Chapter 9: Governance of the Information Systems Organization Flashcards
The process whereby the changing practices and expectation of consumers, shaped by the wide adoption of digital technologies in everyday life, will influence the IT‐related activities of workers and managers in organizations
IT consumerization
aligning behavior with business goals through empowerment and monitoring.
Governance
Empowerment comes from?
granting the right to make decisions
Monitoring comes from?
evaluating performance
What are the four (4) perspectives of IT governance?
- Distribution of Decision Rights
- Interaction and Allocation of Decision Rights in BU
- Platform-based Governance
- Control Structures for Governance Guidelines.
shifts the focus from well‐bounded organizational contexts to contexts beyond organizational or industry boundaries in order to leverage digital ecosystems and IT consumerization
platform‐based governance
bring together all staff, hardware, software, data, and processing into a single location
centralized IS organizations
Scatter staff, hardware, software, data, and processing across different locations to address local business needs.
Decentralized IS organizations
A hybrid of the Decentralzied and Centralized IS Organizations that aims to distribute power, hardware, software, data, and personnel between a central IS group and IS in business units.
Federalism
What are the nine (9) advantages of Centralization
- Global standards; common data
- “One voice” for negotiating supplier contracts
- Faster decision making because fewer people are involved
- Greater leverage in deploying strategic IT initiatives
- Economies of scale and a shared cost structure
- Access to large capacity
- Improved recruitment and training of IT professionals
- Improved control of security and databases
- Consistent with centralized enterprise structure
What are the five (5) disadvantages of Centralization
- Technology may not meet local needs
- Slow support for strategic initiatives
- Schism between business and IT organization
- “Us versus them” mentality when technology problems occur
- Lack of business unit control over overhead costs
What are the six (6) advantages of Decentralization
- Technology customized to local business needs
- Close partnership between IT and business units
- Greater flexibility
- Reduced telecommunication costs
- Consistency with decentralized enterprise structure
- Business unit control of overhead costs
What are the five (5) disadvantages of Decentralization
- Difficulty in maintaining global standards and consistent data
- Higher infrastructure costs
- Difficulty in negotiating preferential supplier agreements
- Loss of control
- Duplication of staff and data
What are the 10 advantages of Federalism
- IT Vision and Leadership
- Groupwide IT Strategy and Architecture
- Economies of Scale
- COntrol of Standards
- Critical Mass of SKills
- Users control IT priorities
- Business Units have Ownership
- Responsive to Business unit needs
- Strategic Control
- Synergy
True or False
It is important to match the manager’s decision rights with his or her accountability for a decision.
True
Mismatching the managers decision rights with his or her account ability results in.
either an oversupply of IT resources or the inability of IT to meet business demand.
What are the two (2) major components of IT governance?
- Assignment of decision‐making authority and responsibility
- Decision‐making mechanisms
What are the five (5) applicable categories of IT Decisions
- IT Principles
- IT Architecture
- IT Infrastructure Strategies
- Business Application Needs
- IT Investment and Prioritization
This IT decision category determines what IT assets are needed
IT Principles
This IT decision category determines how to structure IT assets
IT Architecture
This IT decision category determines how to build IT Assets
IT Infrastructure Stratagies
This IT decision category determines how to acquire, implement, and maintain IT
Business Application Needs
This IT decision category determines how much to invest and where to invest IT assets
IT Investment and Prioritization
A pattern resulting from allocation of decision rights
Archetype
What are the six (6) political Archetypes
- Business Monarchy
- IT Monarchy
- Feudal
- Federal
- IT Duopoly
- Anarchy
This political archetype allocates decisions rights to a group of, or individual, business executives (i.e., CxOs). Includes committees comprised of senior business executives (may include CIO). Excludes IT executives acting independently
Business Monarchy
This political archetype allocates decisions rights to individuals or groups of IT Executives
IT Monarchy
This political archetype allocates decisions rights to Business Unit Leaders and key process owners or thier delegates
Feudal
This political archetype allocates decisions rights to C‐level executives and at least one other business group (e.g., CxO and BU leaders)—IT executives may be an additional participant. Equivalent to a country and its states working together
Federal
This political archetype allocates decisions rights to IT executives and one other group
IT Duopoly
This political archetype allocates decisions rights to each individual user
Anarchy
a committee composed of key stakeholders or experts who provide guidance on important IT issues
Steering Committee
Steering committees work especially well with which political archetype , which calls for joint participation of IT and business leaders in the decision‐making process
federal archetype
This level of steering committee provides strategic direction and funding authority for major IT projects and ensures that adequate resources be allocated to the IS organization for achieving strategic goals
The highest Level which reports to the BOD or the CEO
This level steering committees provide a forum for business leaders to present their IT needs and to offer input and direction about the support they receive from IT operations
Lower Level Steering Commitees
A layered architecture of digital technology combined with a governance model.
