Toward Corporate IT Standardization Management: Frameworks and Solutions

Toward Corporate IT Standardization Management: Frameworks and Solutions

Robert van Wessel (Tilburg University, Netherlands)
Release Date: February, 2010|Copyright: © 2010 |Pages: 307
ISBN13: 9781615207596|ISBN10: 1615207597|EISBN13: 9781615207602|DOI: 10.4018/978-1-61520-759-6

Description

The world of corporate management benefits when organizations realize the profitability, reliability, and flexibility obtained through IT standardization.

Toward Corporate IT Standardization Management: Frameworks and Solutions details the IT standards conceptual model through insightful case studies that illustrate the factors affecting the performance of business processes. By offering organizations the opportunity to enhance process performance through IT standardization, this reference work demonstrates the effectiveness of IT standards, and the applicable techniques for implementation and management of such practices. This book features information useful to educators and students in the fields of Information Systems, IT-Management, Business Studies, and Economics, as well as IT practitioners and IS Managers.

Topics Covered

The many academic areas covered in this publication include, but are not limited to:

  • Benefits and Risks of Standardization and Standards
  • Business Process Management
  • Business Process Performance
  • Elements of process performance
  • External Standardization Processes
  • Governance and Management
  • IT Policy
  • IT Standards and Standardization
  • Managerial Implications
  • The Conceptual Model

Reviews and Testimonials

The author bases his recommendation on an in-depth understanding of what it really takes to achieve effective IT standardization in one of the most important service sectors, that of Banking. Its longitudinal perspective is rare in the academic literature, but precisely what we need to better understand the challenges in IT standardization, as these processes evolve over time.

– Henk Akkermans, Tilburg, August 1, 2009

Table of Contents and List of Contributors

Search this Book:
Reset

Preface

In day-to-day life, a lot of standardization initiatives are carried out within organizations. They aim to ensure quality and to reduce operational costs, to name but a few aims. Studies on the business impact of standards mostly focus on the consequences of product standards for market share (De Vries, 1999) whereas others looked into the balance between desires of entrepreneurs and the needs of society (Krechmer and Baskin, 2006). For information technology (IT), however, the side effects of standardization are not always taken into account–or even understood. Typically, in standardization there are significant uncertainties on the factual costs and benefits as well as on adequate planning and control strategies (Weitzel, 2003). One of the classic problems facing standardization and standards usage in companies is that of demonstrating its contribution to the company’s total success (Hesser and Inklaar, 1997).

This problem is persistent and discussed by Lyytinen and King (2006) who argue that despite the importance of standardization, the IS field has not pursued research on it vigorously, considering that only roughly 2% of published journal papers dealt with IT standards during the last decade. Moreover, these papers, on the whole, focused on the content of new IT standards whereas studies on the impact of IT standards in companies were notably absent. In the MIS Quarterly Special Issue on Standard Making (August 2006), 2 of 7 of accepted papers dealt with the impact of IT standards. Although these studies focussed on using IT standards at the organizational level impact (Chen and Forman, 2006; Hanseth et al., 2006), examination of business performance efficiency and effectiveness remained unaddressed.

Given these limitations and uncertainties in the field of IT standardization and standards, this book focuses on the effects of company IT standardization and standards usage. We define a company IT standard as: “The specification of an IT product or process to be repeatedly and consistently used in the company.” Company standards have, in general, the form of: 1) a reference to one ore more external standards (e.g. an international standard like ISO 17799 or a de-facto standard like Microsoft® Word®) officially adopted by the company; 2) a company modification of an external standard; 3) a subset of an external standard; 4) a standard reproduced from (part of) other external documents; or 5) a self-written standard (De Vries, 1999, p. 231).

Mintzberg (1984) considers standardization as a coordination mechanism for organizations. The organizational context and measures are important to the success of an IT company standard (Kayworth and Sambamurthy, 2000; Rada and Craparo, 2001; Hanseth and Braa, 2001) and Cargill (1989) argues that company standardization should be directed by an understanding of where an organization is going. Company IT standards provide long-term benefits to the enterprise as a whole, however business units may not observe a direct benefit from using the standards in the short term. Kayworth and Sambamurthy (2000) have shown that IT infrastructure standards can facilitate simultaneously localized exploitation and enterprise-wide integration that seems at first sight contradictory. In other words, this means that standards are able to facilitate flexibility. In this book, we will look into this quality aspect in detail.

