Keywords

1 Introduction

This work finds its motivation in the scarcity of empirical research concerning ITG in the public sector. There is a noticeable presence of information system projects in the public sector and in other projects dedicated in this sense. Additionally governance happens to be an important variable that structures the process through relational mechanisms. ITG is an important is a part that starts to gain more and more important place in governance pyramid.

ITG can be defines from 3 point of view:

  • Entreprise “an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure the enterprise’s IT sustains and extends the organization’s strategies and objectives” [1].

  • IT and business fusion “IT governance is the organizational capacity exercised by the board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensuring the fusion of business and IT” [2]

  • Decision-making “IT governance is defined as specifying the decision rights and accountability frameworks to encourage desirable behavior in using IT” [3].

The purpose of this paper is to discuss the importance of ITG in the public sector. Nonetheless public sector is gathering of organizations aiming to serve citizens. In this sense, this paper is going to answer a question of huge importance to see if ITG should rely on stable functions of a public sector organization, or should it consider broader and more evolving objectives touching the whole government.

2 Research Gap

Which ITG framework to be implemented for an effective ITG in public sector organizations.

Should ITG rely on stable functions of a public sector organization, or should it consider broader and more evolving objectives touching the whole government?

  • What is the level of involvement of ITG in public sector organizations?

  • What is the effective approach to be used in public sector organizations (Local or global)?

  • At what level the IT objectives should be aligned with public sector objectives?

  • What added value does IT bring to public sector?

  • At what level external relations influence decision making mechanisms?

3 Literature Review

IT governance (also termed Information Systems (IS) governance) consists of the leadership, organisational structures and processes that ensure that an organisation’s IT sustains and extends its strategies and objectives [4]. IT governance aims to ensure that the expectations and achievements from IT are matched, and that the risks associated with IT are controlled. In particular IT governance focuses on the strategic alignment between an organisation’s use of IT and achievement of its business goals and objectives, an issue which is also important in public sector organizations. As IS is positioned within organisational settings and involves people, IT (IS) governance considers much broader issues than technology. These issues include policy, planning, culture, training and change management. As it is now well accepted that poor IT governance is the major explanation for failure to achieve the goals from IT-related projects.

In a survey conducted by the IT governance Institute [5] it was found that the top ten management problems include inadequate view on how well IT is performing, non-alignment between IT and business strategies and the higher cost of IT with low return on investment.

The need for effective IT governance is also becoming essential in the public sector, in which increasingly we see a variety of fragmented IT initiatives and activities, with loss of synergies and exploitation of economies of scale. The need is equally amplified by, alongside resources constraints, relatively lower IT literacy, culture and leadership, basic citizens competing needs and priorities. Also on the fact that the sector is complex and its effectiveness is characterized by a need for intra and inter-organizational synergies that call for common and effective strategies, services, communication, collaboration and accountability to multiple stakeholders [3]. These problematic governance related issues in the sector stem from IT strategic planning and implementation to management, support and monitoring [1, 5]. As a result effective integration of ICT and indeed ICT-enabled transformational government in these environments needs consistent strategic alignment of IT and business goals in order to increase efficiency in public service delivery and meet stakeholders’ expectations [4] (Fig. 1).

Fig. 1
figure 1

Concepts and definition of the ITG. Laita (2016)

Full size image

4 ITG Standards and Frameworks

4.1 COBIT (Control Objectives for Information and Technology)

COBIT is one of the most commonly accepted systematic approaches for ITG. The framework provides process descriptions and resents activities in a manageable and clear structure. Its mission is “…to research, develop, publicize and promote an authoritative, up-to-date, internationally accepted IT governance control framework for adoption by enterprises and day-to-day use by business managers, IT professionals and assurance professionals.” [1] Johannsen and Goeken justify the strong and increasing public interest in COBIT with its ability to bridge the well known gap between a company’s business interests and its IT.

The COBIT framework has been developed by the Information Systems Audit and Control Association (ISACA), and the ITGI and was published in its first version in 1996, followed by the second edition in 1998, and the third edition in 2000, and the fourth edition in May 2007. The latest version 5 was released in June 2012.

IT is not surprising, when historically looking at the development of COBIT by the audit and control association ISACA, that COBIT clearly focuses on IT controls. One of the primary purposes is o help defining goals for strategic alignment and performance measurement, but also to provide metrics an practices for risk management and performance measurement. The ITGI defines resource management as a separate domain, which is an integral part of the Value Creation domain for this analysis [6].

4.2 ITIL (Information Technology Infrastructure Library)

The IT Infrastructure Library (ITIL) was published by the UK-based Office of Government Commerce (OGC), ITIL is another frequently in literature discussed framework for IT governance and follows a similar concept like COBIT by providing standards and best practices. The basis for ITIL V3’s success is its operating relevance for all IT-using parties within an enterprise, from small IT departments to external service providers. With focus “… on a much broader range of organizational IT and business capabilities than earlier releases, this new version will help those using the framework in more ways than previously. Historically seen, ITIL is a neutral collection of best practices, concentrating especially on service support and service delivery n its second version. The intention of ITIL is to enhance the compatibility with the IT service management norm ISO. IT service has become a more integrated part of business function, which is why ITILV3 now supports establishing an IT management approach. Nevertheless, IT service Management is still only a part of ITG. An important aspect is the consideration of IT as a business itself, rather than treating it as a separate function. Some goals and valuable highlights of this de facto-standard for IT service management are:”

  • Alignment exclusively towards business usage;

  • Primary focus on the Service Life Cycle processes as a second priority;

  • Support for the fulfillment of the compliance requirements (SOX, Basel ….)

