INFORMATION TECHNOLOGY GOVERNANCE: THE EFFECTIVENESS IN BANKING SECTOR

Transcription

1 5-02 Information Technology Governance: The Effectiveness In Banking Sector INFORMATION TECHNOLOGY GOVERNANCE: THE EFFECTIVENESS IN BANKING SECTOR Samuel David Lee 1), Aris Budi Setiawan 2) Accounting Department, Faculty of Economics, Gunadarma University Jl. Margonda Raya No. 100 Pondok Cina, Depok samueldavidlee@ymail.com 1), arisbudi@staff.gunadarma.ac.id 2) ABSTRACT Information Technology (IT) plays an important part in determining the quality and accessibility of services. Moreover, IT has been playing more important roles for organizations in achieving their goals. To achieve effective IT governance, an organization needs to employ welldesigned, well-understood, and transparent governance mechanism. Organizational or the company that influenced by developments in information technology are the company which includes in banking sector. The progress of the banking system is strongly influenced by developments in information technology (Lee and Zahra, 2011). Within the framework of corporate governance, IT governance becomes the primary and integral part of successful implementation of corporate governance overall. Obtaining the sample data by using questionnaire of 13 banks with 70 respondents, this research examined the influences of two proposed IT governance mechanisms, which are involvement of top management in IT, IT risk management and IT Steering Committee on the overall effectiveness of IT governance. Using Multiple Regression techniques, this research found significant influence between effectiveness of IT governance and IT governance mechanisms: IT Steering committee and found not significant influence which is internal control. Keywords : Effectiveness, IT Governance, Banking Sector, Top Management in IT, IT risk management, IT Steering Committee. 1 INTRODUCTION Information Technology (IT) plays an important part in determining the quality and accessibility of services. Moreover, IT has been playing more important roles for organizations in achieving their goals. Organizations are increasingly dependent on information technology to remain competitive. Thus, it is crucial for organizations to establish good governance in IT to obtain more effective use of IT. To achieve effective IT governance, an organization needs to employ well-designed, wellunderstood, and transparent governance mechanism. The organization is started by auditing the technology information. This audit has a purpose in giving value of technology information assembling performance referring to the Control Objectives for Information and related Technology (COBIT) tool, which can be used as comprehensive devices to create IT Governance in a company organization. Various definitions of IT governance can be found in many literatures. Some of them said that IT governance is another designation of ICT governance. IT governance can be defined as the organizational capacity exercised by the board, executive management, and IT management to control the formulation and implementation of IT strategies and ensure the successful fusion of business and information technology (Grembergen et al., 2004; Trites, 2004). IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise's IT sustains and extends the organization's strategies and objectives (Moeller, 2008). According to the IT Governance Institute (2011), IT governance is defined as a structure of relationships and processes to control the enterprise in order to achieve the enterprise s goals by adding value while balancing risk versus return over IT and its processes. Organizational or the company that influenced by developments in information technology are the company which includes in banking sector. The progress of the banking system is strongly influenced by developments in information technology (Lee and Zahra, 2011). Along with the competition that occurred in the banking world, banks are increasingly improving service quality to customers. Real time operational inter-bank also has a claim to the world of banking, 117

