Digital Library Perspectives

Implementing IT governance: a primer for informaticians

H. Frank Cervone,
Article information:
To cite this document:
H. Frank Cervone, (2017) "Implementing IT governance: a primer for informaticians", Digital Library
Perspectives, Vol. 33 Issue: 4, pp.282-287, https://doi.org/10.1108/DLP-07-2017-0023
Permanent link to this document:
https://doi.org/10.1108/DLP-07-2017-0023
Downloaded on: 05 April 2018, At: 00:25 (PT)
Downloaded by Kent State University At 00:25 05 April 2018 (PT)

References: this document contains references to 9 other documents.

To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 215 times since 2017*

Access to this document was granted through an Emerald subscription provided by emerald-
srm:123756 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald
for Authors service information about how to choose which publication to write for and submission
guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company
manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as
well as providing an extensive range of online products and additional customer resources and
services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the
Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for
digital archive preservation.

*Related content and download information correct at time of download.

 The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/2059-5816.htm

DLP
33,4 Implementing IT governance:
a primer for informaticians
H. Frank Cervone
University of Illinois at Chicago, Chicago, Illinois, USA
282
Received 16 July 2017
Revised 16 July 2017 Abstract
Accepted 18 July 2017 Purpose – The purpose of this article is to explore the relevance of information technology (IT) governance
to informaticians. In most organizations, informatics is part of the IT function. Therefore, an understanding of
IT governance is of benefit to informaticians in their day-to-day work. In addition, while IT governance is not
data governance, informaticians often are responsible for data governance efforts. Understanding the larger
Downloaded by Kent State University At 00:25 05 April 2018 (PT)

picture of IT governance can be useful to informaticians, as it provides a solid context and many models that
can be used or adapted for data governance efforts.
Design/methodology/approach – This paper is a general review of IT governance based on industry
best practice and the author’s experience.
Findings – IT governance is critical to success in IT as it helps ensure all stakeholders have a voice and
appropriate decision-making rights in guiding the IT efforts across the organization. Implementing and
maintaining an IT governance structure requires commitment from the organization at all levels and requires
time and resources for management and implementation.
Originality/value – This paper provides an overview and introduction to IT governance concepts
specifically for the informatics professional.

Keywords Informatics governance, Informatics practice, Information technology decision making,

Information technology governance, Information technology governance operations, ValIT model
Paper type General review

In most organizations, informatics is either a part of the IT unit or considered to be closely

related to IT functions. Therefore, an understanding of IT governance – what it is and what
can be accomplished with it – is critical for informaticians. While IT governance is not data
governance, data governance is usually incorporated into an organization’s IT governance
efforts. This is why understanding the larger picture of IT governance is useful when
designing data governance models.
In the simplest terms, IT governance is a repeatable, rational process to collect ideas,
select projects and prioritize the implementation of these ideas and projects (Hites and
Block, 2010). IT governance is needed in organizations because “there is almost an infinite
need for IT and finite resources available to the organization” (Kropf & Scalzi, 2012, p. 2). A
major motivation in implementing an IT governance model is to shift to a model of
management where IT decisions that affect the performance and operations of the business
units are a shared responsibility with the business units and IT and not just primarily
decided upon by the IT function. In effect, this reduces the role of IT as final decision maker
and places greater emphasis on collaboration in achieving solutions.
In effect, governance is about aligning strategy related to technology with the strategies
Digital Library Perspectives of the larger organization. In doing so, this helps ensure that the organization stays on track
Vol. 33 No. 4, 2017
pp. 282-287
in achieving their goals (Schwartz, 2007). Through an IT governance framework, more focus
© Emerald Publishing Limited
2059-5816
can be placed on evaluating and addressing business issues rather than focusing on how
DOI 10.1108/DLP-07-2017-0023 specific technologies can be made to address those issues. Particularly in complex
 environments, it is vital that business needs and concerns drive the solution and technology, A primer for
rather than have technology drive the solution. informaticians
With an effective IT governance framework, the organization should have:
 equitable allocation of resources within the constraints of the environment;
 defined, repeatable decision-making processes where all stakeholders understand
how the process works;
 clarification and empowerment of decision makers throughout the organization; 283
 participation and a leveraging of expertise from throughout the organization, as
well as from different areas of expertise;
 allocation of resources according to overall organizational priorities; and
 measurement of success against defined, known outcomes.

In addition, having an IT governance process in place allows for developing processes that
Downloaded by Kent State University At 00:25 05 April 2018 (PT)

help the organization make hard, and often unpopular, decisions. This is achieved by
developing a consistent and rational process for making such decisions. Furthermore,
governance can provide a structure for “pushing down” smaller decisions to help achieve
better overall efficiency. This allows the IT governance group to devote more time and
consideration to high-cost/high-impact projects rather than focus on minutia.

