Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
IT Governance and Human Resources Management: a Framework for
SMEs
Helena Garbarino-Alberti
Universidad ORT Uruguay
Abstract: Information Technology (IT) plays an important role in organizations, particularly in small and medium-
sized enterprises (SMEs). These firms have a simple structure with less specialized tasks and tight human,
financial and material resources, so it is particularly important to use an appropriate IT governance
framework (ITG) to such enterprises. This paper shows the results of applying an ITG framework
designed for SMEs in a case study focused on IT Human Resources (IT HR) and the lessons learned.
Conclusions highlight the importance of the quality of IT HR along with the key role played by related
enterprise policies.
Keywords: IT Governance; Human Resources Management, SMEs.
1 Introduction In the global economic environment, small and medium-sized enterprises (SMEs) play an important role in
promoting economic development (Chang, Chang, Ho, Yen, & Chiang, 2011). Recent studies show that
SME development is closely linked to growth. Furthermore, in many economies the majority of jobs are
provided by SMEs. In OECD (Organisation for Economic Co-operation and Development) countries, for
example, SMEs with less than 250 employees employ two-thirds of the formal work force (Ardic,
Mylenko, & Saltane, 2011). It is difficult to define what an SME is, though SMEs are commonly defined
as registered businesses with less than 250 employees (IFC, 2009). In Italy, Japan and France, the number
of SMEs accounted for 99% of the total number of enterprises. In the United States there were more than
15 million SMEs, accounting for 98% of the total number of enterprises, although America was famous for
its large enterprises. In Germany, SMEs-related exports value accounted for over 60% of the country total.
In China, SMEs accounted for 99.3% of total number of enterprises according to 2006 statistics (Liu, Li, &
Zhang, 2012).
In addition, in EU-27 between 2002 and 2008, the number of jobs in SMEs increased at an average annual
rate of 1.9 % while the number of jobs in large enterprises increased by only 0.8% (Ardic et al., 2011) and
represented 99,8% of the enterprises, 99,9% in Spain (European-Commission, 2012). Nowadays, SMEs in
the EU are operating their businesses in a difficult macroeconomic environment. In 2011 only Austria,
Germany and Malta exceeded their 2008 levels of real value added and employment in their SMEs. One
differentiation factor explaining these exceptions is that SME employment is relatively concentrated in
high-tech and medium high-tech manufacturing and knowledge-intensive services in those countries.
(ECORYS, 2012)
Information Technology (IT hereinafter) has been considered fundamental for the development of
productivity and knowledge-intensive products and services (Soto-Acosta, Martinez-Conesa, & Colomo-
Palacios, 2010). In European countries, high-tech SME activity is considered to be crucial for achieving
the desired structural transformation of economies (Nunes, Serrasqueiro, & Leitão, 2012). But, when
compared to larger enterprises, SMEs usually have a simple structure with less specialized tasks and tight
human, financial and material resources. Most SMEs have low levels of internal IS expertise, although this
varies depending on industry sector. While there are many high-tech SMEs, many have no IS department,
no staff with formal IS training, and no IS manager (Adam & O'Doherty, 2000; Cragg, Caldeira, & Ward,
2011).
In a highly competitive world, strategic decisions are a key element for achieving economic success and
management excellence in the organizations (Van-Grembergen & De-Haes, 2007). Some of these
decisions are related to IT, and in particular, to IT human resources. In any case, IT has become
ubiquitous and essential in both ongoing operation and strategic development of almost all organizations
(Toomey, 2009). In consequence, many frameworks have been developed, like Cobit 5 (ISACA, 2012)
and Calder-Moir (Calder, 2008b). In particular, the IT governance standard ISO/IEC 38500 has been
designed for company directors (or equivalents) in all sizes of organizations, making emphasis on the
whole business context of IT use, not only technical, financial and scheduling aspects (ISO/IEC, 2008).
Some authors conclude that both the foundations and the current application of IT governance suffer from
serious limitations (Kooper, Maes, & Roos Lindgreen, 2011); however and according with Mark Toomey
(2009), this limitations refer to the implementation of IT-management and IT-control frameworks like
the ones mentioned above. The IT contribution to the business is widely recognized, with value creation
of IT-investments being one of the most important dimensions of it (ITGI, 2011).
According to the literature (e.g. Colomo-Palacios, Casado-Lumbreras, & García-Crespo, 2011; Colomo-
Palacios, Tovar-Caro, García-Crespo, & Gómez-Berbís, 2010), Information Technology work is highly
intensive in human capital, which is a key factor in all life cycle of IT related activities; thus, many
frameworks have taken human capital into consideration (ISO/IEC, 2008). In the business equation
defined by people, process, structure and technology, the last one, technology, has become the enabler of
transformation in organizations, but technology alone does not result in improved business systems
(Toomey, 2009). People, who can fill different roles, are considered a strategic asset because they are
simultaneously resources and capabilities (Taylor at al. cited by Gama, Nunes-da-Silva, & Mira-da-Silva,
2011).
