Governance of Enterprise IT – Discussion

Copyright © 2007 IEEE This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Abstract — In recent years, IT governance has become a key

concern issue for senior IT decision makers across various in-

dustries. When appropriately implemented, IT governance can

play the role of a central nervous system effectively ensuring

the wellbeing of the organizational system. The health of the

organizational system ultimately contributes to the health of

the distributed business ecosystem in which the organization

co-exists with other organizations. The underlying goals for

adopting formal IT governance practices are improvement of

business performance and conformance with regulations. This

exploratory study examined how IT governance is imple-

mented in four Australian institutions of higher education

through a number of IT governance structures, processes, and

relational mechanisms. This paper discusses the importance of

these practices as these institutions increasingly compete and

collaborate with each other, various government agencies and

other research institutions in the digital economy.

Index Terms—business ecosystems, governance, IT govern-

ance processes, Australian higher education ecosystem

I. INTRODUCTION

IT governance has emerged as a vital issue for organiza-

tions across the world. This paper examines how formal IT

governance processes are implemented in four Australian

higher education institutions in the digital economy. A lit-

erature review of business ecosystems and IT governance

issues in the Australian higher education domain is pre-

sented in Section II. Section III discusses the research ques-

tions and methodology. The case study institutions are de-

scribed in Section IV. A discussion of IT governance proc-

esses in each institution is presented in Section V and a

summary in Section VI. Section VII discusses the evolu-

tionary status of the Australian higher education ecosystem

and the significance of IT governance practices in this con-

text with a conclusion in Section VIII.

II. LITERATURE REVIEW

A. Business Ecosystems

The term ‘ecosystem’ refers to a collection of organisms

living together with their environment and functioning as a

loosely interconnected dynamic unit [24]. The concept of a

‘business ecosystem’ was a strategic planning concept first

introduced by Moore [16], who wrote: “I suggest that a

company be viewed not as a member of a single industry

but as part of a business ecosystem that crosses a variety of

industries. In a business ecosystem, companies co-evolve

capabilities around a new innovation: they work

cooperatively and competitively to support new products,

satisfy customer needs, and eventually incorporate the next

round of innovation.” The elements of a business

ecosystem are: 1) governance, regulations and industrial

policy, 2) human capital, knowledge and practices, 3)

service and technical infrastructure, and 4) business and

financial conditions [9]. Nachira [9] describes the term

‘digital business ecosystem’ (DBE), as shown in Fig. 1, as a

complex ecosystem comprising of a business ecosystem

layer supported by a multilayer digital ecosystem.

D IG IT A L B U S IN E S S E C O S Y S T E M

D IG IT A L E C O S Y S T E M

NETWORK INFRASTRUCTURE

DIGITAL ECOSYSTEM

OPEN SOURCE KNOWLEDGE

AND SERVICE-ORIENTED

PLATFORM

DIGITAL ECOSYSTEM

COMPONENTS AND

SERVICES

BUSINESS ECOSYSTEM

Fig. 1 Multi-layer digital business ecosystem (after Nachira [9])

Although the Australian higher education ecosystem can

be discussed in terms of elements in all four layers of the

digital business ecosystem model in Fig. 1, this paper fo-

cuses on an important element associated with the top layer

(ie. business ecosystem layer) of the DBE – governance,

specifically IT governance. The wellbeing of the individual

enterprise can affect the wellbeing of the larger business

ecosystem in which it co-exists with other organizations.

Appropriate governance mechanisms therefore need to be in

place in individual enterprises to ensure that harmony in the

larger business ecosystem is maintained.

