e-IRGSP Governance Report

<<<<<<< local

=======

\documentclass[11pt,a4paper]{report}

\begin{document}

>>>>>>> other

\chapter{Overview of Literature in IT Governance}

The importance of IT governance has been widely acknowledged in the academic and professional literature, especially with regard to the private sector. The corporate scandals of Enron and other US-based companies raised the level of regulation and tightened corporate governance in order to protect investors and ensure fiscal accountability. Increased significance was similarly attributed to IT governance, which is the focus of this chapter. Research has found that effective IT governance enhances competitiveness and business value \cite{WeillRoss2004b}. There is debate, however, as to how this can be best operationalised. The following sections will provide an overview of the literature on the nature, forms and mechanisms of IT governance. Current research in the main areas will be discussed, together with the latest empirical findings.

\section{Defining IT Governance}

As a result of research developing in different areas, scholars and professional bodies have suggested many useful definitions. There seems to be general consensus as to how IT governance has come to be interpreted, although the focus is slightly different between studies.

Sambamurthy and Zmud \cite{SambamurthyZmud2000} define IT governance as ``an organisation?s IT-related authority pattern''. The authors suggest research should understand the ``organising logic for the IT function'' which they define as ``the managerial rationale for designing and evolving specific organisational arrangements in response to an enterprise?s environmental and strategic imperatives''. Building on this work, Schwarz and Hirschheim \cite{Schwarz2003} refer to IT governance as ``the IT related structures or architectures (and associated authority pattern) implemented to successfully accomplish (IT imperative) activities in response to an enterprise?s environmental and strategic imperatives''.

In another strand of research, Weill and Ross \cite{WeillRoss2004b} define IT governance as representing ``the framework for decision rights and accountabilities to encourage desirable behavior in the use of IT''. This definition captures the high level at which IT governance operates, but at the same time emphasises on the unique character it can attain since desirable behaviors differ between organisations. It also encompasses both the behavioural and normative aspects of governance in line with OECD principles \cite{OECD}.

Relating IT governance with other aspects of the organisation, Van Grembergen \cite{Grembergen2003} proposes the following definition: ``IT Governance is the organisational capacity exercised by the Board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT''. Along other material operationally focused on implementation, the IT Governance Institute \cite{ITGI2003} suggests that ``IT Governance is the responsibility of the Board of Directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation?s IT sustains and extends the organisation?s strategy and objectives''.

The last two definitions emphasise on the relevance to corporate governance, a recurring theme in the literature. Weill \cite{Weill2004} suggests that ``good IT governance draws on corporate governance principles to manage and use IT to achieve corporate performance goals''. Other articles state that due to the growing reliance of organisations on IT, it is very difficult to distinguish between IT and corporate governance, since they are interrelated and constantly feeding into each other \cite{Grembergen2003}. In addition to this synergy, the literature on Strategic Information Systems Planning also provides useful guidance to IT governance\cite{Webb2006}, as it contributes to work on its supporting mechanisms such as critical success factors, value chain model and business process reengineering \cite{Grembergen2003}.

There is, however, a clear demarcation between IT governance and IT management. The former is usually referred to as a broader term that covers IT performance and transformation towards business and customer demands, while the latter is restricted to denoting effective supply of IT services and products, as well as management of IT operations \cite{Peterson2003}. Although scholars and practitioners insist on the value of involving IT management in IT governance processes, they are quick to dismiss the assumption of IT governance as an enhanced mode of IT management and draw a definite line between the two concepts and the distinct purposes they serve \cite{HaesGrembergen2004,Peterson2003}. As Weill and Ross\cite{WeillRoss2004b} clearly explain, governance establishes who has the right to make decisions, while management involves the actual decision-making and implementation processes.

A large part of the literature discussed an extended view of IT governance, departing from decision rights to include governance mechanisms, informal arrangements and other means to support organisational objectives. This will be further discussed in one of the subsequent sections.

