An IT Governance Framework for Universities in
Spain
Antonio Fernández1 and Faraón Llorens2
1
Dpto. Lenguajes y Computación, Universidad de Almería, Crta. Sacramento s/n La Cañada de San
Urbano, 04120 Almería Spain, afm@ual.es - 2 Dpto. Ciencia de la Computación e Inteligencia
Artificial, Universidad de Alicante, Apartado de correos 99, 03080 Alicante Spain,
Faraon.Llorrens@ua.es
Keywords
IT Governance, framework, principles, objectives, ISO 38500, ITG4U, Higher Education, universities.
1.
EXECUTIVE SUMMARY
1.1. Background
This paper starts with a general introduction to the concept of IT Governance, including some of the
most important references to previous works in this relatively new field. Among these references,
the one proposed by ITGI (2005) regarding the COBIT framework is particularly noteworthy. This
proposal also describes the IT Governance framework designed by JISC (2007) for Universities in the
United Kingdom, which is particularly interesting for us as it is geared towards universities. Finally,
the main characteristics of the ISO/IEC 38500:2008 international standard regarding “Corporate
Governance of Information Technology” are presented.
1.2. Alternatives
Using these previous experiences as a starting point, Fernandez (2008) developed a Universityoriented IT Governance Framework (ITG4U) for the Spanish Association of University Rectors (CRUE
in Spanish), published in December 2008, which is based on the JISC model and describes the
principles and characteristics of the new international standard ISO 38500 (2008).
The ITG4U is divided into three levels: the upper level contains the 6 ISO 38500 principles; the
middle level includes seventeen IT objectives and their relationship with each of the ISO principles;
the lower level consists of three types of metrics (maturity indicators, qualitative evidence
indicators and quantitative evidence indicators) that will be used to measure whether IT objectives
have been fulfilled. The paper also presents the features of CRUE’s framework and the results from
its validation process.
In order to simplify the implementation of the ITG4U framework in each university, several tools are
to be developed: a web application with the questionnaire that supports the auto-evaluation process
about IT Governance maturity and a system for automatic result analysis, a maturity model
definition (similar to COBIT´s), the creation of a good practices guide to support the design of
improvement initiatives, and the publication of an annual study interpreting the status of IT
Governance within the global context of the Spanish Higher Education System (SUE).
1.3. Conclusions
The ITG4U Framework proposed by CRUE will be very useful in designing improvement actions that
may be implemented in each university in order to reach a higher IT governance maturity level. The
Spanish Higher Education System will have common tools to provide information in order to compare
universities and to help design global improvement actions. On the other hand, as long as the model
is reasonably general, other European universities will be able to use it without having to make
significant changes. At least, it will provide a good reference and the experience gained through its
implementation may be taken into account in the design of their own IT governance frameworks.
2.
IT GOVERNANCE IN HIGHER EDUCATION (HE)
2.1. Definition of IT Governance
According to ISO/IEC 38500 (2008) “Corporate Governance of IT is the system by which the current
and future use of IT is directed and controlled. Corporate governance of IT involves evaluating and
directing the use of IT to support the organisation and monitoring this use to achieve plans. It
includes the strategy and policies for using IT within an organisation”.
Other interesting definitions: IT Governance Institute (2003), “IT governance is the responsibility of
the board of directors and executive management. It is an integral part of enterprise governance
and consists of the leadership and organisational structures and processes that ensure that the
organisation’s IT sustains and extends the organisation’s strategies and objectives”; for Weill &
Woodham (2002), “IT governance is specifying the decision rights and accountability framework to
encourage desirable behaviour in the use of IT “; for Van Grembergen (2000), “IT governance is the
organisational capacity exercised by the board, executive management and IT management to
control the formulation and implementation of IT strategy and in this way ensure the fusion of
business and IT “.
All of the definitions quoted above are different but they also coincide in some fundamental aspects:
•
IT governance is the responsibility of the board of directors and executive management
•
The main objective of IT governance is to align business strategy and IT strategy
•
IT governance includes strategies, policies, responsibilities, structures and processes for
using IT within an organisation.
