INFORMATION TECHNOLOGY GOVERNANCE IN PUBLIC ORGANIZATIONS: IDENTIFYING MECHANISMS THAT MEET ITS GOALS WHILE RESPECTING PRINCIPLES

Wiedenhoft, Guilherme Costa; Luciano, Edimara Mezzomo; Magnagnagno, Odirlei Antonio

doi:10.4301/S1807-17752017000100004

ABSTRACT

The purpose of this article is to identify and validate a list of mechanisms that can meet the objectives and principles of IT Governance (ITG) in public organizations. These mechanisms can be useful to public organizations when implementing their ITG model. ITG mechanisms are a key part of an ITG model because high-level definitions (principles and objectives) are operationalized through them. This exploratory and descriptive cross-sectional research used qualitative and quantitative data. Data were collected in a literature review, structured interviews with ITG professionals and a survey with IT and Business Managers who belong to a network of managers, which is one of the main instances to discuss the ITG model. The results are a preliminary list of mechanisms identified through qualitative data and a final list of mechanisms validated through quantitative data. The focus is on public organizations because the necessity of an ITG model as a better means to govern the electronic services adoption in order to increase the public value to society.

Keywords
Information and Technology Governance; IT Governance Mechanisms; Public Organizations; Survey

1. INTRODUCTION

Information Technology Governance (ITG) practices have gained visibility in organizations as a possible way to meet the expectations of top management in relation to IT (PRASAD; HEALES and GREEN, 2010PRASAD, A.; HEALES, J.; GREEN, P. (2010), A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness: evidence from IT steering committees. International Journal of Accounting Information Systems . v. 11, p. 214-232.). For the authors, IT Governance involves the strategic and institutional aspects of the organization, mainly in the relations between Information Technology (IT) and its stakeholders. Brown and Grant (2005BROWN, A.; GRANT, G. G. (2005), Framing the frameworks: a review of IT governance. Research. Communications of the Association for Information Systems, v. 15, p. 696-712.) state that ITG plays a key role in the process of ensuring transparency with respect to the financial information of organizations by responding to the demands of stakeholders.

In order to meet business objectives, organizations create structures, relationships and governance processes to direct and control the organization with a focus on its objectives, contributing to the mitigation of risks in relation to IT returns (XUE, LIANG and BOULTON, 2008). According to ITGI (2007)ITGI, IT Governance Institute, (2007), About IT governance framework: information systems audit and control foundation - CobiT 4º Edition. Rolling Meadows: ISACA., this ensures that the IT organization supports organizacional strategies and objectives. In the view of Sambamurthy and Zmud (1999SAMBAMURTHY, V.; ZMUD, R. W. (1999) Arrangements for information technology governance: a theory of multiple contingencies. MIS Quarterly, v. 23, n. 2, p. 261-290.), ITG can be considered the organizational arrangements and authority standards for major IT activities, including in its scope issues regading IT infrastructure and desirable IT management and usage behaviors. Weill and Ross (2004) define ITG as the specification of decision-making rights and the framework of responsibilities for stimulating desirable behaviors in the use of IT.

According to Van Grembergem, De Haes and Guldentops (2004), ITG is characterized by a set of mechanisms that make tangible the high level definitions about how an organization’s IT must operate. For example, if an organization has the effective use of resources as one of its ITG objectives, it adopts the principle of transparency (from Corporate or Organizational Governance) for IT decisions, in order to meet this requirement, a mechanism is needed to make this principle operational. Thus, ITG mechanisms can be understood as procedures, artifacts or a set of actions (PETERSON, 2001PETERSON, Ryan R. (2001), Information governance: an empirical investigation into the differentiation and integration of strategic decision-making for IT. The Netherlands: Tilburg University.), which should always be associated with one or more IT Governance objective (VAN GREMBERGEM, DE HAES and GULDENTOPS, 2004). Similarly, the IBGC (2006)IBGC - Instituto Brasileiro de Governança Corporativa. (2006), Uma Década de Governança Corporativa: História do IBGC, marcos e lições de experiência. São Paulo: SaintPaul. recommends, in terms of Corporate Governance, that organizations should work towards converting the principles into objective recommendations, aligning interests with the purpose of preserving and optimizing the value of the organization, facilitating its access to resources and contributing to its longevity. Mechanisms are objective recommendations derived from principles.

The aim of this article is to identify and validate a list of mechanisms that can meet the goals and principles of IT Governance in public administration. The justification for this research is the need for general mechanisms, not linked to market models, which can be selected by public organizations for the implementation of the ITG model. The various lists of mechanisms available in the literature have not been developed or validated with a focus on public organizations. The focus is on public organizations because the necessity of an ITG model as a better means to govern the electronic services adoption in order to increase the public value to society.

This article presents, in this introduction, the research topic and problem, the objective and the justification for the relation of the study. In the following item the concepts that support this study are discussed. In item 3, the methodological procedures are described, followed by the results and some final remarks.

2. IT GOVERNANCE

Events involving large corporations in the 2000s, including audit firms, questioned the effectiveness of management methods based largely on performance, raising within the management field the need to observe ethical principles and transparency in relation to key stakeholders. According to Rossoni and Machado-da-Silva (2010ROSSONI, L.; MACHADO-SILVA, C. L. (2010), Institucionalismo organizacional e práticas de governança corporativa. Revista de Administração Contemporânea. Edição Especial, n. 7, p. 173-198.), controling organizations is a very important and complex issue to be treated only with an economic-legal bias, and a Corporate Governance structure is necessary to contribute to a better management. Corporate Governance is understood as a system by which organizations are directed, monitored and encouraged, and involves the relationships between owners, board of directors, management and control departments (IBGC, 2006IBGC - Instituto Brasileiro de Governança Corporativa. (2006), Uma Década de Governança Corporativa: História do IBGC, marcos e lições de experiência. São Paulo: SaintPaul.). Corporate efforts convert principles into objective recommendations as a way to align interests with the purpose of preserving and optimizing the value of the organization, facilitating its access to resources and contributing to its longevity.

