IT Governance with Risk Management Impact on the Government Sector Business Strategy - Research Proposal Example

IT GOVERNANCE WITH RISK MANAGEMENT IMPACT ON THE GOVERNMENT SECTOR BUSINESS STRATEGY Table of Contents Table of Contents 1.0 Background of the study 1 3.0 Study Objectives 5 4.0 Study Questions 5 6.0 Research Methodology 10 7.0 Significance of the Research 11 1.0 Background of the study According to Lam (2014), enterprise governance is a set of responsibilities and practices, which is exercised by the Board and the executive management with the sole goal of providing strategic direction in an organization. The organization directors and those who are charged with governance responsibility in the creation and preservation of wealth of all stakeholders, on the other hand, have defined corporate governance, as the ethical corporate practices and behavior while as Lam (2014) states that corporate governance is a system by which companies are being directed and managed. It has the capability of influencing how the company objectives are set and achieved, how risks are being monitored and assessed and how the performances are being optimized. Applying the concept of governance to IT, Rego and Wilson (2012) define IT governance as the setting up of structures, processes and relational mechanisms around the way an organization aligns its IT strategy with its business strategy. IT is a critical element of governance and usually entails the study and use of systems such as computers and telecommunication equipments for storing, sending and retrieving information (Rego & Wilson, 2012). Erkens, Hung and Matos, (2012) place the responsibility of IT governance on the board of directors and the executive management. From this perspective, IT governance is seen to be a crucial part of the enterprise management and entails leadership and organizational structures and processes that ensure that the company IT sustains and extends to the organization strategy and objectives. From this definition, IT management remains a main actor within the IT governance process. However, although IT management and IT governance are closely related, the two concepts are different since IT management is in charge of providing effective IT services, with supplying and management of IT services and products. On the other hand, IT governance focuses on the performance and service delivery aimed at achieving the demands of customers and shareholders. IT governance is surrounded with risks, which means that risk management is inevitably a component of IT governance as well as corporate governance. It follows, therefore, that the teams responsible for the governance of a governmental entity must consider IT and understand how critical the risks are to the organization and manage them according to their priority level. This becomes more important when it is considered that the government sector often struggles to deal with inadequate or reduced IT budgets yet they are expected to extract the highest value from their IT resources. The teams entrusted with IT governance must make it a deliberate strategy to avoid and mitigate risks so as to not only ensure system availability but also guarantee the security and integrity of data (Hoch & Payan, 2008). At the government level, the lack of a clearly defined top-level mandate to manage and lead the IT function will most probably result in failure of public-sector projects. The modern world is typically dynamic, which implies that and the government must acknowledge that IT is indispensible in providing better, effective and efficient services. Therefore, risk management must be viewed as a tool in IT governance that ensures sustainability and also creates and captures the value of IT (Hoch & Payan, 2008). The dynamic nature of the modern world coupled with the concept of globalization is forcing organizations to change the way they conduct their operations and, more importantly, their IT systems. However, a considerable number of people affected by such change always show some degree of resistance. From the perspective of IT governance, which is mainly concerned with the performance of IT in the organization, the process of change management must be conducted in such a way that not only changes information technology; it should also integrate business processes, organizational structures and job assignments to reduce the risks and costs of change. To achieve such change without resistance, managers must ensure that apart from individual employees changing their habits, they must also develop a new understanding of all the organizational processes (Weill & Ross, 2004). It is imperative that all persons concerned and affected acknowledge that implementing new systems and technology is one way achieving change and leading to better productivity. For example, automation is an effective way of reducing risks and operational costs but it can have the opposite effects if it is misunderstood and not used as it is supposed to. This suggests that IT governance also plays a critical role in aligning individual and organizational objectives in the government sector. Therefore, the way IT governance is structures as well as the position of the decision-making authority within the organization will play a part in determining the effective of IT governance (Weill & Ross, 2004). 