Very often we confuse the governance of information systems and the computer systems. It is true, the words are neighbours. But they cover very different realities for the information system of a company can’t be identified with its computer system. This fuzziness is the source of confusion. Indeed, the mechanisms used are not the same and the consequences are different. To appreciate this difference is sufficient to recall that in an enterprise computer system costs are about 1 to 2% of revenues while the cost of the information system is about 15 to 30 % of the turnover. We are in a ratio of 1 to 10, more.
As we have seen quite different concepts. When looking at governance can be seen that this translates into the implementation of very different policies. A master plan and a blueprint for information system are two very different types of documents and are based on approaches rather remote. For example, to prepare a master plan can be satisfied with a low participation of business and can be limited to only those members of the steering committee. In contrast, in a master information system trades are at the heart of thinking and we are interested in their strategies more than their technology.
Governance is not IS IT Governance
The objective of IT governance (IT governance) is more effectively manage information technology. It is the application of good practices that have been identified by CobiT. For example, it is necessary to ensure that there is a planning document, projects must follow a development methodology, tests should be performed before the start of production, the performance of servers must be followed, .... This is what every IT professional uses or attempts to enforce.
Note that in CobiT, as in most benchmarks, it details the best practices for the central site but they are much more discreet about distributed computing. This attitude is perfectly justified because once in that time most of the computing was centralized on the mainframe. Today's distributed computing represents more than half of IT spending and if it were based on the available processing power we are in a ratio of 1 to 10 or even 1 to 100 between the central site and all PCs are installed in offices.
The information system includes all activities involved in capturing, storing and processing data required to manage the company. Under these conditions, the governance of information systems (IS Governance) is to control and optimize information systems. It "aims to define what are the main objectives, functions and tasks to power the new position of management information." (). It is therefore necessary "to study and propose new solutions to position this new feature in the architecture of organizational models and in particular to implement dashboards of information systems. As we see it is very close to corporate governance.
In these circumstances especially concerning IT governance and IT users, so that governance of information systems for the whole company and especially the general management. This shows that IT governance is a first approach to governance IS but knowing it only covers part of the area to be under control.
Three different concepts
The concepts of computer and information systems partly overlap. So there are risks of confusion. To avoid them it is necessary to clarify these concepts:
- The centralized computer system. This notion corresponds to the activity of the classical department. Traditionally it works with mainframes and servers involved, mobilizing teams corresponding and all necessary software. All these expenses are included in the IT budget and are generally known to the nearest euro. According to the company and the industry they represent between 1 and 2% of the turnover of the company.
- The computer system at large. This is the IT function. It covers all the central computer systems and those within the various business units. This area corresponds to that of distributed computing. The computer system in the broadest sense is the sum of centralized and decentralized computing. There is now greater processing power and storage capacity locally in Central. Unfortunately we do not always know the decentralized expenditure because they are supported by different units. They represent between 1.5% and 5% of sales companies and in some sectors such as banking, insurance, telecom operators, ... the ratio can reach 8 to 10%.
- Information system. The latter consists of all people and computer resources to ensure the effective operation of functions and business processes. It includes the computer system at large, but also all other employees involved in different functions and using computer systems as well as those that run on mainframes than on local systems. Expenditure information systems account for between 15% and 30% of sales of businesses.
As shown in Figure 1 these three systems of common and therefore overlap to a large extent. They can be represented as concentric circles. As we see the impact of the computer system is very different from the information system. Despite this, very often these concepts are confused and this may result in negative consequences including governance.
Figure 1 - The three systems
The objective of IT governance is to control the computer activity including the operation and study. For example it is necessary to manage projects, set up investment portfolios, to conduct tests before putting the application into production, quality management services, conducting assessments of capacity servers ... These are various good practices known to all professionals, but experience shows that they are not always implemented. IT governance is to implement these different rules.
There are many references referring to various good computing practices such as CobiT, ITIL, ISO 20000, PMBOK, Prince 2, CMMI, Val IT, Risk IT, ISO 27002, ISO 38500, ... As you can see they are numerous and each addresses a particular aspect of governance. If we look at the operation will seek to implement ITIL and project management will seek to implement PMBoK.
