board level it governance research project...it governance or digital leadership reflection: how is...
TRANSCRIPT
BOARD LEVELIT GOVERNANCERESEARCHPROJECT|Research Briefing 3: Corporate Governance Codes and Digital Leadership
Publication of Antwerp Management School, September 2016
RESEARCH BRIEFING 3 CORPORATE GOVERNANCE CODES AND DIGITAL LEADERSHIP
In our increasingly digitized economy, information technology (IT) has become fundamental to support, sustain and grow organizations. Successful organizations leverage the digital innovation potential but also understand and manage the risks and constraints of technology.
Previously, the governing board could delegate, ignore or avoid IT related decisions, but the dis-ruptive new technologies (cloud, internet of things, big data…) are increasingly being felt at board level. Emerging research calls for more board-level engagement in IT governance and identifies serious consequences for digitized organizations in case the board is not involved. Yet, it appears that IT governance competence remains the ‘elephant in the boardroom’ for more than 80% of boards of directors.
In this context, a co-created research project was installed by University of Antwerp - Antwerp Man-agement School, CEGEKA, KPMG and Samsung, focused on the role of the board in IT governance. This third research briefing analyzes if and how corporate codes are addressing board level IT gov-ernance and how it influences board’s behavior in terms of providing transparency on IT governance in their annual reports. First, we observed that most international corporate governance do not include any or very little guidance on board level IT govern-
ance and digital leadership. The leading example was found in the contemporary South African corporate governance code, King III, which does contain a significant amount of IT (governance)-re-lated guidance. The Belgian Corporate Governance Code Lippens does not make any references to IT governance. Secondly, we also detected that South African boards in our sample seemed to be more concerned with IT governance transparency in their annual reports than the Belgium firms in our sam-ple. This draws us to the conclusion that corporate governance codes can have a positive influence on engaging boards in digital leadership.
From a practitioners’ stance, we believe that this exploratory research illustrates the need for includ-ing IT governance-related directives in national corporate governance codes or regulations. As IT becomes more pervasive in firms all over the world, it makes sense for firms to be transparent about these, often very important, IT-related mat-ters; and for national corporate governance codes and regulations to guide firms in such a direction.
RESEARCH CONTEXT AND QUESTIONS
IT governance, otherwise referred to as “enterprise governance of IT” or “corporate governance of IT”, is a focus area of corporate governance that is con-cerned with the organization’s IT assets. In analogy to corporate governance, it is concerned with the oversight of IT assets, their contribution to business value and the mitigation of IT-related risks (Weill & Ross, 2004). A common referenced definition comes from De Haes & Van Grembergen (2015) who state that “Enterprise governance of IT is an integral part of corporate governance exercised by the board and addresses the definition and implementation of pro-cesses, structures and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of busi-ness/IT alignment and the creation of business value from IT-enabled business investments.” Many sources identify five areas or domains of attention in the context of IT governance that need to be addressed (Butler & Butler, 2010; ITGI, 2003; Posthumus & Von Solms, 2010; Valentine & Stewart, 2015): • Strategic alignment, with the focus on aligning
business and IT strategies and operations• Value delivery, concentrating on optimizing ex-
penses and proving the value of IT• Risk management, addressing the IT related busi-
ness risks • Resource management, optimizing IT related
knowledge and resources• Performance management, monitoring IT enabled
investment and service delivery
Emerging research calls for more board level en-gagement in IT governance and identifies serious consequences for digitized organizations in case the board is not involved. For example, Turel and Bart (2014) conclude that high levels of board-level IT governance, regardless of existing IT needs, will increase organizational performance. But from a board perspective, there is also an growing need to comply with an increasing amount of regulatory and legal requirements (eg. privacy) of which many also impact IT. As such, these regulatory requirements redefine directors’ responsibilities for IT governance (Trites, 2004).
Despite the agreement between researchers and practitioners on the need for board-level involvement in IT governance, it appears that this is more the exception than the rule in practice (Andriole, 2009; Bart & Turel, 2010; Coertze & Von Solms, 2014). In this research briefing, we build on the assumption that the board’s behavior towards IT governance and digital leadership might be influenced by external factors such as corporate governance codes (Parent & Reich, 2009). As such, this research papers has two key research questions:
Research question 1: What IT (governance)-related guidelines are con-tained in national corporate governance codes and what differences can be observed between various corporate governance codes?
