Applying IT governance balancedscorecard and

importance-performance analysisfor providing IT governance

strategy in universityKallaya Jairak and Prasong Praneetpolgrang

Information Science Institute, Sripatum University, Bangkok, Thailand

Abstract

Purpose The purpose of this paper is to identify the current situation and the future improvementfor IT governance and controls in developing country like Thailand.

Design/methodology/approach Thai universities were selected and used as subjects forcapturing the perception of IT executives on IT governance performance measures. In the first step, aglobal IT governance perspective was drawn from the literature review. In the second step, theimportant-performance analysis was applied to the metrics of IT governance balanced scorecard withcollected survey data from 64 IT executives.

Findings From a global perspective, the critical points that need to be concerned beforeimplementing IT governance have been illustrated. From a regional perspective, the paper generatedthe strategic IT governance guidance for Thai universities.

Practical implications This paper is beneficial for chief information officers, executive managers,IT managers, and academics. They will gain more knowledge and understanding about the mixedmethod of using metrics in IT governance balanced scorecard and importance-performance analysis inorder to identify the current situation of IT governance and controls in their organizations.Additionally, the practical idea with this method can be applied to draw IT governance strategy intheir contexts.

Originality/value This paper specifies the critical points and directions of IT governance for Thaiuniversities. The analysis covers global and regional viewpoints. This paper also provides the methodfor applying IT governance balanced scorecard metrics and importance-performance analysis tocontribute IT governance strategy.

Keywords IT governance, IT governance balanced scorecard, Importance-performance analysis,Thai universities

Paper type Research paper

1. IntroductionInformation technology (IT) has become a vital and integral part of many businessactivities. The pervasive use of IT in many organizations brings IT governance tobecome a more significant issue. After the concept of IT governance emerged in theearly 1990s, specialists and academics have attempted to clarify how to ensure thevalue of aggressive action on IT governance (Van Grembergen and De Haes, 2010).This curious question has been examined in a series of research projects during theperiod 1999-2003 by Weill and Ross (2004). They have found a relationship betweencorporate performance and proactive tuning for IT governance. The finding also

The current issue and full text archive of this journal is available at

www.emeraldinsight.com/0968-5227.htm

Received 3 August 2012Revised 7 December 201229 January 201311 February 2013Accepted 13 February 2013

Information Management &Computer SecurityVol. 21 No. 4, 2013pp. 228-249q Emerald Group Publishing Limited0968-5227DOI 10.1108/IMCS-08-2012-0036

IMCS21,4

228

revealed that when the organizations performed proactive support for IT governance,they could generate up to 20 percent more profit than organizations with poor support.Van Grembergen and De Haes (2010) also clearly illustrated that IT governance shouldbe an integral part of corporate governance.

Principles of IT governance cover risk management, information security, servicequality, IT resources management and business/IT alignment. Ideally, riskmanagement and information security should be combined and closely examined. Itcan be identified that information security governance (ISG) is a part of IT governance.Nowadays, IT governance and ISG are controlled by a variety of practices such asISO/IEC 38500, ISO/IEC 27001, COBIT, and ITIL. However, COBIT is now accepted asthe preferred framework for IT governance. Currently, COBIT is at version 5.0 andintroduced as a single integrated framework for IT governance.

Due to a variety of standards and frameworks, organizations will need to decidewhich approach is suitable for them. After many years of performing the insight casestudies on IT governance, Van Grembergen and De Haes (2010) have identified that thesuccessful implementation of IT governance is caused by the fine tuning of linkage forstructures, processes, and relational mechanisms within the organization itself. Thisimportant finding expands our knowledge in order to understand that there is no silverbullet solution for IT governance scenario. Different organizations need differentsolutions for IT governance. The best practice from one place can become the bad onein other places, especially when expanded and implemented under the differentconditions. For example, companies in developing countries that lack of adequateindustrial infrastructure are not able to jump into the technological dependence era tostand at the same level as companies in developed countries. Therefore, the bestpractice contributed from developed countries should be analyzed properly beforeimplementing in developing countries (Ferran, 2006). In the same manner, ITgovernance implementation in developing countries needs a holistic approach tosupport the complex mix of political, organizational, technical, and cultural concerns ineach country (Nfuka and Rusu, 2010).

The idea of trial and error to find the proper solution causes a waste of budget, time,and workforce. Therefore, it is essential for an organization to clearly understand itscurrent situation of IT governance performance before taking any other action on ITgovernance. Moreover, many organizations often ignore the planning of how toimplement IT governance. That will directly lead to an increased risk in many forms,especially for stakeholder resistance. Those problems can also cause the failure of ITgovernance implementation. Therefore, the purpose of this paper is to identify thecurrent situation and the future improvement for IT governance and controls in adeveloping country like Thailand. We have limited our scope to select only theuniversities in Thailand as the subjects of this study. By applying the metrics of ITgovernance balanced scorecard (BSC) with importance-performance analysis (IPA), weexpect to provide the new insight for IT governance issue for Thai universities.

The research questions of this paper are:

RQ1. What are the important issues to take into consideration before implementingIT governance?

RQ2. What is the current situation of IT governance performance in Thaiuniversities?

IT governancebalanced

scorecard

229

RQ3. What is the proper IT governance strategy for Thai universities?

The objectives of this study are two-fold. First, we aim to examine the current trend ofresearch studies on IT governance and university IT governance from globalperspectives. Consequently, the information obtained from the first objective willillustrate the direction of IT governance and controls that can be applied at regionallevels. Second, we aim to clarify the actual practice of IT governance in the universityand specify an IT governance strategy for Thai universities. Apart from theintroduction, this paper covers IT governance literature in Section 2, researchmethodology in Section 3, the results and discussion in Sections 4 and 5, respectively,and lastly, the conclusions in Section 6.

2. Literature review2.1 Principles of IT governanceThere are many diverse definitions of IT governance. Lee and Lee (2009) attempted toclassify them into three perspectives. First, based on decision rights andaccountabilities, IT governance is defined as:

[. . .] the decision-making in the IT domain, focusing on the distribution of decision rights andaccountabilities (or responsibilities) for the effective use of IT resources.

Second, from business/IT alignment perspective, IT governance is defined as:

[. . .] The activities to maximize business value through bringing about business/ITalignment. In achieving this goal, business/IT strategies should emphasize the effectivecontrol of resources, performance management, and risk management.

Third, based on structures and processes, IT governance is defined as:

[. . .] the responsibility of company executives and the board of directors, referring inclusivelyto the leadership, organizational structures and processes ensuring that enterprises ITsustains organizations strategies and objectives.

In addition, Gheorghe (2006) also suggested that IT governance principal objectivesshould be focused on:

. aligning IT activities with enterprise action plan;

. exploiting opportunities and maximizing benefits from IT resources; and

. managing IT risks efficiently.