CobiT is a compendium of best practices as comprehensive as it covers almost all areas of computing. But there are cases where it is necessary to go further and in this case we take into account more detailed benchmarks like ISO 27002 security, Itil in the field of operation or PMBOK for project management .
As summarized by the ITGI, the Institute of Computer Technology Governance: "Governance of Information Technology Concerning the direction of operations, organizational structures and processes to implement that allow the IT organization to support and develop the strategy and objectives of the organization "(). This definition is clear and it should not be any ambiguity. The IT governance aims to:
- Effectively manage the business of IT,
- Drive the projects,
- Identify and control risks related to computer,
- Turn the computer service company.
It is important that the computer is properly controlled. But is it enough? This approach has any interest but also its limitations. It does not aim to ensure that IT can increase efficiency and performance of information systems. This is another logical and requires different approaches. It is the role of the governance of information systems.
The size of the IS governance
The concern for IS governance is a broader concept that IT governance. To go further it is necessary to consider the use of computers. They must be efficient and effective. For this it is necessary to ensure that information systems implemented by the company function efficiently and contribute to improved profitability. It is the role of the governance of information systems. As seen IS governance is a very different approach to IT governance. The objectives and approach are different.
In "The governance of information systems. Why? "Published in 2010 by the European Club Governance Information Systems () defined the IT governance as follows:
"It’s a set of highly specialized activities, linked to strategic decisions on information systems and taking into account corporate governance (governance of organizations). It must take into account a number decisions on:
- organizational model of information system and its compatibility with the organizational model of the entire organization;
- model definition of management information systems at different levels: operational, tactical and strategic;
- description of methods of planning and architecture of the information system including its objectives, its morphology, function, level of application integration, relations between users and stakeholders;
- design, development, monitoring the process of implementation and performance of information system;
- the definition of forms of organization and operating models to take into account the context of architecture and engineering of information systems. "
The purpose of the governance approach IS is to control the operation effective information systems. They are the heart of the business. It is therefore strategically place them under control so as to make them work effectively. Companies need well-designed systems, and responsive, helping to effectively develop the company's business.
It is possible to make the governance of information systems in different ways but there are always three dimensions in this process:
- Develop information systems on a service strategy. This is the very general theme of strategic alignment. Experience shows that when the strategic applications away from this goal it is likely that it is ineffective. The typical case is that of a company that decides to decentralize management decisions in the various operational units and centralize its computer systems. It can also be reversed. The result of such confusion is known in advance.
- Ensure that information systems actually contribute to creating value for the company. If they can actually increase its revenue or margin it is likely to create added value. For this it is necessary to have a system of effective management control and accounting firm to ensure that the various information systems actually contribute to increasing the amount of value added per employee. Experience shows that it is the most relevant indicator for measuring the ability of the company to increase the wealth it creates.
- Effectively manage investments in information systems. Companies are and will continue to do in the coming years of massive investments in information systems. It is vital to ensure that these operations are managed efficiently and effectively give the expected results. These amounts include expenditures (hardware, software, specific developments, ...) but all costs relating to the involvement of various professions: project management, supervision, training, reorganization, ... Often they are as important as the only spending.
As seen governance of information systems is very different from the governance. The latter is part of the governance of information systems. This is the way to develop a more comprehensive approach to the efficiency of computing and information.
Governance information systems touches on some fundamental business enabling it to achieve its business. The development of information systems should result in a significant increase in the ability to create value. Thus the company is setting up a ecommerce site to see its turnover increase significantly by allowing prospects that it could not touch them to purchase products or services. Similarly, a carmaker that encourages its dealers to provide buyers of services such as car leases, insurance and maintenance in order to increase their revenues and margins.
Conversely it is likely that replacing an accounting package from another package this may have limited impact on the revenue and margin of the company.
To appreciate the implications of the investments it is necessary to assess the impact of different information systems on company performance. They can be of two kinds:
- A significant reduction of production costs of various operations such as placing an order, purchasing operations, the launch of a production, organizing delivery, .... These are the productivity gains. Reducing costs because they increase the margin of the company.
- The bulk of the gains is related to improved efficiency and will result in a significant increase in turnover and margin. The goal is to have more customers, increase loyalty, increase the number of orders and the average amount of each order ... They are different ways to improve business results.
