Redefining IT governance for MSMEs: A simplified and adaptive framework for digital growth

The presence of industry 4.0 brings various conveniences in operational and marketing processes for companies, including micro, small and medium enterprises (MSMEs). All companies are required to be able to utilize information technology in order to win the competition. Based on 2019 data, the number of MSMEs in Indonesia is 99.99% of the total number of companies and contributes to a GDP of 61.1%. With many MSMEs in Indonesia, their existence also opens up wider job opportunities with more equitable economic benefits for the community. To win the competition, MSMEs must optimize the use of information technology. To use information technology to align with business goals, MSMEs need IT Governance. Implementation of the IT Governance Framework generally runs in large companies. Constraints for small companies are usually related to the cost and complexity of the existing IT Governance Framework. This paper aims to develop an IT Governance Framework suitable for MSMEs and can be applied easily and efficiently. The initial stage is to develop a framework based on a literature review of the existing frameworks, namely COBIT, ITIL, CMMI, TOGAF, and relevant research. The proposed framework consists of six main components: Architectural Readiness, Technology Adoption, Service Management, Continuous Improvement, Leader Engagement, and Network Capability. Subsequently, improvements were made to the proposed framework by conducting quantitative and qualitative research on MSMEs to produce a better framework. As a validation stage, the enhanced framework will then be discussed with experts and the response from the MSMEs. Thus, it is hoped that the proposed framework can help MSMEs effectively utilize information technology that supports and is in line with MSME's business values.

IT governance mechanisms approach to facilitate associated decision process in large organisation, but IT governance structures in small and medium enterprises (SMEs), is quite limited. SMEs tend to have an idiographic profile with characteristics that differs strongly from large business. Therefore, the purpose of this paper is assessing whether IT governance is applicable to SMEs. We needed a framework of IT governance in SMEs. Under the objectives, we studied literatures about IT governance and standards, SMEs and corporate governance. With the results we created the framework of IT governance in SMEs and in implementing this framework. A case study of traditional industry is shown in the implementation of IT governance. Case X-Company has some pros and cons in the implementation of IT governance.

Effective IT governance will ensure alignment between IT and business goals. Organizations with ineffective IT governance will suffer due to poor performance of IT resources such as inaccurate information quality, inefficient operating costs, runaway IT project and even the demise of its IT department. This study seeks to examine empirically the individual IT governance mechanisms that influence the overall effectiveness of IT governance. Furthermore, this study examines the relationship of effective IT governance, the extent of IT outsourcing decisions within the organizations, and the level of IT Intensity in the organizations. We used structural equation modeling analysis to examine 110 responses from members of ISACA (Information Systems and Audit Control Association) Australia in which their organizations have outsourced their IT functions. Results suggest significant positive relationships between the overall level of effective IT governance and the following mechanisms: the involvement of senior management in IT, the existence of ethic or culture of compliance in IT, and corporate communication systems.

In the rapidly evolving landscape of business analytics and data management, optimizing IT governance and risk management is critical for ensuring data integrity and enhancing business decision-making processes. This paper explores innovative strategies for optimizing IT governance and risk management frameworks within the context of business analytics in the United States. Effective IT governance is essential for aligning IT strategies with business objectives, ensuring compliance with regulatory requirements, and mitigating risks associated with data management. The study emphasizes the importance of robust IT governance frameworks that incorporate clear policies, procedures, and controls to safeguard data integrity and support accurate business analytics. It highlights the role of risk management in identifying, assessing, and mitigating risks related to data security, privacy, and compliance. By integrating comprehensive risk management practices into IT governance, organizations can enhance their ability to make data-driven decisions while maintaining high standards of data integrity. Key components of effective IT governance and risk management discussed in this paper include the implementation of data governance policies, the adoption of risk assessment methodologies, and the establishment of continuous monitoring and audit mechanisms. The paper also examines the impact of emerging technologies, such as artificial intelligence and machine learning, on optimizing IT governance and risk management practices. Case studies from various U.S. organizations illustrate successful strategies for integrating IT governance and risk management with business analytics. These case studies provide practical insights into overcoming common challenges and achieving enhanced data integrity and business performance. The findings underscore the necessity for organizations to develop a cohesive IT governance framework that addresses risk management proactively and aligns with best practices in data analytics. Recommendations include adopting a holistic approach to IT governance, leveraging advanced technologies for risk mitigation, and fostering a culture of continuous improvement in data management practices.