\paragraph{Six Facets of IT Governance}

A consolidation of the literature highlights the following six areas as comprising the scope of IT governance \cite{Ask2007, Grembergen2003, ITGI2003, WillsonPollard2009}. Although they can be theoretically distinct, in practice it is much more likely that they influence and reinforce each other.

	\begin{itemize}	

	\item Strategic Alignment

IT governance is mobilised to support the strategic alignment of business and IT objectives and to ensure appropriate allocation of resources.

	\item Risk Management

IT-related risk management is another area that has gained increasing prominence. IT governance contributes to the assessment of and protection from risks by ensuring appropriate security and integrity, privacy and reliability, safeguarding assets and protecting the technological investment \cite{Grembergen2003, Korac2001, WillsonPollard2009}.

	\item Performance Management and Optimisation

Moreover, IT governance relates to measuring results and achieving performance targets related to IT decisions, as well as monitoring responsible use of IT resources \cite{Webb2006}. 

	\item Control and Accountability

This dimension sets IT governance apart from Strategic Systems Information Planning \cite{Webb2006}. Assignment of control and accountability patterns is directly associated to the adoption of different governance forms that will be presented in a following section.

	\item Delivery of Business Value through IT

This facet refers to leveraging opportunities, maximising benefits and achieving competitive advantage \cite{ITGI2003, Patel2002}. According to Weill and Woodham, ``[a]n effective IT governance structure is the single most important predictor of getting value from IT'' \cite{WeillWoodham2002}.

	\item Capability Management

Some authors include this aspect as integral to IT governance, in terms of developing and managing technical skills and IT capabilities \cite{Korac2001, WillsonPollard2009}

	\end{itemize}

\section{Key IT Governance Decisions}

Weill and Ross \cite{WeillRoss2004b} depart from traditional research on IT governance with their contemporary framework for the customisation of IT governance systems \cite{BrownGrant2005}. Drawing on research in 250 companies worldwide, they argue that the starting point for effective IT governance lies in articulating IT governance decisions and positioning the appropriate people to engage in decision-making in the following five interrelated areas: 

\begin{itemize}

\item IT Principles

These are high-level statements regarding the use of IT and should be deriving naturally to match and support an organisation's business and operational objectives. Weill and Ross \cite{WeillRoss2004b} suggest that these principles should identify the organisational operating model, concrete ways in which IT can support it and the IT funding model required. IT principles guide decisions in the remaining four domains and may be used to raise a shared understanding among organisational members. 

\item IT Architecture

Architecture design relies on IT principles to capture requirements for process, data and technical standardisation and integration, according to the organisation's objectives. For example, the authors \cite{WeillRoss2004b} argue that the extent to which an organisation decides between stable infrastructure and local flexible applications, reflects a translation of relevant strategic choices such as the degree of business flexibility. 

\item IT Infrastructure Strategies 

IT infrastructure is defined as "the foundation of planned IT capability (both technical and human) available throughout the business as shared and reliable services and used by multiple applications" \cite{WeillRoss2004b}. Examples of crucial governance decisions around infrastructures include the location of infrastructure services, pricing, updating and outsourcing.

\item Business Applications Needs

Decisions in this area seek to achieve a balance between, on the one hand, finding creative ways to increase business value through applications that support organisational objectives and, on the other, complying with architectural integrity.

\item IT Investment and Prioritisation

Weill and Ross \cite{WeillRoss2004b} suggest investment levels should correspond to the strategic role attached to IT. An IT investment portfolio -- an analogy to financial investment portfolios -- provides a useful way to approach decisions on funding allocation, based on strategic alignment, return and risk considerations. Prioritising and reconciling IT needs between organisational departments, as well as distinguishing absolutely necessary from merely desirable IT capabilities, are both covered in this area of decision-making.