Recent examples on the impact of company standards include survey research by Huang and Lee (2006) who investigated causal relationships in the four Balanced Scorecard (BSC) perspectives (Kaplan and Norton, 1992) of the information security management standard ISO/IEC 17799. In a survey research on the use of Enterprise Architecture (EA) IT standards, Boh and Yellin (2007) investigated to what extent the use of EA standards facilitate organizations to improve the sharing and integration of IT resources across the enterprise and how different governance mechanisms affect the use of EA standards.

Our main research objective is to investigate how organizations can realize the intended business benefits from IT standardization carried out in companies. In order to investigate this, we will also study what this standardization process entails and how the usage of the resulting standards impacts business performance. A number of research questions are formulated, including: how to effectively and efficiently deal with company IT standardization and company IT standards?; what are the effects of company IT standards, for facilitating business processes, on business performance?

In this book, we will create a conceptual model based on the scarce literature on company IT standards, complemented with insights gained from a pilot case study, to provide insight into the factors affecting performance of business processes. Using a number of case studies that were carried out at a large financial services company, this model will be further refined. To test the model empirically, the case study research method was used, because in a relative short timeframe in-depth knowledge can be gained and this method is suitable to explore and explain practical situations (Yin, 1994). Three case studies were carried out at a large financial services company and case selection was to ensure variability. In total, 23 interviews were held with 18 interviewees. The conceptual model will be tested from a cross case context and overarching themes will be discussed. The gained insight provides the basis for a Corporate IT Standardization Management Framework that contains the following constructs:

    1. Process of Standard Selection: the way the company IT standard is chosen.
    2. Company Standard: the specification of the IT product or process to be repeatedly and consistently used in the company. .
    3. Implementation of Standard: the way the company IT standard is put into operation. 4. Use of Standard: the way the company IT standard is operated. .
    5. Process Performance: the efficiency and effectiveness of the process as a result of using the company IT standard. .
    6. Performance Measurement & Analysis: the way in which efficiency and effectiveness of the company IT standard's use is assessed. .
    7. Governance of Standard: specifying the decision rights and accountability framework to encourage desirable behavior in the selection, implementation and use of the company IT in the organization. .
    8. Management of Standard: the decision-making efforts associated with planning, .
    organizing, controlling, and directing the selection, implementation and use of the company IT in the organization.

This Corporate IT Standardization Management Framework was tested successfully in a fourth and final study. This framework turned out to be elementary in describing and explaining changes in process performance as a result of applying company IT standards, and consequently how organizations can realize the intended business benefits from company IT standardization.

This book is organized into ten chapters. A brief description of each of the chapters follows: Chapter 1, Introduction, discusses the motivation to carry out the research on company IT standardization, the problem definition, the research scope and approach. It is an initial attempt to conceptualize and empirically understand the complex relationships between company IT standardization and its business benefits. It also details the research method chosen, which comprises both exploratory and explanatory case study research. This was considered the best way to complement theory in this underdeveloped domain of IS literature (Yin, 1994).

Chapter 2, Standardization & Standards, reviews literature on standardization and standards to identify key characteristics and benefits & risks with special focus on IT standardization and its effects on business performance in companies. Apart from a few exceptions, literature on how company IT standards impact business performance is notably absent. Current literature on IT standardization and standards mainly focuses on the standardization processes carried out in industry, by consortia and international standard setting organizations and on the effects of IT standards at a macro economic scale; literature on company standardization is scarce.

Chapter 3, IT, Business processes & performance, reviews literature on the value of IT related to business processes and performance. It also describes literature about IT investments and the impact of IT on the performance of the firm. The reason for this literature review is that effects of IT standards, which are an integral part of IT, will be investigated in several case studies. Supporting the case study analysis, a method will be adopted that is used to assess business performance from IT in general.

