The Relationships Between IT Flexibility, IT-Business Strategic Alignment and...IJMIT JOURNAL
Similaire à Ahlan, ajayi, hussin 2013 - role of governance, ethics and integrity in managing information technology resources muslim practitioner’ (20)
2. to the sustenance of IT products, resources and services.
IT Governance thus, concentrates on performing and
transforming IT to meet present and future demands of the
business process (internal focus) and business customers
(external focus). Some definitions of IT Governance are
hereby reviewed and tabulated in Table. I.
TABLE I IT GOVERNANCE DEFINITIONS
Author ITG Definition Key Concepts
[7] Specifying the decision
rights and accountability
framework to encourage
desirable behavior in
using IT
1. Cost-effective use of IT
2. Effective use of IT for asset
utilisation
3. Effective use of IT for growth
4. Effective use of IT for business
flexibility
[3] IT Governance is the
organizational capacity
exercised by the Board,
executive management
and IT management to
control the formulation
and implementation of IT
strategy and in this, way
ensures the fusion of
business and IT.
1. Enterprise Governance of IT:
the strong management of IT as
part of Corporate Governance,
the responsibility of the board
of directors, business
management, and IT
management to a merger
between business and IT.
2. Strategic Alignment: aligning
business strategy, IT strategy,
business processes and IT
processes so that the objectives
of the IT organisation support
optimal utilisation
3. Value Creation: realising
business value from IT-enabled
business investments [8]
[9] The strategic alignment
of IT with the business
such as that maximum
business value is
achieved through the
development and
maintenance of effective
IT control and
accountability,
performance management
and risk management.
ITG is seen as evolving to be part
of the Corporate Governance. This
is the ways companies are directed
and managed in a bid to monitor
risk, meet set objectives and
achieve an optimised performance.
More especially when the concept
of Strategic Information System
Planning (utilisation of
information technology as a source
of competitive advantage, and as a
means of enabling and directing
strategic moves of an organisation)
is adhered to [10].
[1] It is the responsibility of
the board of directors and
executive management. It
is an integral part of
enterprise governance
and consists of the
leadership and
organisational structures
and processes that ensure
that the organisation’s IT
sustain and extend the
organisation’s strategies
and objectives.
1. It is the alignment of IT with
the enterprise and realisation
of the promised benefits.
2. The use of IT to enable the
enterprise by exploiting
opportunities and maximising
benefits.
3. The responsible use of IT
resources.
4. The appropriate management
of IT-related risks [1].
Concluding from these definitions, IT governance
could be said to be the apprehension expected to be
experienced when exercising the rights of decision or
policy-making, a function embedded in the corporate
governance of an organisation, and the plan coupled with
the will to carry out such on the structures, processes and
interraction while executing organisations’ goals.
Thus for this study, adopting an operational definition
from all that has been enumerated ITG could be seen as:
The control exercised by the board of directors and
managements in the formulation of right decisions,
establishment of structures and processes to enable
strategic alignment of IT with the business thereby
ensuring that the organisation's IT sustain and
extend its strategies and objectives in aiming for
optimum values.
C. THE NEED FOR IT GOVERNANCE
Nicholas Carr (2003) reasoning that IT should not
matter to us anymore sent jittery to all stakeholders of IT
[11]. More so, those that are until then watching the tide,
given the early decade project failures, had a readymade
excuse to withhold interest in investing in IT. In fact, the
strategy of Carr is well suited to their excuse as he
suggested in his book [12]:
1. Spend less,
2. Follow, don’t lead,
3. Invest only when risks are low and
4. Focus on vulnerabilities rather than opportunities.
Though there have been reactions to this outburst,
however, the report of the Standish-Group on IT projects
failures [13] leave much to be desired of IT investments,
and it is no doubt a call for concern. For an organisation
to be able to invest in IT, it must be ready to jealously
guide its investments so that the business/IT alignment
dream can become a reality. The fact is that today’s
companies, governments, and nonprofit organisations are
recognising that to be successful; they need to be
conversant with and use modern project management
techniques [14].
Given this reality, we believed in our operational
definition that organisation could avoid a situation of
investing where it does not matter to the goal of the
business. IT and business stakeholders has to work
together to convince other stakeholders about the viability
of the IT options for the organisation to justify IT
spending. So when such investment is made then its
governance has to be really a priority: this is the essence
of those best practices that is learnt from the field of IT.
