IT Governance Issues in Korean Government Integrated Data Center 1

Transcription

1 IT Governance Issues in Korean Government Integrated Data Center 1 Mokpo National University, silee@mokpo.ac.kr Abstract Korean government established the GIDC (Government Integrated Data Center) as a comprehensive solution by integrating information systems spread across each government department. It has played a crucial role to expedite the growth of Korean e-government. It has a variety of IT governance issues because it is essentially involved with conflicts among the stakeholders. However, there are few studies on the IT governance issues within the GIDC. This paper explores some of the existing IT governance issues through literature review and derives the most important IT governance issues by collecting data from an expert panel. Then, this paper provides some practical implications. The results of this study are expected to be able to contribute to the establishment of effective IT governance in the public sector. 1. Introduction Keywords: IT governance, IT governance issues, Public sector, GIDC In an era when public administrations need to maintain a broad range of public services respond to social, political and regulatory changes, Information technology and systems (IT/IS) has become indispensable for enabling governments to provide better public services to the public more efficiently, effectively, and sustainably. South Korea has been operating the GIDC (Government Integrated Data Center) which is unique in the world through the NCIA (National Computing and Information Agency) since According to the National Information White Paper [11], GIDC passed the break-even point in 2011 and around 1,000 senior officials from 101 countries has been benchmarked. Despite these achievements, GIDC has experienced governance issues due to selfishness within government departments and also due to the change of regime. Prior to the launch of the GIDC there was a conflict between the ministry of Government Administration and Home Affairs, and the Ministry of Information and Communication due to disagreement about when and how to build the center. Even after GIDC had been built, various IT governance issues have arisen in the process of agreement and implementation of the level of integration. Co-location and H/W resource integration are relatively easy, but S/W integration such as data, application and service integration are impossible without close cooperation between GIDC and government departments. Integration issues as well as its own role and status issues and organizational and institutional issues for enhancing the expertise of the center staff need to be carefully reviewed. If these issues do not work they can cause enormous social costs. In research and practice, a number of IT governance issues have been identified on structures, processes, and relational mechanisms level [2][3]. However, the IS literature so far has drawn little attention to IT governance issues included mechanisms specifically for the public sector [1]. Also, studies dealing with possible or existing IT governance issues after building the GIDC is hard to find. The aim of this paper is to classify IT governance issues through literature review, derive critical IT governance issues of GIDC, and provide some practical implications for building effective IT governance in the public sector. 2. Literature review 2.1. IT governance definition A variety of IT governance definitions have been developed by researchers and practitioners, but within these, the two following definitions will be retained: 1 This paper was supported by Research Funds of Mokpo National University in International Journal of Advancements in Computing Technology(IJACT) Volume 5, Number 11, July 2013 doi : /ijact.vol5.issue

2 IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership, organizational structures and processes that ensure that the organization s IT sustains and extends the organization s strategies and objectives [6]. IT governance is the deciding rights and accountability framework to encourage desirable behavior in the use of Information Technology. Although these definitions differ in some aspects, they focus on similar issues such as achieving the link business with IT and the prime responsibility of the Board [5]. ITGI [6] argued that IT governance is to be concerned about two outcomes: IT s delivery of value to the business and mitigation of IT risk. Therefore, the purpose of IT governance in the public sector is to deliver administrative value through IT and mitigate the IT risk IT governance issues There are a lot of studies in IT governance in private organizations [3][16], but a few studies specially dealt with IT governance issues in the public sector [1]. Based on the findings of the literature review, De Haese and Van Grembergen [3] listed a set of IT governance practices, as shown below: Integration of governance/alignment tasks in roles and responsibilities IT steering committee(s) [7] IT strategy committee [7] CIO on Executive Committee [7] CIO reporting to CEO [7] Architecture Committee [7] Strategic information systems planning Balanced scorecard [8] Portfolio management (incl. information economics) Charge back arrangements Service Level Agreements COBIT Job-rotation Co-location Cross-training Knowledge management (on IT governance) Business/IT account managers Senior management giving good examples Informal meetings between business and IT senior management IT leadership [17] Marks suggested the most prominent, unranked governance issues that appear to impact stakeholders in the governance space for 2011 is as follows: IT risk management The establishment of a governance framework A sense of teamwork Value delivery through IT A more activist information security department and board of directors Cloud computing Continuous auditing and assurance Padmanabhan summarized the objectives of IT governance as follows and discussed some specific issues in IT governance: Aligning IT strategy with business strategy IT as a strategic resource to deliver value IT risk management IT resource and financial management IT performance management IT policies and procedures After reviewing the IT governance literature, Schwertsik et al. [16] summarized aspects of IT governance as follows: 439

