0% found this document useful (0 votes)
26 views60 pages

Stuvia 2220854 Digital Strategy and Governance Samenvatting Boek

Uploaded by

zwaenie.punanie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
26 views60 pages

Stuvia 2220854 Digital Strategy and Governance Samenvatting Boek

Uploaded by

zwaenie.punanie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 60

Digital Strategy and Governance

samenvatting boek

geschreven door

groshbanks

De website voor het Kopen en Verkopen van je Samenvattingen

Op Stuvia vind je de beste samenvattingen, notities en ander studiemateriaal. Voor alle toetsen,
examens en cursussen. Bekijk het aanbod op Stuvia.

www.stuvia.com

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Chapter 1: Introduction

1.1 Enterprise Governance of IT

➔ Firms are increasingly using digital technologies for strategic purposes,


accompanied by fundamentally reshaped (digital) business strategies
◆ Organisational decision-makers are increasingly facing important IT-
related decisions at all managerial levels
➔ Achievement of IT business value relies heavily on good IT governance
◆ “Effective IT governance is the single most important predictor of the
value an organisation generates from IT”
◆ However absence of IT governance can cause many problems, such
as information security breaches
◆ Organisations have clear incentives to strive for effective IT
governance, as this enables the creation and protection of IT
business value

Enterprise Governance of IT (EGIT): the issues related to ensuring appropriate


control over IT to enable the creation and protection of IT business value
➔ It enables the creation and protection of IT business value through the
mediating mechanism of business/IT alignment
➔ There is a clear relationship between these three core concepts
➔ The conceptual model:

Definition: Enterprise Governance of IT (EGIT) is an integral part of corporate


governance for which, as such, the board is accountable. It involves the definition
and implementation of processes, structures, and relational mechanisms that enable
both business and IT stakeholders to execute their responsibilities in support of
business/IT alignment, and the creation and protection of IT business value.

Enterprise Governance of IT (EGIT) is the process of establishing a framework for


the use of technology in an organisation. It involves defining policies, procedures,
and standards for the management and use of IT assets to align with the
organisation's goals and objectives. EGIT aims to ensure that IT resources are used
effectively and efficiently to support and enhance the organisation's operations. It
involves the participation of multiple stakeholders and may involve the use of
governance frameworks or models.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Due to the focus on “IT” in the naming of the concept, the IT governance discussion
mainly remained within the IT area. For instance when you contact the CEO for an
interview on IT governance you get immediately referred to the CIO.
➔ It is clear that IT business value cannot be realised by IT, but will always be
created at the business side
◆ For example: if IT delivers a CRM system on time and within a budget,
there wouldn't be any business value creation if business side is not
integrating this new information system into its business operations
◆ ⇒ integration & standardisation
➔ Therefore the name Enterprise Governance of IT (EGIT), which implies the
involvement of the business
◆ This change in the naming implies a crucial shift in mindset of business
stakeholders

1.2 Business/IT alignment

The outcome of EGIT is the alignment of information technology with the business.

Business/IT alignment: the fit and integration among business strategy, IT strategy,
business structures, and IT structures.
Two major questions:
● How is IT aligned with the business?
● How is the business aligned with IT?

Strategic Alignment Model (SAM)

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

⇒ Based on two building blocks:


● Strategic fit:
○ External domain: how the firm is positioned in the IT marketplace
○ Internal domain: how the IT infrastructure should be configured and
managed
● Functional integration:
○ Strategic integration: link between business strategy and IT strategy
(external)
○ Operational integration: link between organisational infrastructure and
processes and IT infrastructure and processes (internal)

Strategic fit refers to the alignment between the organisation's IT


resources and its business strategy. This involves ensuring that the
organisation's IT investments are aligned with its business goals and
objectives, and that the organisation's IT activities support and enable
its overall business strategy.

Functional integration refers to the integration of IT systems and


processes with the overall business functions of the organisation. This
involves integrating IT systems and processes with the business
processes and functions of the organisation, and ensuring that the
organisation's IT resources are being used effectively and efficiently to
support the overall business operations.

Achieving strategic fit and functional integration requires a holistic


approach to IT management and governance, and involves aligning
the organisation's IT resources with its overall business strategy and
objectives, and integrating IT systems and processes with the overall
business functions of the organisation. This can involve implementing
changes to organisational structures and processes, investing in
modern and flexible IT systems and infrastructure, and fostering a
culture of collaboration and teamwork.

The strategic alignment model calls for the recognition of multivariate


relationships (cross-domain alignment), which will always take into
consideration at least three out of the four defined domains. ⇒ alignment
is a multifaceted and complex construct,
often referred to as “the alignment-challenge”.
● Expression barriers:
○ Arise from the organisation’s strategic context and from senior
management behaviour, including a lack of direction in terms of
business strategy. This results in an insufficient understanding of, and
commitment to, the organisation’s strategic focus by operational
management

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

■ Expression barriers refer to the challenges of communicating


and expressing the business needs and objectives in a way that
IT can understand and act upon. This can include difficulties in
defining the business requirements in a clear and concise
manner, or misunderstandings or ambiguities in the language
used to describe these requirements.
● Specification barriers:
○ Arise from the circumstances of the organisation’s IT strategy such as
lack of IT involvement in strategy development and business and IT
management conducting two independent monologues. This ends up
in a situation where business and IT strategies are developed in
isolation and are not adequately related
● Implementation barriers:
○ Implementation barriers refer to the challenges of implementing the IT
solutions that have been specified to support the business needs and
objectives. This can include difficulties in integrating the solutions with
existing systems and processes, or issues with the quality or reliability
of the solutions.

1.3 IT Business Value

Understanding how and to what extent the use of IT contributes to organisational


performance.

IT business value: the organisational performance impacts of information


technology at both the intermediate process level and the organisation-wide level,
and comprising (bestaande uit) both efficiency impacts and competitive impacts.

IT business value refers to the extent to which an organisation's information and


technology (I&T) resources contribute to the overall performance and success of the
business. It is a measure of the return on investment (ROI) that the organisation
realises from its IT resources, and is typically expressed in terms of the financial
benefits that are generated as a result of these resources.

IT governance should be about controlling the use of IT in a way that ensures the
achievement of IT business value. There are two general outcomes areas of IT
governance:
● IT value delivery: IT business value creation
● IT risk management: IT business value protection

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Business/IT alignment appears to be, as an intermediate variable, an important


catalyst of IT business value. However it remains a challenge to demonstrate the
achievement of this value as it often involves both tangible and intangible aspects.
⇒Multicriteria measurement methods may solve this problem
because they account for both tangible and intangible impacts
(Information economics, IT balanced scorecard)

Very successful IT investments have a positive impact on all levels of the business
value hierarchy. Less successful investments are not strong enough to impact the
higher levels (niets te maken met figuur hierboven) and consequently influence only
the lower levels.

Conclusion:

EGIT addresses the definition and implementation of processes, structures and


relational mechanisms that enable both business and IT stakeholders to execute
their responsibilities in support of business/IT alignment and the creation and
protection of IT business value.

IT in itself will not generate business value, as value from IT will only be realised if
both IT and the business are involved (and aligned). Measuring and demonstrating
IT business value is, however, not an easy task.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Questions:

1. Define “EGIT” and explain the mind shift associated with moving from “IT
governance” toward “EGIT.”

EGIT stands for "Enterprise Governance of Information Technology." It refers to the


way an organisation manages and directs the use of information technology (IT) in
order to achieve its business goals and objectives.

The mind shift associated with moving from IT governance to EGIT involves adopting
a more strategic and holistic approach to managing and leveraging IT resources.
Rather than simply focusing on the technical aspects of IT, EGIT involves
considering the broader business context in which IT is used, and aligning IT with the
organisation's overall strategy and goals.

This requires a shift in thinking from IT governance, which tends to focus on the
technical management of IT systems and processes, to EGIT, which involves
considering the business value and impact of IT on the organisation as a whole. It
also involves a greater emphasis on collaboration and communication across
different departments and business units, as well as a focus on maximising the
return on investment in IT resources.

2. Explain and discuss the components of the concept of “business/IT


alignment” as described in the strategic alignment model (SAM).

The strategic alignment model (SAM) is a framework for aligning an organisation's


business strategy with its information technology (IT) strategy and capabilities. It is
designed to help organisations ensure that their IT investments are aligned with their
overall business goals and objectives, and that IT is being used to support and
enable the organisation's strategic direction.

3. Discuss why business/IT alignment can be difficult to achieve in


organisations.

Business/IT alignment can be difficult to achieve in organisations due to several


barriers, including:

1. Expression barriers
2. Specification barriers
3. Implementation barriers

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Overall, addressing these barriers requires strong leadership, effective


communication and collaboration, and the ability to adapt to changing circumstances
and technological developments. It may also involve the use of tools and
frameworks, such as the strategic alignment model (SAM), to help organisations
better understand and address the factors that can impact business/IT alignment.

4. Explain the concept of “IT business value’” and discuss why it is difficult to
measure.

Measuring the business value of information technology (IT) can be challenging due
to the complexity and subjectivity of the value that IT brings to an organisation. One
way to approach this challenge is to consider the tangible and intangible aspects of
IT business value.

Tangible aspects of IT business value refer to the measurable and quantifiable


benefits that IT brings to the organisation. These might include things like cost
savings, increased efficiency, or improved customer satisfaction. These tangible
aspects can be measured using methods such as financial analysis, return on
investment (ROI) calculations, and other quantitative metrics.

Intangible aspects of IT business value refer to the more qualitative or subjective


benefits that IT brings to the organisation. These might include things like increased
competitiveness, improved innovation, or enhanced decision-making. These
intangible aspects can be difficult to measure using traditional methods, as they
often involve subjective or qualitative factors.

To measure the intangible aspects of IT business value, organisations can use multi
criteria measurement methods, such as the IT balanced scorecard or information
economics. These methods involve the use of multiple metrics and perspectives to
evaluate the value of IT, and can provide a more comprehensive and nuanced
understanding of the impact of IT on the organisation.

