IT Governance and Human Resources Management: a Framework for

SMEs

Helena Garbarino-Alberti

Universidad ORT Uruguay

garbarino@ort.edu.uy

Abstract: Information Technology (IT) plays an important role in organizations, particularly in small and medium-

sized enterprises (SMEs). These firms have a simple structure with less specialized tasks and tight human,

financial and material resources, so it is particularly important to use an appropriate IT governance

framework (ITG) to such enterprises. This paper shows the results of applying an ITG framework

designed for SMEs in a case study focused on IT Human Resources (IT HR) and the lessons learned.

Conclusions highlight the importance of the quality of IT HR along with the key role played by related

enterprise policies.

Keywords: IT Governance; Human Resources Management, SMEs.

1 Introduction In the global economic environment, small and medium-sized enterprises (SMEs) play an important role in

promoting economic development (Chang, Chang, Ho, Yen, & Chiang, 2011). Recent studies show that

SME development is closely linked to growth. Furthermore, in many economies the majority of jobs are

provided by SMEs. In OECD (Organisation for Economic Co-operation and Development) countries, for

example, SMEs with less than 250 employees employ two-thirds of the formal work force (Ardic,

Mylenko, & Saltane, 2011). It is difficult to define what an SME is, though SMEs are commonly defined

as registered businesses with less than 250 employees (IFC, 2009). In Italy, Japan and France, the number

of SMEs accounted for 99% of the total number of enterprises. In the United States there were more than

15 million SMEs, accounting for 98% of the total number of enterprises, although America was famous for

its large enterprises. In Germany, SMEs-related exports value accounted for over 60% of the country total.

In China, SMEs accounted for 99.3% of total number of enterprises according to 2006 statistics (Liu, Li, &

Zhang, 2012).

In addition, in EU-27 between 2002 and 2008, the number of jobs in SMEs increased at an average annual

rate of 1.9 % while the number of jobs in large enterprises increased by only 0.8% (Ardic et al., 2011) and

represented 99,8% of the enterprises, 99,9% in Spain (European-Commission, 2012). Nowadays, SMEs in

the EU are operating their businesses in a difficult macroeconomic environment. In 2011 only Austria,

Germany and Malta exceeded their 2008 levels of real value added and employment in their SMEs. One

differentiation factor explaining these exceptions is that SME employment is relatively concentrated in

high-tech and medium high-tech manufacturing and knowledge-intensive services in those countries.

(ECORYS, 2012)

Information Technology (IT hereinafter) has been considered fundamental for the development of

productivity and knowledge-intensive products and services (Soto-Acosta, Martinez-Conesa, & Colomo-

Palacios, 2010). In European countries, high-tech SME activity is considered to be crucial for achieving

the desired structural transformation of economies (Nunes, Serrasqueiro, & Leitão, 2012). But, when

compared to larger enterprises, SMEs usually have a simple structure with less specialized tasks and tight

human, financial and material resources. Most SMEs have low levels of internal IS expertise, although this

varies depending on industry sector. While there are many high-tech SMEs, many have no IS department,

no staff with formal IS training, and no IS manager (Adam & O'Doherty, 2000; Cragg, Caldeira, & Ward,

2011).

In a highly competitive world, strategic decisions are a key element for achieving economic success and

management excellence in the organizations (Van-Grembergen & De-Haes, 2007). Some of these

decisions are related to IT, and in particular, to IT human resources. In any case, IT has become

ubiquitous and essential in both ongoing operation and strategic development of almost all organizations

(Toomey, 2009). In consequence, many frameworks have been developed, like Cobit 5 (ISACA, 2012)

and Calder-Moir (Calder, 2008b). In particular, the IT governance standard ISO/IEC 38500 has been

designed for company directors (or equivalents) in all sizes of organizations, making emphasis on the

whole business context of IT use, not only technical, financial and scheduling aspects (ISO/IEC, 2008).

Some authors conclude that both the foundations and the current application of IT governance suffer from

serious limitations (Kooper, Maes, & Roos Lindgreen, 2011); however and according with Mark Toomey

(2009), this limitations refer to the implementation of IT-management and IT-control frameworks like

the ones mentioned above. The IT contribution to the business is widely recognized, with value creation

of IT-investments being one of the most important dimensions of it (ITGI, 2011).

According to the literature (e.g. Colomo-Palacios, Casado-Lumbreras, & García-Crespo, 2011; Colomo-

Palacios, Tovar-Caro, García-Crespo, & Gómez-Berbís, 2010), Information Technology work is highly

intensive in human capital, which is a key factor in all life cycle of IT related activities; thus, many

frameworks have taken human capital into consideration (ISO/IEC, 2008). In the business equation

defined by people, process, structure and technology, the last one, technology, has become the enabler of

transformation in organizations, but technology alone does not result in improved business systems

(Toomey, 2009). People, who can fill different roles, are considered a strategic asset because they are

simultaneously resources and capabilities (Taylor at al. cited by Gama, Nunes-da-Silva, & Mira-da-Silva,

2011).

