IT Governance Issues in Korean Government Integrated Data Center 1



Similar documents
ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE

MODEL FOR IT GOVERNANCE ASSESSMENT IN BANKS BASED ON INTEGRATION OF CONTROL FUNCTIONS

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations

Assessment of IT Governance - A Prioritization of Cobit -

Revised October 2013

Proceedings of the 34th Hawaii International Conference on System Sciences

Information Technology Governance Best Practices in Belgian Organisations

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Understanding IT Governance

Korea s Innovative GIDC Development

Measuring IT Governance Performance: a Research Study on CobiT- Based Regulation Framework Usage

An IT Governance Framework for Universities in Spain

ITAG RESEARCH INSTITUTE

IT Security Governance for e-business

Using Balance Score Card in aligning strategy implementation according to information technology development in organization

Enaxis Consulting Overview

Business Continuity Position Description

DESIGN OF CORPORATE PERFORMANCE MANAGEMENT SYSTEM: CASE STUDY AT X COMPANY IN INDONESIA

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October

IT governance is a concept that has suddenly emerged and

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

Anatomy of an Enterprise Software Delivery Project

IT and Business Process Performance Management: Case Study of ITIL Implementation in Finance Service Industry

Based on 2008 Survey of 255 Non-IT CEOs/Executives

An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment

IT Governance Impact on Business Unit Performance. A Thesis. for the Degree of Doctor of Philosophy (Business Administration) at. Concordia University

Company size matters: Perspectives on IT Governance

APPLICATION OF BALANCED SCORECARD IN PERFORMANCE MEASUREMENT AT ESSAR TELECOM KENYA LIMITED

Procurement Capability Standards

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3

Benchmark of controls over IT activities Report. ABC Ltd

THE CONSTRUCTION OF A SCORECARD OF INFORMATION TECHNOLOGY IN A COMPANY

IT Governance Regulatory. P.K.Patel AGM, MoF

International Institute of Management

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

ITAG RESEARCH INSTITUTE

ITIL. Lifecycle. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition

Software Engineering Governance:! a briefing!

12 A framework for knowledge management

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

o Cost containment through effective and SAP IT Procurement & negotiation strategies to help them achieve best-inclass, purchasing Asset Management

Contract management roles and responsibilities

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus

DESIGNING A DATA GOVERNANCE MODEL BASED ON SOFT SYSTEM METHODOLOGY (SSM) IN ORGANIZATION

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Implementing the Balanced Scorecard Checklist 154

Exploring Information Quality in Accounting Information Systems Adoption

HOW COBIT CAN COMPLEMENT ITIL TO ACHIEVE BIT

Abstract. ijcrb.webs.com INTERDISCIPLINARY JOURNAL OF CONTEMPORARY RESEARCH IN BUSINESS DECEMBER 2012 VOL 4, NO 8

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION

EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS

IT Governance: framework and case study. 22 September 2010

Ann Geyer Tunitas Group. CGEIT Domains

How To Improve Your Business

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IT governance and business organization: some trends about the management of application portfolio

IS Management, ITIL, ISO, COBIT...

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Understanding IT Governance Success and Its Impact: Results from an Interview Study

Purpose Driven Performance

Overview TECHIS Carry out risk assessment and management activities

Trends in Information Technology (IT) Auditing

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Information Technology Governance in the Malaysian Electronics Manufacturing Industry

An example ITIL -based model for effective Service Integration and Management. Kevin Holland. AXELOS.com

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

Domain 5 Information Security Governance and Risk Management

Project Scope Management in PMBOK made easy

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

International Diploma in Risk Management Syllabus

Certified Information Security Manager (CISM)

Risk Management in IT Governance Framework

Architecture Governance

BENCHMARKING IN THE SOUTH AFRICAN EDI CONTEXT

Critical Success Factors for ERP System Implementation

Managing Organizational Performance: Linking the Balanced Scorecard to a Process Improvement Technique Abstract: Introduction:

Qualification Snapshot CIH Level 4 Certificate in Managing Responsive Repairs (QCF)

Global Technology Audit Guide. Auditing IT Governance

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Whitepaper: 7 Steps to Developing a Cloud Security Plan