Overall, measuring the business value of IT requires a systematic and holistic


approach that takes into account both tangible and intangible aspects, and uses
appropriate tools and methods to evaluate the value of IT in relation to the
organisation's overall goals and objectives.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Chapter 4: IT Business Value

Previous chapters described the concepts of Enterprise Governance of IT and


business/IT alignment, as well as the relationship between them. The first chapter
explained that the ultimate outcome of Enterprise Governance of IT is (the creation
and protection of) IT business value. More specifically, Enterprise Governance of IT
enables IT business value, through the mediating mechanism (A mediating
mechanism is a process or factor that plays a role in connecting or linking two other
things together) of business/IT alignment.

The concept of IT Business Value deals with the contribution of the (current and
future) use of IT to organisational performance => are we getting the benefits out of
our IT?

4.1 To Value or not to Value

Getting IT value and being able to measure it is an important attention point in the
context of enterprise governance of IT.
● Are the responsibilities of both IT and business
● To be taken into account: both tangible and intangible costs, benefits and
risks

Project: a structured set of activities concerned with the delivery of a defined


technical capability based on an agreed schedule and budget
● At the level of the delivery of IT applications and solutions, such as a CRM
application or a new web site
● Are necessary but not sufficient to achieve a required business outcome

A project is a temporary effort that is undertaken to achieve a specific goal or


objective. A project typically has a defined start and end date, and involves a specific
set of activities and resources that are focused on achieving a specific outcome

Program: a structured grouping of projects that are both necessary and sufficient to
achieve a business outcome and deliver value
● A combination of an IT project and all other business-related projects (such as
defining new business processes, providing training, and managing change)

A program is a larger and more complex effort that involves coordinating and
managing multiple related projects in order to achieve a broader set of goals
or objectives. A program typically involves more resources and a longer
timeline than a single project, and may involve the coordination of activities
across different departments or business units

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Portfolio: a suite of business programmes managed to optimise overall enterprise


value
● Including those programmes without IT involvement

A portfolio is a collection of projects or programs that are managed as a


whole in order to achieve a specific set of strategic objectives. A portfolio may
include a mix of ongoing and one-time projects and programs, and may
involve the allocation of resources and decision-making across multiple levels
of the organisation

4.2 The IT Productivity Paradox and the IT


Productivity Cycle

IT productivity paradox (IT black hole): despite large investments in IT, there are
no (observable) productivity gains
● The measurement of the benefits is the most challenging task in examining IT
business value
● The term “value” is a very intricate notion (ingewikkeld begrip)
● Solution => IT balanced scorecard

IT productivity cycle: the purpose is essentially to gain insights on value creation


and protection from IT investments, and more importantly to understand the cyclic
nature of IT-enabled initiatives
● Senior executives responsible for IT investments can also make conclusions
to benchmark and set expectations about IT-enabled initiatives
● The cycle helps to explain why at the organisational level we see the benefits,
but such benefits are missing at the industry level
● Five phases:
1. Adoption of new IT
2. Increase profit: successfully implemented new IT → more
productivity → more profit (even more profit if new IT
cannot be copied). Many organisations struggle to
implement successfully → losses. Risk is higher for first

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

mover advantage seekers but also the risk payoff is also


higher
3. New IT becomes standard: new IT becomes a competitive
necessity rather than competitive asset → it becomes
the norm
4. Competition pushes prices down: market competition is
impacted because of the standardisation of the new IT
5. Productivity gains in dollars decrease: the unit price of a
product goes down because the productivity went up →
does not reflect in monetary value

EGIT and business/IT alignment can play a pivotal role during the first two
phases of the IT productivity cycle ⇒ adoption of IT and realisation of
profits/value

4.4 The (IT) Balanced Scorecard


The IT balanced scorecard (IT BSC) is a popular tool for measuring and managing
the value of IT.

Balanced Scorecard (BSC): a framework for evaluating an organisation's


performance. The BSC is designed to go beyond traditional financial evaluation by
considering additional objectives and measures related to customer satisfaction,
internal processes, and the ability to innovate. These additional perspective areas
can help ensure future financial results and drive the organisation towards its
strategic goals. The BSC includes four perspectives: financial, customer, internal
business processes, and learning & growth. For each perspective of the business,
the BSC includes a three-layered structure:
● Mission
● Objectives
● Measures

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

BCS can be applied to the IT ⇒ the focus of the four perspectives need to
be translated:
● User Orientation: represents the users’ (internal & external) evaluation of IT
● Operational Excellence: represents the IT processes employed to develop
and deliver the applications
● Future Orientation: represents the human and technology resources needed
by IT to deliver its services over time
● Business Contribution: captures the IT business value
Again, each of these perspectives has to be translated into corresponding objectives
and measures that assess the current situation. These assessments need to be
repeated periodically and aligned with pre-established objectives and measures.

To make the BSC more effective, it should include both:


● Outcome measures (also known as lag indicators): indicators of success that
come after an action has been taken
● performance drivers (also known as lead indicators): the actions or factors
that drive those outcomes
The BSC should include a mix of both types of measures and should show cause-
and-effect relationships between them. For example, investing in the education of IT
staff (a performance driver) can lead to better quality systems (an outcome measure)
which can lead to increased user satisfaction (another outcome measure) and
ultimately contribute to the overall business value of IT (a final outcome measure).

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

The IT Balanced Scorecard (BSC) can be linked to the business through a cascade
of scorecards, where the IT Development BSC and the IT Operational BSC support
the IT Strategic BSC, which in turn supports the Business BSC. This creates a set of
linked measures that can be used to align IT and business strategy and determine
how IT contributes value to the business.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

4.5 Validating EGIT-Alignment-Value Relationship

There is evidence to support the idea that effective IT governance (EGIT) can lead to
better alignment between IT and business goals, which in turn can contribute to the
overall business value of IT. This alignment can be both intellectual (in terms of
shared goals and understanding) and social (in terms of relationships and
communication).

It is also important to note that the business value of IT is multidimensional and can
be influenced by both financial and non-financial measures.

When evaluating the business value of IT, it is important for executives to consider
the appropriate level of alignment between IT and business goals. Research has
shown that different levels of alignment (firm-level or strategic alignment and
process-level or operational alignment) can impact the relationship between
alignment and IT business value. Depending on the organisation's strategic
orientation, different levels of alignment may be more relevant. For example, if the
focus is on operational excellence, both levels of alignment may be important.
However, if the focus is on product leadership or customer intimacy, only firm-level
alignment may be relevant. It is important to consider these factors in order to
understand the relationship between IT governance, alignment, and business value.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Questions:

1. Describe the concept of the IT productivity paradox. Explain how it relates to


the “IT doesn’t matter article” (Carr, 2003) discussed in the first chapter of this
book.

The IT productivity paradox refers to the observation that, despite significant


investments in information technology (IT), many organisations have not seen
corresponding improvements in productivity. This phenomenon has been widely
studied and discussed in the literature on IT management.

The "IT doesn't matter" article, written by Nicholas Carr and published in the Harvard
Business Review in 2003, argued that IT has become a commodity, with many
organisations using similar technologies and infrastructure, and that the unique
competitive advantage that IT once offered has diminished. According to Carr, this
means that investments in IT may no longer provide the same strategic benefits as
they did in the past, and that organisations should focus on other areas for
competitive advantage.

The concept of the IT productivity paradox is related to the "IT doesn't matter" article
in that it suggests that the benefits of IT investments may be more limited than
previously thought. While IT can certainly improve efficiency and facilitate certain
tasks, it may not necessarily lead to significant increases in overall organisational
productivity. This is due in part to the fact that IT investments often involve significant
upfront costs and ongoing maintenance, and may not always provide the expected
return on investment.

Overall, the IT productivity paradox and the "IT doesn't matter" article highlight the
need for organisations to carefully consider their investments in IT, and to ensure
that they are aligned with business goals and objectives. It is important for
organisations to understand the limitations of IT and to be realistic about the
potential benefits it can provide.

2. How can the IT productivity cycle explain the IT productivity paradox?

The IT productivity cycle is a model that explains the relationship between IT


investments and productivity. It suggests that IT investments can lead to productivity
improvements in the short term, but that these improvements may not be sustained
over the long term.

According to the IT productivity cycle, IT investments initially lead to increased


productivity as organisations adopt new technologies and processes that allow them
to work more efficiently. However, as the new technologies and processes become
more widespread and are adopted by other organisations, the competitive advantage
they provide may diminish, leading to a levelling off of productivity improvements.

The IT productivity cycle can help to explain the IT productivity paradox in that it
suggests that the benefits of IT investments may be limited in the long term. While IT

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

can certainly facilitate certain tasks and improve efficiency in the short term, it may
not necessarily lead to sustained improvements in productivity over the long term.

To address this, organisations may need to continually invest in new and innovative
technologies and processes in order to maintain their competitive advantage and
drive productivity improvements. It is also important for organisations to carefully
consider their IT investments and ensure that they are aligned with business goals
and objectives, in order to maximise their return on investment.

3. How can the EGIT concept be linked to the IT productivity cycle?

The EGIT (enterprise governance of IT) concept refers to the way in which
organisations manage and govern their use of IT in order to support and enhance
business objectives. This includes establishing policies and procedures to ensure
that IT investments are aligned with business goals, and establishing mechanisms to
monitor and measure the effectiveness of IT investments in driving productivity
improvements.

The EGIT concept can be linked to the IT productivity cycle in that it helps
organisations to sustain the productivity improvements that IT investments can bring
in the short term. By establishing effective governance practices, organisations can
ensure that IT is used in a way that supports and enhances business objectives, and
that investments in IT are aligned with the organisation's strategic goals.