Research question 2:
To what extent does the national corporate gov-ernance code influence the level of IT governance disclosure of a firm?
1
RESEARCH DESIGN2The research started with a literature review to underpin the study and to define the main concepts used in the research project.
IT-related guidelines
For the first research question, a sample of interna-tional corporate governance codes was analyzed. The selection of national corporate governance codes was based on two dimensions: geography (i.e. continent) and economy (i.e. income groups). Using
Continent
Africa Asia Europe Australia North America South America
Income group
High Seychelles (SC)
Japan (JP)
Belgium (BE)
Australia (AU)
United States (US) -
Middle South Africa (ZA)
Lebanon (LB)
Macedonia (MK)
Fiji (FJ)
Mexico (MX)
Brazil (BR)
Low Ghana (GH)
India (IN)
Armenia (AM) - - Guyana
(GY)
an index of all corporate governance codes around the world , a national corporate governance code was selected to populate as many cells as possible (see table 1). When a country had multiple corporate governance codes, the most recent code for listed companies was selected. An additional requirement was that the corporate governance code should be available in English. The final sample of national corporate governance codes (N=15) is presented in Table 1.
To analyze each corporate governance code for IT (governance)-related content, the IT governance transparency framework by Joshi et al. (2013) was used. This IT governance disclosure framework contains 39 disclosure items distributed over the following domains: IT strategic alignment, IT value delivery, IT risk management, and IT performance measurement (see top row of Table 3). Using the IT governance transparency framework as a coding frame, a binary classification approach was used while analyzing the national corporate governance codes; i.e. an item is scored ‘1’ if the item is present as a guideline or practice in the corporate governance code, and scored ‘0’ otherwise.
Influence of national corporate governance codes
In research question 2, the extent to which the national corporate governance code influences the level of IT governance disclosure of a firm could was examined. For this, two groups of ten firms were selected that operate in a different corporate governance context. As the South African corpo-rate governance code King III contains a significant amount of IT (governance)-related guidance and the Belgian code Lippens does not, ten Belgian and ten South African companies were selected. The final sample (N=20) is presented in Table 2.
For each firm in the sample the English annual report of 2014 was obtained and analyzed, as these were the most recent available at the time. Similarly to the preceding step of analyzing the corporate govern-ance codes for IT (governance)-related content, a qualitative data analysis was performed on these annual reports to verify how corporate governance codes are influencing IT governance disclosure (re-search question 2).
Table 1. Final sample of national corporate governance codes by continent and income group (N=15)
Belgian group South African group
Ageas ABSA Bank Limited
Ascencio Alexander Forbes Group Holdings
Befimmo Clientele Limited
Dexia Discovery Holdings Limited
GBL Grindrod Bank
Iep Invest Liberty Holdings Limited
KBC MMI Holdings Limited
Nat. Bank van België Sanlam
Sofina Santam
Solvac Sasfin Bank
Table 2. Sample of Belgian and South African firms (N=20)
CORPORATE GOVERNANCE CODES MAKE LITTLE REFERENCE TO IT GOVERNANCE OR DIGITAL LEADERSHIPTable 3 presents the item-level analysis of the 15 cor-porate governance codes for IT governance related content. A first general observation is that, aside from the South African code, the corporate govern-ance codes score very low overall when it comes to including IT (governance)-related practices or guide-lines. A reasonable explanation for this observation is that many national corporate governance codes are based on the OECD principles of corporate govern-ance (OECD, 2015). Specifically for our sample, 8 out
3
Country
Code Info IT Governance Disclosure Items
Year Pages
IT Strategic Alignment (ITSA) IT Value Delivery (ITVD) IT Risk Management (ITRM) IT Performance Measurement (ITPM)
IT E
xper
t o
n th
e b
oar
d
IT e
xper
t w
ith e
xper
ienc
e o
n th
e b
oar
d
A C
IO o
r an
eq
uiva
lent
po
sitio
n in
the
firm
IT c
om
mitt
ee
IT r
isk
is p
art
of a
udit
com
mitt
ee o
r ris
k co
mm
ittee
IT is
par
t o
f aud
it co
mm
ittee
IT s
teer
ing
co
mm
ittee
IT p
lann
ing
co
mm
ittee
Tech
nolo
gy
com
mitt
ee
IT c
om
mitt
ee a
t an
exe
cutiv
e le
vel
CIO
or
equi
vale
nt is
on
the
bo
ard
IT g
over
nanc
e fr
amew
ork
sta
ndar
d: I
TIL
/CO
BIT
/IS
O, e
tc.