These advances mean improvement of various indicators such as operating margin, ROI (Return On Investment) projects but also the ROE (Return On Equity) overall business, the growth rate turnover and value added created. Finally there is a significant increase in the amount of value added per employee. This is one of the basic mechanisms of development of enterprises and economies more generally.
The importance of good practices on information systems
These gains are achieved through attention to the implementation of a number of general rules. These are good practices related to information systems. They are known and applied by professionals or rather they should be. In contrast to their poor implementation is likely to result from lower efficiency and productivity significantly.
These good practices are many and varied. These are, for example:
- The need to identify clearly the scope of each information system. It may involve a function, a function group or process. This may be the purchasing department, all buyers and suppliers, including those located in different units or the entire procurement process. It is obvious that in these cases the information system will not be the same.
- An effective information system and performance needs to be designed. If it is constituted by an accumulation of more or less integrated applications there is a strong probability that this is a rather inefficient. To avoid this it is necessary to have a designer can imagine at the outset of the project that will be the final system and especially with the know-how to bring the project to completion.
- The importance of processes among the different approaches of information systems can be one of the most effective is made on the basis of the analysis process. It is a profound trend linked to the approach of total quality management, TQM. It is thus possible to monitor the operations of their origin until the end of their treatment. This approach results in the implementation of one or more information systems.
- Each process must be led by a manager and, where appropriate, it is instructed to take adjustment measures. To do this it must monitor the activity of the process and intervene when necessary, should he still has enough power to do so because the various operations comprising the process are supported by the different units that are under the authority of the heads of the various functions involved.
- To each process under control it is necessary to have a scorecard to monitor process activity. We will strive for this purpose to define meaningful indicators and targets to achieve. They describe the volume of transactions processed or stored data, expenses, unit costs, productivity, time, the rate of anomalies, ...
- A process must have a steering committee so that all the different decision makers can work together and influence its operation. It meets several times a year to take stock, to mediate between various possible solutions, decide on changes in computer applications and equipment used, ...
- Tracking abnormalities occurring during treatment. It identifies the most frequent malfunctions and serious. On this basis it is possible to propose measures to correct them. To do this we'll save in a database for all incidents and to monitor action taken.
- It is necessary to establish adequate control mechanisms to ensure that internal control rules are effectively enforced. All input must be controlled. Furthermore it is necessary to verify information that is stored in databases, control and treatments performed to verify the outputs or consultations are accurate.
- A key point of information systems is being able to cope with rapidly increasing volumes. At certain times of the year, or even at certain times of the day. We can see peaks of load is therefore necessary to have systems of processing and storing enough power. In addition, the software must be capable of handling large volumes of transactions.
- Continued efforts should be made to reduce the unit costs of operations. This is an important issue. This development is the result of productivity efforts made regularly. This is a major goal achieved through better management of information systems.
- Planning of developments in information systems must be implemented because the developments are often slow, and their implementations are sometimes difficult. These are complex operations that must be because they had to fly and spread over time. The project involves not only how the computer part but the whole operation.
These different practices are oriented towards the concerns of businesses. The goal is to better manage complex sets that have a computer dimension but also includes a significant factor in business.
Knowledge and application of these various practices can significantly improve the effectiveness of information systems. They still have nothing exceptional to do that they are effectively implemented.
A maturity model of governance of information systems
To assess the degree of implementation of good practices by the company, the aim is to measure the maturity level of the governance of information systems companies. Indeed there are cases where they have established a real governance of information systems and others where they did nothing or very little. Observation shows that there is governance of information systems are significant differences.
One can, as does CobiT identify 6 different levels of governance:
1. Non existent,
- Initialized on a case by case
- Repeatable but intuitive,
- Managed and measurable
We can define the six levels by taking the general assessment found in CobiT
"0. Not present: Total lack of identifiable processes. The company did not even realize it was a problem to be investigated.
1. Initialized / Case by case: It is found that the company was aware of the existence of the problem and the need to study it. However, there is no standardized process, but steps in this direction tend to be undertaken individually on a case by case basis. The comprehensive management is not organized.
