Ch 10: Funding and Governance of Information Systems

Question 1

Information Systems Governance

Answer 1

Information systems governance is generally defined as the set of decisions rights and the guiding accountability framework designed to ensure that IT resources are employed appropriately in the organization.

Question 2

IT Governance

Answer 2

IT governance in the modern firm has two principal aspects: the management of downside risk and the fostering of upside potential.The first facet, IT risk governance, is concerned with decisions for minimizing threats (e.g., security risks) and failures (e.g., unsuccessful project implementations). The second facet, IT value governance, is concerned with maximizing the value of IT investments and the firm’s ability to leverage its information systems resources.

Question 3

Five categories of risk

Answer 3

IT Competence Risk Infrastructure Risk IT Project Risk Business Continuity Risk Information Risk

Question 4

Total Cost of Ownership

Answer 4

A financial estimate designed to explicitly recognize the full life cycle costs of IT assets. The costs of IS and technology typically far exceed the costs of acquisition and include expenses that occur after the system is up and running but are necessary to maintain it in operation over its life span.

Question 5

Five categories of risk: Infrastructure Risk

Answer 5

A firm’s IT infrastructure represents the set of IT components that are interconnected and managed by IT specialists with the objective of providing a set of standard services to the organization. It provides the foundation for the delivery of business applications.The board of directors must be keenly aware of the weaknesses and risks associated with the firm’s IT infrastructure.

Question 6

Five categories of risk: IT Project Risk

Answer 6

In Chapter 3, we provide a sample of high-profile failures. IT projects are generally complex and expensive undertakings that, if not properly managed, can put the organization in peril. The board of directors must ensure that the appropriate guiding framework for IT projects is in place. In large organizations this may require a project office, a certification process for project managers, and a portfolio approach to IT project management.

Question 7

Five categories of risk: Business Continuity Risk

Answer 7

Business continuity refers to the activities a firm performs to ensure that critical business functions remain operational in a crisis, and that the organization can withstand unforeseen disasters. The board of directors must ensure the existences of a business continuity plan and that such a plan is periodically tested and revised.

Question 8

Five categories of risk: Information Risk

Answer 8

Information risk pertains to the many hazards associated with the collection and use of organizational, partner, and customer data. The board of directors must craft a governance system that ensures that an officer of the organization has clear responsibility for signing off and ensuring compliance with established privacy and security policies.

Question 9

The three main methods used by modern organizations to fund IS

Answer 9

Chargeback, Allocation, Overhead

Question 10

Chargeback

Answer 10

the chargeback approach calls for direct billing of information systems resources and the organizational function or department that uses them. Pay-per-use principle. Advantage: perceived fairness, degree of control afforded to general and functional managers

Question 11

Allocation

Answer 11

The allocation method seeks to strike a balance between the pay-per-use fairness and the high cost of the chargeback method.

Question 12

Overhead

Answer 12

A method of funding IS where the cost of services is not billed to the organizational function that uses them. Rather IS assets and services are funded directly from the organization’s overall budget.

Question 13

Five categories of risk: IT Competence Risk

Answer 13

This risk factor captures the degree of IT-related knowledge of the board of directors. While boards of directors need not all be as knowledgeable as CIOs or IT professionals, it is critical that they have the ability to follow IT discussions and ask relevant questions. Moreover, there should be a leading IT director who maintains an up-to-date competence on IT matters.

Question 14

Three Factors Affecting Project Risk

Answer 14

Project Size, Experience with Technology, Organizational Change

Question 15

Three Factors Affecting Project Risk - Project Size

Answer 15

Expressed as the estimated monetary investment, is a proxy for project complexity and the potential consequences of failure.

Question 16

Three Factors Affecting Project Risk - Experience with Technology

Answer 16

The degree of experience a firm has with the technologies (e.g., hardware, software development, environment) at the heart of the project is a primary determinant of risk.

Question 17

Three Factors Affecting Project Risk - Organizational Change

Answer 17

The degree of organizational change that the project requires is another important determinant of risk.

Question 18

What is offshoring?

Answer 18

Short for offshore outsourcing, is the process of engaging a foreign provider to supply the products or services the firm no longer intends to produce internally.