OPPORTUNITY OF THE NEXT STEP FOR THE MANAGEMENT OF INFORMATION SYSTEMS IN ADMINISTRATION: A TECHNOLOGICAL OR A SOCIOCULTURAL MATTER?

Author: Florin IONIŢĂ1

Ioan RADU2

Cleopatra SENDROIU3

AbstractDuring the last 8 years, both in Romania and in all the states which recently adhered or planned to adhere to the European Union, a large and, in some cases, sudden concern for automating different areas of public administration occured. External viewers considered this a promissing sign for fast and deep reformation of the administrative systems of the newcomers, and the Union financed, by both preadheration instruments and structural funds, a multitude of projects, waiting for spectacular results. Unfortunately, quite many of these projects which focused on IT&C in public institutions did not confirm the confidence and, what is in our oppinion even worse, precious years have passed without bringing the expected upgrade of the public systems to the level of the developed countries.A wide spread opinion was infirmed, that the backwardness of the administrative act in the ex-socialist states was mainly a matter of lack of modern technology. The hardware and software, as well as management techniques, brought in the public institutions by the projects mentioned above were the latest generation, but the final result – the welfare and satisfaction of the citizens – were still to come. Of course, the phenomenon raised some major questions, and the experts in public administration, the analysts and automated information systems integrators tried to give pertinent explanations of this failure. A large number of studies were dedicated to this subject, and their main goal was to establish whether the causes of the failures were connected with the human resource or with the technology.What we try to prove in this paperwork is that updating of the management of the public system is not a problem with a unique, well verified, solution, universal to all the levels of the public management and all the countries, but an equation which can have one, more or no solution at a certain moment, depending on a complex bunch of different parameters, of economic, psychologic, social, technological or other nature. Another objective of this paper is to figure out a family of methods which can help in diagnosing the correct status of the management information system of a public institution related to the level of technical culture, social problems, the level of the institutional system of all the area or country, as well as identifying the most appropriate technological level of an IT&C solution which fits best the problem and the expected results.Using already confirmed diagnosis methods (as, for example, maturity model) and design approaches (such as OODA Loop) we will propose few measures for settling the balance among the level of knowledge, the managerial demands, the organizational culture and the level of communication and information technology, as main variables which determine the degree of utility or success of an integrated IT solution for a public administration management problem.Mathematically speaking, we will make some considerations about the way of finding a global optimum for the multivariable function of success of an automated management information system and a projection of this result on the restrictions system of the Romanian public administration, hoping that the model will be, afterwards, confirmed in other countries.

IntroductionA large spread oppinion was infirmed, that the backwardeness of administrative act in the ex-socialist states was mainly a matter of lack of modern technology. In the last 8 years, in Romania and in all the states which recently adhered or planned to adhere to the European Union it occured a large, and, in some cases, sudden concern for automating parts of Management Information Systems in different organizations. The European Union financed, by both preadheration instruments and structural funds, a multitude of projects, waiting for spectacular results. Unfortunately, quite many of these projects, concerning usage of IT&C in companies and public institutions were not confirming the confidence and, what is, in our oppinion, even worse, precious years have passed without bringing the expected upgrade of the quality of services to the level reached by the developed countries.The hardware and software, as well as management techniques, brought in the public institutions or companies by the projects mentioned above were the latest generation, but the final result – the wellfare and satisfaction of the citizens – were still to come. The phenomenon occured in other environments as well. Companies with large financial and human ressources, located in economically developed countries or public institutions from administrative systems which allocated huge budgets for updating the information systems, failed in achieving significant advantages after implementing high (technically and financially) level solutions. Statistics show that the IT expenditures recorded a constant growth during the last 20 years,

