The successful management and governance of any organisation is dependent upon having the right people with the right skills and expertise in the right positions.This is particularly true for HE institutions where the discovery and transmission of knowledge is the organisation’s purpose and where much of that knowledge is tacit and undocumented.
In relation to the management and governance of information systems the institution must satisfy itself that:
- There are sufficient staff numbers to support and progress the institution’s information and IT strategies.
- The staff have the requisite skills to maintain and process the strategies.
- The staff are adequately recompensed. In relation to remuneration, UCISA has conducted a staff survey (most recently in 2004) which can provide information on staff salaries and turnover rates as a benchmark for institutions.
The institution must also ensure that there is alignment between its information systems and the skills and capacity of the staff, students and other stakeholders who use the systems. This alignment can be maintained by conducting a periodic Training Needs Analysis and then addressing identified skills deficits by formal staff development and student training programs. Many institutions now ensure that all graduates have a minimum level of competency in IT either by embedding assessment within the academic curriculum or by verifying competence through a general ‘IT Skills’ test.
Clearly the management of the institution’s information technology will be a key component of an effective approach to the management and governance of information systems. From a governance perspective the institution will want to ensure that the infrastructure is of sufficient capacity and quality to support the Information Strategy and that the institution’s IT and the information contained therein is secure. To assist institutions in planning system security UCISA have produced an Information Security Toolkit, which can be found at URL: http://www.ucisa.ac.uk/ist/ . It is worth noting that several respondents to the survey, conducted as part of this project, indicated that they employed external companies to assess the robustness of their security policies.
The issues surrounding the financing of information systems and evaluating the value for money obtained from investment can appear intractable. Within HE, spending on IT has grown disproportionately in the last 15-20 years but it is often difficult to draw a direct relationship between investment and outcomes, as most IT spend is embedded within other processes. Nevertheless, institutions will want assurance that their investment in IT is efficient and effective.
The first key component of this assurance will be the budgeting and allocation process. The institution should identify the cost of implementing its Information Strategy and ensure that appropriate funding is allocated to those tasked with implementing the strategy. While this is a straightforward concept, in practice several factors militate against the alignment of budget and strategy:
- Many institutions have devolved responsibility to academic units for certain elements of IT expenditure, making it difficult to identify total spend across the institution and making the implementation of the strategy more complex. The advantages of devolved responsibility may come at the price of less efficient investment unless the devolved responsibility is governed by a framework (e.g. procurement regulations, purchasing agreements with favoured suppliers, etc.)
- Strategies are, by definition, medium to long term vision documents and should not be ‘static’ documents. Consequently identifying the ‘cost’ of the strategy with any degree of accuracy may only be possible as components of the strategy are translated into implementation plans and service definitions. This emphasises the need to ensure that the strategy is updated regularly and informed by detailed financial estimates as they are developed.
- The long-term nature of a strategy is at odds with the short-term (i.e. annual) budgeting regimes employed by most HEIs. To resolve this discrepancy institutions must either develop longer-term funding streams (particularly in relation to major capital investments) or accept that the timescales within which the strategy is implemented may vary depending on the availability of funds from year to year.
At an operational level the institution can ensure that the funding is spent efficiently (i.e. that the total cost of ownership is kept as low as possible) by managing the procurement process. Whether or not the institution has dedicated purchasing staff, the management of procurement should include some or all of the following:
- involvement in relevant purchasing consortia
- adoption of best practice (such as that detailed by the PROC-HE purchasing body )
- Relationships with favoured suppliers, translating into favourable purchasing agreements.
- Policies covering the procurement of IT within the institution.
The effectiveness of IT investment is rather more difficult to ascertain than its efficiency. Managers and governors will wish to ascertain whether an investment in information and/or IT has produced the optimal value for money. To ascertain this, the institution must investigate:
- The potential options for investment
- The cost of each option
- The benefit to be accrued from each option.
- The risk associated with each.
The institution should then draw a comparison of the benefits, costs and risks of each option.
JISC has funded the development of guidance covering a number of these issues.
- A Guide to Investing in Software and Services contains guidance for senior managers on identifying potential solutions and the types of issues that should be considered when appraising options.
- The Insight Framework for the Cost/Benefit Analysis of E-learning describes a framework for conducting evaluations of the relative costs and benefits of competing options or pilots. This includes techniques to address the issue of comparing quantitative and qualitative information.
- JISC Infonet has developed an Infokit which describes a detailed approach to managing risk in relation to information systems and IT.