Thus, the governance of IT investments and its resources
has been a very crucial thing all organisations strive to
achieve leverage on. The success or otherwise in a given
organisation is a function of its readiness to adopt the IT
desirable behaviours [7] or dispositions.
D. ETHICS AND INTEGRITY
The word ethic is defined in Macmillan [15] to imply
a set of principles people use to decide what is right and
what is wrong. It is the study of the principles of correct
and incorrect or a general principle or belief affecting the
way they behave. Integrity, on the other hand, is seen as
being; the quality of always behaving in accordance to the
moral principle; a quality of being complete in good
condition and without any damages or mistakes [15].
Thus bringing this to the mundane life of using IT
3. resources, it implies that when things are done in an
ethical way what result is integrity.
Islam is a complete way of life, denoting peace and
tranquility with oneself, the environment in which one
lives and with Allah, the Creator. It advocates that a
Muslim does his things in the right way and within the
limit of excellent reasoning so that a pleasant result can
ensue thereafter. Good reason termed as Maslahah was
explored by Abdul Roni, and Tarmidi [16] in explaining
ITG concept in the context of Islam. Islam is considered a
comprehensive religion and is considered to be one with
major ethical systems [17]. Just like the code of ethics in
professional societies like Institute of Electrical and
Electronics Engineers (IEEE), Association for Computing
Machinery (ACM) brings to the attention of users of
computer resources and facilities the idea that behaviour
is at the core of the reputation of the computer profession
[17] so do Islamic tenets propagates ethics.
The work of Al-A'ali [17] is explicit in terms of
comparing the ACM, IEEE codes on ethics and the
Islamic tenets of ethics. For the Muslims; ethics have
been a prequisite in Islam because it is a way of doing
things the correct way. In fact, Muslims consider doing
things the accurate way; first and always as an act of
worship, as doing it the other way leads to tumult and
consequently an act of sin. The following hadith of the
prophet is pregnant with meanings as he was reported to
have said:
Your Lord loves that when you do something, no
matter how small, it may be; you should do it
perfectly [18]
III. BACKGROUND TO STUDY
The case study here is a public university in Malaysia.
This is a university that has a significant usage of IT
resources given that it has student population of over
20,000 and a workforce of no less than 6000: academic
and non-academic staff. Interviewing an IT stakeholder in
the university revealed that there is a long way to go in
terms of bringing the reality between best practices and
what is adopted by the members of the university
community. What makes the case to be of interest is the
fact that, being a citadel of knowledge (where knowledge
and good virtue spring to the outside world).
IV. METHODOLOGY
In a bid to gain a perspective on the subject matter of
this study, an exploration of previous study on ITG was
made. The issue of ethical dispositions as it affects the use
of IT was also explored, and an empirical data was
collected via qualitative design. This is obtained using
Interview sessions sorted with an insider IT Practitioner in
the IT function of a university which was granted.
Interview was adopted with a view that:
Interview is a quicker way of learning about what
is been observed in an organisation to understand
their day-to-day tasks…There is no hard-and-fast
rule for how many people you need to interview. It
will partly depend on the available time to collect,
transcribe and analyse the available data [19]
It with the view of knowing what is obtainable that
informed the choice of going for the interview. The
researchers were posed to correlate what is known with
what is actually obtainable in real-life. The effort is like a
case of justifying theory with practice.
V. RESULT AND FINDINGS
A. THE NEED FOR CLEAR ROLES &
RESPONSIBILITIES
The case organisation is an entity that strives to be
model for others to emulate. Given this notion, it is
expected that all members of the community must be
prepared to go the extra miles in showcasing the models
they are made of to the entire world. Getting this done has
not been an easy thing and from investigation, it is
revealing that the community is miles away from the
reality of attaining such a model that others would
emulate. This may not be far from the fact that a lot has to
be done in terms in ensuring that all hands is on the deck
in the journey to success.
To this extent, what is obtainable is that the
community struggles to make end meet in creating a niche
for itself in many facets of life. This is so because a lot of
things lay unattended to within the confine of the
community. No doubt the management of the community
is working around the clock.
