BETTER IT GOVERNANCE FOR ORGANIZATIONS
A Model for Improving Flexibility and Capabilities of Strategic Information
Systems Planning (SISP) through EA and BPR under e-Business Environment
Jungho Yang
Caulfield School of Information Technology, Monash University, Caulfield East, Victoria, Australia
Keywords: IT Governance, Strategic Information Systems Planning (SISP), Enterprise Architecture (EA), Business
Process Reengineering (BPR).
Abstract: Within more turbulent, and increasingly globalized and digitalized environments, Strategic Information
Systems Planning (SISP) has been recognized as one of the most significant factors for effective and
efficient IT governance to improve organizations’ effectiveness and capabilities by changing the
characteristics or overall governance of organizations. Although organizations have been introduced,
various well-known methodologies for creating the SISP successfully to maximize their strategic
opportunities and values, the current literatures indicate that there is no perfect and fully comprehensive
methodology or model to make organizations satisfactory. The purpose of this paper is to propose a model
that can complement issues of the existing model and support improved flexibility and capabilities, and at
the same time minimize waste and systems inconsistency by incorporating EA, BPR and concurrent
approach. On-going research will be a case study to validate the proposed model in the government of
Korea and to seek for other potential issues and factors compared with other sectors.
1 INTRODUCTION
In the last few years, the rapid progress in
information technology capabilities, as well as both
internal and external environment of organizations
has continued to proceed and transform as the
remarkable degree and they are greatly increasing
environmental complexity and uncertainty.
Organizations are trying to change industry
structures, create strategic goals, performance and
competitive position, and spawn new businesses as
well as continuously shaping and reshaping the
business environment through a powerful
interdependency between business and IT that is a
specific focus on IT Governance (Porter, 2001; Chi
et al., 2005; Grover and Segars, 2005; Peterson,
2004).
To achieve more effective and efficient IT
Governance under the e-business environment,
several requirements should be positively considered
to all organizations that the top management’s
leadership, an establishment of strategic and
systematic planning, and rigid alignment and
integration of organizational structures and
processes that ensure that the organization’s IT
sustains and extends the organization’s strategy and
objectives, because it is the single most important
determinant of IT value realization (Peterson, 2004;
Van Grembergen et al., 2004). Hence, boards and
business executives of an organization have
recognized that Strategic information systems
planning (SISP) can be an indispensable application
for organizations to succeed both a proactive search
for competitive and value-adding opportunities, as
well as the development of broad policies and
procedures for integrating, coordinating, controlling
and implementing the IT resource in today’s e-
business environment (Grover and Segars, 2005;
Newkirk et al., 2003). They have also invested vast
amounts of time and capital in SISP projects to
introduced a number of well-defined, documented
planning models and methodologies, such as
Business Systems Planning, Information
Engineering and Critical Success Factors that can be
customized or develop in-house methodologies
suitable for the organization. In practice, SISP has
provided various advantages and benefits for
organizations and with the emergence of end-user
computing and client-server architectures, the
contemporary agenda of SISP has expanded even
30
Yang J. (2008).
BETTER IT GOVERNANCE FOR ORGANIZATIONS - A Model for Improving Flexibility and Capabilities of Strategic Information Systems Planning
(SISP) through EA and BPR under e-Business Environment.
In Proceedings of the Tenth International Conference on Enterprise Information Systems - ISAS, pages 30-41
DOI: 10.5220/0001683400300041
Copyright
c
SciTePress
further to include the development of organizational
and inter organizational architectures for the sharing
data and integration of technologies (Segars et al.,
1998).
However, even though organizations’ endeavour
and the advancement of SISP, many researchers
have pointed out that organizations have
experienced failures from the methodologies due to
several issues such as limiting planners’ knowledge,
involvement and commitment of senior
management, time and planning horizons, cost
budget overrun and poorly defined and integrated
business objectives (Chi et al., 2005; Griffiths and
Hackney, 2001; Hartono et al., 2003; Hevner et al.,
2000; Palanisamy, 2005; Pant and Hsu, 1999; Petel,
2004). Pant and Ravichandran (2001) emphasize that
these existing methodologies tend to be too detailed,
time-consuming, and expensive, so organizations
often find methodologies unsuitable for dealing with
the high unpredictability and diversity of the
environment change (Newkirk and Lederer, 2006) as
well, they are not appropriate to deal with integrated
views of the entire organization in current business
practice (Pant and Ravichandran, 2001; Jonkers et
al., 2006). In particular, IT Governance in current
dynamic and turbulent business environments cannot
only be accomplished with the traditional models of
aligning IT strategy with business strategy and needs
to deliberate to meet organizations’ impending and
forthcoming IT-business challenges and
requirements simultaneously (Newkirk et al., 2003;
Petel, 2004), so that the developed methodologies
are not sufficient to fulfil flexibility and capabilities
that are the latest IT issues.
Therefore, to set up better and more effective IT
Governance, the existing methodologies need to be
complemented as more comprehensive planning is
available to contain the following factors:
considering internal-external environments of
business and IT from the primary stage, aligning
business strategy with IT strategy, securing business
opportunity that can be proposed from IT strategy as
well as integrating and standardizing of processes
and systems which are already developed and
implementing in the future. Enterprise Architecture
(EA), Business Process Reengineering (BPR) and
concurrent approach can specifically be required to
supplement the issues mentioned above, to develop a
practical long-term approach or model based on
improving organization’s flexibility and capabilities
as well as to minimize duration of time. EA provides
the “blueprint” for systematically defining an
organisation’s current or future environment and a
long-term view of a company’s processes, systems,
and technologies through the integration and
standardization requirements of the company’s
operating model so that organizations can build
capabilities (Jonkers et al., 2006; Ross et al., 2006).
Also, implementing IT strategy based on BPR can
create more flexible, team-oriented, coordinative,
and communication-based work capabilities
(Attaran, 2004; Hammer and Stanton, 1995; Ward
and Peppard, 2002).
