The management and governance of information systems with HEIs can, at first, appear somewhat intractable – information systems and IT now underpin almost every activity within HE and therefore a large variety of systems have to be considered; systems cross organisational boundaries and consequently management structures can be complex; the use of information technology is often embedded within other processes making it difficult to review the effectiveness of single component such as IT.
In order to help resolve some of this complexity and to allow institutions to take a structured approach to assessing their information systems the project team developed the framework shown in Figure 1 below. The framework is built around five perspectives – governance, management, resources, structures and services. The framework takes a service-centred approach with the services delivered by the HEI’s information systems, hence the position of ‘services’ at the centre of the diagram. These services use resources and are organised through the organisation structures and processes that are put in place
As reflected in the diagram the services, resources and structures are the primary components of information systems and IT management. The governance activity sits above and overlaps with management, and is primarily concerned with ensuring that management is effective and that activities are aligned to institutional priorities.
Figure 1 – A Framework for the Management and Governance of Information Systems
Each of the perspectives (governance, resources, organisation and services) contain three ‘key issues’. The framework and accompanying toolkit are based on the proposition that the effectiveness of information systems governance and management can be ascertained and improved by reviewing these 12 key issues and identifying criteria through which performance in each can be benchmarked against other institutions or compared over time.
The ‘Governance’ perspective is concerned with the relationships between governors and executive management and between executive managers and operational management. These relationships are expressed in three key issues:
-
Vision. The institution should have an approved institutional ‘vision’ which should be translated into appropriate strategies, including an information strategy and/or an IT strategy.
-
Alignment. The institution should ensure that information systems and IT are aligned to the institutional vision and strategy.
-
Assurance. The institution should be able to provide assurance to its stakeholders that its information systems are aligned to strategy.
The ‘Management’ perspective is subdivided into the three main areas of management responsibility: resources (or the ‘inputs’ to the process), organisation (or the ‘process’ itself) and services (or the ‘outputs’ of the process). Each is described in detail below.
The ‘Resources’ perspective is concerned with the resources that are required in order to deliver the institution’s information systems, and ensuring that these are appropriate to the institutional requirements:
-
People. The institution should ensure that the expertise and skills of staff and students are sufficient to effectively use and/or support the information systems and technologies at their disposal. In some instances this will also involve enabling staff and/or students to be involved in the specification and design of the systems
-
Technology. The institution should have effective procedures in place to ensure that it is making informed decisions about investment in technology and that the technologies it acquires are secure, robust and being used effectively.
-
Finance. The institution should have in place procedures to ensure that it makes effective investments in new and existing systems and that there are effective mechanisms in place to allocate and control this funding.
The ‘Organisation’ perspective is concerned with the organisation and procedural structures that are put in place to control the institution's investment in information systems and IT. Here, the key issues are:
-
Structures. The institution should have in place an organisational structure that effectively supports the information systems and services. This includes not only the structure of the central ‘information services’ departments but also the mix of centralised and devolved responsibilities that the institution has put in place.
-
Policies. The institution should have in place a set of documented policies and procedures that ensure that each stakeholder is aware of their responsibilities and rights in relation to the use of information, information systems and IT. The institution should also have in place mechanisms to monitor compliance with these policies and procedures.
-
Decision-Making. The institution should have in place processes which ensure that suitable individuals or groups are empowered to make decisions and that they are presented with sufficient information and supporting tools to enable them to act effectively.
The ‘Service’ perspective covers all those activities that are ‘outputs’ of the institution’s investment in information systems and IT. These activities can be categorised in three ways:
-
Systems. The institution should have in place mechanisms to ensure that its systems (both IT-based and manual) offer co-ordinated, supported services to users. This issue includes questions of integration of systems both within and outside the institution, designing system architectures to support existing and future needs and the development of new types of systems to support all institutional activities (teaching, learning, research, etc.)
-
Projects. The institution should have in place procedures to guide information systems ‘project’ work whether the projects are exploratory pilots or full-scale implementations. For exploratory projects the key to effectiveness will be to ensure that the institution has mechanisms in place to ‘learn’ from the experimentation (e.g. to ensure that successful pilots are effectively disseminated and that the lessons learned from unsuccessful pilots are discussed in a ‘blame-free’ environment). For full-scale implementation projects there is a need to identify appropriate project management methodologies to help reduce the risk associated with these projects
-
Service Delivery. The institution should have in place procedures to ensure the effective and efficient management of its service delivery. This should involve taking a holistic and user-centred approach, viewing the services from the user’s perspective and incorporating their perceptions and input into the planning and control process.