Modeling Viable Business Process for ICT Policy Management

Reza Alinaghian, Azizah Abd Rahman, Roliana Ibrahim

Department of Computer Science, Mobarakeh Branch, Islamic Azad University, Mobarakeh, Isfahan, Iran

Faculty of Computer Science and Information System, Universiti Teknologi Malaysia, 81310 Skudai, Johor, Malaysia

Abstract

This paper demonstrates the abstract of Information and Communication Technology

(ICT) policy significances in order to reflect the importance of the study. In addition, brief of

issues, challenges and shortcomings that ICT policy analysis is currently facing are highlighted.

In other words, the background of ICT policy problem is illustrated. The paper then discusses

strengths and weaknesses of Business Process Modeling (BPM), the suitable technique for ICT

policy analysis proposed by scholars. Subsequently, a business process model for ICT policy

management is proposed. The weaknesses of BPM are significantly tackled with the application

of Viable System Model (VSM). In fact, there are various considerations taken into account

while formulating the proposed solution. Considerations such as: a- current ICT policy

management issues and challenges of the case study organization and b- viable requirements,

including the systemic structure of VSM. However, the case study organization is the second

biggest Malaysian Public Institution of Higher Education. It currently has 14 faculties, 14

residential colleges and 6 schools. There are more than 20,000 students enrolled in the

university. The university has about 2000 lecturers. This paper reflects part of a PhD project.

Keywords: ICT policy, Business Process Model (BPM), Viable System Model (VSM)

1. Introduction

ICT is a powerful tool that helps organizations to participate in the global market through

promoting political accountability, improving the service delivery and enhancing opportunity’s

development. However, organizations are increasingly spending on ICT but a long history of

ICT failure or at best mitigated success (Schwalbe 2006) reveals that organizations need to

improve the way ICT is invested and exploited. Therefore, a mechanism is essential to ensure

that ICT investments and operations are acceptable, effective and efficient. ICT policy has the

potential to provide that mechanism. Through application and management of ICT policy, ICT is

considered as the enabler in business and organizations can take competitive advantages from

their ICT. In other words, ICT policy successful application and management help organizations

to unlock the power of technology and align their ICT to business objectives. However, the topic

has received little attention to date (Kalika 2007; Reza Alinaghian 2010) especially among

academicians.

ICT policy development life cycle had been explained as the main driving force that

serves as a policy central nervous system. There are four main phases or processes constituting

ICT policy life cycle; 1- development, 2- implementation, 3- monitoring, and 4- evaluation.

Development phase outlines all the required processes in ICT policy formulation (Mashinini

2008). Implementation phase outlines all the necessary processes in ICT policy awareness

raising, training or education, interfaces mediation or adoption (Kalika 2007), and enforcement

(Reza Alinaghian 2008). ICT policy monitoring outlines all the processes required in

environmental scanning to ensure users’ requirements satisfaction and value adding. Monitoring

helps measure ICT policy against defined goals, and ensures that goals have been achieved. At

this stage gap during implementation are identified, which results in making potential

adjustments in order to address problems and close gaps. The last ICT policy life cycle phase is

the policy evaluation process. Evaluation should be designed to measure and understand both

internal and external elements having an impact on policy, such as changes in political

landscape, economic issues, social challenges, technological challenges, and internal regulations

and so on. It is indicated that management of ICT policy development life cycle provides

insightful understanding of issues and risks, and the situation is presented in a dashboard format

enhancing interpretation and expediting decision-making processes (Mashinini 2008).

1.1 ICT Policy Significances

On the other hand, the Australian Standard for Corporate Governance of ICT (AS8015)

defines corporate governance of ICT as "The system by which the current and future use of ICT

is directed and controlled”. It involves with directing and evaluating ICT plans to support

organization and monitor ICT use in order to ensure achievement of the plans. ICT governance

includes ICT strategy and policy for using ICT within an organization (Calder 2008). However,

policy is the instrument of strategy (Unit 2004) and nowadays organizations cannot compete

without ICT strategy (Rodgers 2002). This argument thus, points to policy intervention as an

inclusion issue (Mochrie 2005). ICT policy is an underlying structure which ensures the proper

guidance of different ICT-related services (Mashinini 2008). Different aspects of ICT policy

empower different stakeholders, and that is how ICT can contribute to society empowerment and

emancipation (Stahl 2008). ICT policy is also a constituent of knowledge society encompassing

social, ethical and political dimensions. It seeks to ensure ICT is put into service that is enabling

rather than disabling (Bindé 2005; Mansell 2008). ICT policy backs up ICT vision (Chini 2008).

It is important to include ICT vision as explanatory factors in the assessment of different policy,

especially in the case of ICT (Galit Cohen-Blankshtain 2004). It has multiple goals such as

improving ICT quality, efficiency, security, legality and ethics. Therefore, it is regarded as a

means of ICT control and standardization (Kalika 2007). In fact, ICT policy is very crucial

because the potential of ICT depends on how it is used (DeSanctis 1994).

1.2 ICT Policy Challenges and Issues

However, it is indicated that although the current ICT policy researches are conducted in

different countries, but the analysis provides insight into international ICT policy analysis. As

some of the countries are among the world’s leading nations in ICT and advanced in ICT policy

making. One of the significant issues that can be identified with current ICT policy is that it is

mostly uninformed about the everyday lives of citizens and their ICT perspectives or

perceptions, in addition to the evaluation of ICT policy success merely in the form of computer

and internet access statistics (Olsson 2006). These data are not sufficient for evaluating ICT

policy effectiveness (Raboy 1998). They require closed examination with consideration of day to

day situations (Moores 2000). In fact, this is the point that ICT policy becomes problematic

because it does not take full responsibility for the visions. Practically, authorities pass the

responsibility to the users once computer and internet access are disseminated. Therefore, the

ICT policy does not survive an encounter with the users for whom it is made (Olsson 2006). In

other words, there is often a difference between designers or decision-makers and community’s

ICT perception (Kalika 2007).

Current ICT policy is mainly developed with either minimum or no consultation with

affected people, and that is the foremost reason for the policy to not taking into account the

community requirements (Mashinini 2008). In other words, one of the ICT policy identified

issues is incomplete formulated ICT policy, especially in supporting all the stakeholders.

Therefore, not everybody benefits equally from ICT in such conditions of power imbalance,

which indicates the ICT policy to be very weak (Olatokun 2008). Subsequently, the result is that

ICT policy is not reflecting the needs and interests of the people, who in turn do not use them

(Olatokun 2008). In sum, ICT policy mostly lacks a strong human development emphasize in

order to extend modern ICT services for everybody’s benefit. That is mainly due to the lack of

ICT utility focus, licensing delay, slow ICT policy implementation and fixation on ICT business

ownership (Brown 2008). Hence, it is not only that the empowerment and emancipation are not

achieved but the primary aim of the policy in the first place is also not met.

1.3 ICT Policy Problem Background

Therefore, the analysis revealed requirements for further political efforts in shaping the

new ICT into a civic tool (Olsson 2003), which addresses and leverages the conditions,

effectiveness and appropriateness of ICT policy because it cannot be left entirely to the citizens

(Olsson 2006). Many countries are currently facing with the difficult task of formulating the

national ICT policy development framework that could enable and equally benefit all

stakeholders (Olatokun 2008). In addition, in many cities there is neither a clear ICT strategy nor

explicit ICT plan to address ICT as a policy arena (Galit Cohen-Blankshtain 2004). However,

there is a lack of sincerity which betrays dealing with potentially empowering use of technology

when analyzing the policy document in detail (Stahl 2008). In fact, current ICT policy literature

is fragmented and also misses several important points (Mochrie 2005).