2 The Proceedings of The 7th ICTS, Bali, May 15th-16th, 2013 (ISSN: ) as this became one of the materials for a competing service in marketing banking products. Within the framework of corporate governance, IT governance becomes the primary and integral part of successful implementation of corporate governance overall. IT governance ensures the efficient an effective measure to increase the company s business process. Top management is part of the board of directors. Top management support has been acknowledged as an essential factor in achieving higher levels of IT governance. According to IT Governance Institute (ITGI) the standard assists top management to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations use of IT. Up until ten years ago, information technology risk was not like this. Generally speaking, if a system failure or a security breach occurred, a mid-level IT manager dealt with it, and no senior executive (or the public) heard about it. companies can use their IT risk management capabilities to improve the way they run their business and even to differentiate themselves from the competition (Westerman and Hunter, 2009). IT steering committee also gives impact to IT governance. The effectiveness of the IT steering committee and the extent of its laterality will provide top management with the assurance and an embracive consensus that IT initiatives are beneficial to the organization as whole. As IT becomes a critical element of business strategies or core operating processes, so this research want to know what factor that influence the effectiveness of IT governance in banking sector. 2 MODEL, THEORY AND HYPOTHESIS 2.1 Agency Theory Agency theory explains the behavior of people in organizations as acting in their own economic self-interest, if not monitored and controlled to minimize this behavior. There are agency costs to discourage management from benefiting at the expense of shareholders. Director need to be elected by the shareholders to act as stewards of their interests. Management researcher, Rutherford and Buchholtz (2007) used survey methodology to test the relationship between board characteristic and board information asymmetric, and found that consistent with agency theory, an increase in the proportion of independent directors on the board reduced information asymmetries. In a later study, Rutherford et al. (2007) used the same survey instrument for measuring board information asymmetries to examine management monitoring and CEO incentives. An interesting finding in this study is that, as boards take actions to increase their information (reduce board information asymmetries); they increase their control over the CEO in the form of incentive alignment. This suggests that boards take actions on situational agency conflict, which is supported in recent accounting research. 2.2 Information Technology Governance According to IT Governance Institute (2011), IT governance is the responsibility of the board of directors and executives, and consists of leadership, organizational structures, and processes which ensure that the enterprise's IT sustains and extends the organizations strategies and objectives. IT governance is a subset discipline of Corporate Governance focused on information and IT assets (Weill and Ross, 2004). IT governance specifies the decision rights and accountability framework to encourage desirable behavior in the use of IT (Weill and Ross, 2004). IT governance also includes the foundational mechanisms in the form of the leadership, and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives (IT Governance Institute, 2011). A number of supporting mechanisms guide the implementation of IT governance in organizations. The Control Objectives for Information and related Technology (COBIT) is an approach to standardize good information technology security and control practices. COBIT provides tools to assess and measure the performance of 34 IT processes of an organization (IT Governance Institute, 2011). 2.3 Involvement of Top Management in IT (ITM) IT-related capability of top management commitment suggests that successful use of IT requires top executives to act as business visionaries. Top management must support and articulate the need for IT and communicate its functionality within the context of the organization's strategy, structure and systems. Top management commitment for IT-related initiatives enhances IT 118

3 5-02 Information Technology Governance: The Effectiveness In Banking Sector success by making IT resources available, supporting and guiding the IS functions. This commitment also helps integrate IT with business strategies and processes, and ensuring continuity in IT investments over time. The lack of such support may see IS resources having little effect on performance, even when substantial investments are made to acquire or develop the IS resources. In this study top management means the CEO and the level of management directly below that of the CEO. The involvement of top management appears to lead to effective IS planning. A lack of top management involvement has been shown to lead to unfavorable outcomes in IS planning, and even failure to plan for IS. 2.4 IT Risk Management (ITRISK) For many management teams, IT decisions are fraught with uncertainty. The likelihood and implications of system failure are uncertain. The implications of other IT risks, such as privacy lapses, data inaccuracies, project failures, or even corporate rigidity, are even more uncertain. All have complex causes and no perfect solutions. And they are all becoming more prominent every day. There is no such thing as a risk-free (or risk-neutral) IT decision. Every IT risk has a business consequence. Small incidents often signal larger problems, and a series of small IT decisions can lead to large levels of business risk. Therefore, every IT oversight or investment discussion should consider the decision s impact on the firm s IT risks, not just the firm s strategic needs. What is needed is a better way to make decisions to clarify tradeoffs and then let both business and IT people do what they do best. We have found a way to do just that. If business and IT executives can focus on just four key IT risks, they can make betterinformed decisions that lead to better IT (see Figure 1). The four risks are (Westerman and Hunter, 2009): 1. Availability 2. Access 3. Accuracy 4. Agility Discussing IT risks in terms of the four A s makes the uncertainty of IT risk more manageable. The four A s convert technical issues into business issues, and IT impacts into business impacts 2.5 IT Steering Committee (ITSTEERING) IT-related capability of top management commitment suggests that successful use of IT requires top executives to act as business visionaries. Top management must support and articulate the need for IT and communicate its functionality within the context of the organization's strategy, structure and systems. According to Prasad, et al. (2010) declare their result firms effectiveness of IT steering committee driven IT governance initiative positively relates to the level of their IT-related capabilities. Prasad, et al. also found positive relationships between IT-related capabilities and internal process-level performance. Furthermore, effectiveness of IT steering committee can improving in internal process-level performance positively relates to improvement in customer service and firm-level performance. 2.6 Research Model and Hypothesis Research framework and model of this research can be seen on figure 1. ITM ITRISK ITSTEER ING Figure 1. Research Framework So, the formula of this research is EITG = α + βitm + βitrisk + βitsteering Hypothesis of this research are: H1: Involvement of top management in IT influence the effectiveness of IT governance H2: IT risk management influence the effectiveness of IT governance. H3: IT steering committee influence the effectiveness of IT governance. 3 RESEARCH METHODS EITG Types of data used are primary data through questionnaires. The questionnaire is a data collection technique is done by giving a set of questions or a written statement to the respondent to answer. The population of this research is all the commercial banks in Indonesia and the commercial banks as a sample only 13 commercial banks. 119