1 Lecturer, Academia de Studii Economice din Bucureşti, România2 Professor, Academia de Studii Economice din Bucureşti, România3 Associate professor, Academia de Studii Economice din Bucureşti, România

which shows a continuous growth of the effort of the companies or states dedicated to the extension of the IT sector. Unfortunately, these efforts have not always resulted in a similar growth of the competitiveness and performance of the organizations. In the the authors’ opinion, in the large IT projects (more than 1,000,000 €) the success rate does not exceed 1/7 in Romania and 1/4 -1/5 at the world level. Of course, the phenomenon raised some major question marks, and the experts in public administration and corporate management, the analysts and automated information systems integrators tried to give pertinent explanations of this failure. A large number of studies were dedicated to this subject, and their main goal was to establish wether the causes of the failures were connected whith the human resource or whith the technology.The causes should not only be searched in the way these systems are designed and implemented, but also inside the beneficiary organizations, where the information systems subject to updating cannot always successfully adapt themselves to the level of performance of an IT solution. What we try to prove in this paperwork is that updating of the management of the public system is not a problem whith an unique, well verified, solution, universal to all the levels of the public management and all the countries, but an equation which can have one, more or no solution, at a certain moment, depending of a complex bunch of different parameters, of economic, psihologic, social, technological or other nature. Another objective of this paper is to figure out a family of methods which can help in diagnosing the correct status of the management information system of a public institution, reported to the level of technical culture, social problems, the level of the institutional system of all the area or country, as well as identifying the most appropriate technological level of a IT&C solution which fits the best to the problem and expected results.Using already confirmed diagnosis methods (as, for example, maturity model) and design approaches (such as OODA Loop) we will propose few directions for setting down the balance between the level of knowledge, the managerial demands, the organizational culture and the level of communication and information technology, as main variables which determine the degree of utility or success of an integrated IT solution for a public administration management problem.In a mathematical approach, we will make some considerations about the way of finding a global optimum for the multivariable function of success of automated management information system and to make a projection of this result on the restrictions system of Romania, hoping that the model will be, afterwards, confirmed in other countries.

SympthomsIf, until not very long ago, the expenses with development and maintaining the automated information systems of a company usually represented a relatively low quote of the total costs of that institution, once these systems started to migrate from the automation of execution processes to the management ones, a great demand for complex information system implementations occurred, first from the managers of the most important companies and afterwards from the management of public institutions. The costs of design, implementation, running and maintaining of these systems became comparable with the budgets of large departments, as marketing, or even production.New integrating technologies emerged. They started from the premise that the value of an IT integrated system is normally greater than the sum of the component subsystems’ values, while the relation between their costs is inverted, and this approach led to a massive orientation of IT investment to achieving turn-key systems. Specific to these systems, usually built on a multilevel philosophy, was that, starting from the top management requirements, functional specification and interface levels were developed vertically in a top-to-bottom manner, on a common data and business process backbone, rendered by a content management system. Subsequently other groups of interrelated applications were developed horrizontally for each level so that, based on the initial specifications, they met the requirements of their level and also synchronized one another with modules belonging to other levels by means of the two basic elements: the data deposit and the business flow.Besides the increase in performance and productivity of the system developers and the impact of these features on the management of the public institutions, this approach also created two big groups of problems whose solution is the key to IT systems’ success: organizing the company and even some processes and major business rules, as well as organizing and management of all IT structure development and running activities, which have meanwhile grown extremely complex.A study4 developed by the well known consultancy company Gartner shows that during the last few years, we have witnessed an unprecedented growth of the companies’ expenditures for re-engineering and maintaining of their own IT systems, with a rate of 5-8%. Only in 2007 these expenditures exceeded $3 trillion. Under these circumstances, the design errors, budget overflows, security breeches and incoherence caused losses of more than $600 million5 in 2006. An even clearer image of the disaster is given to us by Rubenstein, in “Standish Group Report” 6.

4 GARTNER. "Gartner Says World-Wide IT Spending to Surpass $3 Trillion in 2007." Business Wire, October 8, 2007.5 HUBER N. (Gartner) - Firms Waste £351bn Each Year on Ill-Concieved IT Projects." ComputerWeekly.com, March 21, 2007. 6 RUBENSTEIN. D. - "Standish Group Report: There's Less Development Chaos Today." Software Development Times, March 1, 2007.