In 2005, “Towards Knowledge Societies”, a world report published by UNESCO clearly

indicated the absence of a model to ensure that ICT development is performed in enabling rather

than disabling (Bindé 2005). It is also stated that further research into user acceptance, adoption

and implementation of ICT policy is needed. A policy framework is necessary to provide a route

map to guide the process of the policy development life cycle to ensure effective service

delivery. The framework needs to be flexible in order to accommodate environmental dynamism

(Mashinini 2008). Research is needed that develops methodological and theoretical approaches

focusing on the communication process dynamically, and involving power relationships with

regards to community empowerment. A useful framework is required to critique the embedded

values in ICT policy, a forward-looking research framework to encourage sustainable

development. The research has to move beyond simplistic and dualistic thinking and address

barriers and opportunities for systematic bottom-up policy formation and implementation

(Mansell 2008). Such a framework has the potential to enable the community to move closer and

understand the ICT policy contribution towards peaceful human relations, which is a sustainable

development (UNESCO 2001).

However, analysis will fail to trace historical interdependencies if treating a specific ICT

policy independently and shifting the focus from material arrangements bringing policy into life

to policy document’s ideological study. Therefore, further ICT policy research needs to

investigate identities, forms of visibility, techniques and government purposes clearly (Chini

2008). Eventually, it’s explicitly indicated that failure at the policy level reflects important

shortcomings in technology and innovation conceptual framework (Liagouras 2010). Thus, an

ICT policy management framework is required (Reza Alinaghian 2010), which has a very

important contributions with consideration of the United Nations Charter in 1945 and the

Universal Declaration of Human Rights (UN UDHR) in 1948, which obliged all states to

establish, protect and enforce human rights at the global, regional and local levels (Montiel

2007).

2. Methodology

Policy research is usually undertaken with qualitative research methods that can provide a

profound insight into a complicated phenomenon (Galit Cohen-Blankshtain 2004). It is indicated

that, this method 1- allows close interaction between researcher and community, 2- helps identify

different properties and dimensions with their relationships and connections for the purpose of

analysis, 3- is more reflective of reality especially the current challenges regarding the status of

ICT policy, 4- assists researchers to be collaborative and discursive in nature, being in continues

interaction with ideas and in the generation of ideas through constructive criticism and discourse,

5- has no preconceived ideas, it is shaped and detected by the data from the respondents and 6- is

not rigid but flexible as the situation changes (Mashinini 2008). Therefore, interview is one of

the most suitable techniques for data collection.

In addition, Business Process Modeling (BPM) technique has been proposed for ICT

policy analysis. It is described that BPM is suitable for applications with the essential sense of

process or state, in other words, the process oriented-applications with at least one of the

following typical characteristics: 1- Long running (the process span hours, days, weeks, months

or more from start to finish), 2- Persisted state (the process state is persisted to a database to

outlast the server hosting it because the process is long lived), 3- Bursty and sleeps most of the

time (the process mostly spends its time asleep and waiting for the occurrence of next triggering

event), and 4- Orchestration of system or human communications (management and coordination

of communications between various systems or human actors is the responsibility of the process)

(Havey 2005). ICT policy analysis is long running, has persisted state, and is the orchestration of

system or human communications (Kalika 2007). Therefore, BPM is suited for the application of

ICT policy analysis. In fact, the application of business model analysis in the context of policy

analysis is indicated as a relatively new approach. It could be a tool for policy makers to better

understand ICT innovation dynamics, market developments, and accurate assessment of policy’s

potential impact. It is argued that policy makers may take more appropriate measures and

illustrations through the application of an integrated business model framework. Such a

framework can potentially be an effective cognitive tool shifting emphasizes from specific

isolated policy domain or market in traditional policy analysis towards the determinants of

successful business models (Martijn Poel 2007). The three main challenges for policy makers

and analysts have also been highlighted as: 1- The ICT market’s dynamic, multi-domain and

multi-stakeholder character, 2- The ICT market’s multi-sided nature mediated between various

groups of stakeholders and 3- The policy formulation and analysis manifold implications.

Therefore, it is less relevant to study ICT policy in isolation. It is explained that an integrated

framework can be more effective than a partial analysis since it helps policy makers to

understand ICT developments, monitor progress, identify opportunities and bottlenecks, and

assess the policy role. Accordingly, a new approach (application of the business model in policy

analysis) is proposed which could be added to policy analysts’ toolbox, and further work

focusing on the combination with other methods (Martijn Poel 2007). Consequently, ICT policy

challenging issues can be potentially tackled through the transformation of knowledge and

activities into a process model which enables decision-makers to filter out the irrelevant

complexities and focus on essential elements.

However, there are various issues and challenges with BPM that are specified such as:

standardization of modeling approaches, identification of model’s value proposition, establishing

business value proposition, support for process automation or execution, and standardization of

process modeling tools, techniques and methods, and etc. Additionally, limited support from

academic literatures to guide practitioners’ efforts are the other roadblocks in BPM (Marta

Indulska 2009). There is also a lack of BPM empirical studies (Tom R. Eikebrokk 2008).

Accordingly, Viable System Model (VSM) is adapted in formulating the proposed solution

(model) in order to tackle some of the issues and challenges with BPM.

Since ICT is very fast changing, and ICT policy has fluid and fragmented nature (Chini

2008), VSM is utilized as the most suitable method for organizational diagnosis and data

analysis. The VSM as a diagnosing tool to (re-)design organizational process is considered to be

“the most usable and developed organizational cybernetics expression” (Jackson 1991). The

VSM’s intention is to develop functions within an organization that enable it to survive in its

given environment (Sidney Luckett 2001). It is recursive, variety reducer, quick on the draw and

adaptive. The VSM seizes its opportunities, which guarantees survival. The diagnostic power of

the tool has proven it to be worthy, which has been determined through its application to all

kinds of organizations (Beer 1981). The VSM is identified and indicated to be flexible and

robust, the two advantages that are a prerequisite in fast-changing environments. It is flexible

because new strategic components are easily inserted into any level without having to make

dramatic changes to surrounding structures. It is robust because of having long term focus rooted

in the identity of the organization (Espejo 1989). Beer defines his model (VSM) to be successful

and well-functioning because it has been tried in the human body, and it works. In addition, the

proposed model is also evaluated / verified through application of VSM during the design phase

(application of viable requirements and structure). For instance, multi-level systemic structure of

VSM is the main consideration and motivation in dividing-and-conquering the model. It is stated

that a good Business Process Model is developed 1- through the application of a divide-and-

conquer technique, which helps reduce a difficult problem to smaller and more manageable parts

and 2- if possible by using the existing approach instead of inventing new technology (Havey

2005).