The purpose of this paper is to provide an overview of the lessons learned and the issues that emerged

from a project aimed at implementing an IT Governance framework within an SME, focusing the analysis

in Human Resource Management issues. In agreement with P. Runeson and M. Höst (2009) the case

study methodology is well suited to many kinds of research (Colomo-Palacios, Fernandes, Soto-Acosta,

& Sabbagh, 2011), and this will be the approach adopted in this paper. In order to do this, the remainder

of the paper is structured as follows. Section 2 defines IT Governance, the main principles and assets, and

the relationship between them and Corporate Governance. Section 3 describes a framework for IT

Governance focused in SMEs. Section 4 provides a description of the pharmaceutical laboratory (here

called AAA) in which the case study was performed and depicts the project itself and its characteristics;

we implanted the framework in Human Resources areas. Section 5 describes lessons learned from the

process of implementing this IT governance framework in a Human Management business context.

Finally, conclusions are drawn and future development work is presented in the final section.

2 IT Governance For many organizations, making decisions about IT must involve assessing costs and benefits, business

risk and new opportunities arising from IT (Sieber, Valor, & Porta, 2006). IT governance (ITG) provides

the mechanism that associates processes, resources and information (from IT) with the enterprise

strategies and objectives. ITG therefore integrates and institutionalizes good practices in planning and

organization, acquisition and implementation and delivery services and support. ITG allows control and

monitoring of IT performance to ensure that the information and related technologies supports business

objectives.

IT managers decision making is affected by five main factors: increased capital investment in IT,

executive perception of IT as a business enabler, regulatory pressure, IT operations increasing complexity

and poor project performance. When these factors are analyzed, it arises that a regulatory framework is

essential to establish a consistent behavior of generic IT policy in view of the mission, strategy, values,

norms and culture of the organization. Elements such as proportion of insiders, board size, IT

competency, organizational age, and role of IT are factors that influence the board’s level of involvement

in IT governance (Jewer & McKay, 2012)

The IT Governance Institute (ITGI, 2007) defines ITG as "a structure of relationships and processes to

direct and control the enterprise in order to achieve the enterprise’s goals by adding value while

balancing risk versus return over IT and its processes", Van Grembergen and De Haes (2009) define

Enterprise Governance of IT as "...is an integral part of corporate governance and addresses the

definition and implementation of processes, structures and relational mechanisms in the organization that

enable both business and IT people to execute their responsibilities in support of business/IT alignment

and the creation of business value from IT-enabled business investments" and ISO/IEC 38.500:2008

(2008) as " ...the system by which the current and future use of IT is directed and controlled. [It] involves

evaluating and directing the plans for the use of IT to support the organization and monitoring this use to

achieve plans. It includes the strategy and policies for using IT within an organization". According to the

above definitions IT is an enabler for implementing short and long term corporate strategies and both

(corporate and IT strategies) must be integrated. Moreover, organizations recognize that IT services are

strategic assets to support information and services management (Lucio-Nieto, Colomo-Palacios, Soto-

Acosta, Popa, & Amescua-Seco, 2012). Organizations with unsuccessful and powerless IT governance

will suffer due to poor performance of IT resources such as improper information quality, inefficient

operating costs, runaway IT projects and even the demise of its IT department (Ali & Green, 2012).

Peter Weill and Jeanne Ross (2004) propose a framework to link corporate governance with IT

governance, identifying a set of key assets that can generate value: human, financial, physical,

intellectual, information and IT, and relationship. The governance of these assets will increase integration,

performance, data integrity and reuse among others (Figure. 1). An effective ITG must answer these three

questions (Weill & Ross, 2004):

1. What decisions must be made to ensure effective management and use of IT?

2. Who should make these decisions?

3. How will these decisions be made and monitored?

These questions refer to the organizational structures that enable decision making, responsibilities

assignment, and control. These elements together with those defined in the IT governance and

management frameworks (ISO/IEC 38.500:2008 (ISO/IEC, 2008), Calder-Moire Governance Framework

(Calder, 2008a), CobIT 5 (ISACA, 2012) and IT BSC (Van-Grembergen & De-Haes, 2009) are the main

blocks of an ITG framework. In summary, the main elements to consider in an ITG framework are

responsibility, strategy, acquisition, performance, conformance and human behavior, with the tasks of

evaluation, management and monitoring and the focus on the three questions above.

Nowadays, in an interoperating marketplace, IT Governance becomes a powerful tool for companies.

Understanding and choosing the right arrangements are key elements of success on strategic information

management, in terms of Business-IT Alignment as well as in monitoring and controlling of inter-

organizational information infrastructures, in a rapidly changing business environment (Zarvić, Stolze,

Boehm, & Thomas, 2012).

