IT Governance and Strategic Sourcing Summary – 2019
IT Governance and Strategic Sourcing
Summary 2019
Content
HC1 - Course Introduction and ITG ..................................................................................................... 2
HC2 – COBIT .......................................................................................................................................... 8
HC3 - Digital Transformation .............................................................................................................. 15
WC2 - Digital Transformation in Insurance ....................................................................................... 20
HC4 - ITO Theory ................................................................................................................................. 22
HC5 – ITO Practice .............................................................................................................................. 27
WC4 – COBIT........................................................................................................................................ 30
Wrap up ................................................................................................................................................ 34
Guest talks: NOT included in the final exam;
First tutorial: NOT included in the final exam;
Reference: NOT included in the final exam;
Following is not included in the summary:
WC2 Reading -ey-digital-transformation-in-insurance.pdf
WC5
Class given by Carol Ou
1
, IT Governance and Strategic Sourcing Summary – 2019
HC1 - Course Introduction and ITG
Part 1: Introduction
What is IT Governance?
• Definition: Aligning IT with the business objectives
• The role of IT in business: more about appraison
• CIO sitting in the board of directors: IT have equivalent say
IT Governance vs IT Management
IT Governance Institute makes a clear distinction between IT Governance and IT Management
- IT Management is more on the operational level; managing the daily activities. Responsibility of
the managers.
- IT Governance is more related to the risk management. In the responsibility of the CIO and
board of directors.
IT Governance
Governance ensures that stakeholder needs, conditions and options are evaluated to determine
balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and
decision making; and monitoring performance and compliance against agreed-on direction and
objectives.
IT Management
Management plans, builds, runs and monitors activities in alignment with the direction set by the
governance body to achieve the enterprise objectives.
Part 2: IT Governance
Corporate Key Asset Governance
Board (Corporate Governance)
- Ensure accountability
- Monitor & supervise
- Decide strategic directions
- Make policy
Senior executive team (Business Governance)
• Formulate & execute strategy
• Decide input & decision rights
• Nurture & reward desirable behaviours
IT assets
• Demand-side IT governance
• Supply-side IT governance
• Inform’n security governance
2
, IT Governance and Strategic Sourcing Summary – 2019
IT Governance Concepts
1. Source: Alan Calder and Steve Watkins, 2005, IT governance, 3 rd edition:
IT Governance is “the framework for the leadership, organizational structures and business processes,
standards and compliance with these standards, which ensures that the organization's information
systems support and enable the achievement of its strategies and objectives”.
2. Source: Weill and Ross, 2004:
IT Governance is “specifying the decision rights and accountability framework to encourage desirable
behaviour in using IT”.
IT Governance Arrangement Matrix (! EXAM question)
a. Decisions: items of IT governance/concepts
b. Archetype: the stereotype examples. Different stereotypes of models.
There are 5 major IT decision domains that each can be addressed at various organizational levels and
can be used to determine Who should make an be held accountable for each decision and there are 6
archetypal approaches to decision making ranging from highly centralized to highly decentralized. Which
combination is best for each combination depends on your company’s strategic driver.
Important IT Governance Concepts – 5 Decision Domains
1. IT Principles: clarifying the business role of IT; how IT is used in the business
2. IT Architecture: defining integration and standardization
3. IT Infrastructure strategies: determining shared and enabling services (by hardware,
software, networks, facilities)
4. Business application needs: specifying the business need for purchased or internally
developed IT applications.
5. IT investment and prioritization: choosing which initiatives to fund and how much to spend
IT Governance - 6 Archetypes (Exam question)
Style Who has Decision or Input Rights?
Business Monarchy → C-level executives (top managers)
IT Monarchy → IT specialists
Feudal → Every business unit makes independent decisions
→ Combination of the corporate centre and BU with or without IT people
Federal
involved.
IT Duopoly → IT group and one other group (CxO’s, BU managers)
Anarchy → Each individual user
3
, IT Governance and Strategic Sourcing Summary – 2019
Key players in IT Governance archetypes
Weill and Ross (2004) created a matric of the Archetypes vs involvement of different levels of IT
From: Weill, P. (2004). Don’t just lead, govern: How top performing firms govern IT. MIS Quarterly
Executive 3 (1), 1 17.→ Compulsory reading
IT Governance involves specifying decision rights and accountabilities for important IT decisions. The
goal is to encourage ‘desirable behaviours’ in the use of IT. Enterprises assign decision rights to different
archetypes to govern five key IT decisions. Firms leading on growth decentralize more of their IT
decision rights and place IT capabilities in the business units. Those lading on profit centralize more
decision rights and senior business leaders make the major IT decisions.
Why is IT Governance Important?
- It Governance matters because it influences the benefits received from IT Investments.
- Top-performing enterprises proactively seek value from IT
- Top-performing enterprises succeed where others fail by implementing effective IT
governance to support their strategies and good practices.
IT governance is defined as specifying the framework for decision rights and accountabilities to
encourage desirable behaviour in the use of IT.
Governance is about systematically determining who makes each type of decision, who has input to a
decision, and how these people are held accountable for their role. Effective IT governance encourages
all enterprise personnel in using IT, while ensuring compliance with the enterprise’s overall vision and
principles. As a result IT governance achieve: simultaneously empowering and controlling.
All enterprise have IT governance. The different is that with effective governance have actively designed
a set of IT governance mechanisms (e.g. committees, budgeting, processes, approvals, IT
organizational structure etc). When the desirable behaviours change, IT governance also change.