BALANCED SCORECARD FRAMEWORK IN SOFTWARE PROJECT MONITORING

Domain 1 The Process of Auditing Information Systems

Transcription:

IT Governance Issues in Korean Government Integrated Data Center 1 Mokpo National University, silee@mokpo.ac.kr Abstract Korean government established the GIDC (Government Integrated Data Center) as a comprehensive solution by integrating information systems spread across each government department. It has played a crucial role to expedite the growth of Korean e-government. It has a variety of IT governance issues because it is essentially involved with conflicts among the stakeholders. However, there are few studies on the IT governance issues within the GIDC. This paper explores some of the existing IT governance issues through literature review and derives the most important IT governance issues by collecting data from an expert panel. Then, this paper provides some practical implications. The results of this study are expected to be able to contribute to the establishment of effective IT governance in the public sector. 1. Introduction Keywords: IT governance, IT governance issues, Public sector, GIDC In an era when public administrations need to maintain a broad range of public services respond to social, political and regulatory changes, Information technology and systems (IT/IS) has become indispensable for enabling governments to provide better public services to the public more efficiently, effectively, and sustainably. South Korea has been operating the GIDC (Government Integrated Data Center) which is unique in the world through the NCIA (National Computing and Information Agency) since 2005. According to the National Information White Paper [11], GIDC passed the break-even point in 2011 and around 1,000 senior officials from 101 countries has been benchmarked. Despite these achievements, GIDC has experienced governance issues due to selfishness within government departments and also due to the change of regime. Prior to the launch of the GIDC there was a conflict between the ministry of Government Administration and Home Affairs, and the Ministry of Information and Communication due to disagreement about when and how to build the center. Even after GIDC had been built, various IT governance issues have arisen in the process of agreement and implementation of the level of integration. Co-location and H/W resource integration are relatively easy, but S/W integration such as data, application and service integration are impossible without close cooperation between GIDC and government departments. Integration issues as well as its own role and status issues and organizational and institutional issues for enhancing the expertise of the center staff need to be carefully reviewed. If these issues do not work they can cause enormous social costs. In research and practice, a number of IT governance issues have been identified on structures, processes, and relational mechanisms level [2][3]. However, the IS literature so far has drawn little attention to IT governance issues included mechanisms specifically for the public sector [1]. Also, studies dealing with possible or existing IT governance issues after building the GIDC is hard to find. The aim of this paper is to classify IT governance issues through literature review, derive critical IT governance issues of GIDC, and provide some practical implications for building effective IT governance in the public sector. 2. Literature review 2.1. IT governance definition A variety of IT governance definitions have been developed by researchers and practitioners, but within these, the two following definitions will be retained: 1 This paper was supported by Research Funds of Mokpo National University in 2010. International Journal of Advancements in Computing Technology(IJACT) Volume 5, Number 11, July 2013 doi : 10.4156/ijact.vol5.issue11.54 438

IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership, organizational structures and processes that ensure that the organization s IT sustains and extends the organization s strategies and objectives [6]. IT governance is the deciding rights and accountability framework to encourage desirable behavior in the use of Information Technology. Although these definitions differ in some aspects, they focus on similar issues such as achieving the link business with IT and the prime responsibility of the Board [5]. ITGI [6] argued that IT governance is to be concerned about two outcomes: IT s delivery of value to the business and mitigation of IT risk. Therefore, the purpose of IT governance in the public sector is to deliver administrative value through IT and mitigate the IT risk. 2.2. IT governance issues There are a lot of studies in IT governance in private organizations [3][16], but a few studies specially dealt with IT governance issues in the public sector [1]. Based on the findings of the literature review, De Haese and Van Grembergen [3] listed a set of IT governance practices, as shown below: Integration of governance/alignment tasks in roles and responsibilities IT steering committee(s) [7] IT strategy committee [7] CIO on Executive Committee [7] CIO reporting to CEO [7] Architecture Committee [7] Strategic information systems planning Balanced scorecard [8] Portfolio management (incl. information economics) Charge back arrangements Service Level Agreements COBIT Job-rotation Co-location Cross-training Knowledge management (on IT governance) Business/IT account managers Senior management giving good examples Informal meetings between business and IT senior management IT leadership [17] Marks suggested the most prominent, unranked governance issues that appear to impact stakeholders in the governance space for 2011 is as follows: IT risk management The establishment of a governance framework A sense of teamwork Value delivery through IT A more activist information security department and board of directors Cloud computing Continuous auditing and assurance Padmanabhan summarized the objectives of IT governance as follows and discussed some specific issues in IT governance: Aligning IT strategy with business strategy IT as a strategic resource to deliver value IT risk management IT resource and financial management IT performance management IT policies and procedures After reviewing the IT governance literature, Schwertsik et al. [16] summarized aspects of IT governance as follows: 439