The purpose of this paper is to provide an overview of the lessons learned and the issues that emerged
from a project aimed at implementing an IT Governance framework within an SME, focusing the analysis
in Human Resource Management issues. In agreement with P. Runeson and M. Höst (2009) the case
study methodology is well suited to many kinds of research (Colomo-Palacios, Fernandes, Soto-Acosta,
& Sabbagh, 2011), and this will be the approach adopted in this paper. In order to do this, the remainder
of the paper is structured as follows. Section 2 defines IT Governance, the main principles and assets, and
the relationship between them and Corporate Governance. Section 3 describes a framework for IT
Governance focused in SMEs. Section 4 provides a description of the pharmaceutical laboratory (here
called AAA) in which the case study was performed and depicts the project itself and its characteristics;
we implanted the framework in Human Resources areas. Section 5 describes lessons learned from the
process of implementing this IT governance framework in a Human Management business context.
Finally, conclusions are drawn and future development work is presented in the final section.
2 IT Governance For many organizations, making decisions about IT must involve assessing costs and benefits, business
risk and new opportunities arising from IT (Sieber, Valor, & Porta, 2006). IT governance (ITG) provides
the mechanism that associates processes, resources and information (from IT) with the enterprise
strategies and objectives. ITG therefore integrates and institutionalizes good practices in planning and
organization, acquisition and implementation and delivery services and support. ITG allows control and
monitoring of IT performance to ensure that the information and related technologies supports business
objectives.
IT managers decision making is affected by five main factors: increased capital investment in IT,
executive perception of IT as a business enabler, regulatory pressure, IT operations increasing complexity
and poor project performance. When these factors are analyzed, it arises that a regulatory framework is
essential to establish a consistent behavior of generic IT policy in view of the mission, strategy, values,
norms and culture of the organization. Elements such as proportion of insiders, board size, IT
competency, organizational age, and role of IT are factors that influence the board’s level of involvement
in IT governance (Jewer & McKay, 2012)
The IT Governance Institute (ITGI, 2007) defines ITG as "a structure of relationships and processes to
direct and control the enterprise in order to achieve the enterprise’s goals by adding value while
balancing risk versus return over IT and its processes", Van Grembergen and De Haes (2009) define
Enterprise Governance of IT as "...is an integral part of corporate governance and addresses the
definition and implementation of processes, structures and relational mechanisms in the organization that
enable both business and IT people to execute their responsibilities in support of business/IT alignment
and the creation of business value from IT-enabled business investments" and ISO/IEC 38.500:2008
(2008) as " ...the system by which the current and future use of IT is directed and controlled. [It] involves
evaluating and directing the plans for the use of IT to support the organization and monitoring this use to
achieve plans. It includes the strategy and policies for using IT within an organization". According to the
above definitions IT is an enabler for implementing short and long term corporate strategies and both
(corporate and IT strategies) must be integrated. Moreover, organizations recognize that IT services are
strategic assets to support information and services management (Lucio-Nieto, Colomo-Palacios, Soto-
Acosta, Popa, & Amescua-Seco, 2012). Organizations with unsuccessful and powerless IT governance
will suffer due to poor performance of IT resources such as improper information quality, inefficient
operating costs, runaway IT projects and even the demise of its IT department (Ali & Green, 2012).
Peter Weill and Jeanne Ross (2004) propose a framework to link corporate governance with IT
governance, identifying a set of key assets that can generate value: human, financial, physical,
intellectual, information and IT, and relationship. The governance of these assets will increase integration,
performance, data integrity and reuse among others (Figure. 1). An effective ITG must answer these three
questions (Weill & Ross, 2004):
1. What decisions must be made to ensure effective management and use of IT?
2. Who should make these decisions?
3. How will these decisions be made and monitored?
These questions refer to the organizational structures that enable decision making, responsibilities
assignment, and control. These elements together with those defined in the IT governance and
management frameworks (ISO/IEC 38.500:2008 (ISO/IEC, 2008), Calder-Moire Governance Framework
(Calder, 2008a), CobIT 5 (ISACA, 2012) and IT BSC (Van-Grembergen & De-Haes, 2009) are the main
blocks of an ITG framework. In summary, the main elements to consider in an ITG framework are
responsibility, strategy, acquisition, performance, conformance and human behavior, with the tasks of
evaluation, management and monitoring and the focus on the three questions above.
Nowadays, in an interoperating marketplace, IT Governance becomes a powerful tool for companies.
Understanding and choosing the right arrangements are key elements of success on strategic information
management, in terms of Business-IT Alignment as well as in monitoring and controlling of inter-
organizational information infrastructures, in a rapidly changing business environment (Zarvić, Stolze,
Boehm, & Thomas, 2012).