- Repeatable but intuitive processes have developed to a stage where different people performing the same task using similar procedures. There is no organized training or communication of standard procedures and responsibility is left to the individual. It relies heavily on individual knowledge, posing a risk of errors.
- Defined process: It has standardized, documented and communicated processes through training sessions. These processes must be followed, however, differences are likely to be found.Regarding the procedures themselves, they are not sophisticated but formalize existing practices.
- Managed and Measurable Management monitors and measures compliance with procedures and acts when certain processes seem not to work properly. The processes are constantly improved and correspond to good practice. Automation and tools are used to a limited or partial.
- Best: Processes have reached the level of good practice following a continuous improvement and comparison with other companies. The computer is used as built-in way to automate the workflow, providing tools that improve the quality and efficiency and make the company quickly adaptable.
Of course we must adapt this standard to the particular case of the governance of information systems. So at level 2 can be formulated: "Repeatable but intuitive processes of governance of information systems have been put in place and functioning. There is such a process approach, with a dedicated information system, a responsible for process monitoring of discrepancies ... This fact that different people performing the same task using procedures similar work. cons For there is no organized training or communication on procedures for the governance system information. The responsibility for the governance of information systems is left to the discretion of each individual. It relies heavily on individual knowledge, which can lead to mistakes. "
To measure the maturity of a company's governance of information systems it is necessary to go further and analyze how the various best practices regarding governance of information systems are applied.
We do not yet have exact measurements but it is likely that most companies are between maturity levels 1 and 2 and that very few companies have reached Levels 4 and 5. Clearly significant progress is yet to be made in this area.
A somewhat simplistic approach
There are managers and consultants seeking to measure the maturity of IT governance based on maturity of the company's computer. The approach is interesting but the results are disappointing as we proceed in this manner for they assume that the company has an efficient IT system to an efficient information system. By itself it does not matter because one is part of the other. But in reality, this confusion can lead to serious errors because you can have a perfectly good computer system and inadequate information systems, see cons-efficient.
In fact, if we want to reorganize the information system of the company and if we limit the discussion to only one computer only covers part of the area to be taken into account. Result: it restructures the farm where the study and were less interested in applications and how they are implemented. If changes must be brought to existing systems, it is first necessary to consider the information system.
However we must not ignore the computer operations or studies. It is often necessary to seek to improve their functioning. It is important to ensure enforcement of best practices known in these areas. But experience shows that this is not enough. It is necessary to have a global vision beyond the technical work to get a more managerial.
To this end we must strive to take into account the impact of applications on different operating systems, enterprise information. It is a major company. It goes far beyond the implementation of business applications, office automation, web, scientific and technical systems, ... To have a clear appreciation of the issues it is necessary to evaluate the impact of information systems .
The three key elements of the governance of information systems
It is therefore necessary to have a managerial vision of information systems. Yet too often they are perceived as mechanisms that support data capture, storage and processing. It's an interesting vision, but a bit limited. But information systems are not burdens but without compensation instead of actual investments that improve the turnover of the company, its productivity, margins and ultimately profitability.
To this end we will endeavor to evaluate all of these activities and why put them under control. It is the purpose of the governance of information systems. It rests on three key points:
- Measuring the challenges of each information system. To do this we will seek to conduct a comprehensive assessment of its activity. What are the numbers involved in each information system? What are its operating costs? What is the amount of additional revenue is well produced and what margin he can reach?
- Drive each information system. A charge must be designated by the company management to monitor and control information system and must have effective means to do so. This may be a department head or division but it is also possible that this is a service manager or owner. It is in this case important to ensure it has sufficient authority to enable it to effectively manage the information system.
- Investment planning and reorganizations of each information system. In this area the changes are slow because the specific developments take time and reorganizations are even longer to be brought to an end. It is therefore necessary to plan all these operations in order to avoid the excesses that ultimately cost you.
The absence of one of these three key results in more or less significant dysfunction and finally inefficiency of information systems in place.
Some examples of information systems
There are many companies in the information systems such as:
- Purchases. It allows providers to identify, manage bids, awarding contracts, issuing orders, delivery note, receive invoices, .... It is therefore necessary to develop a custom application. It is commonly called the "supply chain" or SCM.