4 The Proceedings of The 7th ICTS, Bali, May 15th-16th, 2013 (ISSN: ) The variables used in this study consisted of the dependent variable and independent variables. The dependent variable is the effectiveness of IT governance and the independent variable is involvement of top management in IT, IT risk management and IT steering committee. Hyppothesis test and data analysis technique using multiple linear regression using SPSS The steps are performed in hypothesis testing, including: Test of validity and reliability, Test Descriptive Statistics, Test Assumptions Classical, Tests of Hypotheses (t test and F test). 4. RESULT AND ANALYSIS 4.1 Normality Test Test of normality used to determine whether the data has a normal distribution. To test the normality of data can use Kolmogorov-Smirnov Test or Normal Probability Graph. The normal probability graph shows the plots spread coincide around the diagonal line and follow the direction of diagonal line, this shows that the residuals were normally distributed. 4.3 Heteroscedasticity Test Test of heteroscedastity used to determine whether the model regression has the same variance (homoscedastity) from one residual to others. If these assumptions are not meet, then there is heteroscedastity. Figure 3. Heteroscedasticity Test 4.4 Simultaneously Test Simultaneously test use one way anova or F test to know relationship between independent variables with dependent variable. Beside that, this test to know the goodness of fit of the research. Table 2 present the result of simultaneously hypothesis testing with regression model. Table 2. Simultaneously Test Model F Sig. Regression Figure 2. Normality Test 4.2 Multicollinearity Test Test of multicollinearity is used to determine whether the regression models found a correlation between independent variables. If there is a correlation, then there is a problem called Multicolinearity. Table 1. Multicollinearity Test Variables Tolerance VIF Conclusion X Free X Free X Free From Table 2 shows that those two variables as together can support the effectiveness of IT governance. 4.5 Partially Test From the previous simultaneously test, the result show that in simultaneously all independent variables of the research significance influence the dependent variable. So, next test is to see relationship between each independent variable to dependent variable use T test. Table 3. Partially Test Variable t Sig. t X

5 5-02 Information Technology Governance: The Effectiveness In Banking Sector X X The result for partial hypothesis testing show that Involvement of top management in IT has significance influence effectiveness of IT governance in banking sector. Involvement of top management in IT has significance t value Significance t value is smaller than α value This result consistent with research conducted by Vaswani (2003), Ali and Green (2005), Hoffman, et al. (2007), Wulandari (2010), Ali, Green and Parent (2009), Ali, Green and Robb (2011), and Ali, Green and Robb (2012). IT risk management also has the same result with corporate performance appraisal and involvement of top management in IT. IT risk management has significance influence the effectiveness of IT governance in banking sector. The significance t value If seeing from the significance t value, it is smaller than α value It is consistent with research conducted by Wulandari (2010). Moreover, IT steering committee has significance influence to effectiveness of IT governance with significance value This result consistent with research conducted by Steiner (1979), Doll (1985), and Ragunathan and Ragunathan (1989) quoted by Ali and Green (2006) have empirically supported the benefits of the existence of an IT steering committee in information system planning and management. 5. DISCUSSION From the above studies shows that IT governance mechanisms affect the effective use of IT governance at the top and middle level in the organizational structure on banking sector. With the support of top management, middle level in the organization feel more obliged to master a system that has been developed. Effective use in IT governance indicates the systems were integrated and it would be increase the quality of information so it will be related towards the value of the companies. Moreover, it can help to processing all transactions in one time so it timeless. Computer system also has various analysis tools to help management for assess the performance and manage operational of companies. Availability of those tools can increase the assurance of all accounting system so it certifiable for auditor. Security of information and data can be an advantages or disadvantages of effective use in IT governance. It consists of management about access to data, information and any other transaction. It can be advantages if limiting access to data or information for the employees so it can reduce any fraud and changed the data and information especially records the transaction, financial data and important information. It can be disadvantages if control to access records the transaction, financial data or important information is freely to all employees, so all employees can changed the data freely and that is fraud. In Indonesia, human resources in IT dominated by well-grounded foreign employee, particularly in banking sector, so it affects the quality of IT management in a company (Wulandari 2010). 6. CONCLUSION This study advanced our understanding about the role of IT governance mechanisms and their impact on top, middle level and the overall effectiveness of IT governance in banking sector by examining the influences of the following IT governance mechanisms: involvement of top management in IT, IT risk management and IT steering committee. This research found significant influence between effectiveness of IT governance and all IT governance mechanisms. In banking sector that influence by the development of information technology, effectiveness of IT governance become crucial part to increase the performance of the companies it can be shown in value delivery of strategy to sophisticated the technology system, vision and mission that stated in COBIT framework and reach the goals by its profit of the companies. REFERENCE [1] Ali, Syaiful and Peter Green Effective Information Technology Governance Mechanisms in Public Sectors: An Australian Case. Pacific Asia Conference on Information Systems 2006 Proceedings. [2] Ali, Syaiful and Peter Green Effective Information Technology (IT) Governance Mechanisms: An IT Outsourcing Perspective. Information System Frontier (2012) 14: [3] Ali, Syaiful and Peter Green Determinants of Effective Information 121