3 A framework for IT Governance in SMEs As mentioned in the introduction, the objective of this paper is to show the results and lessons learned
from implementing an IT Governance framework with a SMEs focus (named SMEsITGF). This
framework has the particularity of being linked to the areas and processes that characterize SMEs. It
proposes a capability maturity model in five steps (Duffy, 2002) (otherwise proposed in six steps
(ISACA, 2012)) that enables the business to quickly reach average levels of maturity.
Figure 1 Relationship between corporate and IT governance. (CIMA, 2004)
Desirable Behaviors Strategy
Information & IT Human Financial Physical Intellectual Property Relationships
IT Governance
Key Assets
Key Assets Governance
Corporate Governance Compliance Process: Performance Process:
- Responsibility - Resources
- Assurance - Value Creation
The need for a specific IT Governance framework focused on SMEs justification is because the intrinsic
characteristics of these enterprises (Table 1) and according with (Ayat, Masrom, Sahibuddin, & Sharifi,
2011) there are no specifics frameworks nor standards for SMEs, although ISO/IEC 38.500 was defined
for any type of enterprise (ISO/IEC, 2008). SMEs have specific characteristics that distinguish them from
larger companies, so is necessary the developed a specific framework for these enterprises.
Table 1 SMEs characteristics (Ayat et al., 2011)
SMEs characteristics
1) Informal culture 2) Quick communication
3) Responsive 4) Flexible
5) Relying on individuals 6) Nowhere to hire
7) Wide organizational knowledge 8) Limited technological knowledge
9) High unit cost 10) Complexity interpretation
Figure 2 shows the static view of the framework. It presents four elements (Strategy, Strategic Portfolio,
Projects and Operations/Services) and four dimensions (Responsibility, Risk and Compliance, Human
Resources and Enterprise Architecture). The elements are the components that will result in measurable
activities and processes, while the dimensions influence the type of governance practice adopted by the
company.
Op
era-
tio
n
Imp
le-
men
ta-
tio
n
Pla
n
Stra
tegy
Ris
ks /
Co
mp
lien
ce
Responsibilities
Ente
rpri
se A
rch
itec
ture
Hu
man
Res
ou
rces
Strategy
Strategic Portfolio
Operations/Services
DIRECT MONITOR
EVALUATE
BUSINESS
PRESSURES BUSINESS NEEDS
Projects
Figure 2. IT Governance framework for SMEs - SMEsITGF
Responsibility refers to the decision-making structures and the business commitment to be the engine
driving IT services (supply ↔ demand (Toomey, 2009)). Assessment directs and supervises activities; it
must be present at all levels that allow the responsible structures to take corrective actions against
problems. Risk and Compliance give a vision about the business risks associated with the incorporation of
IT in its processes, and also enforce national and international regulatory standards. According with V.
Stantchev, K. Petruch and G. Tamm (2012) there are two kinds of IT Resources: IT infrastructures and
IT staff. Human Resources are a fundamental dimension in the framework as they relate to a sensitive
resource in SMEs. People (as a valuable resource within the organization) must be managed properly,
considering their aspirations and allowing development and training. Enterprise Architecture is an
intrinsic feature of the business where the framework is implemented, and it will lead the way to achieve
the IT governance goals, while influencing the rest of the dimensions.
IT strategy, integrated with business strategy (business pressures and requirements affect the entire
model, especially IT strategies) enables obtaining business value and new opportunities. The Strategic
Portfolio arises as a result of the IT strategy needs (from the business and aligned with its strategy).
Projects are the components of the portfolio; they may be developed both inside and outside of business
limits (SMEs usually outsource developments) in order to achieve the promised value (economic,
strategic, quality product, security, compliance, etc.). Operations are proper IT operations, which must be
performed to meet expected service levels.
The dynamic view of the framework shows the relationship between elements and dimensions and the
activities direct – evaluate – monitor (figure 3). Elements will be valued from the perspective of the IT
BSC (Customer orientation, Corporate contribution, Future orientation and Operational excellence),
(Van-Grembergen & De-Haes, 2009) and linked with the five major decision domains (IT Principles, IT
Architecture, IT Infrastructure, Business application needs and Prioritization and investment) (Weill &
Ross, 2004). The outcomes must be registered in the Organizational Knowledge Database for future
analysis.
In order to measure the maturity stage of the ITG, a maturity model is useful. The enterprise can establish
“where it is” now, “where to go" in the future, and the steps needed to achieve the desired level (ISACA,
2012). Authors propose a five levels maturity model (Duffy, 2002):
Organizational
Knowledge
Base (OKB)
Strategic Portfolio
Projects
Operations
Risk Strategy
HR Strategy
Portfolio Risks HR Capabilities
Projects Risks HR Capabilities
Operational Risks
HR Capabilities
Business
Strategy IT
Strategy IT Principles
IT Architecture
IT
Infraestructure
Aplications
IT Investments
Future Orientation
User Orientation Business Contribution Operational
Excellence
Evaluate - Direct- Monitor
Decision making
Figure 3 SMEsITGF dinamic view
Level 0 Immature: the organization has no effective implementation of ITG processes or it does not
achieve its objectives. IT executives are disconnected from other members of the organization.