Eventually, different studies have shown different methods used for evaluating and / or

verifying the Business Process Model. In other words, the Business Process Models have been

evaluated and / or verified differently. For instance, by formal mathematical verification

(Plexousakis 2000), through transformation of process diagrams into workflow diagrams (Gero

Decker 2010), validating via prototyping (Buchs 2006), and peer (interviewee) review in the case

of policy analysis (Martijn Poel 2007) have been used in evaluating and / or verifying the

business models. Evaluating and selecting suitable modeling technique(s) depends on the

characteristics and requirements of individual projects (Giaglis 2001). Accordingly, the proposed

ICT policy management model has been evaluated / verified from various perspectives such as;

1- Interviewees (peer) review of the model who are mostly the IT managers, IT officers, IT

consultant and CIO of the case study organization, 2- Prototype system (ICT Policy Manager)

design, development and testing by a sample of community users and 3- through application of

VSM during the design phase.

In addition, two graphical modeling notations for BPM have been identified as the

Business Process Modeling Notation (BPMN) and UML Activity Diagram. However, BPMN is

more expressive, which makes it the preferred choice (Havey 2005). It is consistent with UML

and understandable by business users, stakeholders, analysts and developers. BPMN can be

incrementally adopted. In addition, it is also widely extensible and its popularity is rapidly

growing (Luca Abeti 2008). BPMN gives the modeler much freedom to model. BPMN benefit is

that it does not favor a particular textual language. In other words, it leaves the modeler with

freedom to choose execution language for BPMN model’s implementation. BPMN Models are

also used to specify software system requirements. However, BPMN is used more at the

conceptual level rather than the execution level (Gero Decker 2010). Therefore, BPMN is

utilized to develop the process diagrams.

3. ICT Policy Management Model

3.1 Level One (Organization’s Division(s) and the IT Unit(s))

System one is managed by “Divisional Directorate” through its management tool;

“Divisional Regulatory Center”. System one contains components which involve 1- organization

of division, 2- control routine responsibilities and activities of division and 3- implementation or

operation of divisional processes and activities (Beer 1979; Beer 1981; Beer 1985). Putting these

to ICT policy context, in order to operate and organize the ICT of division(s), the ICT policy is

to be implemented. To achieve control over the ICT activities and operation, the ICT policy has

to be monitored. If the ICT policy is developed at this system, other division(s) may refuse to

adopt because it may not address their ICT issues and / or requirements. To review or evaluate

the ICT policy, feedbacks are needed from the whole organization, and not only from that of a

division. Therefore, the main processes that have to be performed at system one are

implementation and monitoring. The case study’s level one contains the “Faculty Directorate”

and its ICT management tool is the “Faculty IT Unit”. The Faculty IT unit is responsible for

managing all ICT related affairs of the faculty and its departments. The IT unit is formed by an

IT manager who is a lecturer and an IT officer who is a technician to assist the IT manager.

However, management always plays a very important role in any activity. They have

jurisdiction to assign accountability, provide human and financial support, and supervise.

Therefore, the faculty directorate is the key success at the faculty level and educating the faculty

directorate on ICT is the building block. Through education, management’s ICT interest is

attracted, innovation is enhanced, effective and efficient decision-making is created.

Management at this level also requires the necessary and good tool(s) in order to perform

excellently. To achieve expected and desired outcome, a standard and robust ICT management

tool (IT unit) is essential. Therefore, the IT manager’s proper and careful selection and

preparation is a pre-requisite. First, it is very important to select IT managers based on their

qualifications. Second, it is necessary to create incentives for the position. However, motivation

is provided through considering IT manager’s administrative obligation and effort in their

appraisal. These may include awarding extra fixed monthly payment and additional awards and

rewards for outstanding performance, in addition to lowering the academic work load assigned to

IT managers. Third, educating IT managers on the appointment positively impacts on their ICT

performance. They need to be educated and skilled in administration and ICT. Therefore, they

can handle situations professionally, in addition to understanding and appreciating ICT roles and

its importance. Fourth, IT officers have to possess technical skills and knowledge in order to

assist IT managers technically.

The Faculty’s IT unit is supposed to be visible at the faculty level. There are positive

aspects in shifting IT managers from their academic offices to the faculty administration area

with an appropriate sign board. First, constant and extensive interaction and communication with

the faculty directorate is established. Second, impression is created among staff to consider the

IT manager as a member of faculty administration. Third, the faculty directorate’s clerical staff

can assist the IT manager in performing ICT administrative activities in addition to providing

constant and comprehensive access and communication channel to the faculty community via

assistant personnel. Consequently, the ICT help desk is officially established at the faculty. The

ICT help desk creates a positive impression among community members. The ICT help desk can

support and encourage the faculty community in their ICT affairs. Subsequently, the community

also performs differently when it realizes that the ICT help desk can support and observe their

ICT exploitation. On the other hand, accountability is a crucial factor in successful ICT

governance in general, and ICT policy management in specific. Accountability is imposed

through official assignment of the roles, responsibilities and / or job specifications. Assigning

accountability to IT managers holds them officially answerable to superiors and makes them able

to gain a clearer picture or understanding the position’s entire responsibilities. Some of the

responsibilities are explained next.

Firstly, planning and distribution of ICT and policy tasks at this level improves ICT

governance and policy management. Secondly, ICT policy awareness raising campaign in

addition to ICT education is more effective at this level since it is close to the community.

Thirdly, effective and efficient identification and collection of ICT issues and requirements from

the base of organization is best performed at this level. However, comprehensive identification

and collection of ICT issues and requirements results in the formulation of all-inclusive, effective

and accurate ICT policy or careful evaluation of the current ICT policy. Fourthly, ICT policy

monitoring returns a more reliable outcome since this level is close to customers.

ICT issues and requirements are the main building blocks of ICT policy. They are the

inputs to ICT policy development and evaluation. ICT issues and requirements are also the

objectives or targets of ICT policy implementation and the outcome of the ICT policy monitoring

process. Through identification of ICT issues and requirements, authorities are able to verify ICT

policy effectiveness, accurateness and vulnerability. Subsequently, ICT policy is evaluated or

formulated based on identified and collected ICT issues and requirements. However, ICT-related

issues and requirements are best identified and collected from the base of organization where

customers are utilizing ICT services and facilities. Therefore, it is important to provide a

convenient and stable mechanism close to customers in order to identify and collect ICT issues

and requirements extensively. ICT service and communication platforms provided at the faculty

plays a very important role in this matter. The community is encouraged and supported through

the convenient and stable ICT service and communication platform. The ICT policy awareness

and education is conducted, partial monitoring is performed and ICT issues and requirements are

identified. Subsequently, ICT exploitation and operation are enhanced in the community.

The ICT service and communication platform(s) at the faculty can be established through

various means such as faculty ICT help desk and also by creating faculty ICT discussion group

on social-networking websites such as Facebook.com and / or Twitter.com. Creating a faculty

ICT discussion group on social-networking websites managed by the faculty IT unit has

advantages. 1- It is free of charge, constant and reliable. 2- Can cover the entire faculty

community. 3- Faculty community interacts conveniently. 4- Continuous and frequent ICT

policy awareness raising and education are conducted with almost no cost and effort. 5- ICT

services, facilities and policy issues, requirements or feedbacks are identified and discussed. The

Faculty IT unit can provide ICT advice and consultation to the faculty community via ICT

platforms.

