What news from the Information Systems domain?
Claudio Giovanni Demartini – Dipartimento di Automatica e Informatica - DAUIN
My courses at Politecnico are “Information Systems” and “Innovation Management & ICT Product Development,” both held at the Industrial Engineering & Management School, Master Courses.
Furthermore, being still today Head of the Computer Engineering Department, I take the opportunity to express my contribution to the internal debate on this field recently opened on social platforms.
Premise
Said according to Gartner vision: “It’s 2017,..”(October). Whether you are a manufacturing enterprise, a transit company, a university, a high school, “… or a LED light expert, today’s business success lies in offering digital services that make the life of customers easier and their daily activities more convenient. … Companies thrive on the happiness of their customers. And now that customer happiness is mainly created by the right service, product or information at the right time, you need devices, technologies, and ideas to make that happen. And there you have it: your intelligent digital mesh….”. The Latter is the combination of people, devices, content, and services that Gartner has assembled, sustaining that the future is in the hands of digital businesses that enable that mesh by blurring the borders between real and virtual life (Fig. 1).
Figure 1 - The three axes of Gartner vision: intelligence, digital transformation, and mesh.
Moving from those statements a recommendation has been proposed on an “enterprise architecture” whose governance should be able to:
A Short Story on IT Governance
At the dawn of the modern computing era, large mainframe computers and telecommunications networks, together with their terminals, caused a centralization of computer systems in terms of hardware, software and human resources: databases, and information specialists were in fact gathered at the corporate level of any organization.
The second stage of the evolution introduced minicomputers and microcomputers pushing a downsizing trend, which carried out decentralization, a process experienced by many business firms. Information systems architecture were then based on distributed client-server networks, which were put in place at the corporate, units and team levels. A shift of databases and information specialists took place towards departments or information centers built to support workgroup and end-user computing.
Emerging Trends in Organizations Governance
Today, the third stage in this short story, a trend to establish a more centralized control again is overgrowing to shape a best-organized management of the IT resources for any organization, while still serving the needs of their business strategies and objectives including their e-business and e-commerce channels.
By looking at most of those organizations, the mentioned trend led to the development of hybrid structures maintaining both, centralized and decentralized, frameworks.
IT governance is becoming more and more relevant as current trends show, spanning from social to industrial domains, and is mostly considered as a discipline belonging to corporate governance, dealing with information technologies, information systems, their performance, use, and, of course, also the associated risks they imply.
The rising interest in IT governance is also due, at least in part, to governmental compliance requirements introduced by national/international laws, as happened with Sarbanes-Oxley in the United States, the “Public Company Accounting Reform, and Investor Protection Act,” and its similar framework in Europe, Basel II.
Additional motivation comes from the awareness that Information is essential for any organization, regardless its market sector, size, and sales, as it can be created, retained, used, disclosed and destroyed, and technology plays a vital role in all of these actions.
Furthermore, the awareness that IT projects can quickly get out of control and profoundly affect organization’s performance is another powerful impulse.
A pervasive theme of IT governance debate is that IT capability can no longer be shaped as a mysterious black box, whose content is understood only by computer science or engineering field experts to which management functions must be delegated due to limited technical experience of stakeholders and the complexity of IT as traditionally perceived.
All this caused vital decisions have often been deferred to IT professionals, ignoring the fact that IT governance implies a system in which all stakeholders at any level, including the board, internal customers, and related areas such as finance, marketing, and communication, have the necessary input to shape the correct decision-making process. This solution can help, on one side, preventing a single area (IT) from being blamed for wrong decisions and, on the other, avoid users later complaining in case the system should not behave or perform as expected.
IT governance focuses IT-related matters in contemporary organizations and ensures that strategic IT decisions are owned by the corporate board, overcoming the limits due to deferring only to CIO or other IT managers any choice in this field. Among primary goals for information technology governance there is assuring that organizational investments in IT and IS generate their maximum business value mitigating risks associated with IT.
