The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email administrator@ejise.com
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Information about the European Conference on Information Management and Evaluation is available here

linkedin-120 

twitter2-125 

fb_logo-125 

 

Journal Article

Improving the Benefits of IT Compliance Using Enterprise Management Information Systems  pp27-38

Renata Paola Dameri

© Jan 2009 Volume 12 Issue 1, ECIME 2008, Editor: Dan Remenyi, pp1 - 118

Look inside Download PDF (free)

Abstract

During the latest years, IT governance has become more and more important. More of the attention on IT Governance is captured by compliance, owing to the recent financial scandals and the severe rules regarding information systems audit and control. Companies need to comply with these rules, but it requires important investments, considered not only strategic but necessary (Remenyi et. al. 2000). However, companies should analyse the compliance requirements to implement an IT governance system, not only to comply with legal rules, but also to improve the strategic alignment between IT and business and to optimise value creation by IT compliance investments (Ventrakaman and Henderson 1996, Van Grembergen 2003). However, companies have difficulties in implementing IT compliance initiatives, because they are complex and require an integrated approach all over the organization. But IT compliance initiatives often lack an integrated, strategic approach: they only try to comply with the increasing rules affecting IT operations, thereby limiting the value of compliance investments. To optimise IT compliance, companies should develop an IT compliance strategy, aiming not only to accomplish with regulations, but also to bring processes into compliance. That is, to realise a full integration between operations, risk control, data reliability. To reach this result, compliance automated solutions are indicated, like GCR (Governance, Risk and Compliance) applications. However, standard solutions fail to support specific problems and the individual value proposition of each company: an EIMS (Enterprise Information Management Systems), developed in house, allows automatically managed processes, data and information security, to access control and system performance and to improve data usability, in accordance with company specific organisation and needs. In this paper, IT compliance is introduced, to define how to orient it to value creation; GRC systems. EIM systems are described, with their different cost and benefits for companies. The aim of the paper is to define how to develop compliance automated systems, to save money and enhance information integration and value. Observations and conclusions derive from practical experience of the author, participating to a project of EIM implementation in a major Italian company.

 

Keywords: IT governance, risk management, accounting information systems, IT compliance, knowledge management

 

Share |

Journal Article

Organizational Challenges and Barriers to Implementing IT Governance in a Hospital  pp37-45

Luis Velez Lapao

© Jan 2011 Volume 14 Issue 1, ECIME 2010 Special Issue, Editor: Miguel de Castro Neto, pp1 - 166

Look inside Download PDF (free)

Abstract

This paper describes the challenges and barriers to the introduction of “IT Governance” into a Hospital environment. It further addresses the relationship between corporate governance (hospital strategy and organization) and the role of IT Governance in managing new services deployment. Both ITIL and COBIT are introduced as a best practice for supporting Hospital Information Systems (HIS) management. IT Governance is an extensive framework; therefore we focused our study on ITIL Assessment combined with COBIT. The assessments were centered on IT Service Management, which, according to our findings, is being carried inefficiently in Hospital São Sebastião (HSS). We used both COBIT and ITIL assessment to audit and identify IT Governance weakness. These processes revealed a way to assist the organization at becoming aware about IT improvement priorities. The results were used to rethink HIS strategy in order to properly address the need to develop new health services like ambulatory surgery and connecting with out‑patients services. We used the IT Governance standard ISO/IEC 38500 to provide guiding principles for the effective use of IT according to Calder‑Moir framework. Starting with a COBIT assessment we identified IT management priorities and metrics, then we focused on the ITIL assessment steps. Finally, we applied the framework on both Service Desk and Incident Management processes. We analyzed the level of IT governance maturity and produce some recommendations to improve IT Service Management practices. The ITIL assessment identified existing gaps between the current organization practices and how the organization should perform according to ITIL, and what key actions need to be taken to close those gaps. At the end disclosed that IT Governance inefficiency is an important barrier to HIS management, mostly in IT service management which has a direct impact in users' daily work flow, and therefore on Healthcare services delivery.

 

Keywords: IT Governance, hospital information systems, IT organization, COBIT, ITIL

 

Share |

Journal Article

Assessing Future Value of Investments in Security‑Related IT Governance Control Objectives … Surveying IT Professionals  pp216-227

Waldo Rocha Flores, Teodor Sommestad, Hannes Holm, Mathias Ekstedt

© Sep 2011 Volume 14 Issue 2, ICIME 2011, Editor: Ken Grant, pp167 - 281

Look inside Download PDF (free)

Abstract

Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security‑related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.