In this paper, we propose a model for SISP to
complement existing methodologies by
incorporating EA, BPR and concurrent approach.
We also review the theoretical perspective of IT
Governance and SISP, as well as its success and
relationship between IT Governance and SISP in
section 2. In the next section, we briefly analyze
existing methodologies for SISP and their key
problems, at the same time display what are EA and
BPR, and why should they need to implement the
long-term strategic planning for IT Governance.
Section 4 presents the proposed model which
incorporates EA, BPR and concurrent approach as
well as justifies its characteristics and compares it
with the existing methodologies. Finally a
conclusion and further work is presented in Section
5.
2 LITERATURE REVIEW
2.1 IT Governance
Amidst the challenges and changes of the 21st
century, the pervasive use of information, systems,
and technology has created a critical dependency on
IT, so that IT governance has become a fundamental
business imperative (IT Governance Institute, 2005;
Peterson, 2004). IT Governance is all mainly
focused on the same issues, such as the link between
business and IT, and that specifying the decision
rights and accountability framework to encourage
desirable behaviour in the use of IT (Van
Grembergen et al., 2004; Weill and Ross, 2004).
Although IT Governance is a topic that has recently
been rediscovered, it is ill-defined and consequently
blurred at the edges as yet. Van Grembergen et al.
(2004) present that there are three IT Governance
definitions that have frequently mentioned in
literatures as follows:
IT Governance is the responsibility of the board
of directors and executive management. It is an
integral part of Enterprise Governance and
consists of the leadership and organizational
structures and processes that ensure that the
BETTER IT GOVERNANCE FOR ORGANIZATIONS - A Model for Improving Flexibility and Capabilities of Strategic
Information Systems Planning (SISP) through EA and BPR under e-Business Environment
31
organization’s IT sustains and extends the
organization’s strategies and objectives (IT
Governance Institute, 2001);
IT Governance is the organizational capacity
exercised by the board, executive management
and IT management to control the formulation
and implementation of IT strategy and in this
way ensure the fusion of business and IT (Van
Grembergen, 2002);
IT Governance is the system by which an
organization’s IT portfolio is directed and
controlled. IT Governance describes (a) the
distribution of IT decision-making rights and
responsibilities among different stakeholders in
the organization, and (b) the rules and
procedures for making and monitoring decisions
on strategic IT concerns (Peterson, 2004).
Hence, IT Governance is a senior management
responsibility and specifies the structure and
processes through which the organization’s IT
objectives are set, and the means of attaining those
objectives and monitoring performance (Peterson,
2004; Weill and Ross, 2004). Contrary to IT
management is focused on the internal effective
supply of IT services and products and the
management of present IT operations, IT
Governance in turn is much broader. It concentrates
on performing and transforming IT to meet present
and future demands of the business (internal focus)
and the business’ customers (external focus) (Van
Grembergen et al., 2004). Also, Governance
determines who holds the decision rights for how
much the enterprise invests in IT, while management
is the process of making and implementing the
decisions and determines the actual amount of
money invested in a given year and the areas in
which the money is invested (Weill and Ross, 2004).
In particular, Peterson (2004) accentuates that “This
does not undermine the importance and complexity
of IT management,…, but whereas elements of IT
management and the supply of (commodity) IT
services and products can be commissioned to an
external provider, IT Governance is organization
specific, and direction and control over IT can not be
delegated to the marker.”
The purpose of IT governance is to direct IT
endeavours to ensure that performance meets the
objectives such as IT activities are aligned with the
business, value delivery of IT, IT resources
management, business and IT-related risks are being
managed appropriately and performance
measurement of IT. IT governance also plays an
important part in the total governance responsibility
of the board of directors and executive management,
and is an integral part of enterprise governance.
Leadership and their associated organizational
structures are needed to ensure that the
organization’s IT can sustain and extend the
organization’s strategies and objectives (IT
Governance Institute 2005), so it needs to involve
building professional IT capabilities that are able to
offer business strategic advantages.
Therefore, good IT governance harmonizes
decisions about the management and use of IT with
desired behaviours and business objectives. Without
carefully designed and implemented governance
structures, enterprises leave this harmony to chance
(Weill and Ross, 2004). The value contribution of IT
can be determined by considering facets of global IT
Governance, such as (1) develop an IT strategy, and
undertake critical strategic and operational reviews,
(2) develop and manage the distributed IT/IS
systems, (3) define methods, tools, and processes,
(4) define best practices and manage application
development, (5) manage outsourced providers and
multi-site procurement policies, (6) develop key
performance indicators, (7) critically review current
organization structures and capability and implement
cost savings to improve efficiency and effectiveness
(Petel, 2004).
2.2 SISP and SISP Success
As indicated above, organizations are aggressively
searching for new ways to leverage information,
knowledge and IT in supporting strategic goals and
competitiveness, the need for effective strategic
information systems planning (SISP) has become
more and more critical (Grover and Segars, 2005;
Hartono et al., 2003; Newkirk and Lederer, 2006).
SISP has been defined and studied empirically as the
process of identifying a portfolio of computer-based
applications to be implemented, which is both highly
aligned with corporate strategy and has the ability to
create an advantage over competitors (Doherty et al.,
1999) and the process of identifying a portfolio of
computer-based applications that will support an
organization’s business plans, thus enabling the
organization to align its IS with its business needs
and achieve its business goals (Reich and Benbasat,
2000).