3 A framework for IT Governance in SMEs As mentioned in the introduction, the objective of this paper is to show the results and lessons learned

from implementing an IT Governance framework with a SMEs focus (named SMEsITGF). This

framework has the particularity of being linked to the areas and processes that characterize SMEs. It

proposes a capability maturity model in five steps (Duffy, 2002) (otherwise proposed in six steps

(ISACA, 2012)) that enables the business to quickly reach average levels of maturity.

Figure 1 Relationship between corporate and IT governance. (CIMA, 2004)

Desirable Behaviors Strategy

Information & IT Human Financial Physical Intellectual Property Relationships

IT Governance

Key Assets

Key Assets Governance

Corporate Governance Compliance Process: Performance Process:

- Responsibility - Resources

- Assurance - Value Creation

The need for a specific IT Governance framework focused on SMEs justification is because the intrinsic

characteristics of these enterprises (Table 1) and according with (Ayat, Masrom, Sahibuddin, & Sharifi,

2011) there are no specifics frameworks nor standards for SMEs, although ISO/IEC 38.500 was defined

for any type of enterprise (ISO/IEC, 2008). SMEs have specific characteristics that distinguish them from

larger companies, so is necessary the developed a specific framework for these enterprises.

Table 1 SMEs characteristics (Ayat et al., 2011)

SMEs characteristics

1) Informal culture 2) Quick communication

3) Responsive 4) Flexible

5) Relying on individuals 6) Nowhere to hire

7) Wide organizational knowledge 8) Limited technological knowledge

9) High unit cost 10) Complexity interpretation

Figure 2 shows the static view of the framework. It presents four elements (Strategy, Strategic Portfolio,

Projects and Operations/Services) and four dimensions (Responsibility, Risk and Compliance, Human

Resources and Enterprise Architecture). The elements are the components that will result in measurable

activities and processes, while the dimensions influence the type of governance practice adopted by the

company.

Op

era-

tio

n

Imp

le-

men

ta-

tio

n

Pla

n

Stra

tegy

Ris

ks /

Co

mp

lien

ce

Responsibilities

Ente

rpri

se A

rch

itec

ture

Hu

man

Res

ou

rces

Strategy

Strategic Portfolio

Operations/Services

DIRECT MONITOR

EVALUATE

BUSINESS

PRESSURES BUSINESS NEEDS

Projects

Figure 2. IT Governance framework for SMEs - SMEsITGF

Responsibility refers to the decision-making structures and the business commitment to be the engine

driving IT services (supply ↔ demand (Toomey, 2009)). Assessment directs and supervises activities; it

must be present at all levels that allow the responsible structures to take corrective actions against

problems. Risk and Compliance give a vision about the business risks associated with the incorporation of

IT in its processes, and also enforce national and international regulatory standards. According with V.

Stantchev, K. Petruch and G. Tamm (2012) there are two kinds of IT Resources: IT infrastructures and

IT staff. Human Resources are a fundamental dimension in the framework as they relate to a sensitive

resource in SMEs. People (as a valuable resource within the organization) must be managed properly,

considering their aspirations and allowing development and training. Enterprise Architecture is an

intrinsic feature of the business where the framework is implemented, and it will lead the way to achieve

the IT governance goals, while influencing the rest of the dimensions.

IT strategy, integrated with business strategy (business pressures and requirements affect the entire

model, especially IT strategies) enables obtaining business value and new opportunities. The Strategic

Portfolio arises as a result of the IT strategy needs (from the business and aligned with its strategy).

Projects are the components of the portfolio; they may be developed both inside and outside of business

limits (SMEs usually outsource developments) in order to achieve the promised value (economic,

strategic, quality product, security, compliance, etc.). Operations are proper IT operations, which must be

performed to meet expected service levels.

The dynamic view of the framework shows the relationship between elements and dimensions and the

activities direct – evaluate – monitor (figure 3). Elements will be valued from the perspective of the IT

BSC (Customer orientation, Corporate contribution, Future orientation and Operational excellence),

(Van-Grembergen & De-Haes, 2009) and linked with the five major decision domains (IT Principles, IT

Architecture, IT Infrastructure, Business application needs and Prioritization and investment) (Weill &

Ross, 2004). The outcomes must be registered in the Organizational Knowledge Database for future

analysis.

In order to measure the maturity stage of the ITG, a maturity model is useful. The enterprise can establish

“where it is” now, “where to go" in the future, and the steps needed to achieve the desired level (ISACA,

2012). Authors propose a five levels maturity model (Duffy, 2002):

Organizational

Knowledge

Base (OKB)

Strategic Portfolio

Projects

Operations

Risk Strategy

HR Strategy

Portfolio Risks HR Capabilities

Projects Risks HR Capabilities

Operational Risks

HR Capabilities

Business

Strategy IT

Strategy IT Principles

IT Architecture

IT

Infraestructure

Aplications

IT Investments

Future Orientation

User Orientation Business Contribution Operational

Excellence

Evaluate - Direct- Monitor

Decision making

Figure 3 SMEsITGF dinamic view

Level 0 Immature: the organization has no effective implementation of ITG processes or it does not

achieve its objectives. IT executives are disconnected from other members of the organization.