These valuable references can lead us to conclude that the purpose of IT governance isto clarify roles and responsibilities from the board to supplement IT activities in actionfor balancing value and risk of IT assets. To achieve this goal, the continual actionshould be leveraged across five key areas: business/IT alignment, value delivery, riskmanagement, resource management, and performance management (Gheorghe, 2006;Lee and Lee, 2009; Nfuka and Rusu, 2010). According to the above definitions, we canexplain that IT governance could be employed in the principle, policy, process or theactivities that the organization specifies. Its objective is to control decision-making forinvestment and effective IT utilization. The effectiveness covers the appropriate andtransparent appointment of executives roles and duties, business/IT strategyalignment, good internal control systems or processes, balancing between the values

IMCS21,4

230

and the risks from IT investment, risk and security management, and the IT policies orstrategies that affect an organizations sustainability.

2.2 IT governance researchWe surveyed many research papers relating to IT governance subjects that arepublished online. The investigated databases included IEEE, ACM, Science Direct andSCOPUS. The keyword we used was IT governance. Later on, we carefullyconsidered the key issues and categorized them into five categories:

(1) IT governance implementation.

(2) IT governance framework development and guideline.

(3) Critical success factors and enablers of IT governance.

(4) Business/IT alignment.

(5) Prediction model and decision support system for IT governance.

The source of literature on IT governance research is provided in Table I and thedetails of each category are described in the following subsections.

2.2.1 IT governance implementation. Prior research in this category has examined awide range of businesses including: financial services (Peterson, 2001), oil and gasbusiness (Schwarz and Hirschheim, 2003), assurance (De Haes and Van Grembergen,2006), public sector (Bhattachariya and Chang, 2007; Sahraoui, 2009; Maidin andArshad, 2010), semiconductor business (Park et al., 2006), and small- and medium-sizedenterprise (Cai and Yu, 2009). After reviewing the consideration points for all cases, wehave realized that the concept of IT governance cannot occur in a vacuum, but shouldbegin as a journey inspired by executive boards. Sohal and Fitzpatrick (2002) also noted

Research focus area Authors

IT governance implementation Peterson (2001), Sohal and Fitzpatrick (2002),Schwarz and Hirschheim (2003), Ridley et al.(2004), De Haes and Van Grembergen (2006),Bowen et al. (2007), Bhattachariya and Chang(2007), Tu and Zhang (2008), Park et al. (2006),Sahraoui (2009), Cai and Yu (2009), Maidin andArshad (2010)

IT governance framework development andguideline

Ribbers et al. (2002), Fairchild (2004), Sherer(2004), Brown and Grant (2005), De OliveiraAlves et al. (2006), Larsen et al. (2006), Salle andDi-Vitantonio (2006), Lee et al. (2009), Nassiri et al.(2009), Afzali et al. (2010), Baka and Aziz (2010)

IT governance impact Peterson and Fairchild (2003), Fink and Ploder(2008), Lunardi et al. (2009), Nfuka et al. (2009),Krey et al. (2010), Prasad et al. (2010)

Business/IT alignment Cumps et al. (2006), Samanta (2007), Silva andChaix (2008), Beimborn et al. (2009), Cumps et al.(2009), Chen (2010), Hosseinbeig et al. (2011)

Prediction model and decision support system forIT governance

Fasanghari et al. (2008), Simonsson et al. (2008a, b),Xiao-Wen et al. (2009)

Table I.Summary of research on

IT governance

IT governancebalanced

scorecard

231

that top management commitment to IT is the primary cause for their organizations toachieve a competitive advantage from their IT. In order to achieve a better interactionbetween IT and business, the rigid form of IT structure should embrace a more socialand dynamic form (Schwarz and Hirschheim, 2003). Weill and Ross (2004) stated thatidentifying the decision rights and accountability from the board can encouragedesirable behavior in using IT. After the roles and responsibilities have been committed,organizations can embrace the solution for IT governance framework. A well balancedmix of structures, processes, and relational mechanisms will enable better ITgovernance outcomes (De Haes and Van Grembergen, 2006). Based on the review of ITgovernance implementation research, we can infer that IT governance implementationis concerned not only with well-established IT governance framework, but also withwell-communicated IT strategy and policy from the board (Bowen et al., 2007).

2.2.2 IT governance framework development and guideline. The research in thiscategory has mainly focused on providing a hybrid structure of framework orguideline based on widely accepted industry standards or existingconcepts/frameworks. For example, De Oliveira Alves et al. (2006) proposed a singleframework for implementing ISG that developed from the integration of BSC, COBIT,and ISO/IEC 27001; Larsen et al. (2006) unfolded the potential of existing ITgovernance framework at a single case of biotech-based company; and Afzali et al.(2010) applied the concept of COBIT and Val IT 2.0 to provide a broader framework forIT governance. Nevertheless, there is no universal IT governance structure for ITgovernance framework. The hybrid structure and processes are required fordeveloping a flexible environment for sustaining value through business/ITengagement (Brown and Grant, 2005; Ribbers et al., 2002). In summary, the focusarea of IT governance research on framework development and guideline is still relianton the organizational context. Furthermore, focusing only on IT governance tools andframeworks are insufficient for governing IT effectively (Ribbers et al., 2002).

2.2.3 Critical success factors and enablers of IT governance. For critical successfactors and enablers of IT governance, Fink and Ploder (2008) found that morestakeholder involvement, employee integration, business process improvement, andflexibility of the IT infrastructure are critical success factors for the use of IT governanceframework. Prasad et al. (2010) also found that effective commitment from topmanagement drives capabilities to manage IT resources, and also improves internalprocess-level performance. Nevertheless, the widely adopted framework cannotguarantee the success of IT governance implementation. The organizations shouldappraise existing framework or best practices with their organizational processes beforeadoption (Krey et al., 2010). For IT governance adoption in developing nation (Tanzania),Nfuka et al. (2009) highlighted that the problems with IT governance in public sector arelack of a specific IT strategic plan, lack of clear roles and responsibilities, inadequatefollow-up and enforcement mechanisms, lack of IT governance awareness, inadequatebudget, and lack of IT professional skills. In summary, the research in this categorycommonly reflects the issues of logical coherence for implementing IT governance intothe organizational context.

2.2.4 Business/IT alignment. For business/IT alignment, the strategic key forbusiness/IT alignment is to ensure that business can gain a competitive advantagethrough IT spending. Many studies in this category conducted a survey to determine thepattern that organizations apply to achieve an optimal level for business/IT alignment

IMCS21,4

232

(Cumps et al., 2006, 2009; Beimborn et al., 2009; Chen, 2010; Hosseinbeig et al., 2011).Additionally, many of articles also referred to strategic alignment maturity (SAM)framework (Cumps et al., 2006; Samanta, 2007; Chen, 2010; Hosseinbeig et al., 2011).SAM is used to evaluate the maturity of organizational strategy selection and alignmentactivities. The organizations can utilize SAM to identify the current stage of business/ITalignment and the goal setting for improving alignment. Research focusing onbusiness/IT alignment has been advanced in the development of models/frameworksbased on existing models/frameworks to support organizations for improving theirbusiness/IT relationships.

2.2.5 Prediction model and decision support system for IT governance. For predictionmodel and decision support system, Fasanghari et al. (2008) applied K-means analysisfor clustering available IT governance tools and standards. Simonsson et al. (2008a, b)applied Bayesian network with decision support tool for predicting IT governanceperformance. Xiao-Wen et al. (2009) developed a prototype decision supporting systemfor IT governance planning. The research in this topic area has focused on thedevelopment of automatic tool for encouraging IT governance prediction and decisionsupport.