Learning from experiences, benchmarking practices
and other practices of Information Systems is the fact that
there is a need to have process owners who are to be held
responsible for processes. Such people will be placed on a
key performance indicator of measuring how the process
is doing its function towards a yield on the overall
mission and vision of the community. This in place will
be in tandem with the exposition of the prophetic
statement:
Each one of you is a shepherd. And each of you
will be asked about your flock. A ruler is a
shepherd, and he will be asked about his flock...
And every woman is the custodian of her
husband’s house and his children... [18]
So with this concept in mind; the leadership is
expected to take the lead by ensuring that not a single
process, no matter how seemingly insignificant, is left
unattended to. Thus, a clear role of responsibilities will tie
every single member of the community to protecting all
infrastructures, for example, to ensure optimal use. When
this is done a lot can be saved and there will be less
damage. Imagine if there is a process owner on the waste
disposal; then there will less expenses on maintenance,
and a healthier life to leave; alternatively, if there is
someone reporting on damage to water pipes or
irresponsible usage of electricity, a lot could be safe.
Stories abound of nations like Japan, which is a state
modeled along the western secularism, but yet their
disposition in regard to some habits cannot but be
described as Islamic.
4. Muslims, of whom Allah alludes to as, the best model
ever evolved for the human race needs to be responsible;
they cannot afford to be wasteful of any opportunity in
their care; not only, in thought but also in deeds:
...eat of their fruits when they are ripening, but pay
due thereof on the day of its harvest, and waste not
by extravagance. Verily, He likes not those who
waste. Q6:141
…walatubathir tabtheeran: but squander not (your
wealth) in the manner of a spendthrift. Surah Al-
Isra: 26
During the interview with the IT practitioner1
, on
ways to control wastage, the response was:
The management must endeavour to take someone
responsible for every business process before
investment in the IT system. A lot, example
abounds. In any system like this, mostly what is
required is full participation of all stakeholders so
that.
1. We can assign responsibilities.
2. We must have a clear policy on what threshold
of the system.
3. What the system is to be used for, etc.
If there is lack of some of these perquisites, there is
expected to be some in-effective use of the
technology. Thus, we cannot blame the technology.
Learning from the foregoing, for Muslims to achieve
the essence of the IT investment, there must be genuine
efforts on the usage of IT resources for optimum
purposes. To get favourable usage level, we have to avoid
wastages: come up with clear roles and responsibilities for
all members of the community on one hand and given
authority as a way of taking someone responsible to, on
the other hand, cannot be over-emphasised. Muslims must
make policies, get the buy-in for those policies and
establish proper control to see that those policies are
adhered to. Put up sanctions for defaulters and measure
performance.
B. NEED FOR EFFECTIVE IT ORGANISATION
To ensure that all resources, inclusive of the IT will be
optimally utilised to enable the stride to a model to be
looked up to, expositions from, the authentic Naz
2
of
1
Interview granted by the Director, of IT function in the
case organisation, thereafter refers to as the Practitioner
2
This refers to the text of the Qur’an and the Hadith or
Sunnah of the prophet which serve as a guide in the life of
the Muslim. The understanding of these two sources both
in their textual and contextual meaning really makes one
to appreciate the universality of the Deen. This is so to the
extent that all other good theories or ways of life have
recourse back to it. However, the revealing things is that
while non-Muslims by the day come to appreciates this
sources, the Muslims themselves, are yet to be reawaken
to their tasks of Viceroy as ordained by Allah. There is a
need for a Renaissance.
Qur’an and Hadith as well as from IT, best practices on
effectiveness of organisations have to be put into practice.
This has to do with the formidability of the IT structure
and the communication between all stakeholders of the
business and IT in the organisation. To this end, a close
investigation into the IT functions of the case organisation
reveals there are lots of rooms for improvements if
desired vision and mission is to be achievable.
Allah draws on the need to have a formidable structure
in all things we are embarking on thus in Surah Tawbah:
109:
Is it then who laid the foundation of his building
on piety to Allah and His Good pleasure better, or
he who laid it on the brink of an undetermined
precipice ready to crumble down…?
More so is the exposition of the prophet who said:
Your Lord, loves that when a servant of His does
something, (no matter how little such a thing might
be) he should attain perfection in it” [18].