For example, if an organisation is considering an IT investment to automate a


particular process, it can use the EGIT approach to ensure that the investment is
aligned with business goals and objectives, and to consider how the technology can
be used to support and enhance the process in the long term. This may involve
evaluating the potential return on investment and determining how the technology
can be used to support the organisation's competitive advantage.

Overall, the EGIT approach can help organisations to make more strategic and
effective use of IT in order to drive productivity improvements and competitive
advantage over the long term.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

4. How can you leverage the IT balanced scorecard as a management and


alignment instrument?

To leverage the IT BSC as a management (and business/IT alignment) instru- ment,


it should be enhanced with cause-and-effect relationships between measures. These
relationships are articulated by two types of measures: outcome measures (or lag
indicators) and performance drivers (or lead indicators). A well-developed scorecard
should contain a good mix of these two types of measures.

5. Explain and illustrate the difference between outcome measures and


performance drivers in the context of the IT balanced scorecard.

Outcome measures and performance drivers are both types of measures that can be
tracked on an IT balanced scorecard. Outcome measures refer to the results or
outcomes that an organisation is seeking to achieve, while performance drivers are
the underlying factors that influence the achievement of those outcomes.

For example, consider an organisation that is seeking to improve customer


satisfaction with its IT services. The outcome measure in this case might be the
percentage of customers who are satisfied with the organisation's IT services.
Performance drivers, on the other hand, might include factors such as the availability
of IT services, the speed of problem resolution, and the quality of IT support.

Overall, outcome measures and performance drivers are both important components
of the IT balanced scorecard, and tracking both can help organisations to gain a
better understanding of their IT performance and identify areas for improvement.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Chapter 3: Business/IT Alignment

The impact of Enterprise Governance of IT on business/IT alignment.


⇒How can an organisation measure and evaluate its current state of
business/IT alignment

3.1 Measuring Business/IT Alignment


What is alignment: it is about aligning the business strategy, IT strategy,
business operations and IT operations ⇒ complex challenge for
organisations
→ there is no universal way to measure business/IT alignment
→ it is important to select the approach that is best for the type of activity
you do

The matching and moderation approach:


● Matching approach:
○ Looks at the difference in ratings between two pairs of related
items ⇒ when there is a high difference between the related
items, alignment is low (and vice versa)
○ You look at the parallelism between business and IT

○ In the figure alignment between 3-3 is high = the difference is 0


○ Shortcomings of this method is the question whether the scores
necessarily need to be at the same level to indicate high degrees of
alignment
● Moderation approach:
○ Alignment is seen as an interaction rather than a parallelism and as
such quite often leads to different outcomes than the matching
approach
○ It is the combination or synergy between business and IT, rather than
the difference, which is important
○ This approach does not calculate the difference but the product terms
○ In the fig above the high alignment (3,3) mens there is an alignment of
9, the low alignment (5,1) means there is an alignment of 5
■ High score = high alignment

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

○ This approach differs from the matching approach as two low scores
are now seen as “low alignment” where in the matching approach; two
(equal) low scores result in “high alignment”

○ The basic assumption in the moderation approach is that the


interactive relationship (moderation) between business and IT, and not
the difference, will impact business performance

The profile deviation approach:


1. An ideal alignment scenario has to be deducted (from theory)
2. Deviations from this ideal state are calculated

The scoring approach:


● A typical example is the information economics method:
○ Is a scoring technique whereby both business and IT people score
major IT investments against a set of (business and IT) criteria,
resulting in a weighted total score based on the scores for the ROI and
the non-tangibles.
○ Typically, scores from 0 to 5 are attributed whereby 0 means no
contribution and 5 refers to a high contribution; the values obtain a
positive score and the risks a negative score
○ Limitation: only focused on one major IT project
● Diagnostic to assess alignment:
○ This approach requires the respondents to assess ten statements that
relate to the degree of alignment, on a scale from 1 to 5 (1 = always
true, 5 = never true). The average of the assessments on all the ten
statements provides the alignment score.

The maturity model approach:

● Organisations can also use a maturity model to assess the state of alignment.
This is a method of scoring that enables the organisation to grade itself from
non-existent (0) to optimised (5)
● This tool offers an easy-to-understand way to determine the “as-is” and the
“to-be” (according to enterprise strategy) state and enables the organisation to
benchmark itself against best practices and standard guidelines. This way,
gaps can be identified, and specific actions can be defined to move toward
the desired level of strategic alignment maturity.
● Luftman

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

3.2 The Relationship Between Enterprise


Governance of IT and Business/IT Alignment

Business/IT alignment is a crucial outcome of EGIT and an essential link in the chain
to enable IT business value

3.3 Contextualizing Business/IT Alignment

Business/IT alignment is a complex process, which requires interaction between


business and IT through multiple organisational dimensions.
● Strategic dimension: how to align IT strategy with the business strategy
○ The assumption is that such strategic fit will facilitate the efficient use of
IT resources to create and protect IT business value
● Operational dimension: the ability of management to align IT infrastructure
with the business processes in the organisation
○ The operational dimension of alignment is concerned with the
transformation of strategy into daily business
● Individual dimension: how IT infrastructure and individual user needs can be
integrated seamlessly
○ Focuses on the fit between IT infrastructure and user needs
○ User needs are constantly evolving as the internal and external
technology landscape is constantly changing
■ Organisations need to constantly adapt to ever-changing user
needs and understand the IT infrastructure needs of different
actors

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Many information systems scholars group these dimensions (mainly strategic &
operational) under the heading of intellectual dimension of alignment:

This term captures the fact that there is an explicit nature to recognize
and achieve business/IT alignment → this explicitness is mainly expressed
through:

⇒ IT strategy, IT planning, IT structures

Social alignment: focuses on values, communication, shared understanding


between business and IT executives ⇒ can be achieved through formal
and informal EGIT mechanisms
⇒ Can be conceptualised as:

● Social capital between business and IT: mutual trust and respect, interaction
and equal participation in change management processes
● IT’s personnel’s business understanding: the outcome of the social capital
between business and IT

Both formal and informal EGIT mechanisms positively impact social


alignment between business and IT ⇒ they have both a strong impact on
creating social capital between business and IT, which in turn impacts IT
personnel’s business understanding

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Questions:
1. Discuss how business/IT alignment can be measured and determine which
is the most practical approach.

Business/IT alignment refers to the extent to which the goals and objectives of a
business are supported and enabled by its information technology (IT) systems and
infrastructure. It is important for a business to have a high degree of alignment
between its business and IT operations because this can help to ensure that the IT
systems and resources being used by the organisation are effectively supporting and
advancing the business's goals.

There are several approaches that can be used to measure business/IT alignment
and determine which is the most practical approach:

1. The matching and moderation approach involves comparing the goals and
objectives of the business with the capabilities and capabilities of the IT
systems being used by the organisation. This approach can be used to
identify any mismatches or gaps between the two and to determine what
actions need to be taken to improve alignment.
2. The profile deviation approach involves comparing the business's current level
of alignment with its desired level of alignment. This approach can be used to
identify any deviations or discrepancies between the two and to develop a
plan for addressing them.
3. The scoring approach involves assigning a score to each aspect of
business/IT alignment and then comparing the scores to determine the overall
level of alignment. This approach can be useful for tracking and measuring
progress over time.
4. The maturity model approach involves evaluating the business's current level
of alignment against a predetermined set of criteria or standards. This
approach can be used to identify areas where the business is strong and
areas where it needs to improve in order to achieve a higher level of
alignment.

Ultimately, the most practical approach to measuring business/IT alignment will


depend on the specific needs and goals of the organisation. It may be necessary to
use a combination of these approaches in order to get a comprehensive
understanding of the business's level of alignment and to identify any areas that
need improvement.

2. Explain how business/IT alignment can be measured using Luftman’s


maturity model.

To measure business/IT alignment using Luftman's maturity model, an organisation


would need to assess its current level of alignment and identify any areas where it

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

needs to improve in order to reach the next level of maturity. This could involve
conducting a thorough analysis of the organisation's IT systems and processes, as
well as gathering feedback from employees and stakeholders. By tracking progress
over time and implementing changes as needed, the organisation can continually
improve its level of alignment and achieve a higher level of maturity.

3. Explain the relationship between Enterprise Governance of IT and


business/IT alignment.

Enterprise governance of IT (EGIT) refers to the structures, processes, and policies


that an organisation puts in place to ensure that its information technology (IT)
systems and resources are being used effectively and efficiently to support and
advance the organisation's goals and objectives. EGIT involves the establishment of
clear roles, responsibilities, and decision-making authority for managing and using IT
resources, as well as the development of policies and procedures for ensuring that
IT systems and resources are being used in a way that aligns with the overall goals
and objectives of the organisation.

One of the key ways in which EGIT contributes to business/IT alignment is by


providing a framework for ensuring that the organisation's IT systems and resources
are being used in a way that supports and advances the business's goals and
objectives. This includes setting clear expectations and guidelines for how IT
systems and resources should be used, as well as establishing processes for
monitoring and measuring the alignment between business and IT. By establishing a
strong foundation for EGIT, an organisation can ensure that its IT systems and
resources are being used effectively to support and advance the business's goals
and objectives.

In addition, effective EGIT can also help to ensure that the organisation's IT systems
and resources are being used efficiently and effectively. This includes ensuring that
IT resources are being used in a way that maximises their value to the organisation
and minimising any unnecessary or redundant use of these resources. By
streamlining and optimising the use of its IT systems and resources, an organisation
can improve its overall efficiency and effectiveness, which in turn can help to
improve business/IT alignment.