Background: Small and medium-sized enterprises (SMEs) are the bedrock of most economies of the world. Due to global competition, SMEs are making significant investments in information technology (IT) to improve their business processes. However, a study of extant literature on the subject of IT governance in SMEs has highlighted the fact that the implementation of structural controls to enable effective IT governance is often difficult, resulting in project failures and loss of income.Objectives: This paper seeks to examine ways by which SMEs can successfully adapt a suitable IT governance framework to manage its IT investments.Method: A content analysis of extant literature was done in this paper. The Technology–Organisation–Environment theory forms the theoretical basis of the proposed key pillars for an SME to evaluate its capability to embark on an IT governance initiative in order to obtain the desired results.Results: From the content analysis of relevant literature, the paper proposed three key pillars which should be in place before an SME adapts any IT governance framework to manage its IT investments. The key pillars are considered an important link between strategic IT governance plans and measurable successful outcomes.Conclusion: It was concluded that an SME would be better positioned for successful IT governance if it were to conduct a careful analysis of the components of these key pillars before embarking on the implementation of any IT governance framework.

With Sarbanes-Oxley Act (SOX) and other legislation enacted worldwide, effective information technology (IT) governance has become an imperative for many companies. To maintain effective supervision for keeping their organisation on track with its business strategy, top management need to understand their evolving roles in governance over IT by adopting relevant frameworks to assist the design and evaluate the performance of the company’s IT systems. One commonly used framework is COBIT (control objectives for information and related technology) which provides guidelines and best practices to design and evaluate the performance of IT systems. The purpose of this paper is to evaluate the general status of IT governance in Taiwan’s small and medium enterprises (SMEs) and examine whether the key components necessary for achieving effective IT governance are in place.

I n 2008, the Research and Publications Committee of the Information Systems Section of the American Accounting Association decided to sponsor a special issue of the Journal of Information Systems (JIS) entitled ‘‘Reviews of Information Systems Research.’’ The objective of the special issue is to ‘‘publish papers that review a stream of research in information systems (IS) broadly defined.’’ The Committee intended that submissions would review and integrate the IS (information systems) and AIS (accounting information systems) literatures and suggest future research directions in both disciplines. The special issue followed a previous valiant and groundbreaking effort in IS/AIS research integration for the IS section by Professors Vicky Arnold and Steve Sutton (Arnold and Sutton 2002). As editor of this special issue, I took a somewhat different approach to the task than is normal. First, rather than a regular call for papers, I requested researchers to submit extended abstracts. The objectives of this approach were to ensure that the scope of the proposed article was concomitant with the objective of the special issue and to identify any potential overlaps in subject matter. In this process, I was able to negotiate the amalgamation of several writing teams. I also ensured that where there was commonality in subject matter, the writing teams were introduced to each other and worked to manage the writing process. Second, I had clear views on how the papers should be structured. As an author of one of the chapters in the earlier monograph for the IS section, I was impressed with the systematic approach Dr. Arnold took to ensuring a common approach in the structure of the contributions and the discipline exercised in ensuring that the goals of the monograph were achieved. It is simpler to achieve a common approach in a monograph than it is in separate papers in JIS. My ambition was, then, to strongly suggest directions to authors but not to mandate a single approach. As a consumer of many literature reviews, I realize how easy it is to maroon readers in a Sargasso Sea, not knowing how to navigate their way. Readers need clear navigational markers and a sense of direction. Third, I saw the review process as a mutual exercise among writing teams, reviewers, and myself as editor. Given the scope of this exercise, I deliberately took a more active editorial role than is normal. These objectives probably added somewhat to the time taken for publication but did, I believe, improve the quality of the papers.

This study examines relations between the overall level of effective information technology (IT) governance and five commonly advocated individual mechanisms of IT governance. It extends the examination of individual IT governance mechanisms to include a wider number of mechanisms, justifies the mechanisms investigated via agency theory, seeks to relate these mechanisms specifically to a perceived overall level of effective IT governance in organizations, and attempts to mitigate the problems of limited generalizability and selection bias by employing a survey and generalized sampling research methodology. The results from a survey of professional auditors reveal significant positive relations between the overall level of effective IT governance and three IT governance mechanisms: IT steering committees, senior management involvement in IT, and corporate performance measurement systems. Ex‐post sensitivity analyses reveal that the primary findings are qualitatively similar across internal auditors and external auditors, as well as information systems auditors (IS) and non‐IS auditors.