Level 1 Initial: the organization implements ITG processes that achieve the objectives. IT is seen as a
cost, which is a consequence of the low value associated with it.
Level 2 Managed and Established: the organization uses defined ITG processes based on standards that it
establishes, controls and maintains. The organization is aware of the value that IT brings, so IT is
emerging as a strategic tool.
Level 3 Predictable: the organization manages the ITG processes quantitatively, recognizes the value of
IT in all areas, from the operational to the strategic ones and considers it as an enabler of new business
opportunities.
Level 4 Optimized: the organization implements continuous improvement of ITG processes to meet
business objectives. At this level the organization and IT are integrated and the business depends entirely
on IT performance. There is only one strategy that incorporates IT as an integral part of the organization.
Table 2 shows these maturity levels and practices, and actions recommended to achieve each described
level of the model.
Table 2 SMEsITGF Maturity Model and actions recommended to achieve levels 1 and 2
Future Orientation User Orientation Business
Contribution
Operational
Excellence
IT Strategy
Level 1: Basic
IT plans are not
always aligned with business strategies
(which tend to be weak,
the business has little or no organized
administration). It seeks
to reduce costs.
IT recognizes the importance of user
evaluation. IT analyzes
user needs and requirements case by
case, ad hoc.
There is no standardized
mechanism to assess
the IT contribution to business so, strategic
alignment is poor.
IT looks for
operations consistent
with expected levels; however there are
neither defined processes nor strategic
vision of them.
HR view
Policies are set for IT HR in order to improve the immediate capabilities of the workforce. It must
address specific needs in requirements engineering. No measures the contribution to the organization made
by IT HR. Should be training in service quality.
Level 2:
Managed and
established
Define strategic IT
plans aligned with
business ones, taking into account the risks
and the business
architecture.
Processes are defined to
include/reject user
service requests. Enterprise architecture,
risks and HR
capabilities are considered.
Although IT is not
integrated into the
business, IT strategic plans are aligned to the
business ones; there is
an IT operational dependence, with focus
on repetitive tasks
automation.
IT operational
processes are defined and associated business
strategies.
Future Orientation User Orientation Business
Contribution
Operational
Excellence
HR view
Organization must align IT HR policies with defined business processes and the scales to measure people performance. We suggest implementing industry proven standard models. The capabilities of
employees must follow the evolution and needs arising from the management of the programs and projects
portfolio. Expected and obtained results must be registered in the Organizational Knowledge Base (OKB), also plans and measures related to the contribution to the business and the quality of IT HR services.
Strategic Portfolio
Level 1: Basic
Those projects that
can automate repetitive
tasks seeking to reduce costs are part of an
emerging portfolio.
The portfolio includes user requests
with more emphasis
than other ones. An important characteristic
is the absence of strategic assess.
The portfolio is oriented to operations
instead to strategic
contribution
Not always the portfolio is articulated
to bring service
expected levels.
HR view The capabilities of IT HR must accompany projects and programs development needs. When
organization does not have the necessary skills should evaluate the possibility of outsourcing the service.
Level 2:
Managed and established
Since IT Plans are
aligned to business ones, the portfolio
becomes a strategic
element, in an incipient manner at this level.
There are defined
processes to establish priorities for both,
users and the business.
The portfolio is strategically managed.
The portfolio reflects the alignment
between business and
IT. There is an important value
contribution from IT to
business.
Portfolio management is
performed taking into
account defined service levels set by defined
processes, which have
been defined according to the architecture and
infrastructure of current
and future IT.
HR view
The portfolio being to be strategic, so IT HR capabilities must be aligned to this development. Defined processes are implemented to manage IT HR, the capabilities of employees must accompany
current and future IT infrastructure. Decisions related to portfolio and IT HR capabilities must be recorded
in the OKB.
Projects
Level 1: Basic
Implemented projects are those that
have lower costs and/or
automate repetitive processes.
Projects tend to be
selected by the users pressures rather than
their business value.
Implemented projects are not
necessarily those that
provide more value to the business. IT
architecture is not
necessarily taken into account.
Projects are not developed through a
standard defined
process. Each project is developed ad hoc.
HR view Due to the implemented projects characteristics, is important that IT HR being trained in the business
adopted technologies or define an ad oc. outsourcing politics.
Level 2:
Managed and established
Projects are selected according and
consistent to business
priorities and strategies.
Are defined processes to establish
which projects will be
selected taking into account both the needs
of users and business
strategies.
The selected projects must be within
the range of those that
contribute to business strategies (at this level
business strategies and
IT are aligned).
Defined processes
are communicated and
exists standardized and defined service level to
be met.
HR view Training policies are defined and accompanying projects needs. Just as, you should define and
establish outsourcing processes to be used where appropriate. The OKB must register those policies.
Operations
Level 1: Basic
The operations are
controlled one by one.