•
There is a clear difference between IT governance and IT management
•
IT governance is an integral part of corporate governance
2.2. IT Governance Frameworks
For Weill & Woodham (2002), Peterson (2004) and Van Grembergen et al. (2004), IT Governance may
be implemented by using a mixture of structures, processes and relational mechanisms. Each of
these elements is fundamental for the successful implementation of an IT Governance framework in
an organisation:
•
Structures include the organisation and assignment of the IT functions to specific people or
departments, the existence of clearly defined roles and responsibilities and the creation of a
series of committees related to IT planning and operation.
•
Processes refer to strategic decision making, the strategic planning of IT systems, the
management of services and monitoring, control and process definition tools (COBIT, ITIL, IT
BSC, etc.).
•
Lastly, relational mechanisms are established in order to support the relationship that
should exist between IT and the business. These mechanisms include: the active
participation of corporate executives and IT management, strategic dialogue, training,
exchange of experiences and knowledge and communication throughout the organisation.
A specific combination of these elements is called an IT Governance Framework.
Several frameworks have been designed by distinguished researchers, including: Peterson (2004),
Weill & Ross (2004), Van Grembergen et al. (2004), Nolan & McFarlan (2005) and Dahlberg & Kivijarvi
(2006).
Some of these theoretical proposals have been implemented in the form of a toolkit used to set up
IT Governance models in organisations. The Framework by Calde-Moir (Calde-Moir, 2008) is worth
mentioning, but the most widely used is COBIT (ITGI, 2007). ITGI developed COBIT based on its own
IT Governance framework (Figure 1).
Figure 1. ITGI IT Governance Framework
However, the publication of the ISO/IEC 38500 (2008) international standard will provide a reference
against which these frameworks may be adapted.
The purpose of the ISO/IEC 38500 standard is to promote the effective, efficient, and acceptable use
of IT in all organisations by:
•
assuring stakeholders (including consumers, shareholders, and employees) that, if the
standard is followed, they can have confidence in the organisation’s corporate governance of
IT;
•
informing and guiding directors in governing the use of IT in their organisation; and
•
providing a basis for objective evaluation of the corporate governance of IT.
This standard sets out six principles for a good corporate governance of IT:
1. Responsibility. Individuals and groups within the organisation understand and accept their
responsibilities with respect to both the supply of, and demand for IT. Those with
responsibility for undertaking actions also have the authority to perform those actions.
2. Strategy. The organisation’s business strategy takes into account the current and future IT
capabilities; the strategic plans for IT satisfy the current and ongoing needs of the
organisation’s business strategy.
3. Acquisition. IT acquisitions are made for valid reasons, based on an appropriate and ongoing
analysis, with clear and transparent decision making. There is a suitable balance between
benefits, opportunities, costs, and risks, in both the short and long term.
4. Performance. IT is fit for purpose in supporting the organisation, providing the services, and
the appropriate levels and quality of service necessary to meet current and future business
requirements.
5. Conformance. IT complies with all mandatory legislation and regulations. Policies and
practices are clearly defined, implemented and enforced.
6. Human Behaviour. IT policies, practices and decisions demonstrate respect for Human
Behaviour, including the current and evolving needs of all the ‘people in the process’.
The principles express the preferred behaviour to guide decision making. The statement of each
principle refers to what should happen, but does not prescribe how, when or by whom the principles
would be implemented – as these aspects are dependent on the nature of the organisation
implementing the principles. Directors should ensure that these principles are applied.
Directors should govern IT through three main tasks:
•
Evaluating the current and future use of IT.
•
Directing the preparation and implementation of plans and policies to ensure that the use of
IT is aligned with the business objectives.
•
Monitoring the conformance to policies, and performance against the plans.
Figure 2 shows the evaluate-direct-monitor cycle model of IT Governance.
Figure 2. Model for Corporate Governance of IT from
ISO 38500 (2008)
2.3. Current situation of IT Governance in HE
These IT Governance frameworks are implemented in an organisation in order to improve the
management of technology in function with business needs.