2.0 Research Problem Due to the uncertainty surrounding organizational environments, the need and importance of risk management have increased, especially after the great recession period that affects the government sector and system failures have been reported in many countries (Rego & Wilson, 2012). The necessity of an efficient risk management system has been increased by increased uncertainty but information technology risk management systems have the potential to protect the organization from unforeseeable uncertainty (Ellul, 2015). This can be more effective when IT governance is understood as a set of formal processes designed to balance risks and costs in an effort to turn IT investments into value for the government sector. Organizations in the government sector are currently facing problems in maintaining stability in their business operations throughout the globe (Rego & Wilson, 2012). Therefore, they should enhance the concept of IT governance to be well prepared to meet contingencies such as global competition, natural disasters, and crisis among others. Through IT governance structures, the organizations will be able to focus on the strategic values of their IT investment and ensure there are high levels of control designed to realize and sustain benefits (Peppard, 2007). Companies should be able to analyze the risk, categorize them and prioritize them depending on the seriousness of the risk factor. IT risk management is the process of risk identification, assessment and categorizing the risk while looking for the best possible mitigation measures (Rego & Wilson, 2012). Since IT outcomes are often hard to measure, organizations must assign responsibility for expected results and investigate how well they achieve them. IT governance should not be considered in isolation but rather as an integral part of corporate governance (Pandey, 2006). This is because IT is linked with other critical enterprise assets thus IT governance might share mechanisms with another set of governance processes thereby coordinating enterprise-wide decision making processes resulting from controlling the uncertainty (Rego & Wilson, 2012). Therefore, the top management must realize the impact IT can have on the performance and success of their organization. The top management should particularly be concerned with knowing whether the way IT is managed can achieve organizational objectives, can be learned and adapted and more importantly, can recognize opportunities and risks and act upon them. Strategic risk management is an integrated continuous process of identification and assessment of risks that are considered obstacles and contribute in preventing organizations from reaching their operational and financial goals. Hence, successful organizations always understand risks and exploit the benefits offered by IT by aligning IT strategies with business strategies. Financial risk management system, on the other hand, is the value creation using different methodologies and techniques that can help in managing risk exposure in an organization. With this, it is important to investigate the impact of IT governance process in business strategic management and the change expectations affections on business environment. 3.0 Study Objectives Theories, investigation and practices in risk management in the public sector are essential and should be investigated with IT governance relations. The risk management has to be included in any current and future planning of an organization and discovers the challenges that occur locally in MOI IT initiatives. The objectives are as follows: 1. To investigate IT governance within a public sector & risk management considerations. 2. To investigate challenges at IT governance pre IT initiatives. 3. To evaluate the efficiency of practices IT governance on organizations process. 4.0 Study Questions To achieve the study objective, the study will be guided by the following research questions in line with study objectives 1. What are the principles of IT governance & risk management? 2. What are the challenges pre MOI IT initiatives projects? 3. What is the effect of IT governance practices on organizations process? 5.0 Literature Review According to Wilkin and Chenhall (2010), IT governance entails the processes aimed at ensuring efficient and effective use of information technology towards the achievement of organizational goals and objectives. This definition is in agreement with the sentiments earlier presented by Weill and Ross (2004). From that perspective, this proposal seeks to research and establish the decisions that need to be made in order to ensure the use of IT is managed effectively and efficiently. Equally significant to IT governance and risk management considerations in the public sector as opined by Haes and Grembergen (2009), the proposal seeks to demystify who makes the decisions and how such decisions are made and monitored. Wood (2011) identified the absence of documented strategies as one of the key challenges of IT governance in the public sector. This proposal will seek to establish how the absence of documented strategies contributes to weak communication across an organization and, as Brown and Grant (2007) point out, slows down the process of change. Gowland and Aiken (2009) support the views of Brown and Grant (2007) and agree the absence of documented strategies forces organizations to use tactical plans that are ad hoc in nature and usually for