The purpose of this exploratory research paper is to evaluate the deployment and assessment methodology of the information technology governance (ITG) measurement tools, with the purpose of gaining deeper insight into the ITG initiation process, the nature of tools employed, measurement processes, and the implementation methodology, using case studies. Analysis of the available academic and non-academic literature sources showed measurement issues being the most dominant and ironically the most neglected domain in ITG implementations. We view ITG measurement tools and it subsequent deployment through the two theoretical ITG models namely the Integrated IT Governance model, and the Structures, Processes, and Relational ITG model. To validate these findings and to get a deeper insight into the ITG measurement domain, we conducted four case studies of measurement tools usage and processes in commonly used ITG frameworks in four organisations in New Zealand and United Arab Emirates. The results indicate that the IT governance initiatives differ in the manner of positioning in the integrated ITG framework, and objectivity of measurement is more evident and emphasized in UAE than in New Zealand. The result of these findings provides practitioners with guidance on the contextual usage of ITG measurement practices KEYWORDS: IT Governance measurement, IT business alignment, metrics INTRODUCTION Assessing the measurement and value of IT is a complex challenge and a future research direction (De Haes, Van Grembergen, & Debreceny, 2013). Thus, there is an ever-increasing demand for accountability and objectivity in the measurement of information technology auditing, and IT processes performance (Maria, Fibriani, & Wijaya, 2012). Supplemented, with an ever-increasing demand for compliance in the information domain, organizations have witnessed an increase in the adoption of IT governance (ITG) frameworks. In a highly contextually different, but global organizational structure, ITG implementation however, remains an issue where the theory does not or cannot always deliver to the expectations of practitioners. Globally, IT governance is concerned with two things: that IT delivers value to the business and that IT risks are mitigated and both need measurement (Grembergen, Haes, & Guldentops, 2004), but contextually the subsequent practices may differ. This key issue of aligning IT goals with business goals, which overlap two domains namely IT and business is the primary goal of IT governance. However, this continuous alignment of business and IT in a rapidly changing environment has also been the top concern (Kappelman, McLean, Johnson, & Torres, 2016) and a grand challenge for today's enterprises (Hinkelmann et al., 2016). In this respect, the objective of continuous measurement of IT processes/IT controls to ensure alignment, plays a critical role in IT business alignment success through higher-level measurement models (IT maturity model, balance scorecard); and process measurement tools namely heat map, key performance indicators, and key goal indicators. While organizations worldwide embark on adopting ITG frameworks, the subsequent need to select and integrate overlapping ITG frameworks has presented practitioners with challenges in terms of choice and integration of frameworks (Nicho & Muamaar, 2016). While the most prominent IT governance frameworks include ITIL, COBIT, ITCG & COSO (Benaroch & Chernobai, 2012), COBIT and ITIL are commonly used for IT governance implementations (Stevens, 2011). Hence, assessment of the IT processes/IT controls of these frameworks is not only a continuous process for audit and compliance, but also presents challenges in terms of consistency of audit, compliance, and/or measurement. With alignment of IT with the business being the highest management concern for organizations (Kappelman et al., 2016), IT governance become an important issue on the agenda for many enterprises (Simonsson, Johnson, & Wijkstrom, 2007). …

Public sector organisations are faced with the ethical demand to provide value, be transparent and accountable which however is the reverse for most public sector organisations. Over the years there has been attention on corporate governance and the focus of interest has been IT governance, with the crafting of IT governance frameworks such as the COSO, COBIT and ITIL etc. to help organisations to implement effective IT governance framework. This research focuses on how IT governance is adopted in the public sector, what factors affect the implementation of IT governance in the public sector and the implementation tools available. A desk research method was used for the vast amount of data to review how organisations are faring in the implementation of IT governance frameworks. The research was a qualitative research. The research findings reflect that there are challenges in implementing IT governance in most public sector organisations because of factors ranging from weak corporate governance, financial constraints, lack of interest and innovation, large size of most of the public sector organisations, making the control structure too broad for the Boards, and political reasons. Most public sector organisations are within the ad-hoc and fragmented maturity levels of IT Governance. The researcher recommends further research on the failure to enforce and make compulsory the implementation of IT governance in public sector.