B. Corporate and IT governance

Corporate governance has become important worldwide,

especially in the wake of the Enron and MCI WorldCom

incidents in the US. The Australian Stock Exchange Corpo-

rate Governance Council defines corporate governance as

“… the system by which companies are directed and man-

aged. It influences how the objectives of the company are

set and achieved, how risk is monitored and assessed, and

how performance is optimised” [1]. IT governance has be-

come a key area under the umbrella of corporate govern-

ance because of the pervasive influence of information sys-

tems (IS) and the associated technology infrastructure in

every area of an organization’s activities. The IT Govern-

ance Institute describes IT governance as an integral part of

the corporate governance which consists of “the leadership

and organizational structures and processes that ensure an

organization’s IT sustains and extends the organization’s

Jyotirmoyee Bhattacharjya 1 and Vanessa Chang

2

1, 2 School of Information Systems, Curtin University of Technology, Perth, Australia

e-mail: [email protected] ; [email protected]

The Role of IT Governance in the Evolution of Organizations in the

Digital Economy: Cases in Australian Higher Education

428

strategy and objectives” [12].

C. Previous research in IT governance

The term IT governance, started to appear in the litera-

ture towards the late 1990s, with its main proponent being

the IT Governance Research Institute [19]. Since then, the

need to implement and improve IT governance is recognized

by senior IT management across the world. However, im-

plementing IT governance is a complex undertaking (eg.

[5],[23],[15],[18],[20],[19]). A survey of top 10 priorities

for senior IT management by Gartner Inc. in 2003, found

the need to improve IT governance to be included for the

first time [20]. In 2003, the IT Governance Institute con-

ducted a survey through PricewaterhouseCoopers of 335

CEO/CIO level executives around the world to determine

their IT governance priorities [12]. The survey found while

75% executives recognized the requirement for implement-

ing IT governance only 40% were taking any action in this

direction.

De Haes and Van Grembergen [21] propose that IT gov-

ernance, as listed in Table 1, can be implemented through a

framework of structures, processes and relational mecha-

nisms. Structures include the existence of well defined roles

and responsibilities and IT steering committees. Processes

involve strategic IS planning and the use of various IT gov-

ernance frameworks which provide the IS organization with

the means to examine its activities and value to business.

Relational mechanisms include shared learning and strategic

dialogue between business and IT.

Key Elements in the implementation of IT governance

Structures: Roles and responsibilities, IT organisation structure, CIO on

board, IT strategy committee, IT steering committee(s)

Processes: Strategic information systems planning, Balanced IT score-

cards, Information Economics, Service Level Agreements, COBIT and

ITIL, IT alignment/governance maturity models

Relational mechanisms: Active participation and collaboration between

principle stakeholders, Partnership rewards and incentives, Business/IT

collocation, Cross-functional business/IT training and rotation

Table 1. Structures, process and relational mechanisms for

implementing IT Governance (De Haes and Van Grembergen [21])

D. IT governance frameworks and standards

A number of IT best practice frameworks and standards

such as Control Objectives for Information and Related

Technology (COBIT), ISO17799, IT Infrastructure Library

(ITIL) and Capability Maturity Model (CMM) are available

to IT organizations to help them improve their accountabil-

ity, governance, and management. COBIT is designed by the

IT Governance Institute as a high-level “umbrella” frame-

work for IT governance and it works well with frameworks

like ITIL and ISO17799 which focus on specific aspects of

IT management [8]. It contains 34 high-level control objec-

tives and 318 detailed control objectives defined for four IT

domains: planning and organization, acquisition and im-

plementation, delivery and support, and monitoring. ITIL is

the de-facto standard for IT service management and is or-

ganized around five areas: business perspective, application

management, infrastructure management, service delivery,

and service support. ISO17799 provides guidelines for

managing the security aspect of IT.

A recent Forrester Research survey of 135 IT managers

in North America revealed that about 20% rely on COBIT

while another 20% use ITIL [6]. These frameworks are not

necessarily mutually exclusive and increasing the value of

IT from a business perspective requires an understanding of

their strengths, weaknesses and focus [4]. IT governance

frameworks are being increasingly adopted because they not

only assure conformance with regulations but also help in

ensuring performance [17]. Organizations may benefit from

adopting what they find useful from each framework rather

than just adopting a single one [8].