IT principles, IT architecture, IT infrastructure strategies, Business application needs, IT investments, Mechanisms (committee, budget processes, SLA, communication approaches) Organizational/judicial/economical/technical conditions [13][14] Culture, structure, internal economy, methods and tools, metrics and rewards Value drivers, complexity, capabilities [13] Organizational readiness, stakeholder participation [14] Reference model [7] 2.3. IT governance issues in public sector organizations A few recent works address the IT governance challenges in the public sector [2][19]. Campbell et al. [2] argued that there are systemic differences between private and public sector organizations that impact governance and contrasted IT governance issues in the private and public as follows: The steering committees are commonly used in all sectors for monitoring and reporting progress. As the public sector has greater organizational interdependence than the private sector, it is more easy to share the infrastructure in the public sector than the private sector The public sector is guided by social obligations and concerns while the private sector is led by market signals. As the public sector has many layers of authority, decisions may be delayed or may not occur. Good communication and collaboration are essential elements in IT governance in all sectors. Whether IT is fully or partially outsourced, formal and informal relationships between the outsourcing organization and the service provider are important. As leadership is impacted by the context of the public sector ethos that already existed, it is difficult to modernize leadership in the public sector. Winkler [19] reviewed the key differences and outlined their potential implications for IT governance as follows: For creating public value and improving government operations it requires to consider the broader political and social returns. The goals of IT governance in the public sector are more multifaceted and more difficult to measure than in the private sector. IT governance in the public sector needs to deal with diverse stakeholders and target at aligning these to a greater extent than in the private sector. As public organizations have the soft budget constraint, they exercise greater scrutiny to avoid the risk. Risk aversion and lack of incentives lead a lower degree of innovation in the public sector. As public organizations face much less competition than private companies, they have the opportunity to cooperate and share knowledge on inter-organizational level. Public organizations exhibit lower IT competencies and skills due to the difficulty to compensate for IT professionals. Although public organizations use increasing outsourcing, public procurement procedures are much more complex than for private companies due to the legal constraints. 3. Classification of IT governance issues Be it in the public or private sector, IT governance can be deployed by using a mixture of structures, processes and relational mechanisms [2][5][13]. The best possible mix of structures, processes and relational mechanisms will differ for each organization and depend on multiple contingencies including sector and the operating environment of the organization [15]. Most of IT governance issues derived from previous research are related to these three components. However, some issues such as culture, organizational conditions, and value delivery through IT could not be placed in this framework. Therefore, these are categorized as Others (see Table 1). From the literature review, a total of 50 IT governance issues was identified. 440

Table 1. Initial list of IT governance issues Dimensions IT Governance issues References Structures Processes Relational Mechanisms Others Committee IT steering committee(s) IT strategy committee CIO on Executive Committee CIO reporting to CEO Architecture Committee Structure IT infrastructure strategies Integration of governance/alignment tasks in roles and responsibilities Service Level Agreements (SLA) The establishment of a governance framework Reference model COBIT IT principles IT policies and procedures IT architecture Strategic information systems planning IT investments Budget processes Balanced scorecard Portfolio management (incl. information economics) Internal economy Methods and Tools Metrics and Rewards Charge back arrangements IT risk management IT resource and financial management IT performance management IT leadership Business application needs Aligning IT strategy with business strategy Stakeholder participation Communication approaches Informal meetings between business and IT senior management A sense of teamwork Business/IT account managers Senior management giving the good example Co-location Job-rotation Cross-training Knowledge management (on IT governance) Culture Organizational/Judicial/Economical/Technical conditions Organizational readiness Value drivers, complexity, capabilities Value delivery through IT IT as a strategic resource to deliver value A more activist information security department and board of directors Cloud computing Continuous auditing and assurance 4. IT governance issues within the GIDC [7] [7] [7] [7] [7] [7] [8] [17] [14] [13][14] [14] [13] This study focuses on exploration of IT governance issues within the GIDC rather than seeking a hypothesis testing approach. Therefore, secondary research methods such as reviewing available literature and formal and informal discussion with IT governance experts was used. In order to use the Delphi method an expert panel was gathered, which included 30 experts-mis professors, center officials, and senior IT professionals- who are all knowledgeable about IT 441

