Carla Wilkin

A Review of IT Governance: A Taxonomy to Inform Accounting Information Systems

ABSTRACT: This paper reviews Information Systems (IS) literature that is relevant to Information Technology Governance (ITG) and examines how it informs Accounting Information Systems (AIS). We present a taxonomy of research encompassing the focus areas identified by the IT Governance Institute (ITGI), namely Strategic Alignment (SA), Risk Management (RK), Resource Management (RM), Value Delivery (VD) and Performance Measurement (PM). Based upon 496 papers in ten IS/AIS and two Management Accounting journals over the period 1998–2008, we discuss research perspectives and identify avenues for future research. Results revealed a lack of integration between focus areas, with little about ITG as a whole.

Towards an integrated view of IT value measurement

One of the most enduring questions at the intersection of accounting and information systems is measuring the value of Information Technology (IT). This longevity is unsurprising — measuring the value of IT is difficult at best. Literature on this issue falls into two broad research streams. One stream, which draws largely on mainstream financial accounting and economics, employs independently observable measures, such as capital market reactions, return on assets and changes in market share, to assess the value of IT in an organization. The ready comparability of such measures makes them quite desirable. However, accurately linking them to the underlying IT is problematic as often they do not solely capture the impact of IT in the organization. An alternative stream of research, which draws on the behavioural sciences, uses more subjective, perceptual measures such as assimilation, user satisfaction, perceived net benefit, and perceptions and expectations of quality. These measures are often more closely connected to the underlying IT and are often more diagnostic with respect to how effectively IT is used and value is realized. Nevertheless as subjective measures they are open to all the biases and inconsistencies of human judgment. In this paper we present a framework for understanding the theoretical characteristics of independently observable and perceptual measures. We seek to provide a more integrated perspective on these otherwise disparate approaches to IT value measurement. Through a review of the generally accepted findings on IT value measurement, we establish the need for an integrated view and demonstrate how such an integrated perspective might operate and advance our understanding of IT value measurement.

Creating Value Through Governing it Deployment in a Public/Private-Sector Inter-Organisational Context: A Human Agency Perspective

Harnessing value from Information Technology (IT) has long been a focus of research, but evidence is lacking about how effective practice of Information Technology Governance (ITG) contributes to creating value for stakeholders in inter-organisational contexts. This is especially so for public/private sector partnerships. In this study we used ISO/IEC 38500:2008, the corporate governance of IT standard, to direct analysis of how ITG was practised in deployment of a large IT project in an inter-organisational public/private sector context. The findings demonstrate that ITG strategies related to human agency contribute to the realisation of value for participating stakeholders, particularly through pre-emptive stakeholder participation in evaluating IT functionality of the old system and iteratively in deployment of the new system. Further, our investigation shows that ISO/IEC 38500:2008 has merit as an analytical framework to objectively evaluate corporate governance of IT, although there is need for some enhancement.

Formalizing process-based risk with Value-Focused Process Engineering

Following calls to advance the integration of risk and business process modeling paradigms, this paper formalizes the process of incorporating risk into business process models through the principles of Value-Focused Process Engineering (VFPE). In doing so, the paper aims to extend the existing VFPE modeling notation to reflect a set of necessary constructs required to adequately represent risk in goal-oriented business-process models. The extended set of constructs is proposed to support a formal systems view of process-based risk. Process-based risk is formalized on the one hand, as a product of complex interactions between activity-based elements, and on the other hand, as a natural component of the value creation mechanism of an elementary function or a complex process. The proposed risk-aware VFPE formalism also formulates rules for decomposing risk in process models according to the organizational values, thereby enabling better risk visibility, reducing process complexity, and ensuring continuity of business processes.

IT governance challenges in a large not-for-profit healthcare organization: The role of intranets

This paper reports on the implementation of IT governance in a not-for-profit healthcare organization and considers how managerial strategies for this governance relate to the progressive management approach commonly called the Horizontal Organization. Discussion includes how IT governance was implemented and the mechanisms by which power and politics in the organization were harnessed to achieve strategic goals. In this case study, CEO support for IT governance was related principally to the need for fiscal accountability regarding IT investment aligned to the strategic goals of the organization. The case study showed real organizational gains in achieving best value for the investment dollar, accountable time-frames and cost-controls. The move enhanced the professional status of the IT Department, including more widespread acknowledgement for fairness and equity in its processes, an outcome commonly associated with horizontal management structures.