SISP is, therefore, an exercise, or ongoing
activity, that enables organisations to develop
priorities for IS development and to help the
organization reach its goal of improved
competitiveness, operations, and resource
management (Chi et al., 2005; Newkirk and Lederer,
2006). SISP can contribute substantially to an
ICEIS 2008 - International Conference on Enterprise Information Systems
32
organization. It can help the organization develop
priorities for information systems development by
ranking such systems in terms of their efficiency,
effectiveness, and strategic value (Hartono et al.,
2003). SISP also can help organizations to perform
the planning as an organizational learning process in
order to anticipate environmental uncertainty and
dampen its detrimental effects. For such reason,
several researchers mention that SISP can be viewed
as having evolved into a knowledge management
(KM) activity (Hartono et al., 2003; Newkirk and
Lederer, 2006). Accordingly, SISP is an important
activity for information executives and top
management and becoming one of the most critical
issues facing them (Chi et al., 2005; Doherty et al.,
1999; Grover and Segars, 2005; Hartono et al., 2003;
Hevner et al, 2000; Newkirk et al., 2003; Newkirk
and Lederer, 2006; Palanisamy, 2005; Segar et al.,
1998; Teubner, 2007).
In general, SISP activities require substantial
resources in terms of managerial time and budgets,
and specific projects are chosen for their alignment
with business objectives or their capacity to create
significant impact on the organisation’s competitive
positioning (Segar and Grover, 1998). Therefore, the
process must deliver benefits to sustain and
contribute positively for organizational effectiveness
as well as must require considerable management
coordination to inspire creativity and innovation.
The primary objectives of SISP is to align the
organization’s business strategy with its IS/T
strategy, to achieve an organization’s business
objectives, to identify opportunities for exploiting
information and to utilize IS for creating and
sustaining competitive advantage by integrating,
coordinating, controlling and implementing the IT
resources (Doherty et al., 1999; NewKirk et al.,
2003; Ward and Peppard, 2002). The outcome of the
SISP process is a strategic IS plan containing the
technology architecture plan and the applications
architecture plan (Satzinger et al., 2007). The
technology plan includes the types of hardware,
software and communications networks required to
implement all of the planning systems, and the
applications architecture plan may contain Strategic
Information Management System (SIMS), Supply
Chain Management (SCM) and Customer Support
System (CSS) to carry out specific business
functions.
Accordingly, measuring how well SISP was
carried out and how planning has improved over
time is a complex exercise and must incorporate
consideration of these intangible process
contributions and in this context, SISP success can
be viewed as the degree of attainment of the
objectives of SISP (Segars and Grover, 1998). They
have also shown SISP success to be comprised of
four dimensions of objectives which they referred to
as alignment, analysis, cooperation, and
improvement in capabilities. Alignment refers to the
results of the linkage of the IS strategy and business
strategy, analysis concerns the results of the study of
the internal operations of the organization,
cooperation refers to the results of the general
agreement about development priorities,
implementation schedules and managerial
responsibilities, and the fourth dimension,
improvement in capabilities, represents the
enhancement of the potential of the planning system.
In particular, Ward and Peppard (2002) note that
some of the key factors that seem to recur and
underpin success for SISP, such as (1) external, not
internal focus, (2) adding value, not cost reducing
(3) understanding customers, (4) Business-driven
innovation, rather than technology-driven. Chi et al.,
(2005) also describe that in the current study, SISP
success was defined as a combination of the extent
to which an organization achieved each of its
objectives such as aligning IT with business needs,
and forecasting and allocating IT resources.
Therefore, successful SISP should help achieve
alignment between IS and business strategies,
analyse and understand the business and its
associated technologies to compete via an
architecture of integrated applications and databases,
foster cooperation and partnerships among
functional managers and user groups. SISP also
should encourage organizations to anticipate
relevant events and issues within the competitive
environment to reduce the possible conflicts that
may put SISP implementation at risk, and adapt to
unexpected organizational and environmental
change.
3 METHODOLOGIES OF SISP,
EA AND BPR
3.1 Review of the Existing
Methodologies and its Issues
To perform SISP study, in general, organizations
typically conduct a major, intensive multi-phase
study with the highest level of an organization for a
longer time frame. Because the project involves
major changes for organizations such as (1) defining
new business strategies, technologies, policies and
BETTER IT GOVERNANCE FOR ORGANIZATIONS - A Model for Improving Flexibility and Capabilities of Strategic
Information Systems Planning (SISP) through EA and BPR under e-Business Environment
33
architectures, (2) improving adaptability to align IS
and business strategies, (3) the capabilities of
existing internal and external systems, (4) flexibility
of organizational and environmental changes as well
as cooperation among managers, other users and
systems developers (Chi et al, 2005; Hartono et al,
2003; Lederer and Salmela, 1996; Pant and Hsu,
1999). Accordingly, the choice of a SISP
methodology can be a critical issue on the IT
governance agenda (Doherty et al, 1999, Petal,
2004). Organizations follow one of several well-
defined and documented planning methodologies or
hire an IS consulting company to customize their
own methodology.
Ward and Peppard (2002) indicate that basic
approaches of many methodologies have much in
common, but they differ considerably in detail.
Many components of SISP methodologies are also
believed that more than one approach should be used
to derive business plans and goals, current IS
provision and use, and IT opportunities. In general,
there are a broad variety of governance mechanisms
for the two high level components to achieve the
business/IT fusion that are alignment and impact
(Vitale et al., 1986; Van Grembergen et al., 2004).
In addition, Earl (1989) proposed three approaches
for SISP formulation such as top-down, bottom-up
and inside-out. Consequently, based on considering
both alignment and impact, models, frameworks and
approaches have been developed to incorporate
these aspects such as Business Systems Planning
(IBM Corporation, 1975), Information Engineering
(Martin, 1989) for alignment model and Critical
Success Factors (Rockart, 1979) for impact model.
First, BSP combines top-down planning with
bottom-up implementation, and focus on
organizations’ business process to derive data needs.
In particular, information architecture is obtained
from BSP through functional area analysis.
Similarly, IE is more data-oriented and provides
techniques for building enterprise, data and process
models. These models are combined to form a
comprehensive knowledge base that is used to create
and maintain information systems. Also, CSF
methodology is used for identifying key information
requirements for the success of the organization and
its managers. Mainly, the methodology focuses on
key information needs of senior management and
builds information systems around those key needs
(Palanisamy, 2005; Pant and Hsu, 1999; Pant and
Ravichandran, 2001).