According to a recent study by the IT Governance Institute (ITGI, 2008), around 50% of organisations
have already implemented (18%) or are in the process of implementing (34%) IT governance systems.
This same study has calculated an average global value of IT governance maturity of 2.67 (on a scale
that ranges from 0 to 5) of those organisations that have an IT Governance framework in place.
Figure 3 illustrates a significant positive evolution in the IT Governance Maturity level in recent
years.
Figure 3. IT Governance Maturity Level Evolution from ITGI (2008)
However, the universities have not yet reached this level of maturity (Figure 4). Yanosky &
Borrenson (2008) establish that the average maturity value of universities on a global level is 2.30,
although the analysis conducted by Llorens & Fernández (2008) reveals that the average maturity
level of Spanish universities is 1.44 (on a scale of up to 5).
Figure 4. IT Governance Maturity Level in Higher Education from Yanosky and Borrenson (2008)
60%
50%
40%
30%
20%
10%
0%
0
1
2
3
4
5
Spain
3%
56%
35%
6%
0%
0%
World
1,8%
28,8%
29,7%
23,7%
10,5%
5,7%
Maturity Level
One of the main reasons why the IT governance systems are being implemented and maturing at a
slower rate in universities may be the lack of own frameworks in the university environment. Coen &
Kelly (2007) recognised that guidelines for IT governance would need to meet the specific needs of
higher education institutions. Higher Education Institutions (HEIs) are driven by a complex set of
cultural and motivational factors, arising from their status as non-profit organisations, which directly
affect their management and governance. Many of the principles underlying the development of IT
governance frameworks in the commercial sector may be equally valid for higher education
institutions (for example ensuring clear decision-making structures and approaches to risk
assessment). However, others (such as specific types of performance measurement, particularly
profit-related financial performance measures) are not as directly applicable.
For Weill & Ross (2004) “a frustration facing not-for-profit executives is that many of the
management frameworks and measures are designed for profit-seeking organisations where the
performance measures of profit, shareholder value and corporate citizenship are clear. … leaders of
not-for profit organisations need a different management framework to help strategise and
govern…”
On an international level, there are numerous universities that have implemented IT Governance
within their campuses: some have used COBIT to implement it, for example South Louisiana
Community College (Council, 2006); others have designed their own IT governance models based on
literature, for example the University of California (2008) which includes elements from an IT
Governance model in its IT Strategic Plan; Pretorius (2006) has designed a more practical and less
academic model for the University of Pretoria; Ridley (2006) has proposed an IT Governance model
based on Weill & Ross (2004) for the University of Guelph; and the University of Calgary (2007) has
implemented and excellent model.
The first initiative in the design of an IT Governance model which provides a reference for the whole
university system was that undertaken by the Joint Information Systems Committee (JISC) for
universities in the United Kingdom. This committee designed a reference model (JISC, 2007a) and a
toolkit (JISC, 2007b) for the self-evaluation of IT Governance maturity, which has become a starting
point in helping universities in the process of identifying and defining the IT role within the planning
and governance of their organisation. This framework was designed to be highly flexible and able to
be used by different types of university: large or small, old or modern and to take into account the
different cultures which prevail in the institutional governing of universities.
The JISC reference model for IT Governance is based on 5 perspectives: governance, management,
resources, organisation and services (Figure 5). The position of services in the centre of the diagram
indicates the orientation of the framework towards a centralisation of services. The services offered
by the institutional information systems use the resources and are organised according to the
organisational structure and the processes that are implemented therein. The diagram reflects that
the services, resources and organisation are the principal components of information systems
management. The governance activities are positioned above and overlap with management and are
largely concerned with ensuring that management is effective and that the activities are aligned
with the institutional priorities.
3.
IT GOVERNANCE FRAMEWORK FOR UNIVERSITIES (ITG4U)
Using these previous experiences as a starting point, Fernandez (2008) developed a Universityoriented IT Governance Framework (ITG4U) for the Spanish Association of University Rectors (CRUE
in Spanish), published in December 2008, which is based on the JISC model and describes the
principles and characteristics of the new international standard ISO 38500 (2008).