\end{itemize}

\section{IT Governance Forms}

A large part of the literature discusses appropriate IT governance decision-making structures for different areas in order to maximise efficiency and return on investment. Early research on the topic identified rigid dichotomies between centralised and decentralised organisational models. More recent articles state that the federal model has increasingly gained ground during the 1990's, as more balanced forms emerged \cite{BrownGrant2005, Brown2004}. 

One of the most common approaches distinguishes ``IT-related authority patterns'' as being centralised, decentralised or federal \cite{SambamurthyZmud1999}. Centralised IT governance grants decision rights to corporate stakeholders only. The decentralised mode assigns authority to either divisional units, a mix of divisional units and line management actors, or in very rare cases, line managers only. The advantages of the first include control over IT and a greater opportunity to realise economies of scale, while the second model allows for greater customisation and responsiveness \cite{BrownGrant2005}. 

A federal model would involve a corporate unit and divisional units or line management in different variations \cite{Peterson2004, SambamurthyZmud1999, Weill2004}, combining the advantages of both centralised and decentralised models. Peterson suggests a distinction between IT-centric and business-centric approaches, according to the participation of IT and business executives in decision-making \cite{Peterson2004}. Typically, there is central control on decisions around IT infrastructure supply and decentralised patterns regarding IT applications and use \cite{BrownMagill1998}. Similar types of IT governance have been described as hybrid, distributed, centrally-decentralised and equilibrium models or structures \cite{BrownGrant2005}.

Sambamurthy and Zmud \cite{SambamurthyZmud1999} note that IT governance arrangements are not stable but frequently change from more centralised to more decentralised forms and vice versa. At the same time, it is now acknowledged that there are no strict boundaries between centralised, decentralised and federal models, since they are all situated on a continuum and reflecting more complicated arrangements encountered in organisations \cite{BrownGrant2005}. Essentially, governance structures are put in place to balance the tensions between local units and central parts of an enterprises \cite{Huang2010}. To achieve this task, more flexible IT governance models have been developed, in vertically and horizontally expanded variations \cite{BrownGrant2005}, as can be seen in the following work on IT governance archetypes. 

\paragraph{IT Governance Archetypes}

Weill and Ross \cite{WeillRoss2004b} suggest a more nuanced conceptualisation of IT governance models, using six archetypes to illustrate which sets of stakeholders have input and/or decision rights regarding the five key decisions areas described in an earlier section.

\begin{itemize} 

\item Business Monarchy

In business monarchies, business executives at the most senior levels of organisations (CxOs) make decisions on IT governance. This style is common with respect to IT principles, in this way enhancing the chances for IT alignment with business objectives. IT investment is another area of regular application, where such high-level budgeting decisions establish funding priorities across competing parts of the organisation, rather than being solely focused on IT.

\item IT Monarchy

Senior IT executives make decisions in groups or individually, usually with input from both corporate teams and business units. This governance model is more frequently adopted in IT architecture and IT infrastructure strategies decisions. In other areas the involvement of business executives is required to ensure strategically important goals, responsibility and commitment.

\item Feudal

Feudal arrangements delegate decision-making to the leaders of business units, regions or business functions who own IT processes. However, this is a less widespread model, as it does not take advantage of synergies across the organisation. Only little application was observed in the empirical study by Weill and Ross \cite{WeillRoss2004b}.

\item Federal

This model of IT governance involves coordination between the senior business executives and business unit leaders. There is often participation of senior IT executives or business unit IT leaders. The federal archetype is regularly used to provide input to all five decision areas by a large percentage of organisations studied \cite{WeillRoss2004b}. Actual decision-making is though organised around this type of arrangement mainly with regard to business applications needs across different units, as well as IT investment, in order to ensure a balance between different business units' priorities. However, the authors argue that this model favours large and powerful business units, leading the rest to adopt local IT solutions. 

\item IT Duopoly

Duopolies refer to bilateral decision-making processes between IT executives (only central or together with those from business units) and either senior level business executives, or business unit leaders, the same group involved in feudal arrangements. The simple management structure and the ability to customise decisions for different units efficiently, make duopolies popular in the five key IT governance decision areas. 

