Popular in Course
verified elite notetaker
Popular in Business
This 7 page Document was uploaded by an elite notetaker on Monday December 21, 2015. The Document belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 7 views.
Reviews for IT-Governance-in-Open-Distance-Learning-institutions--a-case-of-Zimbabwe-Open-University
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 12/21/15
IOSR Journal of Business and Management (IOSR-JBM) e-ISSN: 2278-487X, p-ISSN: 2319-7668. Volume 16, Issue 9.Ver. IV (Sep. 2014), PP 88-94 www.iosrjournals.org IT Governance in Open Distance Learning institutions: a case of Zimbabwe Open University Cuthbert Muza , Andelcah Muza 2 1 2 (Department of Accounting, Banking and Finance, Zimbabwe Open University, Zimbabwe) (Department Of Computer Science and Information Technology, Midlands State University, Zimbabwe) Abstract: Many organisations are now opting to using Information Technology(IT) in order to improve their businesses. The problem comes when the Board or top management does not associate itself with important issues pertaining to IT due to fear of accountability of IT failures. It seems most organisations, both parastatals and the private companies, are not implementing IT governance. This study therefore sought to evaluate the status of IT governance as well as to assess the level of IT governance implementation at an Open Distance Learning(ODL) institution. The study looked at strategic issues, risk issues, internal control issues, decision making issues and performance issues. The research findings showed that the status of IT governance at ZOU is better and the level of IT governance implementation is at middle level due to minimal implementation. The study finally recommended ZOU to continue implementing IT governance and that it should conduct workshops for helping its staff to fully understand IT governance. Keywords: Board, Information technology, governance, risk, strategic alignment. I. Introduction In order to build and keep a company that is governed well, IT systems play a crucial role as a current business backbone. In a Zimbabwean situation, most organisations use multi-currency, have many divisions including the ones abroad. This becomes a burden as these organisations try to act in accordance with several regulatory bodies. IT systems can help in achieving accuracy and easy compliance by quickly releasing information and reducing possible reporting mistakes. IT Systems also make sure that the activities of the organisation remain acquiescent with both external and internal policies. According to Gosling (2006) Information Systems can be streamlined and centralised. He went on to say online learning and staff management systems can be used to distribute important compliance information and for training staff on company ethics and compliance needs. Many organisations apply „operational frameworks‟ in their different departments because they have realised how important they are. These company controls have made the businesses to grow and at the same time returning value to the shareholders. Regardless of all this, organisations still underrate using the related controls to IT. The reason might be that most of the departments of IT deliver what is less than they will have promised. The competitive environment does not allow this. IT must be aligned to the whole business strategy. The standards of value and of performance must be set and IT must be measured against these standards so that it keeps improving. II. Background to the Study Though IT governance has been around for more than 10 years, it remains unfamiliar to the business world. According to Rutsito (2013) most Zimbabwean IT companies have survived without upright IT governance structures and laws. The specialists in IT auditing have confirmed that IT governance is not being implemented by most parastatals and private organisations. Most of the top management or the Board in most organisations does not associate themselves with IT operations to avoid accountability of failures of IT. This leaves a question on whether the IT administrators and IT managers have the authority to put IT policies into implementation without the executives‟ approval. Internationally, computer networks are being attacked each day. Rutsito (2013) revealed that according to Hackers network, quite a number of networks are being attacked, redirected every single day and their services denied. It seems this part of the continent has been silent of these issues but this does not mean these issues are not happening in Zimbabwe. This country is also not safe from these attacks. Zimbabwe might not the international target but there are local attacks and organisations have to do something to protect their IT systems. ZESA once lost US$3 million due to IT fraud. Econet‟s airtime system was once compromised and their broadband website disfigured with humiliating messages until they took it offline. The IT personnel of ZABG banks also supposedly planned and defrauded the bank. A lot of IT fraud cases are disturbing in Zimbabwe but organisations still seem ignorant of all these issues happening. www.iosrjournals.org 88 | Page IT Governance in