Level 1 Initial: the organization implements ITG processes that achieve the objectives. IT is seen as a

cost, which is a consequence of the low value associated with it.

Level 2 Managed and Established: the organization uses defined ITG processes based on standards that it

establishes, controls and maintains. The organization is aware of the value that IT brings, so IT is

emerging as a strategic tool.

Level 3 Predictable: the organization manages the ITG processes quantitatively, recognizes the value of

IT in all areas, from the operational to the strategic ones and considers it as an enabler of new business

opportunities.

Level 4 Optimized: the organization implements continuous improvement of ITG processes to meet

business objectives. At this level the organization and IT are integrated and the business depends entirely

on IT performance. There is only one strategy that incorporates IT as an integral part of the organization.

Table 2 shows these maturity levels and practices, and actions recommended to achieve each described

level of the model.

Table 2 SMEsITGF Maturity Model and actions recommended to achieve levels 1 and 2

Future Orientation User Orientation Business

Contribution

Operational

Excellence

IT Strategy

Level 1: Basic

IT plans are not

always aligned with business strategies

(which tend to be weak,

the business has little or no organized

administration). It seeks

to reduce costs.

IT recognizes the importance of user

evaluation. IT analyzes

user needs and requirements case by

case, ad hoc.

There is no standardized

mechanism to assess

the IT contribution to business so, strategic

alignment is poor.

IT looks for

operations consistent

with expected levels; however there are

neither defined processes nor strategic

vision of them.

HR view

Policies are set for IT HR in order to improve the immediate capabilities of the workforce. It must

address specific needs in requirements engineering. No measures the contribution to the organization made

by IT HR. Should be training in service quality.

Level 2:

Managed and

established

Define strategic IT

plans aligned with

business ones, taking into account the risks

and the business

architecture.

Processes are defined to

include/reject user

service requests. Enterprise architecture,

risks and HR

capabilities are considered.

Although IT is not

integrated into the

business, IT strategic plans are aligned to the

business ones; there is

an IT operational dependence, with focus

on repetitive tasks

automation.

IT operational

processes are defined and associated business

strategies.

Future Orientation User Orientation Business

Contribution

Operational

Excellence

HR view

Organization must align IT HR policies with defined business processes and the scales to measure people performance. We suggest implementing industry proven standard models. The capabilities of

employees must follow the evolution and needs arising from the management of the programs and projects

portfolio. Expected and obtained results must be registered in the Organizational Knowledge Base (OKB), also plans and measures related to the contribution to the business and the quality of IT HR services.

Strategic Portfolio

Level 1: Basic

Those projects that

can automate repetitive

tasks seeking to reduce costs are part of an

emerging portfolio.

The portfolio includes user requests

with more emphasis

than other ones. An important characteristic

is the absence of strategic assess.

The portfolio is oriented to operations

instead to strategic

contribution

Not always the portfolio is articulated

to bring service

expected levels.

HR view The capabilities of IT HR must accompany projects and programs development needs. When

organization does not have the necessary skills should evaluate the possibility of outsourcing the service.

Level 2:

Managed and established

Since IT Plans are

aligned to business ones, the portfolio

becomes a strategic

element, in an incipient manner at this level.

There are defined

processes to establish priorities for both,

users and the business.

The portfolio is strategically managed.

The portfolio reflects the alignment

between business and

IT. There is an important value

contribution from IT to

business.

Portfolio management is

performed taking into

account defined service levels set by defined

processes, which have

been defined according to the architecture and

infrastructure of current

and future IT.

HR view

The portfolio being to be strategic, so IT HR capabilities must be aligned to this development. Defined processes are implemented to manage IT HR, the capabilities of employees must accompany

current and future IT infrastructure. Decisions related to portfolio and IT HR capabilities must be recorded

in the OKB.

Projects

Level 1: Basic

Implemented projects are those that

have lower costs and/or

automate repetitive processes.

Projects tend to be

selected by the users pressures rather than

their business value.

Implemented projects are not

necessarily those that

provide more value to the business. IT

architecture is not

necessarily taken into account.

Projects are not developed through a

standard defined

process. Each project is developed ad hoc.

HR view Due to the implemented projects characteristics, is important that IT HR being trained in the business

adopted technologies or define an ad oc. outsourcing politics.

Level 2:

Managed and established

Projects are selected according and

consistent to business

priorities and strategies.

Are defined processes to establish

which projects will be

selected taking into account both the needs

of users and business

strategies.

The selected projects must be within

the range of those that

contribute to business strategies (at this level

business strategies and

IT are aligned).

Defined processes

are communicated and

exists standardized and defined service level to

be met.

HR view Training policies are defined and accompanying projects needs. Just as, you should define and

establish outsourcing processes to be used where appropriate. The OKB must register those policies.