short-term rather than long-term purposes. They are often short-term because they are created to simply respond to user requests. Lutchen (2007) also shares the ideas of Brown and Grant (2007) and agrees that IT within an organization should be managed as a business but at the same time avoid the risk of macro and micro management when implementing IT initiatives. Agreeing with this view, Grembergen and Haes (2010) describe several ways in which macro and micromanagement hinder business growth. Hence, this proposal will seek to establish how micromanagement in the IT perspective discourages innovation, decreases business agility and increases employee turnover despite micromanagers having good intentions. It is the purpose of this proposal to research on how IT decisions can be made in faster and more informed ways that improve efficiency and business productivity. According to Epstein and Buhovac (2014), Information technology has changed over time and evolved into a critical part of business. As a consequence, as information technology rapidly changes, companies have become increasingly vulnerable to IT risk. As Grembergen and Haes (2010) point out, it is not possible to effectively contain the changes and events from IT without significantly impacting on the overall business functions of an organization. Explaining this notion, Bromley and (2014) show that loss of data, inaccessibility, and corruption combined with failures of systems and infrastructure, have the potential of severely impacting on an organization’s performance and productivity. From the perspective of IT governance, Ellul (2015) states that risk management in business offer grounds for creating complete and coherent integrated management system. As a function of IT governance, the process of risk management reinforces organizations’ management through existing infrastructure within the organization. Scholars consider risk management to be an integral part of organizational management since the primary objective of management is risk identification, analysis, and evaluation, with the sole purpose of implementing additional control measures that can result in risk reduction. Jones (2014) explains the goal of risk management as reducing an organization’s exposure with maximum efficiency. Many governments are challenged when it comes to developing stable political systems and adequate financial markets. However, most are in a position to develop an effective approach to identifying, measuring and assessing risks and coming up with effective policy responses. One of such approaches is effective enterprise risk management system (Epstein & Buhovac, 2014). As Franks et al. (2014) explain, sound and all inclusive corporate governance should be vested in the board-level management. That will place them in a position to contribute to better performance of the company by discharging their duties in the best interest of shareholders and preventing vulnerability to poor performance. Good governance, according to Peppard (2007), will facilitate efficient and entrepreneurial management that can deliver value to shareholders over the longer term. This paper presents the sophisticated approach of information technology in risk administration in the condition that there should be caution when it comes to risk. All interventions must be well designed and calculated in the handling of reality on the ground, helping the management to prevent their governmental organizations from collapsing and be more efficient. Erkens, Hung and Matos (2012) distinguish the risk from uncertainty by relating the risk to a quantity susceptible to measurement while uncertainty is quantity not measurable. Most available literature on governance reveals that government processes can be grouped into three broad categories. They include enterprise governance, corporate governance, and IT governance. As Kolk (2008) points out, IT governance has especially developed into an intrinsic and persuasive aspect of corporate governance in all organizations. In that sense, governance from the board level must pay special attention to information technology and review how strongly the organization is dependent on it. Erkens, Hung and Matos (2012) support this view and contribute that information technology is critical when it comes to executing business strategy. From the same perspective, Acharya et al. (2013) state that IT governance is part of a much wider concept of corporate governance and assert that the two major concepts and principles in information technology are effectiveness, transparency and accountability. It reflects wider corporate principles of governance while focusing on the management and use of IT to achieve corporate governance goals. The IT Governance Institute acknowledges that IT outcomes are often difficult to measure and opine that organizations must assign responsibility for expected outcomes and investigate how well they achieve them (Hoch & Payan, 2008). It follows, therefore, that IT governance should not be considered in isolation since IT is linked to other key enterprise assets thus IT governance might share mechanisms with another set of governance process thereby coordinating enterprise-wide decision-making processes (Acharya et al, 2013). Governance regulation both at national and international levels reflects the view that corporate governance, internal control, and risk management