Digital Platform
The ability of any self‐contained system to create, generate, or produce a new output, structure, or behavior without any input from the originator of the system
Generativity
System that consists of self‐interested, self‐organizing, and autonomous digital entities; System of entities that is nourished by the significant impacts of the large variety of resources available from individuals, organizational units, and outside services.
Digital Ecosystems
enacted in the United States in 2002 to increase regulatory visibility and accountability of public companies and their financial health
Sarbanes-Oxley Act of 2002
According to SoX, CFOs and CEOs must do what?
Personally certify and be accountable for their firms’ financial records and accounting (Section 302)
According to SoX Auditors must do what?
Auditors must certify the underlying controls and processes that are used to compile the financial results of a company (Section 404)
According to SoX, Companies must do what?
Companies must provide real‐time disclosures of any events that may affect their stock price or financial performance within a 48‐hour period (Section 409)
What five (5) control weaknesses were repeatedly uncovered by SOX auditors?
- Failure to segregate duties
- Lack of proper oversight
- Inadequate review of audit logs
- Failure to identify abnormal transactions
- Lack of understanding of key system configurations.
Name three (3) other frameworks used to implement SoX
- Committee of Sponsoring Organizations of the Treadway Commission (COSO)
- Control Objectives for Information and Related Technology (COBIT)
- Information Technology Infrastructure Library (ITIL)
What are the three (3) control objectives for management and auditors that focused on addressing risks to internal control as put fourth by the COSO
- Operations
- Compliance
- Financial Reporting
To make sure a company meets its control objectives, what five (5) essential control components did COSO establish?
- Create control environement that addresses the overall culture of the company
- Assess the most critical risks to internal controls
- Create control structures that outline important processes and guidelines
- Provide clear information about employees’ responsibilities and procedures to be followed
- Monitor internal controls
This governance framework provides guidelines about who in the organization should make decisions about IT processes, IT resources, and information to a company’s strategies and objectives
COBIT
The COBIT governance framework defined four (4) major domain for risks?
- Planning and organization
- Acquisition and implementation
- Delivery and support
- Monitoring and evaluating
A set of concepts and techniques for managing IT infrastructure, development, and operations, developed in the United Kingdom
ITIL
What are the six (6) actics that CIOs can use in the implementation of SoX
- Knowledge Building
- Knowledge Deployement
- Innovation Directive
- Mobilization
- Standardization
- Subsidy
This tactic seeks to establish a knowledge base to implement SoX
Knowledge Building
This tactic seeks to Disseminate knowledge about SoX and develop an understanding of this knowledge by management and other organizational members
Knowledge Dissimination
This tactic seeks to organize for implementing SoX and announce the approach
Innovation Directive
This tactic seeks to Persuade decentralized players and subsidiaries to participate in SoX implementation
Mobilization
This tactic seeks to negotiate agreements between organizational members to facilitate the SoX implementation
Standardization
This tactic seeks to Fund the implementers’ costs during the SoX implementation and the users’ costs during its deployment and use
Subsidy