There is no clear vision for the future of
services.
Takes importance the operations quality
of services, no defined
standards.
Is meant that the business contribution is
given by the completed
service.
Services are
managed ad hoc.
HR view While the quality of services is not seen as strategic but rather operational, the staff should be train in
IT services quality or outsource them.
Future Orientation User Orientation Business
Contribution
Operational
Excellence
Level 2:
Managed and established
Using defined and communicated
standards to manage
current operations, matching resources to
architectures, principles
and future IT needs.
Operations should
meet the needs of the
different users (internal and external) of IT
services.
Operations should meet business needs,
established through it
strategies.
Services quality is
assured with the implementation of
standards. IT HHRR
training plans are implemented.
HR view
Based on training should define expected quality service levels (we suggest using industry standards)
to ensure that operations accompany defined strategies. The OKB record both, defined processes and the
results of daily operations.
4 Adoption project
4.1 The Company
AAA began operations in 1950. Today it produces, markets and distributes more than 160,000
pharmaceutical units monthly, which means 1.5% of the local market. AAA was born with the mission of
being a local leader in the pharmaceutical market, renowned for the quality of its products and the moral
integrity of its members. It implements high international standards in production processes, technology
and environmental care. AAA offers no more than 50 direct jobs and 25 to 30 indirect jobs out of a total
of 61,706 in the human health sector in Uruguay (INE_Uy, 2011). AAA has maintained a permanent
concern for employees’ quality of life, ethical development of business, responsible marketing of its
products and services and environmental care.
4.2 The project
There is an undeniable importance of people in IT in general and software development processes in
particular (Colomo-Palacios, Fernandes, Sabbagh, & Amescua-Seco, 2012). Therefore, the main question
behind the project was: How and why can SMEs organizations reinforce their IT HR? In consequence, a
"single-case study" was designed, applying the ITG framework described in the former section to the IT
human resources (HR) in AAA. Case study research is the most common qualitative method used in
information systems (Myers, 1997). There are numerous definitions of this method, Robert Yin defines
the case study method as follows: A case-study is an empirical inquiry that: investigates a contemporary
phenomenon within its real-life context, especially when the boundaries between phenomenon and context
are not clearly evident (Yin, 1984, 1994).
The design of this case-study project was holistic, because it examined the global nature of the HR
division, in particular the policies related to IT staff.
The project has two stages. In the first one the enterprise implements those practices related to IT HR in
order to achieve level 1 of the maturity model shown in Table 2, while the second stage has the goal to
achieve level 2 in the maturity scale.
Selection criteria of the case-study were as follows:
1. The company is a SME with no more than 50 employees.
2. The company has HR policies.
3. IT staff consist of 5 people total.
4. The company has a deep interest to improve the quality of its IT governance practices and in
particular those related with IT HR.
Data collection was performed mainly via interviews, direct observation of the events and examination of
archival records.
4.3 First Stage
At the beginning, in AAA the IT HR politics were not clearly established, although there was a tacit
understanding by the employees about them. Following the framework implantation guide, the project
implemented:
1. Policies:
a. To improve IT staff immediate capacities.
b. Outsourcing.
c. Quality of Service.
2. Training:
a. Quality of Service.
b. Requirements Engineering
c. Outsourcing policies
This stage began on March 7, 2011 and ended May 20, 2011, with a total of 440 man-hour of work
calculated at 8 hours per weekday.
4.3 Second Stage
At this stage IT practitioners are capacitated according to the organization needs. Some services were
outsourced but there were no standard processes defined. Following the implantation guide of the
framework, the next tasks are designed:
1. Enterprise must define:
a. Expected service levels (suggest using industry standards) to ensure that operations
accompany defined strategies.
b. General training policies and procedures for current and future needs aligned with the
business strategies.
c. HR management processes.
2. The OKB must register:
a. Defined processes.
b. Strategic plans and HR related results.
c. Daily operations results.
d. Capabilities of current IT HR and its evolution over time.
3. Must be measure the contribution made by HR to the organization and record them on the OKB.
This stage began on 1/8/2011 and ended 1/12/2011, with a total of 600 man/hour of work calculated at 8
hours per weekday.
5 Results
5.1 Results of the two stages
To measure the obtained results and to quantify them, authors use two sets of indicators. The first set is
made of high-level indicators (Table 3) and their purpose is to give a global view of the situation in the
organization. The second set (Table 4) is a subset of a previously developed taxonomy of IT intangible
indicators (Garbarino & Delgado, 2011; Garbarino, Delgado, & Carrillo Verdún, 2011), with the goal to
analyze in depth the results of the framework implementation. The project initially established a baseline
from which to measure the results.