Open Distance Learning institutions: a case of Zimbabwe Open University When an organisation faces such issues, who should be accountable? Is it the IT managers? It is high time IT is represented in the board. You find cases where the IT manager reports to the Financial Director who does not even know how a server differs from saver. Companies should bring about Chief Information Officers (CIO) positions. An IT governance expert who once visited Zimbabwe in 2012 indicated the need of IT governance and its values. All these issues have prompted the researcher to study IT governance in an Open Distance Learning institution particularly Zimbabwe Open university. III. Literature Review 3.1 Definitions of IT governance IT governance is the system by which IT within enterprises is directed and controlled. According to Weill and Ross (2004, p.2) IT governance is “specifying the decision rights and accountability framework to encourage desirable behaviour in using IT.” Rutsito (2013) defined IT governance as “structure of processes that govern a company or its board‟s ability to direct and control the company‟s use of IT resources and decision making processes.” According to ITGI (2003, p. 1) IT governance is the description of “how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction of the company.” IT governance can also be defined as “the organizational capacity to control the formation and implementation of IT strategy and provide direction to achieve competitive advantages for the corporation” (ITGI, Nolan & McFarlan 2005; Henderson &Venkatram 1999). De Haes and Grembergen (2004, p. 1) defined IT governance as the “leadership and organisational structures, processes and relational mechanisms that ensure organisation‟s IT sustains and extends its strategy and objectives.” Grembergen (2002) cited in De Haes and Grembergen (2004) said IT` governance is the “organisational capacity exercised by the Board, executive management and IT management to control formulation and implementation of IT strategy and in this way ensure the fusion of business and IT.” There are quite a number of IT governance definitions but they all concentrate on one thing which is the alignment of IT strategy to business strategy. The definition of IT governance by Grembergen (2002) indicates the involvement of IT management in IT governance. The definition that will be used in this study is the definition by De Haes and Grembergen (2004). 3.2 IT governance vs IT Management Weill and Ross (2004) described IT Management as the making and implementation of decisions. They went on to say that IT governance controls who makes and contributes to decisions pertaining to IT. IT management focuses „on the internal effectiveness supply of IT services and products and management of present IT operations‟ (de Haes & Grembergen, 2004). It also focuses on performance and transfer of IT to meet current and prospect demands of the organisation and customers of the organisation (Peterson 2003). IT management fundamentals as well as IT services and products can be appointed to an external supplier. IT governance is company specific because direction and control of IT cannot be delegated to outsiders. In other words, IT governance creates settings that can be managed by others effectively whereas IT management makes operational decisions (wordpress.com, 2008). For example, IT governance directs who holds the decision rights on the amount of IT investment whereas IT management decides on the actual amount to be invested in a year and on the areas the money should be invested (Weill & Ross, 2004). IT governance mirrors wider corporate governance values while concentrating on the IT management and IT use to accomplish the organisation‟s performance objectives (Weill & Ross 2004). 3.3 IT governance According to Shupta (2012), IT governance consists of structural element and process element. The structural element refers to the company‟s IT actions, how these actions support the company‟s objectives and people involved in managing the actions. The process element refers to the IT decision making rights, policies and instruments that are used for measuring and controlling decision making concerning IT and how these are done in the company (Shupta 2012). Rights distribution and the responsibilities of the Board and IT managers are specified by the IT governance structure. The IT structure also influences the procedures and rules for IT decision making (Brandy 2005). 3.4 Principles of IT governance in King 3 report (www.itgovernance.co.uk) According to King 3 IT governance is the responsibility of the board. Performance and sustainability goals of the organisation should be aligned with IT. The responsibility for IT governance framework implementation should be delegated to management by the board. The major IT investments and expenses www.iosrjournals.org 89 | Page IT Governance in Open Distance Learning institutions: a case of Zimbabwe Open University should be monitored by the board. Information Technology has to be a fundamental part of the risk management of the organisation. The board must make sure that the information resources are effectively managed. The board should be helped by the audit committee and the risk committee to carry out its responsibilities. IT Governance must also deliver a complete framework that permits organizations to deal with a variety of computing matters in order to be successful (Norlan& McFarlan 2005) (Henderson &Venkatram 1999) cited in (Raghupathi, 2007). 