The ITG4U framework is divided into three levels (Figure 6): the upper level contains the 6 ISO 38500
principles; the middle level includes seventeen IT objectives and their relationship with each of the
ISO principles; the lower level consists of three types of metrics (maturity indicators, qualitative
evidence indicators and quantitative evidence indicators) that will be used to measure whether IT
objectives have been fulfilled.
3.1. IT Goals
The 17 goals which have been designed (Table 1) have become the objectives of reference which the
university must reach to be able to carry out an adequate IT Governance.
The development of the IT goals is based on those found in the most significant frameworks and
studies. This circumstance may be confirmed in the mapping reflected in Table 2.
Figure 5. IT Governance Framework from JISC (2007a)
Figure 6. IT Governance Framework for Universities (ITG4U)
ISO 38500
ISO PRINCIPES
Responsibility
1
2
Strategy
3
4
5
Acquisition
6
7
8
Conformance
9
10
11
Performance
12
13
14
Human
Behaviour
15
16
17
IT GOALS
1
2
IT INDICATORS
16
17
Table 1. IT Goals for ITG4U framework
1 Have a very clear idea of the vision and IT strategy for the whole university.
2 Align the IT strategy and the institutional strategy (business strategy).
3 Reach IT objectives using an integral IT governance system.
4 Have a decision making structure aligned with the IT strategy.
5 Provide high level IT policies and procedures which comply with external laws and
regulations and support international standards.
6 Make IT decisions that are correctly reasoned and effective.
7 Know and achieve the return value on IT investment.
8 IT projects must achieve the planned goals.
9 Define an IT architecture that will include process definition and system integration.
10 Acquire the necessary technology to fulfil the requirements of the institution.
11 Guarantee that the established ITs are working according to plan.
12 IT-based services must meet the level required by the users.
13 Know and manage IT associated risks.
14 Ensure that IT systems are flexible and agile in responding to future changes.
15 Have adequate and sufficiently trained staff who can govern IT efficiently.
16 Incorporate respect for people and social and environmental values within the IT strategy.
17 Exchange IT experiences with other organisations and with society as a whole.
Table 2. IT Goals mapping several frameworks
C
UK
COBIT
JISC (United Kingdom)
WR
Weill y Ros s
Calder-Moir
CM
E
ECA R (EDUCA USE)
V an Grembergen
V
CRUE Res earc hers
R
IT Goals from ITG4U
E
V
UK
C
1 Hav e a v ery c lear idea of the v ision and I T strateg y for the whole univ ersity .
E
CM
UK
C
2 Alig n the I T strateg y and the institutional strateg y (business strateg y ).
E
CM
WR
UK
C
3 Reac h I T objec tiv es using an integ ral I T g ov ernanc e sy stem.
CM
WR
UK
C
4 Hav e a dec ision making
CM
WR
UK
C
5 Prov ide hig h lev el I T polic ies and proc edures whic h c omply with ex ternal laws and reg ulations and
WR
UK
C
6 Make I T dec isions that are c orrec tly reasoned and effec tiv e.
V
V
CM
E
struc ture alig ned with the I T strateg y .
support international standards.
E
V
E
CM
WR
UK
C
7 Know and ac hiev e the return v alue on I T inv estment.
V
E
CM
WR
UK
C
8 I T projec ts must ac hiev e the planned g oals.
V
E
CM
WR
C
9 Define an I T arc hitec ture that will inc lude proc ess definition and sy stem integ ration.
V
E
CM
WR
V
V
E
CM
UK
C
10 Ac quire the nec essary tec hnolog y to fulfil the requirements of the institution.
UK
C
UK
C
11 Guarantee that the established I Ts are working ac c ording to plan.
12 I T based serv ic es must meet the lev el required by the users.
V
CM
C
13 Know and manag e I T assoc iated risks.
V
CM
C
14 Ensure that I T sy stems are flex ible and ag ile in responding to future c hang es.
C
15 Hav e adequate and suffic iently trained staff who c an g ov ern I T effic iently .
V
E
CM
UK
R
16 I nc orporate respec t for people and soc ial and env ironmental v alues within the I T strateg y .
R
17 Exchange IT experiences with other organisations and with societyas a whole
Once the 17 objectives had been defined, two validation processes were carried out in which around
50% of the IT Managers of the HEIs participated:
•
Validation of the IT Goals, the results of this process are summarised in Table 3. The ain of
this exercise was to establish whether the proposed IT objectives were considered to be
important by the interviewees and whether any objectives had been overlooked.