After reviewing the focal point for each area of IT governance research, we havegained knowledge and insights on IT governance that can be summarized as follows:

. IT governance cannot occur in a vacuum, but should begin as a journey inspiredfrom the board;

. focusing only on IT governance tools and frameworks are insufficient forgoverning IT effectively;

. the organizations should appraise existing frameworks or best practices withtheir internal IT processes before adoption; and

. the prediction model and decision support system are still a relatively young areaof IT governance research.

2.3 IT governance in universitiesEven if researchers have conducted many frameworks relevant to IT governance, thereare a limited number of university-oriented IT governance frameworks. The situation ofIT governance implementation in practice within universities was not much different fromother industries. We have not found a single solution that can be applied at everyuniversity. The solution has drastically changed from one campus to another. In 2007,Bhattachariya and Chang (2007) stated that while institutions have to deal with lowstaffing levels, this time is not suitable for adopting industry best practices. Eachinstitution can establish its own best practice that link to business needs and availableresources. In 2007, Joint Information Systems Committee (JISC, 2007) funding for theUniversity of Strathclyde to develop the flexible framework and self-assessment tool thatfacilitate higher education institutions in the UK to identify the areas of improvement fortheir IT resources. Based on the JISC model and ISO/IEC 38500:2008 (Standard forCorporate Governance of IT), Martnez and Largo (2009), developed a university-orientedIT governance framework (ITG4U) for the Spanish Association of University Rectors inSpain that enable each university to reach a higher IT governance maturity level.

In Thailand, the whole university system is governed by the Office of the HigherEducation Commission (OHEC) and the Office for National Education Standards and

IT governancebalanced

scorecard

233

Quality Assessment (ONESQA). The role of the OHEC is to maintain the internalquality assurance in each university, while the control of external quality assuranceamong Thai universities is responsible for the ONESQA. Both of theses twoorganizations have the same vision to create the appropriate quality assurance systemfor Thai universities. Based on the OHEC and the ONESQA approaches, we havefound many indicators for measuring university performance. However, there seems tobe a lack of IT governance indicators. Furthermore, IT governance indicators are notmentioned in educational ICT master plan for higher education. To the best of ourknowledge, we have not found IT governance research conducted for Thai universities.Therefore, this study is one of the few attempts to investigate the current situation ofThai universities IT governance adoption.

2.4 IT governance BSCThe BSC, which was first described in the early 1990s, has become widely accepted forevaluating business performance at the enterprise level (Cobbold and Lawrie, 2002).Shifting the focus from traditional financial evaluation to stakeholders-basedevaluation, BSC combines financial measures and non-financial measures in a singlereport. In addition to financial measures, BSC employs three other perspectives formeasuring customer satisfaction, internal processes, and future vision. With BSC,organizations are able to create a linkage between short-term financial measures andfuture growth (Kaplan and Norton, 1996).

Drawing from BSC, IT governance BSC is developed for assessing how wellorganizations are performing IT governance. IT governance BSC is not only performedas a measurement system for IT governance processes, but it can also demonstratecause and effect relationships between perspectives. Figure 1 shows the cause andeffect relationships among each perspective. The future orientation perspective canimprove the level of operational excellence perspective. The operational excellenceperspective can improve the level of stakeholder perspective. And lastly, thestakeholder perspective can improve the level of corporate contribution perspective(Van Grembergen, 2005).

The scope of each perspective in IT governance BSC can be described as follows.First, the corporate contribution perspective measures the performance of ITgovernance processes for ensuring that business can achieve maximum profit from ITwhile reducing risk at a reasonable point. Second, the objectives of the stakeholder

Figure 1.IT governance BSCperspectives and theircause and effectrelationships

Corporate ContributionEnsuring maximum profit

through IT and reducing riskat a reasonable point

Operational ExcellenceIdentifying the maturity of

IT governance structuresand processes

Future OrientationBuilding the foundations of

skills, knowledge, andIT/business partnership for

IT governance delivery

StakeholdersEnhancing stakeholders

satisfaction/needs and ensuringlegal/ethical compliance

IT Governance

Enables Enables

Enables

CauseEffect

IMCS21,4

234

perspective are to measure stakeholder satisfaction, management of stakeholder needs,and legal/ethical compliance. Third, the operation excellence perspective identifies thematurity of IT governance structures and processes. Lastly, the future orientationperspective is designed to measure the foundations of skills, knowledge, andIT/business partnership for IT governance delivery (Van Grembergen, 2005).

Abu-Musa (2007) revised IT governance BSC to explore the current performance ofIT governance in developing country (Saudi Arabia). The revised version of ITgovernance BSC consists of five dimensions as follows:

(1) organization contribution;

(2) user orientation;

(3) operational excellence;

(4) future orientation; and

(5) environmental perspective.

Of the 500 questionnaires distributed to participants in Saudi organizations, the validand usable questionnaires were 24.2 percent response rate. The results reveal that avast majority of respondents are aware of the importance of IT governanceperformance measures. Furthermore, the results also provide evidence that ITgovernance BSC has been currently adopted from many Saudi organizations to trackthe IT governance performance across the five dimensions.

The instrument of IT governance BSC introduced by Abu-Musa (2007) thatconducted in the developing country context is in line with our objective to explore ITgovernance performance in developing nations like Thailand. For preliminaryinvestigation, we applied four dimensions of IT governance BSC to evaluate thecurrent situation of IT governance performance in Thai universities. Figure 2 showsthe applied IT governance BSC that perform for our study.

Figure 2.Applied IT governance

BSC

Corporate ContributionAlign IT with business objectivesDeliver valueManage costsManage risksAchieve inter-organization synergies

Operational ExcellenceMature internal IT processes Manage operational service performance Achieve economies of scale

Deliver successful IT ProjectsUnderstand business unit strategiesPropose and validate enabling solutionsUnderstand emerging technologiesDevelop organization architecture

Future OrientationAttract and retain people with key competenciesFocus on professional learning and developmentBuild a climate of empowerment andresponsibilityMeasure/reward individual and team performanceCapture knowledge to improve performancesynergies

Stakeholder OrientationStakeholder satisfaction Demonstrate competitive costs Delivery good service Develop good service

IT Governance

Build standard, reliable technology platforms

IT governancebalanced

scorecard

235

2.5 The important-performance analysisMartilla and James (1977) first introduced the IPA method which has been widely usedfor developing and improving strategy in marketing research (Martilla and James,1977). IPA can be used to analyze the operational strategy for prioritizing competitivecriteria among product/service attributes. Based on IPA concept, a series ofpaired-sample t-test are performed to evaluate the mean difference betweenperformance score and importance score (Levenburg and Magal, 2004). Then, theresults are plotted graphically with performance on the x-axis and importance on they-axis. IPA have been applied to classify and prioritize attributes in improving servicesfor many industries such as tourism (Chu and Tat, 2000; Hudson et al., 2004), healthcare (Hawes and Rao, 1985; Miranda, 2010; Yavas and Shemwell, 2001), bank( Joseph et al., 2005; Ibrahim et al., 2006), education (Nale et al., 2000; ONeill and Palmer,2004), e-services (Seng Wong et al., 2011; Huang et al., 2009) and other sectors. IPA isnot only used to capture customer perception, but it also can be used to explore theimportant of competitive criteria and operational performance from experiencedmanagers who have authority to establish actionable strategy in their organization. Insummary, IPA is the powerful evaluation tool for enabling practitioners and academicsto find out specific attributes that have been well practiced, attributes that need to beimproved, and attributes that are over performed (Wong et al., 2009).

