Management for Professionals Steven De Haes Wim Van Grembergen Enterprise Governance of Information Technology Achieving Alignment and Value, Featuring COBIT 5 Second Edition Management for Professionals More information about this series at h ttp://www.springer.com/series/10101 Steven De Haes (cid:129) Wim Van Grembergen Enterprise Governance of Information Technology Achieving Alignment and Value, Featuring COBIT 5 Second Edition Steven De Haes Wim Van Grembergen Information Technology Alignment Information Technology Alignment and Governance Research Institute and Governance Research Institute University of Antwerp - Antwerp University of Antwerp - Antwerp Management School Management School Antwerp , Belgium Antwerp , Belgium ISSN 2192-8096 ISSN 2192-810X (electronic) Management for Professionals ISBN 978-3-319-14546-4 ISBN 978-3-319-14547-1 (eBook) DOI 10.1007/978-3-319-14547-1 Library of Congress Control Number: 2015932080 Springer Cham Heidelberg New York Dordrecht London © Springer Science+Business Media, LLC 2009 © Springer International Publishing Switzerland 2015 T his work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifi cally the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfi lms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. T he use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specifi c statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. T he publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper Springer International Publishing AG Switzerland is part of Springer Science+Business Media (www.springer.com) Pref ace “Enterprise Governance of IT” is a relatively new concept in the literature and is gaining more and more interest in the academic and practitioner’s world. “Enterprise Governance of IT” is about defi ning and embedding processes and structures in the organization that enable both business and IT people to execute their responsibili- ties in creating value from IT-enabled business investments. As an example of its growing importance, the standardization organization ISO issued in 2008 a new worldwide ISO standard in this domain. W ithin the University of Antwerp–Antwerp Management School–IT Alignment and Governance (ITAG) Research Institute, we have been executing applied research in this domain for many years now. With this book, we want to provide a complete and comprehensive overview of what Enterprise Governance of IT entails and how it can be applied in practice. Our conclusions in this book are based on our knowl- edge obtained in applied research projects, our many years of involvement in the development of COBIT, our own hands-on coaching and consulting experience in many industries in governance and alignment projects, and international state-of- the-art literature. In this way, this manuscript encompasses both academic models and concepts but also includes practice-oriented frameworks such as COBIT and discusses and analyzes many practical cases and examples in different industries. The target audience for this book is threefold: (cid:129) M aster students, for whom this textbook can be used in courses typical on IT strategy, Enterprise Governance of IT, IT management, IT processes, IT and business architecture, IT assurance/audit, information systems management, etc. (cid:129) Executive students in business schools, for MBA type of courses where IT strat- egy or IT management modules are addressed. (cid:129) Practitioners in the fi eld, both business and IT managers, who are seeking research-based fundamentals and practical implementation issues related to it in the domain of Enterprise Governance of IT. T his book is organized into seven main chapters. Chapter 1 defi nes the core concepts around Enterprise Governance of IT as a means to enable business/IT v vi Preface alignment and business value from IT. This chapter sets the scene of the complete book. Chapter 2 builds on the fi rst chapter and stipulates a conceptual model to address the challenge of implementing Enterprise Governance of IT in practice. This chapter also provides an overview of contemporary best practices organiza- tions are using and addresses related topics on, for example, the role of the board of directors in Enterprise Governance of IT and the context of interorganizational envi- ronments. In Chap. 3 , the impact of Enterprise Governance of IT implementations on business/IT alignment is discussed. The fi rst question is how an organization can measure and evaluate its current status of business/IT alignment. This discussion is supplemented with a benchmarking case, where business/IT alignment was mea- sured for the Belgian fi nancial services sector. Next, the impact of Enterprise Governance of IT practices on business/IT alignment is analyzed and illustrated. Chapter 4 discusses the value component of this textbook. It starts from describing the IT productivity paradox and then discusses two approaches to measure and man- age the value of IT, at the level of an investment through the business case process and at the level of the IT department through the IT balanced scorecard. Chapter 4 also includes a detailed case study of a working IT balanced scorecard implementa- tion. Chapter 5 positions COBIT in the fi eld of Enterprise Governance of IT. This chapter discusses in detail all the core elements of the COBIT framework and explains how organizations could leverage them for the purpose of Enterprise Governance of IT. Related to this, Chap. 6 continues by discussing how COBIT can also be leveraged as a