In addition to these frameworks and standards, Austra-

lian organizations have 3 local standards available to guide

their IT governance and management practices [22]. These

are AS 8015-2005 (ICT governance standard), AS 8018.1-

2004 (specification for ICT service management) and AS

8018.2-2004 (code of practice for ICT service manage-

ment). The information and communication technology

(ICT) governance standard, AS 8015-2005, provides a set

of principles for business decision makers regarding the ef-

fective and efficient use of ICT within their organizations,

irrespective of the industry sector. The ICT service man-

agement standard, AS 8018.1-2004 adopts the British stan-

dard BS 15000-1:2002, and specifies the requirements for

delivering an acceptable quality of managed IT services.

The related standard, AS 8018.2-2004 adopts BS 15000-

2:2003 and recommends a common terminology for IT ser-

vice providers.

E. IT governance in Higher Education Domain

Higher education is a multi-billion dollar industry in

Australia, and as such, is importance to the country’s econ-

omy [10] [2]. It is a major consumer of IT products and ser-

vices as well as a major provider of services using ICT. IT

has helped the improvement of a range of activities includ-

ing research, teaching, learning and administration. Signifi-

cant developments have been made in the area of online

teaching and learning. The demand for IT based products

and services has also increased in the last 15 years due to a

rapid increase in student population.

Much work is required to be done by university govern-

ing bodies and policy makers in order for these universities

to tap and capitalize on emerging information technologies

to maintain their competitive positions internationally [10].

The issues range from infrastructure, applications, delivery

and services to staffing and appropriate regulatory frame-

works. Also, IT applications have not penetrated all aspects

of university teaching and effort is required to improve this

area. Despite the wide range of concerns facing IT govern-

ing bodies in Australian universities in the digital economy,

there has been very little research regarding how IT govern-

ance may be implemented in these institutions for it to pro-

vide optimal benefits to higher education.

III. RESEARCH QUESTION AND METHODOLOGY

The paper investigates the adoption of IT governance

practices in four Australian higher education institutions

and discusses the significance of these practices in the

higher education ecosystem. The research questions are:

429

1) How are formal IT governance practices adopted and

implemented within the higher education environment

in Australia?

2) What is the significance of formal IT governance prac-

tices in the context of the evolving higher education

ecosystem in Australia?

As suggested by Benbasat et al [11], the case research is

useful for addressing the “how” questions, ie., in the ex-

ploratory stage of knowledge building. This is particularly

useful for a study on IT governance in the context of higher

education institutions in Australia, where the knowledge of

researchers regarding new methods, techniques, problems

and prospects lags that of practitioners. Four leading Aus-

tralian institutions in different stages of adopting and im-

plementing formal IT governance practices were selected.

In keeping with participants’ requests for anonymity, the

institutions are referred to as Institutions A, B, C and D.

The data collected was primarily qualitative in nature. The

data was gathered from semi-structured interviews with 7

senior IT and 5 business decision makers as well as from

relevant documents obtained from interviewees and the

websites of the institutions. The interviews were recorded

and later transcribed and analyzed.

IV. THE CASE STUDY INSTITUTIONS

The four institutions all have documented corporate gov-

ernance structures and are in different stages of implement-

ing formal IT governance practices. Institutions A and C

have adopted formal IT governance practices since 2000.

Institution B has started formalizing its practices since the

beginning of 2006. Institution D has adopted formal IT

governance practices since 2004. The institutions have

revenues of between 300 to 500 million dollars and spend

between 6-10% of their revenue on IT. All four institutions

are members of the Australian Vice-Chancellor’s Commit-

tee (AVCC). While they cooperate for advancing Australian

higher education through this forum, they also compete

amongst each other for market share both locally and inter-

nationally.