As shown in Figure 3, the y-axis report perceived importance of each selectedattribute. While, the x-axis shows perceived product/service performance of eachselected attribute. The explanation of the original IPA is presented by the scatter plotwhich divides the chart into four quadrants as follows:

. Quadrant I is labelled concentrate here. Attributes that fall into this quadrantare perceived as high importance, but identified as low performance. This meansthat the improvement efforts should be concentrated here.

. Quadrant II is labelled keep up the good work. Attributes that fall into thisquadrant are perceived as high importance, and identified as high performance.The activities in this quadrant have been performed well, and the organizationshould maintain its good work.

Figure 3.The original IPAframework

Quadrant IConcentrate Here

Quadrant IIKeep up the Good Work

Quadrant IIILow Priority

Quadrant IVPossible Overkill

Low Importance

Low Performance High Performance

High Importance

Source: Martilla and James (1977)

IMCS21,4

236

. Quadrant III is labelled low priority. Attributes that fall into this quadrant areperceived as low importance, and relatively low performance. The organizationshould limit the resource for all activities that fall into this cell.

. Quadrant IV is labelled possible overkill. Attributes that fall into this quadrantare perceived as low importance, but relatively high performance.

Respondents are satisfied with the performance of all activities in this cell, butcompared to perceived importance, the allocation of resources for these activities arebeing over utilized.

This study applied IPA method to find out the IT governance attributes thatuniversities have performed well, and the critical points that need to be improved.Furthermore, with IPA method, we can establish the guidance of IT governancestrategy for Thai universities.

3. Research methodologyIn the first step of this research, we conducted a preliminary investigation with 40articles on IT governance research to identify critical concerns of IT governanceimplementation from a global perspective. In the second step, we conducted aquantitative survey to identify the current state of IT governance for Thai universities.A self-assessment was developed based on the metrics from IT governance BSCintroduced by Abu-Musa (2007). The questionnaire consists of 23 items within fourdimensions, as shown in Figure 3. According to these metrics (Abu-Musa, 2007), weused three-point Likert scale to measure the importance (1 not important to 3 veryimportant) and performance (1 not monitoring to 3 always monitoring). Thequestionnaires were distributed to 117 IT executives from 117 universities in Thailand.They were asked to capture the perceived importance and performance for eachattribute. A total of 64 out of 117 IT executives completed the questionnaire over thethree month period in 2011, representing a response rate of 54.7 percent. The reliabilityanalysis was carried out by calculating the Cronbachs a coefficient. The result showeda high internal consistency as shown in Table II.

After reliability testing was performed, a paired-sample t-test was run to evaluatethe mean difference between performance and importance scores. IPA was thenapplied to capture graphical demonstration for identifying the current stage of ITgovernance and also providing the strategic actions for Thai universities.

Constructs ItemsCronbachs a(importance)

Cronbachs a(performance)

1. Corporatecontribution

Five items (V1, V2, V3, V4 and V5) 0.743 0.872

2. Futureorientation

Five items (V6, V7, V8, V9 and V10) 0.811 0.937

3. Stakeholderorientation

Four items (V11, V12, V13 and V14) 0.720 0.852

4. Operationalexcellence

Nine items (V15, V16, V17, V18, V19,V20, V21, V22 and V23)

0.834 0.919

All items 0.915 0.958

Table II.Cronbachs a andreliability of scale

IT governancebalanced

scorecard

237

4. Research resultsThis section presents the main results related to IT executives perception on theimportance of IT governance performance measures taken in their universities.The result of IPA with IT governance BSC attributes is summarized in Table III. Thegraphical plotting of the IPA is also shown in Figure 5. In addition, the implication ofthe obtained results is also discussed.

According to Table II, a series of paired-sample t-test was conducted to identify thesignificant gap between importance and performance. The attributes for manage risks(V4), achieve inter-organization synergies (V5), stakeholder satisfaction (V11), andbuilding standard, reliable technology platforms (V18) show no significant difference( p , 0.05) between the mean of importance and performance. Apart from these, other19 attributes show a significant difference on t-test in negative direction. This isindicative of the fact that most actual control of IT governance in universities ismonitored less than expected. Therefore, Thai universities should pay more attentionto the attributes that are identified as being important in order to balance the gapbetween the importance and performance for those attributes.

The importance-performance matrix of IT governance BSC attributes is plotted infour quadrants, as shown in Figure 4. The importance values are presented on thevertical axis, while the performance values are presented on the horizontal axis.Quadrant I indicates the attributes that need to be considered for improvement at afirst priority. Quadrant II represents the attributes that organization can perform welland need to keep up the good work. Quadrant III indicates the attributes thatorganization should restrict its resource allocation. Quadrant IV represents theattributes that organization should reshape its policy to achieve the optimal resourceutilization. In addition, further details of the attributes in each quadrant can bedescribed as follows.

4.1 The concentrate here quadrantIn quadrant I, there is no attribute that fall into the concentrate here quadrant. Thismeans that all IT executives perceived the performance measurement of IT governancein their universities can be conducted well. There is no important attributes thatperform a low level monitoring. Even if we found evidence for lower expected controlwith 19 attributes in Table II, it would not be considered as a critical point whencomparing with the result reflected in this quadrant.

4.2 The keep up the good work quadrantAccording to the IT executive perception, 11 attributes have been identified in the keepup the good work quadrant. The important attributes that fall into quadrant II can bemeasured in a consistent way. These attributes are expected to be the pillar of strengthfor leading IT governance in the university. Therefore, all attributes in the keep up thegood work quadrant can be used as the baseline indicators for driving IT governancein Thai universities.

4.3 The low priority quadrantIT executives identified 11 attributes in the low priority quadrant which thus could beconsidered to be adequate control for less important attributes. Even if IT executives didnot perceive these attributes as the critical concerns, but this does not mean that the

IMCS21,4

238

ITg

over

nan

ceB

SC

attr

ibu

tes

Imp

orta

nt

mea

nP

erfo

rman

cem

ean

Gap

(P2

I)t-

val

ue

Sig

nifi

can

ce(t

wo-

tail

ed)

1.Corporatecontribution

V1.

Ali

gn

ITw

ith

bu

sin

ess

obje

ctiv

es2.

382.

122

0.25

92

2.76

0.00

8V

2.D

eliv

erv

alu

e2.

432.

192

0.24

12

2.23

0.02

9V

3.M

anag

eco

sts

2.33

2.07

20.

259

22.

510.

015

V4.

Man

age

risk

s2.

412.

282

0.13

82

1.59

0.11

7V

5.A

chie

ve

inte

r-or

gan

izat

ion

syn

erg

ies

2.48

2.36

20.