4. Explain the multidimensional view of business/IT alignment.

The multidimensional view of business/IT alignment recognizes that alignment


between a business's information technology (IT) systems and its overall goals and
objectives is not a single, monolithic concept, but rather a complex and multifaceted
one that can be viewed from multiple angles or dimensions. Some of the dimensions
or aspects of business/IT alignment that are often considered in the multidimensional
view include strategic alignment, operational alignment, and individual alignment.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

1. Strategic alignment: This dimension refers to the extent to which the


business's IT systems and resources support and enable the organisation's
overall strategic goals and objectives. For example, a company that is
focused on expanding its international presence might use its IT systems to
support the development of new partnerships and distribution channels in
target markets.
2. Operational alignment: This dimension refers to the extent to which the
business's IT systems and resources support and enable the organisation's
day-to-day operations and processes. For example, a company that relies on
a complex supply chain might use its IT systems to automate and optimise its
logistics and inventory management processes.
3. Individual alignment: This dimension refers to the extent to which the
business's IT systems and resources are integrated with and supported by the
individual employees of the organisation. An organisation that has strong
individual alignment between its IT systems and its employees will ensure that
its IT systems are user-friendly and easy to use, and will provide training and
support to help employees effectively use the systems to support their work.
For example, a company that is implementing a new customer relationship
management (CRM) system might provide training and support to help
salespeople learn how to use the system to track and manage customer
interactions.

By considering business/IT alignment from multiple dimensions, organisations can


gain a more comprehensive understanding of the alignment between their IT
systems and their overall goals and objectives, and can take steps to address any
misalignments or discrepancies that may be impacting the effectiveness of their IT
systems and resources.

5. What is social alignment between business and IT?

Social alignment between business and IT refers to the extent to which the goals,
values, and culture of a business are reflected in and supported by its information
technology (IT) systems and resources. It is important because it can help to create
a sense of cohesion and shared purpose among employees and facilitate a culture
of innovation and continuous improvement within the organisation. To achieve social
alignment, organisations should focus on using their IT systems and resources to
facilitate communication and collaboration among employees and enable the sharing
of knowledge and expertise.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Chapter 2: Enterprise Governance of IT


Developing a high-level model for EGIT is the first step, deploying it throughout all
levels of the organisation is the next challenging step. To effectuate this, EGIT can
be deployed using a mixture of various structures, processes, and relational
mechanisms.

2.2 Mechanisms for Implementing Enterprise


Governance of IT
Developing Organisations can and are deploying EGIT by using a holistic mixture of
various structures, processes, and relational mechanisms:

● EGIT structures:
○ Organisational units and roles responsible for making IT decisions and
for enabling contacts between business and IT management decision-
making functions
○ Blueprint of how the EGIT framework will be structurally organised
● EGIT processes:
○ Refer to the formalisation and institutionalisation of strategic IT
decision-making and IT monitoring procedures
○ To ensure that daily behaviours are consistent with policies and
provide feedback to decisions (e.g., portfolio management)
● EGIT relational mechanisms:
○ About the active participation of, and collaborative relationship among,
corporate executives, IT management, and business management
○ Include job rotation, announcements, advocates, channels, and
education efforts

An organisation has to leverage a mix of structures, processes, and relational


mechanisms to implement EGIT in practice.
A universal best IT governance structure does not exist ⇒ each organisation has
to select its own set of EGIT mechanisms, suitable for it specific context

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

List of EGIT mechanisms:


The 10 mechanisms which are coloured grey, form the minimum baseline that each
organisation should have as a minimum ⇒ key EGIT instruments
● A mixture of more strategic-oriented and management-oriented mechanisms
● Describe how investments in organisations emerge, how they are prioritised
and how they are realised
● ⇒ Most of these mechanisms clearly contain both business and IT-
oriented roles and responsibilities

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

2.3 Principles for Enterprise Governance of IT


Principles: expressions jointly defined by business and IT stakeholders which
clearly state how business and IT will collaborate in the organisation.
● ⇒ a good starting point to usa as reference for designing and
implementing EGIT structures, processes, and relational
mechanisms
● Examples of EGIT principles:

● These principles become the starting point to design a tailored and

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

appropriate EGIT model for the organisation


2.5 EGIT Capita Selecta

Topics in this section:


● The role of the board in EGIT
● IT governance transparency
● The inter-organisational governance of IT
● Ambidextrous EGIT
● More theoretical view on EGIT by using the Viable System Model (VSM)

The role of the board in EGIT

Definition EGIT: “an integral part of corporate governance for which, as such, the
board is accountable. It involves the definition and implementation of processes,
structures, and relational mechanisms that enable both business and IT
stakeholders to execute their responsibilities in support of business/IT alignment,
and the creation and protection of IT business value”
● This indicates a crucial role of the board of directors
● In practice this is an exception rather than a rule

The IT strategic impact grid (Nolan & McFarlan):


● Most frequently used framework by board-level IT governance researchers to
operationalise the role of IT
● Board involvement in IT governance is driven by two factors:
○ The need for reliable IT
○ The need for new IT
● These result in four modes of IT use:
○ Support mode
○ Factory mode
○ Turnaround mode
○ Strategic mode

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

● Support mode:
○ Not very dependent on IT
○ IT primarily used to support routine employee activities
● Factory mode:
○ More operationally dependent on IT
○ Remaining rather unambitious about strategic IT initiatives
○ Most of the core business processes are heavily supported by IT
● Turnaround mode:
○ Currently not very operationally dependent on IT
○ Are in the process of a strategic transformation
■ Anticipate that future strategic IT will fundamentally change their
way of doing business
○ This mode is almost always a “transition” mode (moving from
turnaround mode to factory or strategic mode)
● Strategic mode:
○ Operationally and strategically very dependent on IT

The degree and nature of the involvement of the board of directors in IT


governance (should) depend(s) on the position of the organisation in the IT
strategic impact grid (Nolan & McFarlan).

The passage notes that different studies have operationalized the role of IT in
different ways:
● Organisation's operational or strategic reliance on IT:
○ The extent to which an organisation depends on IT to support its day-
to-day operations, while strategic reliance refers to the extent to which
an organisation uses IT to achieve its strategic goals.
● The IT intensity of the firm
○ A measure of the importance of IT to a firm's operations and is
calculated based on the share of IT capital in total capital for an
industry segment, weighted by the percentage of the firm's sales within
that segment.
● The strategic importance of IT:

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

○ "The degree to which IT has the potential to have a transformational


impact on the associated business of the organisation." This measure
emphasises the potential for IT to fundamentally change the way a firm
does business.
All of these studies confirm that the role of IT is related to board-level IT governance

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Implementing or effectuating board-level IT governance, which refers to the process of overseeing


and directing the use of information technology within an organisation at the level of the company's
board of directors. The passage notes that board-level IT governance can be effectuated through a
mix of structures, processes, and relational mechanisms.
Structures:
● The most frequently mentioned board-level IT governance structure is an IT oversight or
similar committee at the board level. This committee has multiple responsibilities, including
keeping track of competitors' IT use, ensuring that IT is a regular agenda item for the board,
and identifying and reporting on IT risks.
● The IT expertise of directors (board members) is also mentioned as a structural mechanism
for board-level IT governance. Independent directors with IT expertise can provide advice to
management, facilitate access to external IT parties, attract qualified IT management, and
advocate for more IT budgets. Internal directors with IT expertise can help the board
understand the business costs of IT risks and enable swift allocation of resources and priority
setting to address IT weaknesses.
● The position of the CIO (chief information officer) in the organisation is another structural
mechanism mentioned in the literature. Some researchers argue that the CIO should report
directly to the CEO, while others propose adding the CIO to the board of directors if IT is a
strategic business asset or if IT becomes the business itself.
Processes:
● There is a lack of research on board-level IT governance processes, but one process
mentioned in the literature is that the board should ask the right IT-related questions to
effectively fulfil their control and advisory responsibilities.
Relational mechanisms:
● There is also a lack of research on board-level IT governance relational mechanisms, but one
mentioned in the literature is effective communication about IT from and to the board. The
board should communicate the business strategy to the IT organisation in business terms,
while the CIO should communicate IT plans and progress to the board in business terms.
● Another relational mechanism is the establishment of trust between the board and the IT
organisation. This can be achieved through clear communication and shared goals.

Overall, the research suggests that a mix of structures, processes, and relational mechanisms are
needed to effectively implement board-level IT governance. However, there is a lack of research on
processes and relational mechanisms, and further research is needed to understand their role in
board-level IT governance.

The consequences of board-level IT involvement:


● Increased organisational performance
● More involvement leads to higher contribution of IT to organisational
performance
● More IT awareness from the board (seeing IT as a business function) has a
positive effect on organisational performance
● Board-level IT governance has both effect on value creation and value
protection (less security breaches)

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

IT Governance Transparency

IT governance transparency:
● External communication about how an organisation is using it information
technology
● Transparency is important for stakeholder confidence and creating a positive
image
● The preferred medium for most firms for disclosing this information is annual
report
○ Voluntary, however some firms are required by law to disclose IT-
related failures affecting the quality of their financial reporting
● Firms with a higher levels of IT governance transparency tend to have a
higher level of IT governance effectiveness

Inter-Organizational Governance of IT

Intra refers to things that happen within a particular group or system, while inter refers to things that involve or
occur between different groups or systems. For example, intra-organizational communication refers to
communication that takes place within an organisation, while inter-organizational communication refers to
communication that takes place between different organisations.

Inter-organisational governance of IT (network IT governance):


● The authority and accountability framework in place to encourage the efficient
and effective use of IT in electronic exchanges among business partners in a
networked environment
● Similar objectives as intra-organizational governance of IT:
○ Aligning IT functionality with the needs of the inter-organizational
network
○ “Consciously created forms of social organisation whose members
strive to achieve common goals”
○ Network governance: “[involving] a select, persistent, and structured
set of autonomous firms (as well as non-profit agencies) engaged in
creating products or services based on implicit and open-ended
contracts to adapt to environmental contingencies and to coordinate
and safeguard exchanges.”
● Typically characterised by a lack of top-down authority, with coordination
mechanisms (such as standards) used to regulate the network
● Both inter-organizational and intra-organizational IT governance are
concerned with aligning IT functionality with the needs of the organisation or
network, but they differ in terms of their focus and the level of control and
coordination involved.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Ambidextrous EGIT

Ambidextrous refers to the ability to use both hands equally well or to being able to switch easily
between two different tasks or activities. It can also refer to the ability to adapt and be flexible in
different situations. In the context of organisations and management, ambidextrous organisations are
those that are able to effectively balance and integrate exploratory and exploitative activities, or the
ability to both innovate and maintain current processes and products. This type of organisational
ambidexterity is seen as important for long-term success and competitiveness.

