Stewardship Models of IT Governance Beyond Agency Theory.doc

Stewardship Models of IT Governance: Beyond Agency TheoryRefereed research paper submitted to MWDSI, Chicago, April 2007Information Technology and E-Business TrackPaul S. Licker, Ph. D.School of Business AdministrationOakland UniversityRochester, MI 48309lickeroakland.edu248-370-2432Stewardship Models of IT Governance: Beyond Agency TheoryAbstractMost approaches to IT governance are grounded in agency theory (Jensen and Meckling, 1976, 1994). Agency theory assumes that the interests of owners and managers are inherently in conflict and that defensive activities are necessary by owners to protect these interests. Stewardship theory (Donaldson and Davis, 1991) points out that these assumptions arent always true. A series of theoretical propositions concerning the stewardship model were made by Davis, Schoorman and Donaldson (1997). Their ideas, in conjunction with ideas on best practices in IT governance from Weill and Ross (2004) provide an explanation for variance in the effectiveness of a variety of governance models. Application of the stewardship model results in several novel approaches to IT governance and technology management, especially with regard to post-implementation value delivery.Stewardship Models of IT Governance: Beyond Agency TheoryAn Alternative View for IT Governance Most ideas of IT governance are grounded in agency theory (Jensen and Meckling, 1976, 1994). Stewardship theory (Donaldson and Davis, 1991) points out that the assumptions of agency theory arent always true. Their alternative, called “stewardship theory” (Davis, Schoorman and Donaldson ;1997) predicts that IT governance should resemble that predicted by agency model less than it does in practice. This paper provides reasoned speculation for the differences and proposes empirical work to demonstrate why these differences have arisen. Application of the stewardship model results in several novel approaches to IT governance and technology management, especially with regard to post-implementation value delivery.IT Governance: IntroductionWhile IT expenditures in all sectors of the economy have mushroomed, concern over budget has also risen and expanded to concern in other areas, such as governance. IT governance encompasses all areas of corporate information and information systems responsibility. In an era of close examination of corporate responsibility and the critical role of information in this, additional increased scrutiny of IT governance is a natural result. One approach to “curing the disease” is to institute or improve IT governance (Ross & Weill, 2004). Ross & Weill claim, for example, that “effective IT governance is the single most important predictor of the value an organization generates from IT.” Given the power of that predictor, there must be large rewards in governing IT effectively. However, its not immediately clear how to do this and much of that advice about effective IT governance is confusing because of the multiple ways in which it is defined and implemented.A Definition of Corporate GovernanceIT governance is a type of corporate governance. The term “corporate governance” typically refers to the relationship between the owners of firms and the management they hire to run their firms for them (typically CEOs and other “C-level” people, often professional managers). A typical definition is one by Tirole (2001) who says “The standard definition of corporate governance refers to the defense of shareholders interests.” Corporate governance is the process through which those interests are defended, given that owners are cut off from day-to-day activities of their firms and arrange to have managers run the enterprises. Corporate governance however, must be concerned with, on the one hand, minimizing the costs and risks of this arms-length management and, on the other, with maximizing returns to the owners using the skills of the hired management. These days, risks are also legal and ethical and returns are complex, and not necessarily defined only in monetary terms. Hence corporate governance is not a simple process and in many large firms can require a great deal of attention. In most senses, corporate governance is a joint project of the owners and managers. Given the gap assumed to exist between these two and the specialized knowledge needed to make IT useful, IT governance can only become more complex to handle, which is why, to some extent, IT governance turns out to be very challenging.IT Governance DefinedWebb, Pollard and Ridley (2006) performed a content analysis on a dozen definitions of IT governance. They noted a “lack of clarity” in the concept of IT governance, but derived a composite definition: “IT Governance is the strategic alignment of IT with the business such that maximum business value is achieved through the development and maintenance of effective IT control and accountability, performance management and risk management” (emphasis mine). Ross and Weill (2004) define IT governance as “specifying the decision rights and accountability framework to encourage desirable behaviors in using IT”(p. 2; emphasis mine). In a similar vein, Peterson (2004) defined IT governance as “the distribution of IT decision-making rights and responsibilities among enterprise stakeholders, and the procedures and mechanisms for making and monitoring strategic decisions regarding IT” (pg. 8, emphasis mine). Van Grembergen, De Haes and Guldentops (2004) cite a list of IT governance definitions including “The organisational capacity to control the formulation and implementation of IT strategy and guide to proper direction for the purpose of achieving competitive advantages for the corporation” (MITI, 1999; emphasis mine), “leadership and organisational structures and processes that ensure that the organisations IT sustains and extends the organisations strategy and objectives” (ITGI, 2001; emphasis mine) and “control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT” (Van Grembergen, 2002; emphasis mine). The core of these definitions lies in the italicized phrases: control and guidance of IT management and user behavior towards corporate goals. Implied by these definitions are the ideas that (1) IT is in a sense separate, separable, and different from the corporation, (2) IT will not, by itself, work in consonance with those goals and (3) IT therefore needs to have its behavior and the behavior of those using the products of IT controlled and guided. Hence IT governance is inherently more specific and complex than corporate governance from which it has evolved (Webb, Pollard and Ridley, 2006). As a complex activity, it requires structure. IT Governance ApproachesThere are two broad approaches to governance of IT. The first focuses on decision and authority structures and the second on the activities of IT itself. Most writers adopt an “architectural” approach, designing authority, usually decision authority, within a structure. Theoretically, Sambamurthy and Zmud (1999) refer to three different architectural approaches (centralized, decentralized and federal) while Weill and Ross (2005) expand and embellish this list to six (business monarchy, IT monarchy, feudal, federal, IT duopoly and anarchy). In practice, there are many ad hoc approaches, including steering committees