121

21.

350.

180

2.Future

orientation

V6.

Att

ract

and

reta

inp

eop

lew

ith

key

com

pet

enci

es2.

662.

212

0.44

82

5.71

0.00

0V

7.F

ocu

son

pro

fess

ion

alle

arn

ing

and

dev

elop

men

t2.

592.

242

0.34

52

3.80

0.00

0V

8.B

uil

da

clim

ate

ofem

pow

erm

ent

and

resp

onsi

bil

ity

2.48

2.19

20.

293

22.

890.

005

V9.

Mea

sure

/rew

ard

ind

ivid

ual

and

team

per

form

ance

2.34

2.16

20.

190

22.

270.

026

V10

.C

aptu

rek

now

led

ge

toim

pro

ve

per

form

ance

2.38

2.12

20.

259

23.

400.

001

3.Stakeholder

orientation

V11

.S

tak

ehol

der

sati

sfac

tion

2.50

2.50

0.00

00.

001.

000

V12

.D

emon

stra

teco

mp

etit

ive

cost

s2.

141.

882

0.25

92

2.66

0.01

0V

13.

Del

iver

yg

ood

serv

ice

2.60

2.28

20.

328

23.

940.

000

V14

.D

evel

opg

ood

serv

ice

2.62

2.24

20.

379

24.

680.

000

4.Operationalexcellence

V15

.M

atu

rein

tern

alIT

pro

cess

es2.

292.

072

0.22

42

2.35

0.02

2V

16.

Man

age

oper

atio

nal

serv

ice

per

form

ance

2.36

2.12

20.

241

22.

920.

005

V17

.A

chie

ve

econ

omie

sof

scal

e2.

191.

812

0.37

92

3.75

0.00

0V

18.

Bu

ild

stan

dar

d,

reli

able

tech

nol

ogy

pla

tfor

ms

2.19

2.03

20.

155

21.

760.

083

V19

.D

eliv

ersu

cces

sfu

lIT

pro

ject

s2.

532.

262

0.27

62

3.26

0.00

2V

20.

Un

der

stan

db

usi

nes

su

nit

stra

teg

ies

2.45

2.21

20.

241

22.

910.

005

V21

.P

rop

ose

and

val

idat

een

abli

ng

solu

tion

s2.

212.

002

0.20

72

2.45

0.01

7V

22.

Un

der

stan

dem

erg

ing

tech

nol

ogie

s2.

381.

982

0.39

72

4.48

0.00

0V

23.

Dev

elop

org

aniz

atio

nar

chit

ectu

re2.

361.

952

0.41

42

5.06

0.00

0

Table III.IPA with IT governance

BSC attributes

IT governancebalanced

scorecard

239

university should reduce the efforts on these attributes. This is caused by the fact thatattributes for IT governance BSC can perform not only as the performance measurement,but the former groups of attributes can also affect the later groups/perspectives, as shownin Figure 2. Lack of audit in source attributes can affect the control of destinationattributes. Therefore, all attributes in the low priority quadrant need to be reconsidered fortheir outcomes and consequences.

4.4 The possible overkill quadrantThe measuring or rewarding individual and team performance (V9) is only oneattribute that falls into the possible overkill quadrant. The attribute in this cell isconsidered to perform much control. Therefore, IT executives should reconsider theimportance of this attribute. If the final discussion identifies the same remark, then itcan reduce the efforts for this attribute.

5. DiscussionIn this study, we applied IPA analysis with IT governance BSC to capture ITexecutives perception on the importance of IT governance performance measures thatperformed in their universities. Original IPA identifies that the attributes for quadrantsIII and IV are considered to be low priority and over emphasized, respectively. Whenapplying the IPA to a strategic tool like IT governance BSC, the results should beinterpreted carefully in order to avoid being misleading. The obtained results should bereshaped from original IPA analysis, because the metrics from IT governance BSC is

Figure 4.Plotting ofimportance-performancematrix for IT governanceBSC attributes

Quadrant I (Concentrate here) Quadrant II (Keep Up the Good Work)

Quadrant IV (Possible Overkill)Quadrant III (Low Priority)

V6V14

V13V7

V19V11V5

V20V8

V2V4

V10V1

V16 V9V22V23

V3V15

V21

V12

V17V18

2.80

2.70

2.60

2.50

2.40

2.30

2.20

2.10

2.00

1.70 1.80 1.90 2.00 2.10 2.20Performance

2.30 2.40 2.50 2.60

Impo

rtan

t

IMCS21,4

240

demonstrated in the cause and effect form. We cannot identify that the attributes inquadrants III and IV are unnecessary metrics, but it can be interpreted in a way thatIT executives should pay close attention for reconsidering on the outcomes andconsequences of these metrics. If they confirm that the existing metrics are notimportant, then the unnecessary metrics should be rejected. After getting rid ofunnecessary indicators, IT executives can follow up the three strategic actions to lift uptheir capability for governing IT in their universities, as shown in Figure 5.

IT governance strategic guidance:. S1 strategy. The S1 strategy is intended to support the attributes that fall into

unimportant region to rise up to important region. By following S1 strategy, ITexecutives should figure out an approach to raising awareness on internal ITprocesses that lack of clarity concerns at both executive and operational levels.Providing award for IT best practice development in subunit of each universitycan also be used to motivate staff to realize the importance of IT performancemeasures.

. S2 strategy. The S2 strategy aims to rise up the attributes that fall into lowperformance region to high performance region. According to S2 strategy, ITexecutives should focus on identifying indicators that should be consistent withtheir internal IT processes. Furthermore, all stakeholders should be involved inthe development of these indicators in order to gain broader acceptance.

. S3 strategy. The final strategy is intended to rise up both attributes that fallinto low performance and unimportant region to high performance and

Figure 5.IT governance strategic

guidance for Thaiuniversities based on IPA

Performance

Quadrant I(Concentrate here)

Quadrant IV(Possible Overkill)

S3

S2Quadrant II

(Keep Up the Good Work)

Quadrant III(Low Priority)

S1

2.80

2.70

2.60

2.50

2.40

2.30

Impo

rtan

t

2.20

2.10

2.00

1.70 1.80 1.90 2.00 2.10 2.20 2.30 2.40 2.50 2.60

IT governancebalanced

scorecard

241

important region. S3 strategy is a combination of S1 and S2 strategies. Choosingthis strategy can lead the university to encounter high pressures from rapidimprovement. IT executives need to get effective cooperation from all universitystaff. In the case that IT executives cannot establish adequate collaboration forleveraging all indicators, they can start executing S3 strategy with only theindicators that are critical for driving internal IT processes.

6. ConclusionsThere have been a few research studies conducted on the topic of IT governance indeveloping countries, especially in Thailand. Therefore, this research aims to providethe strategic action of IT governance for organizations in this region. In this case, wehave limited our scope to choose only universities in Thailand as the subjects of thisstudy. In order to answer the research questions, our conclusions are presented in thefollowing order.