Consequently, the lack of a high performance control exerted at all levels and coordinated by the top management of the company, the lack of a coherent ruling of the whole range of IT activities, the lack of coordination between these activities and the other categories of activities run in the organization and especially the lack of an intelligent strategy of the firm, containing elements of the IT strategy in all its components, can turn the IT investment into a huge loss of resources, trust, performance and competitiveness. An example of the above situations is that of a new Romanian Regulating Authority, founded in 2002, which decided, in 2003, to develop a modern, nation wide, integrated information system. It took advantage of a Phare program wich concerned major improvements of the area the Authority was regulating and built a project containing an IT component, as well as some other legislative and procedural subprojects.The IT infrastructure and the application architecture were designed at the highest standards by both the IT Manager and a consultant and it proposed a VPN based, wide area system, connecting the Authority’s head office in Bucharest and 7 local branches, distanced at 200-500 km from the capital. The system was ment to cover all the main activities specific to the Authority: licensing, monitoring, regulating, control, training, a.s.o. and it was based on an unique database. A major demand for the system was to be able to communicate with an accounting application, in use at the moment of ellaborating the project. European Comission agreed and accepted to finance the project and, after the bid took place, a consortium took over and started the analysis process.The directors of departments were interviewed about the informational activities in their departments and they all approoved the final document describing the results of the system analysis. The equipments were delivered, they were checked and signed for, set up and installed on sites, both at the head office and territorial agencies. Few months later, the first version of the application was presented to the board of the Authority and, after some small observations, it was tested and implemented.Soon after closing the project, some users avoided to use the application, stating that it was not operating properly and the procedures they were normally using did not match the way the programs were performing. After a check, it came out that the specifications approved were totally respected by the software, but still, the real procedures used were more or less different of those described by the department directors during the analysis process. Even more, it came out that the same procedure was performed in a different manner by different employees. The software had some bugs, never announced by the users, even some of them were obvious.It was made an agreement between the beneficiary and the software provider, the bugs were removed and some missmatches between the software and real procedures were fixed. On the other hand, the new system could not communicate with the accounting application, and neither the provider of this module, nor its users did want it modified. It was agreed a common programme, between the users and the software design team in order to identify the major changes which should be made in the project, as a new version.The database was not updated in a real time manner, especially in the territorial agencies, so the reports were not accurate, creating supplementary stress for the employees responsable for those reports. Some organizational measures were taken, but the trust in the system was less and less. After one year, the top management was changed, and the new one was informed that the system simply does not work. The equipments were used for simple operations, as text processing and spreadsheets, chat and games, and the software was abandoned.

Causes We consider that we cannot speek about one cause, but about several categories, concerning both the specifications architect, software designer, beneficiary and, above all, the management of the beneficiary.First of all – and, we consider, most important- is the wrong planning of the system design (or no planning at all). There are few questions to be answered during this step, as, for example: -which should be the goal of the project, in terms of overall performance of the organization?-which should be the skedule of reaching the performance milestones and which should be the cost of touching each of the milestones? -which percentage of this cost ist o be allocated for IT upgrade?-how can we prepare the human ressource for using the new system?-what ist o be done for standardizing the procedures? -what organizational changes must be done for the new system?After answering all these questions, a realistic cashflow can check out if, on long term basis, the system would bring a real efficiency. In many cases, the lack of experience in planning major organization changes and information system upgrade makes that the whole process is seen as in Figure 1.