Firms achieving above industry average returns from IT investments must be making consistently better IT-related decisions. Effective IT governance is one of the ways these firms achieve superior returns. Many firms are creating IT governance structures that encourage the behavior leading to achieving the firm's business performance goals. We define IT governance as specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT. Effective IT governance requires careful analysis about who makes decisions and how decisions are made in at least four critical domains of IT: principles, infrastructure, architecture, and investment and prioritization. We studied the use of IT in large multi-business unit firms in the USA and Europe and found that the typical firm governs IT by following generally accepted guidelines with broad-based inputs and tightly controlled decision rights. However, top-performing firms governed IT differently with governance structures linked to the performance measure on which they excelled (e.g., growth). Designing an effective IT governance structure requires understanding the competing forces in a large organization and creating harmony among business objectives, governance archetype and business performance goals. An effective IT governance structure is the single most important predictor of getting value from IT. To help understand and design more effective governance, we propose an IT governance framework that specifies how decisions are made in the key IT domains. The framework harmonizes desired governance archetypes (i.e., monarchy, feudal, federal and anarchy) and a series of governance mechanisms (e.g., committees, approval processes and organizational forms). The framework is illustrated with effective IT governance at State Street Corporation. Effective IT governance encourages and leverages the ingenuity of all the firm's people in using IT, not just the leaders, while still ensuring compliance with the firm's overall vision and principles. In short, don't just lead, govern!

PurposeThe purpose of this paper is to develop a conceptual framework that examines information technology (IT) governance effectiveness, its determinants, and its impacts on private organizations.Design/methodology/approachThe research draws on extant literature in IT governance, strategic information systems planning, strategic alignment maturity, information systems security, business and IT alignment, International Organization for Standardization in information systems, and organizational performance to identify determining factors for IT governance effectiveness, IT governance effectiveness factors, and organizational performance.FindingsThe results of review suggest 14 propositions and five factors grouped into determinants including organizational demographics, information intensity, organizational culture, external environment characteristics, and IT function characteristics. Linking organizational practices with strategy, the proposed framework adopts the Balanced Scorecard four perspectives approach for monitoring organizational performance as the impact of IT governance effectiveness. IT governance dimensions in the research comprise structure, process, and relational mechanisms.Originality/valueIT governance is a part of corporate governance to help organizations manage risks and protect themselves from technology‐related losses. The framework provides a starting point for researchers and practitioners to further examine IT governance practices. For researchers, the framework clarifies the determining factors of IT governance, dimensions of IT governance, and impacts through proposed relationships. For practitioners, the framework can be used to gain insight into the contributing factors of IT governance effectiveness.

The lack of effective IT governance is widely recognized as a key inhibitor to successful global IT outsourcing relationships. In this study we present the development and application of a governance framework to improve outsourcing relationships. The approach used to developing an IT governance framework includes a meta model and a customization process to fit the framework to the target organization. The IT governance framework consists of four different elements (1) organisational structures, (2) joint processes between in- and outsourcer, (3) responsibilities that link roles to processes and (4) a diverse set of control indicators to measure the success of the relationship. The IT governance framework is put in practice in Shell GFIT BAM, a part of Shell that concluded to have a lack of management control over at least one of their outsourcing relationships. In a workshop the governance framework was used to perform a gap analysis between the current and desired governance. Several gaps were identified in the way roles and responsibilities are assigned and joint processes are set-up. Moreover, this workshop also showed the usefulness and usability of the IT governance framework in structuring, providing input and managing stakeholders in the discussions around IT governance.KeywordsAccount ManagerPortfolio ManagementMeta ModelJoint ProcessGovernance FrameworkThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