First, the evidence on global perspective can lead us to conclude that IT governanceshould begin as a journey inspired from the board. Even the well-established ITgovernance frameworks will need to determine the coherence of organizationalprocesses before adoption. Therefore, the well-communicated IT strategy and policyshould be established before enabling IT governance in action. In the case ofuniversity, in order to decrease capital risk and failure of trial and error, universitiesshould primarily analyze their current situations of IT governance performance beforeperforming any other actions on IT governance.

Second, IT executives can apply the metrics of IT governance BSC with IPA toclarify the current situation of IT governance performance in their universities.Consequently, the strategic action of IT governance for Thai universities can bespecified. Additionally, the control framework currently used in the university can beadapted to the implications from IPA.

Third, based on the results from IPA, Thai universities can apply the attributes thatfall into the keep up the good work as the baseline indicators for driving IT governancein their universities. In the long run, the IT executives can apply IT governancestrategic recommendations provided by this study as the guideline to improve theeffective control for their internal IT processes. In further studies, the insight reviewarticles based on the global IT governance perspective and the practical guideline fromregional survey can be combined to draw the flexible IT governance framework forThai universities.

References

Abu-Musa, A.A. (2007), Exploring information technology governance (ITG) in developingcountries: an empirical study, The International Journal of Digital Accounting Research,Vol. 7 No. 13, pp. 71-117.

Afzali, P., Azmayandeh, E., Nassiri, R. and Shabgahi, G.L. (2010), Effective governance throughsimultaneous use of COBIT and Val IT, Proceedings of the International Conference onEducation and Management Technology, pp. 46-50.

Baka, M. and Aziz, M. (2010), Implementing a novel IT governance framework a case study theAbu Dhabi water & electricity authority, Proceedings of the Second InternationalConference on Engineering Systems Management and Its Applications, pp. 1-5.

IMCS21,4

242

Beimborn, D., Schlosser, F. and Weitzel, T. (2009), Proposing a theoretical model for ITgovernance and IT business alignment, Proceedings of the 42nd Hawaii InternationalConference on System Sciences, Los Alamitos, CA, USA, pp. 1-11.

Bhattachariya, J. and Chang, V. (2007), The role of IT governance in the evolution oforganizations in the digital economy: cases in Australian higher education, Proceedings ofthe International Conference on Digital Ecosystems and Technologies, School ofInformation Systems, pp. 428-433.

Bowen, P.L., Cheung, M.Y.D. and Rohde, F.H. (2007), Enhancing IT governance practices: amodel and case study of an organizations efforts, International Journal of AccountingInformation Systems, Vol. 8 No. 3, pp. 191-221.

Brown, A.E. and Grant, G.G. (2005), Framing the frameworks: a review of IT governanceresearch, Communications of the Association for Information Systems, Vol. 15,pp. 696-712.

Cai, M. and Yu, J. (2009), The pattern of IT governance in small and medium-sized garmententerprise, Proceedings of the International Conference on Management and ServiceScience, pp. 1-4.

Chen, L. (2010), Business-IT alignment maturity of companies in China, Information& Management, Vol. 47 No. 1, pp. 9-16.

Chu, R.K.S. and Tat, C. (2000), An importance-performance analysis of hotel selection factors inthe Hong Kong hotel industry: a comparison of business and leisure travelers, TourismManagement, Vol. 21, pp. 363-377.

Cobbold, I. and Lawrie, G. (2002), Development of the balanced scorecard as a strategicmanagement tool, in Neely, A., Walters, A. and Austin, R. (Eds), PerformanceMeasurement and Management: Research and Action, Centre for Business Performance,Cranfield, UK, pp. 125-132.

Cumps, B., Viaene, S. and Dedene, G. (2006), Managing for better business-IT alignment, ITProfessional, Vol. 8 No. 5, pp. 17-24.

Cumps, B., Martens, D., De Backer, M., Haesen, R., Viaene, S., Dedene, G., Baesens, B. and Snoeck,M. (2009), Inferring comprehensible business/ICT alignment rules, Information& Management, Vol. 46 No. 2, pp. 116-124.

De Haes, S. and Van Grembergen, W. (2006), Information technology governance best practicesin Belgian organisations, Proceedings of the 39th Annual Hawaii InternationalConference on System Sciences.

De Oliveira Alves, G.A., Da Costa Carmo, L.F.R. and De Almeida, A.C.R.D. (2006), Enterprisesecurity governance: a practical guide to implement and control information securitygovernance (ISG), Proceedings of the First IEEE/IFIP International Workshop onBusiness-Driven IT Management, pp. 71-80.

Fairchild, A. (2004), Information technology outsourcing (ITO) governance: an examination ofthe outsourcing management maturity model, Proceedings of the 37th Annual HawaiiInternational Conference on System Sciences, Big Island, HI.

Fasanghari, M., Nasser Eslami, F. and Naghavi, M. (2008), IT governance standard selectionbased on two phase clustering method, Proceedings of the Fourth InternationalConference on Networked Computing and Advanced Information Management, Gyeongju,South Korea, pp. 513-518.

Ferran, C. (2006), Electronic business in developing countries: the digitalization of badpractices, in Tan, F.B. (Ed.), Global Information Technologies: Concepts, Methodologies,Tools, and Applications, IGI Global, Hershey, PA, pp. 3091-3104.

IT governancebalanced

scorecard

243

Fink, K. and Ploder, C. (2008), Decision support framework for the implementation ofIT-governance, Proceedings of the 41st Hawaii International Conference on SystemSciences, Los Alamitos, CA, USA.

Gheorghe, M. (2006), IT governance principles, Journal of Accounting and ManagementInformation Systems, No. 18, pp. 86-102.

Hawes, J.M. and Rao, C.P. (1985), Using importance-performance analysis to develop health caremarketing strategies, Journal of Health Care Marketing, Vol. 5 No. 4, pp. 19-25.

Hosseinbeig, S., Karimzadgan-Moghadam, D., Vahdat, D. and Moghadam, R.A. (2011), ITstrategic alignment maturity and IT governance, Proceedings of the 4th InternationalConference on Interaction Sciences, pp. 67-72.

Huang, Y.K., Kuo, Y.W. and Xu, S.W. (2009), Applying importance-performance analysis toevaluate logistics service quality for online shopping among retailing delivery,International Journal of Electronic Business Management, Vol. 7 No. 2, pp. 128-136.

Hudson, S., Hudson, P. and Miller, G.A. (2004), The measurement of service quality in the touroperating sector: a methodological comparison, Journal of Travel Research, Vol. 42,pp. 305-312.

Ibrahim, E.E., Joseph, M. and Ibeh, K.I.N. (2006), Customers perception of electronic servicedelivery in the UK retail banking sector, International Journal of Bank Marketing, Vol. 24No. 7, pp. 475-493.

JISC (2007), A framework for information systems management and governance:self-assessment toolkit, Joint Information Systems Committee, available at: www.jisc.ac.uk/media/documents/programmes/jos/Governance_Toolkit.pdf (accessed 22 June 2012).

Joseph, M., Allbright, D., Stone, G., Sekhon, Y. and Tinson, J. (2005), Importance-performanceanalysis of UK and US bank customer perceptions of service delivery technologies,International Journal of Financial Services Management, Vol. 1 No. 1, pp. 66-88.