Table 3 List of IT high-level indicators
IT high-level indicators
1) IT HR satisfaction 2) User satisfaction - services
3) User satisfaction - usability 4) Response of contracted companies
5) IT meets business needs
Table 4 List of IT Intangible used indicators subset
IT intangible indicator used subset
1) Costs of Education and Training 2) Development of in-house IT
3) Development of outsourced IT 4) Employee Experience
5) Quality of Upper Management 6) Aligning of Middle Management
7) Know-How 8) Capabilities
9) Employee Added Value 10) Rotation of support personnel
11) Training (employee view) 12) Employee satisfaction
13) Performance - level of operation 14) Quality of Supplier contracts
15) Organic Growth 16) Service Improvement
17) Focus on user needs 18) Quality, safety and appropriateness of
computer systems
The evolution of the high-level indicators is shown in Figures 4 and 5. In the two stages of the project,
indicators evolved in a different way. The IT HR satisfaction increased by 31% when ending stage 1 (the
organization was at maturity level 1) but increased only 4% when being at level 2 (end of stage 2). The
main reason of this gap was related with the deep dissatisfaction that IT personnel presented at the
beginning of the project and the motivation that was achieved with the practices implemented. The quality
of response of contracted companies had a significant improvement at the second stage, when the project
implemented service level agreement policies and practices.
Figure 5 shows the positive variation of indicator IT meet business needs based on the percentage of
business processes well supported by IT.
45%
67%
56%
46%
67%
76%78%
60% 60%
72%
80%
84%
70%
82%
78%
30%
40%
50%
60%
70%
80%
90%
1 2 3 4 5
Base Line Stage 1 Stage 2
31%
11%
4%14%
5%
4%
6%
10%22%
6%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
1 2 3 4 5
Inicial - Stage 1 Stage 1 - Stage 2
Figure 4 Evolution along the stages of IT high-level
intangibles indicators
Figure 5 Relative variation on levels of satisfaction
The system usability improved slowly because it involves deep changes in existing systems and in the
organizational culture and capabilities, but at the second stage the perception improved 10%.
These set of used indicators are meaningful because of the relation with the policies and training activities
implemented in the project. The intangible indicators were measured in a 1..5 Likert scale, where 1 means
non-existent or very low and 5 means very developed.
0
1
2
3
4
51
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Stage 2 Stage 1 Base Line
FO UO BC OE
Base Line 2.39 2.55 2.76 2.88
Stage 1 2.42 3.19 2.84 3.29
Stage 2 2.48 3.19 3.06 3.46
2.00
2.20
2.40
2.60
2.80
3.00
3.20
3.40
3.60
Base Line Stage 1 Stage 2
Improvement 3% 25% 11% 20%
Figure 6 IT intangibles indicators evolution from
baseline to project stage 2
Figure 7 IT intangibles indicators evolution
clustered by IT-BSC perspectives
Figure 6 shows strengths and weaknesses at the beginning of the study and the evolution along the two
stages of the project. Education and training (numbered 1) is the lowest indicator with a value of 1 in the
scale, the objective is grow it up to 3 (end value at stage 2), which was near the average of 3.4 obtained in
a global survey (Ruiz, 2011). Other low value corresponded to the rotation of support personnel
(numbered 10) - implying high rotation - which is consistent with the other indicator. Globally, there was
an improvement in almost all of the 18 intangible indicators; only employee experience (numbered 4)
maintains the initial value, because the staff remained constant along the case study.
To summarize the results and to show the IT-BSC view of the case, in Figure 7 we display the evolution
of the IT intangibles indicators (averages), clustered by IT-BSC perspectives (FO-Future Orientation, UO
- User Orientation, BC - Business Contribution and OE - Operations Excellence). Better results are
obtained in "user orientation" and in "operational excellence" perspectives. These results are consequence
of short-term new policies and practices implemented in the project.
5.2 Results seven month later
With the purpose to validate the obtained results and to analyze its stability, the authors performed
another survey seven months later. The results are shown in Figure 8. Some practices improved their
levels over time, like usability quality, outsourcing quality contract and IT HR politics. The service
quality perception is just below the previous results (1%) and the business value is stable. In conclusion,
to AAA, the implementation of an IT governance framework based on the characteristics of the SMEs
enterprises produced positive results, that have been maintained or improved.
70%
72%
74%
76%
78%
80%
82%
84%
86%
88%
90%
IT HR satisfaction
User satisfaction -
services
User satisfaction -
usability
Response contracted companies
IT meets business
needs
Stage 2
Survey post-case
Figure 8 Project results seven month later
6 Discussion and Conclusions This case study highlights the importance of the quality of IT HR and the related enterprise policies. The
results are positive but, as expected, are not definitive because the measuring period is only six months in
total and the project included implementation practices to go up to level 2 of maturity. Higher levels
would consume more time and budget, but also they would return more value to the business. As a future
project, we will replicate the case study in other organizations (at least one more) in order to make the
study stronger and to blunt the skepticism about the results obtained from a single-case study.