E-business process management (e-BPM) entails management of e-business processes with the customer initiating the process and involves non-linear processes with strong focus on value networks leveraging collaboration and alliances, rather than just business processes within the confines of the organization (Kim & Ramkaran, 2004). E-BPM requires organizations to take a process approach to managing their e-business processes (Smith & Fingar, 2003). The advent of business process reengineering (BPR) (Davenport, 1993; Hammer & Champy, 1993) resulted in numerous organizations initiating BPR programs. While BPR aims to enhance an organization’s process capability by adopting engineering discipline, e-BPM goes a step further and targets to improve the organizational process management capability (Smith & Fingar, 2004). Organizations target end-to-end business processes that deliver maximum customer value through e-BPM (Smith & Fingar, 2003). However, by their very nature, end-to-end business processes more often than not span multiple enterprises incorporating their individual value chains (Porter, 1985; Smith & Fingar, 2003; Smith, Neal, Ferrara, & Hayden, 2002) and involve e-business processes (Kim & Ramkaran, 2004). Integrating fragments of processes across multiple functions and organizations not only involves shared activities and tasks among business and trading partners, but also the capability to integrate disparate IT systems (Kalakota & Robinson, 2003). Effective management of e-business processes depends to a great extent on the enabling information technologies. In fact, Smith and Fingar in 2003 have stated that BPM is about technology. Porter’s value chain is about end-to-end business processes needed to get from a customer order to the delivery of the final product or service (Porter, 1985). The pervasive use of technology has created a critical dependency on IT that demands for a specific focus on governance of IT (Grembergen, 2004). Explicitly or implicitly, organizations specify business activities as business processes, and without realizing these tend to be e-business processes. However, given the current business conditions and a clear understanding by organizations about the complexities of their e-business processes, management of e-business processes is taking center stage (Smith et al., 2002). In the current business scenario where e-business processes, along with information are considered key organizational assets and management of business processes a strategic capability (Kalakota & Robinson, 2003), it is imperative that organizations clearly delineate the need for relevant and pertinent information as it provides visibility and transparency. Additionally, IT being the single most important predictor of the business value of IT (Weill & Ross, 2004) drives the need to analyze and understand the implications of e-BPM on IT governance. The key objective of this article is to investigate the implications of e-BPM on IT governance through the analysis of available literature. In particular, the article argues that a direct influence of e-BPM on IT governance performance is inevitable. While the importance of both effective e-BPM and IT governance is intuitively clear, there is currently little research on elements of IT governance that get enabled by e-BPM. More importantly, there is the lack of a theoretical framework that could be used to analyze. To address this shortcoming, the article also presents an analysis framework. The analysis framework is particularly useful as it incorporates elements from prevalent IT governance frameworks. Using the analysis framework, the article then examines the implications of e-BPM on IT governance and develops research propositions. The aim of developing the propositions is to enable further investigation and research thereby contributing to IT management theory.

E-business process management (e-BPM) entails management of e-business processes with the customer initiating the process and involves non-linear processes with strong focus on value networks leveraging collaboration and alliances, rather than just business processes within the confines of the organization (Kim & Ramkaran, 2004). E-BPM requires organizations to take a process approach to managing their e-business processes (Smith & Fingar, 2003). The advent of business process reengineering (BPR) (Davenport, 1993; Hammer & Champy, 1993) resulted in numerous organizations initiating BPR programs. While BPR aims to enhance an organization’s process capability by adopting engineering discipline, e-BPM goes a step further and targets to improve the organizational process management capability (Smith & Fingar, 2004). Organizations target end-to-end business processes that deliver maximum customer value through e-BPM (Smith & Fingar, 2003). However, by their very nature, end-to-end business processes more often than not span multiple enterprises incorporating their individual value chains (Porter, 1985; Smith & Fingar, 2003; Smith, Neal, Ferrara, & Hayden, 2002) and involve e-business processes (Kim & Ramkaran, 2004). Integrating fragments of processes across multiple functions and organizations not only involves shared activities and tasks among business and trading partners, but also the capability to integrate disparate IT systems (Kalakota & Robinson, 2003). Effective management of e-business processes depends to a great extent on the enabling information technologies. In fact, Smith and Fingar in 2003 have stated that BPM is about technology. Porter’s value chain is about end-to-end business processes needed to get from a customer order to the delivery of the final product or service (Porter, 1985). The pervasive use of technology has created a critical dependency on IT that demands for a specific focus on governance of IT (Grembergen, 2004). Explicitly or implicitly, organizations specify business activities as business processes, and without realizing these tend to be e-business processes. However, given the current business conditions and a clear understanding by organizations about the complexities of their e-business processes, management of e-business processes is taking center stage (Smith et al., 2002). In the current business scenario where e-business processes, along with information are considered key organizational assets and management of business processes a strategic capability (Kalakota & Robinson, 2003), it is imperative that organizations clearly delineate the need for relevant and pertinent information as it provides visibility and transparency. Additionally, IT being the single most important predictor of the business value of IT (Weill & Ross, 2004) drives the need to analyze and understand the implications of e-BPM on IT governance. The key objective of this article is to investigate the implications of e-BPM on IT governance through the analysis of available literature. In particular, the article argues that a direct influence of e-BPM on IT governance performance is inevitable. While the importance of both effective e-BPM and IT governance is intuitively clear, there is currently little research on elements of IT governance that get enabled by e-BPM. More importantly, there is the lack of a theoretical framework that could be used to analyze. To address this shortcoming, the article also presents an analysis framework. The analysis framework is particularly useful as it incorporates elements from prevalent IT governance frameworks. Using the analysis framework, the article then examines the implications of e-BPM on IT governance and develops research propositions. The aim of developing the propositions is to enable further investigation and research thereby contributing to IT management theory.