Basic process
It is rare to find an organization where there is no existing infrastructure, either formal or
informal, responsible for making IT decisions. The current environment may be one where
these decisions are made in a highly centralized manner, perhaps even by a single person
such as the CIO, or it may be that decision-making is highly decentralized.
In either case, the first step many organizations take when implementing an IT governance
infrastructure is to charge a committee to investigate what governance, if any, is already in
place. This provides a baseline for where the organization currently is. Having a committee do
this helps promote buy-in at the local level and starts building a shared commitment to IT
governance. During this initial phase, the committee typically meets several times in a short
period of time, usually not more than four to six months, to review all existing committees and
structures that may have an impact on the IT organization and how IT is used.
There are several issues the committee will likely need to consider. Perhaps the most
important is how a system can be put into place to understand the true demand for IT
services and products throughout the organization. This is in conjunction with the
development of a transparent mechanism for prioritizing all of the various needs that must
be met. While this particular aspect may seem challenging, there are several models, such as
paired comparison analysis (Cervone, 2009), that can be used to facilitate the development of
these decision-making processes.
The committee will also have to consider how to balance transparency, business control and
IT control within the decision-making framework. An example of this is how to manage the
entire portfolio of business needs against the “must do” IT projects. Consider the example of
system upgrades to implement changes that are mandatory to ensure continued regulatory
compliance. There must be a mechanism within the prioritization model that can accommodate
these types of issues in a way that does not unduly hamper the execution of these projects. In
essence, a hierarchy of importance must be established, clearly described and communicated to
the organization so that disputes over priorities are minimized as much as possible.
 DLP Based on the review, the committee would then make an initial recommendation on a new or
33,4 revamped organizational structure and process for consideration. To promote buy-in and
understanding, other communities would then be invited to provide feedback, additional
information and possibly model alternatives. In an academic environment, some of the
communities that might be consulted include senior university leadership, deans, faculty and
students, whereas in a health-care environment, health system leadership, doctors, nurses and
284 other clinical professionals would be invited to provide input to the proposed governance model.

Setting up the governance structure

Once the general conceptual framework has been established, the next big questions are:
Q1. Who should participate?
Q2. Who should advise?
Downloaded by Kent State University At 00:25 05 April 2018 (PT)

Q3. Who should make decisions?

The subtle differences in these questions, and how they are answered, can make a big
difference in the overall effectiveness of the governance model. In particular, the difference
between who should participate and who should advise is critical. A participant in governance
is someone who is actively involved on a regular basis and does much of the work in
implementing governance decisions. Being on governance committees, investigating questions
through task forces and participating in system selection processes are all examples of active
participation. To ensure there is broad participation from throughout the organization,
appointments should reflect the diversity of the organization both in terms of organizational
units, as well as levels of responsibility. To ensure balance in representation, appointing the
same people to multiple committees should be kept to a minimum.
Many people affected or interested in the decision may not be able to be involved at a
detailed, participant level. Subject matter experts are often busy people who may not have
the time or interest in participating on a governance committee or task force, but are critical
to ensuring that wise decisions are made. In a well-devised governance structure, there will
be a clear process for soliciting the input of the populations affected by various initiatives and
decisions. More importantly, an essential function of governance is to ensure that this process
is followed consistently to ensure that decision-making is truly based on appropriate input.
Decision-making in IT governance presupposes moving from the position where
administration or IT provides the primary direction (Figure 1) for IT to one where decisions
are shared (Figure 2). In the governance model, recommendations tend to flow upward as
business issues are identified. These are acted upon at the minimal appropriate level

Figure 1.
Traditional IT and
administrative centric
view of IT
governance in a
university
environment
 necessary. That is, if the governance model has a structure where specialized topics are A primer for
addressed in task forces or special subcommittees, not all decisions need to flow up to a informaticians
higher level if the decision and its impact are limited to the specialized topic area. For
example, in an academic environment, the instructional technology group could be
empowered to decide on when upgrades to the learning management system may take
place. However, the group would not be empowered to decide to migrate to a completely
different platform as that decision has far-reaching implications that would affect many
different areas within the university (finance, for one).
285

Governance operations
Governance requires organizational infrastructure to make it happen. As a rule, a group or
person is necessary to support governance operations (Hites and Block, 2010). This usually occurs
through an IT Governance Office, Portfolio Management Office or a Project Management Office.
This support is necessary because there is a substantial amount of administrative work
Downloaded by Kent State University At 00:25 05 April 2018 (PT)

that goes on behind the scenes. This includes activities such as:
 working with committee chairs to ensure that groups are coordinating their work;
 scheduling meetings;
 preparing and assisting with meeting materials;
 disseminating and gathering information both for the committees and the
organization at large;
 ensuring the senior leadership is briefed on developments as appropriate; and
 framing decision points for decision makers so they can make informed decisions
(Figure 3).