There is a clear link between Corporate Governance and IT. To theextent to which organizations are encouraged to adopt principles such as transparency, fairness and accountability (MULLER, 2013MULLER, C. Linkage mechanisms for component-based services and IT governance. Journal of Systems Integration, v. 4, n. 1, p. 3-12, 2013.; VAN GREMBERGEM and DE HAES, 2009; PETERSON, 2001PETERSON, Ryan R. (2001), Information governance: an empirical investigation into the differentiation and integration of strategic decision-making for IT. The Netherlands: Tilburg University.), their IT areas need to analyze the information systems, their infrastructure, processes and procedures to ensure the organization is able to to comply with these principles. For example, in order for the principle of transparency to be met, advice regarding the shared decision needs to be created. This does not directly involve IT, but the Information Systems need to be reviewed, whether in terms of approval instances, detailing the report format, or making the information available on sites on mobile devices. Van Grembergem and De Haes (2009) suggest IT Governance should be understood as Corporate Governance applied to IT, in the sense that IT Governance is a manifestation of Corporate Governance. For Hardy (2006HARDY, G. (2006), Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges. Information Security Technical Report, v. 11, n. 4, p. 159-202.), the responsibilities of IT Governance form part of those Corporate Governance, such as guiding and reviewing organizational strategies, defining and controlling the managemerial goals and objectives, ensuring the integrity of the organization’s systems and respect for the principles of Corporate Governance. According to Weill and Ross (2004), IT Governance is contained within Corporate Governance, since informational assets are among the assets that need to be managed.

In this context, IT Governance can be understood as specifying the decision rights and the framework of responsibilities to stimulate desirable behaviors in the use of IT (WEILL and ROSS, 2005). According to Sambamurthy and Zmud (1999SAMBAMURTHY, V.; ZMUD, R. W. (1999) Arrangements for information technology governance: a theory of multiple contingencies. MIS Quarterly, v. 23, n. 2, p. 261-290.), IT Governance involves the decision-making structures specification, processes and relational mechanisms for directing and controlling IT operations. It is seen as an organizational skill of great importance for ensuring strategic alignment, delivering value, and managing resources associated with information technology. For ITGI (2007)ITGI, IT Governance Institute, (2007), About IT governance framework: information systems audit and control foundation - CobiT 4º Edition. Rolling Meadows: ISACA., ITG should ensure that IT is aligned with the business, enabling and maximizing its benefits. In addition, IT resources should be used responsibly, with IT risks being appropriately managed and their performance monitored.

Among the main IT decisions are, according to Sambamurphy and Zmud (1999)SAMBAMURTHY, V.; ZMUD, R. W. (1999) Arrangements for information technology governance: a theory of multiple contingencies. MIS Quarterly, v. 23, n. 2, p. 261-290., the management of the IT infrastructure, the management of IT use and the management of IT projects. In Peterson’s (2001PETERSON, Ryan R. (2001), Information governance: an empirical investigation into the differentiation and integration of strategic decision-making for IT. The Netherlands: Tilburg University.) conception, key IT decisions address IT infrastructure issues, IT applications, and IT development. Despite the differences in terminlogy adopted by authors, key IT Governance decisions revolve around the same issues. Weill and Ross (2004) define a set of key decisions that address the following key issues: defining principles that guide IT objectives and mechanisms, defining IT architecture arrangements, configuring IT infrastructure, identifying business applications and determining IT investment priorities.

For Hardy (2006HARDY, G. (2006), Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges. Information Security Technical Report, v. 11, n. 4, p. 159-202.), ITG consists in applying the principles of Corporate Governance to strategically manage and control IT, focusing primarily on the value added by IT to the business and reducing the risks associated with IT. In this sense, assuming that IT Governance is contained within Corporate Governance, IT Governance can be expected to inherit its principles, which, according to IBGC (2006)IBGC - Instituto Brasileiro de Governança Corporativa. (2006), Uma Década de Governança Corporativa: História do IBGC, marcos e lições de experiência. São Paulo: SaintPaul., are transparency, fairness, accountability and corporate responsibility. However, these are not the only principles of Corporate Governance, nor of ITG.

It is understood that the guiding principles of IT Governance are derived from Corporate Governance. Thus, the principles of IT Governance act as premises that IT Governance mechanisms must respect in addressing the ITG objectives. For ITGI (2007)ITGI, IT Governance Institute, (2007), About IT governance framework: information systems audit and control foundation - CobiT 4º Edition. Rolling Meadows: ISACA., ITG seeks to use Corporate Governance principles to provide direction and control in IT resources and specifically to emphasize: IT's potential to leverage and influence intangible assets (information, trust, IT alignment with business strategies, review and approval of IT investments, risk mitigation, and IT performance measurement. According to Hardy (2006HARDY, G. (2006), Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges. Information Security Technical Report, v. 11, n. 4, p. 159-202.), IT Governance has two fundamental motivators, which are the added value of IT to the organization and the mitigation of IT-related risks.