IT a
s an
issu
e in
the
bo
ard
mee
ting
Sug
ges
tion/
dec
isio
n/ad
vice
by
the
bo
ard
on
IT
Sp
ecia
l rep
ort
/sec
tion
on
IT/I
T p
roje
cts
in a
nnua
l rep
ort
IT m
entio
ned
as
a st
rate
gic
bus
ines
s is
sue
IT p
roje
cted
as
stre
ngth
IT p
roje
cted
as
op
po
rtun
ity
Pro
ject
up
dat
es o
r co
mm
ents
IT is
exp
licitl
y m
entio
ned
for
achi
evin
g s
pec
ific
bus
ines
s o
bje
ctiv
es
Co
mm
ents
/up
dat
es o
n IT
per
form
ance
IT t
rain
ing
Gre
en IT
Dire
ctio
n an
d s
tatu
s ab
out
IT o
utso
urci
ng a
nd in
sour
cing
IT is
ref
erre
d u
nder
the
op
erat
iona
l ris
k
Sp
ecia
l IT
RM
pro
gra
m
Use
of I
T fo
r re
gul
atio
n an
d c
om
plia
nce
IT/E
lect
roni
c D
ata
Pro
cess
ing
(E
DP
) au
dit
Info
rmat
ion
and
sec
urity
po
licy/
pla
n (I
T s
ecur
ity)
The
role
of I
T in
acc
oun
ting
and
the
rep
ort
ing
sta
ndar
ds
(IA
S)
Op
erat
ions
co
ntin
uity
pla
n
Exp
licit
info
rmat
ion
on
IT e
xpen
ditu
re
IT b
udg
et
IT h
ard
war
e co
st
IT s
oft
war
e co
st
Exp
licit
IT m
anp
ower
co
st is
men
tione
d
IT e
xpen
ses
are
men
tione
d u
nder
ad
min
istr
ativ
e co
st
IT r
elat
ed a
sset
s ar
e m
entio
ned
und
er in
tang
ible
ass
ets
Dire
ct c
ost
on
IT is
men
tione
d in
cur
renc
y o
r p
erce
ntag
e
Seychelles (SC) 2010 44
South Africa (ZA) 2009 66 X X X X X X X X X X X X X X X X X
Ghana (GH) 2010 27
Japan (JP) 2015 44 X
Lebanon (LB) 2010 28 X
India (IN) 2009 24 X
Belgium (BE) 2009 42 X
Macedonia (MK) 2006 26 X X
Armenia (AM) 2010 18 X
Australia (AU) 2014 44 X
Fiji (FJ) 2008 16 X
United States (US) 2013 27
Mexico (MX) 2010 42
Brazil (BR) 2009 74 X
Guyana (GY) 2011 16 X
of 15 national corporate governance codes explicitly state being based on the OECD principles. The re-maining 7 corporate governance codes show a lot of similarities with the OECD principles, but they don’t explicitly refer to OECD. These G20/OECD princi-ples do not include specific directives regarding IT governance or IT governance disclosure, aside from using the company website as a disclosure channel for material company information.
CORPORATE GOVERNANCE CODES MAKE LITTLE REFERENCE TO IT GOVERNANCE OR DIGITAL LEADERSHIP
Reflection: How is COBIT 5, the best-practice IT Governance framework, addressing board-level IT governance?
This research starts from the premise that boards need to extend their governance accountability towards including IT governance and digital leadership. This conclusion is confirmed by the internationally recog-nized reference framework COBIT 5 (ISACA, 2012). In this best-practice model, COBIT 5 identifies (next to other domains) five governance processes in the core of the board’s responsibilities. These area’s include: setting of the governance framework; handling responsibilities in terms of value (e.g., investment criteria), risk (e.g., risk appetite) and resources (e.g., resource optimization); and providing transparency regarding IT to the stakeholders. The latter process addresses the key topic of this article, which COBIT describes as the process required “to ensure that enterprise IT performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and the necessary remedial actions.”