The results presented in the previous section are consistent with the literature, providing evidence about
the value of implementing good IT governance practices especially in SMEs enterprises (ITGI, 2011). A
particular point of view of these good practices is the IT HR in relation with IT-user satisfaction. Our
project reveals that, in this organization, there was a positive relation between training budget and the
other indicators analyzed. Ravichandran and Lertwongsatien (2005) found that intangible IT resources
such as IT skills are decisive for effective deployment in the organization. According with Soto-Acosta,
information technology training has been identified as a key factor for the success of IT applications and
it is the most frequently applied coping mechanism to handle changing IT (Soto-Acosta et al., 2010).
Importantly, the application of the presented framework has strengthened intangible assets such as Know-
how, Quality of Upper Management or Aligning of Middle Management, contradicting that IT governance
carefully avoids the section of the business universe which hosts such vital elements as entrepreneurship,
innovation, business development, creativity, improvisation, value creation and experiment (Kooper,
Maes, & Roos Lindgreen, 2011).
Some studies, such as those presented by Devos, Landeghem and Deschoolmeester (2012) show that IT
governance mechanisms are less important than trust (for example) in SMEs companies. However, the
results from this case study are opposite, although they confirm the vision of these authors that
frameworks designed for large companies cannot be applied in SMEs.
Finally, the indicator "IT meets business needs" grew up 11%. According to our vision and with other
authors previously cited (Toomey, 2009; Weill & Ross, 2004, 2011), the implantation of an adequate IT
governance framework in any organization enables value procurement. Most of published studies are
related to large companies, but the results presented here confirm that a framework conceived for SMEs
produces good results in companies that, because of their dimensions and resources, cannot implement
complex and expensive models.
Future work must include the design of other case studies to re-test this part of the framework and to test
the remainder part of the SMEsITGF presented in this paper.
References Adam, F, & O'Doherty, P. (2000). Lessons from enterprise resource planning implementations in Ireland -
towards smaller and shorter ERP projects. Journal of Information Technology, 15(4), 305-316.
Ali, S., & Green, P. (2012). Effective information technology (IT) governance mechanisms: An IT
outsourcing perspective. Information Systems Frontiers, 14(2), 179-193.
Ardic, Oya Pinar, Mylenko, Nataliya, & Saltane, Valentina. (2011). Small and Medium Enterprises: A
Cross-Country Analysis with a New Data Set World Bank Policy Research Working Paper
Series.
Ayat, M., Masrom, M., Sahibuddin, S., & Sharifi, M. (2011, 25-27 Jan. 2011). Issues in Implementing IT
Governance in Small and Medium Enterprises. Paper presented at the Intelligent Systems,
Modelling and Simulation (ISMS), 2011 Second International Conference on.
Calder, A. (2008a). The Calder-Moir IT Governance Framework.
Calder, A. (2008b). The IT Governance Toolkit-v05: IT Governance Publishing.
Chang, L.M., Chang, S.I., Ho, C.T., Yen, D.C., & Chiang, M.C. (2011). Effects of IS characteristics on e-
business success factors of small- and medium-sized enterprises. Computers in Human Behavior,
27(6), 2129-2140.
CIMA. (2004). Enterprise Governance – A CIMA discussion paper.
Colomo-Palacios, R., Fernandes, E., Sabbagh, M., & Amescua-Seco, A. (2012). Human and intellectual
capital management in the cloud: software vendor perspective. Journal of Universal Computer
Science, 18(11), 1544-1557.
Colomo-Palacios, R., Fernandes, E., Soto-Acosta, P., & Sabbagh, M. (2011). Software product evolution
for Intellectual Capital Management: The case of Meta4 PeopleNet. International Journal of
Information Management, 31(4), 395-399.
Colomo-Palacios, R., Casado-Lumbreras, C., Soto-Acosta, P., & García-Crespo, A. (2011). Using the
Affect Grid to Measure Emotions in Software Requirements Engineering. Journal of Universal
Computer Science, 17(9), 1281-1298.
Colomo-Palacios, R., Tovar-Caro, E., García-Crespo, A., & Gómez-Berbís, J.M. (2010). Identifying
Technical Competences of IT Professionals: The Case of Software Engineers. International
Journal of Human Capital and Information Technology Professionals, 1(1), 31-43..
Cragg, P., Caldeira, M., & Ward, M.. (2011). Organizational information systems competences in small
and medium-sized enterprises. Information & Management, 48(8), 353-363.
Devos, J., Landeghem, H, & Deschoolmeester, D.. (2012). Rethinking IT governance for SMEs.
Industrial Management & Data Systems, 112(2), 206 - 223.
Duffy, J. (2002). IT/business Alignment: Is it an Option or is it Mandatory?. IDC document, Document #:
26831.
ECORYS. (2012). EU SMEs in 2012: at the crossroads. European Commision. Rotterdam.