There are challenges within the functions IT Governance itself, such as aligning business objectives, pursuing benefits, better spending and increasing efficiency through IT, and managing the risk of IT investments. The focus areas presented according to the ITGI (2007)ITGI, IT Governance Institute, (2007), About IT governance framework: information systems audit and control foundation - CobiT 4º Edition. Rolling Meadows: ISACA. are defined as follows:

Strategic alignment: seeks to ensure the link between business and IT plans by defining, maintaining and validating the IT value proposition, aligning IT operations with the organizational operations;
Value delivery: it is the execution of the IT value proposition through the delivery cycle, ensuring that IT delivers the promised benefits foreseen in the organization’s strategy, focusing on optimizing costs and providing the intrinsic value of IT;
Resource management: refers to the best possible use of investments and the appropriate management of critical IT resources: applications, information, infrastructure and people. Relevant issues concern the optimization of knowledge and infrastructure;
Risk management: requires transparency regarding the significant risks for the organization and insertion of risk management in the company’s activities;
Performance measurement: accompanies and monitors strategy implementation, project termination, resource use, performance process, and delivery of services.

According to Peterson (2004PETERSON, Ryan R. (2004), Integration strategies and tactics for information technology governance. IN: VAN GREMBERGEN, W (Org). Strategies for information technology governance. Londres: Idea Group.), IT Governance aims to meet the organization’s business needs. Van Grembergen, De Haes and Guldentops (2004) point out that one of the main objectives of IT Governance is the alignment of IT strategies with corporate goals and strategies, and it is the focus of IT governance to meet the needs of its different stakeholders. The following section presents some definitions of IT Governance mechanisms, which are understood as the arrangements and practices responsible for meeting the objectives and respecting the principles of IT Governance (ALI and GREEN, 2012ALI, S. e GREEN, P. (2012), Effective information technology (IT) governance mechanisms: An IT outsourcing perspective. Information Systems Frontiers, v. 14, n. 2, p.179-193.).

2.1. IT GOVERNANCE MECHANISMS

In recent years, several studies, focusing on different relationships, have sought to identify IT Governance mechanisms. For example, Sambamurthy and Zmud (1999SAMBAMURTHY, V.; ZMUD, R. W. (1999) Arrangements for information technology governance: a theory of multiple contingencies. MIS Quarterly, v. 23, n. 2, p. 261-290.), by carrying out eight case studies using a theoretical perspective based on the Multiple Contingency Theory, perceived that contingency forces interact with one another, influencing the IT Governance arrangements, mainly as regards the way the IT structure is presented in organizations. However, Peterson (2004PETERSON, Ryan R. (2004), Integration strategies and tactics for information technology governance. IN: VAN GREMBERGEN, W (Org). Strategies for information technology governance. Londres: Idea Group.) was one of the first authors to define a set of mechanisms for IT Governance. According to that author, the mechanisms act in order to meet the objectives of organizations regarding to IT, while respecting the principles of Corporate Governance. By virtue of this, these mechanisms must be associated with one or more of the objectives of IT Governance (VAN GREMBERGEM, DE HAES and GULDENTOPS, 2004). Weill and Ross (2004) describe IT Governance as consisting of mechanisms arranged in three main pillars: structure, processes and relationships. Structural arrangements are formed by the roles and responsibilities for the correct IT decision-making. The processes are directed towards the implementation of procedures, which are in accordance with the strategies and policies defined by IT. The relationship ensures that the defined arrangements and IT Governance processes are executed to ensure the effectiveness of the use of the IT assets, providing the make the most the opportunities and generating greater value for the business (WEILL and ROSS 2004, BOWEN, CHEUNG and ROHDE, 2007BOWEN, Paul L.; CHEUNG, May-Yin D.; ROHDE, Fiona H. (2007), Enhancing IT governance practices: a model and case study of an organization's efforts. International Journal of Accounting Information Systems, v. 8, n. 3, p. 191-22.).

The structure, processes and relationship mechanisms are considered as the main way to manifest the desired behavior related to IT (Weill and Ross, 2006). These mechanisms take into account the organizational arrangements for making decisions about IT, the processes that make IT work, and the relationships to manage and address the various activities involved.

The relevance of studies into IT Governance mechanisms is evident in the international academic scenario. This is apparent in the various researchers who have dedicated themselves to studying these arrangements and practices in recent years. As an example, Bowen, Cheung and Rohde (2007BOWEN, Paul L.; CHEUNG, May-Yin D.; ROHDE, Fiona H. (2007), Enhancing IT governance practices: a model and case study of an organization's efforts. International Journal of Accounting Information Systems, v. 8, n. 3, p. 191-22.) explored the factors influencing the IT Governance mechanisms. They indicate that the IT Governance is associated with mechanisms such as shared understanding of the objectives between business and IT, the active involvement of IT committees in the management and decision making, strategies and policies shared and communicated between business and IT. Weill and Ross (2004), in a survey of 250 companies from different countries, demonstrated that the adoption of IT Governance mechanisms, especially the mechanisms of decision-making and relationship structure, could be a profitable investment. Table 1 shows the mechanisms cited in the study by Peterson (2001PETERSON, Ryan R. (2001), Information governance: an empirical investigation into the differentiation and integration of strategic decision-making for IT. The Netherlands: Tilburg University.).

Ali and Green (2007ALI, S.; GREEN, P. (2007), IT Governance mechanisms in public sector organizations: an Australian context. Journal of Global Information Management, v. 15, n. 4, p. 41-63.), in turn, used structural equation analysis and modeling to examine 110 questionnaires answered by members of the Information Systems Audit and Control Association (ISACA) in Australia. The study suggests a positive and significant correlation between the overall level of effectiveness of IT Governance and the relationship mechanisms, especially the mechanisms of top management involvement in IT, ethics or culture of compliance with policies, guidelines and procedures and set of formal/informal communication practices.