V. IT GOVERNANCE FRAMEWORK

As indicated previously and also shown in Table 1, the

key elements of structures, processes, and relational mecha-

nisms are required to implement IT governance [21]. The

IT governance structures and relational mechanisms in these

institutions have been discussed elsewhere [13] [14], and

will only be discussed briefly here. The overall trend in

these institutions with IT governance structures is toward

centralization of the IT organization. IT governance rela-

tional mechanisms are directed at building closer ties with

the business. As stated earlier, IT governance processes in-

volve strategic decision making and the use of various per-

formance monitoring frameworks and tools such as Strate-

gic IS Planning, COBIT, ITIL, Balanced Scorecard, and oth-

ers [20]. This paper concentrates on the IT governance

processes in these institutions. Each institution’s strategic IS

planning is discussed first. This is followed with a discus-

sion of the adoption of various performance monitoring

frameworks and standards, and tools in each institution.

Issues surrounding the implementation of the above will

also be discussed.

A. Institution A

The institution has an overall strategic plan and follows a

balanced scorecard. IT has an ICT enabling plan, which is

regularly updated. An important issue is that this ICT ena-

bling plan is not directly associated with a budget for strate-

gic expenditures. The present budget allocation for ICT is

for staff, software licenses, site licenses, and refreshing the

IT infrastructure.

IT management decision making within the institution is

influenced by the guiding principles of the Australian ICT

governance standard AS 8015-2005 and the service man-

agement standards AS 8018.1-2004 and AS 8018.2-2004.

COBIT is adopted since the year 2000 for assessing and

improving the institution’s IT governance processes. A di-

rect effect of this has been the realization by senior IT deci-

sion makers that the effective utilization of COBIT across

the institution requires a centralized IT governance envi-

ronment. Given the size of the COBIT framework, only a

small number of processes and objectives are identified for

review each year. The objectives were initially based on a

large number of interviews conducted across the campus in

2000. In subsequent years, objectives have been identified

based on the original interviews and results of an annual

survey of student and staff satisfaction on IT issues.

ITIL is used as the standard for service management. A

number of operational level staff members have ITIL Foun-

dation training. The current focus is on getting better at in-

cident management, change management, problem man-

agement, IT strategic planning and managing the IT archi-

tecture. Consultative, Objective and Bi-functional Risk

Analysis (COBRA), based on ISO17799 is used for facili-

tating risk management.

Since COBIT requires the use of a standard project man-

agement methodology, Project Management Body of

Knowledge (PMBOK) is selected as the guide. Based on

the perceptions of business decision makers, in the last two

years IT has shown considerable maturity in project man-

agement and delivery. This is the result of adopting a strong

project management methodology. People Capability Ma-

turity Model (P-CMM) is the standard of IT staff manage-

ment and development. However, a lot of work is required

for staff development.

The value to business from the implementation of best

practice frameworks has been in terms of reducing the num-

ber of ad-hoc processes, bringing discipline to IT support

activities and improving accountability. Whilst IT has made

significant strides since the year 2000, the IT management

recognizes that there is a long journey ahead.

One problem in implementing frameworks like COBIT

has been the shortage of adequate staff. The demand for

staff time and services are also increasing. Most of the cen-

tral IT teams find it difficult and at times challenging to

achieve their operational objectives. Staffing in the server

support area, for example, consists of about 10 people sup-

porting 300 servers of various kinds, implementing, changes

to the infrastructure and managing large applications used

430

by thousands of people. Despite this, process improvements

continue to take place because of the continued commitment

of senior IT management.

Another difficulty area is finding appropriate perform-

ance metrics measurement. Current technical measures in-

clude percentage downtime, percentage access failure, and

the number of students accessing their email on the official

communications channel. A particular measure, the number

of available desktops in the laboratories was found to be not

particularly useful. It was found that when the number of

desktops was doubled based on survey responses; the satis-

faction level was actually lower than in the previous year.

Management decision makers in the institution attribute this

to the increasing expectations from ICT facilities. The insti-

tution continues to work on developing a balanced business-

IT metrics.

