The Applicability of Information Technology Governance in The Malaysian SMEs

Khong Sin Tan, Wil Ly Teo and Kim Piew Lai

Multimedia University, Melaka, Malaysia 

Copyright © 2011 Khong Sin Tan, Wil Ly Teo and Kim Piew Lai.This is an open access article distributed under the Creative Commons Attribution License unported 3.0, which permits unrestricted use, distribution, and reproduction in any medium, provided that original work is properly cited.

Abstract

IT governance is a relatively new concept in Malaysia. There are limited studies available related to IT governance in Malaysia. Thus, this paper surveys 50 Malaysian SMEs in the state of Melaka in regard to their understanding of IT governance. Results indicate that IT governance is new to them. Findings also show that IT governance performance is related to ownership of decision making and various formal governance mechanisms.  Although they know the benefits of IT governance, majority of them do not implement IT governance. The findings are discussed and interpreted to provide implications to companies and Malaysian government.

Keywords: IT governance, IT compliance, Malaysia

Introduction
 
Malaysia has been allocating considerable amount of money in ICT development in the country every year. The spending is expanded at a rate of 9.2 per cent per annum from RM 3.8 billion in 1995 to RM 5.9 billion in 2000 (Economic Planning Unit, 2001). In Eighth Malaysia Plan (2001-2005), Malaysia invested RM 7.9 billion in ICT programmes such as computerisation of government agencies, schools, ICT funding, multimedia applications and development as well as ICT research and development.  The following Ninth Malaysia Plan (2006-2010) has allocated RM 12.9 billion for the same programmes (Economic Planning Unit, 2006). Due to the importance of ICT to the country, Malaysian National Information Technology Council (NITC) was established in 1994 to formulate and implement national IT strategy.

On the other hand, SMEs play an important role in the economic growth of Malaysia. Based on National SME Development Council (2005), there are a total of 523,132 companies in Malaysia.  Out of which, 518,996 or 99.2 per cent are small and medium enterprises. SMEs account for almost 3 million or 65.1 per cent of total employment in the country while large companies hold over 1.6 million or 34.9 per cent (National SME Development Council, 2005). Due to the importance of SMEs in the country, National SME Development Council (NSDC), chaired by Prime Minister, Dato’ Seri Abdullah bin Haji Ahmad Badawi was formed on June 2004 to assist and monitor the development of SMEs. 

In other words, these two sectors play important roles in the growth of the country. Their relationship should be investigated to determine how SMEs can leverage the power of ICT in building their business strength.   According to Tan et. al. (2008, 2009a, 2009b), it is found that security continues to be a major barrier for SMEs to adopt Internet-based ICT. Their finding implies that it is important for SMEs to have proper mechanism to govern the IT process in company either in intranet, extranet or Internet platform. Hence, by employing IT governance in the company, SMEs could have proper ICT mechanisms to safeguard their ICT systems and infrastructure from intrusion.  Moreover, SMEs would have standard guidelines in developing ICT in companies.

According to Kennan (2003), there is difference between IT governance and IT compliance.  Compliance is described as a cost and does not deliver any benefit to the business while governance delivers compliance and creates value for the business.  IT Governance Institute (2003) described the two fundamental concerns of IT governance as IT’s delivery of value to the business, driven by strategic alignment of IT with the business and mitigation of IT risks, embedding accountability into the enterprise.

The importance of IT governance is about how to obtain optimum returns from investment in IT and how to ensure that measurable and transparent long-term, sustainable stakeholder value is achieved (Weill and Ross, 2004). Hence extracting maximum value from existing investment is imperative for IT governance (Parker, 2005). Tan et. al. (2008, 2009a, 2009b) have conducted IT governance survey among Malaysian electronic companies and found that IT governance is important to profit- and growth-oriented organisations in terms of cost efficiency, growth, asset utilisation and business flexibility. Moreover, the electronic companies realise the benefits of IT governance but unfamiliar with the IT frameworks. 

Since that ICT and SMEs are important to Malaysia and IT governance is a new area to explore in Malaysia, this research tries to address their relationship and thus propose the following research question:
What is the understanding level among Malaysian SMEs about IT governance?