This is the essence of IT best practices: the needs to
strengthen the structure of the organisation’s IT in the bid
to come up with governed resources, which eventually
will lead to a successful infusion of IT with the Business
and thus lead to an overall aim of appropriate leverage
[3,7,20]. If these above expositions are to be adhered to,
then the onus is on Muslim Ummah to ensure they utilise
the pervasiveness of IT to evolve a model organisation.
C. IMPACT OF WEAK STRUCTURE
The situation at present is yet to depict Muslims are
ready to showcase being the Khayrun Ummah (Best
Community). This is because what is available at present,
in the case organisation, from the Practitioner’s
perspective, depicts that the structure is not as strong as it
should be. Alternatively, how is a situation where there is
no central Learning System that cut across all facets be
categorised in a university. Whereby user from one
faculty is oblivion of the information sharing repository of
other faculties in today’s world where knowledge is
interdisciplinary. Ditto is for some big system in the
community, which is yet to be on an enterprise-wide
integration in order to afford sharing of knowledge and
information. This according to the practitioner; We learn
better on the pages of the book than in practical use.
These scenarios are not far away from the fact that
wherever the structure of governance is not strong, the
centre will not hold, and only functional interest will be
overshadowing the overall interest. This is the case with
the governance of the IT resources of the case
organisation. These dispostions are pointers to the
following identifiable features:
1. Ineffective decision making: Policies, rules and
regulations are painstakingly brought up but
without the necessary buy-ins of all stakeholders.
Such will be ineffective.
2. Lack of accountability or responsibility: imagine
that all IT infrastructural resource of the
5. community is under a central entity, whose
headship is taken to account on the basis that he
as the process owner has to liaise with all other
stakeholders in the community to ensure adequate
and formidable usage of all this resource. Imagine
the impact of this on organisation integrity in a
federal archetype of control [20].
3. Wastage of funds due to inefficiency/bad
planning: in organisation where there is an
ineffective structure in place; where one can only
barks but cannot bite, then optimal usage of
resources will be a very difficult thing to come
by. This is because such a situation will not only
lead to inefficiency but will also result in bad
planning or not planning at all.
These have lead to a situation in the case organisation
as it is faced with the realities of:
1. Standalone systems
2. Inadequate information sharing
3. Lack of enterprise integration
4. Duplication of efforts
5. Increased overall budget
VI. DOING THINGS THE RIGHT WAY
A. IT FRAMEWORKS AND BEST PRACTICES
The best practices learnt from different models, and
techniques are meant to correct the wrongs within
organisations. When these are imbibed, what should be
expected is to [16]. What such a situation could only bring
into fore is the fruition of all effort's whence good usage,
and optimisation becomes the order of the day. Such
practices are no doubt akin to the IS field but in general
some of these can be as good for the entire organisation.
In IS/IT, there are several standards, frameworks or
models that when properly adapted to the community will
afford a real step ahead with“do it right first and at all
times” which will ensure the preservation of the public
interest; the essence of Islamic concept of Maslahah the
usage of IT resources in leveraging the organisation that is
implementing it. Such practices like Balanced Scorecard
of IT (BSC IT) [21], Control objectives for Information
and Related Technology (CobiT), Val IT [22],
Information Security Management System (ISMS),
Information Technology Infrastructure Library (ITIL)
[20] are but few of those frameworks that form the basis
of governance.
For instance, the goal of Val IT, a complementary
initiative to CobiT, is to help management ensure that
organisations realise the optimal value from IT-enabled
business investments at an affordable cost with a known
and acceptable level of risk [22]. On ISMS, hearing from
the practitioner will give its lucid importance:
We have implemented partially ITIL; we have
implemented partially CobiT, okay, but we need to
continue the full cycle. Another tool…another
framework we plan to opt for is the Information
Security Management System (ISMS). ISMS is
something that is evolving because we see that the
next approach which is helpful in terms of
improving the overall performance, and
management is a risk-based management system;
and ISMS is basically a risk-based management
system…
What is interesting is that most of the contents of these
models are in tandem with the spirit of the Islamic tenets.
Who is more entitled to uphold such than the Muslims?