4
IT Governance and Strategic Sourcing
Summary 2019
Content
HC1 - Course Introduction and ITG ..................................................................................................... 2
HC2 – COBIT .......................................................................................................................................... 8
HC3 - Digital Transformation .............................................................................................................. 15
WC2 - Digital Transformation in Insurance ....................................................................................... 20
HC4 - ITO Theory ................................................................................................................................. 22
HC5 – ITO Practice .............................................................................................................................. 27
WC4 – COBIT........................................................................................................................................ 30
Wrap up ................................................................................................................................................ 34
Guest talks: NOT included in the final exam;
First tutorial: NOT included in the final exam;
Reference: NOT included in the final exam;
Following is not included in the summary:
WC2 Reading -ey-digital-transformation-in-insurance.pdf
WC5
Class given by Carol Ou
1
, IT Governance and Strategic Sourcing Summary – 2019
HC1 - Course Introduction and ITG
Part 1: Introduction
What is IT Governance?
• Definition: Aligning IT with the business objectives
• The role of IT in business: more about appraison
• CIO sitting in the board of directors: IT have equivalent say
IT Governance vs IT Management
IT Governance Institute makes a clear distinction between IT Governance and IT Management
- IT Management is more on the operational level; managing the daily activities. Responsibility of
the managers.
- IT Governance is more related to the risk management. In the responsibility of the CIO and
board of directors.
IT Governance
Governance ensures that stakeholder needs, conditions and options are evaluated to determine
balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and
decision making; and monitoring performance and compliance against agreed-on direction and
objectives.
IT Management
Management plans, builds, runs and monitors activities in alignment with the direction set by the
governance body to achieve the enterprise objectives.
Part 2: IT Governance
Corporate Key Asset Governance
Board (Corporate Governance)
- Ensure accountability
- Monitor & supervise
- Decide strategic directions
- Make policy
Senior executive team (Business Governance)
• Formulate & execute strategy
• Decide input & decision rights
• Nurture & reward desirable behaviours
IT assets
• Demand-side IT governance
• Supply-side IT governance
• Inform’n security governance
2
, IT Governance and Strategic Sourcing Summary – 2019
IT Governance Concepts
1. Source: Alan Calder and Steve Watkins, 2005, IT governance, 3 rd edition:
IT Governance is “the framework for the leadership, organizational structures and business processes,
standards and compliance with these standards, which ensures that the organization's information
systems support and enable the achievement of its strategies and objectives”.
2. Source: Weill and Ross, 2004:
IT Governance is “specifying the decision rights and accountability framework to encourage desirable
behaviour in using IT”.
IT Governance Arrangement Matrix (! EXAM question)
a. Decisions: items of IT governance/concepts
b. Archetype: the stereotype examples. Different stereotypes of models.
There are 5 major IT decision domains that each can be addressed at various organizational levels and
can be used to determine Who should make an be held accountable for each decision and there are 6
archetypal approaches to decision making ranging from highly centralized to highly decentralized. Which
combination is best for each combination depends on your company’s strategic driver.
Important IT Governance Concepts – 5 Decision Domains
1. IT Principles: clarifying the business role of IT; how IT is used in the business
2. IT Architecture: defining integration and standardization
3. IT Infrastructure strategies: determining shared and enabling services (by hardware,
software, networks, facilities)
4. Business application needs: specifying the business need for purchased or internally
developed IT applications.
5. IT investment and prioritization: choosing which initiatives to fund and how much to spend
IT Governance - 6 Archetypes (Exam question)
Style Who has Decision or Input Rights?
Business Monarchy → C-level executives (top managers)
IT Monarchy → IT specialists
Feudal → Every business unit makes independent decisions
→ Combination of the corporate centre and BU with or without IT people
Federal
involved.
IT Duopoly → IT group and one other group (CxO’s, BU managers)
Anarchy → Each individual user
3
, IT Governance and Strategic Sourcing Summary – 2019
Key players in IT Governance archetypes
Weill and Ross (2004) created a matric of the Archetypes vs involvement of different levels of IT
From: Weill, P. (2004). Don’t just lead, govern: How top performing firms govern IT. MIS Quarterly
Executive 3 (1), 1 17.→ Compulsory reading
IT Governance involves specifying decision rights and accountabilities for important IT decisions. The
goal is to encourage ‘desirable behaviours’ in the use of IT. Enterprises assign decision rights to different
archetypes to govern five key IT decisions. Firms leading on growth decentralize more of their IT
decision rights and place IT capabilities in the business units. Those lading on profit centralize more
decision rights and senior business leaders make the major IT decisions.
Why is IT Governance Important?
- It Governance matters because it influences the benefits received from IT Investments.
- Top-performing enterprises proactively seek value from IT
- Top-performing enterprises succeed where others fail by implementing effective IT
governance to support their strategies and good practices.
IT governance is defined as specifying the framework for decision rights and accountabilities to
encourage desirable behaviour in the use of IT.
Governance is about systematically determining who makes each type of decision, who has input to a
decision, and how these people are held accountable for their role. Effective IT governance encourages
all enterprise personnel in using IT, while ensuring compliance with the enterprise’s overall vision and
principles. As a result IT governance achieve: simultaneously empowering and controlling.
All enterprise have IT governance. The different is that with effective governance have actively designed
a set of IT governance mechanisms (e.g. committees, budgeting, processes, approvals, IT
organizational structure etc). When the desirable behaviours change, IT governance also change.
4