framework to execute IT assurance/audit assignments. This chapter also offers a lot of hands-on templates that can be used in practice. Chapter 7 fi nally provides some guidelines and trigger events to get started with Enterprise Governance of IT and outlines a balanced scorecard for Enterprise Governance of IT to manage and measure the outcome of the enterprise governance of IT project. T o support the reader in understanding and absorbing the material provided, each chapter provides (short and long) “assignment boxes” where readers can apply the concepts explained in comprehensive exercises. Also, at the end of each chapter, a summary and study questions are available enabling the reader to cross-check the insights obtained in a chapter. For people who want more information, each chapter provides hooks to more detailed background material by way of literature references. We hope that with this book, we can contribute to further developing the emerg- ing knowledge domain of Enterprise Governance of IT. This book is one of the outcomes of our activities within the University of Antwerp–Antwerp Management School–IT Alignment and Governance (ITAG) Research Institute. We do welcome reactions on this book or sharing experiences in the domain of Enterprise Governance of IT via [email protected] and [email protected]. Antwerp, Belgium Steven De Haes January 2015 Wim Van Grembergen Acknowledgments We would like to thank all participants involved in our research and teaching activi- ties and in writing this book. Without the support of these people, the development of this book could not have been satisfactorily completed. We gratefully acknowledge the business and IT managers who shared their insights and practices on Enterprise Governance of IT and participated in one or more of our research projects. We appreciate support provided for this project by the Business Faculty of the University of Antwerp and the Antwerp Management School, by our colleagues in these institutions, and by other international colleagues we had the opportunity and honor to work with. We also would like to thank our master and executive students who provided us with many ideas on the subject of Enterprise Governance of IT and its related mechanisms. We would also like to express our gratitude toward the board of directors, the management committee, and all the staff and volunteers of the ISACA. Our involve- ment in the COBIT development activities has been of great value in further pro- gressing our ideas. We also thank Springer who showed great interest in our research and book proj- ect and from whom we received magnifi cent support in managing this project. F inally, last but not least, we would like to thank our families. Wim would like to extend his gratitude to Hilde, Astrid, and Helen who always supported and helped him with every project including this book. Steven wishes to thank Brenda for her loving support and patience and wants to dedicate this book to Ruben, Charlotte, and Michiel. vii Contents 1 Enterprise Governance of IT, Alignment and Value .............................. 1 1.1 Enterprise Governance of IT in the Context of Digitized Organizations ................................................................. 1 1.2 Business/IT Alignment ...................................................................... 4 1.3 Value from IT ..................................................................................... 6 Summary ..................................................................................................... 8 Study Questions .......................................................................................... 9 References ................................................................................................... 9 2 Enterprise Governance of IT ................................................................... 11 2.1 Practices for Implementing Enterprise Governance of IT ................. 11 2.2 Principles for Enterprise Governance of IT ....................................... 18 2.3 Case Study: Enterprise Governance of IT at KLM ............................ 19 2.3.1 KLM’s Trigger Points to Start the Journey ............................ 20 2.3.2 Embarking on the Journey ..................................................... 21 2.3.3 Reported Benefi ts ................................................................... 29 2.4 Enterprise Governance of IT and the Board ...................................... 32 2.5 Intraorganizational Governance of IT ................................................ 36 2.6 Theoretical View on EGIT: Viable Systems Theory .......................... 37 2.6.1 System 1: The Productive Function ....................................... 39 2.6.2 System 2: The Coordination Function ................................... 39 2.6.3 System 3: The Executive Function ........................................ 40 2.6.4 System 4: The Planning and Future Focus Function ............. 40 2.6.5 System 5: The Coherence Function ....................................... 40 2.7 Applying the VSM in the Context of Enterprise Governance of IT ............................................................................... 40 Summary ..................................................................................................... 42 Study Questions .......................................................................................... 42 References ................................................................................................... 43 ix