Country
Code Info IT Governance Disclosure Items
Year Pages
IT Strategic Alignment (ITSA) IT Value Delivery (ITVD) IT Risk Management (ITRM) IT Performance Measurement (ITPM)
IT E
xper
t o
n th
e b
oar
d
IT e
xper
t w
ith e
xper
ienc
e o
n th
e b
oar
d
A C
IO o
r an
eq
uiva
lent
po
sitio
n in
the
firm
IT c
om
mitt
ee
IT r
isk
is p
art
of a
udit
com
mitt
ee o
r ris
k co
mm
ittee
IT is
par
t o
f aud
it co
mm
ittee
IT s
teer
ing
co
mm
ittee
IT p
lann
ing
co
mm
ittee
Tech
nolo
gy
com
mitt
ee
IT c
om
mitt
ee a
t an
exe
cutiv
e le
vel
CIO
or
equi
vale
nt is
on
the
bo
ard
IT g
over
nanc
e fr
amew
ork
sta
ndar
d: I
TIL
/CO
BIT
/IS
O, e
tc.
IT a
s an
issu
e in
the
bo
ard
mee
ting
Sug
ges
tion/
dec
isio
n/ad
vice
by
the
bo
ard
on
IT
Sp
ecia
l rep
ort
/sec
tion
on
IT/I
T p
roje
cts
in a
nnua
l rep
ort
IT m
entio
ned
as
a st
rate
gic
bus
ines
s is
sue
IT p
roje
cted
as
stre
ngth
IT p
roje
cted
as
op
po
rtun
ity
Pro
ject
up
dat
es o
r co
mm
ents
IT is
exp
licitl
y m
entio
ned
for
achi
evin
g s
pec
ific
bus
ines
s o
bje
ctiv
es
Co
mm
ents
/up
dat
es o
n IT
per
form
ance
IT t
rain
ing
Gre
en IT
Dire
ctio
n an
d s
tatu
s ab
out
IT o
utso
urci
ng a
nd in
sour
cing
IT is
ref
erre
d u
nder
the
op
erat
iona
l ris
k
Sp
ecia
l IT
RM
pro
gra
m
Use
of I
T fo
r re
gul
atio
n an
d c
om
plia
nce
IT/E
lect
roni
c D
ata
Pro
cess
ing
(E
DP
) au
dit
Info
rmat
ion
and
sec
urity
po
licy/
pla
n (I
T s
ecur
ity)
The
role
of I
T in
acc
oun
ting
and
the
rep
ort
ing
sta
ndar
ds
(IA
S)
Op
erat
ions
co
ntin
uity
pla
n
Exp
licit
info
rmat
ion
on
IT e
xpen
ditu
re
IT b
udg
et
IT h
ard
war
e co
st
IT s
oft
war
e co
st
Exp
licit
IT m
anp
ower
co
st is
men
tione
d
IT e
xpen
ses
are
men
tione
d u
nder
ad
min
istr
ativ
e co
st
IT r
elat
ed a
sset
s ar
e m
entio
ned
und
er in
tang
ible
ass
ets
Dire
ct c
ost
on
IT is
men
tione
d in
cur
renc
y o
r p
erce
ntag
e
Seychelles (SC) 2010 44
South Africa (ZA) 2009 66 X X X X X X X X X X X X X X X X X
Ghana (GH) 2010 27
Japan (JP) 2015 44 X
Lebanon (LB) 2010 28 X
India (IN) 2009 24 X
Belgium (BE) 2009 42 X
Macedonia (MK) 2006 26 X X
Armenia (AM) 2010 18 X
Australia (AU) 2014 44 X
Fiji (FJ) 2008 16 X
United States (US) 2013 27
Mexico (MX) 2010 42
Brazil (BR) 2009 74 X
Guyana (GY) 2011 16 X
The South African corporate governance code, King III, contains a significant amount of IT (governance)-relat-ed guidance. King III came into effect for South African entities starting from 1 March 2010 and is applicable to all entities (i.e. regardless of their size and whether or not they are listed). King III contains a specific IT governance chapter consisting of seven IT governance principles and some additional and more detailed recommended practices for each of these principles (Table 4) (Institute of Directors in Southern Africa, 2009).