3 IT principles, IT architecture, IT infrastructure strategies, Business application needs, IT investments, Mechanisms (committee, budget processes, SLA, communication approaches) Organizational/judicial/economical/technical conditions [13][14] Culture, structure, internal economy, methods and tools, metrics and rewards Value drivers, complexity, capabilities [13] Organizational readiness, stakeholder participation [14] Reference model [7] 2.3. IT governance issues in public sector organizations A few recent works address the IT governance challenges in the public sector [2][19]. Campbell et al. [2] argued that there are systemic differences between private and public sector organizations that impact governance and contrasted IT governance issues in the private and public as follows: The steering committees are commonly used in all sectors for monitoring and reporting progress. As the public sector has greater organizational interdependence than the private sector, it is more easy to share the infrastructure in the public sector than the private sector The public sector is guided by social obligations and concerns while the private sector is led by market signals. As the public sector has many layers of authority, decisions may be delayed or may not occur. Good communication and collaboration are essential elements in IT governance in all sectors. Whether IT is fully or partially outsourced, formal and informal relationships between the outsourcing organization and the service provider are important. As leadership is impacted by the context of the public sector ethos that already existed, it is difficult to modernize leadership in the public sector. Winkler [19] reviewed the key differences and outlined their potential implications for IT governance as follows: For creating public value and improving government operations it requires to consider the broader political and social returns. The goals of IT governance in the public sector are more multifaceted and more difficult to measure than in the private sector. IT governance in the public sector needs to deal with diverse stakeholders and target at aligning these to a greater extent than in the private sector. As public organizations have the soft budget constraint, they exercise greater scrutiny to avoid the risk. Risk aversion and lack of incentives lead a lower degree of innovation in the public sector. As public organizations face much less competition than private companies, they have the opportunity to cooperate and share knowledge on inter-organizational level. Public organizations exhibit lower IT competencies and skills due to the difficulty to compensate for IT professionals. Although public organizations use increasing outsourcing, public procurement procedures are much more complex than for private companies due to the legal constraints. 3. Classification of IT governance issues Be it in the public or private sector, IT governance can be deployed by using a mixture of structures, processes and relational mechanisms [2][5][13]. The best possible mix of structures, processes and relational mechanisms will differ for each organization and depend on multiple contingencies including sector and the operating environment of the organization [15]. Most of IT governance issues derived from previous research are related to these three components. However, some issues such as culture, organizational conditions, and value delivery through IT could not be placed in this framework. Therefore, these are categorized as Others (see Table 1). From the literature review, a total of 50 IT governance issues was identified. 440

