Organisations adopt a variety of structures to support their information and IT activities. While there is no ‘correct’ structure, whatever structure is adopted must be appropriate to support the strategy, physical environment and culture of the institution and will often also reflect the expertise and interests of key personnel.
That said, it is informative to consider trends in the organisation of information systems management within HE. Over 90% of institutional IT Directors now also manage the institution’s MIS function.
Increasingly a number of institutions are also consolidating audio-visual and media services, libraries and telecommunications (or some combination thereof) under a single directorship, creating positions analogous to the ‘CIO’ (Chief Information Officer) in large commercial organisations.
The survey conducted as part of this project showed that the degree to which responsibility for information systems is devolved to academic departments will vary, depending on the type of system and the culture of the institution. The table below details the survey responses and illustrates that while certain functions are centrally maintained in most institutions (e.g. adding components such as new servers to the institution’s network infrastructure) other functions (e.g. implementing subject-specific software) are more commonly devolved.
< Diagram goes here>
29% of institutions responding to the survey indicated that they had a policy in place which detailed ’the rights and responsibilities associated with devolved IT provision (i.e. supported by academic units rather than a central IT unit’, while another 22% were developing a policy.
As new information systems emerge and as IT becomes increasingly ubiquitous and embedded, the functions that are required to support information systems will evolve. The emergence of learning technologies and specialist staff to support these is a recent example of such an evolution.
These functions can then be translated into suitable structures, recognising institutional strengths and culture, the strengths of key individuals and the relative costs, benefits and risks associated with different options.
Given the ubiquity of IT and information systems within HEI, policies and procedures are essential in order to manage the relationships between users, systems, support staff and management.
Policies
There are a number of issues where it is important that the institution sets its policy and then ensures that all users have been informed of their rights and responsibilities in relation to that policy. These will include;
- Acceptable Use Policy
- Information security policy
- Freedom of Information compliance
- Data Protection compliance
- Compliance with accessibility legislation
For each of the above policies, the institution should define a plan (to be revisited periodically) to ensure that the policy is put into practice. This may include some or all of the following steps:
- Developing, documenting and agreeing the policy
- Effectively disseminating that policy to all relevant individuals (e.g. staff and/or students). This may involve distribution of documents, maintaining websites, running training courses, etc.
- If appropriate, acknowledgment of the policy by the user (e.g. the signing of an acceptable use policy, attending a training course).
- Embedding the policy in other policies and procedures (e.g. acceptable use policy within student regulations and employment contracts).
- Monitoring of compliance of the policy, either by identifying all breaches or by sample checking.
- Reporting breaches of the policy.
- Taking appropriate actions (e.g. action against the transgressor, changes to the policy, etc.)
Procedures
In addition to policies the institution should also have documented procedures covering its more critical information systems and IT components. The most important of these will be the Disaster Recovery / Business Continuity Plan and in particular the documents or sections relating to information systems and IT.
UCISA have developed a guide to business continuity planning and JISC Infonet hosts a useful case study on City University’s recovery from a fire in 2001.
The critical issues that senior managers and governors may wish to focus on are:
- Has the institution defined its approach to risk (i.e. what are the consequences of systems failure? What level of risk is acceptable? How much will the institution have to spend to reduce its exposure to risk?)
- Has a comprehensive Disaster Recovery/Business Continuity plan been developed?
- How frequently is the plan updated (e.g. is it updated each time there is a major addition to the infrastructure or change to an information system)?
- How frequently is the plan tested, in whole or in part?
In the context of this toolkit, ‘decision-making’ refers to strategic decision-making i.e. decisions of a magnitude that warrant consideration by the Institution’s Information Strategy Steering Committee. At that level the effectiveness of decision-making is dependent upon ensuring that the correct individuals are empowered to make the decision and that they are presented with appropriate information in a clear and concise manner by the Business Unit and IT staff making the proposal.
92% of survey respondents indicated that ‘major project proposals are subject to a structured review and approval process’. However, only 62% used ‘a structured approach to the development and evaluation of business cases’ and only 66% conducted post-implementation reviews of projects against their stated objectives. It would appear that many institutions have not yet ‘squared the circle’ and implemented routine evaluation of projects after the investment has been made.
Setting the Agenda
In the first instance, the institution will want assurance that all relevant, potential solutions are being presented to the Information Strategy Steering Committee.
Assessing the completeness of the information being presented will be primarily dependent on the expertise of the Information Strategy Steering Committee - emphasising the need to have at least some members who have in-depth expertise in Information systems and IT and who have a governance rather than a managerial relationship to the institution’s IT/IS departments.
Additionally, JISC have developed a ‘Guide to Investing and Software and IT Services’ which contains a summary of the types of issues that senior mangers should consider when faced with evaluating a range of potential solutions.
Templates for Proposals
As proposals for investment may originate from a variety of sources in the institution, the use of standard templates and guidelines can help insure that the all relevant information is included and that some degree of consistency is achieved.
JISC Infonet, as part of their Project Management Infokit, has produced a ‘Business Case Assessment Form’, which could be utilised as a template by institutions. JISC Infonet also developed an Infokit which describes a detailed approach to managing risk in relation to information systems and IT.
Evaluation
It is important that information system investments are not only evaluated on the basis of costs but also in relation to the benefit that can be derived. However comparing quantitative cost information with information on benefits (which may be subjective and/or qualitative) can be problematic. To address this problem JISC funded a framework for comparing the costs and benefits of ICT investments.This framework was developed to deal with e-learning investments but can be applied to any form of ICT investment.