Five Domains of Information Technology Governance in Japanese SMEs; An Empirical Study Michiko Miyamoto
Shuhei Kudo
Department of Management Science and Engineering Akita Prefectural University Yurihonjo, Akita, JAPAN {miyamoto,
[email protected]} Abstract— IT governance is an integral part of overall enterprise governance (ITGA, 2003) and as such, the responsibility of top managers. Five IT governance domains of small to medium enterprises in northern part of Japan are examined, including IT Strategic Alignment, IT Value Delivery, IT Resource Management, IT Risk Management, and IT Performance Management. Keywords— IT governance, Five domains, SEM
I.
INTRODUCTION
Today’s Information Technologies (IT) penetrates all organizational processes by supporting organizational goals and corporate governance. In many organizations, IT has become crucial in the support, the sustainability and the growth of the business. IT trouble caused by one company may possibly cause damages to the entire society. For example, in Japan, a major system problem has occurred at Mizuho Bank, a megabank belonging to Mizuho Financial Group, with its effects spreading wide among users, immediately after the Great East Japan Earthquake1. The Tokyo Stock Exchange (TSE) suffered its second major systems outage in 2012, suspending derivatives trading for over an hour and striking another blow to the capital’s reputation as a global financial center2. This pervasive use of technology has created a critical dependency on IT that calls for a specific focus on IT governance [31] [11]. IT has been considered as a must part of an organization’s strategy. In order to improve competitiveness and effectiveness of the organization, strategic objectives must be established and decided on where, when and how investment in IT. Organizations introduce IT governance mechanisms in order to rationalize and coordinate their IT-related decision making so that IT assets, efforts and investments are aligned with their strategic and tactical intents [12]. IT governance
II.
LITERATURE REVIEW
During the past decade, IT governance has been an object of major interest for researchers in the IT field. Several theoretical models based on various theoretical backgrounds have been proposed and tested [21] [9] in order to clarify IT governance. IT governance is a combination of leadership, organizational structures and processes, with delivering value from IT to the business and mitigating IT risks as its twin goals [15]. More specifically, IT governance explains who has the authority to make IT related decisions. Several literature consider the topic of IT governance under different terms, such as IT strategic management, IS or IT organization [7] [22] [16]. These studies focus on the identification of elements which can provide instructions on how to organize
1http://online.wsj.com/article/SB1000142405274870460850457620834366 4292206.html Retrieved 2013-02-19.
2http://www.theregister.co.uk/2012/08/09/tokyo_stock_exchange_outage/
Retrieved 2013-02-19.
978-1-4799-0698-7/13/$31.00 ©2013 IEEE
has become high on the agenda in many organizations. However, developing an IT governance model does not imply that governance is actually working in the organization [11]. Unfortunately for many rms, the governance process is ad hoc and informal [23]. The development of the IT governance model is the first step and the implementation of it, at a sustainable level, is the next. Once a specific IT governance model is chosen and implemented, it should enable IT to sustain and extend the business goals or, in other words, ensure that IT is aligned to the business needs [11]. The objective of this study is to approach the owners and managers of Small and Medium Enterprises (SMEs) located in the northern part of Japan, bordered with the areas hit by the powerful earthquake and tsunami of March 11, 2011, to capture their opinions on factors that facilitate IT governance in today’s turbulent times. This paper is organized as follows. Following the introduction on Section I, Section II presents literature review on IT governance. Section III outlines research model and hypotheses. Section IV describes the data and variables. Section V presents the result of analysis. Finally, summary of research results and future study are discussed in Section VI.