Regarding IT principles, coordination between senior business  and IT management ensures alignment and commitment to business objectives. According to Weill and Ross \cite{WeillRoss2004b}, duopolies allow rapid consideration of both business and technological issues around shared infrastructure services, transferring expertise from one party to the other. Moreover, IT duopolies increase the involvement of IT in business applications decisions, resulting to greater exploitation of current technical infrastructures. Along these lines, IT investment and prioritisation often relies on IT duopolies to identify risks and opportunities, especially around long-term and more efficient sharing of infrastructures. 

\item Anarchy

Here, there is no coordination across the organisation, as local needs guide decisions made by individuals or small groups independently. This model is very rare and only appropriate when it is necessary to react quickly to change.

\begin{table}

\caption{Key IT Governance Decision Areas and IT Governance Archetypes \cite{WeillRoss2004b}}

    	\begin{tabular}{ | p{1,7cm} | p{2cm} | p{2cm} | p{2cm} | p{2cm} | p{2cm} | }

    	\hline

    	& \multicolumn{5}{|c|}{\textbf{IT Decisions}} \\

	\hline

    	\textbf{IT Governance Archetypes} & IT principles & IT Architecture & IT Infrastructure 		Strategies & Business Applications Needs & IT Investment \\ \hline

  	Business Monarchy & & & & & \\ \hline

   	IT Monarchy & & & & & \\ \hline

	Feudal & & & & & \\ \hline

   	Federal & & & & & \\ \hline

   	IT Duopoly & & & & & \\ \hline

   	Anarchy & & & & & \\ \hline

     	\end{tabular}

\end{table}

\end{itemize}

As organisations expand geographically and diversify their activities, organisational structures are not adequate to reconcile conflicting needs and objectives and IT governance becomes indispensable. A certain amount of heterogeneity in governance forms archetypes is identified across studies, while is is now widely acknowledged that ``there is no single 'best' IT organisational structure or governance arrangement because IT needs to respond to the unique environment within which it exists'' \cite{Agarwal2002, BrownGrant2005}. Willson and Pollard stress the significance of the unique characteristics of the organisational and historical environment \cite{WillsonPollard2009}. Other research shows that more successful organisations are adopting specific governance models \cite{WeillRoss2004b}. A significant amount of work has been devoted to understanding how specific variables affect IT governance structures. This topic will be discussed in the following section.

\section{Drivers of IT Governance Forms}

The literature stresses the importance of understanding the reasons for adopting specific IT governance arrangements \cite{SambamurthyZmud1999}, to the extent that Brown and Grant identify this as one of the two strands of research, the first strand referring to IT governance forms \cite{BrownGrant2005}. Early research considered single contingencies or a set of individual contingencies but without paying attention to possible interactions. Strategic and performance goals, organisational and decision-making structures, governance experience, size and diversity have been found to influence the choice of IT governance structural forms \cite{BrownGrant2005, WeillRoss2004b}. At the same time, differences according to industries and regions determine appropriate governance arrangements. Not-for-profit and government organisations are characterised by different performance measures, accountability patterns and cultures. As a result, governance archetypes suitable to successful for-profit companies may not apply directly to these organisations. In such cases, Weill and Ross \cite{WeillRoss2004b} find that business monarchies are most usually employed to make IT principles and IT investment decisions, as centralisation is an important aspect of decision-making. In addition, federal governance archetypes are more common in the business applications needs area, to ensure involvement of the higher levels of the organisation.

However, single contingency factors may not be adequate to explain how IT governance forms are shaped, since there is significant interaction between multiple influences \cite{BrownMagill1998, SambamurthyZmud1999}. 