6 The Proceedings of The 7th ICTS, Bali, May 15th-16th, 2013 (ISSN: ) Technology Governance: A Study of IT Intensity. Proceedings of International IT Governance Conference, Auckland, New Zealand, [4] Ali, Syaiful, Peter Green and Michael Parent The Role of a Culture of Compliance in Information Technology Governance. Proceedings of GRCIS [5] Hoffman, Francisco Gonzales-Meza and Peter Weill Banknorth: Designing IT Governance for a Growth-Oriented Business Environment. CISR Working Paper. [6] Ali, Syaiful, Peter Green and Alastair Robb IT Investment Governance: Measurement Development. Mediterranean Conference on Information Systems 2011 Proceedings. [7] Ali, Syaiful, Peter Green and Alastair Robb The Influence of Top Managements Absorptive Capacity of IT Governance Knowledge on Business-IT Alignment: an Empirical Analysis. AMCIS 2012 Proceedings. [8] Information Technology Governance Board Briefing on IT Governance. [9] Grembergen, W. V., Haes, S. D., & Guldentops, E Structures, processes and relational mechanisms for IT governance. In W. Van Grembergen (Ed.), Strategies for information technology governance (pp. 1 37). Idea Group Publishing. [10] Moeller, R.R., Sarbanes Oxley Internal Controls: Effective Auditing with AS5, COBIT and ITIL. John Wiley & Sons, Hoboken, New Jersey. [11] Trites, G. (2004). Director responsibility for IT governance. International Journal of Accounting Information Systems, 5, [12] Westerman, George and Richard Hunter Developing a Common Language About IT Risk Management. CISR Working paper. [13] Prasad, Acklesh, Jon Heales and Peter Green A Capabilities-based Approach to Obtaining a Deeper Understanding of Information Technology Governance Effectiveness: Evidence from IT Steering Committees. International Journal of Accounting Information Systems 11 (2010) [14] Lee, Samuel David and Laina Zahra Digital and Cash Transaction in Indonesian Local Government. Proceeding, International Conference on Micro Finance. [15] Rutherford, M. and Buchholtz, A Investigating the relationship between board characteristics and board information. Corporate Governance, Vol. 15, No. 4, pp [16] Rutherford, M., Buchholtz, A. and Brown, J Examining relationships between monitoring and incentives in corporate governance. The Journal of Management Studies, Vol. 44, No. 3, pp [17] Vaswani, R Determinants of Effective Information Technology (IT) Governance. Australia: Unpublished Thesis, School of Business, University of Queensland. [18] Wulandari, Pandam Rukmi Effectiveness of IT Governance Determinants: Empirical Study in The Companies of DKI Jakarta. Undergradute Thesis (Unpublished). [19] Well, P and Ross J. W IT Governance: How Top Performers Manage IT Decision Rights for Superior Result. Boston, Massachusetts: Harvard Business School. 122