Instead of Figure nr.1

This means that the management of the organization considers that automation of the company is the main goal, and, once obtained the finnancial ressource, the leaders are only concerned of when the job is going to be ready. Involving in the process is not an option, everything is left on the specialists which are considered experienced enough to know exactly what is good to be done. Even the analysis process is seen as an obstacle, because people loose precious time at the interviews. Usually, it is decided exactly who answers the questions and when, and the interaction between the analyst’s team and organization is seen as a matter of PR.As we saw in the example above, there is a lot of people who understand the nature of the activities developed inside the institution, who even know how these activities have to be done, but who do not know how they are really done. This is why, instead of adjusting the way the things are done to the way they should be, and, afterwards, comunnicating to the analyst the right informational procedure, the responsable person for the automation of a group of activities preffers to describe a virtual organization and hopes the things will fix themselves as soon as the computers will come. Sometimes, but only sometimes, they do. Otherwise, after the first tests or, even worse, after implementation, the users reject the system which is either changed (at high and unjustified costs) or stored for a later usage.The lack of or incorect motivation of the staff involved in automated data processing is another major cause for which an IT implementation is rejected. Beginning with the allready classical belief that, where computers come, people go, and ending with „better results is more money”, the atitude of the users to be against the new system is, innitially, hostile. The way the implementation is prepared in terms of human ressources is one of the keys to the success of a new system. What is hard to be understood is that, normally, the effort to build new applications for activities which are already automated is smaller than the one for adapting third party programs, even verified ones, to the new modules. Arguments like „people are used to the old interface” or „it is hard to learn another program after working whith the old one for so long” are right, but the total costs and the effectivenes of a hybrid system are worse, on long terms, than those of a new, integrated system.Post implementation is a period which is not taken into account when the decision for upgrade is adopted. Contracting support activities is seen as a sort of warranty ensurance, not as a continuous improving of a dynamic product. Especially for the organizations with little or no experience in organizational change and automating the information system, is vital that the development of the new system should be made in two steps, which means that, after implementation, major changes will be demanded and the effort for achieving them is not far from the first implementation.There can be some other causes, as, for example, lack of vision or divergency between the development of the IT system and the trends of the activity inside organization. But, if an isolated disfunction, as, for example, incorrect functioning of a hardware device or a wrong estimation of the necessary number of workstations, can be repaired relatively easy, a wrong strategy and management of the development of information system can lead to disasters.

Solutions

Governance instead of management

Taken over from politics, where its common meaning is “capacity (art, from some points of view) of ruling a state, a province, or a geographic region which has a certain degree of autonomy”, the word “governance” still causes disputes when it is used in different fields of knowledge. It seems that the first step in extending the meaning of this term was taken by the specialists in the field of organizational management, who considered that other terms, as “piloting” or, simply, “management”, are not comprehensive enough for describing the ruling act of such an organization 7, because of the complexity and multitude of the processes performed in a company, and because of the strong interaction between these processes and the economic, social and political environment they belong to. The term Corporate Governance appeared at the beginning of the 1990’s and, shortly after, it was extended downwards to the components of the management system, whose greater and greater complexity demanded, in the opinion of some specialists, management techniques similar to those used in ruling of states or regions.Probably one of the most used terms of this family is IT governance. There are, in our opinion, four major attributes of this notion which distinguish it from “management of IT activities” or “management of the IT Department” in an organization:

-holistic and integrated -synergic -strategic -sliding

The holistic feature, defining for this collocation, refers to the subsidiary of the IT system to the institution’s management and to the fact that the main goals of the IT system must represent a subset of the secondary goals of the whole organization’s strategy. The goals of IT governance are often found among the strategic options of the company board. For example, implementing the specific Business Intelligence technologies inside the Management Information System of the firm and integration of the existing applications and data in the new information system as a goal of IT governance represents a way to achieve a management-specific goal, which increases the quality level of the decision making process by a more rigorous substantiation.

