philipines: 24%
Mainly large firms (avg. of 172 IT personnel, 194
servers)
5
IT Governance Drivers

Very comprehensive approach to data collection
 Decision rights and organization
 Governance framework (39!)
 Business/IT alignment (24 questions)
 Environmental volatility
 Size and complexity
6
Process Maturity -- What

Generic maturity model (Fig. 13 in COBIT 4.1)
vs.

Maturity attribute table (Fig. 15 in COBIT 4.1)
7
8
Awareness and
Communication
1 Recognition of the need for
the process is emerging.
Policies, Plans
and Procedures
There are ad hoc approaches to
processes and practices.
There is sporadic
communication of the
issues.
2 There is awareness of the
need to act.
The process and policies
are undefined.
Management communicates
the overall issues.
Management is more formal
and structured in its
communication.
4 There is understanding
of the full requirements.
Mature communication
techniques are applied and
standard communication
tools are in use.
5 There is advanced,
forward-looking
understanding of
requirements.
Proactive communication of
issues based on trends exists,
mature communication
techniques are applied, and
integrated communication
tools are in use.
Some aspects of the process
are repeatable because of
individual expertise, and some
documentation and informal
understanding of policy and
procedures may exist.
Usage of good practices
emerges.
The process, policies and
procedures are defined and
documented for all key
activities.
The process is sound and
complete; internal best
practices are applied.
All aspects of the process
are documented and
repeatable. Policies have
been approved and signed off on
by management. Standards
for developing and
maintaining the processes
and procedures are adopted
and followed.
External best practices and
standards are applied.
Process documentation is
evolved to automated
workflows. Processes,
policies and procedures are
standardised and integrated
to enable end-to-end
management and
improvement.
There is no planned
approach to the tool usage.
Common approaches to
use of tools exist but are
based on solutions
developed by key
individuals.
Vendor tools may have
been acquired, but are
probably not applied
correctly, and may even
be shelfware.
A plan has been defined
for use and standardisation
of tools to automate the
process.
Tools are being used for
their basic purposes, but
may not all be in
accordance with the agreed
plan, and may not be
integrated with one another.
Tools are implemented
according to a
standardised plan, and
some have been
integrated with other
related tools.
Tools are being used in
main areas to automate
management of the
process and monitor
critical activities and
controls.
Standardised tool sets are
used across the enterprise.
Tools are fully integrated
with other related tools to
enable end-to-end
support of the processes.
Tools are being used to
support improvement of the
process and automatically
detect control exceptions.
Skills and
Expertise
Skills required for the
process are not identified.
A training plan does not
exist and no formal training
occurs.
Minimum skill requirements
are identified for critical
areas.
Training is provided in
response to needs, rather
than on the basis of an
agreed plan, and informal
training on the job occurs.
Skill requirements are defined
and documented for all areas.
A formal training plan has
been developed, but formal
training is still based on
individual initiatives.
Skill requirements are
routinely updated for all areas,
proficiency is ensured
for all critical areas, and
certification is encouraged.
Mature training techniques are
applied according to the training
plan, and knowledge sharing is
encouraged. All internal domain
experts are involved, and the
effectiveness of the training
plan is assessed.
The organisation formally
encourages continuous
improvement of skills, based
on clearly defined personal
and organisational goals.
Training and education
support external best practices
and use of leading-edge
concepts and techniques.
Knowledge sharing is an enterprise
culture, and knowledge-based
systems are being deployed.
External experts and industry
leaders are used for guidance.
Responsibility and
Accountability
There is no definition of
accountability and
responsibility. People take
ownership of issues based
on their own initiative on a
reactive basis.
An individual assumes
his/her responsibility and is
usually held accountable,
even if this is not formally
agreed. There is confusion
about responsibility when
problems occur, and a
culture of blame tends
to exist.
Goal Setting
and Measurement
Goals are not clear and no
measurement takes place.
Process responsibility and
accountability are defined
and process owners have
been identified. The process
owner is unlikely to have
the full authority to exercise
the responsibilities.
Some effectiveness goals and
measures are set, but are not
communicated, and there is a
clear link to business goals.
Measurement processes
emerge, but are not consistently
applied. IT balanced scorecard
ideas are being adopted, as is
occasional intuitive application
of root cause analysis.
Process responsibility and
accountability are accepted
and working in a way that
enables a process owner
to fully discharge his/her
responsibilities. A reward
culture is in place that
motivates positive action.
Efficiency and effectiveness are
measured and communicated
and linked to business goals
and the IT strategic plan. The
IT balanced scorecard is
implemented
in some areas with exceptions
noted by management and root
cause analysis is being
standardised. Continuous
improvement is emerging.
Process owners are
empowered to make
decisions and take action.
The acceptance of
responsibility has been
cascaded down throughout
the organisation in a
consistent fashion.
There is an integrated
performance measurement
system linking IT performance
to business goals by global
application of the IT balanced
scorecard. Exceptions are
globally and consistently noted
by management and root
cause analysis is applied.
Continuous improvement is
a way of life.
Some goal setting occurs;
some financial measures are
established but are known only
by senior management. There
is inconsistent monitoring in
isolated areas.
Figure 15—Maturity Attribute Table
3 There is understanding
of the need to act.
Similar and common
processes emerge, but are
largely intuitive because of
individual expertise.
Tools and
Automation
Some tools may exist;
usage is based on
standard desktop tools.
9
Process Maturity -- How