 

Keywords: IT governance, control objectives, information security, net present value

 

Share |

Journal Article

Exploring the SME Quandary: Data Governance in Practise in the Small to Medium‑Sized Enterprise Sector  pp3-13

Carolyn Begg, Tom Caira

© Jan 2012 Volume 15 Issue 1, ECIME 2011, Editor: Walter Castelnovo and Elena Ferrari, pp1 - 148

Look inside Download PDF (free)

Abstract

The purpose of this paper is to explore how small to medium‑sized enterprises (SMEs) perceive data and data governance and investigates whether current data governance frameworks are applicable to SMEs. Enterprises of all sizes and complexity have had to learn how to operate in an increasingly digital business environment. Such an environment demands that an enterprise equips itself with the ability to use its data effectively both internally and when dealing with external partners such as suppliers and customers. Enterprises now recognise that both their survival and success requires taking control of all aspects of their data as a critical business resource. In recognition of the demands placed on enterprises in this digital age, a discipline has emerged called data governance. Although the definition of data governance is still evolving, current usage describes this discipline as being a facilitator for enterprises to take control over all aspects of their data resource from the setting of integrity constraints for data quality to the creation of enterprise‑wide policies on data access and security. Large enterprises are often better placed to absorb the necessary demands that data governance places on resources. However, for the resource‑poor SME, the investment in data governance is far more challenging but nevertheless critical in the digital business environment. This paper reviews examples of published data governance frameworks to establish whether these frameworks are applicable to SMEs. A data governance framework (Khatri & Brown, 2010) is assessed using ten SMEs that have differing data requirements. This research is further enhanced by reviewing the results of a project which audited technology use in SMEs. This paper finds that although many data governance frameworks claim to be adaptable and scalable, there is little published evidence by industry or academics on the application of data governance to SMEs. Furthermore, our research revealed that the optimal use of data governance frameworks requires that those with authority and res

 

Keywords: data governance, SME, data management, data quality, framework

 

Share |

Journal Article

Responsibility and Accountability for Information Asset Management (IAM) in Organisations  pp113-121

Nina Evans, James Price

© Jul 2014 Volume 17 Issue 1, Special issue from ECIME 2013, Editor: Prof Przemyslaw Lech, pp1 - 121

Look inside Download PDF (free)

Abstract

Abstract: The key resources that need to be effectively deployed to meet business objectives are Financial Assets, Human Assets, Physical Assets and Information Assets (IA). Information Assets are a critical business resource for most organisations, ye t they are typically poorly managed and the potential, tangible benefits from improving the management of these assets are seldom realised. Business governance refers to the decisions that must be made to ensure effective business management and also to w ho makes these decisions, i.e. who is responsible and accountable. Very little research has been undertaken on the role and responsibilities of various stakeholders in information asset management. This paper reports on qualitative research via confidenti al interviews that were conducted with C‑level executives and Board members of Australian and South African organisations in both private and public sectors, to identify their perceptions of who is responsible and accountable for the management of Informa tion Assets in their organisations. The research found that the information management decisions that must be made, and by whom, is often not clear in these organisations Responsibility and accountability is therefore inappropriately imposed.

 

Keywords: Keywords: Information Assets, IA, governance, Information Asset Management, IAM, responsibility, accountability

 

Share |

Journal Article

Towards a Theoretical Foundation of IT Governance … The COBIT 5 case  pp93-95

Jan Devos, Kevin Van de Ginste

© Sep 2015 Volume 18 Issue 2, The special issue from ECIME 2014, Editor: Jan Devos, pp93 - 210

Look inside Download PDF (free)

Abstract

Abstract: COBIT, (Control Objectives for Information and Information related Technologies) as an IT governance framework is well‑known in IS practitioners communities. It would impair the virtues of COBIT to present it only as an IT governance framework . COBIT analyses the complete IS function and offers descriptive and normative support to manage, govern and audit IT in organizations. Although the framework is well accepted in a broad range of IS communities, it is created by practitioners and therefor e it holds only a minor amount of theoretical supported claims. Thus critic rises from the academic community. This work contains research focusing on the theoretical fundamentals of the ISACA framework, COBIT 5 released in 2012. We implemented a reverse engineering work and tried to elucidate as much as possible propositions from COBIT 5 as an empiricism. We followed a qualitative research method to develop inductively derived theoretical statements. However our approach differs from the original work on grounded theory by Glaser and Strauss (1967) since we started from a general idea where to begin and we made conceptual descriptions of the empirical statements. So our data was only restructured to reveal theoretical findings. We looked at three candi date theories: 1) Stakeholder Theory (SHT), 2) Principal Agent Theory (PAT), and 3) Technology Acceptance Model (TAM). These three theories are categorized and from each theory, several testable propositions were deduced. We considered the five COBIT 5 principles, five processes (APO13, BAI06, DSS05, MEA03 and EDM03) mainly situated in the area of IS security and four IT‑related goals (IT01, IT07, IT10 and IT16). The choice of the processes and IT‑related goals are based on an experienced k nowledge of COBIT as well of the theories. We constructed a mapping table to find matching patterns. The mapping was done separately by several individuals to increase the internal validity. Our findings indicate that COBIT 5 holds theoretical supported c laims. The lower theory types such as PAT and SHT contribute