964
ICTC 2013
IT governance. In addition, the importance of IT governance is often emphasized, since it has implications for IT performance, which in turn will influence the performance of the firm [25] [24]. IT governance is considered to be ”an integral part of enterprise governance and have potential to provide mechanisms for leadership and organizational structures and processes that ensure the organization’s IT sustains and extends the organization’s strategies and objectives”[15]. An effective IT governance structure is the single most important predictor of getting value from IT [28]. The difference between IT management and IT governance is in opinion of Wilbanks [29] as the following: “If a company wants to grow and be successful, it must not only manage its IT resources, but also use those resources throughout the company as part of the governance structure”. The successful application of IT governance can provide the mechanisms to increase the effectiveness of IT. According to Weill and Ross [26], firms with superior IT governance have at least 20% higher profits than firms with poor governance, given the same strategic objectives. Weill and Ross’ book is based on two primary studies and a number of related projects. The book contains a survey of 256 organizations from the Americas, Europe, and Asia Pacific that was led by Peter Weill between 2001 and 2003. It also included 32 case studies. The second study is a set of 40 case studies developed by Jeanne Ross between 1999 and 2003 that focused on the relationship between information technology (IT) architecture and business strategy. This work identified governance issues associated with IT and organizational change efforts. Three other projects undertaken by Weill, Ross, and others between 1998 and 2001 also contributed to the material described in the book3. The goal of IT governance is to achieve better alignment between the business and IT [11]. The challenge of the IT governance implementation and the subsequent impact on business/IT alignment are the core aspects of many researches. The definition of IT governance as proposed by the IT Governance Institute expresses that “IT governance is the responsibility of the Board and Executive Management and that IT governance should be an integral part of enterprise governance 4 .” See various definitions of IT governance in Table 1. IT Process Institute (ITPI) collected survey data from IT executives at 389 IT organizations from a broad spectrum of industries in North America, the United Kingdom, and Australia [20]. They found out three levels of IT governance maturity as well as specific high-impact governance practices that optimize performance for organizations at each level. And their study suggests that at many organizations, IT governance initiatives are more focused on cost containment and risk reduction objectives. Focus on customer differentiation and enabling business 3 Most of this work is available through the CISR Web site,
http://mitsloan.mit.edu/cisr/rmain.php. Retrieved 2013-02-19.
needs has taken a lower priority than more foundational cost and risk reduction objectives. Symons [23] suggests that there are four objectives that drive IT governance: IT value and alignment, accountability, performance measurement, and risk management. Each of these objectives must be addressed as part of the IT governance process. TABLE I.
DEFINITIONS OF IT GOVERNANCE
The organizational capacity to control the formulation and implementation of IT strategy and guide to proper direction for the purpose of achieving competitive advantages for the corporation. [19] IT governance is the responsibility of the Board of Directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives. [14] IT Governance is the organizational capacity exercised by the Board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT. [30] IT governance represents the framework for decision rights and accountabilities to encourage desirable behavior in the use of IT. [24]
III.
RESEARCH MODEL AND HYPOTHESES
We assess Japanese SMEs’ five IT governance domains included in the IT Governance Institute model as seen in Figure 1. Strategic Alignment, Value Delivery, Resource Management, Risk Management, and Performance Management are the five domains within IT governance, and as described by the IT Governance Institute in its Board Briefing on IT Governance, 2nd Edition5.
IT Governance Domains Resource Management Figure 1. The Domains of IT Governance.
(Source: IT Governance Institute in its Board Briefing on IT Governance)
5 IT Governance Institute, Board Briefing on IT Governance, 2nd Edition, 2003
4 http://www.itgi.org/ Retrieved 2013-02-19.
965
The following hypotheses are proposed, and are examined by five IT governance domains. H1: There is a significant, positive relationship between IT governance and Strategic Alignment. H2: There is a significant, positive relationship between IT governance and Performance Measurement. H3: There is a significant, positive relationship between IT governance and Resource Management. H4: There is a significant, positive relationship between IT governance and Risk Management. H5: There is a significant, positive relationship between IT governance and Value Delivery.
TABLE III.
(meet one or more of the following conditions) No . of Capital regular employees
5 1 0 2 21 34 6 11 38 21 26 0 2 52 12 8 15 16 2 1 1 31 12
Employee less than 20 20 to 50 50 to 100 100 to 300 300 to 1000 over 1000
transport, other industries Up to ¥300 million
enterprises No . of regular employees
Up to 300
Up to 20
(excluding 2)-4)) 2) Wholesale
Up to ¥100 million
Up to 100
Up to 5
3) Services
Up to ¥50 million
Up to 100
Up to 5
4) Retail
Up to ¥50 million
Up to 50
Up to 5
Source: “2012 white Paper on Small and Medium Enterprises in Japan, Small and Medium Enterprises” Japan Small Business Research Institute.