Kaplan, R.S. and Norton, D.P. (1996), Using the balanced scorecard as a strategic managementsystem, Harvard Business Review, Vol. 74 No. 1, pp. 75-85.

Krey, M., Harriehausen, B., Knoll, M. and Furnell, S. (2010), IT governance and its impact on theSwiss healthcare, Proceedings of the 12th International Conference on ComputerModelling and Simulation, Cambridge, UK, pp. 340-345.

Larsen, M., Pedersen, M. and Viborg Andersen, K. (2006), IT governance: reviewing 17 ITgovernance tools and analysing the case of Novozymes A/S, Proceedings of the 39thAnnual Hawaii International Conference on System Sciences, Kauia, HI, pp. 1-11.

Lee, J. and Lee, C. (2009), IT governance-based IT strategy and management: literature reviewand future, in Cater-Steel, A. (Ed.), Information Technology Governance and ServiceManagement Framework and Adaptation, IGI Global, Hershey, PA, pp. 44-62.

Lee, J., Juhn, S. and Hwang, K. (2009), New development of advanced ITG framework,Proceedings of the 42nd Hawaii International Conference on System Sciences, Waikoloa,HI, pp. 1-10.

Levenburg, N.M. and Magal, S.R. (2004), Applying importance-performance analysis to evaluatee-business strategies among small firm, E-service Journal, Vol. 3 No. 3, pp. 29-48.

Lunardi, G.L., Becker, J.L. and Macada, A.C.G. (2009), The financial impact of IT governancemechanisms adoption: an empirical analysis with Brazilian firms, Proceedings of the42nd Hawaii International Conference on System Sciences, Los Alamitos, CA, USA,pp. 1-10.

IMCS21,4

244

Maidin, S.S. and Arshad, N.H. (2010), IT governance practices model in IT project approval andimplementation in Malaysian public sector, Proceedings of the International Conferenceon Electronics and Information Engineering, pp. V1-532-V1-536.

Martilla, J.A. and James, J.C. (1977), Importance-performance analysis, Journal of Marketing,Vol. 41 No. 1, pp. 77-79.

Martnez, A.F. and Largo, F.L. (2009), An IT governance framework for universities in Spain,available at: http://rua.ua.es/dspace/bitstream/10045/11216/1/EUNIS%202009%20%20An%20IT%20Governance%20Framework%20for%20Universities%20in%20Spain%20-%20Fernandez%20y%20Llorens.pdf (accessed 11 June 2012).

Miranda, F.J. (2010), An importance-performance analysis of primary health care services:managers vs patients perceptions, Journal of Service Science and Management, Vol. 3No. 2, pp. 227-234.

Nale, R.D., Rauch, D.A. and Wathen, S.A. (2000), An exploratory look at the use of importanceperformance analysis as a curricular assessment tool in a school of business, Journal ofWorkplace Learning: Employee Counselling Today, Vol. 12 No. 4, pp. 139-145.

Nassiri, R., Ghayekhloo, S. and Shabgahi, G.L. (2009), A novel approach for IT governance: apractitioner view, Proceedings of the International Conference on Computer Technologyand Development, Kota Kinabalu, Malaysia, pp. 217-221.

Nfuka, E.N. and Rusu, L. (2010), Critical success factors for effective IT governance in the publicsector organisations in a developing country: the case of Tanzania, Proceedings of theEuropean Conference on Information Systems, pp. 1-15.

Nfuka, E.N., Rusu, L., Johannesson, P. and Mutagahywa, B. (2009), The state of IT governancein organizations from the public sector in a developing country, Proceedings of the 42ndHawaii International Conference on System Sciences, Los Alamitos, CA, USA, pp. 1-12.

ONeill, M.A. and Palmer, A. (2004), Importance-performance analysis: a useful tool for directingcontinuous quality improvement in higher education, Quality Assurance in Education,Vol. 12 No. 1, pp. 39-52.

Park, H., Jung, S., Lee, Y. and Jang, K. (2006), The effect of improving IT standard in ITgovernance, Proceedings of the International Conference on Computational Inteligence forModelling Control and Automation and International Conference on Intelligent Agents WebTechnologies and International Commerce, Sydney, Australia.

Peterson, R.R. (2001), Configurations and coordination for global information technologygovernance: complex designs in a transnational European context, Proceedings of theHawaii International Conference on System Sciences, Los Alamitos, CA, USA.

Peterson, R.R. and Fairchild, A.M. (2003), Exploring the impact of electronic business readinesson leadership capabilities in information technology governance, Proceedings of the 36thHawaii International Conference on System Sciences, Los Alamitos, CA, USA.

Prasad, A., Heales, J. and Green, P. (2010), A capabilities-based approach to obtaining a deeperunderstanding of information technology governance effectiveness: evidence from ITsteering committees, International Journal of Accounting Information Systems, Vol. 11No. 3, pp. 214-232.

Ribbers, P., Peterson, R. and Parker-Priebe, M. (2002), Designing information technologygovernance processes: diagnosing contemporary practices and competing theories,Proceedings of the 35th Hawaii International Conference on System Sciences, pp. 3143-3154.

Ridley, G., Young, J. and Carroll, P. (2004), COBIT and its utilization: a framework from theliterature, Proceedings of the 37th Hawaii International Conference on System Sciences,Los Alamitos, CA, USA.

IT governancebalanced

scorecard

245

Sahraoui, S.M. (2009), ICT governance in higher education: case study of the rise and fall of opensource in a Gulf university, Proceedings of the International Conference on Informationand Communication Technologies and Development, pp. 348-356.

Salle, M. and Di-Vitantonio, G. (2006), Business service management: the impact of ITgovernance models on IT management policies, Proceedings of the InternationalConference on Services Computing, Chicago, IL, USA, pp. 373-380.

Samanta, S. (2007), Business-IT alignment strategies: a conceptual modeling, Proceedings ofthe Portland International Center for Management of Engineering and Technology, pp. 1-5.

Schwarz, A. and Hirschheim, R. (2003), An extended platform logic perspective of ITgovernance: managing perceptions and activities of IT, Journal of Strategic InformationSystems, Vol. 12 No. 2, pp. 129-166.

Seng Wong, M., Hideki, N. and George, P. (2011), The use of importance-performance analysis(IPA) in evaluating Japans e-government services, Journal of Theoretical and AppliedElectronic Commerce Research, Vol. 6 No. 2, pp. 17-30.

Sherer, S.A. (2004), IS project selection: the role of strategic vision and IT governance,Proceedings of the 37th Hawaii International Conference on System Sciences, Los Alamitos,CA, USA, pp. 1-8.

Silva, E. and Chaix, Y. (2008), Business and IT governance alignment simulation essay on abusiness process? And IT service model, Proceedings of the 41st Hawaii InternationalConference on System Sciences, Los Alamitos, CA, USA.

Simonsson, M., Johnson, P. and Ekstedt, M. (2008a), IT governance decision support using theIT organization modeling and assessment tool, Proceedings of the Portland InternationalConference on Management of Engineering & Technology, Cape Town, South Africa,pp. 802-810.

Simonsson, M., Lagerstrom, R. and Johnson, P. (2008b), A Bayesian network for IT governanceperformance prediction, Proceedings of the 10th International Conference on ElectronicCommerce, Innsbruck, Austria.