B. Institution B

Institution B has an overall strategic plan and central IT

undertakes strategic IS planning under the supervision of

the IT steering committee. While Institution A has primarily

used COBIT to evaluate and improve key IT processes, In-

stitution B used COBIT to develop its overall IT governance

model and outline the various roles and responsibilities. The

development of the IT governance model has resulted in

substantial involvement of business decision makers in

making decisions regarding IT investment, risk and priori-

ties. This has made it easier for business decision makers to

appreciate the value of key decisions regarding IT. The ini-

tial problem in the implementation of the model was the

lack of IT governance concepts amongst business decision

makers and resistance to change. This is gradually over-

come and the need for accountability for IT related decision

making across the institution is better accepted. This is

achieved by communicating to business decision makers

their roles and responsibilities in IT related decision making

for the benefit of the business, without making it necessary

for them to know the technical details of COBIT.

COBIT is also used for risk assessment and management.

While ISO17799 provides guidance with security, COBIT

guides management on how these goals should be achieved.

The IT security manager is trained in ISO17799 and will

undertake the security management training program pro-

vided by the developers of COBIT.

Capability is also being built up in the project manage-

ment and business process analysis domain to reduce the

current dependence on external consultants. Service level

agreements (SLAs) are in place for hosting and managing

application systems including the student system, the facili-

ties management system, the HR and finance system. At

present there is a lack of enterprise-wide standards for infra-

structure and applications. Other issues include the lack of

standards and controls and the existence of multiple help-

desks. As part of the central IT service desk project, it is

planned to implement ITIL to handle change and incident

management. Service desk staff are required to undertake

ITIL Foundation level training.

As in the case of Institution A there is difficulty in decid-

ing on which metrics to measure. Current metrics used in-

clude the number of service calls being answered to com-

pletion, the number of network and database administrators

and the ratio of total IT cost to organizational cost. How-

ever, there is a realization that these metrics are not ade-

quate for representing the value of IT to business.

C. Institution C

Intra-industry benchmarking is important in Institution C

due to the experience of the senior IT decision-maker with

IT benchmarking practices. IT undertakes strategic IS plan-

ning regularly and maintains SLAs with its clients within

the institution. Disaster recovery planning and business con-

tinuity planning (BCP) have been undertaken since 2004.

Being able to successfully involve the business side has re-

sulted in this institution being ahead of the others with re-

spect to BCP.

At present central IT is in the process of adopting ITIL

and both management and staff have received basic ITIL

training. While incident management with ITIL has been

accomplished satisfactorily, change and configuration man-

agement require further attention. The adoption of ITIL has

led to improvement in the customer focus of IT and a con-

solidation of the helpdesk. This has in turn led to satisfac-

tion amongst customers across the institution.

Central IT uses APT methodology developed by APT

Systems as its project management methodology. APT is

aligned with PMBOK. The software development group

within IT have received training in APT. Following the

methodology ensures that stakeholders stay involved in the

project and the outcome is a quality product. Some of the

development work is outsourced. Knowledge of APT meth-

odology is required of external developers when outsourc-

ing is done. This ensures the end product would be satisfac-

tory by internal standards. The APT methodology requires

undertaking risk assessment during projects. Risk analysis

workshops are conducted with key stakeholders for each

project. The disadvantage of using a formal methodology is

the almost 30% overhead in terms of cost and time when

using a formal methodology.

IT currently uses some functional cost efficiency meas-

ures such as number of helpdesk calls resolved, average

length of time spent by the customer in queue, number of

support staff, number of data network points, etc. As in the

other institutions this area needs to be further addressed.

D. Institution D

The institution undertakes strategic IS planning. Al-

though the process existed before 2004, it was more me-

chanical than effective. A key problem was the fact that

there was no clear idea of what it would cost to implement

the developed strategies as no budget was associated with

the plan. This issue is currently being addressed by the IT

Director. The priority areas addressed by the strategic IS

plan include IT architecture and standards, service delivery,

technology for flexible teaching and learning, web portals,

electronic communications, security and costs.