3.5 Supporting areas of IT governance 3.5.1 Strategic Alignment Grembergen (2004) defined strategic alignment as a manner in which organisations achieve competitive advantage by creating and supporting the connection between IT and the business. The business should be moving in the right direction with the help of IT enabling it to be on a better position than its competitors. 3.5.2 Value Delivery According Grembergen (2004) IT can create innovative value for the company by upholding value brought about by current investments in IT and at the same time removing assets that are not bringing enough value to the organisation. The elementary principles for IT value are provision of fit-for purpose services and resolutions on time and within the financial plan and producing the financial profits that were intended by the organisation. The IT value delivery must be allied directly with the value expected by the business. The value should be measured transparently bringing out the impact and influence of IT investments in the business process of creating value. 3.5.3 Risk Management Grembergen (2004) said it is the addressing IT associated risks. IT risk is the company risk linked to the use, possession, operation, participation, effect and adoption of IT by the organisation. Risk of IT involves IT linked procedures that could possibly impact the business. Although value delivery focuses on creating value to the business, risk management focuses on preserving the value of the business. 3.5.4 Resource Management Resource management makes sure that correct capabilities are in place to effect the strategic plan (Grembergen 2004). There should be adequate, suitable and operative resources provided. Resource management also makes sure that an incorporated, cost-effective IT infrastructure is delivered, new technology is presented as needed by the business and that complete systems are improved and substituted. IT identifies how important people are with hardware and software and therefore makes sure training is provided to the IT personnel to ensure competence. 3.5.5 Performance Measurement Grembergen (2004) noted that performance measurement is exchanging the accomplishments of the organisation‟s goals of IT linked services and results. Without starting and checking performance measures, it is improbable that former focus areas will attain the desired results. The performance measurement part embraces the making of business focused IT scorecards assessment and promise improvements. It offers a connection back to the other part by monitoring that the necessary direction is being followed and this generates the chance to take appropriate corrective procedures if needed. IV. Problem statement Norlan and McFarlan (2005) stated that organisations have to create their specific policies and processes about IT governance and make sure they are implemented by their engineers and developers. Though IT is becoming important in doing business and making it productive, it is still a problem to incorporate IT governance into organisations (Raghupathi 2007). Raghupathi (2007) indicated that though IT is a serious business success driver, Boards of directors are still not keeping the pace. There is a basically a disconnection between boards and IT staff of the organisations they direct. Most Boards seem to show little interest and much less expertise on IT issues thereby they have greatly sidelined IT governance (Raghupathi 2007). This has prompted the researcher to conduct a study on IT governance in Open Distance Learning institution to see the state of IT Governance and the level of its implementation in such organisations. V. Research objectives 5.1 To evaluate the status of IT governance at Zimbabwe Open University 5.2 To assess the level of implementation of IT governance at Zimbabwe Open University www.iosrjournals.org 90 | Page IT Governance in Open Distance Learning institutions: a case of Zimbabwe Open University VI. Research questions 3.8.1What is the status of IT governance at an Open Distance Learning institution (ZOU)? 3.8.2 At what level of implementation is IT Governance at an Open distance learning institution (ZOU)? VII. Methodology A descriptive case study method was considered the most appropriate for the study. Descriptive research design was defined by Cohen and Manion (1990) as the manner in which data is gathered at a certain time so as to give a description of the present condition‟s nature. Saunders et al. (2009) described a case studyas a way of doing a hands-on study of current procedures in an actual setting using several ideas. Hence the researcher used the descriptive case study research approach because it uses both qualitative and quantitative methods. Questionnaires and interviews were used as research instruments for the study. A questionnaire was used to attain details from the respondents that were beyond the researcher‟s assumptions (Leedy 1985). The questionnaire had several questions, both open-ended and closed ended questions. The researcher used hard copies of the questionnaires and distributed them to a sample of 15 respondents who work in the IT department of ZOU. Only 9 questionnaires were considered valid for data analysis as 4 of them were not returned and 2 of them were returned unanswered. Interviews were done to 6 respondents. The questionnaire had several questions, both open-ended and closed ended questions. VIII. Results, Analysis and Discussion Data was collected from the respondents. The results were analysed and discussed. 