In the context of IT governance, ambidextrous IT refers to the ability of an


organisation to simultaneously focus on both:
● The exploitation of existing IT systems for efficiency and stability
● The exploration of new IT technologies and innovations for growth and
disruption
○ This requires a balance between IT exploitation (using IT to run and
grow efficiency, stability, and safety) and IT exploration (leveraging IT
for new innovations)
○ Involves designing IT structures, processes, and people (relational
mechanisms) that enable both
■ May include CDO (chief digital officer) or other role responsible
for both exploitation and exploration
■ Having processes in place for integrating innovation into the
existing operating model
■ Having e-leadership skills to enable ambidextrous IT
governance
Established firms that are able to implement ambidextrous IT are more likely to be
successful in digital transformation and avoid the risks of missing out on strategic
opportunities or blindly following technology trends without realising the benefits.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Viable EGIT

The term "viable" refers to something that is capable of working effectively or successfully. It can be
used to describe a solution, idea, or plan that has a good chance of being successful or that has the
potential to be implemented and achieve its intended goals. The term is often used to describe
something that is practical and able to be sustained over time. For example, a viable business model
is one that is able to generate sufficient revenue to cover its costs and remain financially sustainable.
Similarly, a viable solution to a problem is one that is able to address the issue effectively and provide
a lasting resolution.

How should EGIT be organised for it to be effective and why?

The viability of an organisational system of controlling the current and future IT use
refers to its ability to continue fulfilling its general purpose of creating and protecting
IT business value.
This viability is maintained through the system's ability to adapt to changes in its
external environment, such as technological advancements or shifts in industry
standards.

A holistic organising logic for IT governance based on the Viable System Model
(VSM) and informed by extant IT governance literature has been proposed to
provide strong theoretical underpinnings for IT governance arrangements

The VSM-based organising logic aims to explain why IT governance can fulfil its
purpose of creating and protecting IT business value, and provide practical guidance
on how to organise effective IT governance

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Viable System Model (VSM):


● Including the communication between IT governance and the external
environment
● The essence of VSM is leveraging(circle) and controlling (square) the current
and future IT use = seeking requisite variety
○ Requisite variety is achieved when IT governance has an appropriate
capacity to be able to effectively control the current and future IT use
○ And this current and future IT use remains sustainable in the changing
environment
○ Only when requisite variety is maintained, we can ensure the general
purpose of creating and protecting IT business value
○ This allows the viable system to have the capacity for adaptation in
response to relevant changes in the external environment
● In short: by leveraging the VSM, thus controlling the current and future IT use,
we incorporate the evolutionary dynamics for a viable system
● Because of VSM, IT governance arrangements can be designed and
implemented with strong theoretical underpinnings
○ These can help ensure their effectiveness in creating and protecting IT
business value
● VSM suggests that IT governance should be organised around five main
functions/systems which allow to control the current and future IT use to be
effective over time:
○ System 1: This represents the basic functions of the organisation, such
as production, marketing, and finance.
○ System 2: This represents the coordination of the organisation's basic
functions, and includes processes such as planning and decision-
making.
○ System 3: This represents the organisation's external relationships,
such as its relationships with customers, suppliers, and regulators.
○ System 4: This represents the organisation's overall strategy and
direction, and includes processes such as goal setting and strategy
formulation.
○ System 5: This represents the organisation's governance structure and
processes, including the roles and responsibilities of different
stakeholders, and the processes and procedures used to govern the
organisation.
■ These functions correspond to the essential elements of the
“organisation” identified by the VSM
■ And are necessary for maintaining the requisite variety and
adaptation needed for viability

Questions:

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

1. Discuss and illustrate an EGIT structure.

The S1 EGIT (enterprise governance of IT) structure is a model in which the IT


strategy committee is at the level of the board of directors. In this model, the IT
strategy committee is responsible for setting the direction and priorities for the
organisation's IT systems, and for ensuring that they are aligned with the
organisation's business goals. The committee may be composed of members of the
board of directors, as well as external experts and representatives from different
business units within the organisation.

One key advantage of the S1 EGIT structure is that it gives IT a high level of visibility
and influence within the organisation. By placing the IT strategy committee at the
same level as the board of directors, the organisation is signalling that IT is a critical
part of its operations and that it is committed to using IT effectively to drive business
success.

Here is an illustration of the S1 EGIT structure:

Board of Directors
|
IT Strategy Committee
|
IT Department
|
Business Units (e.g. Sales, Marketing)
|
Vendors and Partners

In this model, the IT strategy committee reports directly to the board of directors and
is responsible for setting the overall direction and priorities for the organisation's IT
systems. The IT department is responsible for the day-to-day management and
operation of the IT systems, and the business units are the departments within the
organisation that use the IT systems to carry out their work. Vendors and partners
may provide IT services or support to the organisation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

2. Discuss and illustrate an EGIT process.

The P3 EGIT (enterprise governance of IT) process is a model in which portfolio


management is used to govern the organisation's IT systems. In this model, portfolio
management refers to the process of identifying, evaluating, and prioritising the
various IT projects and initiatives within the organisation, and allocating resources
accordingly.

In the P3 EGIT process, a portfolio management office (PMO) is responsible for


overseeing the portfolio management process. The PMO may be a standalone unit
within the organisation, or it may be part of the IT department. The PMO works
closely with the IT strategy committee and other stakeholders to identify the IT
projects and initiatives that will best support the organisation's business goals, and to
develop a roadmap for implementing them.

Here is an illustration of the P3 EGIT process:

IT Strategy Committee
|
Portfolio Management Office
|
IT Department
|
Business Units (e.g. Sales, Marketing)
|
Vendors and Partners

In this model, the IT strategy committee is responsible for setting the overall direction
and priorities for the organisation's IT systems. The PMO is responsible for
overseeing the portfolio management process, and the IT department is responsible
for the day-to-day management and operation of the IT systems. The business units
are the departments within the organisation that use the IT systems to carry out their
work, and vendors and partners may provide IT services or support to the
organisation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

3. Discuss and illustrate an EGIT relational mechanism.

The R8 EGIT (enterprise governance of IT) process is a model in which IT


leadership is used to govern the organisation's IT systems. In this model, IT
leadership refers to the individuals within the organisation who are responsible for
setting the direction and priorities for the organisation's IT systems, and for ensuring
that they are aligned with the organisation's business goals.

In the R8 EGIT process, the IT leadership team is responsible for overseeing the IT
function and making strategic decisions about the use of IT within the organisation.
The IT leadership team may be composed of individuals at the executive level, such
as the Chief Information Officer (CIO), as well as other IT leaders within the
organisation.

Here is an illustration of the R8 EGIT process:

IT Leadership Team
|
IT Department
|
Business Units (e.g. Sales, Marketing)
|
Vendors and Partners

In this model, the IT leadership team is responsible for setting the overall direction
and priorities for the organisation's IT systems, and for ensuring that they are aligned
with the organisation's business goals. The IT department is responsible for the day-
to-day management and operation of the IT systems, and the business units are the
departments within the organisation that use the IT systems to carry out their work.
Vendors and partners may provide IT services or support to the organisation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

4. Explain why organisations should voluntarily report on IT (governance)-


related matters and what are potential topics that can be disclosed.

There are several reasons why organisations should voluntarily report on IT

(governance)-related matters:

1. Transparency: Reporting on IT governance-related matters can help to


increase transparency within the organisation, which can in turn build trust
with stakeholders such as shareholders, customers, and regulators.
2. Accountability: By reporting on IT governance-related matters, organisations
can demonstrate their commitment to accountability and to using IT effectively
and efficiently to support their business goals.
3. Risk management: Reporting on IT governance-related matters can help
organisations identify and assess potential risks associated with their IT
systems, and develop strategies to mitigate those risks.
4. Best practices: By reporting on IT governance-related matters, organisations
can demonstrate their adherence to best practices and industry standards,
which can help to enhance their reputation and credibility.

Potential topics that organisations can disclose in their IT governance-related reports

include:

1. The structure and composition of the organisation's IT governance bodies


(e.g. IT strategy committee, IT department, etc.)
2. The processes and procedures used to govern the organisation's IT systems
3. The organisation's IT strategy and roadmap
4. The performance and effectiveness of the organisation's IT systems
5. The risks associated with the organisation's IT systems and the strategies in
place to mitigate those risks
6. The organisation's IT budget and resource allocation
7. Any significant IT-related incidents or events (e.g. data breaches, system
outages, etc.)
8. Any major IT-related projects or initiatives
9. Any IT-related regulatory or compliance issues.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

5. Explain what is meant by “ambidextrous IT use” and why this is a rele- vant
attention point in the context of EGIT.

Ambidextrous IT use refers to the ability of an organisation to use its IT systems in


both an exploratory and exploitative manner. Exploratory use of IT involves using IT
to create and test new ideas, products, or processes, while exploitative use of IT
involves using IT to support and optimise existing processes and operations.

In the context of EGIT (enterprise governance of IT), ambidextrous IT use is a


relevant attention point because it can help organisations achieve balance and agility
in their use of IT. By being able to use IT both in an exploratory and exploitative
manner, organisations can better adapt to changing business needs and
opportunities, and stay ahead of the competition.

Effective EGIT processes can help organisations achieve ambidextrous IT use by


establishing clear policies and processes for allocating resources between
exploratory and exploitative IT initiatives, and by providing support and guidance to
business units that are using IT in new and innovative ways.