  • Basis for Balanced Scorecard;

  • Learning organization at the centre of interest;

  • Coordination with the ISO/IEC 20000 standard;

  • Agile and adjustable Service Design;

  • Assistance with the management of Service Providers;

  • Improved measurability and traceability of real added values.

4.3 ISO/IEC 17799 (International Organization for Standardization and the International Electrotechnical Commission)

The ISO 27002 standard is titled “Information Technology—Security Techniques- Code of Practice for information security management” and has replaced the former ISO 17799 standard in july 2005. The name has changed due to its international acceptance while contents remained the same. For the following proceeding both labeling will be used with the same contextual meaning.

ISO 27002 belongs to the family of the ISO 27000 series of standards and is closely related to the ISO 27001 standard. The latter provides a specification for an information security management system that intents” … to serve as a single reference point for identifying the range of controls needed for most situations where information systems are used in industry and commerce.” It is a code of practice for information security that outlines potential control and control mechanisms. In comparison, the ISO 27002 standard “…established guidelines and general principles for initiating, implementing, maintaining and improving information security management for an organization.” This standards defines information security policy as the managerial alignment of security issues by integrating the management for an organization-wide security policy [Müll2003, 3].

It also treats information like a valuable business asset for the organization that constantly calls for protection. Therefore, the main goal is to ensure confidentiality, integrity and availability of critical information. This protected information ensures business continuity, minimized business damage, and maximized return on investments and capitalizing on business opportunities.

4.4 Val IT

The availability of information transforms capital investment decisions into business decisions based on the probability of alternative strategic assumptions. From the opposite perspective, an organization’s business decisions depend on investment decisions. Since IT governance has changed the role of IT to an integrated organizational part, measuring and managing IT investments have become a more difficult business matter. In early times of simple IT management, a calculated budget was distributed to an IT project with responsibility for IT investment. In 2006, the lack of investment and management structures has resulted in the Val IT initiative by the ITGI due to company-wide IT integration.

Val IT is based on the COBIT framework and focuses on investment decisions and the realization of its benefits, while COBIT focuses on the implementation of demand processes. It extends and complements COBIT from both the business and the financial perspective with the purpose of creating real business value from IT-enabled investments. Where COBIT provides a framework for the means of creating value, Val IT provides guidance on meeting the end.

IT governance includes leadership and commitment from the top management. In contrast to ITIL, for example, this framework does not focus on operating processes rather than on top level decision making. The Val IT framework specifically provides guidance for executives in order to help understand their roles in business investments. If managed well within effective IT governance, the Val IT initiative provides significant opportunities to create value.

Albeit the ITGI Global Status Report 2008 still reports occurring problems with applying Val IT, 50 % of the respondents plan to apply this framework, but are not familiar with the brand itself. The major obstacles to adopting the framework’s principles include uncertainly regarding the return on investment and lacking and experience [7].

4.5 Discussion About IT Governance Standards

Frameworks like COBIT and ITIL tend to result in descriptions of what to do. In comparison, frameworks with high abstraction levels tend to offer more detailed descriptions on how to execute activities for improving IT governance. From this point of view, mapping two frameworks facilitates and extends solving of problems in certain cluster. If, for example, both frameworks are control-oriented, efficiency could still increase by offering a more detailed description of processes. In other words, none of the criteria are mutually exclusive, if another one fits.

5 Difference Between Public and Private Sector

See Table 1.

Table 1 A summary of differences between sectors
Full size table

6 IT Governance Versus IT Management

See Fig. 2.

Fig. 2
figure 2

Governance versus management

Full size image

7 ITG Conceptual Framework for Public Sector Organizations

Be in the public or private sector, IT governance can be deployed using a combination of processes, structures and relational mechanisms. Processes could be monitoring, decision-making, service level agreements (SLAs), balanced IT scorecards; structures may include IT councils, committees (like IT strategy committee, IT steering committee); while mechanisms could be business partnerships, shared learning, stakeholder participation and collaboration between functional areas or workgroups. framework. Each aspect is indispensable to successful IT governance [810] (Fig. 3)

Fig. 3
figure 3

Conceptuel framework: IT governance in public sector. Laita (2016)

Full size image

8 Conclusion

Bozeman and Bretschneider (1986) first hypothesized that the differences between the public and private sectors require different principles in the fundamental management of organizational information systems. It is imperative that further research is conducted to capture and better understand these fundamental differences, even as they relate to IT governance. Evidently, a ‘one-size-fits-all’ approach is not appropriate when studying the two sectors, and failure to address the differences will be ‘a mistake’ [11] when studying IT governance. Acknowledging the scarcity of empirical research done in this area, further studies are clearly needed to establish the IT governance approaches that work best in a public sector context and whether the adopted approach depends on the functions of a government agency. A study on the contribution of IT governance to service delivery in government will be another important area to investigate, as well as the extent to which IT is aligned with the objectives of different government agencies. Another possible area of research could be investigating what threat is posed by shrinking IT funds to IT governance in the public sector, the influence this might have on service delivery and possibly how it can be avoided.

It is also necessary to examine organizational activities and the mechanisms necessary for effective implementation of IT governance in the public sector. Subsequent research could replicate prior studies from the private sector in the public sector, and thereby provide empirical evidence for the differences between IT governance in the two sectors as discussed in this paper. Also, an investigation could reframe the underlying IT governance theories and develop alternatives to a public service organization. It is hoped that this paper has highlighted some of the significant differences between the public and private sector, which are pertinent to consider when addressing IT governance. Hopefully, the issues raised will provide motivation for empirical research to examine what is currently an under researched area in IT governance.