Hence, IT is now seen not only as an enabler but as a possible asset that can be leveraged to develop alternative business models, grow revenue streams and outperform competitors. As a result, many organizations are bringing IT to the strategy development and planning tables (Fig. 2).
Figure 2 - IT Service and its components
Formalized Frameworks for IT Governance
COBIT (Control Objectives for Information and related Technology) can be a well-stated reference on the subject; in fact, it is a framework of best practices for IT management created by the Information Systems Audit and Control Association (ISACA).
It provides all members of the organization with a set of generally accepted indicators, processes, and best practices, which all together can help them maximize the benefits derived through the use of IT and in developing appropriate IT governance and control structures within the organization, whatever it may be.
More specifically, though in continuous evolution, COBIT started with 34 high-level processes covering 210 control objectives categorized in four domains: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring.
Managers benefit from COBIT because it helps drive IT-related decisions and investments. Decision making is more useful because it helps management define a strategic IT plan, information architecture, acquire the necessary IT hardware and software to execute an IT strategy, ensure continuous service, and monitor the performance of the IT system.
On the other side, IT users benefit from COBIT because of the assurance provided by defined controls, security, and process governance. COBIT also benefits auditors because it helps them identify IT control issues within a company's IT infrastructure, Fig. 3 illustrates the relationships between the four domains in COBIT and categorizes both the high-level processes and control objectives associated with them referring, in particular, to COBIT 4.1. Indeed, a brief picture of a more recent framework drawn in COBIT 5 is also given regarding basic principles stating the role of a single integrated framework for the Organization IT Governance.
Figure 3 - COBIT 4.1 main concepts and architecture
The principles stated in the COBIT 5 framework benefit all organizations, regardless of size, geography or industry and are described by the following five keys:
1. Meeting stakeholder needs—It is critical to define and link enterprise/organizations goals and IT-related goals to best support stakeholder needs.
2. Covering the enterprise end to end—Companies/organizations must shift from IT management accounted as a cost, to management which considers IT as an asset, and business managers must take on the accountability for governing and managing IT-related holdings within their functions.
3. Applying a single integrated framework—Using a single, unified governance framework can help organizations deliver optimum value from their IT assets and resources.
4. Enabling a holistic approach—Governance of enterprise IT (GEIT) requires a comprehensive plan that takes into account many components, also known as enablers, which influence whether something will work: seven facilitators are available for improving GEIT, including principles, policies, frameworks, processes, culture, information and people.
5. Separating governance from management— Governance processes ensure goals and are achieved by evaluating stakeholder needs, setting direction through prioritization and decision making; and monitoring performance, compliance, and progress. Based on the results of the governance, business and IT management then can plan, build, run and monitor activities to ensure alignment with objectives and strategies.
Conclusions
Contents exposed in the strategic plan on IT, recently adopted by Polito, establish a coherent framework concerning the scenario depicted above. Even new specific actions addressing research and technology transfer through the support recently given to both the Virtual Reality Lab and the High-Performance Computing Lab follow the same direction.
Nonetheless, I think that a broader awareness of the role of “Information” should be acquired by the governance of this Institution, addressing both the “technological” and “functional” perspectives. For the purpose, I believe that the adoption of a more formalized approach for IT Governance, at the various management levels, can help improve services and organization.
To sustain this view, I only mention that this department is directly involved in the AI National Task Force and hosts one of the world best-known research centers, “NEXA,” on Internet and Society.
Today the gap in this field between research achievements and their application is ever-narrowing, and the strength of having both domains as components of the same institution (a department for research, and the users for apps) make it an invaluable opportunity for competing. Enabling this organization to meet the challenges of a now fast-paced and ever-changing world of research and higher education can be sustained through the appropriate approach towards IT.
Claudio Giovanni Demartini – Dipartimento di Automatica e Informatica - DAUIN
My courses at Politecnico are “Information Systems” and “Innovation Management & ICT Product Development,” both held at the Industrial Engineering & Management School, Master Courses.
