The need for oversight has prompted the incorporation of IT governance into corporate governance codes and practices. However, since its incorporation, the understanding and implementation of IT governance codes have been challenging for the board. Boards find these codes extending beyond their governance oversight responsibilities. Whilst existing literature have divergent approaches and focus, most agree and call for more explicit studies on how corporate governance board are affecting IT governance oversight. This chapter reviews IT governance frameworks, corporate governance codes, and practices to identify key aspects of IT governance relevant and applicable at the board level. The chapter derived a conceptual framework of an effective IT governance implementation that consists of four key components that directly influence IT governance implementation: governance capabilities, key features of implemented IT governance frameworks, and change management. The framework postulates that boards that focus and address these components would improve the IT governance effectiveness.
TopIntroduction
Governance has become synonymous with the process of how governments or corporations (organizations) use power, control and authority to achieve their (strategic) objectives (Farrar, 2008). In a State, the Government represents the highest level of central authority. The Government enacts laws and enforces compliance through regulations, which control the interaction and relationship within corporations and the larger society (Kjaer, 2010).
In corporations, the central controlling authority is the Board. The board is a group of designated directors who oversee the overall operations of the corporation. The board’s oversight ensures that the corporation abides by the laws and regulations of the state or country. The board controls and directs the activities and processes of the corporation to ensure sustainability and continued existence of the corporation (Ayuso, Rodriguez, Garcia-Castro & Ariño, 2014; Krause, Semadeni & Cannella, 2013; Akingunola, Adekunle & Adedipe, 2013).
Developed codes of corporate governance and best practices guide the board in effecting its oversight responsibilities. Corporate governance codes and best practices are a set of principles that specify needed structures, processes and sets of values for the board’s implementation and institutionalization within the organization. However, these codes and practices are dynamic and are reviewed, updated and kept up date with ongoing challenges and changes within the socio-economic environment, government laws and regulations.
The failures of corporations in the 1990s, and subsequence increase in utilization and reliance on IT by corporations prompted reviews and amendments to corporate governance codes and practices. Corporate governance codes were enhanced to include IT governance principles and practices to enforce IT oversight at the board level. However, boards have found incorporated IT governance related codes ambiguous, convoluting, and unable to comprehend the required IT governance oversight expected of them. Studies that emerged post these developments indicated that boards feel challenged in executing these incorporated IT governance principles and practices. That boards have indicated finding the codes too technical, ambiguous, confusing and obfuscate managerial and governance responsibilities (Theron & Koornhof, 2016; Balsmeier et al., 2013; Van Vuuren & Schulschen, 2013; Goosen and Rudman, 2013; Huff, Schroeder and Pauleen, 2012; Jewer and McKay, 2012; Bart & Turel, 2010).
Subsequently, various studies have called for more studies on how boards make IT-related decisions; capabilities utilized, processes followed and the resultant effectiveness of these decisions (Turel & Bart, 2014; Jewer & McKay, 2012; Schwertsik, Wolf & Krcmar, 2010).
The objective of this study is to establish key aspects of IT governance at the board level and develop a conceptual board-level IT governance framework within the context of corporate governance and board oversight responsibility.