Thumbnail

Tabela 1
IT Governance Mechanisms

Gerber and Von Solms (2008GERBER M.; VON SOLMS R. (2008), Information security requirements-interpreting the legal aspects. Computers & Security, v. 27, n. 5-6, p. 124-135.) conducted a research motivated by the adoption of IT Governance models that indicated the security controls for the most important information in organizations, based on a list provided by ISO/IEC 27002. Further addressing IT Governance mechanisms related to information security, Humphreys (2008HUMPHREYS, Edward. (2008), Information security management standards: compliance, governance and risk management. Information Security Technical Report , v. 13, n. 4, p. 247-255.) focused on how the mechanisms of formal information security practices and a set of formal practices for risk management can be used to manage their risks and direct an ITG template for the protection of an organization’s information assets, with a focus on the internal threats and growing problems that organizations need to address.

In more recent studies, Van Grembergen and De Haes (2009) identified 33 mechanisms through multiple case studies and a survey, presenting several cases of companies around the world, integrating theoretical advances together with empirical data with practical application related to the adoption of IT Governance mechanisms in organizations. With a focus on small and medium enterprises, Huang, Zmud and Price (2010HUANG, Rui; ZMUD, Robert W.; PRICE, R L. (2010) Influencing the effectiveness of IT governance practices through steering committees and communication policies. European Journal of Information Systems, v. 19, p. 288-302.) conducted three case studies analyzing two specific mechanisms of IT Governance: IT policy committees and IT policy communication practices in na attempt to understand the differences found in relation to other studies conducted with large companies. Another study by Prasad, Heales and Green (2010PRASAD, A.; HEALES, J.; GREEN, P. (2010), A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness: evidence from IT steering committees. International Journal of Accounting Information Systems . v. 11, p. 214-232.), suggests, after conducting a survey, that companies that have IT Governance structure mechanisms, such as IT strategies committees and IT steering committee, have high performance levels and a greater IT resource capacity. Liang et al. (2011LIANG, Ting-Peng; CHIU, Yi-Chieh; WU, Shelly P.; STRAUB, D. (2011), The impact of IT governance on organizational performance In: Americas Conference On Information Systems (AMCIS), 13., Detroit, Proceedings… AIS Electronic Library (AISeL).) carried out a survey to examine the relationship between IT Governance and IT/IS strategic planning mechanisms, performance measurement systems, and methods of assessing IT strategic alignment levels and organizational performance. Data were collected from 167 Chinese companies and the results show that strategic alignment is an important factor in leveraging the effect of IT Governance on the effectiveness of the company.

Based on the above, it can be seen that regardless of the strategic positioning of organizations, the adoption of IT Governance mechanisms has become an essential guideline in strategic discussions. Therefore, organizations are increasingly seeking to increase assertiveness in relation to the adoption of IT Governance mechanisms so that they contribute to achieving the objectives expected by top management (WEILL and ROSS, 2006). It is understood that integrating IT with business strategies, adopting and implementing an IT control framework and measuring IT performance are some of the key challenges facing organizations. Thus, it is believed that the IT differential is not only focused on technological issues, but also on the architecture with which technology is used and the correct decisions related to it (NFUKA and RUSU, 2011NFUKA, E. N.; RUSU, L. (2011), The effect of critical success factors on IT governance performance. Industrial Management & Data Systems, v. 111, n. 9, p. 1418-1448. ).

It is believed that the choice of what IT Governance mechanisms should be adopted in organizations should be based on the effectiveness model adopted by the organizations, in line with what Weill and Ross (2004) have shown. However, it is understood that decisions in organizations are often made on the basis of subjective stimuli, in the unconscious quest for legitimation.

3. RESEARCH METHOD

This research is characterized as an exploratory and descriptive cross-sectional study, with a qualitative and quantitative focus due to the data collection and analysis techniques used during the research procedures. The methodological approach is a survey. According to Sampieri, Collado and Lucio (2006), scientific research can be considered a dynamic and evolutionary process composed of inter-related phases and with a common goal. Thus, the integration of the results obtained at each stage of the research will contribute to obtaining the results of this study. Below, Figure 1 shows the research design.

The first phase of the exploratory research was intended to acquire a greater understanding of the subject, with the aim of defining the concepts and criteria that permeate this study. The main objective of this phase was to define an instrument to verify the relationships between the mechanisms, objectives and principles of IT Governance. According to Malhotra (2001), the main objective of exploratory research is to provide the researcher with a greater familiarity with the problem under study. This effort is intended to make a complex problem more explicit or even to construct more appropriate hypotheses. In this phase of the research, bibliographic research and structured interviews with IT Governance professionals were used as data collection techniques. The main result was a questionnaire to verify the relationships between the mechanisms of IT governance present in the literature and the objectives and principles of IT Governance for public administration of the Government of the State of Rio Grande do Sul.

Figure 1.
Research design

In the second phase of the research, a descriptive approach was adopted with the application of a questionnaire during two meetings of the IT Managers Network of the Government of the State of Rio Grande do Sul in 2016. The Network of Managers is an instance of discussion of the ITG model of the executive branch of the State of RS, and congregates all IT Managers from the Direct Administration, State Companies and Foundations. The instrument has three distinct sections, the first part aims to evaluate the degree of adoption of each of the ITG mechanisms identified in the previous phase, the second part seeks to evaluate the respondents’ perceptions regarding the effectiveness of the mechanisms in meeting the objectives and principles pertaining to Decree 52616 of 2015 (PTIC-RS, 2015) on Information Technology and Communication (ICT) Policy. Finally, the third part of the instrument sought to identify some characteristics of the respondents. Descriptive research is intended to interpret a context without interfering with it or modifying it. It can be said that the main interest in this type of research is to discover and to observe phenomena, by trying to describe, classify and interpret them (MATTAR, 1999).