Operations

Level 1: Basic

The operations are

controlled one by one.

There is no clear vision for the future of

services.

Takes importance the operations quality

of services, no defined

standards.

Is meant that the business contribution is

given by the completed

service.

Services are

managed ad hoc.

HR view While the quality of services is not seen as strategic but rather operational, the staff should be train in

IT services quality or outsource them.

Future Orientation User Orientation Business

Contribution

Operational

Excellence

Level 2:

Managed and established

Using defined and communicated

standards to manage

current operations, matching resources to

architectures, principles

and future IT needs.

Operations should

meet the needs of the

different users (internal and external) of IT

services.

Operations should meet business needs,

established through it

strategies.

Services quality is

assured with the implementation of

standards. IT HHRR

training plans are implemented.

HR view

Based on training should define expected quality service levels (we suggest using industry standards)

to ensure that operations accompany defined strategies. The OKB record both, defined processes and the

results of daily operations.

4 Adoption project

4.1 The Company

AAA began operations in 1950. Today it produces, markets and distributes more than 160,000

pharmaceutical units monthly, which means 1.5% of the local market. AAA was born with the mission of

being a local leader in the pharmaceutical market, renowned for the quality of its products and the moral

integrity of its members. It implements high international standards in production processes, technology

and environmental care. AAA offers no more than 50 direct jobs and 25 to 30 indirect jobs out of a total

of 61,706 in the human health sector in Uruguay (INE_Uy, 2011). AAA has maintained a permanent

concern for employees’ quality of life, ethical development of business, responsible marketing of its

products and services and environmental care.

4.2 The project

There is an undeniable importance of people in IT in general and software development processes in

particular (Colomo-Palacios, Fernandes, Sabbagh, & Amescua-Seco, 2012). Therefore, the main question

behind the project was: How and why can SMEs organizations reinforce their IT HR? In consequence, a

"single-case study" was designed, applying the ITG framework described in the former section to the IT

human resources (HR) in AAA. Case study research is the most common qualitative method used in

information systems (Myers, 1997). There are numerous definitions of this method, Robert Yin defines

the case study method as follows: A case-study is an empirical inquiry that: investigates a contemporary

phenomenon within its real-life context, especially when the boundaries between phenomenon and context

are not clearly evident (Yin, 1984, 1994).

The design of this case-study project was holistic, because it examined the global nature of the HR

division, in particular the policies related to IT staff.

The project has two stages. In the first one the enterprise implements those practices related to IT HR in

order to achieve level 1 of the maturity model shown in Table 2, while the second stage has the goal to

achieve level 2 in the maturity scale.

Selection criteria of the case-study were as follows:

1. The company is a SME with no more than 50 employees.

2. The company has HR policies.

3. IT staff consist of 5 people total.

4. The company has a deep interest to improve the quality of its IT governance practices and in

particular those related with IT HR.

Data collection was performed mainly via interviews, direct observation of the events and examination of

archival records.

4.3 First Stage

At the beginning, in AAA the IT HR politics were not clearly established, although there was a tacit

understanding by the employees about them. Following the framework implantation guide, the project

implemented:

1. Policies:

a. To improve IT staff immediate capacities.

b. Outsourcing.

c. Quality of Service.

2. Training:

a. Quality of Service.

b. Requirements Engineering

c. Outsourcing policies

This stage began on March 7, 2011 and ended May 20, 2011, with a total of 440 man-hour of work

calculated at 8 hours per weekday.

4.3 Second Stage

At this stage IT practitioners are capacitated according to the organization needs. Some services were

outsourced but there were no standard processes defined. Following the implantation guide of the

framework, the next tasks are designed:

1. Enterprise must define:

a. Expected service levels (suggest using industry standards) to ensure that operations

accompany defined strategies.

b. General training policies and procedures for current and future needs aligned with the

business strategies.

c. HR management processes.

2. The OKB must register:

a. Defined processes.

b. Strategic plans and HR related results.

c. Daily operations results.

d. Capabilities of current IT HR and its evolution over time.

3. Must be measure the contribution made by HR to the organization and record them on the OKB.

This stage began on 1/8/2011 and ended 1/12/2011, with a total of 600 man/hour of work calculated at 8

hours per weekday.

5 Results

5.1 Results of the two stages

To measure the obtained results and to quantify them, authors use two sets of indicators. The first set is

made of high-level indicators (Table 3) and their purpose is to give a global view of the situation in the

organization. The second set (Table 4) is a subset of a previously developed taxonomy of IT intangible

indicators (Garbarino & Delgado, 2011; Garbarino, Delgado, & Carrillo Verdún, 2011), with the goal to

analyze in depth the results of the framework implementation. The project initially established a baseline

from which to measure the results.