In addition, effective EGIT processes can help organisations manage the risks
associated with ambidextrous IT use, such as the risk of failure in exploratory IT
initiatives and the risk of disruption to existing operations. By managing these risks
effectively, organisations can better support ambidextrous IT use and achieve a
balance between exploration and exploitation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

6. Discuss how the Viable System Model (VSM) can be used as a theoretical
lens to diagnose an EGIT arrangement.

The Viable System Model (VSM) is a systems theory model developed by Stafford
Beer that can be used to analyse and understand the functioning of complex
organisations. The VSM is based on the idea that organisations are complex
systems that need to be able to adapt to changing environments in order to survive.

In the context of EGIT (enterprise governance of IT), the VSM can be used as a
theoretical lens to diagnose an EGIT arrangement by examining how the different
components of the organisation interact and function together. The VSM identifies
five key components of a viable system:

1. System 1: This represents the basic functions of the organisation, such as


production, marketing, and finance.
2. System 2: This represents the coordination of the organisation's basic
functions, and includes processes such as planning and decision-making.
3. System 3: This represents the organisation's external relationships, such as
its relationships with customers, suppliers, and regulators.
4. System 4: This represents the organisation's overall strategy and direction,
and includes processes such as goal setting and strategy formulation.
5. System 5: This represents the organisation's governance structure and
processes, including the roles and responsibilities of different stakeholders,
and the processes and procedures used to govern the organisation.

By examining how these different systems interact and function together, the VSM
can provide insight into the strengths and weaknesses of an EGIT arrangement, and
help identify areas for improvement. For example, if an organisation's EGIT
arrangement is not functioning effectively, the VSM can help diagnose the root
causes of the problems and suggest potential solutions.

Overall, the VSM can be a useful tool for analysing and understanding the
functioning of an EGIT arrangement, and for identifying areas for improvement in
order to ensure that the organisation's IT systems are aligned with its business goals
and are being used effectively and efficiently.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Chapter 5: COBIT as a Framework for Enterprise


Governance of IT
To achieve (any of) the governance and management objectives contained in the
COBIT 2019 core model, enterprises should implement an EGIT system composed
of the key components:

● Processes
● Organisational structures
● Information flows and items
● People, skills and competencies
● Policies and procedures
● Culture, ethics, and behaviour
● Services, infrastructure, and applications

For each governance or management objective:

● A description and purpose is provided as well as its specific goals cascade


(i.e., its contribution to enterprise goals through alignment goals) and example
metrics for these goals
● The components (stated above) which are required to achieve the
governance or management objective are discussed in turn

5.3 COBIT 2019 Principles


There are six COBIT principles that describe the core requirements of an EGIT
system:

Provide Stakeholder Value: Strategic Alignment and the Balanced

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Scorecard

This principle emphasises the importance of aligning IT goals with business goals
and ensuring that IT delivers value to stakeholders.
● Providing stakeholder value corresponds to strategic alignment:
○ Alignment of alignment goals (AG) and enterprise goals (EG)
○ More specifically, COBIT 2019 provides a generic list of enterprise
goals (EG), alignment goals (AG), and their inter-relationships (i.e.,
which alignment goals contribute in a “primary (P)” or a “secondary (S)”
way to the achievement of the enterprise goals)

● To verify whether stakeholder needs are indeed being satisfied, balanced


scorecard method is being used:
○ A management tool that helps organisations to measure and track the
performance of their IT systems

Holistic Approach: Organisational Systems


This principle emphasises the need for a holistic approach to IT management, which
recognizes that IT systems are part of a larger organisational system and that IT
decisions should be made in the context of the organisation as a whole.

An effective EGIT system should be built from various components that


work together in a holistic way ⇒ an EGIT system is effective when it
satisfies the relevant governance and management objectives (thereby
meeting stakeholder needs).

These components are:

● Processes

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

● Organisational structures
● Information flows, and items
● People, skills and items
● Policies and procedures
● Services, infrastructure, and applications

Dynamic Governance System: Evolutionary Dynamics


This principle emphasises the need for a dynamic governance system that
is able to adapt to changing business needs and environments. ⇒
therefore IT governance should be an evolutionary process, not a static
one

By adopting a dynamic governance system, organisations can ensure that their IT


systems are aligned with their business goals and able to support the organisation
as it evolves and grows. It also helps organisations to proactively identify and
address potential challenges or opportunities that may arise as the business
environment changes. A dynamic governance system is essential for ensuring that
IT is a strategic enabler for the organisation and not a hindrance to its success.

This principle is in line with applying VSM: system should be able to


effectively control and manage the current and future use of IT ⇒ creates
and protects value for the organisation ⇒ changes in the use of IT may
require changes to the EGIT system in order to maintain its effectiveness

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Governance Distinct from Management: ISO/IEC 38500


This principle emphasises the need to separate governance from management, with
governance being responsible for setting the direction and policies for IT, and
management being responsible for implementing those policies and delivering IT
services.

By separating governance from management, organisations can ensure that there is


a clear distinction between the roles and responsibilities of each, and that there are
appropriate checks and balances in place to ensure that IT is being used effectively
and efficiently to support the business. The ISO/IEC 38500 standard provides
guidance on good governance practices for IT.

Governance: board of directors under the leadership of the chairperson

Management: responsible for planning, building, running, and monitoring activities


(PDCA: plan-do-check-act) which are aligned with the direction set by the governing
body

Tailored to Enterprise Needs: Contingency Analysis


This principle emphasises the need to tailor IT governance to the specific context
and goals of the organisation. It also highlights the importance of contingency
analysis, which involves planning for and managing risks and uncertainties that may
impact IT systems.

The specific context is shaped by the so-called design factors: contingency analysis
in this context is the study of the factors that influence the choice of a specific
approach to IT governance. It is based on the idea that there is no universal "best"
way to govern IT and that the most effective approach will depend on the specific
needs and circumstances of the organisation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

End-to-end Governance System: IT Savviness

This principle emphasises the need for an end-to-end governance system that
involves all levels of the organisation and ensures that all IT-related activities are
aligned with business goals. It also highlights the importance of ensuring that all
stakeholders are "IT savvy," meaning that they have a basic understanding of IT and
how it can be used to support the organisation's goals.

5.4 COBIT 2019 Core Model

The 40 governance and management objectives are grouped in five domains:


● EDM (evaluate, direct, and monitor):
○ Governance objectives
○ The purpose of this domain is for the governing body (i.e., the board) to
evaluate strategic options, to direct executive management on the chosen
strategic options, and to monitor the achievement of the resulting strategy.
The management objectives are grouped into four domains
● APO (align, plan, and organise):
○ Concerns the identification of how information and technology can best
contribute to the achievement of the business objectives
● BAI (build, acquire, and implement):
○ Contributes to realising the IT strategy through identifying in detail the
requirements for IT and managing program and projects
● DSS (deliver, service, and support):
○ Refers to the actual delivery of required services
● MEA (monitor, evaluate, and assess):
○ Includes those management objectives that are responsible for the
quality assessment in compliance with the control requirements for all
previous-mentioned processes

5.5 Cobit 2019 Performance Management

COBIT uses a capability scheme to measure processes on capability levels (ranging


from 0 to 5): represents how well a process is performing

The capability level of a process is determined by the specific activities that are required to be performed successfully in order
to reach that level. These activities may include tasks, procedures, or other elements that are necessary for the process to
operate effectively. A process reaches a certain capability level once all of the activities that are assigned to that level (and any
lower capability levels) are performed successfully.

For example, a process may be assigned a capability level of "basic" if it is able to perform a set of basic activities consistently
and effectively. To reach the next capability level, the process would need to demonstrate that it can perform additional, more
advanced activities successfully. In this way, the capability level of a process provides insight into the specific activities that are
required to reach a certain level of quality or effectiveness within the process.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

COBIT also uses a maturity scheme. The maturity levels are associated with focus
areas. Hence, a maturity level is a performance measure at the focus area level. A
certain maturity level (i.e., of a focus area) is achieved once all required capability
levels (i.e., of the underlying EGIT components) are achieved.

The concept of capability level is related to the ability of an organisation's IT processes to perform specific activities effectively
and consistently. The capability level of a process is determined by the specific activities that are required to be performed
successfully in order to reach that level.

On the other hand, maturity level in COBIT 2019 refers to the extent to which an organisation's IT processes are developed
and defined. Maturity levels are typically measured using a scale, such as the five-level scale used in COBIT 2019: initial,
repeatable, defined, managed, and optimised.

At the initial maturity level, processes are ad-hoc and not documented. At the repeatable level, processes are documented and
followed consistently within a single part of the organisation. At the defined level, processes are documented, followed
consistently across the organisation, and subject to a defined set of policies and procedures. At the managed level, processes
are measured, monitored, and controlled. At the optimised level, processes are continually improved based on data and
feedback.

So, the main difference between capability and maturity level in COBIT 2019 is that capability level measures the ability of a
process to perform specific activities, while maturity level measures the extent to which an organisation's IT processes are
developed and defined.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

Questions:
1. Explain why COBIT 2019 should be regarded as a framework that enables
the implementation of enterprise governance of information and technology
(EGIT).

COBIT (Control Objectives for Information and Related Technology) is a framework


that provides a comprehensive set of best practices for the governance and
management of information and technology (IT) in an organisation. COBIT 2019 is
the latest version of the framework, which was developed by the Information
Systems Audit and Control Association (ISACA) and the IT Governance Institute
(ITGI).

The COBIT 2019 framework is designed to help organisations establish an effective


enterprise governance of information and technology (EGIT) by providing a set of
principles, practices, and tools that can be used to manage and control IT in a way
that aligns with the organisation's business goals and objectives.

One of the key features of COBIT 2019 is that it provides a holistic view of IT
governance and management, covering all aspects of the IT function, including
strategy, design, acquisition, delivery, and support. This comprehensive approach
helps organisations ensure that their IT systems are aligned with their business
goals and objectives, and that they are effectively managed and controlled to deliver
maximum value to the organisation.