This is a theory testing research paper. This paper conducted exploratory study to investigate the understanding level of Malaysian SMEs in IT governance. The research findings of this research would help investigate further in future how IT governance can be applied to SMEs in the country.  Some scholars (Haes and Grembergen, 2009; Ali and Green, 2007) conducted quite similar IT governance researches in organisations. 

The following section will review literature, followed by research methodology. Findings are presented and discussed before conclusion is made.

Literature Review

Ownership of Decision Making

According to Weill and Ross (2004), decision makers of IT governance can be made by any of the following groups, as classified by

  • Business Monarchy: A group of business executives or individual executives, including committees of senior business executives (may include CIO). Excludes IT executives acting independently.
  •  IT Monarchy: Individuals or groups of IT executives
  • Feudal: Business unit leaders, key process owners or their delegates
  • Federal: C-level executives and business groups (e.g. business units or processes); may also include IT executives as additional participants. Equivalent of the central and state governments working together.
  • IT Duopoly: IT executives and one other group (e.g., business unit or process leaders)
  • Anarchy: Each individual user

 

Formal Governance Mechanisms

The variables used to measure this construct are derived from the three aspects of making and monitoring IT decisions.

  • Coordinating the decision-making process.
  • Monitoring to ensure decisions are executed as agreed upon.
  • Communicating constantly with stakeholders.

 

IT Governance Performance

IT governance performance is measured as how important the outcomes are and how successful IT governance has contributed to each outcome.

Research Model and Hypotheses Development

The book published by Weill and Ross (2004) has provided quite comprehensive study on IT governance. Therefore, this exploratory study would like to adopt most variables based on the book. The following research framework as shown in Figure 1 was presented for this study. This research framework is generated after preliminary study conducted in Malaysia (Tan et. al., 2008).

 Research Framework

Figure 1: Research Framework

 

The following hypotheses ensue following the development of research framework.

H1a: Joint decision-making by business and IT for IT principles is correlated with IT governance performance.

The H1a hypothesis assumes that IT governance performance is related to the joint decision on IT principles by business executives and IT executives.

H1b:    Sole decision-making by IT on IT architecture is correlated with IT governance performance.

Second hypothesis H1b presumes that IT governance performance is related to IT executives who make sole decision on IT architecture.

H1c:    Sole decision-making by IT on IT infrastructure is correlated with IT governance performance.

Third hypothesis H1c assumes that IT governance performance is related to IT executives who make sole decision on IT infrastructure.

H1d:    Joint decision-making by business and IT on business application needs is correlated with IT governance performance.

Fourth hypothesis H1d hypothesizes that IT governance performance is related to joint-decision on business application needs by business executives and IT executives.

H1e:    Sole decision-making by business on IT investment is correlated with IT governance performance.

Fifth hypothesis H1e assumes that IT governance performance is decision made by business executives solely on IT investment.

H2a:      Organisation with formal governance coordination of decision-making mechanisms is correlated with IT governance performance.

Sixth hypothesis H2a assumes that IT governance performance is related to those organisations with formal governance coordination of decision-making mechanisms in place in companies.

H2b:    Organisation with formal governance execution monitoring mechanisms is correlated with IT governance performance.

Seventh hypothesis H2b assumes that IT governance performance is related to organisations with formal governance monitoring mechanisms in place in companies.

H2c:     Organisation with formal governance communication mechanisms is correlated with IT governance performance.

Eight hypothesis H2c assumes that IT governance performance is related to organisations with formal governance communication mechanisms in place in companies.

Research Methodology

Questionnaire

There are four main parts in the survey.  First part is questions about “ownership of decision making”. This part used 5-point Likert scale, ranging from 1=Never, 2=Rarely, 3=Sometimes, 4=Often and 5=Always.  Second part is about “formal governance mechanism”. This part also uses 5-point Likert scale, ranging from 1=Never, 2=Rarely, 3=Sometimes, 4=Often and 5=Always. Third part is “IT governance performance” which is interval-scaled and categorised into two parts; governance outcomes and IT governance concerns. The scale of “governance outcomes” is 1=Totally Not Important, 2=Not Important, 3=Quite Important, 4=Important and 5=Very Important. The “IT governance concerns” was rated as 1=Totally Not Successful, 2=Not Successful, 3=Quite Successful, 4=Successful and 5=Very Successful, and ranged from 1=Totally not important, 2=Not important, 3=Quite Important, 4=Quite Important and 5=Very Important. Fourth part is about IT governance frameworks and rated by 1=Currently Used, 2=Intend to Use, 3=No Intention to Use, and 4=Never Heard of. 