Table 3 List of IT high-level indicators

IT high-level indicators

1) IT HR satisfaction 2) User satisfaction - services

3) User satisfaction - usability 4) Response of contracted companies

5) IT meets business needs

Table 4 List of IT Intangible used indicators subset

IT intangible indicator used subset

1) Costs of Education and Training 2) Development of in-house IT

3) Development of outsourced IT 4) Employee Experience

5) Quality of Upper Management 6) Aligning of Middle Management

7) Know-How 8) Capabilities

9) Employee Added Value 10) Rotation of support personnel

11) Training (employee view) 12) Employee satisfaction

13) Performance - level of operation 14) Quality of Supplier contracts

15) Organic Growth 16) Service Improvement

17) Focus on user needs 18) Quality, safety and appropriateness of

computer systems

The evolution of the high-level indicators is shown in Figures 4 and 5. In the two stages of the project,

indicators evolved in a different way. The IT HR satisfaction increased by 31% when ending stage 1 (the

organization was at maturity level 1) but increased only 4% when being at level 2 (end of stage 2). The

main reason of this gap was related with the deep dissatisfaction that IT personnel presented at the

beginning of the project and the motivation that was achieved with the practices implemented. The quality

of response of contracted companies had a significant improvement at the second stage, when the project

implemented service level agreement policies and practices.

Figure 5 shows the positive variation of indicator IT meet business needs based on the percentage of

business processes well supported by IT.

45%

67%

56%

46%

67%

76%78%

60% 60%

72%

80%

84%

70%

82%

78%

30%

40%

50%

60%

70%

80%

90%

1 2 3 4 5

Base Line Stage 1 Stage 2

31%

11%

4%14%

5%

4%

6%

10%22%

6%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

1 2 3 4 5

Inicial - Stage 1 Stage 1 - Stage 2

Figure 4 Evolution along the stages of IT high-level

intangibles indicators

Figure 5 Relative variation on levels of satisfaction

The system usability improved slowly because it involves deep changes in existing systems and in the

organizational culture and capabilities, but at the second stage the perception improved 10%.

These set of used indicators are meaningful because of the relation with the policies and training activities

implemented in the project. The intangible indicators were measured in a 1..5 Likert scale, where 1 means

non-existent or very low and 5 means very developed.

0

1

2

3

4

51

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

Stage 2 Stage 1 Base Line

FO UO BC OE

Base Line 2.39 2.55 2.76 2.88

Stage 1 2.42 3.19 2.84 3.29

Stage 2 2.48 3.19 3.06 3.46

2.00

2.20

2.40

2.60

2.80

3.00

3.20

3.40

3.60

Base Line Stage 1 Stage 2

Improvement 3% 25% 11% 20%

Figure 6 IT intangibles indicators evolution from

baseline to project stage 2

Figure 7 IT intangibles indicators evolution

clustered by IT-BSC perspectives

Figure 6 shows strengths and weaknesses at the beginning of the study and the evolution along the two

stages of the project. Education and training (numbered 1) is the lowest indicator with a value of 1 in the

scale, the objective is grow it up to 3 (end value at stage 2), which was near the average of 3.4 obtained in

a global survey (Ruiz, 2011). Other low value corresponded to the rotation of support personnel

(numbered 10) - implying high rotation - which is consistent with the other indicator. Globally, there was

an improvement in almost all of the 18 intangible indicators; only employee experience (numbered 4)

maintains the initial value, because the staff remained constant along the case study.

To summarize the results and to show the IT-BSC view of the case, in Figure 7 we display the evolution

of the IT intangibles indicators (averages), clustered by IT-BSC perspectives (FO-Future Orientation, UO

- User Orientation, BC - Business Contribution and OE - Operations Excellence). Better results are

obtained in "user orientation" and in "operational excellence" perspectives. These results are consequence

of short-term new policies and practices implemented in the project.

5.2 Results seven month later

With the purpose to validate the obtained results and to analyze its stability, the authors performed

another survey seven months later. The results are shown in Figure 8. Some practices improved their

levels over time, like usability quality, outsourcing quality contract and IT HR politics. The service

quality perception is just below the previous results (1%) and the business value is stable. In conclusion,

to AAA, the implementation of an IT governance framework based on the characteristics of the SMEs

enterprises produced positive results, that have been maintained or improved.

70%

72%

74%

76%

78%

80%

82%

84%

86%

88%

90%

IT HR satisfaction

User satisfaction -

services

User satisfaction -

usability

Response contracted companies

IT meets business

needs

Stage 2

Survey post-case

Figure 8 Project results seven month later

6 Discussion and Conclusions This case study highlights the importance of the quality of IT HR and the related enterprise policies. The

results are positive but, as expected, are not definitive because the measuring period is only six months in

total and the project included implementation practices to go up to level 2 of maturity. Higher levels

would consume more time and budget, but also they would return more value to the business. As a future

project, we will replicate the case study in other organizations (at least one more) in order to make the

study stronger and to blunt the skepticism about the results obtained from a single-case study.