Additionally, conducting occasional ICT meetings among faculty staff chaired by an IT

manager and supervised by the faculty directorate helps identifying ICT issues and requirements

as well as discusses and exchanges ICT services, facilities and policy feedbacks. Moreover, an

ICT workshop conducted by the IT unit annually, during the orientation week, where new

students join the faculty, is very effective and efficient. It can include introduction and education

to the university’s ICT services, facilities and policy. New students are introduced to the

university’s ICT services and facilities’ features, objectives, acceptable behavior and usage;

advantages that ICT policy could deliver to the organization and its community, in addition to

disadvantages that potential breach has on an ICT operation. However, conducting an annual

ICT workshop is cost-effective and covers the entire faculty community in a long term. It also

helps authorities ensure that the community is kept aware of the ICT policy and educated on

proper, acceptable and professional ICT exploitation. Furthermore, through faculty ICT meetings

and workshops, authorities are able to identify new ICT issues and requirements that lead to

evaluate, update or improve ICT services, facilities and policy.

On the other hand, producing ICT reports at system one also helps management to gain

broad ICT feedback or input that assists them to monitor a university’s ICT and correspond

accordingly. Therefore, frequent ICT reports from computer laboratory technicians, network

administrators, IT officer and faculty’s head of departments addressed to IT manager and / or

faculty directorate are necessary to be generated at this level. The reports are appended with

additional supporting information and directed to IT Technical Committee (level 4) and

University IT Committee / University Executive Committee (level 5). Thus, ICT reports ascend

the organization’s management hierarchy where all management levels are kept informed and

participated.

Figure 1 presents level one’s process diagram. The process diagram summarizes the level

one’s proposed ICT policy management model. It provides a brief and general view of the entire

process that can also be used as a quick reference. It is a complementary guide in understanding

the entire proposed model for system one. The following scenario explains the diagram. There

are two main routes in the diagram. Both routes are traversed concurrently. In addition, level one

is in continuous communication with levels three, four and five through the IT manager and the

faculty directorate. However, the first route is where the ICT policy implementation and

monitoring are continually performed. The ICT policy feedbacks are collected through the path

via ICT policy monitoring. The ICT policy feedbacks can be considered as input to the ICT

policy implementation, or as newly identified ICT issues and requirements. Additionally, results

of the performance are regularly submitted to level four and / or five. The second route is when

new ICT issues and requirements have been identified and collected. ICT issues and

requirements have to be reviewed, discussed and analyzed by the IT unit and faculty directorate.

As a result, ICT issues and requirements are either feasible to be processed internally at the

faculty or have to be addressed to level three for further considerations. Firstly, ICT issues and

requirements are processed internally if feasible. The Faculty IT unit has to process ICT issues

and requirements at the faculty level if, 1- possesses necessary human and / or technical support

and 2- ICT issues and requirements are addressed by the current ICT policy. Consequently, the

faculty is able to process issues and requirements faster and maintains its autonomy, to some

extent. Secondly, ICT issues and requirements are reported to level three if it is beyond the scope

of the faculty IT unit.

Figure 1. Level one process diagram

3.2 Level Two (Organization’s ICT Coordination Mechanism)

The “Coordination” function, level or mechanism is an essential interface to coordinate

the operations of sub-systems in order to carry out the value adding tasks. The coordination

mechanism is to avoid oscillation, direct competition or blind operation of divisions with each

other. This is where ICT systems or software is helpful in avoiding direct and intrusive human

intervention (Espejo 1989). Viable system two contains components which involve; 1- resource

bargaining through information dissemination and assessment, 2- informal controls, 3- keeping

track of information and 4- communication and coordination (Beer 1979; Beer 1981; Beer 1985;

Leonard 1999; Leonard 2000). Putting these to ICT policy context, ICT policy awareness raising

and dissemination by utilizing technology is an attempt towards implementation. Informal

control and keeping track of information (e.g. electronic feedback and online survey analysis) is

ICT policy monitoring. However, the developing and evaluating of an ICT policy must be

performed formally and not in the virtual world, so they are well performed and widely accepted.

Therefore, ICT system or software intended to support and help in managing the ICT policy of

an organization can fit to this level.

Computer based information system has potential to offer a variety of integrated

functions. Tasks are carried out conveniently with broad coverage through performing them

electronically and online. Fluent information organization and dissemination in addition to

extensive communication are achievable through application of an information system.

Therefore, an appropriate information system specifically intended for ICT policy management

can play a very important role and have a positive impact on the whole process. The ICT policy

management information system designed and deployed at this level potentially contributes

towards ICT policy implementation and monitoring with very little cost and effort.

ICT issues, requirements and policy cover a wide range and diverse subjects to be

considered simultaneously. Thus, an appropriate mechanism of communication and coordination

best fulfill the requirements. Firstly, with consideration of ICT policy management requirements

that necessitate distinguished and categorized communications, an electronic forum best suits

and provides an appropriate coordination mechanism. An electronic forum enables concurrent

communication and discussions on various subjects or ICT issues, requirements and policy under

distinguishing categories. It also provides convenient information tracking. Secondly, another

required ICT policy function of the intended information system at this level is to provide a

holistic resource bargaining mechanism which corresponds to the ICT policy dissemination and

community assessment subsequently. Therefore, an online / electronic ICT policy archiving and

exploration mechanism empowered by a search engine conveniently exposes the ICT policy

contents to the entire community. Additionally, incorporating an online / electronic feedback

collection and survey analysis provide a constant, reliable and expansive ICT policy monitoring

that also permits and facilitates wide-range interaction. Thirdly, information filtering through the

information system at level two and provided to system three star (system two’s administrator) is

also a requirement. Therefore, system three star is conveniently able to extract, retrieve and

administer all types of input and / or generated information at this level. System three star can

observe, organize and track level one’s communications, which enables level three to coordinate

and monitor level one. In sum, there are three categories of people exploiting the ICT policy

management system at level two: 1- IT manager(s) (level one(s)) who accomplish coordination

through the communication platform, 2- Community users who undergo ICT policy

implementation and monitoring and 3- ICT Policy Administrator (system 3*) who performs

implementation and monitoring, and also establishes and monitor communication and

coordination of IT managers (system two’s development and maintenance are the responsibility

of level three, and administration is system three star’s responsibility).

The main and most important activity with regards to the system at level two is that

technological awareness and education have to be conducted when the technology is created. The

community has to be alerted and made aware of the new emerging ICT policy management

information system. The community has to be provided with education on the importance,

objectives and scope of the system in addition to test drive or practice proper functionality.

Table 1 demonstrates input information to the design of ICT policy management system

at level two. The information are mainly from viable system two and three star (as the

administrator) specifications in addition to ICT policy management issues and requirements of

the case study organization at level two.

Table 1. Input to the design of information system at level two

Figure 2 presents level two’s process diagram. There are three different routes in the

process diagram. Route one is freely or openly accessed by the entire community. Through this

route, the community is primarily able to search or explore ICT policy contents and provide a

comment on any policy. Secondarily, they are also able to provide ICT issues and requirements

via online feedback in addition to participate in ICT survey analysis and download any

supporting materials such as anti-virus, anti-malware, firewall, hardware or software manuals,

lease or procurement procedural or approval forms and guidelines. Route two is restricted to the

administrator(s) and requires authentication. This route enables the whole system’s management

or administration. However, it is a bridge between community users, and members (IT

managers). For instance, the administrator exposes collected and filtered feedbacks from the

community to members for consideration and discussion. Route three is also restricted to the

members and requires authentication. Through this path, IT managers mainly report and discuss

ICT services, facilities and policy issues, requirements and feedbacks identified and collected at

level one. They can also share (upload / download) supporting documents among themselves.

