A Framework for Information Systems Management and Governance

Similar documents
ISMG. Information Systems Management & Governance

For submission to the Web Redevelopment Project Board

The overall aim for this project is To improve the way that the University currently manages its research publications data

Embedding public engagement at UCL: Dr Hilary Jackson UCL Public Engagement Unit ucl.ac.uk/public-engagement

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Web Strategy UNIVERSITY OF YORK COMMUNICATIONS OFFICE WEB OFFICE

Risk Management Strategy & Implementation Plan

Governance Document Management Framework

TEC Capital Asset Management Standard January 2011

MANAGEMENT INFORMATION SERVICES

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Blackburn College Teaching, Learning and Assessment Strategy. 25 August 2015

Peer Reviews on Pre-application of Internal Models for NSAs and Colleges Final Report

Performance Detailed Report. May Review of Performance Management. Norwich City Council. Audit 2007/08

University of Brighton Sustainable Procurement Strategy

Policy Documentation Development Information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

QUAๆASSURANCE IN FINANCIAL AUDITING

University Reviews: Exploring a New and Coordinated Approach

P3M3 Portfolio Management Self-Assessment

Customer Engagement Strategy 2015/ /18

Management of Business Support Service Contracts

How To Be A Global Leader In Research At Cranfield University

Director of Strategic Planning and Finance

NHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015

Introduction. Purpose

ESKISP Direct security architecture development

Rehabilitation Network Strategy Final Version 30 th June 2014

Strategic Plan San Luis Obispo County Community College District

Department of Information and Technology Management

UNIVERSITY OF KENT E-LEARNING STRATEGY IMPLEMENTATION PLAN UPDATED MAY 2011

Quality Assurance in Higher Education

R U N D O. The ECU Technology Governance Framework A brief guide

Informatics: The future. An organisational summary

2008 review 2013 review Targeted measures Targeted deadline. ENQA Criterion / ESG. February 2016/ Measures already taken. Level of compliance

The South Staffordshire and Shropshire Health Care NHS Foundation Trust Digital Strategy

CHARLES STURT UNIVERSITY WORKFORCE PLANNING FRAMEWORK

Developing a Project Governance Framework

QUALITY ASSURANCE MODEL: GUIDANCE NOTES

Financial and Cash Management Task Force. Strategic Business Plan

Professional Standards for Teachers

Implementation of a Quality Management System for Aeronautical Information Services -1-

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION

CiCS INFORMATION TECHNOLOGY STRATEGY PURPOSE 2. CONTEXT. 2.1 Information Technology. 2.2 Changing Environment. 2.

How To Help Your Educational Psychology Service Self Evaluate

Quality management/change management: two sides of the same coin?

Logical Framework Planning Matrix: Turkish Red Crescent Organisational Development Programme

Procurement Services Strategic Plan

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

HONG KONG BAPTIST UNIVERSITY Enhanced Learning and Teaching Using Technology: An Institutional Strategy

ESKISP Direct security testing

INFORMATION TECHNOLOGY STRATEGY Information Technology Services

VPQ Level 6 Business, Management and Enterprise

Co-operative Development Support Services Service Specification

The Asset Management Landscape

ehealth Architecture Principles

Executive has authority to determine the above recommendation.

Information Governance Strategy

A Framework of Quality Assurance for Responsible Officers and Revalidation

Performance Measurement

CREATING A LEAN BUSINESS SYSTEM

Holistic Development of Knowledge Management with KMMM

Avondale College Limited Enterprise Risk Management Framework

REPORT ON EAQUALS NELLIP WORKSHOP IN GRAZ, AUSTRIA, 11 th APRIL 2014 MATERIALS USED - POWERPOINT

An IT Governance Framework for Universities in Spain

Opportunities and Interest in Shared Services - London HEIs

MANAGEMENT OF POLICIES, PROCEDURES AND OTHER WRITTEN CONTROL DOCUMENTS

NHS Lanarkshire Information Governance Committee

Chapter 10. a The Role of the Minister of Health and Manitoba Health INTRODUCTION

Benefits realisation. Gate

SEARCH PROFILE. Executive Director Policy, Planning and Legislative Services. Alberta Seniors and Housing. Executive Manager I

Best Practice Checklist for Contact Centre Outsourcing

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

ACADEMIC POLICY FRAMEWORK

Best Practice Asset Management

ENTERPRISE PROJECT MANAGEMENT OFFICE

How To Develop An Enterprise Architecture

DRAFT ECONOMIC DEVELOPMENT STRATEGY, RETAIL AND TOURISM ACTION PLANS PUBLIC EXHIBITION

A CHECKLIST FOR DEVELOPING A SUCCESSFUL TENNESSEE CHARTER SCHOOL

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

Quality management/change management: two sides of the same coin?

