Article Preview
TopIntroduction
In a world that is increasingly digitalized, the need for a good IT governance (ITG) implementation seems evident, both for the correct decision-making regarding IT based on the organization's strategy, as well as the control that those IT are indeed aligned to the needs of the business (Juiz & Toomey, 2015). In this regard, the de jure and de facto standard for IT governance was born to mainly guide board or senior executive team in these two matters, among others (ISO/IEC 38500, 2015). Nevertheless, the main difficulties to implement the ISO/IEC 38500 standard probably come from the absence of concrete instruments for ITG in organizations. Particularly, the nature of the standard does not reference how to direct, monitor and evaluate IT assets, since the standard is concerned of what to govern and do not concern in the same manner of how to do it. In fact, the main contribution of the ISO/IEC 38500 standard is to make possible harmonizing the governance of any of the business assets. Such harmonization should come from using similar decision-making mechanisms across all types of assets as the core between strategic alignment and business performance measurement.
Some of the most useful good practices for implementing IT governance frameworks are about how to direct and to control IT function, particularly, using tools for monitoring the IT strategy performance management. Performance indicators are critical ingredients of performance management, a discipline that aligns performance with strategy (Juiz, Gómez, Bermejo, Cordero, & Mory, 2019). Many organizations are adopting Balanced Score Cards (BSC), as the foundation for their strategic management system. Martinsons, Davison, and Tse (1999) claimed that the BSC emerged as a decision support tool at the strategic management level, more precisely in performance management. BSC are the result of Kaplan and Norton (1996b) proposal as a means to evaluate organization performance from four different perspectives: the financial perspective, the internal business process perspective, the customer perspective, and the learning and growth perspective.
Once there should be no longer any doubts about the necessity of ITG (Juiz & Toomey, 2015), the problem arises once it is attempted to implement the IT alignment monitoring in the organization. The main cause is that ISO/IEC 38500 standard did not emerge as a set of processes to be applied, whereas this is the common case with the IT management (ITM) standards. But being the ISO/IEC 38500 a behavior-based standard, there is commonly an interface gap in the IT assets' governance-management harmonization. This is due to a vicious cycle in its applicability that only the CIO can undo. On the one hand, IT managers are used to applying standards based on processes, procedures and best practices, but they are not belonging of top management structures. On the other hand, top management teams not only expect their strategy to be executed by IT managers but also expect measurable performance results that are directly related to the key performance indicators (KPIs) or key global indicators (KGIs) to control that execution. However, top managers may not have the IT performance information in understandable business controls. This is what in this work is defined the interface gap between governance and management, i.e., how to move from “what to do” to “how to do it” in IT, and particularly, how to feed the KPI into management measures.
Successful IT governance implementations are using different tools as decision support at strategy performance at least on the strategy level, that is why BSCs are emerging as one of these tools to monitor business and IT performance. Thus, the main purpose of this work is building BSCs in the layers of governance, management and operations, based on the necessity to translate strategic objectives and KPIs, by cascading processes of BSCs from governance layer, into managerial and operational measures in their respective layers, and backwards. By performing that, a better interaction and communication between layers, should improve the direction and control of IT aspects and reduce the misunderstandings between governance and management, what seems essential for implementing IT governance (Holt, 2013). Even though cascading BSCs are management instruments, not behavior-based, as ISO/IEC 38500 standard was originally designed and developed, within this work objectives, initiatives and its respective metrics are cascaded with the aim of using elements related to the behavior showing that BSCs can also be used to implement IT governance following the ISO/IEC 38500 standard.