governance in the public sector. From this group, 24 experts continued to be involved in the full Delphi research effort (20% drop off rate), with three MIS professors, seven center officials, eight IT consultants, and six senior IT managers. In the first round, the respondents were asked only to provide their feedback on the initial list of IT governance issues (see Table 1), giving them the opportunity to make recommendations to add, change, or delete some of the issues. As a result, Others dimension was subdivided into four dimensions such as People, Cultures, Environments, and Outcomes. In the second round, the respondents were asked to rate on a scale of one to five, for each of the reviewed IT governance issues, according to the perceived importance (1 = not important, 5 = very important). In the final round, the respondents were asked to reevaluate their own scores from round two, considering the group averages. As a result, 17 critical IT governance issues (3 or more) were derived, which is shown below (see Table 2). Table 2. Critical IT governance issues of GIDC Dimensions IT Governance issues Importance (from 1-5) Structures Committee Organizational structure IT infrastructure 3.304 3.870 4.333 Processes Service Level Agreements (SLA) Reference model IT architecture IT resource management IT performance management 3.542 3.500 3.917 4.000 3.958 Relational Mechanisms IT leadership Administration/IT alignment Communication 4.250 3.667 4.125 People IT professionals 4.167 Cultures Ethics 4.125 Knowledge management 3.583 Environments Organizational conditions 3.208 Outcomes Value delivery through IT Risk mitigation 3.826 4.125 Top 7 IT governance issues listed were: IT infrastructure, IT leadership, IT professionals, Communication, Risk mitigation, Ethics, and IT resource management (see Figure 1). The top issues were evenly distributed in all dimensions except the Environments dimension. The Relational Mechanisms dimension has two issues and remaining dimensions have one issue respectively. 442

5. Discussion and conclusion Figure 1. Ranking of IT governance issues within GIDC GIDC was established to promote data sharing between departments and improve the quality of public service through unifying computational resources like information system and human resources, and to launch a disaster and emergency prevention system through the establishment of a backup system on the national level [11]. The results of this study suggest that in order to achieve these goals, the following issues need to be solved. First, IT infrastructures like intelligent infrastructure (Electrics, Fire prevention, Air Conditioning) and comprehensive defense system (Physical, Cyber, Access control) need to be predetermined. Second, in addition to the establishment of H/W, the training of IT experts who have a strong sense of ethics and IT security is important. Third, for the GIDC to operate efficiently, there needs to be smooth communication between government departments and center, and also between center and companies. There needs to be IT leadership that can coordinate conflicts and lead coordination for the stakeholders. Fourth, business continuity planning (BCP) and stability at the center can be heightened through neutralizing and removing threats by systematic IT resource management and regular monitoring. Fifth, the value of administrative services can be improved through performance management and performance measurement using IT BSC. Sixth, the implementation of IT architecture according to the [Legislation regarding the effective implementation and operation of Information Systems] is essential, and through the use of government reference model, the compatibility with the IT architectures of government departments can be considered. Seventh, the GIDC s tasks need to be formulated and individual rights and responsibilities need to be clearly defined. Through joint education and sharing of experience and knowledge about IT governance, the efficiency and effectiveness of center operation can be achieved. Eighth, for the GIDC to strategically comply with the government departments administrative service goals, it is important to sign and comply with a service level agreement (SLA). Ninth, GIDC uses an ntops based on ITIL. In the future, the implementation of a reference model such as COBIT should be examined. In the field of obstacles, change, and security management, GIDC needs to configure and operate a committee to make important decisions. Lastly, the GIDC needs to establish promotion principal according to law and the consistency of support policies as well as ease of funding needs to be guaranteed. Practical implications listed above are expected to provide relevant insights for government practitioners and give an important outlook in implementing effective IT governance in the public sector. 443