Furthermore, being still today Head of the Computer Engineering Department, I take the opportunity to express my contribution to the internal debate on this field recently opened on social platforms.
Premise
Said according to Gartner vision: “It’s 2017,..”(October). Whether you are a manufacturing enterprise, a transit company, a university, a high school, “… or a LED light expert, today’s business success lies in offering digital services that make the life of customers easier and their daily activities more convenient. … Companies thrive on the happiness of their customers. And now that customer happiness is mainly created by the right service, product or information at the right time, you need devices, technologies, and ideas to make that happen. And there you have it: your intelligent digital mesh….”. The Latter is the combination of people, devices, content, and services that Gartner has assembled, sustaining that the future is in the hands of digital businesses that enable that mesh by blurring the borders between real and virtual life (Fig. 1).
Figure 1 - The three axes of Gartner vision: intelligence, digital transformation, and mesh.
Moving from those statements a recommendation has been proposed on an “enterprise architecture” whose governance should be able to:
- “Devise new business scenarios using AI as the enabler for new business designs
- Create a more natural and immersive user experience by deploying, where effective, conversational platforms and virtual, augmented and mixed reality.
- Support Internet of Things (IoT) initiatives by developing and prioritizing targeted, high-value business cases to build digital twins and exploit cloud and edge computing synergistically.
- Adopt a strategic approach to security and risk that continuously adapts based on risk and trust. Do so by communicating requirements to developers”.
A Short Story on IT Governance
At the dawn of the modern computing era, large mainframe computers and telecommunications networks, together with their terminals, caused a centralization of computer systems in terms of hardware, software and human resources: databases, and information specialists were in fact gathered at the corporate level of any organization.
The second stage of the evolution introduced minicomputers and microcomputers pushing a downsizing trend, which carried out decentralization, a process experienced by many business firms. Information systems architecture were then based on distributed client-server networks, which were put in place at the corporate, units and team levels. A shift of databases and information specialists took place towards departments or information centers built to support workgroup and end-user computing.
Emerging Trends in Organizations Governance
Today, the third stage in this short story, a trend to establish a more centralized control again is overgrowing to shape a best-organized management of the IT resources for any organization, while still serving the needs of their business strategies and objectives including their e-business and e-commerce channels.
By looking at most of those organizations, the mentioned trend led to the development of hybrid structures maintaining both, centralized and decentralized, frameworks.
IT governance is becoming more and more relevant as current trends show, spanning from social to industrial domains, and is mostly considered as a discipline belonging to corporate governance, dealing with information technologies, information systems, their performance, use, and, of course, also the associated risks they imply.
The rising interest in IT governance is also due, at least in part, to governmental compliance requirements introduced by national/international laws, as happened with Sarbanes-Oxley in the United States, the “Public Company Accounting Reform, and Investor Protection Act,” and its similar framework in Europe, Basel II.
Additional motivation comes from the awareness that Information is essential for any organization, regardless its market sector, size, and sales, as it can be created, retained, used, disclosed and destroyed, and technology plays a vital role in all of these actions.
Furthermore, the awareness that IT projects can quickly get out of control and profoundly affect organization’s performance is another powerful impulse.
A pervasive theme of IT governance debate is that IT capability can no longer be shaped as a mysterious black box, whose content is understood only by computer science or engineering field experts to which management functions must be delegated due to limited technical experience of stakeholders and the complexity of IT as traditionally perceived.
All this caused vital decisions have often been deferred to IT professionals, ignoring the fact that IT governance implies a system in which all stakeholders at any level, including the board, internal customers, and related areas such as finance, marketing, and communication, have the necessary input to shape the correct decision-making process. This solution can help, on one side, preventing a single area (IT) from being blamed for wrong decisions and, on the other, avoid users later complaining in case the system should not behave or perform as expected.