Co-Creating Value from IT in a Contracted Public Sector Service Environment: Perspectives on COBIT and Val IT

ABSTRACT: Research that examines Information Technology (IT) value has called for studies to explore the co-creation of value, including in multi-firm environments. This study draws upon the practice of IT governance in a successful large-scale IT deployment, wherein private and public firms were involved as customer service providers with the principal, a large government department. Drawing on customer-centric co-creation concepts from marketing research, through comparative analysis and related application to our case study, we detail the merit of a service-oriented approach to co-creating value from IT and the assistance COBIT and Val IT can provide. Importantly, we identified determinates of co-created value in a multi-firm environment, although our analysis reveals some need to evolve COBIT and Val IT to improve guidance regarding the mechanisms required to achieve this in such environments.

Evaluating the quality of delivered systems: a framework and instrument

The cost to business in terms of time and money for ineffectual Information System (IS) performance is a hidden, but significant cost, not only in economic terms, but also in terms of job performance and job satisfaction. This paper significantly advances prior proposals concerned with the evaluation of IS performance by detailing the development of a reliable, effective and low cost instrument for measuring facets of quality of delivered systems. QUALIT achieves this by considering the viewpoints of a broad cross sectional representation of end-user stakeholders in the performance of their jobs. Results to date indicate the merit of such an approach.

Analysis of SCOR’s approach to supply chain risk management

Purpose – SCOR 10.0, released in late 2010, is the second version of the supply chain operations reference model (SCOR) to incorporate risk management processes, metrics and best practices. Given the paucity of studies that have explored the coverage and integration of supply chain risk management (SCRM) within SCOR, the analysis and suggested improvements for SCRM are designed to enhance SCOR’s collaborative and coordinated management of supply chain (SC) risks. The paper aims to dicsuss these issues. Design/methodology/approach – Critical analysis was used to analyse the coverage and integration of SCRM within SCOR 10.0. Findings – Discrepancies were identified in how SCRM has been incorporated into SCOR, including issues with the hierarchical representation of SCRM processes, metrics, best practices and skills. These may potentially propagate into difficulties in embedding risk management processes within other SC processes, visualizing risk metrics in a SC’s value hierarchy and reconciling SCOR’s SCRM...

A framework for an intelligent decision support system: A case in pathology test ordering

Decision context, knowledge management, decision makers, and decision strategy are fundamental components for understanding decision support systems (DSSs). This paper describes the specific case of designing a framework for an intelligent DSS in the context of pathology test ordering by general practitioners (GPs). In doing so it illustrates the processes of discovering practical and relevant knowledge from pathology request data generated and stored in a professional pathology company, investigates and understands the decision makers (GPs) through a survey about their current practices in test ordering and their requirements for decision support, and finally proposes an intelligent decision support framework as the decision strategy to support GPs in ordering pathology tests more effectively and appropriately. The process and framework developed through this case contributes effective guidance for practitioners and theoretical understanding concerning intelligent decision support in a complex environment.

The Role of IT Governance Practices in Creating Business Value in SMEs

Much has been written about information technology governance ITG in larger organizations, wherein control of information technology IT is addressed with attention to three core elements, namely structures, processes, and relational mechanisms. These elements focus on governing the size of IT investment, the ubiquity of IT functionality to business processes and the demonstrated value from IT investment. For Small-to-Medium Enterprises SMEs it is less apparent how IT is or should be governed, how these core elements may contribute to ITG, and how this all contributes to the creation of business value. Through a survey of small SMEs in the Australian tourist accommodation industry regarding their use of and planning for IT investment to deliver business value, this paper delivers new understanding about SME practices related to governing IT. Findings revealed evidence of some sound practices but the opportunity to achieve greater strategic business value beyond the largely operational value already acquired. The paper concludes by proposing a redefined framework of the core elements of structures, processes, and relational mechanisms that is tailored to an SME context.