4 Table 1. Initial list of IT governance issues Dimensions IT Governance issues References Structures Processes Relational Mechanisms Others Committee IT steering committee(s) IT strategy committee CIO on Executive Committee CIO reporting to CEO Architecture Committee Structure IT infrastructure strategies Integration of governance/alignment tasks in roles and responsibilities Service Level Agreements (SLA) The establishment of a governance framework Reference model COBIT IT principles IT policies and procedures IT architecture Strategic information systems planning IT investments Budget processes Balanced scorecard Portfolio management (incl. information economics) Internal economy Methods and Tools Metrics and Rewards Charge back arrangements IT risk management IT resource and financial management IT performance management IT leadership Business application needs Aligning IT strategy with business strategy Stakeholder participation Communication approaches Informal meetings between business and IT senior management A sense of teamwork Business/IT account managers Senior management giving the good example Co-location Job-rotation Cross-training Knowledge management (on IT governance) Culture Organizational/Judicial/Economical/Technical conditions Organizational readiness Value drivers, complexity, capabilities Value delivery through IT IT as a strategic resource to deliver value A more activist information security department and board of directors Cloud computing Continuous auditing and assurance 4. IT governance issues within the GIDC [7] [7] [7] [7] [7] [7] [8] [17] [14] [13][14] [14] [13] This study focuses on exploration of IT governance issues within the GIDC rather than seeking a hypothesis testing approach. Therefore, secondary research methods such as reviewing available literature and formal and informal discussion with IT governance experts was used. In order to use the Delphi method an expert panel was gathered, which included 30 experts-mis professors, center officials, and senior IT professionals- who are all knowledgeable about IT 441

5 governance in the public sector. From this group, 24 experts continued to be involved in the full Delphi research effort (20% drop off rate), with three MIS professors, seven center officials, eight IT consultants, and six senior IT managers. In the first round, the respondents were asked only to provide their feedback on the initial list of IT governance issues (see Table 1), giving them the opportunity to make recommendations to add, change, or delete some of the issues. As a result, Others dimension was subdivided into four dimensions such as People, Cultures, Environments, and Outcomes. In the second round, the respondents were asked to rate on a scale of one to five, for each of the reviewed IT governance issues, according to the perceived importance (1 = not important, 5 = very important). In the final round, the respondents were asked to reevaluate their own scores from round two, considering the group averages. As a result, 17 critical IT governance issues (3 or more) were derived, which is shown below (see Table 2). Table 2. Critical IT governance issues of GIDC Dimensions IT Governance issues Importance (from 1-5) Structures Committee Organizational structure IT infrastructure Processes Service Level Agreements (SLA) Reference model IT architecture IT resource management IT performance management Relational Mechanisms IT leadership Administration/IT alignment Communication People IT professionals Cultures Ethics Knowledge management Environments Organizational conditions Outcomes Value delivery through IT Risk mitigation Top 7 IT governance issues listed were: IT infrastructure, IT leadership, IT professionals, Communication, Risk mitigation, Ethics, and IT resource management (see Figure 1). The top issues were evenly distributed in all dimensions except the Environments dimension. The Relational Mechanisms dimension has two issues and remaining dimensions have one issue respectively. 442

6 5. Discussion and conclusion Figure 1. Ranking of IT governance issues within GIDC GIDC was established to promote data sharing between departments and improve the quality of public service through unifying computational resources like information system and human resources, and to launch a disaster and emergency prevention system through the establishment of a backup system on the national level [11]. The results of this study suggest that in order to achieve these goals, the following issues need to be solved. First, IT infrastructures like intelligent infrastructure (Electrics, Fire prevention, Air Conditioning) and comprehensive defense system (Physical, Cyber, Access control) need to be predetermined. Second, in addition to the establishment of H/W, the training of IT experts who have a strong sense of ethics and IT security is important. Third, for the GIDC to operate efficiently, there needs to be smooth communication between government departments and center, and also between center and companies. There needs to be IT leadership that can coordinate conflicts and lead coordination for the stakeholders. Fourth, business continuity planning (BCP) and stability at the center can be heightened through neutralizing and removing threats by systematic IT resource management and regular monitoring. Fifth, the value of administrative services can be improved through performance management and performance measurement using IT BSC. Sixth, the implementation of IT architecture according to the [Legislation regarding the effective implementation and operation of Information Systems] is essential, and through the use of government reference model, the compatibility with the IT architectures of government departments can be considered. Seventh, the GIDC s tasks need to be formulated and individual rights and responsibilities need to be clearly defined. Through joint education and sharing of experience and knowledge about IT governance, the efficiency and effectiveness of center operation can be achieved. Eighth, for the GIDC to strategically comply with the government departments administrative service goals, it is important to sign and comply with a service level agreement (SLA). Ninth, GIDC uses an ntops based on ITIL. In the future, the implementation of a reference model such as COBIT should be examined. In the field of obstacles, change, and security management, GIDC needs to configure and operate a committee to make important decisions. Lastly, the GIDC needs to establish promotion principal according to law and the consistency of support policies as well as ease of funding needs to be guaranteed. Practical implications listed above are expected to provide relevant insights for government practitioners and give an important outlook in implementing effective IT governance in the public sector. 443