In this phase of the research, Pearson’s Coefficient was used to analyze the correlation between the ITG mechanisms and the Objectives and Principles of the ITG for the State Government of RS. Pearson’s correlation coefficient (r) varies from -1 to 1. The signal indicates a positive or negative direction of the relationship and the value suggests the strength of the relationship between the variables. For Cohen (1988), scores between 0.10 and 0.29 may be considered small; those between 0.30 and 0.49 can be considered as mean; and those between 0.50 and 1 can be interpreted as large. Cronbach’s alpha, which is the mean of all coefficients of variability (MAROCO and GARCIA-MARQUES, 2006), was used to evaluate the reliability of the instrument. For the authors the minimum acceptable value for the reliability of a questionnaire is 0.70, below this value the internal consistency of the scale used is considered low. In contrast, the expected maximum value is 0.90; Above this value, redundancy or duplication can be considered, so redundant items must be eliminated. Usually, alpha values between 0.80 and 0.90 are preferred (MALHOTRA, 2001).

4. RESULTS ANALYSES

In order to evaluate the relationship between the Adoption of the IT Governance Mechanisms and the perception of Effectiveness of the IT Governance Mechanism in Public Administration, a survey questionnaire was developed. To develop the instrument, an analysis of previous publications was conducted, in which 105 ITG mechanisms present in thirteen different publications were iidentified. These mechanisms were grouped by similarity of meaning through discussions with members of a research group in Management and IT Governance and a total of 46 IT Governance mechanisms was found, which were used by the authors as the basis for a semi-structured survey with 26 IT professionals. Table 2 presents the description of the participants in the semi-structured survey.

Thumbnail

Table 2.
Description of the semi-structured survey participants

As part of the process of analyzing the results at this stage of the research, the mechanisms were divided into four groups, representing the importance attributed according to the frequency of the specialists’ answers. The distribution of the mechanisms was defined by applying the quartiles technique within each group of mechanisms separately, in order to ensure that the three types of mechanisms (structure, process and relationship) were represented in the research. The mechanisms that belonged to the first quartile were those of less relevance and those placed in the fourth quartile, the most important. It was defined that the mechanisms that met these two criteria would be considered: a) positioning in the fourth group (greater importance) in quartiles analysis; b) have received 3, 4 or 5 on the importance scale. In item ‘a’, the selected quartile had scores for: structure mechanisms between 15 and 24; for process mechanisms, between 19 and 25; and for relationship mechanisms, between 14 and 20. The result of this process was a list with 25 Mechanisms as shown in Table 3.

Thumbnail

Table 3.
List of IT governance mechanisms

After identifying the mechanisms, the objectives and principles of IT Governance for Public Administration of the State Government of Rio Grande do Sul were identified. This stage was accomplished through the analysis of Decree 52616 of 2015 (PTIC-RS, 2015) Which established the Information and Communication Technology (ICT) Policy within the Government of the State of Rio Grande do Sul in which the following items were defined as guiding principles for IT Governance:

Rational and coordinated use of ICT assets;
Citizen-focused electronic services
Integration and interoperability;
Consistency, reliability and security of data and information;
Transparency and access to public information;
Promotion of networks of collaboration and diffusion of ICT knowledge.

Also, according to the same decree, the objectives of IT Governance for the public administration of the State Government are characterized by:

Articulating the coordinated use of ICT resources;
Strengthening agility and efficiency in response to change;
Supporting strategy and government management;
Proposing technological solutions for the governmental management;
Promoting the analysis of cost/benefit variables of solutions;
Enabling simple and effective technological solutions;
Promoting ICT Governance;
Encouraging the use of innovative technological solutions; and
Disseminating knowledge and qualifing people on ICT management.

Based on the above-mentioned information, a first version of the questionnaire was performed. This version was taken for the consideration of the members of the Information and Communication Technology Governance Committee (CITGC) in order to validate the instrument in face and content terms. The final instrument consisted of 39 Likert-type questions with six points, 25 for evaluating the degree of implementation of IT Governance mechanisms and 13 for evaluating the perception of effectiveness of IT Governance mechanisms. In addition to questions related to IT Governance variables, an additional 11 socio-demographic questions were included in the instrument.

After completing the instrument, the questionnaire was applied in person to 98 public administration employees whose characteristics are listed in Table 4 below.

Thumbnail

Table 4.
Characteristics of Respondents

In terms of gender, 76 respondents are male and 22 female. Among respondents in the IT area, 80.3% of respondents are male, and 19.7% are female. Among respondents in the Business area, 71.9% of the respondents are male, and 28.1% are female.

The respondents presented in Table 4 represent a heterogeneous extract of the sector of direct Administration. Table 5 presents the main characteristics of these sectors.

Thumbnail

Table 5.
Characteristics of the organs in which the respondents work

Pearson’s correlation coefficient was used to quantify the relationship. To calculate the confidence interval of the correlations, the bootstrapping technique (percentile) was used with a simple sampling method, using 1000 samples at a 95% confidence interval. An analysis of Table 6, below, shows by means of the tests carried out, the existence of positive correlations and with different intensities between the identified ITG Mechanisms and the fulfillment of the principles and objectives of the ITG according to the perception of the participating civil servants.

Thumbnail

Table 6
Pearson’s correlation between ITG Mechanisms and the Perception of ITG Effectiveness.

Following this step, the values of the correlations were analyzed individually. Each column represents an ITG objective or principle, and one mechanism, in which the relationship of which is more intense, of each type (Structure, Process and Relationship) was selected, thus allowing the construction of a list of generic and simple mechanisms that can meet the ITG objectives and principles in public organizations. Below Table 7 sets out the final mechanism list achieved following the above process.