Sohal, A.S. and Fitzpatrick, P. (2002), IT governance and management in large Australianorganizations, International Journal of Production Economics, Vol. 75 No. 1, pp. 97-112.

Tu, W. and Zhang, J. (2008), The components and practice of information technologygovernance, Proceedings of the First International Workshop on Knowledge Discovery andData Mining, Adelaide, Australia, pp. 465-468.

Van Grembergen, W. (2005), Measuring and improving information technology governancethrough the balanced scorecard, available at: www.isaca.org/Journal/Past-Issues/2005/Volume-2/Documents/jpdf052-measuring-and-improving.pdf (accessed 22 June 2012).

Van Grembergen, W. and De Haes, S. (2010), A research journey into enterprise governance ofIT, business/IT alignment and value creation, International Journal of IT/BusinessAlignment and Governance, Vol. 1 No. 1, pp. 1-13.

Weill, P. and Ross, J.W. (2004), IT Governance: How Top Performers Manage IT Decision Rightsfor Superior Results, Harvard Business School Publishing, Boston, MA.

Wong, M.S., Fearon, C. and Philip, G. (2009), Evaluating e-government in Malaysia: animportance-performance grid analysis (IPA) of citizens and service providers,International Journal of Electronic Business, Vol. 7 No. 2, pp. 105-129.

Xiao-Wen, L., Xiao-Chun, L. and Ke-Jin, H. (2009), Design and implementation of IT governanceplanning decision supporting, Proceedings of the Chinese Control and DecisionConference, pp. 5629-5632.

IMCS21,4

246

Yavas, U. and Shemwell, D.J. (2001), Modified importance-performance analysis: an applicationto hospitals, International Journal of Health Care Quality Assurance, Vol. 14 No. 3,pp. 104-110.

Further reading

Slack, N. (1994), The importance-performance matrix as a determinant improvement priority,International Journal of Operations & Production Management, Vol. 14 No. 5, pp. 59-75.

Appendix. Research questionnaireDear sir

I am conducting a study entitled, Applying IT governance balanced scorecard andimportance-performance analysis for providing IT governance strategy in university. Thisquestionnaire is aimed to investigate the opinions of IT executives in Thai universities on theperceptions of IT governance and IT governance measurement of each aspect implemented ineach university that covers:

. corporate contribution;

. future orientation;

. stakeholder orientation; and

. operational excellence.

Please kindly respond to this questionnaire yourself and give information which stronglyrepresents your opinions. You will be assured of complete confidentiality as your responses willbe kept confidential. The results of this study will be a beneficial guideline for executives of IT;as well as executives of general administration to be able to strategically develop and improvethe benefits from utilization of IT in each university. Moreover, the findings, revealed from thisstudy, will provide effective methods on quality control of IT for Thai universities in the future.

Please take a few (approximately 20) minutes to complete the enclose questionnaire. You haveour personal assurance that all responses will remain anonymous. Your response is veryimportant to the study, and we thank you in advance for your co-operation participation.

1. University ________________________________________________________________2. What is your current job title?

Chief Information Officer : CIO IT Project ManagerIT Director IT SpecialistInternal Auditor Other-please list ______________

3. What is your role relevant of information technology function?

Planning IT budgetsDecision in IT Projects Procurement decision maker on Hardware/SoftwareParticipating in establishing university IT policyOther please List ____________________________________________

4. How many years of experience do you have in your current position? _____________(continued)

1. General Information

IT governancebalanced

scorecard

247

3. Stakeholder Orientation

3.1 Stakeholder satisfaction 1 2 3 1 2 33.2 Demonstrate competitive costs 1 2 3 1 2 33.3 Delivery good service 1 2 3 1 2 33.4 Develop good service 1 2 3 1 2 3

4. Operational Excellence

4.1 Mature internal IT processes 1 2 3 1 2 34.2 Manage operational service performance 1 2 3 1 2 34.3 Achieve economies of scale 1 2 3 1 2 34.4 Build standard, reliable technology platforms 1 2 3 1 2 34.5 Deliver successful IT Projects 1 2 3 1 2 34.6 Understand business unit strategies 1 2 3 1 2 34.7 Propose and validate enabling solutions 1 2 3 1 2 34.8 Understand emerging technologies 1 2 3 1 2 34.9 Develop organization architecture 1 2 3 1 2 3

Please Circle the most appropriate number for the Importance and Performanceof IT Governance Performance Measurement in your organization

IT Governance Performance Measurement

Importance Performance

Not

Impo

rtan

t (1)

Impo

rtan

ce (2

)

Very

Impo

rtan

t (3)

Not

Mon

itori

ng (1

)

Som

etim

e Mon

itori

ng (2

)

Alw

ays M

onito

ring

(3)

1. Corporate Contribution

1.1 Align IT with business objectives 1 2 3 1 2 31.2 Deliver value 1 2 3 1 2 31.3 Manage costs 1 2 3 1 2 31.4 Manage risks 1 2 3 1 2 31.5 Achieve inter-organization synergies 1 2 3 1 2 3

2. Future Orientation

2.1 Attract and retain people with key competencies 1 2 3 1 2 32.2 Focus on professional learning and development 1 2 3 1 2 32.3 Build a climate of empowerment and responsibility 1 2 3 1 2 32.4 Measure/reward individual and team performance 1 2 3 1 2 32.5 Capture knowledge to improve performance 1 2 3 1 2 3

2. IT Governance Performance MeasurementIMCS21,4

248

About the authorsKallaya Jairak received the BSc in Economics from MAEJO University, Chiang Mai, Thailand, in1998, and the MS in information technology and management from Chiang Mai University,Chiang Mai, Thailand, in 2004. She is currently a PhD candidate in information technology,Information Science Institute of Sripatum University (ISIS), Bangkok, Thailand. Her researchinterests include IT governance, IT/business alignment, ICT sustainability and ICT in educationmanagement. Her current focus is on IT governance strategy and framework. In addition, shepublished more than five papers in these areas. Kallaya Jairak is the corresponding author andcan be contacted at: ajkallaya@gmail.com

Prasong Praneetpolgrang received the BSc (1st Hons) in electrical engineering from the RoyalThai Air Force Academy, Bangkok, Thailand, in 1987, the MS in computer engineering, in 1989,the MS in electrical engineering, in 1993, and the PhD degree in computer engineering fromFlorida Institute of Technology, Florida, USA, in 1994. He currently has the rank of AssociateProfessor at the Information Science Institute, Sripatum University, Bangkok, Thailand. Hisresearch interests are in the areas of computer and information security, trust management andIT governance, e-Commerce and cloud applications. Dr Praneetpolgrang has more than 100published articles in these areas. He has served on program committees of both international andnational conference on computer science and engineering, information technology ande-Business. He is also member of IEEE and ACM. He has recorded in Whos Who in the world ininformation technology.

To purchase reprints of this article please e-mail: reprints@emeraldinsight.comOr visit our web site for further details: www.emeraldinsight.com/reprints

IT governancebalanced

scorecard

249

Reproduced with permission of the copyright owner. Further reproduction prohibited withoutpermission.