The IT Director believes in the need for IT to demon-

strate its value in order not to be seen as just a cost of doing

business. However, developing appropriate indicators to

431

extract the value of the IT has proved difficult. The meas-

urements for a set of indicators need to be made over time

to provide useful information. Key indicators used include

financial indicators, network performance indicators (up

and down times), application availability indicators, service

desk performance indicators (numbers of calls, levels of

service, etc) and HR indicators (absentees, staff on leave,

attendance at meetings, etc).

The potential for implementing ITIL and establishing a

single incident management process and the possibility of

reducing the duplication of processes led to one of the first

initiatives taken by the IT Director in 2004. This involved

the consolidation of different helpdesks spread across the

institution into one centralized helpdesk in order to provide

a single point of contact for users. The possibility of ex-

panding the services of this consolidated helpdesk to in-

clude HR and finance related services and commercial ser-

vices is currently under consideration.

The institution has a security policy framework. How-

ever, the problem with the implementation of the security

policy lies in getting the policy across to users, given the

high turnover of students and staff. The added problem is

of students attempting to breach security wilfully.

A process of identifying critical systems was started in

2005 and a disaster recovery plan (DRP) is currently under

development. An audit of PCs, servers, domain name serv-

ers, IP addresses is being conducted to gain an understand-

ing of the physical environment in the event of a disaster.

The DRP outlines processes for recovering critical systems

within 24 hours. At a granular level, the plan refers to proc-

esses for dealing with the loss of primary, secondary and

tertiary computer sites and the loss of individual systems.

The development of the DRP is expected to be followed by

the development of business continuity plans in conjunction

with business process owners. However the difficulty lies in

making business process realise that BCP needs to be

driven by the business rather than by IT.

While ITIL is the adopted framework for IT service

management and all central IT staff have received training

on ITIL, there is no industry standard for project manage-

ment. It is possible that this may be a cause for a somewhat

less satisfactory performance of IT with respect to project

management than in relation to helpdesk services.

VI. SUMMARY OF IT GOVERNANCE PROCESSES IN THE

CASE STUDY INSTITUTIONS

This section addresses the first research question of how

formal IT governance practices are implemented in institu-

tions of higher education in Australia. As indicated previ-

ously, only IT governance processes are addressed here.

Based on the experiences of all four institutions, the fol-

lowing findings emerge with regard to the implementation

of IT governance processes:

(i) Senior IT decision-makers in all four institutions agree

that while an institution of higher education has to deal

with low staffing levels, this should not be a deterrent

in adopting industry best practices. However, each in-

stitution needs to implement best practice frameworks

based on its business needs and available resources.

(ii) In all four institutions improving communication be-

tween central and divisional IT groups are helping in

the general acceptance of central IT standards.

(iii) In all four institutions improving communication be-

tween IT and business has led to the gradual accep-

tance of IT as a valued service provider rather than

just a cost of doing business.

(iv) Strategic IS planning and DRP appear to have im-

proved over past practices, however, BCP requires

further attention. Improving technological support for

e-learning has become a key issue in strategic IS plan-

ning in all four institutions.

(v) As in other industries measuring the performance of IT

remains a big challenge for IT decision makers in in-

stitutions of higher education.

The following findings also emerge from some of the insti-

tutions:

(vi) Institutions A and B realized that although the use of

multiple learning management systems and multiple

email systems may be the existing norm in the divi-

sions, this leads to duplication of IT staff efforts with-

out increasing the satisfaction of staff and students. A

consolidation of systems could potentially help in the

reduction of staff numbers (leading to reduced costs).

(vii) COBIT requires the use of a project management

methodology. Institution A’s adoption of COBIT has

led to its adoption of PMBOK. This was important as

the institution’s IT staff does a considerable amount of

the project implementation and delivery work in-

house. Institution C has adopted APT methodology as

its project management methodology and has bene-

fited from training its staff and requiring its outsourc-

ing partners to be trained in the methodology.