and user groups, but two consistent and systematic approaches stand out (COBIT (IT Governance Institute, 2007) and ITIL(Office of Government Commerce, 2001). These practical frameworks focus on control, security and accountability in the service of goal alignment. All approaches recognize the challenges of IT governance.IT Governance challengesThese are most clearly discussed in terms of the challenges facing IT governance and the capabilities or resources needed to meet those challenges. Korac-Kakabadse and Kakabadse (2001) term the two sets of challenges “control” and “stakeholder”.Governance is intended to handle challenges in IT in three ways referred to by Peterson (2001, 2004) as “structural”, “process” and “relational”. The first is focused on strategic alignment (Weill and Ross, 2004) and refers to the structural relationship of the IT function to the rest of the firm. While most pundits agree that IT is used in organizations to further strategic goals, there is some disagreement about how to make that happen and even how to determine that alignment has actually happened. This set of alignment problems is a relatively recent concern for organizations. As organizations moved from business process automation to information-based strategic management (Venkatraman, 1994; Ward and Elvin, 1999) the potential for impact on enterprise activities increased. While, again, there is some disagreement as to the level, type, and sustainability of IT-enabled strategic advantage (Carr, 2003), there is no disagreement as to the impact of IT on strategic initiatives in todays business. Hence there is concern that IT at least not work against strategic interests by diverting resources (especially financial resources, of course) or creating barriers through opaque or faulty systems. Good governance is intended to insure the alignment of the presumed IT interests of technical excellence and efficiency with those of the firm at large. Much of this structural discussion has centered on the role of the Chief Information Officer (CIO) and the proper placement of this person relative to others in the executive suite. Another concern is Strategic Information Systems Planning (SISP, (Lederer and Hannu, 1996), an exercise in planning for the information systems function defined as “a portfolio of computer-based applications that will assist an organization in executing its business plans and realizing its business goals.”One goal of SISP is executing appropriate and presumed goal-aligned resource allocation, which Peterson (2004) suggests is related to process capability. In the broad sense of the function and structure of all IS resources, this refers also to the architecture, procurement patterns, and usage patterns of IS physical and intellectual resources. Governance resource allocation goals include the appropriate translation of aligned, strategic IS goals into IS operational and developmental effort. Much of this work is focused on technical architecture, both physical and functional, and especially on justification and evaluation of IT expenditure for purchase or lease of hardware and development of software applications.While alignment and resource allocation challenges at least have conventional approaches (SISP and enterprise resource planning, for example), it is in the area of management of the information systems function that governance challenges have proven difficult to solve. This is primarily because IS management has traditionally been isolated from general management; there are few points of commonality in training, temperament and terms. Peterson points out that the “key to relational capability is the voluntary and collaborative behavior of different stakeholders to clarify differences and solve problems, in order to find integrative solutions” (2004, pg. 15). Obtaining this collaborative behavior is not easy. The history of information systems is one of user-IT professional conflict, broken promises and frustration all around, in the midst of an explosion of useful IT applications.Thus as a solution to corporate IT challenges, IT governance is itself problematic. A number of approaches at a number of levels involving a number of management philosophies have created confusion, making it difficult to translate IT governance, as a way of implementing protection of owners property into actual IT practice in the hands of technical experts and users. Perhaps one difficulty with meeting governance challenges might be in the fundamental theory underlying the ideas of governance as practiced in most firms, namely agency theory, to which we turn now. Agency TheoryAgency Theory DefinitionAgency theory (Eisenhardt, 1989) is a view of corporate governance that attempts to explain the mutual behavior of principals (generally owners of firms) and the managers of those firms (termed “agents). In agency theory, agents and owners act as self-interested parties despite the necessity for them to work together to achieve corporate outcomes. Agency theory makes no explicit assumption about the alignment of principal and agent goals. However, agency theory mainly addresses the “agency problem” which arises when these goals are not aligned and when the behavior of agents cannot be assumed to be consistent with the goals of the principals. A typical solution to the is to create mechanisms through which agent behavior is forced into alignment through controls or inducements. The former is commonly accomplished through audits and performance evaluations by the board of directors (with the threat of dismissal as the punishment for non-aligned performance). The latter provides financial rewards if corporate performance is within a desired range. Central to these mechanisms is the act of delegation from principal to executive. It is actually the act of delegation rather than specifically who is doing and receiving the delegation (owner to CEO) and the risks involved. Thus, agency theoretic ideas can be percolated downward through the management chain to any level of management. Presumably the lower the level of management, the easier the performance audit becomes (because the activities are more time limited and narrower in scope) and the more highly defined the economic inducement (generally limited to compensation). Assumptions of Agency TheoryThe assumptions of agency theory are simple. 1. People are rational 2. They make decisions on economic grounds and 3. They attempt to maximize their own utility functions. Given the nature of corporations, with distant owners and rapidly changing operational conditions, it is unlikely that principals and agents have closely aligned interests; hence it is expected that agents and principals will not act in alignment. The interests of principals must be defended, therefore, through strategies to control the behavior of agents. Use of Agency Theory in ManagementPractically speaking, agency theory is useful in evaluating control and motivational schemes through which principals and agents can communicate economically, given the assumptions of conflicting interests. Agency costs arise from the execution of these schemes. It is desirable to keep these costs sufficiently low; otherwise, the principals will find themselves managing their firms. In addition to direct economic inducements through bonus schemes and dividend