An interesting observation at the item-level is that ‘Use of IT for regulation and compliance’, belonging to the ‘IT risk management’ category is found in 11 out of 15 of the
selected corporate governance codes. Again, a reasona-ble explanation can be found in the contents of the G20/OECD principles on corporate governance. As part of its ‘disclosure and transparency’ chapter, it is specifically stat-ed that the company website provides an excellent way to disclose material company information (OECD, 2015). This is indeed a way of using IT for regulation and compliance. Finally, the item ‘IT is part of audit committee’, belonging to the ‘IT strategic alignment’ category, is also found in the Macedonian corporate governance code. These are the only two disclosure items that were found in other corpo-rate governance codes besides King III.
Principle Description Recommended practices
5.1 The board should be responsible for information techno-logy governance.
• 5.1.1. The board should assume the responsibility for the governance of IT and place it on the board agenda.
• 5.1.2. The board should ensure that an IT charter and policies are established and implemented.
• 5.1.3. The board should ensure promotion of an ethical IT governance culture and awareness and of a common IT language.
• 5.1.4. The board should ensure that an IT internal control framework is adopted and implemented.
• 5.1.5. The board should receive independent assurance on the effectiveness of the IT internal controls.
5.2 IT should be aligned with the performance and sustainability objec-tives of the entity.
• 5.2.1. The board should ensure that the It strategy is integrated with the compa-ny’s strategic and business processes.
• 5.2.2. The board should ensure that there is a process in place to identify and exploit opportunities to improve the performance and sustainability of the com-pany through the use of IT.
5.3 The board should delegate the res-ponsibility for the implementation of an IT governance framework to ma-nagement.
• 5.3.1. Management should be responsible for the implementation of the structu-res, processes and mechanisms for the IT governance framework.
• 5.3.2. The board may appoint an IT steering committee or similar function to assist with its governance of IT.
• 5.3.3. The CEO should appoint a Chief Information Officer responsible for the management of IT.
• 5.3.4. The CIO should be a suitably qualified and experienced person who should have access and interact regularly on strategic IT matters with the board and/or appropriate board committee and executive management.
5.4 The board should monitor and eva-luate significant IT investments and expenditure.
• 5.4.1. The board should oversee the value delivery of IT and monitor the return on investment from significant IT projects.
• 5.4.2. The board should ensure that intellectual property contained in informati-on systems are protected.
• 5.4.3. The board should obtain independent assurance on the IT governance and controls supporting outsourced IT services.
5.5 IT should form an integral part of the entity’s risk ma-nagement process.
• 5.5.1. Management should regularly demonstrate to the board that the company has adequate business resilience arrangements in place for disaster recovery.
• 5.5.2. The board should ensure that the company complies with IT laws and that IT related rules, codes and standards are considered.
5.6 The board should ensure that infor-mation assets are managed effecti-vely.
• 5.6.1. The board should ensure that there are systems in place for the manage-ment of information which should include information security, information management and information privacy.
• 5.6.2. The board should ensure that all personal information is treated by the company as an important business asset and is identified.
• 5.6.3. The board should ensure that an Information Security Management Sys-tem is developed and implemented.
• 5.6.4. The board should approve the information security strategy and delegate and empower management to implement the strategy.
5.7 A risk committee and audit com-mittee should assist the board in carrying out its IT responsibilities.
• 5.7.1. The risk committee should ensure that IT risks are adequately addressed.• 5.7.2. The risk committee should obtain appropriate assurance that controls are
in place and effective in addressing IT risks.• 5.7.3. The audit committee should consider IT as it relates to financial reporting
and the going concern of the company.• 5.7.4. The audit committee should consider the use of technology to improve
audit coverage and efficiency.
Table 4. King III IT governance principles and recommended practices (Institute of Directors in Southern Africa, 2009)
CORPORATE GOVERNANCE CODES INFLUENCE HOW BOARDS REPORT ON THEIR IT GOVERNANCE APPROACH
4In order to investigate how corporate governance codes influence IT governance disclosure (research question 2), an analysis was performed between financial services organizations that are listed on Euronext Brussels (and therefore subject to the Belgian code Lippens – a corporate governance code that contains almost no IT (governance)-related guidance), and financial services organizations that
are listed on the Johannesburg Securities Exchange (and therefore subject to the South African code King III – a corporate governance code that contains a significant amount of IT (governance)-related guid-ance). The results of this analysis are first overviewed at the level of the disclosure categories in Table 5. The group with the highest average disclosure rate for each disclosure category is bold-faced.