Version No: 2 Date: 27 July Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

MINISTRY OF HIGHER EDUCATION, OMAN COLLEGES OF APPLIED SCIENCES STRATEGIC PLAN-PHASE

The Audit Committee self-assessment checklist

IT Service Management

AUSTSWIM Strategic Plan January 2014 December 2017

Technology Enhanced Learning Strategy and Implementation Plan

Centre for Excellence in Learning and Teaching

UNIVERSITY OF CALIFORNIA Office of Academic Personnel Academic Personnel Manual (APM) Policy Development Process Guide

The Gateway Review Process

The Advantages of a Technology Governance

Accenture Sustainability Performance Management. Delivering Business Value from Sustainability Strategy

Senior developer / database administrator

Introduction to Enterprise Risk Management at UVM DRAFT

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

Organisational Development Strategy Proactively aligning our culture to our purpose

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

Civil Aviation Authority. Regulatory Enforcement Policy

Transcription:

A Framework for Information Systems Management and Governance 08/10/2007

Introduction Investment in information systems constitutes a significant proportion of expenditure within higher education institutions (HEIs). However, as IT is usually embedded within a business process (i.e. teaching, learning, research or administration), it is often difficult for institutional governors to ascertain how much value these investments contribute to the institution s objectives. The concept of IT Governance has emerged as a response to the growing pressure on organisations to ensure that they are achieving value for money from their information systems and that investment is aligned to the organisation s objectives. The IT Governance Institute 1 defines IT Governance as an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives. By this definition IT governance can be seen to encompass the full range of information systems and IT management activities, together with a governance layer encompassing the need to provide assurance to stakeholders that the requisite policies, structures and systems are in place to manage information systems and IT effectively and that these are aligned to the institution s strategic objectives. The non-profit mission, culture and financing of UK higher education require a customised approach to IT Governance. While existing management approaches may have proved sufficient in the past there are a number of emerging factors that justify a fresh approach to governance within institutions: the speed of change driven or facilitated by IT shows little sign of abating. New technologies (e.g. mobile devices, wireless computing, VLE and portal software, digital libraries, etc.) offer new possibilities for teaching, learning and research. The long-tem adoption of these technologies requires the development of more sophisticated models to justify additional investment and plan for sustainable transformation. the raft of legislation governing the storage and use of information is growing (e.g. the Data Protection Act, Regulation of Investigatory Powers Act, Freedom of Information Act, Disability Discrimination Act, copyright law, etc.). Consequently the institution has an increased responsibility to ensure that it has sufficiently robust policies in place to ensure legal compliance. there is an increasing level of IT awareness and knowledge by University Governors, Managers and users that will demand a much higher quality and level of service than that experienced to date. as IT and information systems continue to become more deeply embedded in all the activities of HEIs there is an increased risk to the institution should those systems fail. there is a growing need to take an institution-wide perspective on IT investment and infrastructure to ensure that the systems deployed by the institution are robust and flexible enough to cope with changing requirements. This has to be balanced against the advantages of devolving certain aspects of IT and information systems to academic faculties, schools or departments. the growing complexity of information systems, their underlying technologies and their inter-relationships makes it increasingly difficult for senior management to develop an informed view of the business cases presented to them and, therefore, to ensure that investments are aligned to institutional objectives. While this is true in every sector, there are certain unique factors that accentuate the issue with HE, such as the fixed-term nature of some senior appointments (Head of Department, Dean, Deputy and Vice Principal) in many HEIs and thereby increase the need to offer structured support, guidance and training to those whose period in office may be no more than two or three years. This Project JISC, with this growing pressure on management and governance structures in mind, commissioned a team from the University of Strathclyde to develop a framework and toolkit to assist institutions in evaluating the management and governance of their information systems. To inform this development the team drew upon a number of sources: Extant frameworks for information systems management and governance, primarily the Value for Money Initiative conducted by HEFCE in 1998 and frameworks developed for IT governance in other sectors. 1 The IT Governance Institute. URL : http://www.itgi.org/ 1

A survey of over 100 UK HEIs, which posed a range of questions about their approach to IT management and governance. Reports and surveys developed by other sector support groups such as UCISA and SCONUL. Relevant literature on the subject of information systems and IT management and governance. The two main outputs of the project are: 1. A framework to guide the analysis and review of information systems and IT management and governance. 2. A self-assessment toolkit, structured around the framework, that will assist institutions in evaluating their approach to information systems management and governance through comparison with best practice across the sector. Draft versions of these outputs were then piloted by seven HEIs across the UK and their feedback was used to inform the further development of the toolkit. A Framework for Information Systems Management and Governance The management and governance of information systems with HEIs can, at first, appear somewhat intractable information systems and IT now underpin almost every activity within HE and therefore a large variety of systems have to be considered; systems cross organisational boundaries and consequently management structures can be complex; the use of information technology is often embedded within other processes making it difficult to review the effectiveness of single component such as IT. In order to help resolve some of this complexity and to allow institutions to take a structured approach to assessing their information systems the project team developed the framework shown in Figure 1 below. The framework is built around five perspectives governance, management, resources, structures and services. The framework takes a service-centred approach with the services delivered by the HEI s information systems, hence the position of services at the centre of the diagram. These services use resources and are organised through the organisation structures and processes that are put in place As reflected in the diagram the services, resources and structures are the primary components of information systems and IT management. The governance activity sits above and overlaps with management, and is primarily concerned with ensuring that management is effective and that activities are aligned to institutional priorities. 2