The synergic feature regards the unitary coordination, at the level of the IT system, of all its components and the orientation of each of the components and of the relations between them to achieving the common goals, established at the system level. Excessive focusing inside the management processes of the IT activities on the development of one of the system components can only be accepted in some support activities as, for example, the management of the local network, but not at the top level. At this level we speak about IT governance as a management philosophy according to which each of the component entities exists and develops only to support the synergic activity of achieving a unique goal of the whole set of components.In our opinion the leading strategic feature of IT governance is also defining. Practicing the prevision function of management on long periods of time (3 to 5 years), dramatically distinguishes, with regards to managing IT activities, “management” from “governance” and so does the way the objectives of the company’s strategy generate average and long term objectives for the IT system. Even if, during the dispute between the French-speaking and the Anglo-Saxon specialists on the paternity of the term “governance”, an “equal” sign was sometimes drawn between the terms “governance” and “management”, we believe that the difference between the two refers both to the ampleness of the managed system, to its complexity and the time scale of the decisions made, and the approach in correlation with other systems with which it interacts in a synergic manner.Another typical element of IT governance is the fast development of IT specific tools and concepts. So, when it is about designing wide systems, or when strategic objectives for the IT system are established, it can happen that, not long after these objectives were stated, they become obsolete or, by emerging of new instruments and concepts, to lose their character of major and long term demands. Under these circumstances these goals and objectives must slide on the vertical axis of the technological progress, being always subdued to the global mission of the organization.

The necessity of it governance

If, until not very long ago, the expenses with development and maintaining the automated information systems of a company usually represented a relatively low quote of the total costs of that institution, once these systems started to migrate fast from the automatization of execution processes to the management ones, a great demand for complex

7 BURLAUD, A.; GERMAK, P.; MARCA, J.P. – Management des systemes d’information, Editions Foucher, 2007. ISBN 978-2-216-10575-5 pag.34-35

information system implementations occurred, first from the managers of the most important companies and afterwards from the management of medium and even small firms. The costs of design, implementation, running and maintaining of these systems became comparable with the budgets of large departments, as marketing, or even production.Emerging of new integrating technologies, which started from the premise that the value of an IT integrated system is normally greater than the sum of the component subsystems’ values, while the relation between their costs is inverted, led to a massive orientation of IT investment to achieving turn-key systems. Specific to these systems, usually built on a multilevel philosophy, was that, starting from the top management requirements, functional specification and interface levels were developed vertically in a top-to-bottom manner, on a common data and business process backbone, rendered by a content management system. Subsequently other groups of interrelated applications were developed horrizontally for each level so that, based on the initial specifications, they met the requirements of their level and also synchronized one another with modules belonging to other levels by means of the two basic elements: the data deposit and the business flow.Besides the increase in performance and productivity of the system developers and the impact of these features on the company management, this approach also created two big groups of problems whose solution is the key to IT systems’ success: organizing the company and even some processes and major business rules, as well as organizing and management of all IT structure development and running activities, which have meanwhile grown extremely complex.A study8 developed by the well known consultancy company Gartner shows that during the last few years, we have witnessed an unprecedented growth of the companies’ expenditures for re-engineering and maintaining of their own IT systems, with a rate of 5-8%. Only in 2007 these expenditures exceeded $3 trillion. Under these circumstances, the design errors, budget overflows, security breeches and incoherence caused losses of more than $600 million9 in 2006. An even clearer image of the disaster is given to us by Rubenstein, in “Standish Group Report” 10.Consequently, the lack of a high performance control exerted at all levels and coordinated by the top management of the company, the lack of a coherent ruling of the whole range of IT activities, the lack of coordination between these activities and the other categories of activities run in the company and especially the lack of an intelligent strategy of the firm, containing elements of the IT strategy in all its components, can turn the IT investment into a huge loss of resources, trust, performance and competitiveness. In the above statements we identify the features of IT governance as they were described at the beginning of this paper. As shown in11 we can briefly emphasize the main classes of needs which determine the IT governance processes:

-need of increasing the company’s efficiency or, as stated in the above mentioned article, the need of getting more by paying less;

-need of innovation and completing several initiatives in parallel, which is a common IT governance problem, given that requests for system modification exceed the IT response capacity, causing dissatisfaction;