(viii) Equally as important as consolidation of systems is the

consolidation of services. In Institutions C and D the

consolidation of the helpdesk has led to increased sat-

isfaction amongst users.

VII. EVOLUTIONARY STATUS OF THE AUSTRALIAN

HIGHER EDUCATION ECOSYSTEM

This section pertains to the second research question re-

garding the significance of formal IT governance practices

in the evolving higher education ecosystem.

Moore [16] described 4 stages of an evolutionary busi-

ness ecosystem: birth, expansion, leadership, and self-

renewal. The birth stage determines what customers want

and how to deliver it optimally. In this stage it often pays to

cooperate within the ecosystem. In the expansion stage

business ecosystems expand to acquire new territories and

direct battles for market share with other ecosystems are

likely to ensue. The third stage is marked by leadership

struggles within the ecosystem. The strong growth and prof-

itability of the ecosystem and the stability of structures and

processes crucial to the ecosystem lead to the onset of the

leadership struggle. The fourth stage, self renewal, occurs

when the community undergoes a sudden environmental

change (eg. changes in macroeconomic conditions and gov-

ernment regulations) or if the community is threatened by

rising new innovations and ecosystems. Based on this evo-

432

lutionary picture and the activities of the case study institu-

tion, the Australian higher education ecosystem is currently

between the second and third stage of evolution, ie. between

expansion and leadership struggles.

These institutions are expanding their territories beyond

Australian borders (into the territories of other higher edu-

cation ecosystems) by taking advantage of increasingly en-

hanced technologies for web-based teaching and learning.

As IT plays a key role in this expansion (eg. formalising IT

plan to support e-learning), the effective governance of IT

to ensure its value to business should be a strategic focus.

The attempt to be ahead in the leadership struggle has seen

strategic alliances formed between different groups of uni-

versities, generating mini-ecosystems within the larger Aus-

tralian higher education ecosystem. For example, Institution

A is a member of the Australian Technology Network of

Universities (ATN) and Institution C is a member of the In-

novative Research Universities of Australia (IRU). An area

that is receiving attention is the competitive cooperation of

e-research which embraces new research methodologies

arising from increasing access to broadband communication

networks, data repositories, secure connectivity services and

application tools [7]. Ensuring secure connectivity and the

implementation of appropriate application tools can be

achieved through effective IT Governance and the adoption

of industry best practice frameworks and standards.

One body contributing to the stability in structures and

processes in the context of IT governance is the Council of

Australian University Directors of Technology (CAUDIT)

which seeks to enhance the ability of its members as key

advisers on strategic use of IT. Its strategies include encour-

aging the use of industry best practices and standards as

well as undertaking benchmarking projects in its member

institutions. The top 10 issues identified by CAUDIT for

2006 include IT governance and processes associated with

strategic planning, security, BCP and DRP [3]. It is possible

that a forum like CAUDIT will succeed in enhancing IT

governance practices in Australian institutions over the next

decade and in doing so expand the possibilities for technol-

ogy enabled innovations in education and research.

VIII. CONCLUSIONS AND FUTURE WORK

The paper highlights some key issues in the context of

adopting formal IT governance practices, in particular, IT

governance processes, in the higher education ecosystem.

While some useful insights into IT governance practices in

this domain are obtained from this study, the researchers

intend to conduct a number of case studies in order to gen-

eralize findings in the context of this domain and develop

an appropriate IT governance implementation model by re-

fining De Haes and Van Grembergen’s framework. A longi-

tudinal study involving the case study institutions in this pa-

per is also planned in order to obtain a better understanding

of the business benefits of improving formal IT governance

practices in the evolving higher education ecosystem.