However, as technology continues to change,
grow and become more complex, the process for
SISP has become complex and difficult to handle.
Several researchers point out that BSP and IE tend to
be too detailed, expensive and time-consuming.
These alignment methodologies also fail to
explicitly address such integration issues, and
unsuitable for the highly compressed development
cycle times. Petal (2004) remarks that the
fundamental difference between the new models and
traditional view of aligning IT support or
transforming business is that in the new fused e-
businesses, IT is integrated into business activity. In
addition, CSFs methodology focuses more internal
sources and ignores value adding aspects of IS, so
not comprehensive and creative (Palanisamy, 2005;
Pant and Hsu, 1999; Pant and Ravichandran, 2001).
Accordingly, many times organizations face IS
failures because of IS rigidity and passiveness and
they perceive that there is no one methodology
superior to another in all situations regardless of
techniques or related products (Cerpa and Verner,
1998; Hartono et al., 2003; Palanisamy, 2005).
Griffiths and Hackney (2001) also claim that the
methodologies which are based on a structured and
inflexible method-oriented approach may not be the
most appropriate for exploiting SIS.
Furthermore, several researchers have noted that
organizations focus upon the role and effectiveness
of specific planning methodologies and frameworks,
rather than to consider the broader set of practices
which influence the application of planning within a
specific organization, so they often fail to take into
account other important aspects of the process of
SISP such as the level of participation, the
ownership of the project or the focus of the planning
exercise (Earl, 1993; Segars et al., 1998; Peppard
and Ward, 2004). Griffiths and Hackney (2001) also
assert based on some literatures that the high failure
rate of SIS applications in business is deemed to be
largely of a managerial rather than a technical
causation. Likewise a number of research studies
have examined the implementation approaches of
organizations to identify the main issues. The
research literatures present a number of specific
implementation issues can be identified and
implementation issues cannot be separated from the
strategic planning process (Cerpa and Verner, 1998;
Chi et al., 2005; Gottschalk, 1999; Griffiths and
Hackney, 2001; Hartono et al., 2003; Karimi, 1988;
Lederer and Sethi, 1991; Teo and Ang, 2001; Ward
and Peppard; 2002), as follows: (1) Lack of top
management commitment, (2) Lack of top
management support and understanding, (3) Lack of
user involvement to projects, (4) Poorly defined
business objectives caused by inadequate
appreciation of the business’s needs, (5) Poor level
ICEIS 2008 - International Conference on Enterprise Information Systems
34
of communication between users and IS staff, (6)
Serious cost budget overruns due to insufficient
understanding of the project, (7) Ignoring the IS plan
once it has been developed, and (8) SISP planning
time horizon.
Over the past few years, the approach for
enterprise governance has evolved towards a
balanced or reconciliation between competitive
positioning and resource or competence-based
strategy. As ‘strategic thinking’ that is opposed to
strategic analysis or planning, begins to emerge, it is
getting more difficult task for organizations to deal
with all status quo and issues mentioned above by
just introducing the alignment and impact
approaches in unpredictable business environmental
changes. Therefore, organizations need to develop
and implement better methodologies to complement
the existing one that can suggest the long-term
prosperity of the organization by a realignment of
the organization’s resources and capabilities to
match the demands of the environment including
assets, skills, knowledge processes and culture, etc.
The supplementary model for effective and efficient
IT Governance must also have the ability to pacify
intentional changes and adapt to environmental
changes in current strategic action, that is,
flexibility.
3.2 Enterprise Architecture (EA)
As mentioned earlier, with the rapid proliferation of
Internet and web-enabled technologies, global
connectivity and the changes it supports are perhaps
the most significant component of the current
paradigm realignment. Through connectivity with
the IT and Internet, an enterprise is able to conduct
business anywhere, anytime – eclipsing the
traditional constraints of time, distance, and location.
Many organizations are now also focusing on their
core competencies, or what they can do best, and
extending their business processes by teaming with
networks of similarly focused patterns and sharing
services (IT Governance Institute, 2005).
Accordingly, Enterprise Architecture (EA) can
be one of the hottest topics on the agenda of IT
organizations. Ross and Weill (2006) define the EA
as ‘the organizing logic for business processes and
IT infrastructure, reflecting the integration and
standardization requirements of the company’s
operating model.’ The EA provides a long-term
view of a company’s processes, systems, and
technologies in order to build capabilities – not just
fulfill immediate needs, as well as the framework for
ensuring that enterprise goals, objectives, and
policies are properly and accurately reflected in
decision making (IT Governance Institute, 2005;
Ross et al., 2006; Weill and Ross, 2004). Hence,
hard decisions regarding resources, investments,
information, applications and technology all require
EA. In addition, it has greatly changed the focus of
the chief information officers (CIOs), so senior
management views EA as a critical component for
making decisions that are consistent with the
strategic plan for their organization, because EA can
remove the boundaries between business and IT
planning, and the business architecture dictates the
shape of the IT environment and supports effective
IT governance. As a key planning discipline, it helps
guide and optimise an organisation’s IT investments
and translate business strategies into implementable
technology solutions. The most important
characteristic of EA is that it provides a holistic view
on the enterprise (Jonkers et al., 2006).
To shape IT capabilities, an operating model for
EA is mainly classified with two dimensions, such
as business process standardization and integration.
Standardization of business process and related
systems means defining exactly how a process or
where is it is completed, and it delivers efficiency
and predictability across the organization by a
reduction in variability. In addition, integration links
the efforts of organizational units through shared
data. This sharing of data can allow the organization
to present a single face to customers. The benefits of
integration include increased efficiency,
coordination, transparency, and agility. An
integrated set of business processes can improve
customer service, provide management with better
information to make decisions, and speed up the
overall flow of information and transactions through
a company. Currently, most EAs specify
infrastructure, data, and applications as a stable
platform supporting faster-changing applications to
build flexibility into their architectures (Ross et al.,
2006; Weill and Ross, 2004).