There needs to be some control in place to ensure these operations are happening and are
effective. This leads to the need for assessment.

Assessment
Too often, the focus of governance in many organizations is on monitoring and
controlling IT. While there is value and importance to these controls, the primary focus
of governance efforts should be to understand whether IT efforts are effective and
fulfilling the organization’s requirements. A useful model for thinking about this is
defined in the ValIT model (IT Governance Institute, 2008) which considers this from
four perspectives:
(1) Are we doing the right things?
(2) Are we doing them the right way?

Figure 2.
The goal of IT
governance is to
balance interests
more equitably
throughout the
organization
 DLP (3) Are we getting them done well?
33,4 (4) Are we getting benefits?

The only way to know this for sure is to have KPIs (key performance indicators) in place
that provide information on how initiatives are progressing (Figure 4). At a minimum, the
organization should be able to assess:
286  overall project portfolio status;
 individual project status and performance;
 what projects are at risk and why;
 projected financial performance status (i.e., is the project over or under budget?); and
 overall customer satisfaction with the products that are delivered.

Ideally, to promote transparency and engagement, these KPIs would be available through a
Downloaded by Kent State University At 00:25 05 April 2018 (PT)

dashboard or scorecard that is made available to the entire organization.

Figure 3.
Administrative
operations related to
governance are a
significant portion of
the overall success of
any governance effort

Figure 4.
The four primary
questions in the
ValIT model
 Practical lessons A primer for
In implementing an IT governance model, there will never be complete agreement on every informaticians
aspect or detail of the model. What is critical to success is ensuring that all stakeholders
have a voice and appropriate decision-making rights. Depending on the nature and politics
of the organization, an elaborate committee structure may be required but is probably best
avoided if possible. This is in-line with recognized principles of management, such as
committees with more than 5 members tend to experience decreasing efficiency and
effectiveness of their work (Knowledge@Wharton, 2006), and getting structure right is a 287
key factor to achieving good, overall performance (Yang and Tang, 2004).
Managing an IT governance structure requires involvement at all levels and requires a
significant amount of time. The message must be reiterated constantly and made relevant
for the target audience. You need to have people from throughout the organization involved
to get good reads on what is going on. And finally, if you ask questions, you need to listen to
and act on the answers.
Downloaded by Kent State University At 00:25 05 April 2018 (PT)

References
Cervone, H.F. (2009), “Applied digital library project management: using paired comparison analysis to
determine relative importance”, OCLC Systems & Services: International Digital Library
Perspectives, Vol. 25 No. 3, pp. 162-166.
Hites, M. and Block, K. (2010), “Developing IT Governance and Portfolio Management Processes to
Govern Projects”, Educause 2010 Annual Conference.
IT Governance Institute (2008), “The ValIT framework 2.0.”, available at: www.isaca.org/Knowledge-
Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Framework-2.0-Extract-Jul-2008.pdf
Knowledge@Wharton (2006), “Is your team too big? Too small? What’s the right number?”,
Knowledge@Wharton, available at: http://knowledge.wharton.upenn.edu/article/is-your-team-
too-big-too-small-whats-the-right-number-2/ (accessed 16 July 2017).
Kropf, R. and Scalzi, G. (2012), “Effective IT governance needed for successful clinical informatics
implementations”, HIMSS News, available at: www.himss.org/news/effective-it-governance-
needed-successful-clinical-informatics-implementations
Schwartz, K. (2007), “IT governance definitions and solutions”, CIO Magazine, May 22, 2007, available
at: www.cio.com/article/2438931/governance/it-governance-definition-and-solutions.html
Yang, H. and Tang, J. (2004), “Team structure and team performance in IS development: a social
network perspective”, Information & Management, Vol. 41 No. 3, pp. 335-349.

Further reading
Bayney, R.M. and Chakravarti, R. (2012), Enterprise project Portfolio Management: Building
Competencies for R&D and IT Investment Success, J. Ross Publishing, Ft. Lauderdale.
IT Governance Institute (2011), “Global Status Report on the Governance of Enterprise It (Geit) – 2011”,
available at: www.isaca.org/Knowledge-Center/Research/Documents/Global-Status-Report-
GEIT-10Jan2011-Research.pdf

Corresponding author
H. Frank Cervone can be contacted at: fcervone@uic.edu

For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com