Thumbnail

Table 7.
List of ITG mechanisms to meet the ITG objectives and principles in public administration

The mechanisms presented in Table 7 were identified and validated using different data collection and analysis techniques, and constitute a simple set of practices and organizational arrangements that are relatively less complex than the adoption of complete frameworks such as COBIT or ITIL, while, at the same time, they are specific to IT Governance and to public organizations. The use of this list of mechanisms can bring significant results to public organizations.

5. FINAL REMARKS

It is believed that the objectives of the study were achieved, as a set of mechanisms were identified and validated. Initially, 105 mechanisms were identified, and by reading the concept and context of each mechanism, similar mechanisms were grouped, reaching 46 mechanisms. A survey of 26 professionals working with ITG allowed the refinement of the set of 46 mechanisms, reaching 25 mechanisms that were refined through a survey of 98 public administration civil servants resulting in a list of 11 ITG mechanisms to meet the ITG objectives and principles in public administration.

This set of mechanisms can be used by public organizations as a way to operationalize they IT Governance model. The set can be used either integrally or structure, process and relationship mechanisms can be selected from the validated mechanisms. ITG mechanisms are indispensable when an organization is preparing the IT Governance adoption because the mecanisms operationalize the high-level definitions - usually ITG principles and objectives. However, a long list of mechanisms may be more confusing than helpful in this process, and so it is important to have a small list and validity of mechanisms in place. Moreover, it is fundamental that the mechanisms should be validated in the context of public organizations, due to differences in performance and objective between this type of organization and private organizations. These differences also impact on particularities related to the ITG model.

Among the research limitations, one could suggest the fact the results presented is validated in the Direct Administration of the Executive Branch in one state in the Brazilan Federation. Thus, they may not apply widely in public organizations of the Judiciary or Legislative, or to Federal public organizations.

Future research may involve monitoring the adoption of these mechanisms in a public organization, especially through longitudinal research, to evaluate the adoption process and the effectiveness of the mechanisms.

REFERENCES

ALI, S.; GREEN, P. (2007), IT Governance mechanisms in public sector organizations: an Australian context. Journal of Global Information Management, v. 15, n. 4, p. 41-63.
ALI, S. e GREEN, P. (2012), Effective information technology (IT) governance mechanisms: An IT outsourcing perspective. Information Systems Frontiers, v. 14, n. 2, p.179-193.
BARDIN, L. (2009), Análise de conteúdo. Lisboa: Edições 70.
BOWEN, Paul L.; CHEUNG, May-Yin D.; ROHDE, Fiona H. (2007), Enhancing IT governance practices: a model and case study of an organization's efforts. International Journal of Accounting Information Systems, v. 8, n. 3, p. 191-22.
BROWN, A.; GRANT, G. G. (2005), Framing the frameworks: a review of IT governance. Research. Communications of the Association for Information Systems, v. 15, p. 696-712.
FLICK, U. (2009), Qualidade da pesquisa qualitativa. Porto Alegre: Bookman.
GERBER M.; VON SOLMS R. (2008), Information security requirements-interpreting the legal aspects. Computers & Security, v. 27, n. 5-6, p. 124-135.
GIBBS, Graham. (2009) Análise de dados qualitativos. Porto Alegre: Artmed.
HARDY, G. (2006), Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges. Information Security Technical Report, v. 11, n. 4, p. 159-202.
HUANG, Rui; ZMUD, Robert W.; PRICE, R L. (2010) Influencing the effectiveness of IT governance practices through steering committees and communication policies. European Journal of Information Systems, v. 19, p. 288-302.
HUMPHREYS, Edward. (2008), Information security management standards: compliance, governance and risk management. Information Security Technical Report , v. 13, n. 4, p. 247-255.
IBGC - Instituto Brasileiro de Governança Corporativa. (2006), Uma Década de Governança Corporativa: História do IBGC, marcos e lições de experiência. São Paulo: SaintPaul.
ISO/IEC 38500. 2008. International Standard for Corporate Governance of IT. Switzerland: ISO/IEC, 2009
ITGI, IT Governance Institute, (2007), About IT governance framework: information systems audit and control foundation - CobiT 4º Edition. Rolling Meadows: ISACA.
LIANG, Ting-Peng; CHIU, Yi-Chieh; WU, Shelly P.; STRAUB, D. (2011), The impact of IT governance on organizational performance In: Americas Conference On Information Systems (AMCIS), 13., Detroit, Proceedings… AIS Electronic Library (AISeL).
LUNARDI, G.; DOLCI, P. (2009), Governança de TI e seus mecanismos: uma análise da sua disseminação entre as empresas brasileiras, In: ENCONTRO DE ADMINISTRAÇÃO DA INFORMAÇÃO - ENADI, 2., Recife. Anais… Curitiba: ANPAD . 2009
MULLER, C. Linkage mechanisms for component-based services and IT governance. Journal of Systems Integration, v. 4, n. 1, p. 3-12, 2013.
NFUKA, E. N.; RUSU, L. (2011), The effect of critical success factors on IT governance performance. Industrial Management & Data Systems, v. 111, n. 9, p. 1418-1448.
PETERSON, Ryan R. (2001), Information governance: an empirical investigation into the differentiation and integration of strategic decision-making for IT. The Netherlands: Tilburg University.
PETERSON, Ryan R. (2004), Integration strategies and tactics for information technology governance. IN: VAN GREMBERGEN, W (Org). Strategies for information technology governance. Londres: Idea Group.
PRASAD, A.; HEALES, J.; GREEN, P. (2010), A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness: evidence from IT steering committees. International Journal of Accounting Information Systems . v. 11, p. 214-232.
ROSSONI, L.; MACHADO-SILVA, C. L. (2010), Institucionalismo organizacional e práticas de governança corporativa. Revista de Administração Contemporânea. Edição Especial, n. 7, p. 173-198.
SAMBAMURTHY, V.; ZMUD, R. W. (1999) Arrangements for information technology governance: a theory of multiple contingencies. MIS Quarterly, v. 23, n. 2, p. 261-290.