Figure 2. Level two process diagram

3.3 Level Three (Organization’s ICT Operation Directorate)

It is indicated that although effective communication channel (system 2) considerably

reduces the need for supervisory control, two-way communication between Divisional

Regulatory Centers (IT units) and level three is still the viability’s requisite. Therefore, “System

Three” of the VSM or the “Control” function or level is essential to negotiate resources, issue

exceptional direct line management instructions, and report to the upper-level management.

However, this system requires an important adjunct channel to assure the accuracy of received

accountability reports reflecting the status of the primary activities. This is “System Three Star”

of the VSM or the “Monitoring” function or level. System three or the “Corporate Operations

Directorate” is responsible for stability of the internal environment and corporate synergy, which

is achieved through transmitting policies and instructions to divisions in addition to processing

information, and performing the planning, controlling and management of the internal

environment. System three collects, filters and reports to upper levels the information about the

internal environment achieved through system two and by system three star. System three

handles aspects of affairs not handled via system two and those not routine to system one.

System three has no account of external environment (Beer 1979; Beer 1981; Beer 1985; Espejo

1989). Accordingly, “Corporate ICT Operations Directorate” (system 3) manages ICT policy at

the organizational level with the aid of “ICT Policy Management System” (at level 2) and “ICT

Policy Administrator” (System 3*). To govern and control internal ICT stability through

regulation, this system must implement and monitor the ICT policy. System three also has to

monitor the division’s ICT. It is clearly stated that system three transmits policy and instruction

that indicate development, and evaluation is not performed at this stage. Moreover, in ICT policy

development and evaluation, there is a need to consider the external environment of the

organization which is not the concern of system three (This system is the Computer &

Technology Center of the case study organization).

ICT policy implementation and monitoring are difficult to be performed entirely by level

three especially in a huge organization. Hence, the faculties’ IT units have to reflect system three

in faculties and departments. To resemble and represent system three at the faculty or

department, IT units are to be boosted by Computer and Technology Center (system 3).

Therefore, level three has to interact and support level one in order to manage ICT operation of

the entire organization and subsequently achieve excellence. Accordingly, level three also puts

less effort, undergoes less cost and achieves more satisfactory outcomes.

ICT policy implementation and monitoring at this level are achieved through activities in

educational and administrative computing, internal organization’s ICT research and consultation,

ICT training and education in addition to providing human and technical supports to the entire

community. In addition, having ICT educational and training units empower this level to

positively influence on the whole organization. Although providing ICT education to the entire

community in a huge organization is costly, educating all level managements does not cover a

wide scope and imposes lower costs. It instead reflects on the entire community resulting in

improving organization’s ICT operation. Conducting regular ICT training and workshop by

Computer and Technology Center provided to senior executives, middle managements,

department’s directorates, and especially IT units or IT managers have several benefits for the

organization. It attracts the interest of management with respect to ICT programs and improves

their comprehension of ICT roles and importance. It also enhances the innovation, creativity,

effective and efficient decision-making with regards to ICT. It extends information

dissemination; strengthen accurate ICT policy statement formulation and ICT strategic plan

execution and upgrading. It also contributes towards ICT policy implementation and monitoring.

Therefore, it is very important that level three conducts regular ICT programs such as ICT

training and workshop, especially for managements.

However, a point of contact between level three and level one is required in order to

establish comprehensive communication, coordination and collaboration, which is the system

three star or “ICT Policy Administrator” (information arousal) responsibility. The ICT policy

Administrator’s tool to provide extensive communication, coordination and collaboration in

addition to ICT policy implementation and monitoring at the organizational level is system two.

The ICT Policy Administrator is under the authority of Computer and Technology Center (level

3). The ICT Policy Administrator is a person or group of people who is / are trained, educated

and motivated for the position. The ICT Policy Administrator has to be trained or educated in

secretarial and administration tasks, in addition to possessing ICT knowledge. The ICT Policy

Administrator comprehends the organization’s entire ICT operation, ICT governance structure

and mechanism, ICT policy and strategy. The ICT Policy Administrator offers assistance mainly

through system two to system one, three, four and five in order to improve their efficiency and

effectiveness. Through ICT Policy Administrator (system 3*) and ICT policy management

system (system at level 2), this level also creates a constant, reliable and convenient ICT help

desk or ICT service and communication platform to the entire community. For instance,

conducting online survey analysis via the platform and prior to purchasing university official

anti-virus saves cost and improves organization’s ICT operation. More effective and efficient

ICT decision can be made with consideration of the community perception or response. In other

words, identifying the users’ ICT expectations or actual requirements prior to making any ICT

decision elevates the community’s acceptance rate and leads to achieving ICT customer service

satisfaction. In addition, system three star by means of system two acts as a central information

source. Therefore, this system is able to perform activities that enhance the organizational ICT

policy management. Researching, compiling, coordinating and processing ICT issues,

requirements and policy data entry is performed. Subsequently, ICT correspondence preparation,

report generation and high-quality presentation to level three and upper levels provides extensive

ICT monitoring and control.

Figure 3 presents level three’s process diagram. Level three process diagram is quite

similar to the level one. The rationale is that system one is in control of the faculty or division’s

ICT, and system three is in control of the organization’s ICT. However, level three’s scope is

wider and responsibility is more. Accordingly, the entire ICT performance of the organization is

improved if system one can reflect system three in the faculty or division. There are two main

routes in the diagram. The first route is where ICT policy is implemented and monitored

continuously. Subsequently, the result is submitted to level four and five regularly. The second

route is where new ICT issues and requirements are identified through system one, two and three

star. All ICT issues and requirements are processed at this level. However, ICT issues and

requirements are addressed to level four in one condition. It is necessary to address ICT issues

and requirements to level four if ICT issues and requirements are not effectively or completely

addressed by the current ICT policy. In fact, the “Corporate ICT Operations Directorate” (system

3) is supposed to carry out all the ICT operations. In addition, primary or pre-requisite

considerations are necessary to be made at this level after receiving upgraded or newly

formulated ICT policy from level four and before distributing policy to all divisions or the entire

community. Therefore, essential and appropriate planning is performed in order to implement

and monitor upgraded or new ICT policy successfully. For instance, level three has to perform

pre-processes such as upgrading or purchasing new software or hardware facility, developing

new guideline or procedure, planning required training or workshop and, etc. ICT policy

implementation and monitoring initially starts at this level.

Figure 3. Level three process diagram

3.4 Level Four (Organization’s IT Technical Committee)

“System Four”, “Development Directorate” or the “Intelligence” functions or level is the

link between the primary activity (viable system) and the external environment. It is fundamental

to an adaptive system. It continuously provides the viable system with relevant external factors

such as feedback on marketplace conditions and technology changes necessary for making future

decisions, as well as projects the organization’s identity and message into its environment.

System four’s function is mainly focused on the future. Therefore, system four plans for future in

consideration of changes in the external environment and capabilities of the organization. System

four is where people under different bosses will come together and reflect the totality they serve.

At system four, representation of the autonomic conditions (system one) in combination with

information filtered and ascended from system three are put together. System four’s

responsibility is to respond to a variety of conditions knowing internal situation in parallel to

observing external environment by means of research and development. This system is the pre-

condition of system five. In sum, viable system four contains; 1- the thinking shop, 2- command

structure of the corporation, 3- adjusts, modifies or manipulates critical control parameters, 4-

match internal environment with outside world, 5- exploring the response of the system to

various alternative actions, 6- control center for the corporation and 7- control target of steady

response (Beer 1979; Beer 1981; Beer 1985; Espejo 1989).