\paragraph{Theory of Multiple Contingencies}

Sambamurthy and Zmud \cite{SambamurthyZmud1999} introduce a theory of multiple contingencies, looking at how a consideration of reinforcing, conflicting and dominating forces generates a better understanding of the evolutionary nature of IT governance in organisations. Through empirical work they found that reinforcing and dominating contingencies would contribute towards centralised or decentralised models of IT governance, while conflicting contingencies were more likely to create federal modes. The researchers grouped contingencies deriving from previous research in the following three categories. These explain the establishment of specific IT governance types against others.

	\begin{itemize}

	\item Corporate Governance

IT governance models frequently reflect similar arrangements adopted in the corporate governance of the same organisations. In addition, the size of the firm plays a significant role, as larger organisations usually have more divisions and tend to decentralise corporate and IT governance to be able to respond to the needs of the business units.

	\item Economies of Scope

Sambamurthy and Zmud \cite{SambamurthyZmud1999} define economies of scope as ``the benefits arising from the sharing of appropriate IT-related expertise, know-how and investments across the enterprise''. Drawing on strategic management literature, the authors suggest diversification mode, diversification breadth and exploitation strategy as three additional factors influencing IT governance. 

Diversification mode refers to whether, on the one hand, strategic goals towards growth assume an internal outlook, leveraging existing technological capabilities and infrastructures. A centralised mode would facilitate coordination of such objectives. On the other hand, diversification mode can be directed towards external expansion through acquisitions, a strategy that may require a decentralised form of IT governance, to accommodate differences between the IT infrastructures and units. 

Diversification breadth regards the similarity between the products of different business units in the same firm or the relevance of the markets they compete in. Assuming that greater similarity in products and markets means less differentiation in IT, Sambamurthy and Zmud suggest that through a centralised mode it would be more likely to achieve economies of scope. Conversely, little similarity in products and markets would make a decentralised model more appropriate.   

Under the condition that diversification mode or breadth allow the leveraging of economies of scope, exploitation strategies provide an avenue to take further advantage of the situation. One way to achieve this would be either by building internal partnerships to integrate IT knowledge and authority, and thereby adopting decentralised IT governance at the divisional level, or by merging IT assets, supported by centralised decision rights. 

	\item Absorptive Capacity 

This term is used to denote employee experience and capabilities in evaluating information and constructing knowledge bases, as well as engaging in effective decision-making and implementation. Lack of IT-related absorptive capacity in line management favours centralised IT governance models, while greater IT experience supports decentralised forms.

	\end{itemize} 

\section{Governance Mechanisms} 

A view of IT governance as evolving around governance forms is restricted and obsolete \cite{Ribbers2002, Schwarz2003}, as it neglects the internal work within these structures within a dynamic and competitive environment. In addition to decision rights and authority structures, IT governance literature extends to examine horizontal integration capabilities, as ``the ability to coordinate and integrate formal and informal IT decision-making authority across business and IT stakeholder communities'' \cite{Peterson2004}. This section will discuss the cross-functional implementation of IT governance in terms of formal/informal coordination mechanisms, structural layers and processes \cite{Brown2004}. 

\paragraph{Structures and Committees}

Peterson refers to this aspect as structural IT governance capabilities \cite{Peterson2004}. Unrelated to IT governance forms, these mechanisms involve formal roles and relationships contributing to horizontal contact between IT and business management. CIOs and liaison roles such as IT relationship managers, IT account managers, as well as IT executive councils and project committees, advisory boards and centres of excellence, they are all elements of structural capabilities \cite{Peterson2004}. 

Weill and Ross \cite{WeillRoss2004b} emphasise on the decision-making responsibilities accompanying this type of mechanisms, discuss how they can generate commitment and relate these with the IT governance archetypes. As it would be anticipated, business monarchies employ executive committees or part of these, sometimes together with the CEO. In IT monarchies one would encounter IT leadership teams and IT architecture committees, with some members participating in both the IT and business realms in order to ensure alignment. The drive for shared IT infrastructures and data makes federal archetypes necessary, but to balance local and enterprise priorities, senior executive committees in this case draw members from all business units. Duopolies are supported by three mechanisms: IT councils with joint business/IT memberships, process teams comprising of cross-functional process owners and IT executives, as well as business/IT relationship managers \cite{WeillRoss2004b}.