IX. REFERENCES

[1] ASX, Principles of Good Corporate Governance and Best Practice

Recommendations, 2003, retrieved from http://www.asx.com.au

/about/pdf/ASX Recommendations.pdf

[2] B.Nelson, Higher Education at the Crossroads – An Overview Pa-

per, 2002, retrieved from http://www.backingaustraliasfuture.gov.au

/fact_sheets.htm

[3] CAUDIT, CIOs set top 10 issues for 2006, 2006, retrieved from

http://www.caudit.edu.au/news/index.html#tentopissues

[4] C.Symons, IT Governance Survey Results: More work to be done,

2005, retrieved from http://www.forrester.com/Research/

Document/Excerpt/ 0,7211,36804,00.html

[5] C.V.Brown, “Examining the Emergence of Hybrid IS Governance

Solutions: Evidence from a Single Case Site”, Information Systems

Research, 8, 1, 1997,72-94

[6] D.Dubie, “Taking on IT Service Management” Network World, 2,

23, 2005, 8

[7] DEST, e-Research, 2005, retrieved from http://www.dest.gov.au/sec-

tors/research_sector/policies_issues_reviews/key_issues/e_research_

consult/default.htm

[8] E.Chickowski, “Taking Models of IT Governance – Is it time to

evaluate your decision-making process?” Processor, 26, 15, 2004,

retrieved from http://www.processor. com/editorial/article.asp

[9] F.Nachira, Innovation Ecosystems: Una Strategia europea per

l’innovazione e lo sviluppo economico, 2005, retrieved from

http://www.digital-ecosystems.org

[10] Higher Education IT Consultative Forum, The Way Forward –

Higher Education Action Plan for the Information Economy De-

partment of Education Science and Training, 2000, retrieved from

http://www.backingaustralias future.gov.au/ fact_sheets.htm

[11] I.Benbasat, D.Goldstein and M.Mead, “The Case Research Strategy

in Studies of Information Systems”, MIS Quarterly, 11, 3, 1987,

368-386

[12] ITGI, Board Briefing on IT Governance, 2003, available online at

http://www.itgi.org

[13] J.Bhattacharjya and V.Chang, “ The Evolving IT Governance Prac-

tices For IT and Business Alignment – A Case Study in an Austra-

lian Institution” in Proceedings of the 4th Annual Conference on In-

formation Science, Technology and Management, 2006

[14] J.Bhattacharjya, Capitalizing Business Benefits Through the Use of

IT Governance Best Practices, Unpublished Masters Thesis, Curtin

University of Technology, Perth, 2006

[15] J.Duffy, IT Governance and Business Value Part 1: IT Governance

– An Issue of Critical Influence, 2003, retrieved from

http://www.networkworld.com/ research/ reports/IDC27291.html

[16] J.F.Moore, “Predators and Prey: A New Ecology of Competition,”

Harvard Business Review, May-June, 1993

[17] K.Liew, “Challenges of compliance – the Cobit bridge,”Computer-

world,12,15,2006, retrieved from http://www.computerworld.com.sg

[18] P.Marshall and J.McKay, “Steps Towards Effective IT Governance:

Strategic IT Planning, Evaluation and Benefits Management” in Pro-

ceedings of the 7th Pacific Asia Conference on Information Systems,

2003

[19] P.Weill and J.Ross, “A Matrixed Approach to Designing IT Govern-

ance,” MIT Sloan Management Review, 46, 2, 2005, 26-34

[20] S.De Haes and W.Van Grembergen, “T Governance and its Mecha-

nisms,” Information Systems Control Journal, 1, 2004

[21] S.De Haes and W.Van Grembergen, “IT Governance Structures,

Processes and Relational Mechanisms: Achieving IT/Business

Alignment in a Major Belgian Financial Group” in Proceedings of

the 38th Hawaii International Conference on System Sciences, 2005

[22] SAI, Welcome to the technology focus, 2006, retrieved from

http://www.saiglobal.com/shop/script/PortalIT.asp

[23] V.Sambamurthy and R.W.Zmud, “Arrangements for Information

Technology Governance: a Theory of Multiple Contingencies,” MIS

Quarterly, 23, 2, 1999, 261-290

[24] Wikipedia, Ecosystem, 2006, retrieved from http:// en.wiki

pedia.org/wiki/Ecosystem

433