7 This study has one major limitation that should be considered when interpreting its findings. Due to the relatively small sample and it being limited to Korean Government Integrated Data Center, the results of this study demand caution when generalizing to other types of public agencies or other national context. In a future study, larger data sets are required to enable a more statistical approach and produce more generalizable insights on the implementation of effective IT governance in the public sector. 6. References [1] Ali, S., Green, P., IT Governance Mechanisms in Public Sector Organisations: An Australian Context, Journal of Global Information Management, vol. 15, no. 4, pp.41-63, [2] Campbell, J., McDonald, C., and Sethibe, T., Public and Private Sector IT Governance: Identifying Contextual Differences, Australasian Journal of Information Systems, vol. 6, no. 2, pp.5-18, [3] De Haes, S. and Van Grembergen, W., An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment, Information Systems Management, vol. 26, no. 2, pp , De Haes, S. and Van Grembergen, W., IT Governance Best Practices in Belgian Organisations, Proceedings of the 39 th Hawaii International Conference on System Sciences, pp.195b, [5] De Haes, S. and Van Grembergen, W., IT Governance Structures, Processes, and Relational Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group, Proceedings of the 38 th Hawaii International Conference on System Sciences, pp.237b, [6] ITGI, Board Briefing on IT Governance", 2 nd Edition, IT Governance Institute, USA, [7] ITGI, IT Governance Implementation Guide: How do I Use COBIT to Implement IT Governance, IT Governance Institute, USA, [8] Kaplan, R.S. and Norton, D.P., The Balanced Scorecard: Measures that Drive Performance, Harvard Business Review (January-February), pp.71-79, Marks, L., Top IT Governance Issues of 2011, ISACA Journal (JOnline), vol. 3, pp.1-5, Meyer, N.D., Systemic is Governance: An Introduction, Information Systems Management, vol. 21, no. 4, pp.23-34, [11] NISA, 2012 National Information White Paper, National Information Society Agency, pp , Padmanabhan, G., Issues in IT Governance, BIS Central Bankers Speeches, pp.1-8, [13] Peterson, R., Crafting Information Technology Governance, Information Systems Management, vol. 21, no. 4, pp.7-22, [14] Rau, K.G., Effective Governance of IT: Design Objectives, Roles, and Relationships, Information Systems Management, vol. 21, no. 4, pp.35-42, [15] Ribbers, P.M.A., Peterson, R.R., and Parker, M.M., Designing Information Technology Governance Processes: Diagnosing Contemporary Practices and Theories, Proceedings of the 35 th Hawaii International Conference on System Science, pp.241b, [16] Schwertsik, A.R., Wolf, P., and Krcmar, H., Understanding IT Governance: Towards Dimensions for Specifying Decision Rights, MKWI, pp , _management_u._it-controlling/02_understanding_it_governance.pdf [17] Smith, G., Straight to the Top: Becoming a World-Class CIO, John Wiley & Sons, Chichester, West Sussex, UK, Weill, P., Ross, J.W., IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, USA, [19] Winkler, T.J., IT Governance Mechanisms and Administration/IT Alignment in the Public Sector: A Conceptual Model and Case Validation, 11 th International Conference on Wirtschaftsinformatik, pp ,