Therefore, a specific focus on EA can be
required by CIOs to assume the governance
responsibility of ensuring that EA is used to identify
problems addressed by architecture and uses the
architecture to do the following: (1) make decisions
– to ensure that information systems are available to
enhance the enterprise’s ability to guide decision
making and inter-process communication, at the
same time ensure that information systems will be
consistently or appropriately applied across the
enterprise, (2) manage change – to ensure that IT is
able to deal with the high rate of change in today’s
complex information environment and to accurately
BETTER IT GOVERNANCE FOR ORGANIZATIONS - A Model for Improving Flexibility and Capabilities of Strategic
Information Systems Planning (SISP) through EA and BPR under e-Business Environment
35
represent the enterprise’s goals, objectives, and
policies, (3) improve communications – to ensure
information systems have a clear picture of the inter-
relationship among the systems and adequately
communicate linkages between the systems and (4)
ensure information systems and information
resources are managed to be consistent with business
planning – to maintain current with the capability of
new technologies, and support the business
strategies in rapidly changeable environments (IT
Governance Institute, 2005).
3.3 Business Process Reengineering
(BPR)
Organizations have also continued their
investigation of re-engineering that often begins by
looking for detailed methodologies and supporting
tools to govern them through the process. The term
“reengineering” first appeared in the information
Micheal Hammer and James Champy (1993)
defined BPR as the analysis and redesign of
workflow within and between enterprises, as well as
promoted the idea that sometimes radical redesign
and reorganization of an enterprise is necessary to
lower costs and increase quality of service and that
IT is the key enabler for that radical change.
Working together, BPR and IT have the potential to
create more flexible, team-oriented, coordinative,
and communication-based work capability.
IT is more than a collection of tools for
automating or mechanizing processes. It can
fundamentally reshape the way business is done and
enable the process design. In leading edge practices,
IT makes BPR possible and worthwhile (Attaran,
2004). The aim of BPR approach is quick and
substantial gains in organizational performance by
redesigning the core business process. The
motivation was usually the realization that there was
a need to speed up the process, reduce needed
resources, improve productivity and efficiency, and
improve competitiveness. Another reason for BPR
relates to the increasing emphasis placed on
integrating business web sites with backend legacy
and enterprise systems, as well as organizational
databases. Hence, BPR requires taking a broader
view of both IT and business activity, and of the
relationships between them. IT capabilities should
support business processes, and business processes
should be in terms of the capabilities IT can provide
(Broadbent et al, 1999; Hammer and Stanton, 1995).
BPR is not a strategy but a strategic action, and it
is the means of changing strategies in response to a
changing environment, where continuous or
incremental change is insufficient. It also requires a
clear understanding of customers, market, industry
and competitive directions. Furthermore, like any
other strategic action, it requires consistency
between the company’s business strategy and vision.
Defining business strategy and developing a
strategic vision requires understanding the
company’s strengths and weaknesses, and the
market structure and opportunities. In particular,
many organizations ignore IT capabilities until after
a process is designed. An awareness of IT
capabilities can and should influence process design
(Attaran, 2004; Ward and Peppard, 2002).
Therefore, the relationship between IS/IT
planning and BPR enables a reconciliation of the
fundamental questions of impact and alignment of
IS/IT strategy development with the rationale for
reengineering initiatives such as how can IS/IT be
exploited to provide business advantage (impact)
and how can IS/IT ensure the success of the business
strategy (alignment) (Attaran, 2004; Hammer and
Stanton, 1995; Ward and Peppard, 2002). The
redesign of business process through BPR is
pertinent to consider the topic alongside the
development of an IS strategy, for a number of
reasons:
In developing the IS strategy, a thorough
understanding of the business strategy is
essential. Most re-engineering initiatives will
spring from, and be part of, the business
strategy;
Most, if not all, re-engineering initiatives have a
significant IS/IT element, which will be
accommodated in the IS strategy, and need to be
allocated the same priority that the business
places on the change program;
There is a common need in both IS strategy
development and business re-engineering to
build up a model of the business as it currently
exists and other potential of how it will look
following transformation or evolutionary
change;
Success in re-engineering, as with the
development and implementation of an IS/IT
strategy, demands a strong business-IS function
partnership;
Designing or redesigning business processes to
take advantage of IS/IT capabilities is essential
if the traditional problems of automating poorly-
designed processes or inefficient work practices
through IT are to be avoided.
ICEIS 2008 - International Conference on Enterprise Information Systems
36
4 PROPOSE A MODEL TO
ENHANCE FLEXIBILITY AND
CAPABILITIES OF SISP
Although, models, frameworks and approaches for
the process of strategic IS/IT planning formulation
have been developed to incorporate both alignment
and impact, and the success factors for this process
have also been determined, problems of SISP
mentioned so far are closely related to
methodologies itself, planning process, managerial
and implementation issues. In addition,
technological aspect such as database, hardware,
application and systems can be equally important.
Accordingly, we need to look into several issues that
haven’t been considered in the existing methodology
to develop an improved model as follows:
(1) Insufficient consideration of both
alignment and impact: most methodologies only
focus on alignment, so does not consider the
potential impact of IS/IT on organizational tasks and
processes as well as not fitting into an integrated
business plan. It means that it is somewhat hard for
organizations to harmonize both alignment and
impact in the methodologies. As more organizations
are transforming into e-businesses, it has been a
challenge for them to understand how businesses
create and sustain competitive value from their IT
investments (Peterson, 2004). Hence, it is needed for
organizations to consider the interaction of
alignment and impact simultaneously for more
comprehensive approach. In essence, a
comprehensive methodology for SISP should be
able to incorporate both the impact and the
alignment views. Method/1 incorporates Value
Chain Analysis, IE supports Critical Success Factors
Analysis and even BSP also incorporates CSF to
complement their one-way approach (Pant and Hsu,
1999).