Therefore, at this stage the development of the ICT policy must be performed in order to

formulate ICT command structure. The ICT policy is adjusted, modified or manipulated through

the evaluation process. In order to evaluate the ICT policy, this level needs to explore the

response of the whole system, which requires it to monitor ICT. Thus, through 1- developing

ICT policy, 2- monitoring ICT policy and 3- evaluating ICT policy via exploring the community

response, this system can control the corporation’s ICT. Implementation is not performed in the

“thinking shop” (This is the IT Technical Committee of the case study organization).

A well-established and well-functioning level four is able to improve ICT policy

management and also direct the organization’s ICT strategically. There are primary

considerations to take into account in order to be well-established and subsequently function well

at this level. It is very important that there is a special place or room, preferably close to the

Computer and Technology Center (level 3) allocated for this committee, with appropriate sign

boards and necessary facilities. It positively impresses the members and enhances their

seriousness and commitment. It also has a positive impression on the whole community. The

community and especially, the authorities are kept aware of its existence and reminded of its

objectives. Additionally, being close to level three’s location also facilitates extensive

communication, interaction and collaboration of the two. However, appropriate furnishing of the

venue is also helpful in its performance. Facilities such as round table, computer and projector to

present, share, observe and discuss ICT matters are needed.

The committee has to be chaired by a person who is ICT educated, and skilled in

administration. The chair person has to be self-confident and also good in communication and

team work. He or she has to possess jurisdiction and authority to make a decision. For instance,

the CIO is a potential choice for the position. However, the chair person requires a secretariat in

order to organize and manage the committee, its meetings and performance. A suitable choice for

the chairman’s assistant is the ICT Policy Administrator (system 3*). ICT Policy Administrator

is under the authority of the CIO (director of level 3). The ICT Policy Administrator is supposed

to be a member of the ICT Policy Technical Committee, the sub-committee of the IT Technical

Committee. Therefore, comprehensive communication, collaboration and coordination between

level one, three and four can be assured through the service of ICT Policy Administrator. The

ICT policy Administrator or system four’s secretariat has to set meetings’ schedule and agenda.

Fixed schedules and agendas of every meeting are distributed to all committee members and

their respective department or faculty’s directorate beforehand. Member’s attendance is checked

during every meeting and recorded for future consideration. Regular committee performance

report is to be submitted to level five. Consequently, monthly or regular meetings arranged and

conducted at this level keeps system four active, effective and updated. Subsequently, an ICT

policy is managed well throughout the organization and ICT strategic plan is executed. On the

other hand, the ICT Policy Technical Committee (the sub-committee of IT Technical

Committee) has to possess technical and policy experts in order to guide the IT Technical

Committee properly and professionally (divisions may not possess the experts). The ICT Policy

Technical Committee requires regular meetings and discussions with level five (strategy level of

the organization) in order to ensure and achieve the ICT policy and strategy alignment. However,

the presence of the ICT Policy Technical Committee during analysis of ICT issues, requirements,

strategic plan, and policy development and evaluation is necessary.

Additionally, members of the IT Technical Committee are the essential constituents in its

effective and outstanding performance. All divisions or faculties have to have representatives at

the committee because ICT services and facilities in the university cover whole aspects of

customers. In other words, all divisions or faculties are exploiting ICT in performing their

activities. However, the purpose of ICT policy is to mitigate ICT issues and requirements of

customers. Therefore, divisions or faculties representatives are the people that have to be part

and parcel of their system’s policy in order to be able to reflect ICT issues and requirements of

customers. Moreover, members have to possess ICT knowledge in order to represent strong ICT

representatives of their divisions or faculties. In addition, the presence of other expertise,

especially during the ICT policy development process is essential in order to produce well-

formulated and effective ICT policy. Potential invited or guest members are 1- Executive

representative(s), 2- Law or legal department representative(s) and 3- IT auditor.

However, there are pre-processes and post-processes or activities required to be

performed especially at the time of ICT policy development in order to maintain and ensure

quality of the whole process and its outcome. In addition to the proper team set-up, one of the

pre-requisite to ICT policy development is the preparation of committee members. Since ICT is

very fast changing, members are to be updated and prepared. Therefore, various workshops are

necessary to be conducted prior to policy development. For instance, a workshop on reviewing

and prioritizing ICT issues, requirements and policy feedbacks. ICT issues, requirements and

policy feedbacks are to be categorized based on their organizational impacts, importance,

necessary requirements and, etc. Available, required or emerging technology and their potentials

are to be discussed. Different ICT policy templates or samples from national and international

institutions are reviewed to obtain clear vision in order to perform benchmarking. However,

review on an organization’s current ICT operation, economy and strategy is also necessary.

Additionally, another workshop on available ICT management or governance best practice

frameworks (e.g. ITSM, ITIL or COBIT) will also guide the process properly and professionally.

Through this workshop, members are prescribed with ICT resource organization, business value

delivering, documenting, and bridging the gap between control requirements, technical issues

and business risks.

Eventually, an organization’s information system, practices and operations are evaluated

by IT auditor with consideration of a formulated ICT policy. The IT auditor looks at physical,

business and financial controls within the organization. The IT auditor offers independent review

of the situation. Qualified and proficient IT auditors will audit many different aspects of ICT

such as systems, networks, databases, encryption and, etc. Therefore, a review by an IT auditor

provides rich feedback on formulated ICT policy. However, it would be unwise to ignore the

legal context in which an organization’s policy operates. Therefore, ICT policy verification by a

lawyer is necessary.

Figure 4 presents level four’s process diagram. There are two main routes in the diagram.

The first route is where ICT issues and requirements that need to be considered in ICT policy

development or evaluation are received. If current ICT policy addresses the ICT issues and

requirements but not accurately or effectively, adjustment or alignment is made. However, the

ICT policy development process is triggered if ICT issues and requirements necessitate the

formulation of new ICT policy or re-formulation of current ICT policy. Accordingly, an ICT

policy development team has to be formed, workshop(s) to be attended, and an ICT policy

drafted and benchmarked. The drafted ICT policy is to be audited by an IT auditor and verified

by a lawyer. Subsequently, an ICT policy proposal is submitted to level five in order to be

reviewed and endorsed. The second route is where ICT policy monitoring is performed. Through

this path, ICT policy is frequently reviewed in order to identify any potential weakness that has

to be verified by ICT issues and requirements. The purpose is to keep the ICT policy up to date

and effective. Consequently, the ICT policy monitoring results are regularly submitted to level

five.

Figure 4. Level four process diagram

3.5 Level Five (Organization’s IT Committee / Executive Committee)

“System Five” of the VSM or the “Policy” functions or level gives closure to the whole

system. It is the policy-making function. System five mainly provides clarity about an

organization’s conditions, values, purposes and overall direction. However, system five is

defined as low-variety in comparison with the complexity of internal and external environment.

