Importance of IT governance

Governing and managing information technology is a crucial activity in organizations to generate business value. According to Ross & Weill (2004), firms that were successful in their IT governance had more than 20% higher Return On Assets (ROA) than comparable organizations with similar strategies but with inadequate IT governance.

Information technologies embrace a high potential business value (Brynjolfsson 2011), however, generating value from IT is still a challenge for many organizations (Berghout et al. 2011). Poor benefits in IT was a major problem is the past. Some scholars even imply that IT was not able to increase productivity. For example, Solow (1987) stated "you can see the computer age everywhere but in the productivity statistics." Furthermore, in the begin of this millennium, many investment banks and accountants inflated market values, to create illusionary realities in stock markets. Enron, WorldCom, Arthur Andersen represent some of the IT falls during the internet bubble (Bloem et al. 2005). Regrettably, poor IT benefits represent still a major concern for organizations. Krigsman (in ZDnet 2012) requests some experts to  undertake the challenge of quantifying the costs of  the worldwide IT failure. It has been calculated that the global of IT failure is around $3 trillion per year. Another study shows that only 35% of all IT projects succeeded while the rest (65%) were either challenged or failed (Cook 2007). Beyond the figures presented above, it is clear that many organizations still are not obtaining enough value from IT.

From a business perspective, IT governance frameworks should be applied to exploit the potential of information technologies. Information technologies need to be properly evaluated because they represent a strategic resource and they can play a very important role for generating business opportunities (De Haes & Van Grembergen 2008). Moreover, proper evaluation is important because many organizations spend an important part of their financial resources on IT investments (Berghout & Powell 2009), and many companies are highly dependent on IT (Haes & Grembergen 2008). Unfortunately, IT value creation will not happen automatically when a new technology is introduced, since different organizational arrangements are needed to be successful. Good IT governance will be required to create a proper IT decision making, to link IT to the business strategy and to facilitate IT value creation strategies (Ross & Weill 2004). Additionally, IT needs to be actively managed after its implementation in order to generate maximum value (Swinkels 1997). The post implementation has major importance because benefits are only obtainable when IT is in use (Berghout et al. 2002). Being IT a complex sociotechnical phenomenon (Boland & Hirschheim 1987; Orlikowski 1992; Walsham 1993; Hu et al. 2007), it is necessary to evaluate IT with techniques that include informal assessments and that does not underestimate IT complexity (Berghout et al. 2009). As a result, the application of rational methods on IT, for example traditional cost/benefits, delivers an incomplete analysis (Berghout et al. 2009). This master thesis claims that IT governance frameworks should include a set of organizational arrangements that allow a more complete and realistic assessment of the sociotechnical process of IT.

IT governance frameworks are also needed to fulfil regulative requirements. From a legal perspective, the Sarbanes Oxely Act (2002) was introduced in response to the different accounting scandals mentioned before. This act imposes requirements on companies with respect to internal control (Sarbanes Oxely Act 2002) and establishes the corporate responsibility of financial reports (Sarbanes Oxely Act 2002). For the Sarbanes Oxley act, internal control is a top priority and this act claims for the use of different frameworks such as the Guidance on Assessing Control (COSO). Following those developments, the Information systems Audit and Control Association (ISACA) created a COSO-based framework for good IT governance which is called CobiT (Bloem et al. 2005). It is important to mention that executives who are not complying with the requirements written in the act could face severe legal problems. The Sarbanes Oxely Act has big influence on the IT sector around the world. For instance, European companies listed on the U.S. stock exchanges or suppliers of American companies should operate in conformity with Sarbanes Oxely. Differently to the United States of America, there is not a Sarbanes Oxely law in Europe, however, there are different European regulations, such as Basel II (Basel II in ISACA 2004), aiming to control and reduce financial risks (Bloem et al. 2005). As a result, the advent of new regulations to guarantee proper fiscal accountability makes IT governance frameworks a necessity for many organizations (Bloem et al. 2005).