According to these definitions, most companies in our research are considered as SMEs. B. Variables The list of variables is shown in Table IV. C. An Effect of the Massive Earthquake on IT Investments Regarding the influence of the earthquake on the IT investment of companies located in the northern part of Japan, the sum of the responses “Slightly increased” and “Significantly increased” added up to 8.3%, and “Unchanged” accounted for 80% in November, 8 months after the earthquake. It looks like the uncertainty surrounding the IT investment had greatly eased by then. However, the response “Significantly decreased” and “Slightly decreased” accounting for 12.6% suggests that more than a few companies are still concerned about the long-term influence of the earthquake on the IT investment.
34 145 57 53 15 0
V. Annual Sales less than 500 million yen 500 mil to 5 bilion yen 5 billion to 10 billion yen 10 billion to 30 billion yen over 30 billion yen n.a.
Of which small
1) M anufacturing, construction,
SAMPLE CHARACTERISTICS
Industries marin product/agriculture/mining pulp/paper chemical/oil rubber/ceramic steel/metal/nonferrous metal machine/electronic goods transport equipment precision machines other manufacutures trading companies/other wholesale retail/restaurant financial/insurance real estate construction food textile warehouse/transportation information/communication medical education utilities/gas/public service other service industries others
Small and medium enterprises
Industry
IV. SURVEYS A. Data Data were collected through a survey of listed and not listed companies located northern part of Japan in November 2011, eight months after the Great East Japan Earthquake of March 11, 2011. A sample of the survey was randomly selected from several databases of local business. The survey was sent to 860 companies of all sizes from various industries, and amassed 345 valid responses (response rate: 40%). The questionnaire was sent by mail to the information system division, the corporate planning division, and the internal audit division of the firms. Most of the questionnaires are asked by 5 point scale. A summary statistics is listed in Table II. TABLE II.
DEFINISION OF SMES IN JAPAN
RESULT OF HYPOTHESES
Testing the efficacy of the structural equation model was conducted by AMOS 19, and the major results of analysis and the path coefficients of SEM model are shown in Table V and Figure 2, respectively. The path diagram highlights the structural relationships. In this diagram, the measured variables are enclosed in boxes, latent variables are circled, and arrows connecting two variables represent relations, and open arrows represent errors. When SEM is used to verify a theoretical model, a greater goodness of fit is required for SEM analysis [8]; the better the fit, the closer the model matrix and the sample matrix. By means of various goodness-of-fit indexes, including the comparative fit index (CFI) [3], Incremental Fit Index (IFI) [4], and the root mean squared error of approximation (RMSEA) [6], the estimated matrix can be evaluated against the observed sample covariance matrix to determine whether the hypothesized model is an acceptable
135 151 9 7 0 45
In Japan, SMEs is defined under Article 2, Paragraph 1 of the Small and Medium-sized Enterprise Basic Act, and the term “small enterprises” refers to “small enterprises” as defined under Article 2, Paragraph 5 of said act. More specifically, they may generally be categorized as Table III.
966
and Performance Management. Although most SMEs in this research does not have IT specific managers as shown in Figure 3, they seems to understand the importance of IT governance as the results show that every domain within the model is significantly, positively related to IT governance.
representation of the data. In general, fit indexes (i.e., CFI, IFI) above 0.90 signify good model fit. RMSEA values lower than 0.08 signify acceptable model fit, with values lower than 0.05 indicative of good model fit [6]. Table VI summarizes the results of these tests for SEM model. Since all of our indexes satisfy the cut-off values, our results are regarded as acceptable. We fitted the structural model in order to confirm the hypotheses we proposed in section III to study the underlying relations among IT governance and its five domains. The path diagram highlights the structural relationships. All hypotheses show positive and significant relationships with IT governance as shown in Figure 2. TABLE IV. Domains
TABLE V.