 

Keywords: Keywords: IT governance, COBIT 5, stakeholder theory, principal agent theory, TAM

 

Share |

Journal Article

Towards a Theoretical Foundation of IT Governance … The COBIT 5 case  pp96-104

Jan Devos, Kevin Van de Ginste

© Sep 2015 Volume 18 Issue 2, The special issue from ECIME 2014, Editor: Jan Devos, pp93 - 210

Look inside Download PDF (free)

Abstract

Abstract: COBIT, (Control Objectives for Information and Information related Technologies) as an IT governance framework is well‑known in IS practitioners communities. It would impair the virtues of COBIT to present it only as an IT governance framework . COBIT analyses the complete IS function and offers descriptive and normative support to manage, govern and audit IT in organizations. Although the framework is well accepted in a broad range of IS communities, it is created by practitioners and therefor e it holds only a minor amount of theoretical supported claims. Thus critic rises from the academic community. This work contains research focusing on the theoretical fundamentals of the ISACA framework, COBIT 5 released in 2012. We implemented a reverse engineering work and tried to elucidate as much as possible propositions from COBIT 5 as an empiricism. We followed a qualitative research method to develop inductively derived theoretical statements. However our approach differs from the original work on grounded theory by Glaser and Strauss (1967) since we started from a general idea where to begin and we made conceptual descriptions of the empirical statements. So our data was only restructured to reveal theoretical findings. We looked at three candi date theories: 1) Stakeholder Theory (SHT), 2) Principal Agent Theory (PAT), and 3) Technology Acceptance Model (TAM). These three theories are categorized and from each theory, several testable propositions were deduced. We considered the five COBIT 5 principles, five processes (APO13, BAI06, DSS05, MEA03 and EDM03) mainly situated in the area of IS security and four IT‑related goals (IT01, IT07, IT10 and IT16). The choice of the processes and IT‑related goals are based on an experienced k nowledge of COBIT as well of the theories. We constructed a mapping table to find matching patterns. The mapping was done separately by several individuals to increase the internal validity. Our findings indicate that COBIT 5 holds theoretical supported c laims. The lower theory types such as PAT and SHT contribute the most. The presence and contribution of a theory is significantly constituted by IT‑related goals as compared to the processes. We also make some suggestions for further research. First of al l, the work has to be extended to all COBIT 5 processes and IT‑related goals. This effort is currently going on. Next we ponder the question what other theories could be considered as candidates for this theoretical reverse engineering labour? During our work we listed already some theories with good potential. Our used pattern matching process can also be refined by bringing in other assessment models. Finally an alternative and more theoretic framework could be designed by using design science research methods and starting with the most relevant IS theories. That could lead to a new IT artefact that eventually could be reconciled with COBIT 5.

 

Keywords: Keywords: IT governance, COBIT 5, stakeholder theory, principal agent theory, TAM

 

Share |

Journal Issue

Volume 15 Issue 1, ECIME 2011 / Jan 2012  pp1‑148

Editor: Walter Castelnovo, Elena Ferrari

View Contents Download PDF (free)

Editorial

The papers in this issue of EJISE have been selected from those presented at the 5th European Conference on Information Management and Evaluation (ECIME 2011) at the Dipartimento di Informatica e Comunicazione, Università dell'Insubria, Como, Italy on 8‑9 September 2011.

 

The issue has been guest edited bythe Conference Chair, Professor Walter Castelnovo, and the Programme Chair, Professor Elena Ferrari, both from University of Insubria, Como, Italy.

 

walter_castelnovo    elena_ferrari 

 

Keywords: crime analysis, GIS, geostatistics, intelligence-led policing, predictive dissemination, data mining, boundary spanning, IS outsourcing, relationships management, accountability, enterprise records management, organizational memory, records auditing, knowledge economy, measuring effectiveness, performance indicator, assess of knowledge, enterprise information systems, enterprise recourse planning systems, customer relations management systems, supply chain management systems, community informatics, requirements engineering, microenterprise, technology adoption, indigenous business, socio-technical system, SMEs, IT/IS, lemon market theory, ISV, ambient assisted living, field trials, ageing technology users, enterprise architecture, architectural alignment, Zachman framework, TOGAF, GERAM, E2AF, payments, framework, mobile, value, data governance, data management, data quality, framework, business model, business case, strategy, operations, management, implementation

 

Share |