\paragraph{Processes and Control Frameworks}

This type of mechanisms reflect the degree to which decision-making and monitoring follow formalised standard procedures and rules \cite{Peterson2004}. Apart from IT governance frameworks developed by organisations themselves, there is a range of IT standards provided by external bodies that consolidate best practice in a structured manner, but at the same time allow organisations to adapt them to their needs. 

One of the most widely accepted frameworks is the Control Objectives for Information and related Technology (COBIT), published free online by the Information Systems Audit and Control Association (ISACA). This set of guidance documentation includes the framework, high-level and detailed control objectives, audit guidelines, management guidelines and an implementation guide together with a toolkit, to support executives with IT governance \cite{COBIT, Guldentops2003}. De Haes and Van Grembergen \cite{HaesGrembergen2004} suggest complementing COBIT with the Information Technology Infrastructure Library (ITIL). 

ITIL is another widely recognised framework, maintained by the Office of Government Commerce (OGC) in the United Kingdom. It is significantly oriented towards service management, such as payroll infrastructures, and comprises of best practice documentation material on strategy, design, transition, operation and continual service improvement (http://www.itil-officialsite.com).  

Maturity models are also useful to benchmark performance and alignment against other standards. Some maturity models are included in, for instance the management guidelines of COBIT, or are developed separately by researchers or institutions such as the IT Governance Institute \cite{HaesGrembergen2004, Luftman2003}. Simonsson et al \cite{Simonsson2010} carried out 35 case studies to examine the correlation between IT governance maturity and IT governance performance. The strongest positive correlation to IT governance performance was exhibited by the internal IT structure, clear organizational structures and relationships, mature quality management and cost allocation. Minimal correlation was found with the maturity of project management, service level management, performance and capacity management.

Taking the view of IT as a service provider to the rest of the organisation, the Balanced Scorecard can be used to control IT performance in areas such as user satisfaction, business contribution, operational excellence and future orientation \cite{HaesGrembergen2004, Grembergen2000}. In addition, by linking the objectives of the business Scorecard to the IT Scorecard, there is greater strategic alignment and capability exploitation \cite{HaesGrembergen2004, Grembergen2000}.

Other related measurement and control tools include Service Level Agreements, strategic alignment frameworks and information economics models \cite{HaesGrembergen2004, Karten2004, WeillRoss2004b}. Weill and Ross add to these the IT investment approval process, the architectural exception process, chargeback, project tracking and the formal tracking of business value and benefit realisation \cite{WeillRoss2004b}. A review of such IT governance tools can be found in \cite{Larsen2006}. It should be noted though that these tools cannot provide universal solutions, but need to be assessed and adapted against the specific context of implementation. As Weill observes, learning achieved through iterative modifications is of great significance \cite{Weill2004}.

\paragraph{Relational Mechanisms}

The first two types of mechanisms do not guarantee effective IT governance \cite{Peterson2004}. Organisations employ relational mechanisms to improve lateral communication and understanding between corporate executives, IT and business people \cite{HaesGrembergen2004}. The purpose is to find integrative solutions combining expert and tacit knowledge through participation and collaboration across boundaries. According to Peterson, this type of relational integration is facilitated through direct informal contacts and negotiations, common locations and "virtual meeting points", lobbying, joint performance incentives and shared learning \cite{Peterson2004}.

Weill and Ross focus on the communication aspect of relational mechanisms \cite{WeillRoss2004b}. Their research showed that formal communication of IT governance mechanisms existence and functionality would relate to more effective governance (while informal communication was not associated with governance effectiveness). Some examples of such communication devices included senior management announcements, communication between and within formal committees to coordinate efforts, web-based portals and intranets, while ownership in the sense of discussing IT governance in the office of the CIO or a devoted IT governance office were deemed equally important. Last but not least, a significant amount of time is spent to guide managers through IT architecture in order to increase acceptance and conformity to IT governance arrangements \cite{WeillRoss2004b}.