Publication Dates

Publication in this collection
Apr 2017

History

Received
21 Feb 2017
Accepted
20 Apr 2017

This is an open-access article distributed under the terms of the Creative Commons Attribution License

[1] ALI, S.; GREEN, P. (2007), IT Governance mechanisms in public sector organizations: an Australian context. Journal of Global Information Management, v. 15, n. 4, p. 41-63.

[2] ALI, S. e GREEN, P. (2012), Effective information technology (IT) governance mechanisms: An IT outsourcing perspective. Information Systems Frontiers, v. 14, n. 2, p.179-193.

[3] BARDIN, L. (2009), Análise de conteúdo. Lisboa: Edições 70.

[4] BOWEN, Paul L.; CHEUNG, May-Yin D.; ROHDE, Fiona H. (2007), Enhancing IT governance practices: a model and case study of an organization's efforts. International Journal of Accounting Information Systems, v. 8, n. 3, p. 191-22.

[5] BROWN, A.; GRANT, G. G. (2005), Framing the frameworks: a review of IT governance. Research. Communications of the Association for Information Systems, v. 15, p. 696-712.

[6] FLICK, U. (2009), Qualidade da pesquisa qualitativa. Porto Alegre: Bookman.

[7] GERBER M.; VON SOLMS R. (2008), Information security requirements-interpreting the legal aspects. Computers & Security, v. 27, n. 5-6, p. 124-135.

[8] GIBBS, Graham. (2009) Análise de dados qualitativos. Porto Alegre: Artmed.

[9] HARDY, G. (2006), Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges. Information Security Technical Report, v. 11, n. 4, p. 159-202.

[10] HUANG, Rui; ZMUD, Robert W.; PRICE, R L. (2010) Influencing the effectiveness of IT governance practices through steering committees and communication policies. European Journal of Information Systems, v. 19, p. 288-302.

[11] HUMPHREYS, Edward. (2008), Information security management standards: compliance, governance and risk management. Information Security Technical Report , v. 13, n. 4, p. 247-255.

[12] IBGC - Instituto Brasileiro de Governança Corporativa. (2006), Uma Década de Governança Corporativa: História do IBGC, marcos e lições de experiência. São Paulo: SaintPaul.

[13] ISO/IEC 38500. 2008. International Standard for Corporate Governance of IT. Switzerland: ISO/IEC, 2009

[14] ITGI, IT Governance Institute, (2007), About IT governance framework: information systems audit and control foundation - CobiT 4º Edition. Rolling Meadows: ISACA.

[15] LIANG, Ting-Peng; CHIU, Yi-Chieh; WU, Shelly P.; STRAUB, D. (2011), The impact of IT governance on organizational performance In: Americas Conference On Information Systems (AMCIS), 13., Detroit, Proceedings… AIS Electronic Library (AISeL).

[16] LUNARDI, G.; DOLCI, P. (2009), Governança de TI e seus mecanismos: uma análise da sua disseminação entre as empresas brasileiras, In: ENCONTRO DE ADMINISTRAÇÃO DA INFORMAÇÃO - ENADI, 2., Recife. Anais… Curitiba: ANPAD . 2009

[17] MULLER, C. Linkage mechanisms for component-based services and IT governance. Journal of Systems Integration, v. 4, n. 1, p. 3-12, 2013.

[18] NFUKA, E. N.; RUSU, L. (2011), The effect of critical success factors on IT governance performance. Industrial Management & Data Systems, v. 111, n. 9, p. 1418-1448.

[19] PETERSON, Ryan R. (2001), Information governance: an empirical investigation into the differentiation and integration of strategic decision-making for IT. The Netherlands: Tilburg University.

[20] PETERSON, Ryan R. (2004), Integration strategies and tactics for information technology governance. IN: VAN GREMBERGEN, W (Org). Strategies for information technology governance. Londres: Idea Group.

[21] PRASAD, A.; HEALES, J.; GREEN, P. (2010), A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness: evidence from IT steering committees. International Journal of Accounting Information Systems . v. 11, p. 214-232.

[22] ROSSONI, L.; MACHADO-SILVA, C. L. (2010), Institucionalismo organizacional e práticas de governança corporativa. Revista de Administração Contemporânea. Edição Especial, n. 7, p. 173-198.

[23] SAMBAMURTHY, V.; ZMUD, R. W. (1999) Arrangements for information technology governance: a theory of multiple contingencies. MIS Quarterly, v. 23, n. 2, p. 261-290.

STRUCTURE MECHANISMS	PROCESS MECHANISMS	RELATIONSHIP MECHANISMS
*Key mechanisms:* IT formalization; Definition of rules; Committees and councils IT Structure	*Key mechanisms:* IT decision-making strategies; IT measurement / monitoring strategies.	*Key mechanisms:* IT and business acting as partners; Shared learning between IT and business.
*Examples:* CIO and DIO; IT program managers; IT relationship managers; IT account manager; IT projects office; IT executive council; IT Steering Committee; IT projects committee; E-commerce consultancy; E-CRM Task Force Centers of competence and excellence.	*Examples:* BSC Analyses Analysis of critical success factors; Scenario analysis; Cost/benefit analysis and risks; SWOT Analysis; SLA; IT chargeback system; IT delivery management; IT benefits management; Monitoring IT performance; Shared IT performance database.	*Examples:* Active participation of key stakeholders; Partnership in incentives and rewards; Shared understanding of goals between IT and business; Active conflict resolution; Rotation of work/function between IT and business; Virtual connection between IT and business practices and communities.