Therefore, it highly interacts and depends on the activities of system four. Decisions that have

been carried out between systems four and three are checked against the organization’s direction

by system five. On the other hand, system four and three are complementary to one another,

which means that, if decisions are over-influenced by either of the two they are likely to be

costly and ineffective. In other words, viable system five contains; 1- control of viable system, 2-

deliberates policy and takes decisions, 3- gives advice and direction and 4- adjusts outputs to its

latest inputs and to the assessment of change (with the service of system four) (Beer 1979; Beer

1981; Beer 1985; Espejo 1989). Putting these to ICT policy context, this level is not directly

developing an ICT policy. Level four develops ICT policy and level five deliberates on them. In

order to control the ICT of the viable system, level five has to participate in ICT policy

implementation. To adjust the ICT policy to its latest ICT inputs and to the assessment of

change, this level needs to monitor the ICT policy and participate in the evaluation process.

Therefore, this level has to participate in all four ICT policy processes (This is the Executive

Committee of the case study organization). However, level four and three have to maintain their

weight in ICT policy-making process in order to develop an economic and effective ICT policy.

In every organization, management plays an important role and its absence, confusion or

inefficiency leads to chaos and failure. Organizations are different in terms of their management

styles and structures, and failure or success of a firm highly depends on the way it is managed.

Stafford Beer defines the management structure of a viable system as “multi-node” (node is a

manager at any level of the organization) with resemblance to the human brain where all the cells

are in complex interactive communication. He adapted this to the organization’s management

and stated that, the highest level of management of the organization needs to communicate with

middle management and their subordinates as well. The reason is that, if one or few managers

are not able to accomplish their work efficiently, or make the right decision, then relying on the

outcome or decisions of those managers bring negative consequences.

Level five roles and responsibilities are very crucial in ICT policy management and ICT

governance. However, the Executive Committee members have to undertake regular ICT

training or workshop and be involved in various ICT programs in order to fully realize the

importance of ICT and the committee’s role in managing and directing the organization’s ICT

(since this is the strategy level with consideration of organization’s ICT). Therefore, undertaking

ICT education at this level is the first and most important responsibility and pre-requisite to

successful and strategic ICT exploitation. In addition, the Executive Committee has to supervise

and support the Computer and Technology Center especially in providing ICT education to all

level managements. However, appointing the right person with the necessary qualifications for

the management of ICT in various organizational levels is also very vital at this point. Forming a

strong ICT management team by the Executive Committee directly impact on the entire ICT

operation. For instance, recommending and supervising the appropriate selection and preparation

of IT managers, CIO and the chairperson of IT Technical Committee. Additionally, the

Executive Committee can provide human and financial supports to ICT programs, and create

incentives and assign accountability. There will be no excuses or failure if other management

levels are provided with necessary resources in performing their ICT obligations in addition to be

held accountable. For instance, holding divisions or faculties’ directorates accountable in ICT

affairs improves an organization’s ICT operation.

At this level, ICT policy development, implementation, monitoring and evaluation are

mainly participated through activities such as announcements and discussions during meetings

with various organizational levels’ representatives. For instance, an ICT policy implementation

is achieved through making frequent ICT policy announcements and conducting short and

occasional ICT education sessions (in collaboration with the Computer and Technology Center)

during staff monthly assembly with executives. ICT policy monitoring can be performed through

establishing occasional ICT help desk (also in collaboration with the Computer and Technology

Center) at the monthly assembly to provide a supplementary platform and supervise the

collection of ICT issues, requirements, and policy feedbacks. Additionally, ICT policy

monitoring is also achieved through collecting regular ICT reports during meetings with deans

and directors of faculties and divisions. However, conducting separate and frequent ICT

meetings with IT managers provide independent review of an organization’s ICT operation.

Direct interaction and communication between executives and IT managers is also established

through the ICT policy management system (system 2). Furthermore, frequent meetings with the

ICT Policy Technical Committee (sub-committee of IT Technical Committee) help ensure ICT

policy effectiveness and alignment with ICT strategy.

Figure 5 presents level five’s process diagram. There are two routes in the diagram. The

first route is where newly formulated or re-formulated ICT policy proposal(s) is / are received

from level four. Level five has to review the ICT policy proposal(s) and the supporting

documents in order to achieve comprehensive understanding of the content. However,

conducting discussion with level four help ensure that policy is well-formulated, which is being

accurate, effective and aligned with ICT strategy. Therefore, the Executive Committee does not

merely approve the ICT policy. Committee members have to really understand the rationales and

potentials of the proposed ICT policy. After the ICT policy is endorsed, necessary support(s) to

newly approved ICT policy is / are to be provided by the executives in order to successfully

implement them (supports such as advice, instruction, and human and financial resources). The

second route is where ICT policy implementation and monitoring by the Executive Committee is

continually performed. Feedbacks mainly collected from divisions or faculties’ directorates are

discussed with level four in order to obtain a broad and independent view of the entire ICT

policy process.

Figure 5. Level five process diagram

4. Conclusion

This paper proposed an ICT policy management business process model. The model is a

framework for creating economic, strategic, community, professional and technological value.

The model addresses different aspects such as management and operational. It consists of a

broad range of descriptions to present core aspects of ICT policy management. In fact, the paper

includes recommendations for strategy, infrastructure, organizational structure, practices and

operational processes in ICT policy management. The model also discussed guidelines or

strategies for the organization in order to improve its technology deployment, operation and

expenditure. It is the method of ICT policy management by which the organization can sustain

its ICT strategically. However, recommendations on operational processes, strategies,

infrastructure and organizational structure also help to leverage the community’s ICT perception,

ethics and exploitation. The model is featured with various techniques. For instance, its structure

corresponds to the VSM systemic structure. Identification and establishment of the model’s

value proposition is achieved through the application of viable requirements.

The model also provides support for process automation or execution. A prototype

system is proposed and discussed under level two of the model. The proposed prototype system

has potential to improve ICT policy awareness, education, assessment, ICT issues and

requirements (feedback) identification and collection, wide-range ICT survey analysis, sharing of

ICT policy supporting materials, and extensive interaction among authorities. It enhances an

organization’s ICT governance and policy management if properly deployed and maintained.

Although this system fits into an organization’s level two, it represents the entire business

process model, to some extent. It can be used at all organizational levels in order to support

implementation, monitoring, and evaluation of ICT policy, and identification and discussion of

ICT issues and requirements. Therefore, the system provides different functions, and supports

different people. Subsequently, considerable positive impact is made through application of the

system. The prototype system was awarded (with a silver medal) at the International Conference

on Research and Innovation in Information Systems (ICRIIS’11) in Kuala Lumpur, Malaysia.

However, in this paper the ICT policy has been analyzed mainly from the inter-

organizational perspective with little consideration of external environment. Future research can

potentially focus on a wider perspective. There are external elements that also need to be

analyzed, which have a considerable impact on organization’s ICT policy. Elements such as ICT

market, organization’s industry, culture and the legal context in which organization’s ICT policy

operates. Therefore, application of enterprise analysis method like the Soft System Methodology

(SSM) has the potential to fulfill the requirements of such a future ICT policy analysis. A

combination of this research work and findings of the proposed future research produces more

comprehensive analysis. In addition, a comparison of several ICT policy analysis research or

model conducted at different case studies or contexts can potentially produce a model that is

applicable to a wider context.