IT governance focuses IT-related matters in contemporary organizations and ensures that strategic IT decisions are owned by the corporate board, overcoming the limits due to deferring only to CIO or other IT managers any choice in this field. Among primary goals for information technology governance there is assuring that organizational investments in IT and IS generate their maximum business value mitigating risks associated with IT.
Hence, IT is now seen not only as an enabler but as a possible asset that can be leveraged to develop alternative business models, grow revenue streams and outperform competitors. As a result, many organizations are bringing IT to the strategy development and planning tables (Fig. 2).
Figure 2 - IT Service and its components
Formalized Frameworks for IT Governance
COBIT (Control Objectives for Information and related Technology) can be a well-stated reference on the subject; in fact, it is a framework of best practices for IT management created by the Information Systems Audit and Control Association (ISACA).
It provides all members of the organization with a set of generally accepted indicators, processes, and best practices, which all together can help them maximize the benefits derived through the use of IT and in developing appropriate IT governance and control structures within the organization, whatever it may be.
More specifically, though in continuous evolution, COBIT started with 34 high-level processes covering 210 control objectives categorized in four domains: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring.
Managers benefit from COBIT because it helps drive IT-related decisions and investments. Decision making is more useful because it helps management define a strategic IT plan, information architecture, acquire the necessary IT hardware and software to execute an IT strategy, ensure continuous service, and monitor the performance of the IT system.
On the other side, IT users benefit from COBIT because of the assurance provided by defined controls, security, and process governance. COBIT also benefits auditors because it helps them identify IT control issues within a company's IT infrastructure, Fig. 3 illustrates the relationships between the four domains in COBIT and categorizes both the high-level processes and control objectives associated with them referring, in particular, to COBIT 4.1. Indeed, a brief picture of a more recent framework drawn in COBIT 5 is also given regarding basic principles stating the role of a single integrated framework for the Organization IT Governance.
Figure 3 - COBIT 4.1 main concepts and architecture
The principles stated in the COBIT 5 framework benefit all organizations, regardless of size, geography or industry and are described by the following five keys:
1. Meeting stakeholder needs—It is critical to define and link enterprise/organizations goals and IT-related goals to best support stakeholder needs.
2. Covering the enterprise end to end—Companies/organizations must shift from IT management accounted as a cost, to management which considers IT as an asset, and business managers must take on the accountability for governing and managing IT-related holdings within their functions.
3. Applying a single integrated framework—Using a single, unified governance framework can help organizations deliver optimum value from their IT assets and resources.
4. Enabling a holistic approach—Governance of enterprise IT (GEIT) requires a comprehensive plan that takes into account many components, also known as enablers, which influence whether something will work: seven facilitators are available for improving GEIT, including principles, policies, frameworks, processes, culture, information and people.
5. Separating governance from management— Governance processes ensure goals and are achieved by evaluating stakeholder needs, setting direction through prioritization and decision making; and monitoring performance, compliance, and progress. Based on the results of the governance, business and IT management then can plan, build, run and monitor activities to ensure alignment with objectives and strategies.
Conclusions
Contents exposed in the strategic plan on IT, recently adopted by Polito, establish a coherent framework concerning the scenario depicted above. Even new specific actions addressing research and technology transfer through the support recently given to both the Virtual Reality Lab and the High-Performance Computing Lab follow the same direction.
Nonetheless, I think that a broader awareness of the role of “Information” should be acquired by the governance of this Institution, addressing both the “technological” and “functional” perspectives. For the purpose, I believe that the adoption of a more formalized approach for IT Governance, at the various management levels, can help improve services and organization.
To sustain this view, I only mention that this department is directly involved in the AI National Task Force and hosts one of the world best-known research centers, “NEXA,” on Internet and Society.
Today the gap in this field between research achievements and their application is ever-narrowing, and the strength of having both domains as components of the same institution (a department for research, and the users for apps) make it an invaluable opportunity for competing. Enabling this organization to meet the challenges of a now fast-paced and ever-changing world of research and higher education can be sustained through the appropriate approach towards IT.