Belgian companies (N=10)
South African companies (N=10)
Full sample (N=20)
IT strategic alignment 8% 25% 16.5%
IT value delivery 6% 38% 22%
IT risk management 21% 33% 27%
IT performance measurement 16% 29% 22.5%
Average 12.75% 31.25% 22%
Table 5. Reporting rate per disclosure category
This first global overview of IT governance trans-parency between both groups shows that the listed South African financial services organizations seem to be more concerned with disclosing on their IT governance than the listed Belgian financial services organizations. This observation holds for all disclo-sure categories of the IT governance transparency framework. This result could be expected, as King
III contains a significant amount of (non-committal) IT (governance)-related guidance while the code Lippens does not. Table 5 also globally indicates that there are potential opportunities for the firms in our sample to improve on their IT governance transpar-ency. While this is true for both groups, it is especial-ly true for the Belgian firms.
Belgian companies (N=10)
South African companies (N=10)
Full sample (N=20)
IT strategic alignment 8% 25% 16.5%
IT value delivery 6% 38% 22%
IT risk management 21% 33% 27%
IT performance measurement 16% 29% 22.5%
Average 12.75% 31.25% 22%
CONCLUSIONS AND IMPLICATIONS
This research briefing puts forward two objectives. First, a selection of national corporate governance codes was analyzed with respect to IT (govern-ance)-related content. Second, the influence of the national corporate governance code on a firm’s IT governance transparency was explored. Answering the first research question, we observed that only the contemporary South African corporate govern-ance code, King III, contains a significant amount of IT (governance)-related guidance. Building on these findings, the contemporary state of IT governance transparency in Belgian and South African com-panies was then compared to meet the second re-search objective. Using an established IT governance transparency framework, we found that the South African firms in our sample seemed to be more concerned with IT governance transparency than the Belgium firms in our sample, given a comparable ownership structure and IT strategic role (i.e. listed financial services organizations). As such, the results suggest that the level of IT governance disclosure in annual reports is positively correlated to the institu-tional setting in which IT governance is a key topic in the corporate governance code.
From a practitioners’ stance, we believe that this ex-ploratory research illustrates the need for including IT governance-related directives in national corporate governance codes. As IT becomes more pervasive
5in firms all over the world, it makes sense for firms to be transparent about these, often very important, IT-related matters; and for national corporate govern-ance codes to guide firms in such a direction.
“We believe that this ex ploratory research illustrates the need for including IT governance-related directives in national corporate governance codes”
This study also help to explore the fundamental role of corporate governance principles in shaping IT governance practices at firm level by providing evidence that the presence of IT-related principles in corporate governance codes can encourage firms in disseminating IT governance information in public documents. The importance of IT governance trans-parency should also be stressed outside the national corporate governance code. In its current edition, the international good-practice framework COBIT 5 already refers to the importance of ensuring stake-holder transparency in the context of IT governance. However, this discussion remains rather high-level and abstract. Practitioners would certainly benefit from more specific guidelines regarding IT govern-ance transparency as part of the COBIT framework.
ABOUT THE RESEARCH PARTNERS
This research is part of a co-created research project installed by KPMG Belgium, CEGEKA Belgium, Samsung Belgium, together with the Antwerp Management School and the University of Antwerp. The leadership role of the industry partners in supporting this research is focused at better understanding the crucial accountability of the board in governing the digital assets and to provide solutions and tools for these board member to take up their accountability. More information: www.antwerpmanagementschool.be/boardITGovernance .
ABOUT THE RESEARCHER TEAM
Steven De Haes (chair), PhD, is Full Professor Information Systems Management at the University of Antwerp – Faculty of Applied Economics and at the Antwerp Management School. He is actively engaged in teaching and applied research in the domains of Digital Stra-tegies, IT Governance & Management, IT Strategy & Alignment, IT Value & Performance Management, IT Assurance & Audit and Information Risk & Security. He acts as the acade-mic director for this research program.
Anant Joshi, PhD is a post-doctoral researcher at the University of Antwerp and Antwerp Management School (Belgium), and a lecturer at Maastricht University (The Netherlands). Anant holds a PhD degree in Management Information Systems from Maastricht University, Netherlands. His research interests include Corporate Governance of IT, Business Value of IT, and Corporate Governance.