“As is” rating for each of 6 maturity
attributes for each of 41 processes for 51
organizations


Max of 12,546 observations (6 x 41 x 51)
Each maturity attribute rated on 1 to 5 scale,
with 5 being highest maturity level
10
Process Maturity – Data Issues




Ratings averaged (a) across maturity
attributes and (b) across respondents
Some processes had more than one manager
provide rating
Some managers provided ratings for
multiple processes
“For a small number of organizations, we
collected only overall process maturity level
data; not attribute-level data.”
11
Analysis & Results



Process maturity levels by domain
“…average level of process maturity is very low…”
“More prosaic processes” have relatively high
levels of maturity:






1. Security—Virus
2. Manage Physical Environment
3. IT investment—budgeting
4. Security – network & firewall
5. Manage data
What can get me fired?
12
Concerns Regarding Analysis…1

Regressions give appearance of rigor, but…
 Missing data





Table 8 regression (overall) is based on 2095
observations (16.7% of 12,546)
Table 9 regression (by attribute) is based on 1896
observations (15.1% of 12,546)
None of the three theories are relied on for logic
underlying the regressions
Lack of independence of observations
Possible multi-collinearity issues
13
Concerns Regarding Analysis…2



Factor analysis of “Business/IT alignment”
 41 data points (no. of organizations, N) and
16 questions (variables, p) and
 N / p ratio is less than 3:1
 Bare minimum is 3:1, with 5:1 or 6:1
recommended (Cattell 1978; Gorsuch 1983)
Business/IT alignment becomes two factors:
“Strategy” and “Vision”
Only “Strategy” is significant in regressions
14
Suggestion: Data Reporting
15
Suggestion: Analysis

Measures of IT governance



Decision rights and organization, governance
frameworks, business/IT alignment, outsourcing,
environmental volatility, size and complexity
Use these six measures to categorize organizations
as being high, medium, or low in IT governance
Then look for relationships between IT governance
category (high, medium, low) and IT process
maturity – overall and by domain
16
Contributions



First look at process maturity of COBIT
processes and IT governance drivers thereof
International focus, allowing comparison
across firms in more and less developed
countries
Association between process maturity and
business/IT alignment is intuitively appealing
and validates a priori expectation
17
Unanswered Questions / Future Directions



Does business/IT alignment lead to process
maturity or does process maturity lead to
business/IT alignment?
Why is process maturity lower for firms in less
developed countries?
What are the consequences of higher/lower
process maturity? (On firm performance,
internal control effectiveness, etc.)
18
Related documents
Consumer Demand & Product Life Cycle
Consumer Demand & Product Life Cycle
product_life_cycle - Study Is My Buddy 2014
product_life_cycle - Study Is My Buddy 2014
slides
slides
pptx - jimakers.com
pptx - jimakers.com
AGRI-BUSINESS ENVRIONMENT
AGRI-BUSINESS ENVRIONMENT
the principles
the principles
Commonwealth Church Finance
Commonwealth Church Finance
Implementing Strategy through Projects
Implementing Strategy through Projects
Jeevan Shagun
Jeevan Shagun
Process Improvement Recommendations Template
Process Improvement Recommendations Template
Download
advertisement