Upholding these practices lead to the integrity of
employees and the services, therefore providing a great
deal for others to follow. However, when this is not in
place then the order of the day is unpredictable.
The practitioner has this to add:
For example…part of ethics and part of integrity,
is for you to be able to fully deliver...to execute
your responsibility to meet...the user...or the
society’s needs. Okay so if they need...this facility
done, as the one entrusted with the role to do it,
then you have to deliver it. So that is integrity, if
you are able to do that, then you, yeah, you can
execute your responsibility. But now, what
happens is we wanted to do it, of course the users
would not know why we could not deliver.
B. ISLAMIC PERSPECTIVES
It is only when processes are stable that learning on
how to improve the state of affairs is ensured, and this
gives birth to come up with an optimal model given the
support from the Kitab (the Qur’an and Hadith). This is an
added advantage since while engaging in these practices
Muslims can evolve optimum ways of management that is
not all capitalists in nature, but that will take the interest
of all members into considerations. When this is achieved,
its result can then be shared with the society at large, thus
attaining the deserved title of Khayrun Ummah.
That is why I said you may be pious but when your
Iman it just for yourself, even though you work in a
Muslim organisation you subscribe to that values
but the practice is not there. At times, we need to
have frameworks and control to implement the
philosophy….In the West, people talk about green
computing, energy conservation; it is on the
philosophy and they invest into technology to make
the use of technology more efficient, they recycle
things. This is why I think they have better success
story compared to us. So even though we are just
talking about ethics and governance, it has a far
reaching implication, (and) the only thing I
thought is because in IT or in IS we have some of
these established frameworks at our disposal if we
really want to explore them. This is just within the
domain of IT but to fully implement it you cannot
just implement on the IT organisation, it has to be
overall organisation. So at least we talk, we share
the concerns, okay, and I hope you can share these
6. concerns with your friends…so that other can
read, because there are some best practices in IT
which actually is not just for IT, it is for other
things
VII. CONCLUSION
The essence of knowledge is to share and get others
informed to the extent that they are availed of that
opportunities and drinks from the fountain of being an
informed one and not beguile as an ignorant. This is true
for all knowledge, as it is the essence of the Hadith of the
prophet who said: “Wisdom, is a lost treasure of a
believer, wherever he finds it, he’s entitled to it…” [18].
Thus, the Muslim Ummah cannot accept the option of
being at the back; even history recalls that what the
forerunners as Muslims contributed to the body of
knowledge cannot be over-emphasised. It is noteworthy,
that these forerunners were known for not propounding
their models or thoughts but demonstrated and
encouraged adoption of such. The present-day situation of
the Muslims is still far from this reality. Muslims are yet
to harness lessons learnt to their advantage so that proper
leveraging of resources can be attained. This may not be
far from the fact that they are rarely prepared to change
patterns of doing things and perhaps, ironically; that is a
better way to protect interests.
Organisations, irrespective of faith, that have chosen
to learn from experience: practicing what they profess;
they are known to perform better. In such organisation,
processes are stable and predictable, thus success can be
managed to the extent that set goals in vision and mission
are attained in no far future. The case organisation, in this
study needs to see learning from the ethics and integrity
tenets as being enshrined in the Islamic spirit to posit
itself as an exemplary model. It can get this done faster by
looking inward into the best practices and frameworks
entrenched in the IT field by viewing IT more as a partner
rather than as a commodity.
VIII. IMPLICATIONS OF STUDY
The implication of this study to the Muslim world is
that just like the principles of governance is clearly
enshrined in IT so is the dictates of ethics, and integrity in
islam. The two are tools in the hand of the Muslim
ummah to use for the evolution and sustainance of best
practices which is continuosly improved upon. For them it
is a case of taking the leadership role. This study
generally portends that there is need to marry ethics with
the best practises so that the essence and quest for value
on IT investment would be achieved.
ACKNOWLEDGEMENT
Binyamin would like to appreciate the immense
contribution of Assoc Prof Dr Abdul Rahman Ahlan
towards the success of this study. Furthermore, the
attention and affection enjoyed from Assoc Prof Dr
Husnayati Hussin, is highly appreciated. More so, is the
support provided by Lagos State Scholarship Board,
Lagos in the award of a Year Foreign Scholarship for this
post-graduate study. Lastly, is my appreciation of Dr
Musa Yusuf Owoyemi for his wonderful contribution
while editing this work.