The results presented in the previous section are consistent with the literature, providing evidence about

the value of implementing good IT governance practices especially in SMEs enterprises (ITGI, 2011). A

particular point of view of these good practices is the IT HR in relation with IT-user satisfaction. Our

project reveals that, in this organization, there was a positive relation between training budget and the

other indicators analyzed. Ravichandran and Lertwongsatien (2005) found that intangible IT resources

such as IT skills are decisive for effective deployment in the organization. According with Soto-Acosta,

information technology training has been identified as a key factor for the success of IT applications and

it is the most frequently applied coping mechanism to handle changing IT (Soto-Acosta et al., 2010).

Importantly, the application of the presented framework has strengthened intangible assets such as Know-

how, Quality of Upper Management or Aligning of Middle Management, contradicting that IT governance

carefully avoids the section of the business universe which hosts such vital elements as entrepreneurship,

innovation, business development, creativity, improvisation, value creation and experiment (Kooper,

Maes, & Roos Lindgreen, 2011).

Some studies, such as those presented by Devos, Landeghem and Deschoolmeester (2012) show that IT

governance mechanisms are less important than trust (for example) in SMEs companies. However, the

results from this case study are opposite, although they confirm the vision of these authors that

frameworks designed for large companies cannot be applied in SMEs.

Finally, the indicator "IT meets business needs" grew up 11%. According to our vision and with other

authors previously cited (Toomey, 2009; Weill & Ross, 2004, 2011), the implantation of an adequate IT

governance framework in any organization enables value procurement. Most of published studies are

related to large companies, but the results presented here confirm that a framework conceived for SMEs

produces good results in companies that, because of their dimensions and resources, cannot implement

complex and expensive models.

Future work must include the design of other case studies to re-test this part of the framework and to test

the remainder part of the SMEsITGF presented in this paper.

References Adam, F, & O'Doherty, P. (2000). Lessons from enterprise resource planning implementations in Ireland -

towards smaller and shorter ERP projects. Journal of Information Technology, 15(4), 305-316.

Ali, S., & Green, P. (2012). Effective information technology (IT) governance mechanisms: An IT

outsourcing perspective. Information Systems Frontiers, 14(2), 179-193.

Ardic, Oya Pinar, Mylenko, Nataliya, & Saltane, Valentina. (2011). Small and Medium Enterprises: A

Cross-Country Analysis with a New Data Set World Bank Policy Research Working Paper

Series.

Ayat, M., Masrom, M., Sahibuddin, S., & Sharifi, M. (2011, 25-27 Jan. 2011). Issues in Implementing IT

Governance in Small and Medium Enterprises. Paper presented at the Intelligent Systems,

Modelling and Simulation (ISMS), 2011 Second International Conference on.

Calder, A. (2008a). The Calder-Moir IT Governance Framework.

Calder, A. (2008b). The IT Governance Toolkit-v05: IT Governance Publishing.

Chang, L.M., Chang, S.I., Ho, C.T., Yen, D.C., & Chiang, M.C. (2011). Effects of IS characteristics on e-

business success factors of small- and medium-sized enterprises. Computers in Human Behavior,

27(6), 2129-2140.

CIMA. (2004). Enterprise Governance – A CIMA discussion paper.

Colomo-Palacios, R., Fernandes, E., Sabbagh, M., & Amescua-Seco, A. (2012). Human and intellectual

capital management in the cloud: software vendor perspective. Journal of Universal Computer

Science, 18(11), 1544-1557.

Colomo-Palacios, R., Fernandes, E., Soto-Acosta, P., & Sabbagh, M. (2011). Software product evolution

for Intellectual Capital Management: The case of Meta4 PeopleNet. International Journal of

Information Management, 31(4), 395-399.

Colomo-Palacios, R., Casado-Lumbreras, C., Soto-Acosta, P., & García-Crespo, A. (2011). Using the

Affect Grid to Measure Emotions in Software Requirements Engineering. Journal of Universal

Computer Science, 17(9), 1281-1298.

Colomo-Palacios, R., Tovar-Caro, E., García-Crespo, A., & Gómez-Berbís, J.M. (2010). Identifying

Technical Competences of IT Professionals: The Case of Software Engineers. International

Journal of Human Capital and Information Technology Professionals, 1(1), 31-43..

Cragg, P., Caldeira, M., & Ward, M.. (2011). Organizational information systems competences in small

and medium-sized enterprises. Information & Management, 48(8), 353-363.

Devos, J., Landeghem, H, & Deschoolmeester, D.. (2012). Rethinking IT governance for SMEs.

Industrial Management & Data Systems, 112(2), 206 - 223.

Duffy, J. (2002). IT/business Alignment: Is it an Option or is it Mandatory?. IDC document, Document #:

26831.

ECORYS. (2012). EU SMEs in 2012: at the crossroads. European Commision. Rotterdam.