(2) Lack of sufficient analysis of external
business-IT environments: By focussing mainly on
analysing the internal environment and data
processing, it can be difficult for organizations to
adapt to rapidly changing or emerging
circumstances. To respond to environmental
fluctuations, organizations need to realize the change
in information requirements. Presence of flexibility
in IS that handles special situations in organizational
information requirements and enables organizations
to tackle these fluctuations successfully by adapting
to the environmental forces (Pananisamy, 2005). To
develop effective and competitive strategic IS
planning, therefore, both internal and external
business-IT environment should be considered
together in stages from the early stage of planning
until the planning process is implemented;
(3) Deficiency of effort for increasing of IS
and organizational capabilities through EA and
BPR: most existing methodologies that use top-
down approaches have a fixed structure.
Accordingly, making it difficult to change a process,
to implement organization-wide policies and
minimize redundancy and system inconsistencies
once the project is completed. However, lack of
support for EA is apparent in existing methodologies
such as BSP, IE and CSFs, this may accelerate
future difficulties of inconsistencies and confusion
and hinder an organization’s ability to meet
customer needs efficiently if SISP is carried out
without the prior benefit of an EA (Hartono et al.,
2003). Thus, EA and BPR are essential for
establishing a long-term view of a company’s
processes, systems, and technologies in order to
build and strengthen capabilities and flexibility;
(4) Difficulty of a reduction of excessive
duration for developing SISP: to implement SISP
projects, in general, BSP takes 8-21 months, IE
needs 10-12 months to finish and sometimes it takes
over 2 years to complete, according to the scale of
the project. Accordingly, an organization’s concerns
and priorities may have changed enough to render
the activities outdated (Flynn and Arce, 1995;
Lederer and Salmela, 1996). Present methodologies,
however, do not consider whether the stages can be
accomplished concurrently. They may also have a
step for creating a workout plan and are designed in
a sequential form. If a methodology is formulated as
a concurrent way to utilize related or similar
processes at the same time, the duration of the SISP
process can be significantly reduced contrary to
other methodologies (Min et al., 1999). Thus, this
model introduces a concurrent approach as a way to
minimize duration of time.
Therefore, we propose an overall SISP model as
shown in Figure 1 which can provide a structure for
sorting out the interrelationships of strategic issues
and at the same time maintain the advantages of
existing methodologies by addressing the problems
mentioned above. The approach of the model will be
both alignment and impact based, focusing on IS as
a way to assist business goals as well as identify
strategic opportunities enabled by IT. This model
attempts to focus on amplifying strategic
compatibilities, flexibility and effectiveness but
reducing the development period of time through
introducing EA, BPR and the concurrent approach.
Accordingly, this proposed model enables
organizations to comprehend four dimensions of
BETTER IT GOVERNANCE FOR ORGANIZATIONS - A Model for Improving Flexibility and Capabilities of Strategic
Information Systems Planning (SISP) through EA and BPR under e-Business Environment
37
Figure 1: The proposed model for integrated SISP model.
objectives for SISP success from Segars and
Grover (1998) and six process dimensions to
accomplish effective strategic governance from
Segars et al., (1998) such as comprehensiveness,
formalization, focus, flow, participation, and
consistency.
Above all, the proposed model provides the
following advantages for organizations unlike other
SISP methodologies:
Consider and emphasize SISP formulation in
both IS/IT and business point of view by
carrying out strategic business-IT/IS planning
and opportunities concurrently (consider both
alignment and impact of organizational process
simultaneously);
Possible to consider internal/external business
and IT/IS environment at the same time and
summarise overlooked important factors from
the first stage of the framework until
commencing the SISP implementation.
Therefore, organizations are available to secure
the degree of organizational flexibility to have a
variety of actual and potential procedures and to
increase the control capability of the
management and improve the controllability of
the organization and environment;
Possible to align, integrate and standardize the
SISP model and to maintain effective
organizational capabilities and flexibility by
utilizing EA as well as possibly design or
redesign business processes to take advantage of
IT/IS capabilities and to improve performance if
processes are poorly-designed or inefficient
through BPR;
Contrary to the existing methodologies, possible
to implement the stable planning and minimize
extra cost, reduction of implementation time and
trial and error through analysing and
accomplishing several processes concurrently.
As a whole, the proposed SISP model consists of
supplementary processes with a different overall
structure contrary to other conventional SISP
methodologies. It consists of eight main processes
and one supplementary process. The proposed model
and the processes can be differentiated from the
existing methodologies. Basically, the model is
implemented sequentially which commences from
Stage 1 through to Stage 6 and several processes are
completed concurrently at the same level. Although
some processes are carried out at the same time, it
does not mean the processes of the same stage are
achieved independently. The information completed
in stage 1 is supplied to the next stage at the same
time to verify the forwarded information. In Stage 2,
two processes work together to consider strategies,
opportunities and critical factors with the received
information and external business-IS/IT
environment. At this time, Critical Success Factors
(CSF) and Key Performance Indicator (KPI) can be
introduced to identify and analyse business strategy
and organisational IT/IS opportunities for measuring
the current and future success of the organisation. In
this way, the six stages can produce the overall base
for implementing effective and comprehensive SISP.
The tasks and characteristics of each stage are given
below.
Firstly, the basic direction and formal definition
of SISP project is established by considering the
business mission and objectives as well as top
management involvement and commitment with
setting up project team and a basic process in stage
1. In stage 2, by complementing the shortcoming of
the existing methodologies, perceiving business
ICEIS 2008 - International Conference on Enterprise Information Systems
38
environment, and identifying CSF and KPI, it is
possible to align and integrate concurrently both data
and systems appropriate for organizations through
understanding business strategies and opportunities
of IS/IT as well as potential factors. Stage 3 can help
organizations set up the structure of processes more
consistently and efficiently by synthesizing and
formulating the requirements considered in the
previous stage.