In addition, COBIT 2019 includes a set of 40 control objectives that provide guidance
on how to effectively govern and manage IT. These control objectives are organised
into five domains: plan and organise, acquire and implement, deliver and support,
monitor and evaluate, and optimise. Each domain includes a set of control objectives
that cover specific areas of IT governance and management, such as risk
management, security, and compliance.

Overall, COBIT 2019 is a valuable framework for organisations looking to implement


an effective enterprise governance of information and technology. It provides a
comprehensive set of best practices and tools that can be used to align IT with
business goals and objectives, and to effectively manage and control IT in a way that
maximises value to the organisation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

2. Explain how the (IT) balanced scorecard concept is integrated in COBIT


2019.

The balanced scorecard is a management tool that helps organisations measure and
track their performance using a balanced set of financial and non-financial metrics.
One of the main goals of the balanced scorecard is to ensure that the organisation
delivers value to its stakeholders, which includes shareholders, customers,
employees, and other stakeholders such as suppliers and the community.

In COBIT 2019, the balanced scorecard is used to evaluate the performance of the
enterprise governance of information and technology (EGIT) system in four areas:
financial perspective, customer perspective, internal process perspective, and
learning and growth perspective. By using the balanced scorecard to evaluate the
performance of the EGIT system, organisations can ensure that they are delivering
value to all of their stakeholders.

For example, the financial perspective of the balanced scorecard helps organisations
ensure that they are generating sufficient profits and delivering value to
shareholders. The customer perspective helps organisations ensure that they are
meeting the needs of their customers and delivering value to them. The internal
process perspective helps organisations ensure that they are operating efficiently
and effectively, which can ultimately lead to value creation for all stakeholders. The
learning and growth perspective helps organisations ensure that they are investing in
their employees and developing their skills, which can lead to value creation for
employees and the organisation as a whole.

Overall, the balanced scorecard is an important tool for helping organisations ensure
that they are delivering value to all of their stakeholders. By using the balanced
scorecard to evaluate the performance of the EGIT system, organisations can
identify areas for improvement and take action to address any deficiencies,
ultimately helping to create value for all stakeholders.

3. Explain how COBIT 2019 is in line with the research on IT governance


contingency analysis.

COBIT 2019 is a framework for the governance and management of information and
technology (IT) that is designed to help organisations align their IT systems with their
business goals and objectives, and effectively manage and control IT in a way that
maximises value to the organisation. The COBIT 2019 framework is based on
research and best practices in the field of IT governance, including the concept of
contingency analysis.

Contingency analysis is a research approach that focuses on understanding how


different factors (such as the organisation's size, industry, and strategic goals) can
influence the appropriate governance and management practices for IT. The idea
behind contingency analysis is that there is not a one-size-fits-all approach to IT
governance, and that different organisations may require different governance and
management practices depending on their specific needs and circumstances.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

COBIT 2019 is designed to be flexible and adaptable to the needs of different


organisations, and is in line with the research on IT governance contingency analysis
in this respect. The framework provides a set of principles, practices, and tools that
can be customised and tailored to the specific needs and circumstances of an
organisation. This allows organisations to choose the governance and management
practices that are most appropriate for their specific needs, rather than trying to fit
their IT systems into a predetermined set of practices.

Overall, COBIT 2019 is a valuable framework for organisations looking to effectively


govern and manage their IT systems in a way that aligns with their business goals
and objectives, and that takes into account the specific needs and circumstances of
the organisation.

4. Explain why COBIT 2019 can be seen as a “holistic” framework for


enterprise governance of information and technology (EGIT).

COBIT 2019 is a comprehensive framework for the governance and management of


information and technology (IT) that can be seen as a "holistic" approach to
enterprise governance of information and technology (EGIT). The COBIT 2019
framework provides a set of principles, practices, and tools that cover all aspects of
the IT function, including strategy, design, acquisition, delivery, and support. This
comprehensive approach helps organisations ensure that their IT systems are
aligned with their business goals and objectives, and that they are effectively
managed and controlled to deliver maximum value to the organisation.

One of the key features of COBIT 2019 is that it provides a holistic view of IT
governance and management, rather than focusing on specific areas or silos. For
example, the framework includes a set of 34 control objectives that provide guidance
on how to effectively govern and manage IT, and these control objectives are
organised into five domains: plan and organise, acquire and implement, deliver and
support, monitor and evaluate, and optimise. Each domain includes a set of control
objectives that cover specific areas of IT governance and management, such as risk
management, security, and compliance.

This holistic approach helps organisations ensure that all aspects of their IT systems
are properly governed and managed, and that there is a consistent and integrated
approach to IT governance and management across the organisation.

Overall, the comprehensive and holistic nature of COBIT 2019 makes it a valuable
framework for organisations looking to establish an effective enterprise governance
of information and technology. It provides a comprehensive set of best practices and
tools that can be used to align IT with business goals and objectives, and to
effectively manage and control IT in a way that maximises value to the organisation.

5. Explain how COBIT 2019 accounts for the “evolutionary dynamics” of


enterprise governance of information and technology (EGIT).

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

COBIT 2019 is a framework for the governance and management of information and
technology (IT) that is designed to help organisations align their IT systems with their
business goals and objectives, and effectively manage and control IT in a way that
maximises value to the organisation. The COBIT 2019 framework is based on the
principle that the governance and management of IT is an evolving process, and that
organisations must continuously adapt and improve their EGIT systems in order to
stay competitive and deliver maximum value.

To account for the evolutionary dynamics of EGIT, COBIT 2019 includes a number
of features and practices that help organisations adapt and improve their EGIT
systems over time. For example, the framework includes a set of 34 control
objectives that provide guidance on how to effectively govern and manage IT, and
these control objectives are organised into five domains: plan and organise, acquire
and implement, deliver and support, monitor and evaluate, and optimise. Each
domain includes a set of control objectives that cover specific areas of IT
governance and management, such as risk management, security, and compliance.

In addition, COBIT 2019 includes a set of principles and practices that help
organisations continuously improve their EGIT systems. For example, the framework
emphasises the importance of establishing clear and measurable objectives for the
IT function, and of regularly reviewing and adjusting these objectives as needed in
order to ensure that they remain aligned with the organisation's business goals and
objectives.

Overall, the COBIT 2019 framework is designed to help organisations effectively


manage the evolutionary dynamics of EGIT by providing a set of principles,
practices, and tools that can be used to continuously improve and adapt the EGIT
system in order to stay competitive and deliver maximum value to the organisation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

6. Explain the difference between IT governance and IT management in the


context of COBIT 2019 and illustrate with concrete examples.

In the context of COBIT 2019, IT governance refers to the overall governance and
management of information and technology (IT) in an organisation. It involves
establishing policies, processes, and practices for managing and controlling IT in a
way that aligns with the organisation's business goals and objectives, and that
maximises the value of IT investments.

IT management, on the other hand, refers to the day-to-day management and


control of the IT systems and infrastructure that support the organisation's business
processes and activities. It involves tasks such as designing and implementing IT
systems, managing IT projects, and providing technical support to users.

Here are a few examples of the difference between IT governance and IT


management in the context of COBIT 2019:

● IT governance: Establishing policies for the use of cloud computing services


to ensure that the organisation's data is secure and compliant with relevant
regulations.
● IT management: Implementing a cloud computing solution and managing the
day-to-day operation of the cloud environment.
● IT governance: Developing a risk management plan to identify and mitigate
potential risks to the organisation's IT systems.
● IT management: Monitoring the organisation's IT systems for potential risks
and taking corrective action to mitigate those risks.

Overall, the main difference between IT governance and IT management is that IT


governance is concerned with the overall governance and management of IT in an
organisation, while IT management is concerned with the day-to-day management
and control of the IT systems and infrastructure that support the organisation's
business processes and activities. COBIT 2019 provides a comprehensive set of
best practices and tools for both IT governance and IT management, helping
organisations align their IT systems with their business goals and objectives, and
effectively manage and control IT in a way that maximises value to the organisation.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

COBIT:

EDM01—Ensured Governance Framework Setting and Maintenance: This objective


involves establishing and maintaining a governance framework that guides the
organisation's management of its information and technology (I&T) resources. This
includes defining roles and responsibilities, setting policies and procedures, and
establishing governance structures and processes.

EDM02—Ensured Benefits Delivery: This objective aims to ensure that the benefits
of the EGIT system are realised in a timely and effective manner, and that the
benefits are aligned with the organisation's business goals and objectives. This
includes establishing a process for defining and measuring the benefits of the EGIT
system, and for monitoring and reporting on the progress of the benefits delivery. To
achieve this control objective, the organisation should have processes in place to
identify and define the benefits of the EGIT system, to establish targets and
benchmarks for measuring the benefits, and to track the progress of the benefits
delivery against the targets and benchmarks. This may include measures such as
setting milestones and deadlines for the benefits delivery, tracking the progress of
the benefits realization, and reporting on the progress of the benefits delivery to
stakeholders. Overall, EDM02 Ensured Benefits Delivery is an important control
objective for ensuring that the benefits of the EGIT system are realised in a timely
and effective manner, and that the benefits are aligned with the organisation's
business goals and objectives.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

EDM03—Ensured Risk Optimization: This objective involves identifying, assessing,


and managing risks associated with the organisation's I&T activities. This includes
developing strategies to mitigate or eliminate these risks, and implementing controls
to reduce the likelihood of negative events occurring.

EDM04—Ensured Resource Optimization: This objective involves ensuring that the


organisation's I&T resources are used efficiently and effectively. This includes
optimising the use of hardware, software, and other I&T resources to maximise their
value to the organisation.

EDM05—Ensured Stakeholder Engagement: This objective involves engaging with


stakeholders to understand their needs and expectations, and to ensure that the
organisation's I&T activities are aligned with these needs. This includes
communicating with stakeholders about the organisation's I&T plans and activities,
and obtaining their input and feedback.