-need to keep large projects on track, which normally occurs at non-experienced companies which try to develop ambitious IT projects (as, for example, ERP’s) without having the expertise in avoiding or recovering after major failures;

-need to avoid recurring of data security incidents;-need to meet compliance deadlines, taking into account that compliance initiatives can result in overlapping or

conflicting demands, which can sometimes make the use of multiple drivers necessary.From another point of view, the role of IT governance is to balance the requirements of the investors and of the rest of the stakeholders, by focusing the efforts of the organization on adding value, under an adequate control and with high accountability.Regarded as a system by which the IT resource is controlled and driven, IT governance must first consider the roles and accountability of each person or group in the firm as, for example, the board or second level managers. In order to adopt the fundamental decisions concerning the IT system, it also has to take into account the set of all the business rules and processes. Finally, IT governance must build and consolidate an effective structure and use it to establish the IT goals, to carry them out and to monitor their development, starting from the company’s general objectives. In our opinion, in order to reveal all the senses and meanings of the term “IT Governance”, we must simultaneously consider the following two dual aspects of this item:

-using IT as the main governance tool of the enterprise;-managing the entire IT system in the same manner and using the same methods and techniques as in ruling the

company.This point of view also gives a helping hand in answering the question “what training, what knowledge and what skills must an IT manager have, and in what proportion?”. The answer is obviously not simple, and in our opinion it depends 8 GARTNER. "Gartner Says World-Wide IT Spending to Surpass $3 Trillion in 2007." Business Wire, October 8, 2007.9 HUBER N. (Gartner) - Firms Waste £351bn Each Year on Ill-Concieved IT Projects." ComputerWeekly.com, March 21, 2007. 10 RUBENSTEIN. D. - "Standish Group Report: There's Less Development Chaos Today." Software Development Times, March 1, 2007.11 HAINAUT, J.; WALKER, P. - Getting Serious About IT Governance; Can You Afford to Put it Off? DM Direct, February 8, 2008

both on the level of management/governance techniques used in managing the IT system and the IT structure complexity, as shown in Figure nr. 2.

Figure nr.2 Basic training and the level of knowledge necessary for the IT manager of an organization

According to the above diagram, for a low complexity IT system, with an infrastructure of low extension and complexity and within an approach which considers IT as a support activity for other departments, the IT manager must mainly have an IT training, with some entry level knowledge of management. As opposed to this, in a larger IT structure with the extension of specific functions of the IT system to the top management level and implemented IT governance concepts, the leading person or group in charge of coordinating this activity must mainly have manager skills.

Proper information automation strategy. Ooda loop.

One of the most frequent questions asked when the ideea of building a modern information system occurs is what must it be started with, and how can one simultaneously manage the multitude of problems which emerge during the building process. One of the best ways to answer is a military strategy: John Boyd’s OODA Loop.The OODA Loop (Observe, Orient, Decide, and Act), an  information strategy concept for information warfare, was invented by John Boyd (1927-1997). Initially created for military purposes, the OODA model was soon proved to fit to business strategy. Boyd developed the theory based on his earlier experience as a fighter pilot and work on energy maneuverability. He initially used it to explain victory in air-to-air combat, but in the last years of his career he expanded his OODA Loop theory into a grand strategy that would defeat an enemy strategically by - psychological - paralysis. Due to Colonel Boyd, fighting the enemy or solving a problem means acting through a decision making process, based on observations of the world around it. The enemy will observe unfolding circumstances and gather outside information in order to orient the system to perceived threats. Boyd states that the orientation phase of the loop is the most important step, because if the enemy perceives the wrong threats, or misunderstands what is happening in the environment around him, then he will orient his thinking (and forces) in wrong directions and ultimately make incorrect decisions. Boyd said that this cycle of decision-making could operate at different speeds for the enemy and your own organization. The goal should be to complete your OODA Loop process at a faster tempo than the enemy's, and to take action to lengthen the enemy's loop. One tries to conduct many more loops "inside" the enemy's loop, causing the enemy to be unable to react to anything that is happening to him.