Hierarchical Position in the Organization	Academic Background			Time in Position (years)
Hierarchical Position in the Organization		Graduation	Specialization	Masters Doctorate degree	2 to 4	4 to 10	Above 10
Director of IT/CIO	0	1	1	0	2	0
IT Manager	1	5	0	3	1	2
IT Coordinator	2	4	0	1	3	2
ITG Analyst	4	5	3	5	3	4
Total	7	15	4	9	9	8

Structure mechanisms	Instance
E01 - IT Steering Committee	Arrangement
E02 - IT projects feasibility review committee	Arrangement
E03 -Organizational structure of IT formalized	Arrangement
E04 - IT Investment Prioritization Committee	Arrangement
E05 - Set of formal practices for risk analysis	Practice
E06 - IT Audit Committee at the Board Level	Arrangement
E07 - Formal definition of roles and responsibilities	Arrangement
E08 - IT Projects Committee	Arrangement
E09 - CIO at executive level and on the board of directors	Arrangement
Process Mechanisms	Instance
P01 - Strategic IT/IS Planning	Practice
P02 - Performance measurement systems	Practice
P03 - Definition of IT performance indicators	Practice
P04 - Set of formal IT control and measurement practices	Practice
P05 -Set of formal practices of prioritization of IT investments	Practice
P06 - Set of formal information security practices	Practice
P07 - Set of formal process management practices	Practice
P08 - Set of formal practices for managing IT services	Practice
P09 - Methods for IT strategic alignment levels assessment	Practice
P10 - Set of formal project management practices	Practice
P11 - Ethics or culture of compliance with policies, guidelines and procedures	Practice
Relationship mechanisms	Instance
R01 - Shared understanding of IT and business objectives	Practice
R02 - IT Governance Office	Arrangement
R03 - Set of formal practices for defining/communicating the value of IT	Practice
R04 - Co-location - Allocation of business people in IT and IT in business	Arrangement
R05 - Set of communication practices (formal or informal)	Practice

Government Area	Hierarchical Position	Education	Age
INFORMATION TECHNOLOGY (66)	Technical / Assistant (39.4%) Coordinator (19.7%) Analyst (18.2%) Manager (16.7%) Director (4.5%) Specialist (1.5%)	Graduated (40.9%) Specialist (36.4%) Masters (22.7%)	18 to 25 (6.1%) 26 to 35 (24.2%) 36 to 45 (27.3%) 46 to 55 (28.8%) Over 55 (13.6%)
BUSINESS AREA (32)	Technical / Assistant (46.9%) Coordinator (15.6%) Director (12.5%) Analyst (12.5%) Manager (6.3%) Specialist (6.3%)	Graduated (46.9%) Specialist (43.8%) Masters (9.4%)	26 to 35 (18.8%) 36 to 45 (34.4%) 46 to 55 (34.4%) Over 55 (12.5%)
*TOTAL (98)*	Technical or Assistant (41) Coordinator (18) Analyst (16) Manager (13) Director (7) Specialist (3)	Graduated (42) Specialist (38) Masters (18)	18 to 25 (4) 26 to 35 (22) 36 a 45 (29) 46 to 55 (30) Over 55 (13)

Number of employees in the sector where the respondent work	ITG Structure	ITG Model	IT Collaborators
01 to 05 (5)	Formalized (4) Not formalized (1)	Structured (5)	01 to 05 (3) Above 100 (2)
06 to 10 (3)	Not formalized (2) Formalized (1)	Structured (2) Not Structured (1)	01 to 05 (3)
11 to 25 (6)	Formalized (4) Not formalized (2)	Structured (4) Not Structured (2)	01 to 05 (6)
26 to 50 (2)	Not formalized (2)	Not Structured (2)	01 to 05 (2)
51 to 100 (38)	Not formalized (30) Formalized (8)	Not Structured (23) Structured (15)	01 to 05 (19) 06 to 10 (15) 11 to 25 (3)
101 to 500 (15)	Formalized (8) Not formalized (7)	Structured (9) Not Structured (6)	01 to 05 (5) 06 to 10 (3) 11 to 25 (2)
Above 501 (29)	Formalized (22) Not formalized (7)	Structured (24) Not Structured (5)	Above 100 (11) 11 to 25 (7) 06 to 10 (5)
TOTAL (98)	No Formalized (51) Formalized (47)	Structured (59) Not Structured (39)	01 to 05 (39) 06 to 10 (23) Above 100 (15)

Structure mechanisms	Instance
E01 - IT projects feasibility review committee	Arrangement
E02 - IT Investment Prioritization Committee	Arrangement
E03 - IT Audit Committee at the Board Level	Arrangement
E04 - Formal definition of roles and responsibilities	Arrangement
E05 - CIO at executive level and on the board of directors	Arrangement
Process Mechanisms	Instance
P01 - Strategic IT/IS Planning	Practice
P02 - Set of formal practices of prioritization of IT investments	Practice
P03 - Set of formal practices of Process Management	Practice
P04 - Methods Assessment of IT Strategic Alignment Levels	Practice
Relationship Mechanisms	Instance
R01 - Shared understanding of IT and business objectives	Practice
R02 - IT Governance Office	Arrangement