Robbins proposes a more inclusive approach to IT governance, involving external parties such as partners, service providers and communities of practice \cite{Robbins2004}. In certain arrangements such as outsourcing this outside input to decision-making is sought regularly already \cite{WeillRoss2004b}.

\begin{table}

\caption{Structures, Processes and Relational Mechanisms \cite{HaesGrembergen2004, Grembergen2003, Peterson2004, WeillRoss2004b}}

\begin{center}

    	\begin{tabular}{ | p{2cm} | p{2cm} | p{2cm} | p{2,4cm} | p{2cm} |}

    	\hline

    	  & \textbf{Structures} & \textbf{Processes} & \textbf{Relational Mechanisms} \\ \hline

	\textbf{Tactics} & IT executives and accounts 

	Committees and councils & Strategic IT decision-making 

	Strategic IT monitoring & Stakeholder participation 

	Business/IT partnerships & Strategic dialog 

	Shared learning\\ \hline

	\textbf{Mechanisms} & Roles and responsibilities

	IT organisation structure

	CIO on board

	IT strategy committee

	IT steering committee & Strategic information systems planning

	Balanced (IT) scorecards

	Information economics

	Service level agreements

	COBIT and ITIL

	IT alignment/governance maturity models & Active participation by principal stakeholders

	Collaboration between principal stakeholders

	Partnership rewards and incentives

	Business/IT colocation & Shared understanding of business/IT objectives

	Active conflict resolution

	Cross-functional business/IT training

	Cross-functional business/IT job rotation\\ \hline

     	\end{tabular}

\end{center}

\label{default}

\end{table}

The mechanisms mentioned above should be simple and unambiguous, transparent and suitable to engage appropriate individuals \cite{WeillRoss2004b}. Weill and Ross further recommend that the design of mechanisms should employ a mix of techniques from all three types and implement these at multiple organisational levels, use less but more effective decision-making structures focusing on alignment, while overlapping membership and clear accountability patterns should be considered \cite{WeillRoss2004b}.

\section{Effective Governance}

Weill and Ross suggest top for-profit governance performers have more managers who are able to accurately describe the role of IT governance in their organisation \cite{WeillRoss2004b}. Senior management engaged more effectively through structural, relational and communication mechanisms. Objectives for IT investment were clearly articulated and communicated, through generally stable IT governance arrangements over time. They also observed more formal architecture exception processes, together with diversified business strategies. 

However, when discussing governments and not-for-profit organisations, the same authors recognise similarities with for-profits but also acknowledge that there are difficulties, especially in assessing performance and value, as well as in justifying IT infrastructures and investments \cite{WeillRoss2004b}. Within a political or similarly restricting environment, there are usually mandates over and above business value and cost-benefit considerations, such as value creation in terms of public good or other objectives. In addition, dependency on external stakeholders/beneficiaries to use and contribute to the infrastructure, dataset or service may mean increased input from these parties in to decision-making structures, such as IT governance forms or mechanisms. In this domain, Weill and Ross observe that top performers clarify how their organisation creates value, recognise the capabilities required and strive to achieve alignment with governance. To this end, guidelines drawn from the five key decision areas for effective IT governance include: making joint business and IT decisions around IT principles and investment, viewing IT infrastructure decisions as strategic business decisions and avoiding feudal, autonomous decentralising models for business applications needs.

As mentioned already, high-level commitment and communication emerge as significant elements of contemporary IT governance. Departing from an earlier focus on loci of control, Peterson concludes that collaboration is the foundation of effective IT governance, ``where the need for distinct competencies is recognized, developed, and shared adaptively across functional, organizational, cultural, and geographic boundaries'' \cite{Peterson2004}.

\bibliography{references}

\bibliographystyle{plain}

\end{document}