Company IT structure complexityManagement Governance

Bas

ic tr

aini

ngIT

M

anag

emen

t

Boyd stated that the enemy's loop can be lengthened through a variety of means. Boyd's aim is to generate "non-cooperate" centers of gravity for the enemy through ambiguity, deception, novel circumstances, fast transient maneuvers, and the use of Sun-Tzu's idea of Cheng and Ch'i. By isolating the enemy's centers of gravity and developing mistrust and cohesion within the system (making them "non-cooperative"), friction will be greatly increased, paralysis in the system will set in, and the enemy will ultimately collapse. In terms of information system design, the four phases of the loop, Observe, Orient, Decide, Act, mean that the whole process and also the subprocesses must be run in a logical manner, starting with the analysis of the various action choices in order to fiind the one which will be started first, focus all the ressources on developing the chosen area, make the best tactical decisions to direct the action on solving the problem in an efficient manner and act in the way it was decided.IT Governance must act in the same way. It is both because the ressources are allways insufficient in order to solve all the problems at once, because, at a certain moment, the problems are not all of equal importance, and because acting is both a result of a decision making process and, also, a cause for other steps in decision making. This approach enables the organization to permanently adapt its actions at the reactions of the inner and outer environment, keeping, in the same time, the main road determined by the initial strategy.

Implementation of it governance techniques and methods

Specialists consider that an IT solution, whether it is a simple application or a complex system, has as much strength as it has the capability to satisfy the needs of its beneficiaries. Speaking about the implementation of IT governance as the main management system of the IT resource, the success of this enterprise is given by the coherence between the solution itself, the implementing manner, the level of the IT and management culture of the organization and its close environment and the extent of performance-focusing of the company management.In other words, the balance between the technological and performance level of the solution and the level of organizational, management and technical knowledge and culture of the personnel of the firm and of the companies and organizations with which the firm communicates regularly is the key factor which makes the difference between really successful solutions and costly (often resounding) failures. As a consequence, when we look for the best and most efficient solution for IT Governance, we must consider two important aspects: one is the level of the organizational culture, the capability level of the IT and management system and the maturity and performance of the entire company, and the other one is the range of appropriate solutions offered by the market for the given situation. For a correct valuation of the existing solutions, there are a lot of instruments and information sources available (both scientific and commercial) which can perform a very refined analysis. For the estimation of the general level of the organization, an adequate and as objective diagnose as possible is necessary.For this diagnose we recommend a method known as Capability Maturity Model12 - CMM, which, based on identification of some features of management, respectively IT governance, and on their comparison to a series of preset levels, shows the maturity degree of the IT system.

In a nutshell, CMM tackles five different aspects which can determine one of the five possible levels of the model where the IT structure can be situated.

1. Maturity Levels – (ML). They consist of a layered framework which gives the steps to be followed by the organization to the stage needed to engage in continuous improvement;

2. Key Process Areas – (KPA). These are groups of related activities which lead to achieving a set of objectives of utmost importance, when performed collectively;

3. Goals – (G). The goals of a key process area are regarded as a sum of conditions to be fulfilled in order to state that the group of activities was implemented in an effective, long lasting way;

4. Common Features – (CF). They refer to the practical ways of implementing the key process area. They include: Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation;

5. Key Practices – (KP). They describe those infrastructure elements or processes which significantly contributed to implementing and institutionalization of the key processes.

When we wish to identify the state of the organization and the most suitable approach in order to implement IT Governance, the five levels we can refer to are as follows:Level 1 – Initial. At this level the processes are usually not documented and their modification is based on the

user or event It is assumed that, at this level, the organization does not have a steady environment and it may not know all the environmental elements or their interactions.