Tim Huygh is a PhD candidate in Information Technology Governance at the department of Management Information Systems of the Faculty of Applied Economics at the University of Antwerp. He has a bachelor’s and master’s degree in Business Engineering: Management Information Systems from the University of Antwerp and a master’s degree in Advanced Busi-ness Studies from the University of Leuven (KUL). His research interests include IT governan-ce and management, and Business/IT alignment.
Salvi Jansen is a business engineer in management information systems (MIS) and a con-sultant at KPMG Advisory in Belgium. Working in the field of IT governance and strategic alignment he aims to provide the business with fact-based insights and enjoys delivering audit and advisory engagements in a variety of sectors. His research interest focuses around IT governance, more specifically the processes, controls, and capabilities needed at the executive level to direct and control the IT management.
REFERENCES
Andriole, S. (2009). Boards of Directors and Technology Governance: The Surprising State of the Practice. Communications of the Association for Information Systems.
Bart, C., & Turel, O. (2010). IT and the Board of Directors: An Empirical Investigation into the “Governance Questions” Canadian Board Members Ask about IT.
Butler, R., & Butler, M. J. (2010). Beyond King III : assigning accountability for IT governance in South African enterprises. South African Journal of Business Management, 41(3), 33–45.
Coertze, J., & von Solms, R. (2014). The Board and CIO: The IT Alignment Challenge. In 2014 47th Hawaii International Conference on System Sciences (pp. 4426–4435). IEEE. http://doi.org/10.1109/HICSS.2014.545
De Haes, S., & Van Grembergen, W. (2015). Enterprise governance of information technology, second editi-on. Springer.
Institute of Directors in Southern Africa. (2009). King III Code of Corporate Governance for South Africa. Retrieved from https://jutalaw.co.za/uploads/King_III_Report/
ISACA. (2012). COBIT 5: Enabling Processes. Retrieved from http://www.isaca.org/COBIT/Pages/CO-BIT-5-Enabling-Processes-product-page.aspx
IT Governance Institute (ITGI). (2003). Board Briefing on IT Governance, 2nd Edition. Retrieved from http://www.isaca.org/knowledge-center/research/researchdeliverables/pages/board-briefing-on-it-governan-ce-2nd-edition.aspx
Joshi, A., Bollen, L., & Hassink, H. (2013). An Empirical Assessment of IT Governance Transparency: Evidence from Commercial Banking. Information Systems Management. Retrieved from http://www.tandfonline.com/doi/abs/10.1080/10580530.2013.773805
OECD. (2015). G20/OECD Principles of Corporate Governance. Retrieved from http://www.oecd-ilibrary.org/governance/g20-oecd-principles-of-corporate-governance-2015_9789264236882-enParent, M., & Reich, B. H. (2009). Governing Information Technology Risk. CALIFORNIA MANAGEMENT REVIEW, 51(3), 134
Posthumus, S., & Von Solms, R. (2010). The board and IT governance : towards practical implementation guidelines. Journal of Contemporary Management, 7, 574–596.
Trites, G. (2004). Director responsibility for IT governance. International Journal of Accounting Information Systems, 5(2), 89–99. http://doi.org/10.1016/j.accinf.2004.01.001
Turel, O., & Bart, C. (2014). Board-level IT governance and organizational performance. European Journal of Information Systems, 23(2), 223–239. http://doi.org/10.1057/ejis.2012.61
Valentine, E., & Stewart, G. (2015). Enterprise Business Technology Governance: Three Competencies to Build Board Digital Leadership Capability. In 2015 48th Hawaii International Conference on System Sciences (pp. 4513–4522). IEEE. http://doi.org/10.1109/HICSS.2015.539
Weill, P., & Ross, J. W. (2004). IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business Press.
RESEARCH PROJECT WITH OUR KNOWLEDGE PARTNERS:
POWERED BY:
MORE INFORMATION
Contact the Academic Director of the Competence Center ITAG, Prof. Dr. Steven De Haes, [email protected]/itag
#boardITgovernance
MORE INFORMATION
Contact the Academic Directorof the Competence Center ITAG,Prof. Dr. Steven De Haes,[email protected]/itag
#boardITgovernace