APO01—Managed I&T Management Framework: This objective involves


establishing and maintaining a framework for managing the organisation's I&T
resources. This includes defining roles and responsibilities, setting policies and
procedures, and establishing governance structures and processes.

APO02—Managed Strategy: This objective involves developing and implementing


strategies for the organisation's I&T activities. This includes aligning IT investments
with the organisation's business goals and objectives, and defining the direction and
priorities for I&T initiatives.

APO03—Managed Enterprise Architecture: This objective involves defining and


maintaining the organisation's enterprise architecture, which is a blueprint for the
organisation's I&T infrastructure and systems. This includes defining the
organisation's business processes, information needs, and technology requirements,
and ensuring that the organisation's I&T resources are aligned with these needs.

APO04—Managed Innovation: This objective involves identifying and implementing


innovative ideas and technologies that can improve the organisation's I&T
capabilities and business performance. This includes evaluating new technologies
and ideas, and implementing those that have the potential to deliver value to the
organisation.

APO05—Managed Portfolio: This objective involves managing the organisation's


portfolio of I&T projects and initiatives. This includes prioritising projects, allocating
resources, and monitoring progress to ensure that projects are delivered on time and
within budget.

APO06—Managed Budget and Costs: This objective involves managing the


organisation's I&T budget and costs. This includes developing a budget, monitoring
spending, and controlling costs to ensure that the organisation's I&T resources are
used efficiently and effectively.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

APO07—Managed Human Resources: This objective involves managing the


organisation's I&T human resources. This includes defining roles and
responsibilities, recruiting and training staff, and managing their performance to
ensure that the organisation has the necessary skills and capabilities to support its
I&T activities.

APO08—Managed Relationships: It aims to ensure that relationships with


stakeholders, such as customers, suppliers, and partners, are managed in a way
that maximises the value of the EGIT system to the organisation. This includes
establishing processes for managing relationships with stakeholders, and for
communicating with stakeholders about the EGIT system and its benefits. To
achieve this control objective, the organisation should have processes in place to
identify and prioritize its stakeholders, to establish and maintain relationships with
these stakeholders, and to communicate with stakeholders about the EGIT system
and its benefits. This may include measures such as establishing communication
channels with stakeholders, setting targets for stakeholder satisfaction, and
monitoring and reporting on the progress of the relationships with stakeholders.
Overall, APO08 Managed Relationships is an important control objective for ensuring
that relationships with stakeholders are managed effectively, and that the value of
the EGIT system is maximised for the organisation.

APO09—Managed Service Agreements: This objective involves managing the


service agreements between the organisation and its stakeholders, including
customers, suppliers, and partners. This includes defining the terms and conditions
of these agreements, monitoring performance, and ensuring that the organisation's
I&T services are delivered as agreed.

APO10—Managed Vendors: This objective aims to ensure that relationships with


vendors, such as software or hardware suppliers, are managed in a way that
maximises the value of the EGIT system to the organisation. This includes
establishing processes for managing vendor relationships, and for communicating
with vendors about the EGIT system and its requirements. To achieve this control
objective, the organisation should have processes in place to identify and select
vendors, to establish and maintain relationships with these vendors, and to
communicate with vendors about the EGIT system and its requirements. This may
include measures such as establishing communication channels with vendors,
setting targets for vendor performance, and monitoring and reporting on the progress
of the relationships with vendors. Overall, APO10 Managed Vendors is an important
control objective for ensuring that relationships with vendors are managed
effectively, and that the value of the EGIT system is maximised for the organisation.

APO11—Managed Quality: This objective aims to ensure that the EGIT system is
designed, developed, and maintained to meet the quality standards and
requirements of the organisation. This includes establishing processes for defining
and measuring the quality of the EGIT system, and for monitoring and improving the
quality of the system over time. To achieve this control objective, the organisation
should have processes in place to define the quality standards and requirements for
the EGIT system, to measure the quality of the system against these standards and

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

requirements, and to take corrective action to address any deficiencies or improve


the quality of the system. This may include measures such as setting targets and
benchmarks for quality, monitoring the quality of the system regularly, and
implementing process improvements to enhance the quality of the system. Overall,
APO11 Managed Quality is an important control objective for ensuring that the EGIT
system is designed, developed, and maintained to meet the quality standards and
requirements of the organisation, and that the quality of the system is continuously
improved over time.

APO12—Managed Risk: This objective involves identifying, assessing, and


managing risks associated with the organisation's I&T activities. This includes
developing strategies to mitigate or eliminate these risks, and implementing controls
to reduce the likelihood of negative events occurring.

APO13—Managed Security: This objective involves protecting the organisation's I&T


assets from unauthorised access, use, disclosure, disruption, modification, or
destruction. This includes establishing and implementing security policies,
procedures, and controls, and monitoring and evaluating the effectiveness of these
measures.

APO14—Managed Data: This objective involves managing the organisation's data


assets, including its data quality, security, and accessibility. This includes
establishing and implementing data management policies, procedures, and controls,
and monitoring and evaluating the effectiveness of these measures.

BAI01—Managed Programs: This objective involves managing the organisation's


I&T programs, which are large, complex initiatives that involve multiple projects and
stakeholders. This includes defining program goals and objectives, establishing
program governance structures and processes, and monitoring and evaluating
program performance.

BAI02—Managed Requirements: This objective involves defining and managing the


requirements for the organisation's I&T projects and initiatives. This includes
identifying the business needs and objectives that these projects and initiatives are
intended to meet, and defining the functional and non-functional requirements that
must be satisfied in order to meet these needs.

BAI03—Managed Solutions: This objective involves defining and selecting the


solutions that will be used to meet the organisation's I&T requirements. This includes
evaluating and selecting technology and application platforms, and defining the
architecture and design of the solutions.

BAI04—Managed Availability: This objective involves ensuring that the organisation's


I&T systems and services are available when needed. This includes monitoring
system performance, implementing measures to improve availability, and responding
to and recovering from system failures and disruptions.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

BAI05—Managed Organisational Change: This objective aims to ensure that


changes to the organisation's IT systems and processes are managed in a way that
minimises disruption and maximises the benefits of the change. This includes
establishing a structured approach to managing organisational change,
communicating changes to stakeholders, and providing support to employees during
the change process. To achieve this control objective, the organisation should have
processes in place to identify and assess the impact of proposed changes, and to
develop and implement a plan for managing the change. This may include measures
such as training employees on the new systems and processes, providing support
and assistance during the transition period, and monitoring the progress of the
change to ensure that it is being implemented smoothly and effectively. Overall,
BAI05 Managed Organisational Change is an important control objective for ensuring
that changes to the organisation's IT systems and processes are managed
effectively, minimising disruption and maximising the benefits of the change.

BAI06—Managed IT Change Definition: This objective involves defining the changes


that will be made to the organisation's I&T systems and processes. This includes
identifying the business needs that the changes are intended to meet, and defining
the scope and impact of the changes.

BAI07—Managed IT Changes Identification and Build: This objective involves


identifying and building the changes that are required to meet the organisation's I&T
requirements. This includes designing the changes, developing and testing the
required solutions, and preparing for their deployment.

BAI08—Managed Knowledge Assets: This objective involves managing the


organisation's knowledge assets, including its data, information, and expertise. This
includes defining and maintaining the organisation's knowledge management
strategy, and implementing processes and tools to capture, store, and share
knowledge.

BAI09—Managed IT Changes Acceptance and Transitioning: This objective involves


ensuring that the organisation's I&T changes are accepted and transitioned
smoothly. This includes communicating the changes to stakeholders, providing
training and support, and managing the transition to the new processes and
systems.

BAI10—Managed Configuration: This objective involves managing the configuration


of the organisation's I&T assets, including hardware, software, and data. This
includes establishing and maintaining a configuration management plan, and
implementing processes and tools to track and control changes to the configuration
of these assets.

BAI11—Managed Projects: This objective aims to ensure that IT projects are


managed in a way that minimises risk, maximises the benefits of the project, and
delivers the project on time and within budget. This includes establishing a structured
approach to project management, setting clear and measurable objectives for the

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Stuvia - Koop en Verkoop de Beste Samenvattingen

project, and monitoring the progress of the project to ensure that it is on track. To
achieve this control objective, the organisation should have processes in place to
define the scope and objectives of the project, to develop a project plan, and to track
the progress of the project against the plan. This may include measures such as
setting milestones and deadlines, identifying and managing risks, and monitoring the
budget and resources required to complete the project. Overall, BAI11 Managed
Projects is an important control objective for ensuring that IT projects are managed
effectively, minimising risk and maximising the benefits of the project.

MEA01—Managed Performance and Conformance Monitoring: This objective


involves monitoring the performance and conformance of the organisation's I&T
activities. This includes establishing and implementing processes and tools to
measure and evaluate the performance and effectiveness of I&T initiatives, and
taking corrective action as needed.

MEA02—Managed System of Internal Control: This objective involves establishing


and maintaining a system of internal controls to ensure that the organisation's I&T
activities are conducted in a controlled and compliant manner. This includes defining
policies and procedures, implementing controls, and monitoring and evaluating the
effectiveness of these controls.

MEA03—Managed Compliance With External Requirements: This objective involves


ensuring that the organisation's I&T activities are compliant with external
requirements, such as laws, regulations, and industry standards. This includes
identifying relevant requirements, implementing controls to ensure compliance, and
monitoring and evaluating the organisation's compliance.

MEA04—Managed Assurance: This objective involves ensuring that the


organisation's I&T activities are conducted in a manner that is trustworthy, reliable,
and secure. This includes establishing and implementing assurance processes and
controls, and monitoring and evaluating the effectiveness of these measures.

Gedownload door: arnaudalloin | [email protected] Wil jij €76 per


Dit document is auteursrechtelijk beschermd, het verspreiden van dit document is strafbaar. maand verdienen?
Powered by TCPDF (www.tcpdf.org)

You might also like