European-Commission. (2012). SBA Fact Sheet, SPAIN 2010/11. Available at

http://ec.europa.eu/enterprise/policies/sme/facts-figures-analysis/performance-

review/files/countries-sheets/2010-2011/spain_en.pdf

Gama, N., Nunes-da-Silva, R., & Mira-da-Silva, M. (2011). Using People-CMM for Diminishing

Resistance to ITIL. International Journal of Human Capital and Information Technology

Professionals, 2(3), 29-43.

Garbarino, H., & Delgado, B. (2011). Taxonomía de indicadores de activos intangibles de TI para la

Administración Pública. Caso República Oriental del Uruguay. Paper presented at the CISTI

2011, Portugal.

Garbarino, H., Delgado, B., & Carrillo Verdún, J.D. (2011). Taxonomy of IT intangibles based on the

Electronic Government Maturity Model in Uruguay. Paper presented at the MCCSIS 2011,

Roma.

IFC. (2009). The SME Banking Knowledge Guide. Washington D.C: The World Bank Group.

INE_Uy. (2011). Uruguay en cifras 2010 - Empresas y sectores de actividad 2010. Montevideo: INE -

Instituto Nacional de Estadística.

ISACA. (2012). COBIT® 5 A Business Framework for the Governance and Management of Enterprise IT

ISO/IEC. (2008). ISO/IEC 38500:2008. Corporate Governance for Information Technology.: ISO.

ITGI. (2007). CobiT© 4.1

ITGI. (2011). Global Status Report on the Governance of Enterprise It (GEIT)—2011. 70.

Jewer, J., & McKay, K. N. (2012). Antecedents and Consequences of Board IT Governance: Institutional

and Strategic Choice Perspectives. Journal of the Association for Information Systems, 13(7).

Kooper, M. N., Maes, R., & Roos Lindgreen, E. E. O.(2011). On the governance of information:

Introducing a new concept of governance to support the management of information.

International Journal of Information Management, 31(3), 195-200.

Liu, M., Li, M., & Zhang, T. (2012). Empirical Research on China's SMEs Technology Innovation

Engineering Strategy. Systems Engineering Procedia, 5, 372-378.

Lucio-Nieto, T., Colomo-Palacios, R., Soto-Acosta, P., Popa, S., & Amescua-Seco, A. (2012).

Implementing an IT service information management framework: The case of COTEMAR.

International Journal of Information Management, in press.

Myers, M.D. (1997). Qualitative Research in Information Systems. MIS Quarterly, 21, 241-242.

Nunes, P. M., Serrasqueiro, Z, & Leitão, J. (2012). Is there a linear relationship between R&D intensity

and growth? Empirical evidence of non-high-tech vs. high-tech SMEs. Research Policy, 41(1),

36-53.

Ravichandran, T., & Lertwongsatien, C. (2005). Effect of Information Systems Resources and

Capabilities on Firm Performance: A Resource-Based Perspective. Journal of Management

Information Systems, 21(4), 237-276.

Ruiz, S. (2011). La Capacitación como factor de competencia. Mexico: Instituto Superior de Estudios

Estadísticos.

Runeson, P., & Höst, M. (2009). Guidelines for conducting and reporting case study research in software

engineering. Empirical Software Engineering, 14(2), 131-164.

Sieber, S., Valor, J., & Porta, V. (2006). Los sistemas de información en la empresa actual. Madrid:

McGraw-Hill.

Soto-Acosta, P., Martinez-Conesa, I., & Colomo-Palacios, R. (2010). An Empirical Analysis of the

Relationship Between IT Training Sources and IT Value. Information Systems Management,

27(3), 274-283.

Stantchev, V., Petruch, K., & Tamm, G. (2012). Assessing and governing IT-staff behavior by

performance-based simulation. Computers in Human Behavior, in press.

Toomey, Mark. (2009). Waltzing with the Elephant: A comprehensive guide to directing and controlling

information technology. Australia: Infonomics.

Van-Grembergen, W., & De-Haes, S. (2007). An Exploratory Study into IT Governance Implementations

and its Impact on Business/IT Alignment. Information Systems Management, 26 (2), 123-137.

Van-Grembergen, W., & De-Haes, S. (2009). Enterprise Governance of Information Technology.

Achieving Strategic Alignment and Value. New York: Springer.

Weill, P., & Ross, J. (2004). IT Governance. How top performers manage IT decision rights for superior

results. Boston, Massachusetts: Harvard Business School Press.

Weill, P., & Ross, J. (2011, 11/04/2011). Four Questions Every CEO Should Ask About IT, The Wall

Street Journal. Retrieved from

http://online.wsj.com/article/SB10001424052748704336504576258561056702944.html?mod=go

oglenews_wsj

Yin, R. K. (1984). Case study research. Beverly Hills, CA: Sage Publications.

Yin, R. K. (1994). Discovering the future of the case study method in evaluation research. Evaluation

practice, 15(3), 283.

Zarvić, N., Stolze, C., Boehm, M., & Thomas, O. (2012). Dependency-based IT Governance practices in

inter-organisational collaborations: A graph-driven elaboration. International Journal of

Information Management, in press.