In the next stage, before the implementation of
SISP, it is available to improve organization’s
performance and capability by integrating,
standardizing and redesigning added requirements or
overlooked factors through EA and BPR. To
accomplish this stage, top management’s
commitment and responsibility is more required,
because, the same as developing SISP, managers
have the authority to provide organization goals,
objectives and policies for exploiting EA and BPR.
Organizations also need to comprehend and compare
both existing processes and newly developed or
added processes. In particular, it is very important
for organizations to create a solid IT/IS architecture,
because it enables modification and upgrade of the
system easily despite the change of business
appropriateness or management policies in the
future. In stage 5, two processes are accomplished
such as implantation, and reporting and
documentation. It can provide a clear guide as to
contents, form of deliverables and supporting
appendices to the whole staff of an organization. It is
also required to confirm organization’s standards,
policy and overall system equipments based on
created strategic IS plan. Finally, in the last process,
stage 6 focuses on learning and maintenance of the
developed SISP project. More recently,
organizations have recognized the importance of
continuous learning for the completed project. Since
SISP generate an enormous amount of information
about an organization, and its internal and external
environment, the information on the project must be
understood and managed by all staff of the
organizations. Besides, continuous management of
the planning system enable them to cope with
alteration of management circumstances promptly.
5 CONCLUSIONS AND FUTURE
WORKS
As a development of IT, related technologies and
both internal and external environments of
organizations has continued to proceed and
transform as the remarkable degree, SISP has been
regarded as one of the most important determinants
to achieve effective and efficient IT Governance and
to innovate and create a long-term value. Several
well known methodologies have been introduced to
implement SISP or in some cases companies
develop their own in-house methodologies.
However, these methodologies contain problems
such as lack of consideration on the impact of the
external environment, deficiency of architecture to
improve organizations’ capabilities and flexibility
and the duration of SISP planning and others.
Hence, there is a need to develop more effective
SISP to maximize capabilities and flexibility as well
as to minimize cost, time and inconsistency through
integrating, standardizing and reengineering the
business process.
It is widely recognised that business strategies
and IS strategies need to be aligned with the SISP
process to strengthen the effectiveness and
sustainability of the organization employment. In
this paper, therefore, we proposed a model which
can overcome the drawbacks of existing
methodologies to achieve more effective and
efficient SISP for better IT Governance. The model
provides organizations with various opportunities to
verify and clarify business-IT processes. It also
allows the implementation of consistent and efficient
SISP by inducing the commitment and responsibility
of top management through EA and BPR based on
long-term information architecture. Furthermore,
performing several processes concurrently can
prevent organizations from ineffective use of time
and cost.
Next, we will conduct a case study to
demonstrate that the proposed model can manage
flexibility and capabilities to adjust in response to
new circumstances and demands by focusing on the
Government of Korea. In fact, with the continuous
diffusion of e-business and globalization, the
Government in Korea has introduced information
systems planning aggressively in the past two
decades as a strategic way to strengthen their
governance through enhancing credibility of the
governance and intimacy of customers, at the same
time improving their service quality. Therefore, this
case study will be used to verify the proposed model
as well as identifying other potential issues and
factors that compare with other sectors.
REFERENCES
Attaran, M., 2004. Exploring the relationship between
information technology and business process
BETTER IT GOVERNANCE FOR ORGANIZATIONS - A Model for Improving Flexibility and Capabilities of Strategic
Information Systems Planning (SISP) through EA and BPR under e-Business Environment
39
reengineering, Information & Management (41:5), pp.
585-596.
Broadbent, M., Weill, P., Clair, D. S., 1999. The
implications of Information Technology information
infrastructure for business process redesign, MIS
Quarterly (23:2), pp. 159-182.
Cerpa, N., Verner, J. M., 1998. Case study: The effect of
IS maturity on information systems strategic planning,
Information & Management (34:4), pp. 199-208.
Chi, L., Jones, K. G., Lederer, A. L., Li, P., NewKirk, H.
E., Sethi, V., 2005. Environmental assessment in
strategic information systems planning, International
Journal of Information Management (25:3), pp. 253-
269.
Doherty, N. F., Marples, C. G., Suhaimi, A., 1999. The
Relative Success of Alternative Approaches to
Strategic Information Systems Planning: An Empirical
Analysis, Journal of Strategic Information Systems
(8:3), pp. 263-283.
Earl, M. J., 1993. Experiences in Strategic Information
Systems Planning, MIS Quarterly (17:1), pp. 1-24.
Earl, M. J., 1989. Management Strategies for Information
Technology, Prentice-Hall, Europe.
Flynn, D. J., Arce, E. A., 1995. Theoretical and Practical
Issues in the use of Strategic Information Systems
Planning (SISP) Approaches to Integrating Business
and IT in Organizations, International Journal of
Computer Applications in Technology (8:1/2), pp. 61-
68.
Gottschalk, P., 1999. Implementation Predictors of
Strategy Information Systems Plans, Information &
Management (36:2), pp. 77-91.
Griffiths, G., and Hackney, R., 2001. Strategic
Information Systems for Competitive Advantage:
Planning, Sustainability and Implementation, In Papp,
R. (Ed.), Strategic Information Technology:
Opportunities for Competitive Advantage, Hershey,
PA: Idea Group Publishing.
Grover, V., and Segars, A. H., 2005. An Empirical
Evaluation of Stages of Strategic Information Systems
Planning: Patterns of Process Design and
Effectiveness, Information & Management (42:5),
pp.761-779.
Hammer, M., and Champy, J., 1993 Reengineering the
Corporation, Harper Collins, New York.
Hammer, M., and Stanton, S. A., 1995. The Reengineering
Revolution, Hammer and Co.
Hartono, E., Lederer, A. L., Sethi, V., Zhuang, Y., 2003.