are quite interdependent factors. The boundaries of these concepts may appear narrow at times; it is not always clear whether the risk management is a sub-division of internal control or vice versa. However, the dominant recurring theme is that risk management is an integral part of the process of corporate governance as well as IT governance. For the government sector, risk management from the perspective of IT governance will enhance transparency, optimize costs, eliminate duplication, reduce maintenance and prevent abuse and waste (Ellul, 2015). Thurner and Proskuryakova (2014) had earlier viewed the private sector from the perspective of Ellul (2015) and found that it uses similar promptings to improve risk management and internal control systems. They established that risk management in the private sector is considered as a crucial part of proper governance that can help in achieving the objectives and goals of corporate governance more strategically (Thurner & Proskuryakova, 2014). Epstein and Buhovac (2014) in their study concluded that information technology in the management of risk is the pillar of corporate governance; it is capable of achieving better and more efficient use of the organization resources and help in better management of projects. The arguments that are underlying the need for formal risk management control system may, therefore, appear to have strong similarities across both public and private institution. However, it is implicit to assume that the resulting systems will be the same. A study by Lam (2014) reveals that public sector risk management is distinct and different from private sector risk management, but there is a lack of academic literature that tests such kind of views. Several articles and policy papers have been written explaining the need for better risk management in the public sector. Epstein and Buhovac (2014) identify risk management principles to include value creation, be an integral part of the organization processes, and be systematic and structured. In the sense of IT governance, Ellul (2015) expands on the idea of Epstein and Buhovac (2014) and assert that risk management ensures individual programs begin early. As they explain, this is achieved by aggregating a list that is definitive of the most current policies that must be complied with since programs generally need to comply with a myriad of regulations. The adoption of risk management methodology in an organization can lead to a reduction in the uncertainty in the enterprise management. It ensures continuity in the production and trading in the market, to reduce the risk of failures and promote the enterprise external and internal image. Epstein and Buhovac (2014) concluded that IT risk management creates business value, maximizing business profits while minimizing cost. Strategic risk management is an integrated continuous process of identification and assessment of strategic risk management that are considered obstacles that help in preventing organizing from reaching their operational and financial goals. The importance of IT risk management in business increase as the business seeks to leverage existing technologist and come up with better compliance results and improves its performance. Rego & Wilson (2012) states that risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprise need for risk compliance requirements, transparency about the significant risks to enterprise and embedding of risks management responsibility into the business. 6.0 Research Methodology To achieve the study objective, the study uses a methodological approach which is a combination of different methods, strategies, and planning. The study will use qualitative research approach that will help to find accurate research results in less time. The data will be collected from the past events and journals, which will be analyzed from the past risk management practices and how companies failed in the past and the reasons for the failure and how they could avoid that in the future (Szekely, & Knirsch, 2005). The data for the research was outsourced from reliable sources. Data collection is a crucial part of secondary research. Expert work in the field will be reviewed. Both qualitative and qualitative data was used in the proposed study. Quantitative data was collected in the form of different published statistics, and indices of the government economy prior to and during the global financial crisis. The data that will be used in this study was purely secondary data. As such, academic sources such as academic journals, books, and other publications served as important sources of information for the research. Data about the period in question was collected from official sources such as the website of the Central Bank and other corporate websites including auditor’s report. The collected data will be then processed using qualitative and quantitative means. For qualitative data, a critical analysis of the findings of other studies on the subject carried out in the recent past was done. On the other hand, qualitative data was processed using quantitative techniques to establish the efficiency of different policies that were adopted by the government to mitigate the crisis as well as establish the impact of risk on the economy. This approach to processing the data of the experiment was necessary for identifying and evaluating and helps preventing the economy from the influence of a crisis similar. Regression analysis will be using SPSS version twenty to determine the result. 