Chapter 4, Building the Conceptual Model, presents an initial conceptual model that should help in understanding the impact of company standards on business performance and focuses on the control of these standards. The conceptual model integrates aspects of standardization, standards usage and standards control and relates those to the impact of IT standards used in an organization on business process performance. Using this model, multiple in depth case studies will be carried out with the intention of gaining experience with the initial conceptual model and making generalization possible as part of the theory testing phase.

Chapter 5, Client/Server Standardization "Uniform Case", describes a case study concerning company product standardization of both back-end and front-end of a desktop environment. This standardization project was carried out within a two-year timeframe, affecting 10,000 end users of a business unit. The main objectives of the standardization project, that included hardware and software of both front and back end, were 1) to reduce costs of development and support of both hardware and software; 2) to facilitate change flexibility. One of the core components of this program was application software rationalization, which ranged from desktop productivity tools to applications for complex financial transactions. The guiding principle in the application rationalization phase was that only one type of software was allowed, preferably the latest version, unless business functionality degraded considerably. The balance between functionality and support/license costs was the main criterion for putting an application on the list of standard software. The total number of client and server applications was downsized rigorously with approximately a factor 22 (from 6,000 to 265). This list of software products and C/S hardware constituted the set of company IT standards. In the application and control phases, heavy load applications that used to run on (midrange) desktops were migrated to high-end servers. This server based computing concept allowed running such applications on low-end desktops, which resulted in low overall hardware purchase and maintenance costs. In line with the observations by Rada and Craparo (2001), a technical review team carried out the verification of the specified IT product standards in projects. Strict conformity to the related service and project management processes were key ingredients in the successful usage of the set of IT standards. The team also reviewed any upgrades, replacements or patching needed. Standards were reviewed every 2 years and the review process resulted often in a new product that was incorporated in the set of IT standards, reflecting developments at both the technological and business environment.

Chapter 6, Software Development Standardization "CMM/DSDM Case", describes a case study on company process standardization at a software development department. This standardization initiative was launched at the main software development department of the case company with the aim to bring about fundamental changes in the way business and IT developed software products. The goals of the program were to: 1) Improve quality; 2) Increase productivity and reduce costs; 3) Respond more rapidly to change; 4) Improve co-operation between business and IT; 5) Increase job satisfaction and attractiveness to staff. The company standards consisted of a combination of the Capability Maturity Model (CMM®) (Paulk, 1991) and the Dynamic System Development Method (DSDM™). DSDM was used to assist to reach CMM level 2. In the implementation phase, control of the separate CMM and DSDM projects was merged to increase staff acceptance and to deal with inefficiencies. These process standards were implemented accompanied with an organizational change process, which proved to be important for its success. The control on these process standards was considered as strict but one was allowed to deviate if certain aspects of the standard did not add value, under approval of a QA organization. A version for small projects was developed next to the possibility of tailoring. The idea was to first enforce the standards and accomplish discipline, than allow tuning and tailoring. A weakness in the implementation was the lack of alignment between business and IT that negatively impacted the whole program.

Chapter 7, HR IS Standardization "CHRISP Case", describes a third in-depth case study on company IS product standardization, the ERP HR modules of PeopleSoft, which include the accompanying HR processes. A complete set of core HR processes, as part of an ERP HR suite, that were selected by the business as company standard, based on its Best-in-Class rating by the HR profession. This initiative included standardization of data (both syntax and semantics) which is known to be complicated (Boh and Yellin, 2007). The main driver was lack of consistency of HR management information in the HR information systems and the impossibility of proper analysis and reporting. The HR administration was based on dispersed spreadsheet-like tools often lacking historic data. The goals of the global HR IS were: 1) cost savings through empowerment of employees (self service) and consequently a reduction of HR headcount and reduced HR IS costs; 2) provision of quality services that enable the enterprise to improve its HR function; 3) comply globally with legal and fiscal requirements. The standardization process, especially of the data semantics, turned out to be ineffective, as roles and responsibilities between corporate and local HR units were not effectively assigned. This included 1) lack of mandate and decision rights from the corporate core, 2) the nature of advises (recommended in stead of mandatory), 3) lack of ownership of HR data elements. As a consequence, the data standardization process was limited to a relatively small set of entities. In the application phase, the HR business in some business units did not fully support the standard. To get buy in from local HR, therefore, no standard way of implementing the HR IS was enforced. The possibility of implementing optional features of the standard did not help to make this project an immediate success either. As the implementation took too long and the scope of the deliverables remained too narrow, a rigorous change in the way of implementing the standard was made which resulted in positive effects on the application of the company IT standard.