This study has one major limitation that should be considered when interpreting its findings. Due to the relatively small sample and it being limited to Korean Government Integrated Data Center, the results of this study demand caution when generalizing to other types of public agencies or other national context. In a future study, larger data sets are required to enable a more statistical approach and produce more generalizable insights on the implementation of effective IT governance in the public sector. 6. References [1] Ali, S., Green, P., IT Governance Mechanisms in Public Sector Organisations: An Australian Context, Journal of Global Information Management, vol. 15, no. 4, pp.41-63, 2007. [2] Campbell, J., McDonald, C., and Sethibe, T., Public and Private Sector IT Governance: Identifying Contextual Differences, Australasian Journal of Information Systems, vol. 6, no. 2, pp.5-18, 2009. [3] De Haes, S. and Van Grembergen, W., An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment, Information Systems Management, vol. 26, no. 2, pp.123-137, 2009. De Haes, S. and Van Grembergen, W., IT Governance Best Practices in Belgian Organisations, Proceedings of the 39 th Hawaii International Conference on System Sciences, pp.195b, 2006. [5] De Haes, S. and Van Grembergen, W., IT Governance Structures, Processes, and Relational Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group, Proceedings of the 38 th Hawaii International Conference on System Sciences, pp.237b, 2005. [6] ITGI, Board Briefing on IT Governance", 2 nd Edition, IT Governance Institute, USA, 2001. [7] ITGI, IT Governance Implementation Guide: How do I Use COBIT to Implement IT Governance, IT Governance Institute, USA, 2003. [8] Kaplan, R.S. and Norton, D.P., The Balanced Scorecard: Measures that Drive Performance, Harvard Business Review (January-February), pp.71-79, 1992. Marks, L., Top IT Governance Issues of 2011, ISACA Journal (JOnline), vol. 3, pp.1-5, 2011. http://www.isaca.org/journal/past-issues/2011/volume-3/documents/jolv3-11-top-it-gov.pdf Meyer, N.D., Systemic is Governance: An Introduction, Information Systems Management, vol. 21, no. 4, pp.23-34, 2004. [11] NISA, 2012 National Information White Paper, National Information Society Agency, pp.331-336, 2012. Padmanabhan, G., Issues in IT Governance, BIS Central Bankers Speeches, pp.1-8, 2012. http://www.bis.org/review/r120719b.pdf. [13] Peterson, R., Crafting Information Technology Governance, Information Systems Management, vol. 21, no. 4, pp.7-22, 2004. [14] Rau, K.G., Effective Governance of IT: Design Objectives, Roles, and Relationships, Information Systems Management, vol. 21, no. 4, pp.35-42, 2004. [15] Ribbers, P.M.A., Peterson, R.R., and Parker, M.M., Designing Information Technology Governance Processes: Diagnosing Contemporary Practices and Theories, Proceedings of the 35 th Hawaii International Conference on System Science, pp.241b, 2002. [16] Schwertsik, A.R., Wolf, P., and Krcmar, H., Understanding IT Governance: Towards Dimensions for Specifying Decision Rights, MKWI, pp.207-218, 2010. http://webdoc.sub.gwdg.de/univerlag/2010/mkwi/01_management_und_methoden/it_performance _management_u._it-controlling/02_understanding_it_governance.pdf [17] Smith, G., Straight to the Top: Becoming a World-Class CIO, John Wiley & Sons, Chichester, West Sussex, UK, 2006. Weill, P., Ross, J.W., IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, USA, 2004. [19] Winkler, T.J., IT Governance Mechanisms and Administration/IT Alignment in the Public Sector: A Conceptual Model and Case Validation, 11 th International Conference on Wirtschaftsinformatik, pp.831-845, 2013. http://aisel.aisnet.org/wi2013/53/ 444

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information