7.0 Significance of the Research The impact of information technology is of much importance in the present risk management process. The development of IT and communications technologies made a lot of deviation in the risk management process. This research will try and give some of the more insights on the impact of IT on risk management and governance process. Due to increase uncertainty in the business environment, there is need to increase investigation of the mitigation factors to organization risk. The management should manage risk factors in a more proper way using the necessary control system. This study will also add to the present literature on the impact of IT on risk management (Kolk, 2008). The study will also provide effective ways and proposal on effective risk management system within the company, since the effective risk management strategies will help a business to find almost all-possible risk in advance and hence the success in long term can be achieved. Another significance of this study is that it serves as a market survey, what companies should do to improve their reputations. Therefore, it is very important for the companies to know how their customers feel about them. Lastly, this research will act as a feedback checkpoint for companies. The survey will be very important as the data from customer’s feedback forms a major part of the company decision data. References Acharya, V. V., Gottschalg, O. F., Hahn, M., & Kehoe, C. (2013). Corporate governance and value creation: Evidence from private equity. Review of Financial Studies, 26(2), 368402. Bromley, P., & Meyer, J. W. (2014). “They Are All Organizations” The Cultural Roots of Blurring Between the Nonprofit, Business, and Government Sectors. Administration & Society, 0095399714548268. Brown, A., & Grant, G. (2007). Framing the frameworks: A review of IT governance research. Communications of the Association for Information Systems, 15(38), 114-118. Ellul, A. (2015). The role of risk management in corporate governance. Annual Review of Financial Economics, 7(1). Epstein, M. J., & Buhovac, A. R. (2014). Making sustainability work: Best practices in managing and measuring corporate social, environmental, and economic impacts. Berrett-Koehler Publishers. Erkens, D. H., Hung, M., & Matos, P. (2012). Corporate governance in the 2007–2008 financial crises: Evidence from financial institutions worldwide. Journal of Corporate Finance, 18(2), 389-411. Franks, D. M., Davis, R., Bebbington, A. J., Ali, S. H., Kemp, D., & Scurrah, M. (2014). Conflict translates environmental and social risk into business costs. Proceedings of the National Academy of Sciences, 111(21), 7576-7581. Gowland, D. & Aiken, M. (2009). Changes to Financial Management Performance Measures, Accountability Factors and Accounting Information Systems. Australian Journal of Public Administration, 64(3), 88-99. Grembergen, W., & Haes, S. (2010). A research journey into enterprise governance of IT, business/IT alignment and value creation. International Journal of IT/Business Alignment and Governance, 32(1), 1-13. Haes, S., & Grembergen, W. (2009). Exploring the relationship between IT governance practices and business/IT alignment through extreme case analysis in Belgian mid-to-large size financial enterprises. Journal of Enterprise Information Management, 22(5), 615–637. Hoch, D., & Payan, M. (2008). Establishing good IT governance in the public sector. McKinsey: Chicago. Jones, M. (Ed.). (2014). Accounting for biodiversity. Routledge. Kolk, A. (2008). Sustainability, accountability and corporate governance: exploring multinationals reporting practices. Business Strategy and the Environment, 17(1), 1-15. Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons. Lutchen, M. (2007). Managing IT as a business: A survival guide for CEOs. New Jersey: Wiley. Pandey, S.K. (2006). Connecting the Dots in Public Management: Political Environment Organisational Goal Ambiguity, and the Public Managers Role Ambiguity. Journal of Public Administration Research and Theory, 16(4), 511-532. Peppard, J. (2007). The Conundrum of IT Management, European Journal of Information Systems, 16(4), 336–345. Rego, S. O., & Wilson, R. (2012). Equity risk incentives and corporate tax aggressiveness. Journal of Accounting Research, 50(3), 775-810. Sharaf, N., Langdon, C., & Gosain, S. (2007). IS application capabilities and relational value in inter-firm partnerships, Information Systems Research, 18(3), 320-339. Szekely, F., & Knirsch, M. (2005). Responsible leadership and corporate social responsibility: Metrics for sustainable performance. European Management Journal, 23(6), 628-647. Thurner, T., & Proskuryakova, L. N. (2014). Out of the cold–the rising importance of environmental management in the corporate governance of Russian oil and gas producers. Business Strategy and the Environment, 23(5), 318-332. Weill, P., & Ross, J. (2004). IT governance: How top performers manage IT decision rights for superior results. Boston: Harvard Business School Press. Wilkin, C., & Chenhall, R. (2010). A review of IT governance: A taxonomy to inform AIS. Journal of Information Systems, 24(2), 107-146. Wood, D. (2011). Assessing IT governance maturity: The case of San Marcos, Texas. San Marcos: Texas State University. Read More