The first key governance issue relates to the development of an Information Strategy and an IT Strategy to support the institution’s vision and institutional strategy.
As information systems and IT become increasingly ubiquitous in all aspects of HE activity (teaching and learning, research, administration, etc.) it is necessary to take a coordinated, institution-wide approach not only to the acquisition of IT but also to the current and future information requirements of the institution and how these can be best supported. This focus on information rather than technology will become even more important in the future if, as many commentators predict, IT can increasingly be treated like a commodity or utility.
In the survey of over 100 UK HEIs conducted as part of this project, institutions were asked about their attitude to Information and IT strategies. The table below summarises their responses:
| Response |
Information Strategy(%) |
IT Strategy (%) |
| Actively Used |
25 |
46 |
| Used, but not consistently |
23 |
18 |
| Developed but not actively used |
17 |
10 |
| Under Developed |
25 |
18 |
| Not Required/Relevant/Don't Know |
10 |
8 |
From this survey it can be seen that IT strategies tend to be more actively used in institutions than information strategies, perhaps reflecting the fact that the concept of institution-wide planning of information, and the attendant need for strategies, still has some way to go before it can be considered fully understood and embedded. However over 30% of institutions either do not have an IT strategy or do not use it actively. Where information and IT strategies are not in place to coordinate and inform activities there is a significantly higher risk that the institution will not be:
- aligning its information systems activities with institutional goals
- achieving value for money from its investments
- managing its information resources effectively
- managing the risk associated with failures in its information systems.
To address these risks institutions should:
- Develop an Information Strategy and have it approved by the Senior Executive Group
- Link the Information Strategy to the Institutional Strategy and ensure that the Information Strategy supports the institutional objectives.
- Ensure that the Information Strategy is reviewed and updated periodically.
- Develop an IT Strategy which supports the Information Strategy.
- Seek approval for the IT Strategy from the Information Strategy Steering Committee
- Ensure that the IT Strategy is reviewed and updated periodically (e.g. annually).
- Ensure that the Information Strategy and IT Strategy are linked, through the development and approval process, to other relevant strategies (e.g. the Teaching and Learning Strategy, the e-Learning Strategy, the Estates Strategy, etc.)
Institutions should also ensure that their strategies, once in place, are comprehensive. It is not uncommon for information and IT strategies to reflect only certain aspects of the institution’s information systems. Consequently, it may be worthwhile to identify the major information systems within the institution and to review the information strategy to ascertain whether each of the information systems is covered within the strategies’ scope.
The purpose of information systems and IT governance is to ensure that information systems activity within an HEI is aligned to the strategy. This alignment will be achieved by ensuring that responsibility for implementation of the strategy is clearly delegated by the governors; that all major activity is approved in the context of the strategy and that progress on implementing the strategy is reported back to the governing body.
The cornerstone of this governance structure is the formation of a committee overseeing the Information Strategy and the activities that are governed by it. The survey conducted as part of this project indicates that, unsurprisingly, this type of committee exists under a number of different names within institutions. For the purposes of this document this committee is referred to as the Information Strategy Steering Committee.
This group should represent all relevant stakeholders in the institution’s information and IT. This should normally include:
- Senior management
- Academic and administrative staff representatives, reflecting the diversity of skill levels from across the institution from expert users to those who, as yet, have had little involvement in IS and IT
- Student representative
- Lay member(s) of the Institutional Governing Body with experience in information systems or information strategy.
The scope and remit of the committee should be carefully considered to ensure that all significant investments in IT and information systems across the institution are presented to this committee for approval in the context of the institution’s information and IT strategies.
As well as approving investments in IT and information the remit of the committee may include
- Allocation and approval of IT and information systems budgets.
- Prioritisation of investments.
- Long-term investment planning.
- Approval of service levels.
- Progress and completion reports on projects and investments.
- Periodic reports from major service areas.
A member of the Senior Executive Group of the institution should sit on the Information Strategy Steering Committee to ensure that the former group is fully briefed on the work of the latter.
In addition to ensuring that its information and IT activities are aligned to strategy the institution should consider the means by which it assures its governors and other stakeholders that this is the case.
Possible strategies for assurance include:
- Periodic reports on implementation of the strategy from the Information Strategy Steering Committee to the Senior Executive Group and the Institutional Governing Body.
- Review of management structures, policies, procedures and investments related to IT and information systems by the institution’s internal audit function. If the Internal Audit function does not possess suitable skills the function could be contracted out to consultants.
- External review of the management of information and information systems by external bodies (e.g. external auditors, peer review by other institutions, etc.)
- nvolvement of IT and information staff in sector support bodies (e.g. JISC, UCISA, SCONUL, etc.)