Operationalisation of Variables

Table 1 indicates the items used to describe every variable.

Table 1: Operationalisation of Variables

Operationalisation of Variables

Selection of Study Area and Sampling

This study was carried out by using questionnaire survey. One hundred Melaka rrespondents are systematically selected by following the order of the companies in the list which are provided by member directory of the Federation of Malaysian Manufacturers. Phone call was made to request respondents’ permission to participate in this study and thus the response rate was high. 

Barriers faced during phone calls were participation rejection and wrong phone number. Participants are given questionnaire to fill in and collected after two weeks. Only owners or managers of companies participate in this study.

From the 100 phone calls made, 50 respondents agreed to participate which represented 50% response rate (N = 50).

Data Analyses

Correlation between Ownership of Decision Making and Governance Performance

A Pearson Correlation test was used to measure the correlation between ownership of decision making and governance performance as shown in Table 2. There are two parts of IT governance performance in this study. Only first part of IT governance performance (Importance of IT governance) is used for this Pearson relationship analysis. IT governance performance is found to be significantly related to all the five constructs of decision making ownership (p < 0.05).  Hence, H1a, H1b, H1c, H1d and H1e are accepted. 

Table 2: Pearson Correlation between Ownership of Decision Making and Governance Performance

 

220894-tab-2

Correlation between Formal Governance Mechanisms and Governance Performance

A Pearson Correlation test as shown in Table 3 was used to measure the correlation between formal governance mechanisms and governance performance. There are two parts of IT governance performance in this study. Only first part of IT governance performance (Importance of IT governance) is used for this Pearson relationship analysis. IT governance performance is found to be significantly correlated with IT decision making coordination, IT execution monitoring, IT communication issues but not IT governance framework. Hence, H2a, H2b and H2c are accepted.

Table 3: Pearson Correlation between Formal Governance Mechanisms and Governance Performance

220894-tab-3

 

IT Governance Performance

IT governance performance is measured as how important the outcomes are to them and how successful IT governance has contributed to each outcome. Table 4 and 5 shows that respondents opined that cost effective use of IT governance can be important and success factor to business growth, asset utilisation and business flexibility.

Table 4: Frequency Distribution of Importance of IT Governance


Frequency Distribution of Importance of IT Governance

Table 5: Frequency Distribution of Success of IT Governance

 Frequency Distribution of Success of IT Governance

 

Table 6 indicates that many respondents are not familiar with IT governance structure.

Table 6: Awareness of IT Governance (N=50)

 Awareness of IT Governance (N=50)

 

Table 7 shows the summary of hypotheses testing of this research study. The findings indicate that all independent variables are significantly related to the importance of IT governance. 

Table 7: Summary of Hypotheses Findings

Summary of Hypotheses Findings

 

Discussions

Ownership of Decision Making

Findings found that IT governance performance is related to who makes the IT decisions. Specifically, it is recommended that business and IT jointly make decisions on IT principles, IT executives make decisions on IT architecture and IT infrastructure. Moreover, business executives and IT executives jointly make decisions on business application needs and business executives make decisions on IT investment.  In other words, it implies that IT executives need to make decision on all IT matters and if IT decision is related to business, business executives need to be involved. 

Formal Governance Mechanisms

A good IT governance performance in company can be improved by three aspects.  An efficient flow of communication by using IT is found to be an enabler for better IT governance performance. By having proper channel of communication, coordination and execution of decision making can be enhanced.

IT Governance Performance

Findings show that respondents agree that IT governance is both important and potentially create success in growth, asset utilisation and business flexibility. 

Awareness of IT governance

Many respondents have not heard of the main three models of IT governance. Even they do, quite many of them do not intend to use IT governance.  Only a few to use in future or currently are using. These findings imply that IT governance is really new in Melaka and not many people know its existence.