A LIST OF VARIABLES FROM THE SURVEY
Variables importance a) Importance of leveraging IT for enhancing competitiveness post1
Strategic Alignment
Risk Management
IT governance
Value Delivery
c) Involvement of IT personnel to process business strategy.
top2
d) Involvement of senior management to IT strategy formulation process
top3
e) Involvement of senior management for business transformation projects involving IT
top4
f) Aggressiveness of management for communication with IT personnel
top5
g) Senior management’s IT strategy is known to every employee.
top6
h) Management suggests and supports utilization of IT in business
risk1
a) Managers communicate with IT personals to understand the circumstances of their use of IT
risk2
b) IT personnel substantively understand the management strategy
risk3
c) T he business unit personnel understand IT environment and the company's IT strategy
risk4
d) Exchanging ideas between departments by leveraging information sharing and corporate intranet groupware
risk5
e) Hold regular meetings on IT projects
gove1
a) Supervision and management of IT budget
gove2
b) Supervision and management of IT investment evaluation
gove3
c) T horough sharing duties and authority on IT
gove4
d) Establishment of the IT -related committee
gove5
e) Clarification of the criteria in an allocation and prioritization of IT utilized resources
gove6
f) Standardization of IT adoption process
gove7
g) IT security risk management and supervision
value1
a) Understanding the business value expected in the use of IT between business sectors
value2
b) Participation in the implementation process of IT employees
value3
c) Participation in the management planning process of IT personnel
value4
d) Each department and senior management to share each other's goals and risk
value5
e) Business divisions and IT personnel trust each other
value6
f) Regarding IT projects, consult professionals (such as the IT coordinator) or external organizations, such as public institutions and private companies.
skill2
a) Encourage and offer a chance to take advantage of in-house IT employees to create new ways to use IT b) Educate and train to increase the capacity utilization of IT
skill3
c) Set a goal of IT skills of employees and recommend employees to take the IT related exam
skill1 Performance Management
Resource Management
b) Presence of IT Officer
top1
skill4
d) Hiring personnel with the knowledge and skills required for the IT management and operation
skill5
e) Creating managerial posts for IT professionals
skill6
f) Expanding the career paths for IT professionals
resource1
a) Computerize general administrative duties (e.g., planning, finance, accounting, regulatory measures, and quality control)
resource2
b) Computerize personnel and labor management (e.g., human resources management and benefits, recruitment and training of personnel, salaries payments, etc.)
resource3
c) Computerize technological development (e.g., R & D, product design, knowledge management, and production equipment design)
resource4
d) Computerize procurement (e.g., demand planning, payment and billing, procurement, etc.)
resource5 resource6 resource7
e) Computerize purchasing and logistics (e.g., scheduling, shipment and delivery planning, warehouse management, inventory management, etc.) f) Computerize manufacturing operations (e.g., assembly, maintenance, equipment, equipment maintenance, inspection, printing, etc.) g) Computerize logistics shipping (e.g., order processing, shipping and transportation planning of the final product, and storage of the final product)
resource8
h) Computerize marketing and sales (e.g., advertising, sales, promotion, etc.)
resource9
i) Computerize servicing (e.g., maintenance and repair of the final product, management and customer support)
VI.
CONCLUSIONS
Based on the five IT governance domains model, we conducted the SEM on the survey data from 345 SMEs located in the northern part of Japan. Analysis is conducted within each of five IT governance domains, defined by the IT Governance Institute[15], including Strategic Alignment, Value Delivery, Resource Management, Risk Management,
967
construct Risk__Management Value__Delivery Strategic__Alignment Performance__Management Resource__Management post01 top1 top2 top3 top4 top5 top6 risk1 risk2 risk3 risk4 risk5 value1 value2 value3 value4 value5 value6 resource9 resource8 resource7 resource6 resource5 resource4 resource3 resource2 resource1 skill6 skill5 skill4 skill3 skill2 skill1 gove7 gove6 gove5 gove4 gove3 gove2 gove1 importance
THE PATH COEFFICIENTS OF SEM MODEL