European-Commission. (2012). SBA Fact Sheet, SPAIN 2010/11. Available at
http://ec.europa.eu/enterprise/policies/sme/facts-figures-analysis/performance-
review/files/countries-sheets/2010-2011/spain_en.pdf
Gama, N., Nunes-da-Silva, R., & Mira-da-Silva, M. (2011). Using People-CMM for Diminishing
Resistance to ITIL. International Journal of Human Capital and Information Technology
Professionals, 2(3), 29-43.
Garbarino, H., & Delgado, B. (2011). Taxonomía de indicadores de activos intangibles de TI para la
Administración Pública. Caso República Oriental del Uruguay. Paper presented at the CISTI
2011, Portugal.
Garbarino, H., Delgado, B., & Carrillo Verdún, J.D. (2011). Taxonomy of IT intangibles based on the
Electronic Government Maturity Model in Uruguay. Paper presented at the MCCSIS 2011,
Roma.
IFC. (2009). The SME Banking Knowledge Guide. Washington D.C: The World Bank Group.
INE_Uy. (2011). Uruguay en cifras 2010 - Empresas y sectores de actividad 2010. Montevideo: INE -
Instituto Nacional de Estadística.
ISACA. (2012). COBIT® 5 A Business Framework for the Governance and Management of Enterprise IT
ISO/IEC. (2008). ISO/IEC 38500:2008. Corporate Governance for Information Technology.: ISO.
ITGI. (2007). CobiT© 4.1
ITGI. (2011). Global Status Report on the Governance of Enterprise It (GEIT)—2011. 70.
Jewer, J., & McKay, K. N. (2012). Antecedents and Consequences of Board IT Governance: Institutional
and Strategic Choice Perspectives. Journal of the Association for Information Systems, 13(7).
Kooper, M. N., Maes, R., & Roos Lindgreen, E. E. O.(2011). On the governance of information:
Introducing a new concept of governance to support the management of information.
International Journal of Information Management, 31(3), 195-200.
Liu, M., Li, M., & Zhang, T. (2012). Empirical Research on China's SMEs Technology Innovation
Engineering Strategy. Systems Engineering Procedia, 5, 372-378.
Lucio-Nieto, T., Colomo-Palacios, R., Soto-Acosta, P., Popa, S., & Amescua-Seco, A. (2012).
Implementing an IT service information management framework: The case of COTEMAR.
International Journal of Information Management, in press.
Myers, M.D. (1997). Qualitative Research in Information Systems. MIS Quarterly, 21, 241-242.
Nunes, P. M., Serrasqueiro, Z, & Leitão, J. (2012). Is there a linear relationship between R&D intensity
and growth? Empirical evidence of non-high-tech vs. high-tech SMEs. Research Policy, 41(1),
36-53.
Ravichandran, T., & Lertwongsatien, C. (2005). Effect of Information Systems Resources and
Capabilities on Firm Performance: A Resource-Based Perspective. Journal of Management
Information Systems, 21(4), 237-276.
Ruiz, S. (2011). La Capacitación como factor de competencia. Mexico: Instituto Superior de Estudios
Estadísticos.
Runeson, P., & Höst, M. (2009). Guidelines for conducting and reporting case study research in software
engineering. Empirical Software Engineering, 14(2), 131-164.
Sieber, S., Valor, J., & Porta, V. (2006). Los sistemas de información en la empresa actual. Madrid:
McGraw-Hill.
Soto-Acosta, P., Martinez-Conesa, I., & Colomo-Palacios, R. (2010). An Empirical Analysis of the
Relationship Between IT Training Sources and IT Value. Information Systems Management,
27(3), 274-283.
Stantchev, V., Petruch, K., & Tamm, G. (2012). Assessing and governing IT-staff behavior by
performance-based simulation. Computers in Human Behavior, in press.
Toomey, Mark. (2009). Waltzing with the Elephant: A comprehensive guide to directing and controlling
information technology. Australia: Infonomics.
Van-Grembergen, W., & De-Haes, S. (2007). An Exploratory Study into IT Governance Implementations
and its Impact on Business/IT Alignment. Information Systems Management, 26 (2), 123-137.
Van-Grembergen, W., & De-Haes, S. (2009). Enterprise Governance of Information Technology.
Achieving Strategic Alignment and Value. New York: Springer.
Weill, P., & Ross, J. (2004). IT Governance. How top performers manage IT decision rights for superior
results. Boston, Massachusetts: Harvard Business School Press.
Weill, P., & Ross, J. (2011, 11/04/2011). Four Questions Every CEO Should Ask About IT, The Wall
Street Journal. Retrieved from
http://online.wsj.com/article/SB10001424052748704336504576258561056702944.html?mod=go
oglenews_wsj
Yin, R. K. (1984). Case study research. Beverly Hills, CA: Sage Publications.
Yin, R. K. (1994). Discovering the future of the case study method in evaluation research. Evaluation
practice, 15(3), 283.
Zarvić, N., Stolze, C., Boehm, M., & Thomas, O. (2012). Dependency-based IT Governance practices in
inter-organisational collaborations: A graph-driven elaboration. International Journal of
Information Management, in press.