Limitation of Research

There are only 50 SMEs from Melaka participated in this study.  The finding results may not be able to generalise to other SMEs in Malaysia. 

Moreover, IT governance is a relatively new term in Malaysia. Some respondents reported confusion or without knowledge on IT terms such as CobiT, CMMI and ITIL. 

Managerial Implications

This study proves that in order to have better IT governance in the company, SMEs must address two important aspects. Firstly, SMEs must identify the ownership of decision making during the course of IT and business-related decision. The “who” must be determined during the flow of decision making. 

Although the company may know “who” is in charge of making IT decision, another aspect that affects IT governance performance is the process of decision making. As found out in this study, formal governance mechanism has significant impact on IT governance performance. To streamline the process of decision making, a proper and efficient and affect IT communication channel must be established. 

Recommendation for Future Research

Future study can focus on the IT process of each individual company to identify IT governance in the company. Due to different industry type and business infrastructure, different companies may have their own way of governing IT flows, IT decision makers and communication channels used. Therefore, future study may compare and investigate common and company-oriented type of IT governance.

Conclusions

The concept of IT governance is still relatively new in Malaysia. Many companies do not understand its existence.  This study has opened a new research area by disclosing the low acceptance of IT governance among Malaysian SMEs.  More studies can be done by scholars to investigate IT governance and present an IT governance model that can be applied to most industries and business types in Malaysia to bring more business values to the companies while reducing IT risks. 

References

Ali, S. & Green, P. (2007). “IT Governance Mechanisms in Public Sector Organisations: An Australian Context,” Journal of Global Information Management, 15(4), 41-63.
PublisherGoogle Scholar – British Library Direct

Economic Planning Unit (2001).  ‘Eighth Malaysian Plan 2001-2005,’  Putrajaya: Publication and DISTR.
Google Scholar

Economic Planning Unit (2006). ‘Ninth Malaysian Plan 2006-2010,’ Putrajaya: Publication and DISTR
Google Scholar

Haes, S. D. & Grembergen, W. V. (2009). “An Exploratory Study into IT Governance Implementations and Its Impact on Business/IT Alignment,”  Information Systems Management, 26, 123-137.
PublisherGoogle Scholar

IT Governance Institute. (2003). ‘Board briefing on IT Governance (2nd ed.),’ Illinois, IL: Author.
Google Scholar

Kennan, P. (2003, September 16). ‘IT Failures are a Boardroom Issue,’ Computer Weekly, 40.
Google Scholar British Library Direct

National SME Development Council (2005).  ‘SME Annual Report: Optimising Strategic Values,’  Malaysia: NSME.

Parker, B. (2005, October). ‘Study Reveals Extracting Value is Top IT Governance Imperative,’Manufacturing Business Technology, 23(10), 44.

Tan, K. S., Chong, S. C. & Eze, U. C.  (2009a). “Factors Influencing Internet-based ICT Adoption among Malaysian SMEs,” International Journal of Management & Enterprise Development, 6(4), 397-418.
PublisherGoogle Scholar

Tan, K. S., Chong, S. C., Lin, B. & Eze, U. C. (2009b). “Internet-Based ICT Adoption: Evidence from Malaysian SMEs,” Industrial Management & Data Systems, 109(2), 224-244.
PublisherGoogle Scholar

Tan, K. S.  & Eze, U. C.  (2008).’An Empirical Study of Internet-Based ICT Adoption among Malaysian SMEs,’ Proceeding of 10th Innovation and Knowledge Management in Business Globalization: Theory & Practice, pp 292 — 302.

Tan, K. S., Eze, U. C. & Teo, W. L.  (2008). ‘Information Technology Governance in the Malaysian Electronics Manufacturing Industry,’ Proceeding of 10th Innovation and Knowledge Management in Business Globalization: Theory & Practice, pp 587 — 593. 

Williams, P. (2006, June 13). “Wanted! Meeting of Minds at the Top,” Computer Weekly, 30-32.
Publisher 

Weill, P. & Ross, J. W. (2004). “IT Governance: How Top Performers Manage IT Decision Rights for Superior Results,” Watertown, MA: Harvard Business School Press .
PublisherGoogle Scholar

Shares