8.1 Section A- Background information of respondents The findings show that 6 (66.7%) of the respondents were females whereas only 3 (33.3%) were males. About 6 of the respondents‟ age ranged between 25-35 years, 2 respondents were between 35-45 years and only one respondent was below the age of 25. No respondent was above 45 years of age. From the respondents only 5 (55.6%) had degrees, 2 (22.2%) had Diplomas and the other 2 (22.2%) had National certificates as their qualifications. Of the respondents, 2 were software developers, one IT manager, one systems analyst, IT Technician, a software engineer, a student on attachment, an IT chief secretary and one database administrator. 7 (77.8%) of these respondents indicated that they were involved in the IT governance of the institution. The respondents had to indicate how best they could describe their institution in terms of its new technology adoption. About 4 (44.4%) respondents showed that the institution was an early adopter whereas only 5 (55.6%) indicated that it was a late adopter of new technology. When asked if the IT objectives were aligned to the institution‟s objectives, all the 9 (100%) respondents agreed to the IT objectives‟ alignment to the institution‟s objectives. Eight of the study‟s participants accepted that the institution‟s competitiveness is enhanced by the IT capabilities and only one respondent was not sure about this. 8.2 Section B: Strategic alignment issues This section was basically looking at the strategic alignment issues of the institution. The respondents were asked if there is a supervised documented IT strategic plan that is constantly updated when necessary. Only 7 respondents agreed to this and 2 respondents were not sure about this. All the respondents who agreed to having an IT strategic plan indicated that this IT strategic plan addressed IT issues that pertained to the whole institution. They also proved that this IT strategic plan is a foundation for the institution‟s yearly plans, long term budgets and IT project arrangements. When asked if the IT strategic priorities are openly addressed at the institution, 4 (44.4%) of the respondents agreed and 3 (33.3%) respondents strongly disagreed to this. 8.3 Section C: Risk Management issues This section of the questionnaire was concerned about risk management issues pertaining to the institution. The respondents were asked if there was a risk assessment plan for the institution‟s IT use. The results showed that a majority of the respondents, which is 5 respondents, indicated that there was no risk assessment plan for the institution. Only two respondents said there is a risk assessment plan and these were asked if the top management acted upon the assessment results on which they agreed. The questionnaire also asked how data integrity is ensured in the institution, that is, data accuracy, data completeness, the appropriate use of data and relevance. The outcome is shown in the table below. Table 1: data integrity Data integrity practice frequency Percentage (%) Data encryption (locking data by cipher) 9 100.0 Data backup (where copy of data is stored somewhere) 8 88.9 Access control (assigning read/write privileges) 7 77.8 Input validation (to prevent incorrect data entry) 5 55.6 www.iosrjournals.org 91 | Page IT Governance in Open Distance Learning institutions: a case of Zimbabwe Open University Data validation (to certify uncorrupted transmission) 5 55.6 The table shows that data integrity is ensured at this institution because the response rate for every data integrity practice is above 50%. All the respondents indicated that internal audits are the arrangements by the institution for consistent auditing and reviewing of systems as a way of mitigating risks appropriately. The research findings also show that 7 of the respondents accepted that there is a person responsible for privacy policies, privacy regulations and adherence to these. Two of the respondents were not sure about this. An 88.9% of the respondents agreed that the electronic activities were properly secured from unauthorised attackers that would affect the institution‟s publicity. They indicated that this was done through password protection; updating hardware and software configuration frequently; and use of antivirus and antimalware software. A majority of the respondents were not sure if there were any operational controls that have been implemented to assure that data and systems were accessible matching with accessibility policies. When the respondents were requested