12 HUMPHREY, W.,S.; - Managing the software processes. Addison Wesley Professional, Massachusets, 1989.

Level 2 – Repeatable. A series of application development processes are repeatable and generate positive results. Yet, they are not used in all projects running in the organization. In some cases, low complexity project management techniques are used. Level 3 – Defined. The set of standard processes within the company, which is the basis of the 3rd level, is established and improved every now and then. The organization’s management establishes process objectives for its set of standard processes, and monitors the proper addressing of these objectives. Level 4 – Managed. By using process indicators, the board of managers in the company can actually control the running processes and, when applicable, they can find means of adjustment of processes to certain projects, without recording significant drops in quality or deviations from specifications. At this level, the firms set quantitative quality goals for the design and maintenance of IT programs13.Level 5 – Optimized. This maturity level focuses on achieving continuous improvement of the process performance both in “steps” (incremental improvement of technology) and in innovative leaps. The organization sets quantitative goals for process perfecting, which are permanently adjusted to the changes in its objectives and used as criteria for the managing action improvement. As described above, one of the first activities to be done with a view to implementing the new methods of IT

Governance is estimating the company situation at the beginning of the reorganization process. Identification of the typical elements of the company and its level is also necessary within the Maturity Model. On this purpose specialists recommend a systematic approach based on examining a few distinct stages, such as:

- Identification of the range of operation of the existing IT system;- Localization of the critical spots for the business development, which are to be tackled priory. The validity of the

Paretto principle is also proven in this case, namely in order to eliminate or diminish 80% of dysfunctions, one must take action over the main 20% of the causes to the weak points inside the system.

The five levels of the Maturity Model are schematically described in Figure nr.3.

Figure 3. The levels of the Maturity Model

situated and how high it should be? How helpful is it for the business and what is wanted?After this preliminary analysis, due to the Maturity Model, it is necessary to determine the key process areas. For

this, one normally develops a simple framework that focuses on high-level factors covering the IT performance areas that are of critical concern to the business. The maturity of critical performance areas will help diagnose where governance improvement efforts could help the most.

ConclusionsDetermination of the actual maturity level of the company can be done by taking into account all the key

performance areas and their individual estimated levels. It is very important at this stage to set up in a professional manner the maturity level which is optimal for the business. Higher-level stakeholders need to identify which performance areas are important to rate and where they should be on the maturity model – not in theory, but in practical terms. It may also be a good idea to qualify the rating by a planning horizon such as one to three years.

13 http://wikipedia.org

LEVEL 5Optimized

LEVEL 4Managed

LEVEL 3Defined

LEVEL 2Repeatable

LEVEL 1Initial

Finally, the strategy of implementation of a new model of IT governance is a result of comparing the desired level of maturity to the perceived level of maturity, the business and IT should be able to agree on an acceptable set of required improvements. Setting up the goals and developing an action plan that addresses the largest gaps prioritized by business must be followed by planning periodic reassessment, recommended for helping the organization measure improvement or refocus efforts based on changing needs.

Bibliography

BURLAUD, A.; GERMAK, P.; MARCA, J.P. – Management des systemes d’information, Editions Foucher, 2007. ISBN 978-2-216-10575-5 pag.34-35GARTNER. "Gartner Says World-Wide IT Spending to Surpass $3 Trillion in 2007." Business Wire, October 8, 2007. HAINAUT, J.; WALKER, P. - Getting Serious About IT Governance; Can You Afford to Put it Off? DM Direct, February 8, 2008HUBER N. (Gartner) - Firms Waste £351bn Each Year on Ill-Concieved IT Projects." ComputerWeekly.com, March 21, 2007. HUMPHREY, W.,S.; - Managing the software processes. Addison Wesley Professional, Massachusets, 1989.RUBENSTEIN. D. - Standish Group Report: There's Less Development Chaos Today. Software Development Times, March 1, 2007.http://europa.eu.int/comm/governance/white_paperhttp://wikipedia.org