REFERENCES
[1] IT Governance Institute. (2003). Board Briefing on IT Governance.
Rolling Meadows, IL 60008 USA: ITGI.
[2] Venkatraman, N. (1999). Valuing the IS contributions to Business.
Computer Sciences Corporation.
[3] Van Grembergen, W. et al. (2004). Structures, Processes and
Relational Mechanisms for IT Governance. In W. Van
Grembergen, Strategies for Information Technology Governance
(pp. 1-36). Hershey: Idea Group Publishing.
[4] Simonssons M., et al. (2010). The Effect of IT Governance
Maturity on IT Governance Performance. Information Systems
Management, 10-24.
[5] Engeldinger, E. A. (2005). Technology Infrastructure and
Information Literacy. Library Philosophy and Practice, 1(1), 1–6.
[6] Security Awareness, Inc. (2001). What Are “Information and
Technology Resources”? Retrieved June 6, 2011, from S.T.A.R.T:
http://www.nd.gov/itd/security/start/intro4.htm
[7] Weill, P. & Ross, J. W. (2004). IT Governance-How Top
Performers Manage IT Decision Rights for Superior Results.
Boston: Havard Business School Press.
[8] UAMS-ITAG. (2010). Information Technology Alignment and
Governance Research Institute. Retrieved November 3, 2010, from
ITAG Research Institute:
http://translate.google.com.my/translate?hl=en&sl=nl&tl=en&u=ht
tp%3A%2F%2Fwww.antwerpmanagementschool.be%2Fken
[9] Webb, et al. (2006). Attempting to Define IT Governance: Wisdom
or Folly? Proceedings of the 39th Hawaii International Conference
on System Sciences (pp. 1-10). Hawaii: IEEE.
[10] Galliers, R. D. (1991). Strategic information systems planning:
myths, reality and guidelines for successful implementation.
European Journal of Information Systems, 55-64.
[11] Bannister, F. & Remenyi, D. (2005). Why IT Continues to Matter:
Reflection on the Strategic Value of IT. Electronic Journal
Information Systems Evaluation, 8 (3), 159-168.
[12] Carr, N. (2004). Does IT Matter? Information Technology and the
Corrosion of Competitive Advantage. Havard, MA: Havard
Business School Press.
[13] Johnson-Standish Group. (2009, April 23). New Standish Report .
Retrieved September 26, 2010, from The Standish Group:
http://www1.standishgroup.com/newsroom/chaos_2009.php
[14] Schwalbe, K. (2007). Information technology project management.
Boston: Thomson Course Technology.
[15] Macmillan. (2007). Egnlish Dictionary for Advanced Learners
(2nd Edition ed.). Between Towns Road: Macmillan Education.
[16] Abdul Roni, R., & Tarmidi @ Tokhid, M. (2012). The Application
of Maslahah Concept in Information Technology Governance. 3rd
International Conference on Business and Economic Research (3rd
ICBER) Proceeding (pp. 2451-2465). Bandung, Indonesia: IBIMA.
[17] Al-A'ali, M. (2008). Computer ethics for the computer professional
from an Islamic point of view. Journal of Information,
Communication & Ethics in Society , 6 (1), 28-45.
[18] Khan, D. M. (1994). Summarized Sahih Al-Bukhari. In M. A.-B.
Ismail, Sahih Al-Bukhari (p. 1079). Riyadh: Mataba Dar-us-Salam.
[19] Travers, M. (2001). Qualitative Research Through Case Studies.
(D. Silverman, Ed.) London: SAGE Publications.
[20] De Haes, S., & Van Grembergen, W. (2004). IT Governance and
Its Mechanisms. Information Systems Audit and Control Journal ,
I, 1-7.
[21] Van Grembergen, W., & De Haes, S. (2009). The IT Balanced
Scorecard as a Framework for Enterprise Governance of IT. In W.
Grembergen, Enterprise Governance of Information Technology
(pp. 111-136). Springer Science + Business Media.
[22] ITGI. (2006). Building the Business Case for COBIT® and Val
IT™: Executive Briefing. Rolling Meadows, IL 60008 USA: IT
Governance Institute.