Figure 1 A Framework for the Management and Governance of Information Systems Each of the perspectives (governance, resources, organisation and services) contain three key issues. The framework and accompanying toolkit are based on the proposition that the effectiveness of information systems governance and management can be ascertained and improved by reviewing these 12 key issues and identifying criteria through which performance in each can be benchmarked against other institutions or compared over time. The Governance perspective is concerned with the relationships between governors and executive management and between executive managers and operational management. These relationships are expressed in three key issues: Vision. The institution should have an approved institutional vision which should be translated into appropriate strategies, including an information strategy and/or an IT strategy. Alignment. The institution should ensure that information systems and IT are aligned to the institutional vision and strategy. Assurance. The institution should be able to provide assurance to its stakeholders that its information systems are aligned to strategy. The Management perspective is subdivided into the three main areas of management responsibility: resources (or the inputs to the process), organisation (or the process itself) and services (or the outputs of the process). Each is described in detail below. 3

The Resources perspective is concerned with the resources that are required in order to deliver the institution s information systems, and ensuring that these are appropriate to the institutional requirements: People. The institution should ensure that the expertise and skills of staff and students are sufficient to effectively use and/or support the information systems and technologies at their disposal. In some instances this will also involve enabling staff and/or students to be involved in the specification and design of the systems Technology. The institution should have effective procedures in place to ensure that it is making informed decisions about investment in technology and that the technologies it acquires are secure, robust and being used effectively. Finance. The institution should have in place procedures to ensure that it makes effective investments in new and existing systems and that there are effective mechanisms in place to allocate and control this funding. The Organisation perspective is concerned with the organisation and procedural structures that are put in place to control the institution s investment in information systems and IT. Here, the key issues are: Structures. The institution should have in place an organisational structure that effectively supports the information systems and services. This includes not only the structure of the central information services departments but also the mix of centralised and devolved responsibilities that the institution has put in place. Policies. The institution should have in place a set of documented policies and procedures that ensure that each stakeholder is aware of their responsibilities and rights in relation to the use of information, information systems and IT. The institution should also have in place mechanisms to monitor compliance with these policies and procedures. Decision-Making. The institution should have in place processes which ensure that suitable individuals or groups are empowered to make decisions and that they are presented with sufficient information and supporting tools to enable them to act effectively. The Service perspective covers all those activities that are outputs of the institution s investment in information systems and IT. These activities can be categorised in three ways: Systems. The institution should have in place mechanisms to ensure that its systems (both IT-based and manual) offer co-ordinated, supported services to users. This issue includes questions of integration of systems both within and outside the institution, designing system architectures to support existing and future needs and the development of new types of systems to support all institutional activities (teaching, learning, research, etc.). Projects. The institution should have in place procedures to guide information systems project work whether the projects are exploratory pilots or full-scale implementations. For exploratory projects the key to effectiveness will be to ensure that the institution has mechanisms in place to learn from the experimentation (e.g. to ensure that successful pilots are effectively disseminated and that the lessons learned from unsuccessful pilots are discussed in a blame-free environment). For full-scale implementation projects there is a need to identify appropriate project management methodologies to help reduce the risk associated with these projects Service Delivery. The institution should have in place procedures to ensure the effective and efficient management of its service delivery. This should involve taking a holistic and user-centred approach, viewing the services from the user s perspective and incorporating their perceptions and input into the planning and control process. Using the Framework and Toolkit The framework described above provides a structure for institutional self-assessment. This review of information systems management and governance utilises a variety of methods that are designed to encourage institutions to reflect on their management and governance of information systems, identify weaknesses and embark on a process of improvement. This process should be on-going, with a strong emphasis on periodic review, and should be embedded within existing structures and processes to add maximum value with minimal increased overhead. The process starts with a definition of the scope and remit of the exercise, an identification of the intended audience for the review and a definition of responsibility for conducting the review. The second stage of the process is a review of the institution s current information systems management and governance. The toolkit contains a number of resources that will facilitate this self-assessment including illustrative case-studies and benchmark comparisons with other institutions. The aim of this exercise is to allow institutions to identify areas that they wish to improve. 4

The toolkit then details resources (such as templates, checklists, case studies, best practice guidelines, standards and procedures) that institutions may wish to refer to or adopt to strengthen their management and governance processes. This process is designed to be embedded within the normal management and governance functions of the institution, encouraging more transparent management and governance through the implementation of periodic review, action and reporting cycles. By embedding this light-touch approach within institutional management and governance processes, value can be added with relatively little additional overhead. Further Information Further information about this project can be found at URL: http://www.ismg.ac.uk or by contacting Michael Coen or Donna Cullen, Learning Services, the University of Strathclyde. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information