Eventually, the paper is unique in the field of ICT policy. It has provided all necessary

considerations, motivation and direction to future practical and / or academic works. The paper

discussed ICT policy from various points of view. It highlighted ICT policy significances that

can draw practitioners’ attention towards ICT policy and its importance or contribution in ICT

governance and corporate governance, in addition to provide motivation to academicians for

future ICT policy analysis research(es). ICT policy important challenges and issues that are

mostly common among different studies are accumulated and presented, which provides insight

to practitioners and academicians in their future considerations. A guideline for future ICT policy

analysis research work is provided that draws a route map. However, there are techniques /

methods discussed and proposed for future research works such as qualitative research

methodology, VSM and BPM. Consequently, it can be concluded that every organization needs

a model in order to manage its ICT policy. One single model may not fit to all since

organizations have their own ICT issues and requirements. In addition, ICT governance structure

of one organization potentially differs from others. However, this model which has been

developed for an organization can be a useful guide in amending, adjusting, upgrading or

developing further ones for other organizations.

References

Beer, S. (1979). The heart of enterprise, John Wiley & Sons.Beer, S. (1981). Brain of the Firm, John Wiley & Sons.Beer, S. (1985). Diagnosing the system for organizations, John Wiley & Sons.Bindé, J. (2005). Towards knowledge societies: UNESCO world report. UNESCO reference works series. Paris: UNESCO Publishing. Roger Cowell Associate. v. 9.Brown, W. B. a. I. (2008). "Next generation ICT policy in South Africa: Towards a human development-

based ICT policy." Social Dimensions of Information And Communication Technology Policy. Springer 282: 109–123.

Buchs, D. and Ang, Chen. (2006). "Towards Service-Based Business Process Modeling, Prototyping and Integration." Rapid Integration of Software Engineering Techniques. Springer: 218–233.

Calder, A. (2008). ISO/IEC 38500: The IT Governance Standard, IT Governance Ltd.Chini, I. (2008). "ICT policy as a governance domain: The case of Greece and the European Commission."

Social Dimensions of Information And Communication Technology Policy. Springer 282: 45–62.DeSanctis, G. and Poole, M.S. (1994). "Capturing the complexity in advanced technology use: Adaptive

structuration theory." Organization science. JSTOR 5(2): 121-146.Espejo, R. (1989). The viable system model: interpretations and applications of Stafford Beer's VSM,

John Wiley & Sons.Galit Cohen-Blankshtain, Peter Nijkamp and Kees van Montfort. (2004). "Modelling ICT perceptions and

views of urban front-liners." Urban Studies. SAGE 41(13): 2647–2667.Gero Decker, Remco Dijkman, Marlon Dumas and Luciano García-Bañuelos. (2010). The Business Process

Modeling Notation. Modern Business Process Automation. Berlin, Springer.Giaglis, G. M. (2001). "A taxonomy of business process modeling and information systems modeling

techniques." The International Journal of Flexible Manufacturing Systems Springer: 209–228.Havey, M. (2005). Essential business process modeling. Sebastopol, CA, O'Reilly Media, Inc.Jackson, M. C. (1991). Systems Methodology for the Management Sciences. New York, Plenum.Kalika, M. B. a. M. (2007). "Adopting an ICT code of conduct: An empirical study of organizational

factors." Journal of Enterprise Information Management. Emerald 20(4): 432-446.Leonard, A. (1999). "A viable system model: Consideration of knowledge management." Journal of

Knowledge Management Practice 1.Leonard, A. (2000). "The viable system model and knowledge management." Kybernetes. Emerald

29(5/6): 710-715.Liagouras, G. (2010). "What can we learn from the failures of technology and innovation policies in the

European periphery?" European Urban and Regional Studies. SAGE 17(3): 331–349.Luca Abeti, Paolo Ciancarini, and Rocco Moretti (2008). "Business process modeling for organizational

knowledge management." Concurrency, Graphs and Models. Springer: 301–311.Mansell, R. (2008). Communication, Information and ICT Policy: Towards Enabling Research Frameworks.

Eighth International Conference on Human Choice and Computers (HCC8), , IFIP TC 9, Pretoria, South Africa, Springer.

Marta Indulska, J. R., Michael Rosemann, and Peter Green (2009). "Business process modeling: Current issues and future challenges." Advanced Information Systems Engineering. Springer: 501–514.

Martijn Poel, A. R. a. P. B. (2007). "Business model analysis as a new tool for policy evaluation: policies for digital content platforms." info. Emerald 9(5): 86-100.

Mashinini, M. J. (2008). Challenges of ICT policy for rural communities: A case study from South Africa. Eighth International Conference on Human Choice and Computers (HCC8), , IFIP TC 9, Pretoria, South Africa, Springer.

Mochrie, R. and Laura. G. (2005). "The use of ICT in rural firms: a policy-orientated literature review." Info. Emerald 7(3): 33-46.

Montiel, A. V. (2007). A preliminary reading of the background document: Human rights, the fundamental framework, note prepared for the UNESCO Brainstorming Meeting, 11 December.

Moores, S. (2000). Media and everyday life in modern society. Edinburgh, Edinburgh University Press.Olatokun, W. M. (2008). "Gender and national ICT policy in Africa: issues, strategies, and policy options."

Information Development. SAGE 24(1).Olsson, T. (2006). "Appropriating civic information and communication technology: a critical study of

Swedish ICT policy visions." New Media & Society. SAGE 8(4): 611–627.Olsson, T., H. Sandstr¨om and P. Dahlgren (2003). "An information society for everyone?" Gazette. SAGE

65(4–5): 347–364.Plexousakis, D. and Koubarakis, M. (2000). "A formal model for business process modeling and design."

Advanced Information Systems Engineering. Springer: 142–156.Raboy, M. and B. Abramson (1998). "Grasping an Enigma—Cultural Policy and Social Demand."

International Journal of Cultural Policy 4(2): 329–355.Reza Alinaghian, Azizah bt Abdul Rahman and Roliana bt Ibrahim (2010). Information and

communications technology (ICT) policy management towards enabling research frameworks. 4th International Symposium on Information Technology (ITSIM'10), Malaysia, IEEE Xplore Digital Library.

Reza Alinaghian and Wardah Z. Abidin. (2008). Information and communications technology (ICT) policy implementation among academicians of Universiti Teknologi Malaysia (UTM). 3rd International Symposium on Information Technology (ITSIM'08), IEEE Xplore Digital Library.

Rodgers, J. A., Yen, D.C. and Chou, D.C. (2002). "Developing e-business; a strategic approach." Information Management & Computer Security. Emerald 10(4): 184-192.

Schwalbe, K. (2006). Information Technology Project Management. Boston, MA: Thomson Course Technology.

Sidney Luckett, Steven Ngubane and Bhekathina Memela (2001). "Designing a Management System for a Rural Community Development Organization Using a Systemic Action Research Process." Journal of Systemic Practice and Action Research. Springer 14(4).

Stahl, B. C. (2008). Empowerment through ICT: A critical discourse analysis of the Egyptian ICT policy. Eighth International Conference on Human Choice and Computers (HCC8), , IFIP TC 9, Pretoria, South Africa, Springer.

Tom R. Eikebrokk, J. I., Dag H. Olsen, Andreas L. Opdahl (2008). Exploring process-modelling practice: Towards a conceptual model. 41st Annual Hawaii International Conference on System Sciences, Waikoloa, Big Island, Hawaii IEEE.

UNESCO (2001). Universal Declaration on Cultural Diversity. Celebration of the International Mother Language Day, Paris, UNESCO.

Unit of Prime Minister's Strategy, UK. (2004). Strategy Survival Guide. Cabinet Office, Citeseer.