•
Validation of the relation between the IT goals and each of the ISO principles. This
exercise seeks to establish which goals are important for each principle and to discover
whether any objective related with a specific principle has been overlooked.
Table 3. Validation of the IT Goals
IT GOAL
1
4
2
7
5
15
6
10
8
3
11
12
9
13
14
17
16
TOTAL AVERAGE
52
52
52
52
52
52
52
52
52
52
52
52
52
52
52
52
52
4,63
4,31
4,42
4,15
4,15
4,54
4,1
4,1
4,31
3,71
4,13
4,29
4,04
4
3,83
3,87
3,63
T.D.
0,72
0,61
0,87
0,87
0,85
0,75
0,82
0,85
0,76
0,80
0,97
0,94
0,89
0,77
1,04
0,89
1,07
TOTAL
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
AVERAGE
4,70
4,63
4,60
4,48
4,45
4,45
4,15
4,15
4,13
4,10
4,08
4,05
4,00
3,98
3,53
3,48
3,40
T.D.
1,82
1,81
1,81
1,77
1,81
1,79
1,74
1,68
1,68
1,77
1,63
1,77
1,66
1,65
1,56
1,51
1,59
Will be present for being strongly supported by users
Will be present due to a certain level of supoirt from users but
are also backed by researchers
The results of the validation process broadly confirmed the IT objectives of the ITG4U and only
revealed slight modifications which were applied immediately.
3.2. Indicators
In order to measure their level of maturity, a set of indicators for each IT goal are established which
are made up of three types of indicator (Figure 7):
•
Maturity indicator of IT goals is a qualitative indicator (with a value of between 0 and 5)
which defines the maturity of each of the IT goals in relation to a descriptive checklist
included in the Maturity Model.
•
Qualitative Evidence Indicators; a set of qualitative indicators is associated to each IT goal
and their value (between 0 and 5) should define the maturity of the IT objective to which
they belong. There are between 5 and 10 qualitative indicators for each IT objective
depending on the objective in question (Table 3). These indicators include questions related
to the elements of IT governance, for example, “Does the university have sufficient
financing to be able to implement the IT strategy?” or “Is the IT strategy updated
periodically?”
•
Quantitative Evidence Indicators; a set of quantitative indicators is associated to each IT
objective which together with the qualitative indicators help to ascertain the maturity of
the IT objective to which they belong. For example, a quantitative indicator related to the
qualitative indicators mentioned above would be “IT investment budget = 3 million euros”,
“Percentage of IT investment in relation to global investment budget = 5%” “How often are
IT strategies reviewed? = every 3 years”, etc. the number of quantitative indicators for each
IT objective is around 5, but this may vary depending on the objective.
Figure 7. Set of indicators for each IT Goal
IT GOAL N
MATURITY
INDICATOR
QUALITATIVE
EVIDENCE INDICATORS
QUANTITATIVE
EVIDENCE INDICATORS
Table 3. Qualitative evidence indicators for IT Goal 1
IT Goal 1: Have a very clear idea of the vision and IT strategy for the whole university.
UK
Has responsibility for overseeing the implementation of the IT Strategy been assigned to an IT Strategy
Steering Committee?
UK
Does the IT Strategy Steering Committee represent all relevant stakeholders in IT and information
systems?
UK
Does the institution have a documented IT strategy (or equivalent)?
E
Are the strategic priorities of IT clearly defined?
CM
Are the strategies and operational priorities which appear in the University Institutional Strategic Plan
clearly shown in the IT Strategic Plan, with no ambiguity, masking or loopholes?
UK
Has this strategy been approved by the Senior Executive group and the Institutional Governing Body?
UK
Are these strategies periodically updated?