Key Predictors of The Implementation of Strategic
Information Systems Plans, The DATA BASE for
Advances in Information Systems (34:3), pp. 41-53.
Hevner, A. R., Derndt, D. J., Studnicki, J., 2000. Strategic
Information Systems Planning with Box Structures,
Preceedings of the 33rd Hawaii International
Conference on Systems Sciences, pp. 1-11.
IBM Corporation., 1975. Business Systems Planning –
Information Systems Planning Guide, Publication No.
GE20-0527-4.
IT Governance Institute, 2005. Governance of The Extend
Enterprise – Bridging Business and IT Strategies,
John Wiley & Sons, Inc., Hoboken New Jersey.
Jonkers, H., Lankhorst, M. M., ter Doest, Hugo W. L.,
Arbab, F., Bosma, H., Wieringa, R. J., 2006.
Enterprise architecture: Management tool and
blueprint for the organization, Information Systems
Frontiers (8:2), pp. 63-66.
Karimi, J., 1988. Strategic Planning for Information
Systems: Requirements and Information Engineering
Methods, Journal of Management Information
Systems (4:4), pp. 5-24.
Lederer, A. L., Salmela, H., 1996. Toward a Theory of
Strategic Information Systems Planning, Journal of
Strategic Information Systems (5:3), pp. 237-253.
Lederer, A. L., Sethi, V., 1991. Critical Dimensions of
Strategic Information Systems Planning, Decision
Sciences (22:1), pp. 104-119.
Martin, J., 1989. Strategic Information Planning
Methodologies, 2nd edition, Prentice-Hall, Englewood
Cliffs, NJ.
Min, S. K., Suh, E. H., Kim, S. Y., 1999. An integrated
approach toward strategic information systems
planning, The Journal of Strategic Information
Systems (8:4), pp. 373-394.
NewKirk, H. E., Lederer, A. L., 2006. The Effectiveness
of Strategic Information Systems Planning Under
Environmental Uncertainty, Information & Systems
(43:4), pp. 481-501.
NewKirk, H. E., Lederer, A. L., Srinivasan, C., 2003.
Strategic Information Systems Planning: Too Little or
Too Much?, Journal of Strategic Information Systems
(12:3), pp. 201-228.
Palanisamy, R., 2005. Strategic Information Systems
Planning Model for Building Flexibility and Success,
Industrial Management and Data Systems (105:1), pp.
63-81.
Pant, S., Hsu, C., 1999. An Integrated Framework for
Strategic Information Systems Planning and
Development, Information Resources Management
Journal (12:1), pp. 15-25.
Pant, S., and Ravichandran, T., 2001. A Framework for
Information Systems Planning for E-business,
Logistics Information Management (14:1/2), pp. 85-
98.
Peppard, J., Ward, J., 2004. Beyond strategic information
systems: towards an IS capability, Journal of Strategic
Information Systems (13:2), pp. 167-194.
Petel, N. V., 2004. An Emerging Strategy for E-Business
IT Governance, In Van Grembergen, W. (Ed.),
Strategies for Information Technology Governance,
Hershey, PA: Idea Group Publishing.
Peterson, R. R., 2004. Integration strategies and tactics for
information technology governance, In Van
Grembergen, W. (Ed.), Strategies for Information
Technology Governance, Hershey, PA: Idea Group
Publishing.
Porter, M. E., 2001. Strategy and the Internet, Harvard
Business Review (79:3), pp. 63-78.
ICEIS 2008 - International Conference on Enterprise Information Systems
40
Reich, B. H., Benbasat, I., 2000. Factors that influence the
social dimension of alignment between business and
information technology objectives, MIS Quarterly
(24:1), pp. 81–111.
Rockart J F., 1979. Chief executives define their own data
needs, Harvard Business Review. (57:2), pp. 81-93.
Ross, J. W., Weill, P., Robertson, D. C., 2006. Enterprise
Architecture as Strategy – Creating a Foundation for
Business Execution, Harvard Business School Press,
Boston-Massachusetts.
Satzinger, J. W., Jackson, R. B., Burd, S. D., 2007.
Systems Analysis and Design in a Changing World,
Fourth Edition, Thomson Course Technology, Boston,
Massachusetts.
Segar, A. H., Grover, V., 1998. Strategic Information
Systems Planning: An Investigation of the Construct
and Its Measurement, MIS Quarterly (22:2), pp. 139-
163.
Segar, A. H., Grover, V., Teng, J. T. C., 1998. Strategic
Information Systems Planning: Planning System
Dimensions, Internal Coalignment, and Implications
for Planning Effectiveness, Decision Sciences (29:3),
pp. 303-345.
Teo, T. S. H., Ang, J. S. K., 2001. An examination of
major IS planning problems, International Journal of
Information Management (21:6), pp. 457-470.
Teubner, R. A., 2007. Strategic information systems
planning: A case study from the financial services
industry, Journal of Strategic Information Systems
(16:1), pp. 105-125.
Van Grembergen, W., De Haes, S., Guldentops, E., 2004.
Structures, processes and relational mechanisms for IT
governance, In Van Grembergen, W. (Ed.), Strategies
for Information Technology Governance, Hershey,
PA: Idea Group Publishing.
Vitale, M., Ives, B., Beath, C., 1986. Identifying Strategic
Information Systems, Proceedings of the Seventh
Annual International Conference on Information
Systems, pp. 265-276.
Ward, J., Peppard, V., 2002. Strategic Planning for
Information Systems, John Wiley & Sons Ltd.,
England.
Weill, P., Ross, J. W., 2004. IT Governance – How Top
Performers Manage IT Decision Rights for Superior
Results, Harvard Business School Press, Boston-
Massachusetts.
BETTER IT GOVERNANCE FOR ORGANIZATIONS - A Model for Improving Flexibility and Capabilities of Strategic
Information Systems Planning (SISP) through EA and BPR under e-Business Environment
41