- Sales. It is necessary to enter orders, manage the receipt of customer orders, prepare specifications, ensuring the collection in storage, manage delivery, send invoices, follow the rules ... It's always a flow of operations difficult to manage.
- The production management. It is a set of operations to establish production orders, production start, determine in what order they should treat the production orders, monitor their implementation, measure the volume of activities (machine hours and hours of labor) that are dedicated to each production order ... The purpose of this information system is an optimization of production while significantly reducing the costs.
- Inventory management to manage a warehouse, to facilitate removal, know the inventory levels, and assess its value.
- Accounting is a particular information system to calculate the result of the company.
- - ....
Alongside these traditional information systems there are systems more difficult to design and implement:
- E-commerce. Design and build a website for making a large turnover is a simple operation. Whether to sell books, PCs or air tickets, experience shows that the premise developed this type of information system is always a delicate operation.
- CRM (Customer Relationship Management) is a set of tools and methods to help sales forces. It is necessary to enable them to be the most effective and then to better control their business.
- Project management requires putting in place an information system for planning operations. On this basis we evaluate the workload and the project budget. It is then necessary to monitor operations, including their progress, the burden of work done and expenditure patterns.
- The activity of Research and Development obliged to simultaneously track many different types of projects: basic research, applied research, development, testing, monitoring ... of such a complex requires to implement a suitable information system.
As shown in these examples the governance of information systems is to effectively manage these operations. It is therefore necessary to plan, control them and measure their achievement.
The importance of the Manifesto
To specify the content of this process the European Club Governance Information Systems has developed a reference document. The Manifesto for the governance of information systems designed to fit this approach. For this, from some simple observations:
"In a post-industrial economy, the fourth factor of production is the sector of information."
"Information is emerging as an economic resource and measurable, and [there is] lack (absence) of solution provided by traditional models of organizations to ensure the control and management of information."
"A new function adapted to the new way of doing business must support:
- The management of information;
- The management of information technology;
- Problems related to effective decision making and business efficiency;
- Other resources combined in the process of information. "
"This results in a significant increase of the economic information systems. They represent a significant portion of the value added created by business and government."
"Governance of Information Systems aims to define what are the main objectives, functions and tasks to power the new position of management information."
As we see information systems are a key element of the process of value creation by companies and administrations. To enjoy it is necessary to have a process built and adapted. It relies on the establishment of a suitable action plan based on a few areas for improvement:
- Company. Long ago, information systems were confined to manage the back office. They gradually moved to the front office and today they are mainly the various businesses of the company. The goal is to provide customers with quality services and to end up in products or services sold to customers through information systems. It is a major issue for businesses. It is therefore necessary to redesign key business processes and make them based on powerful information systems.
- Administrations. Citizens and users require governments improve the quality of services they provide. They must be of better quality, faster and cheaper. The solution is not simple and relies heavily on developing e-government. It needs to implement a new approach to government information systems.
- At the national level. European countries suffer from the weakness of policies on development of information systems. It is necessary to mobilize resources and expertise in each country and unite the various stakeholders. To this end a major outreach effort and training role and importance of information systems is necessary.
- At the European level. As a reminder the Manifesto for Governance of Information Systems: "In 2000 the Lisbon Declaration foresaw the development the" knowledge economy "which is a part of information systems. Investment in systems information is a key driver of economic growth. " But it must be admitted, since it does not happen much. It is a strategic area and it would be advisable to arrive a day to make this change but it should be willing to build. But do not dream too much, it may take time.
All these measures are at the heart of the revolution in information systems. They are based on the desire to create wealth and ensure adequate economic growth in the years to come. It is a major economic policy.
In recent years there in the field of information systems to a series of important changes. New approaches in this area go well beyond the traditional approaches such as payroll, billing and accounting. Today these systems have conquered new areas and are increasingly in direct contact with customers of the company. On electronic commerce sites the customer visits the catalog and selects and enters his order without any intermediary. Just observe how a number of websites like Google, Amazon, eBay, ... to imagine what will be the architecture of information systems of tomorrow. These new information systems are the model for future developments. They are a key engine of future economic development because they can create value that can be evaluated quite simply.