UK
Are all the institution’s information systems covered by the IT strategy?
E
Does the IT strategic plan focus only on central initiatives and activities or does it include activities which
involve the University as a whole?
E
Does the IT strategic plan include a procedure to measure the level of achievement of every IT goal?
CM
Is there a defined procedure through which the management can transfer the foundations of our IT
strategic plan to the rest of the organisation?
UK From JISC (United Kingdom)
E From EDUCAUSE
CM From Calder-Moir Framework
3.3. ITG4U Toolkits
Besides the ITG4U framework, a series of toolkits has been designed which will facilitate the
implementation of the framework in each university (Figure 8).
Figure 8. Set of toolkits
ITG4U Framework
TOOLKITS
MATURITY MODEL
SELF-ASSESSMENT
TOOLKIT
GOOD PRACTICES
GUIDANCE
BENCHMARK ANALYSIS
kTI
3.4. Maturity Model
Our aim is to operate with a maturity model similar to that of COBIT (with values between 0 and 5)
in such a way that, when carrying out the self assessment process, each university will have to
determine the status of each of the seventeen IT goals within this model (Figure 9).
Figure 9. Maturity Model Levels
Initial /
ad hoc
Nonexistent
0
Current
status
university
Repeatable
/ intuitive
1
of
the
HEI average
Target value of the university
2
Defined
Managed/
processes Measurable Optimised
3
4
5
0 –the university does not have a defined IT objective, it is not aware of the need
for one
1 – Objective established, but with disorganised and ad hoc processes
2 – Objective immature, the processes follow a regular pattern
3 - Objective begins to mature, documented and communicated processes
4 - Objective reasonably mature, the processes are monitored and measured
5 – Optimum level of objective, based on good practices
In order for the response to be uniform, we will produce 17 tables which will describe the different
maturity levels for each of the seventeen IT goals suggested.
3.5. Self-Assessment Toolkit
A self assessment tool will be designed in such a way that, for each of the seventeen IT goals, there
will be a series of questions (that include all the indicators), whose answers will indicate whether
the characteristic elements of each of the maturity levels have been fulfilled.
The suggested question will include almost all of those present in the JISC self-assessment toolkit.
3.6. Benchmark Analysis
As the Universities carry out their self-assessment processes, they will be sending information to a
central system which will be in charge of analysing this information and determining the average
level of each IT goal for the HEI, along with other results of interest for IT managers.
CRUE will analyse the results obtained and will publish an annual report which will help the
universities to understand the global maturity of the HEI and carry out benchmarking processes.
3.7. Good Practice Guidance
Once the self assessment has been completed, each IT manager will have to plan their own
improvement actions. To facilitate this planning, we will offer a guide containing a collection of
good practices relating to each of the IT goals. These guides will be similar to those offered by JISC
(2007b) in its toolkit.
4.
CONCLUSIONS
The ITG4U Framework proposed by CRUE will be very useful in establishing improvement actions that
may be implemented in each university to achieve a higher IT governance maturity level.
CRUE is promoting the implementation of the ITG4U in Spanish universities. The first universities to
implement this IT governance model will do so in the second semester of 2009.
Van Grembergen & De Haes (2008) propose the following steps when implementing an IT governance
system in an organisation: training the IT managers in IT Governance, analysing and understanding
the initial situation of IT Governance (self-assessment) and designing a plan for implementing IT
governance in the organisation.
The Spanish Higher Education System will now have common tools to provide information in order to
compare universities and to help design global improvement actions. On the other hand, as long as
the model is reasonably general, other European universities will be able to use it without having to
make significant changes. At least it will provide a good reference and the experience gained
through its implementation may be taken into account in the design of their IT governance
frameworks.
5.
REFERENCES
Calder-Moir (2008). Calder-Moir IT Governance Framework. it Governance, from:
www.itgovernance.co.uk/calder_moir.aspx
Coen, M. & Kelly, U. (2007), Information Management and Governance in UK Higher Education
Institutions - Bringing IT in from the cold. Perspectives: Policy and Practice in Higher Education, 11
(1). pp. 7-11, from:
http://eprints.cdlr.strath.ac.uk/3104/01/CoenKelly_bringing_IT_in_from_the_cold.pdf
Council, C. L. (2006). Implementing COBIT in Higher Education: Practices that work best.