to indicate if they had any understanding of the effects of service interruptions, only 4 respondents agreed, 3 were not sure and 2 respondents said they did not. Those who agreed were further asked how the possible effects of service interruptions were dealt with and they mentioned that they use UPS which is the Uninterruptible Power Supply or Source. In regard to any legal consequences taken into consideration concerning copyright laws, software, service contacts and hardware, 4 (44.4%) respondents did not know if these were there or not and only 5 (55.6%) agreed that the legal consequences taken into consideration are there. Of the respondents, only 4 agreed, 2 strongly agreed and 3 also strongly disagreed that IT policies concerning the whole institution‟s security and privacy are developed. All the respondents agreed that crucial IT decisions concerning the whole institution security and privacy are implemented. 8.4 Section D: IT internal control issues The respondents were asked if the institution has an IT steering Committee and 66.7% gave an affirmation to this. When asked who chairs the IT Steering Committee, a majority showed that the Vice Chancellor chairs the IT Steering Committee with only a few saying it is chaired by the IT Director. The other question was on some of the duties done by the IT Steering Committee. The respondents were asked if the IT Steering Committee sets policies, resolves conflicts, approves funds and gives advice. The responses are shown in the table below. Table 2: duties done by the IT Steering Committee of the institution Duty YES Don‟t Know No Frequency Percentage Frequency Percentage Frequency Percentage Setting of policies 6 66.7 2 22.2 1 11.1 Resolving conflicts 6 66.7 3 33.3 Funds approval 5 55.6 3 33.3 1 11.1 Giving advice 6 66.7 1 11.1 2 22.2 The findings on the table show that a majority of the respondents confirmed that the IT Steering Committee sets policies, resolves conflicts, approves funds and gives advice with each duty having a response rate above 50%. Most of these respondents agreed that the IT Steering Committee gives effective contribution to the institution‟s IT governance. From the findings, it shows that most of the employees have been made aware of the IT policies that concern contracts, copyright regulations and licences because 7 (77.8%) respondents admitted to that. The respondents indicated that these IT policies are conversed through meetings and mostly through policy manuals. The IT employees ensure that the institution is alert of trends in technology, to better position the institution in the tertiary education industry, by researching on new trends and benchmarking and then advice the responsible authorities. 8.5 Section E: Decision making issues The research findings show that IT governance is involved in making suitable decisions in this ODL institution as 8 (88.9%) of the respondents agreed to this. The respondents were requested to indicate who makes final decisions pertaining to IT principles, IT infrastructure, Application needs and in Investment and prioritisation. The results are shown in the following table. www.iosrjournals.org 92 | Page IT Governance in Open Distance Learning institutions: a case of Zimbabwe Open University Table 3: Who makes final decisions? IT Principles IT infrastructure Application needs Investment& prioritisation Freq. percentage Freq. percentage Freq. percentage Freq. percentage Vice Chancellor - - - - - - 8 88.9 The council - - - - - - 8 88.9 IT Director - - 8 88.9 - - - - IT Manager 8 88.9 6 66.7 4 44.4 - - Database Admin 3 33.3 - - 2 22.2 - - IT technician 4 44.4 - - - - - - Programme Leader - - - - - - - - students - - - - - - - - The table above shows that most final decisions are done by the Vice Chancellor, The Council, the IT Director and the IT Manager. Final decisions pertaining to Investment and Prioritisation seem to be done by the Vice Chancellor and the Council of the institution because they had the response rate of 88.9% each. IT infrastructure final decisions are mainly done by the IT Director and the IT manager with response rate of 88.9% and 66.7% respectively. The IT Manager is responsible for final decisions concerning IT principles. When making decisions that are allied to principles of IT, the respondents were asked how frequently the institution receives input or seek advice from the IT Director, IT Manager, Database Administrator, IT technician, Programme Leaders or students. The response results are shown below. Table 4: Frequency of institution’s advice seeking Never Rarely Often Very often Freq. Percent Freq. percent Freq. percent Freq. percent IT Director 8 88.9 IT Manager 7 77.8 Database Admin 6 66.7 IT Technician 6 66.7 Program Leaders 4 44.4 Students 2 22.2 The findings in the table show that the institution very frequently receive or seek advice from the IT Director (88.9%) and IT Manager (77.8%) concerning decisions allied to IT principles. 