Chapter 8, A reflection upon the case studies, provides a cross case analysis using replication logic tactic (Yin, 1994). The case studies will be compared and the conceptual model will be reassessed. The gained insights result in the Corporate IT Standardization Management Framework. This framework includes the constructs governance and management of company IT standards that are key to influence the effects of company IT standards on business process performance. This framework will be tested in a fourth and final case study to increase validity of the framework and the case study research.

Chapter 9, Information Security Management Standardization "ISO/IEC 17799 Case", describes the fourth and final in-depth case study using the Corporate IT Standardization Management Framework. This case study describes the positive effects of using an information security management standard on the risk profile, satisfying internal and external requirements. It is discussed how changes in governance and management of the standard could have resulted in potentially even better process performance of the information security function. This includes business-IT alignment, project management, and performance monitoring. Because collaboration with and input from the business was only marginal, the business benefits of the implemented measures, though substantial, remained sub-optimal.

Chapter 10, Conclusions, Discussion, Recommendations, provides a final discussion following the four in-depth case studies. The research questions will be answered and the business benefits identified in the case studies will be discussed, as well as whether these hold in a more general sense also. The contributions to theory and practice will be discussed including the generalizability of the findings and the limitations of this research. The chapter concludes with a number of recommendations.

In sum, no studies to date directly addressed the success factors of effective and efficient selection, implementing and usage of company IT standards on process performance. Only very limited research has been carried out on company IT standards, which holds especially for the empirical effects of using such standards in practice. An extended conceptual model has been developed and tested successfully which consists of constructs and variables that affect process performance. Furthermore, the case studies show that with company IT standardization business benefits are achieved. Overall results from the case studies show that service quality and flexibility increase when using standardized products or processes, and simultaneously costs go down. Customer satisfaction depends on the level of business participation in the selection and implementation phase. Last but not least, this book details how to realize intended business benefits from company IT standardization. It is demonstrated how governance and management of company IT standards, moderating selection, implementation and usage, affects process performance and thus contributes significantly to accomplish intended business benefits. To the best of our knowledge, the extended conceptual model relating selection, implementation and use of standards to process performance and moderated by governance and management did not exist until now.

With regard to the business impacts, it offers organizations the opportunity to enhance process performance when using company standards. It provides insight on how company IT standards affect business processes and it shows how to govern and manage such standards in practice. The implications of this research to organizations refer to design and decision making regarding selection, implementation and usage of standards by organizations. Companies may wish to reconsider how they are dealing with company IT standards.

Target Audience

The primary audiences of this book are scholars and lecturers with backgrounds in, for example, Information Systems, IT Management, Business Studies, and Economics. They will be typically interested in the full coverage of this book, including the research method, construction and test of the conceptual models created in this study.

However, this book will also be of interest to practitioners such as corporate IS managers who are in charge of planning the development and/or the adoption of standards-based systems within their organizations.

In addition at the end of each chapter, a section is included with “Managerial Implications” that summarizes the main practical topics and ideas discussed.

Author(s)/Editor(s) Biography

Robert M. van Wessel (Author) holds a Master in Electrical Engineering from Twente University and an Ph.D. in Business Administration from Tilburg University (Department of Information Systems and Management). Robert’s research interests relate to the interaction and alignment of Business & Information Technology and include Business Performance and the Value of IT, Portfolio Management, IT Governance, Information Security Management and IT Standardization & Standards.

Robert has a broad expertise on the practical application of IT, ranging from data modeling to IT Service Management. Robert is currently Business Architect at a financial services enterprise and founder of ApexIS, a firm providing consultancy services to companies in his areas of research.