Information Systems Control Journal. ISACA, from: www.isaca.org
Dahlberg, T. & Kivijarvi, H. (2006). An Integrated Framework for IT Governance and the
Development and Validation of an Assessment Instrument. Proceedings of the 39th Hawaii
International Conference on System Sciences. IEEE Computer Society.
Fernández, A. (2008). Modelo de Gobierno de las TI para las universidades españolas. Seminario
Gobierno de las TI en las Universidades Españolas. Sectorial TIC de la CRUE. Universidad Politécnica
de Madrid, from: www.upm.es/eventos/gobiernoTI-SUE
ISO 38500 (2008). ISO/IEC 38500:2008 Corporate Governance of Information Technology. ISO/IEC.
2008, from: www.iso.org
ITGI (2003). Board Briefing on IT Governance, 2nd Edition. IT Governance Institute, 2003, from:
www.itgi.org/template_ITGI.cfm?template=/ContentManagement/ContentDisplay.cfm&ContentID=3
3303
ITGI (2007). CobiT 4.1. Rolling Meadows, IL: IT Governance Institute, 2007, from: www.itgi.org
ITGI (2008). IT Governance Global Status Report. IT Governance Institute, 2008, from: www.itgi.org
JISC (2007a). A Framework for Information Systems Management and Governance. Joint Information
Systems Committee (JISC), from: www.ismg.ac.uk/Portals/18/Governance%20Framework.pdf
JISC (2007b). A Framework for Information Systems Management and Governance: Self-Assessment
Toolkit.
Joint
Information
Systems
Committee
(JISC),
from:
www.ismg.ac.uk/Portals/18/Governance%20Toolkit.pdf
Llorens, F. & Fernández, A. (2008). Conclusiones del Taller de Gobierno de las TI en las
universidades. Seminario Gobierno de las TI en las Universidades Españolas. Sectorial TIC de la
CRUE. Universidad Politécnica de Madrid. 2008, from: www.upm.es/eventos/gobiernoTI-SUE
Nolan, R. & McFarlan, F. W. (2005). Information Technology and the Board of Directors. Harvard
Business Review. October
Peterson, R. (2004). Integration Strategies and Tactics for Information Technology Governance in
Strategies for Information Technology Governance, Idea Group, London, 37-80.
Petrorius, J. (2006). A Structured Methodology for Developing IT Strategy. Proceedings of the
Conference on Information Technology in Tertiary Education. Pretoria.
Ridley, M. (2006). Information Technology (IT) Governance. A position paper.
University of Calgary (2007). IT Governance
www.ucalgary.ca/pmo/itgovernance/model
Model.
University
of
Calgary,
from:
University of California (2008). Strategic Information Technology Plan, 2008-2009. University of
California, Berkeley, from: http://technology.berkeley.edu/planning/strategic/
Van Grembergen, W. (2000). The balanced scorecard and IT governance. Information Systems
Control Journal, 2.
Van Grembergen, W., De Haes, S. & Guldentops, E. (2004). Structures, Processes and Relational
Mechanisms for IT Governance in Strategies for Information Technology Governance. Idea Group,
London, 1-36.
Van Grembergen, W. & De Haes, S. (2008). Implementing Information Technology Governance.
Models, Practices and Cases. IGI Publishing.
Weill, P. & Ross, J.W. (2004), IT Governance: How Top Performers Manage IT Decision Rights for
Superior Results. Harvard Business School Press. 2004
Weill, P. & Woodham, R. (2002), Don’t just lead, govern: Implementing effective IT governance.
(CISR WP Nº 326). Cambridge, MA: MIT Sloan School of Management.
Yanosky, R. & Borreson, J. (2008), Process and Politics: IT Governance in Higher Education. ECAR
Key Findings. EDUCASE, 2008, from: http://net.educause.edu/ir/library/pdf/ekf/EKF0805.pdf