8.6 Section F: Performance Measurement issues This section looks at issues of the institution‟s IT performance. Table 5: performance issues Strongly disagree disagree agree Strongly agree Freq. percent Freq. percent Freq. percent Freq. percent IT performance is 3 33.3 - - 6 66.7 - - systematically measured and reported. Decisions concerning IT 2 22.2 - - 6 66.7 1 11.1 are made based on the assessed IT outcome. During the IT 1 11.1 1 11.1 5 55.6 2 22.2 governance process, the assessment and reporting of IT are integrated. A balanced scorecard is 3 5 55.6 1 11.1 used to measure IT performance in our institution. Our IT services satisfy - - 9 100.0 - - our key stakeholders. Table 5 shows that a 66.7% of the respondents agree that IT performance in the institution is systematically measured and reported and that decisions concerning IT are made based on the assessed IT performance. A 55.6% response rate is for the agreement that a balanced scorecard is used to measure IT performance in the institution. All the respondents agreed that the institution‟s IT services satisfy their key stakeholders. The respondents were also asked if they have determined the fundamental performance indicators and drivers of the IT institution-wide. All the respondents answered with a “yes”. They also agreed that these are constantly monitored and benchmarked against standards of the tertiary education standards. www.iosrjournals.org 93 | Page IT Governance in Open Distance Learning institutions: a case of Zimbabwe Open University The institution uses ISO 9001 as an IT governance framework. IX. Summary and conclusion This study‟s main aim was to look at the status of IT Governance and the level of its implementation at an Open Distance Learning institution. It basically looked at IT strategic issues, Risk issues, Internal control issues, decision making issues and performance issues. Questionnaires were distributed to 15 respondents but only 9 were considered for data analysis. The interviews were done to 6 respondents so as to back the questionnaire responses. The research findings were then analysed and summarised to come up with conclusions. From the research findings it can be concluded that the IT governance status at Zimbabwe Open University is better as some of the IT issues are considered though it seems most of the respondents had no enough information pertaining to the institution‟s IT governance. It can also be concluded that the implementation of IT governance at ZOU is on a middle level because they are not ignorant of the IT governance and at the same time it is not fully implemented. Most of the IT governance issues are taken into consideration at ZOU though not completely. X. Recommendations This study recommends that: ZOU should continue to implement IT governance because through the successful implementation of effective IT governance, it can create a sustainable competitive advantage through strategic alignment, value delivery and risk management and face today‟s challenges in the best possible form. ZOU should have workshops that teach its employees to have a full understanding of the IT governance and how important it is in the success of the institution. References . Brand, K. (2005) IT governance based on COBIT 4.1: management guide, London . Cohen, L. & Manion, L. (1990) Research Methods in education. 3 ed. . De Haes, S. and Grembergen, W. V. (2004) IT governance and its mechanisms. Information Systems Audit and Control Association Journal1 . Grembergen, R. (2004) Strategies for Information technology governance. Idea Publishing Group . Hale, J. (2011) The 3 basic types of descriptive research methods. Psych Central. Retrieved on 13 March from: <http://psychcentral.com/blog/archives/2011/09/27/the-3-types-descriptive-research-methods> . Henderson, J. and Venkatraman N. (1999) Strategic alignment: Leveraginginformation technology for transforming organizations. IBM Systems Journal 38(2–3), 472–484. . Leedy, P.D. (1985) Practical Research: Planning and Designing. 3 ed. New York, Macmillan Publishing Company. . Thibodeau, P. (2003) Offshore risks are numerous, say those who craft contracts. Computerworld12. . Nolan, R. and McFarlan, F. (2005) Information technology and the board of directors. Harvard Business Review 83(10), 96–106. . IT Governance Institute. Board Briefing on IT Governance, 2nd ed. Rolling Meadows, IL; www.itgi.org. . Peterson, R. (2003) Information strategies and tactics for information technology governance, Idea Group Publishing . Raghupathi, W. (2007) Corporate Governance of IT:A framework for development. Communication of the ACM 50(8), 94-99. . Rutsito, T. (2013) IT governance: a time bomb. The Standard . Saunders, M., Lewis, P. &Thornhill, A. (2009) Research Methods for Business Students. 5 ed, Pitman. . Scottsdale Institute (2001) Closing the governance gap: Bringing boards into the IT equation. Information Edge 7, 7 . Shupta, D. (2012) IT governance-what is it and why is it important, Business Innovation http://blog.sap.com/innovation/it- governance-what-is-it-and-why-is-it-important-84961 Accessed 25 March 2014 . Weill, P. and Ross, J. W. (2004) IT governance: how top performers manage IT decisions rights for superior results. Harvard Business School, Boston . www.servicexen.wordpres.com/2008/06/01/it-governance-vs- corporate-governance-vs-it-management www.iosrjournals.org 94 | Page
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'